summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Klausmann <klausman@gentoo.org>2010-12-09 12:04:02 +0000
committerTobias Klausmann <klausman@gentoo.org>2010-12-09 12:04:02 +0000
commit92818f128e0df313b9b49298e9585bda36ac13ad (patch)
tree2194c55c253b3d4f5897c9e4bd68e22f53b8fdd6 /mail-mta/exim
parentStable on amd64 wrt bug #348082 (diff)
downloadhistorical-92818f128e0df313b9b49298e9585bda36ac13ad.tar.gz
historical-92818f128e0df313b9b49298e9585bda36ac13ad.tar.bz2
historical-92818f128e0df313b9b49298e9585bda36ac13ad.zip
Add mitigation (not a fix) for sec bug 348249
Package-Manager: portage-2.1.9.25/cvs/Linux x86_64 RepoMan-Options: --force
Diffstat (limited to 'mail-mta/exim')
-rw-r--r--mail-mta/exim/ChangeLog7
-rw-r--r--mail-mta/exim/Manifest13
-rw-r--r--mail-mta/exim/exim-4.72-r1.ebuild319
3 files changed, 327 insertions, 12 deletions
diff --git a/mail-mta/exim/ChangeLog b/mail-mta/exim/ChangeLog
index 906743903422..f39553334c7e 100644
--- a/mail-mta/exim/ChangeLog
+++ b/mail-mta/exim/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for mail-mta/exim
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-mta/exim/ChangeLog,v 1.170 2010/07/18 20:49:46 josejx Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-mta/exim/ChangeLog,v 1.171 2010/12/09 12:04:02 klausman Exp $
+
+*exim-4.72-r1 (09 Dec 2010)
+
+ 09 Dec 2010; Tobias Klausmann <klausman@gentoo.org> +exim-4.72-r1.ebuild:
+ Add mitigation (not a fix) for security bug #348249
18 Jul 2010; Joseph Jezak <josejx@gentoo.org> exim-4.72.ebuild:
Marked ppc stable for bug #322665.
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index d149daac13ba..abe4c3dcb0c9 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,6 +1,3 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
AUX auth_conf.sub 790 RMD160 5d6a71cf9fb593fc34ddce8dc421fcd843356c82 SHA1 5744531af5ee282ae29bdbb4e89fbee16c0034a7 SHA256 d0631d487f115c07a178d48bc7168cd16d7b22c8879b1e926923152cde95ba78
AUX exim-4.14-tail.patch 446 RMD160 685e27ff995710f3b8d77d8785b04503170e7e27 SHA1 d52b5d10656ead546beda128068ed2f9dbc67200 SHA256 74d1044bb94e167180fd8f8aba7449ca3d2b09b1ce170a1a2e4e54ca0cd660da
AUX exim-4.20-maildir.patch 478 RMD160 50c6a1dd6ae3f7bb1776696d3d0d7a161c351fce SHA1 c8287f7e44d93b0ca8761b8f7111974cfe1280a5 SHA256 2704c4db67bb7c58c2421656d942f533d1eedf1df187e76297ab72d2c2a2fb4c
@@ -25,13 +22,7 @@ EBUILD exim-4.69-r3.ebuild 9858 RMD160 4b662f2f0104e0a6dc3d724b396072c27f704398
EBUILD exim-4.69-r4.ebuild 9924 RMD160 cb321941d6639458b36c2d19c23b33a7cd24b4e1 SHA1 dfcb39298ca7e8583253216ea4467211132ace1f SHA256 b2050cf4bfad2d42e3d042ea8c3684ab6eed6005e62f68738cfcdfda486ca544
EBUILD exim-4.69.ebuild 9905 RMD160 cca8463878afd8c8f89105b4d672d588a1b7a99b SHA1 917d183c85b27cc55543847ee7f45a0752740b7c SHA256 6cd32ad49170636813ce651ff3b8408e8619a9d9785a0ddb5a771f6737b9d9bb
