diff options
author | Tobias Klausmann <klausman@gentoo.org> | 2010-12-09 12:04:02 +0000 |
---|---|---|
committer | Tobias Klausmann <klausman@gentoo.org> | 2010-12-09 12:04:02 +0000 |
commit | 92818f128e0df313b9b49298e9585bda36ac13ad (patch) | |
tree | 2194c55c253b3d4f5897c9e4bd68e22f53b8fdd6 /mail-mta/exim | |
parent | Stable on amd64 wrt bug #348082 (diff) | |
download | historical-92818f128e0df313b9b49298e9585bda36ac13ad.tar.gz historical-92818f128e0df313b9b49298e9585bda36ac13ad.tar.bz2 historical-92818f128e0df313b9b49298e9585bda36ac13ad.zip |
Add mitigation (not a fix) for sec bug 348249
Package-Manager: portage-2.1.9.25/cvs/Linux x86_64
RepoMan-Options: --force
Diffstat (limited to 'mail-mta/exim')
-rw-r--r-- | mail-mta/exim/ChangeLog | 7 | ||||
-rw-r--r-- | mail-mta/exim/Manifest | 13 | ||||
-rw-r--r-- | mail-mta/exim/exim-4.72-r1.ebuild | 319 |
3 files changed, 327 insertions, 12 deletions
diff --git a/mail-mta/exim/ChangeLog b/mail-mta/exim/ChangeLog index 906743903422..f39553334c7e 100644 --- a/mail-mta/exim/ChangeLog +++ b/mail-mta/exim/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for mail-mta/exim # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/mail-mta/exim/ChangeLog,v 1.170 2010/07/18 20:49:46 josejx Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-mta/exim/ChangeLog,v 1.171 2010/12/09 12:04:02 klausman Exp $ + +*exim-4.72-r1 (09 Dec 2010) + + 09 Dec 2010; Tobias Klausmann <klausman@gentoo.org> +exim-4.72-r1.ebuild: + Add mitigation (not a fix) for security bug #348249 18 Jul 2010; Joseph Jezak <josejx@gentoo.org> exim-4.72.ebuild: Marked ppc stable for bug #322665. diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest index d149daac13ba..abe4c3dcb0c9 100644 --- a/mail-mta/exim/Manifest +++ b/mail-mta/exim/Manifest @@ -1,6 +1,3 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - AUX auth_conf.sub 790 RMD160 5d6a71cf9fb593fc34ddce8dc421fcd843356c82 SHA1 5744531af5ee282ae29bdbb4e89fbee16c0034a7 SHA256 d0631d487f115c07a178d48bc7168cd16d7b22c8879b1e926923152cde95ba78 AUX exim-4.14-tail.patch 446 RMD160 685e27ff995710f3b8d77d8785b04503170e7e27 SHA1 d52b5d10656ead546beda128068ed2f9dbc67200 SHA256 74d1044bb94e167180fd8f8aba7449ca3d2b09b1ce170a1a2e4e54ca0cd660da AUX exim-4.20-maildir.patch 478 RMD160 50c6a1dd6ae3f7bb1776696d3d0d7a161c351fce SHA1 c8287f7e44d93b0ca8761b8f7111974cfe1280a5 SHA256 2704c4db67bb7c58c2421656d942f533d1eedf1df187e76297ab72d2c2a2fb4c @@ -25,13 +22,7 @@ EBUILD exim-4.69-r3.ebuild 9858 RMD160 4b662f2f0104e0a6dc3d724b396072c27f704398 EBUILD exim-4.69-r4.ebuild 9924 RMD160 cb321941d6639458b36c2d19c23b33a7cd24b4e1 SHA1 dfcb39298ca7e8583253216ea4467211132ace1f SHA256 