EBUILD exim-4.71.ebuild 10050 RMD160 6a29e2bbe03cab64199433e5a26c56e8e5e576be SHA1 a11e2b63032ed7e6ab26589945924cb932758637 SHA256 2c18c1c2b4bf6ad1d76a03070a3be85e20740a23d2e509eb16f3f8367b317ace
+EBUILD exim-4.72-r1.ebuild 10268 RMD160 7b4062024d1f6c4fb11e276ced46bcc855e617b4 SHA1 f62338a78e380fe804d20f3cf58246ae80a60905 SHA256 76124d4064adcf0743b0e49b6b6b36ff865e29f85ff0223310aef0e6b941d148
EBUILD exim-4.72.ebuild 10201 RMD160 440114e7a0ea73eedbeeec87f9acc7f6111db5dd SHA1 71e6e0a6934497674d8f3d3c365872ff1b2a3f24 SHA256 c08316894cc35cbb5d0ea22efadec39828f228f3f7f99f23e78cd8c98e9b3b0e
-MISC ChangeLog 36052 RMD160 e002e4fdd30f097ef9ff26f4f90b616c02741fdd SHA1 d41cfe8f821148c28864d4b48995a96f1d74dde8 SHA256 32ef50ab020ec1d854aa1811d572ada8168d42d6f0cbdd42de1f9aa1c58f4248
+MISC ChangeLog 36214 RMD160 1fa3d5f5073c917e6cd765fedfead4b6d8e0fa6d SHA1 c9b60cc9a2b62b13dfc48f63ccb97bb4a9074bc9 SHA256 13f9e8c9778c69821753b99347e94d6c977557de7daf719ad8ce58b6fffabf71
MISC metadata.xml 1792 RMD160 6220368a815bce6ab738abc114bad380853e17ae SHA1 0f0ceb106180c7f272f27af27ba1a700fa908d45 SHA256 08b60262a51b692d892ebdafceb4717c06ecfb33cd858d085e978ce28360d041
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.15 (GNU/Linux)
-
-iEYEARECAAYFAkxDaOwACgkQcsIHjyDViGTGnQCfWqxQaislmPYIbXeVOZABXSXw
-KXMAmgPWLAhkPAsGZXmfN1hlaS1UE0S5
-=Y2NS
------END PGP SIGNATURE-----
diff --git a/mail-mta/exim/exim-4.72-r1.ebuild b/mail-mta/exim/exim-4.72-r1.ebuild
new file mode 100644
index 000000000000..5f7c44988a0a
--- /dev/null
+++ b/mail-mta/exim/exim-4.72-r1.ebuild
@@ -0,0 +1,319 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/mail-mta/exim/exim-4.72-r1.ebuild,v 1.1 2010/12/09 12:04:02 klausman Exp $
+
+EAPI="3"
+
+inherit eutils toolchain-funcs multilib pam
+
+IUSE="tcpd ssl postgres mysql ldap pam exiscan-acl lmtp ipv6 sasl dnsdb perl mbx X nis syslog spf srs gnutls sqlite dovecot-sasl radius maildir +dkim dcc dsn"
+
+DSN_EXIM_V=469
+DSN_V=1_3
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="ftp://ftp.exim.org/pub/exim/exim4/${P}.tar.bz2
+ mirror://gentoo/system_filter.exim.gz
+ dsn? ( mirror://sourceforge/eximdsn/eximdsn-patch-1.3/exim_${DSN_EXIM_V}_dsn_${DSN_V}.patch )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86"
+
+PROVIDE="virtual/mta"
+
+DEPEND=">=sys-apps/sed-4.0.5
+ >=sys-libs/db-3.2
+ dev-libs/libpcre
+ perl? ( sys-devel/libperl )
+ pam? ( virtual/pam )
+ tcpd? ( sys-apps/tcp-wrappers )
+ ssl? ( >=dev-libs/openssl-0.9.6 )
+ gnutls? ( net-libs/gnutls
+ dev-libs/libtasn1 )
+ ldap? ( >=net-nds/openldap-2.0.7 )
+ mysql? ( virtual/mysql )
+ postgres? ( dev-db/postgresql-base )
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.14 )
+ spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+ srs? ( mail-filter/libsrs_alt )
+ X? ( x11-proto/xproto
+ x11-libs/libX11
+ x11-libs/libXmu
+ x11-libs/libXt
+ x11-libs/libXaw
+ )
+ sqlite? ( dev-db/sqlite )
+ radius? ( net-dialup/radiusclient )
+ virtual/libiconv
+ "
+ # added X check for #57206
+RDEPEND="${DEPEND}
+ !virtual/mta
+ !net-mail/mailwrapper
+ >=net-mail/mailbase-0.00-r5
+ virtual/logger
+ dcc? ( mail-filter/dcc )
+ "
+
+src_prepare() {
+ epatch "${FILESDIR}"/exim-4.14-tail.patch
+ epatch "${FILESDIR}"/exim-4.43-r2-localscan_dlopen.patch
+ epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+ # for cross-compilation, but currently breaks normal compiles :/ #266591
+ #epatch "${FILESDIR}"/${P}-buildconfig-cross-compile.patch
+
+ use maildir && epatch "${FILESDIR}"/exim-4.20-maildir.patch
+ use dsn && epatch "${DISTDIR}"/exim_${DSN_EXIM_V}_dsn_${DSN_V}.patch
+}
+
+src_configure() {
+ local myconf
+
+ sed -i "/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" "${S}"/src/configure.default
+ cp "${S}"/src/configure.default "${S}"/src/configure.default.orig
+
+ # includes typo fix for bug #47106
+ sed -e "48i\CFLAGS=${CFLAGS}" \
+ -e "s:# AUTH_CRAM_MD5=yes:AUTH_CRAM_MD5=yes:" \
+ -e "s:# AUTH_PLAINTEXT=yes:AUTH_PLAINTEXT=yes:" \
+ -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+ -e "s:COMPRESS_COMMAND=/usr/bin/gzip:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+ -e "s:ZCAT_COMMAND=/usr/bin/zcat:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+ -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+ -e "s:EXIM_MONITOR=eximon.bin:# EXIM_MONITOR=eximon.bin:" \
+ -e "s:# INFO_DIRECTORY=/usr/local/info:INFO_DIRECTORY=${EPREFIX}/usr/share/info:" \
+ -e "s:# LOG_FILE_PATH=/var/log/exim_%slog:LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log:" \
+ -e "s:# PID_FILE_PATH=/var/lock/exim.pid:PID_FILE_PATH=${EPREFIX}/var/run/exim.pid:" \
+ -e "s:# SPOOL_DIRECTORY=/var/spool/exim:SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim:" \
+ -e "s:# SUPPORT_MAILDIR=yes:SUPPORT_MAILDIR=yes:" \
+ -e "s:# SUPPORT_MAILSTORE=yes:SUPPORT_MAILSTORE=yes:" \
+ -e "s:EXIM_USER=:EXIM_USER=mail:" \
+ -e "s:# AUTH_SPA=yes:AUTH_SPA=yes:" \
+ -e "s:^ZCAT_COMMAND.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+ -e "s:# LOOKUP_PASSWD=yes:LOOKUP_PASSWD=yes:" \
+ -e "s:# ALT_CONFIG_ROOT_ONLY.*:ALT_CONFIG_ROOT_ONLY=yes:" \
+ src/EDITME > Local/Makefile
+
+ # exiscan-acl is now integrated - enable it when use-flag set
+ if use exiscan-acl; then
+ sed -i "s:# WITH_CONTENT_SCAN=yes:WITH_CONTENT_SCAN=yes:" Local/Makefile
+ sed -i "s:# WITH_OLD_DEMIME=yes:WITH_OLD_DEMIME=yes:" Local/Makefile
+ elif (use spf || use srs ) then
+ eerror SPF and SRS support require exiscan-acl to be enabled, please add
+ eerror to your USE settings.