b2050cf4bfad2d42e3d042ea8c3684ab6eed6005e62f68738cfcdfda486ca544 EBUILD exim-4.69.ebuild 9905 RMD160 cca8463878afd8c8f89105b4d672d588a1b7a99b SHA1 917d183c85b27cc55543847ee7f45a0752740b7c SHA256 6cd32ad49170636813ce651ff3b8408e8619a9d9785a0ddb5a771f6737b9d9bb EBUILD exim-4.71.ebuild 10050 RMD160 6a29e2bbe03cab64199433e5a26c56e8e5e576be SHA1 a11e2b63032ed7e6ab26589945924cb932758637 SHA256 2c18c1c2b4bf6ad1d76a03070a3be85e20740a23d2e509eb16f3f8367b317ace +EBUILD exim-4.72-r1.ebuild 10268 RMD160 7b4062024d1f6c4fb11e276ced46bcc855e617b4 SHA1 f62338a78e380fe804d20f3cf58246ae80a60905 SHA256 76124d4064adcf0743b0e49b6b6b36ff865e29f85ff0223310aef0e6b941d148 EBUILD exim-4.72.ebuild 10201 RMD160 440114e7a0ea73eedbeeec87f9acc7f6111db5dd SHA1 71e6e0a6934497674d8f3d3c365872ff1b2a3f24 SHA256 c08316894cc35cbb5d0ea22efadec39828f228f3f7f99f23e78cd8c98e9b3b0e -MISC ChangeLog 36052 RMD160 e002e4fdd30f097ef9ff26f4f90b616c02741fdd SHA1 d41cfe8f821148c28864d4b48995a96f1d74dde8 SHA256 32ef50ab020ec1d854aa1811d572ada8168d42d6f0cbdd42de1f9aa1c58f4248 +MISC ChangeLog 36214 RMD160 1fa3d5f5073c917e6cd765fedfead4b6d8e0fa6d SHA1 c9b60cc9a2b62b13dfc48f63ccb97bb4a9074bc9 SHA256 13f9e8c9778c69821753b99347e94d6c977557de7daf719ad8ce58b6fffabf71 MISC metadata.xml 1792 RMD160 6220368a815bce6ab738abc114bad380853e17ae SHA1 0f0ceb106180c7f272f27af27ba1a700fa908d45 SHA256 08b60262a51b692d892ebdafceb4717c06ecfb33cd858d085e978ce28360d041 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.15 (GNU/Linux) - -iEYEARECAAYFAkxDaOwACgkQcsIHjyDViGTGnQCfWqxQaislmPYIbXeVOZABXSXw -KXMAmgPWLAhkPAsGZXmfN1hlaS1UE0S5 -=Y2NS ------END PGP SIGNATURE----- diff --git a/mail-mta/exim/exim-4.72-r1.ebuild b/mail-mta/exim/exim-4.72-r1.ebuild new file mode 100644 index 000000000000..5f7c44988a0a --- /dev/null +++ b/mail-mta/exim/exim-4.72-r1.ebuild @@ -0,0 +1,319 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/mail-mta/exim/exim-4.72-r1.ebuild,v 1.1 2010/12/09 12:04:02 klausman Exp $ + +EAPI="3" + +inherit eutils toolchain-funcs multilib pam + +IUSE="tcpd ssl postgres mysql ldap pam exiscan-acl lmtp ipv6 sasl dnsdb perl mbx X nis syslog spf srs gnutls sqlite dovecot-sasl radius maildir +dkim dcc dsn" + +DSN_EXIM_V=469 +DSN_V=1_3 + +DESCRIPTION="A highly configurable, drop-in replacement for sendmail" +SRC_URI="ftp://ftp.exim.org/pub/exim/exim4/${P}.tar.bz2 + mirror://gentoo/system_filter.exim.gz + dsn? ( mirror://sourceforge/eximdsn/eximdsn-patch-1.3/exim_${DSN_EXIM_V}_dsn_${DSN_V}.patch )" +HOMEPAGE="http://www.exim.org/" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86" + +PROVIDE="virtual/mta" + +DEPEND=">=sys-apps/sed-4.0.5 + >=sys-libs/db-3.2 + dev-libs/libpcre + perl? ( sys-devel/libperl ) + pam? ( virtual/pam ) + tcpd? ( sys-apps/tcp-wrappers ) + ssl? ( >=dev-libs/openssl-0.9.6 ) + gnutls? ( net-libs/gnutls + dev-libs/libtasn1 ) + ldap? ( >=net-nds/openldap-2.0.7 ) + mysql? ( virtual/mysql ) + postgres? ( dev-db/postgresql-base ) + sasl? ( >=dev-libs/cyrus-sasl-2.1.14 ) + spf? ( >=mail-filter/libspf2-1.2.5-r1 ) + srs? ( mail-filter/libsrs_alt ) + X? ( x11-proto/xproto + x11-libs/libX11 + x11-libs/libXmu + x11-libs/libXt + x11-libs/libXaw + ) + sqlite? ( dev-db/sqlite ) + radius? ( net-dialup/radiusclient ) + virtual/libiconv + " + # added X check for #57206 +RDEPEND="${DEPEND} + !virtual/mta + !net-mail/mailwrapper + >=net-mail/mailbase-0.00-r5 + virtual/logger + dcc? ( mail-filter/dcc ) + " + +src_prepare() { + epatch "${FILESDIR}"/exim-4.14-tail.patch + epatch "${FILESDIR}"/exim-4.43-r2-localscan_dlopen.patch + epatch "${FILESDIR}"/exim-4.69-r1.27021.patch + # for cross-compilation, but currently breaks normal compiles :/ #266591 + #epatch "${FILESDIR}"/${P}-buildconfig-cross-compile.patch + + use maildir && epatch "${FILESDIR}"/exim-4.20-maildir.patch + use dsn && epatch "${DISTDIR}"/exim_${DSN_EXIM_V}_dsn_${DSN_V}.patch +} + +src_configure() { + local myconf + + sed -i "/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" "${S}"/src/configure.default + cp "${S}"/src/configure.default "${S}"/src/configure.default.orig + + # includes typo fix for bug #47106 + sed -e "48i\CFLAGS=${CFLAGS}" \ + -e "s:# AUTH_CRAM_MD5=yes:AUTH_CRAM_MD5=yes:" \ + -e "s:# AUTH_PLAINTEXT=yes:AUTH_PLAINTEXT=yes:" \ + -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \ + -e "s:COMPRESS_COMMAND=/usr/bin/gzip:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \ + -e "s:ZCAT_COMMAND=/usr/bin/zcat:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \ + -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \ + -e "s:EXIM_MONITOR=eximon.bin:# EXIM_MONITOR=eximon.bin:" \ + -e "s:# INFO_DIRECTORY=/usr/local/info:INFO_DIRECTORY=${EPREFIX}/usr/share/info:" \ + -e "s:# LOG_FILE_PATH=/var/log/exim_%slog:LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log:" \ + -e "s:# PID_FILE_PATH=/var/lock/exim.pid:PID_FILE_PATH=${EPREFIX}/var/run/exim.pid:" \ + -e "s:# SPOOL_DIRECTORY=/var/spool/exim:SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim:" \ + -e "s:# SUPPORT_MAILDIR=yes:SUPPORT_MAILDIR=yes:" \ + -e "s:# SUPPORT_MAILSTORE=yes:SUPPORT_MAILSTORE=yes:" \ + -e "s:EXIM_USER=:EXIM_USER=mail:" \ + -e "s:# AUTH_SPA=yes:AUTH_SPA=yes:" \ + -e "s:^ZCAT_COMMAND.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \ + -e "s:# LOOKUP_PASSWD=yes:LOOKUP_PASSWD=yes:" \ + -e "s:# ALT_CONFIG_ROOT_ONLY.