+ exit 1
+ fi
+
+ if use spf; then
+ myconf="${myconf} -lspf2"
+ sed -i "s:# EXPERIMENTAL_SPF=yes:EXPERIMENTAL_SPF=yes:" Local/Makefile
+ mycflags="${mycflags} -DEXPERIMENTAL_SPF"
+ fi
+ if use srs; then
+ myconf="${myconf} -lsrs_alt"
+ sed -i "s:# EXPERIMENTAL_SRS=yes:EXPERIMENTAL_SRS=yes:" Local/Makefile
+ fi
+
+ cd Local
+ # enable optional exim_monitor support via X use flag bug #46778
+ if use X; then
+ einfo "Configuring eximon"
+ cp ../exim_monitor/EDITME eximon.conf
+ sed -i "s:# EXIM_MONITOR=eximon.bin:EXIM_MONITOR=eximon.bin:" Makefile
+ fi
+ if use perl; then
+ sed -i "s:# EXIM_PERL=perl.o:EXIM_PERL=perl.o:" Makefile
+ fi
+ # mbox useflag renamed, see bug #110741
+ if use mbx; then
+ sed -i "s:# SUPPORT_MBX=yes:SUPPORT_MBX=yes:" Makefile
+ fi
+ if use pam; then
+ sed -i "s:# \(SUPPORT_PAM=yes\):\1:" Makefile
+ myconf="${myconf} -lpam"
+ fi
+ if use sasl; then
+ sed -i "s:# CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/var/state/saslauthd/mux:CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/var/lib/sasl2/mux:" Makefile
+ sed -i "s:# AUTH_CYRUS_SASL=yes:AUTH_CYRUS_SASL=yes:" Makefile
+ myconf="${myconf} -lsasl2"
+ fi
+ if use tcpd; then
+ sed -i "s:# \(USE_TCP_WRAPPERS=yes\):\1:" Makefile
+ myconf="${myconf} -lwrap"
+ fi
+ if use lmtp; then
+ sed -i "s:# \(TRANSPORT_LMTP=yes\):\1:" Makefile
+ fi
+ if use ipv6; then
+ echo "HAVE_IPV6=YES" >> Makefile
+ # to fix bug #41196
+ echo "IPV6_USE_INET_PTON=yes" >> Makefile
+ fi
+ if use dovecot-sasl; then
+ sed -i "s:# AUTH_DOVECOT=yes:AUTH_DOVECOT=yes:" Makefile
+ fi
+ if use radius; then
+ myconf="${myconf} -lradiusclient"
+ sed -i "s:# RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf:RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf:" Makefile
+ sed -i "s:# RADIUS_LIB_TYPE=RADIUSCLIENT$:RADIUS_LIB_TYPE=RADIUSCLIENT:" Makefile
+ fi
+ if [[ -n ${myconf} ]] ; then
+ echo "EXTRALIBS=${myconf} ${LDFLAGS}" >> Makefile
+ fi
+
+ # make iconv usage explicit
+ echo "HAVE_ICONV=yes" >> Makefile
+ # if we use libiconv, now is the time to tell so
+ use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+ cd "${S}"
+ if use ssl; then
+ sed -i \
+ -e "s:# \(SUPPORT_TLS=yes\):\1:" Local/Makefile
+ if use gnutls; then
+ sed -i \
+ -e "s:# \(USE_GNUTLS=yes\):\1:" \
+ -e "s:# \(TLS_LIBS=-lgnutls -ltasn1 -lgcrypt\):\1:" Local/Makefile
+ else
+ sed -i \
+ -e "s:# \(TLS_LIBS=-lssl -lcrypto\):\1:" Local/Makefile
+ fi
+ fi
+
+ LOOKUP_INCLUDE=
+ LOOKUP_LIBS=
+
+ if use ldap; then
+ sed -i \
+ -e "s:# \(LOOKUP_LDAP=yes\):\1:" \
+ -e "s:# \(LDAP_LIB_TYPE=OPENLDAP2\):\1:" Local/Makefile
+ LOOKUP_INCLUDE="-I${EROOT}usr/include/ldap"
+ LOOKUP_LIBS="-lldap -llber"
+ fi
+
+ if use mysql; then
+ sed -i "s:# LOOKUP_MYSQL=yes:LOOKUP_MYSQL=yes:" Local/Makefile
+ LOOKUP_INCLUDE="$LOOKUP_INCLUDE -I${EROOT}usr/include/mysql"
+ LOOKUP_LIBS="$LOOKUP_LIBS -lmysqlclient"
+ fi
+
+ if use postgres; then
+ sed -i "s:# LOOKUP_PGSQL=yes:LOOKUP_PGSQL=yes:" Local/Makefile
+ LOOKUP_INCLUDE="$LOOKUP_INCLUDE -I${EROOT}usr/include/postgresql"
+ LOOKUP_LIBS="$LOOKUP_LIBS -lpq"
+ fi
+ if use sqlite; then
+ sed -i "s:# LOOKUP_SQLITE=yes: LOOKUP_SQLITE=yes:" Local/Makefile
+ LOOKUP_INCLUDE="$LOOKUP_INCLUDE -I${EROOT}usr/include/sqlite"
+ LOOKUP_LIBS="$LOOKUP_LIBS -lsqlite3"
+ fi
+ if [[ -n ${LOOKUP_INCLUDE} ]]; then
+ sed -i "s:# LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include:LOOKUP_INCLUDE=$LOOKUP_INCLUDE:" \
+ Local/Makefile
+ fi
+
+ if [[ -n ${LOOKUP_LIBS} ]]; then
+ sed -i "s:# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3:LOOKUP_LIBS=$LOOKUP_LIBS:" \
+ Local/Makefile
+ fi
+
+ sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile
+
+ sed -i "s:# LOOKUP_DSEARCH=yes:LOOKUP_DSEARCH=yes:" Local/Makefile
+
+ if use dnsdb; then
+ sed -i "s:# LOOKUP_DNSDB=yes:LOOKUP_DNSDB=yes:" Local/Makefile
+ fi
+ sed -i "s:# LOOKUP_CDB=yes:LOOKUP_CDB=yes:" Local/Makefile
+
+ if use nis; then
+ sed -i -e "s:# LOOKUP_NIS=yes:LOOKUP_NIS=yes:" \
+ -e "s:# LOOKUP_NISPLUS=yes:LOOKUP_NISPLUS=yes:" Local/Makefile
+ fi
+ if use syslog; then
+ sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Local/Makefile
+ fi
+ if ! use dkim; then
+ # DKIM is enabled by default. We have to explicitly disable it.
+ echo "DISABLE_DKIM=yes">> Local/Makefile
+ fi
+ if use dcc; then
+ echo "EXPERIMENTAL_DCC=yes">> Local/Makefile
+ fi
+ if use dsn; then
+ sed -i -e "s:#define SUPPORT_DSN:define SUPPORT_DSN:" Local/Makefile
+ fi
+
+ # use the "native" interface to the DBM library
+ echo "USE_DB=yes" >> "${S}"/Local/Makefile
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)" FULLECHO='' || die "make failed"
+}
+
+src_install () {
+ cd "${S}"/build-exim-gentoo
+ exeinto /usr/sbin
+ doexe exim
+ if use X; then
+ doexe eximon.bin
+ doexe eximon
+ fi
+ fperms 4755 /usr/sbin/exim
+
+ dodir /usr/bin /usr/sbin /usr/lib
+
+ dosym exim /usr/sbin/sendmail
+ dosym exim /usr/sbin/rsmtp
+ dosym exim /usr/sbin/rmail
+ dosym /usr/sbin/exim /usr/bin/mailq
+ dosym /usr/sbin/exim /usr/bin/newaliases
+ dosym /usr/sbin/sendmail /usr/lib/sendmail
+
+ exeinto /usr/sbin
+ for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+ exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+ convert4r3 convert4r4 exipick
+ do
+ doexe $i
+ done
+
+ dodoc "${S}"/doc/*
+ doman "${S}"/doc/exim.8
+ use dsn && dodoc "${S}"/README.DSN
+
+ # conf files
+ insinto /etc/exim
+ newins "${S}"/src/configure.default.orig exim.conf.dist
+ if use exiscan-acl; then
+ newins "${S}"/src/configure.default exim.conf.exiscan-acl
+ fi
+ doins "${WORKDIR}"/system_filter.exim
+ doins "${FILESDIR}"/auth_conf.sub
+
+ pamd_mimic system-auth exim auth account
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/exim.logrotate" exim
+
+ newinitd "${FILESDIR}"/exim.rc6 exim
+
+ newconfd "${FILESDIR}"/exim.confd exim
+
+ DIROPTIONS="--mode=0750 --owner=mail --group=mail"
+ dodir /var/log/${PN}
+}
+
+pkg_postinst() {
+ einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+ einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+ einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+ if use dcc ; then
+ einfo "DCC support is experimental, you can find some limited"
+ einfo "documentation at the bottom of this prerelease message:"
+ einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+ fi
+}