*:ALT_CONFIG_ROOT_ONLY=yes:" \ + src/EDITME > Local/Makefile + + # exiscan-acl is now integrated - enable it when use-flag set + if use exiscan-acl; then + sed -i "s:# WITH_CONTENT_SCAN=yes:WITH_CONTENT_SCAN=yes:" Local/Makefile + sed -i "s:# WITH_OLD_DEMIME=yes:WITH_OLD_DEMIME=yes:" Local/Makefile + elif (use spf || use srs ) then + eerror SPF and SRS support require exiscan-acl to be enabled, please add + eerror to your USE settings. + exit 1 + fi + + if use spf; then + myconf="${myconf} -lspf2" + sed -i "s:# EXPERIMENTAL_SPF=yes:EXPERIMENTAL_SPF=yes:" Local/Makefile + mycflags="${mycflags} -DEXPERIMENTAL_SPF" + fi + if use srs; then + myconf="${myconf} -lsrs_alt" + sed -i "s:# EXPERIMENTAL_SRS=yes:EXPERIMENTAL_SRS=yes:" Local/Makefile + fi + + cd Local + # enable optional exim_monitor support via X use flag bug #46778 + if use X; then + einfo "Configuring eximon" + cp ../exim_monitor/EDITME eximon.conf + sed -i "s:# EXIM_MONITOR=eximon.bin:EXIM_MONITOR=eximon.bin:" Makefile + fi + if use perl; then + sed -i "s:# EXIM_PERL=perl.o:EXIM_PERL=perl.o:" Makefile + fi + # mbox useflag renamed, see bug #110741 + if use mbx; then + sed -i "s:# SUPPORT_MBX=yes:SUPPORT_MBX=yes:" Makefile + fi + if use pam; then + sed -i "s:# \(SUPPORT_PAM=yes\):\1:" Makefile + myconf="${myconf} -lpam" + fi + if use sasl; then + sed -i "s:# CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/var/state/saslauthd/mux:CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/var/lib/sasl2/mux:" Makefile + sed -i "s:# AUTH_CYRUS_SASL=yes:AUTH_CYRUS_SASL=yes:" Makefile + myconf="${myconf} -lsasl2" + fi + if use tcpd; then + sed -i "s:# \(USE_TCP_WRAPPERS=yes\):\1:" Makefile + myconf="${myconf} -lwrap" + fi + if use lmtp; then + sed -i "s:# \(TRANSPORT_LMTP=yes\):\1:" Makefile + fi + if use ipv6; then + echo "HAVE_IPV6=YES" >> Makefile + # to fix bug #41196 + echo "IPV6_USE_INET_PTON=yes" >> Makefile + fi + if use dovecot-sasl; then + sed -i "s:# AUTH_DOVECOT=yes:AUTH_DOVECOT=yes:" Makefile + fi + if use radius; then + myconf="${myconf} -lradiusclient" + sed -i "s:# RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf:RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf:" Makefile + sed -i "s:# RADIUS_LIB_TYPE=RADIUSCLIENT$:RADIUS_LIB_TYPE=RADIUSCLIENT:" Makefile + fi + if [[ -n ${myconf} ]] ; then + echo "EXTRALIBS=${myconf} ${LDFLAGS}" >> Makefile + fi + + # make iconv usage explicit + echo "HAVE_ICONV=yes" >> Makefile + # if we use libiconv, now is the time to tell so + use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile + + cd "${S}" + if use ssl; then + sed -i \ + -e "s:# \(SUPPORT_TLS=yes\):\1:" Local/Makefile + if use gnutls; then + sed -i \ + -e "s:# \(USE_GNUTLS=yes\):\1:" \ + -e "s:# \(TLS_LIBS=-lgnutls -ltasn1 -lgcrypt\):\1:" Local/Makefile + else + sed -i \ + -e "s:# \(TLS_LIBS=-lssl -lcrypto\):\1:" Local/Makefile + fi + fi + + LOOKUP_INCLUDE= + LOOKUP_LIBS= + + if use ldap; then + sed -i \ + -e "s:# \(LOOKUP_LDAP=yes\):\1:" \ + -e "s:# \(LDAP_LIB_TYPE=OPENLDAP2\):\1:" Local/Makefile + LOOKUP_INCLUDE="-I${EROOT}usr/include/ldap" + LOOKUP_LIBS="-lldap -llber" + fi + + if use mysql; then + sed -i "s:# LOOKUP_MYSQL=yes:LOOKUP_MYSQL=yes:" Local/Makefile + LOOKUP_INCLUDE="$LOOKUP_INCLUDE -I${EROOT}usr/include/mysql" + LOOKUP_LIBS="$LOOKUP_LIBS -lmysqlclient" + fi + + if use postgres; then + sed -i "s:# LOOKUP_PGSQL=yes:LOOKUP_PGSQL=yes:" Local/Makefile + LOOKUP_INCLUDE="$LOOKUP_INCLUDE -I${EROOT}usr/include/postgresql" + LOOKUP_LIBS="$LOOKUP_LIBS -lpq" + fi + if use sqlite; then + sed -i "s:# LOOKUP_SQLITE=yes: LOOKUP_SQLITE=yes:" Local/Makefile + LOOKUP_INCLUDE="$LOOKUP_INCLUDE -I${EROOT}usr/include/sqlite" + LOOKUP_LIBS="$LOOKUP_LIBS -lsqlite3" + fi + if [[ -n ${LOOKUP_INCLUDE} ]]; then + sed -i "s:# LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include:LOOKUP_INCLUDE=$LOOKUP_INCLUDE:" \ + Local/Makefile + fi + + if [[ -n ${LOOKUP_LIBS} ]]; then + sed -i "s:# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3:LOOKUP_LIBS=$LOOKUP_LIBS:" \ + Local/Makefile + fi + + sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile + + sed -i "s:# LOOKUP_DSEARCH=yes:LOOKUP_DSEARCH=yes:" Local/Makefile + + if use dnsdb; then + sed -i "s:# LOOKUP_DNSDB=yes:LOOKUP_DNSDB=yes:" Local/Makefile + fi + sed -i "s:# LOOKUP_CDB=yes:LOOKUP_CDB=yes:" Local/Makefile + + if use nis; then + sed -i -e "s:# LOOKUP_NIS=yes:LOOKUP_NIS=yes:" \ + -e "s:# LOOKUP_NISPLUS=yes:LOOKUP_NISPLUS=yes:" Local/Makefile + fi + if use syslog; then + sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Local/Makefile + fi + if ! use dkim; then + # DKIM is enabled by default. We have to explicitly disable it. + echo "DISABLE_DKIM=yes">> Local/Makefile + fi + if use dcc; then + echo "EXPERIMENTAL_DCC=yes">> Local/Makefile + fi + if use dsn; then + sed -i -e "s:#define SUPPORT_DSN:define SUPPORT_DSN:" Local/Makefile + fi + + # use the "native" interface to the DBM library + echo "USE_DB=yes" >> "${S}"/Local/Makefile +} + +src_compile() { + emake CC="$(tc-getCC)" FULLECHO='' || die "make failed" +} + +src_install () { + cd "${S}"/build-exim-gentoo + exeinto /usr/sbin + doexe exim + if use X; then + doexe eximon.bin + doexe eximon + fi + fperms 4755 /usr/sbin/exim + + dodir /usr/bin /usr/sbin /usr/lib + + dosym exim /usr/sbin/sendmail + dosym exim /usr/sbin/rsmtp + dosym exim /usr/sbin/rmail + dosym /usr/sbin/exim /usr/bin/mailq + dosym /usr/sbin/exim /usr/bin/newaliases + dosym /usr/sbin/sendmail /usr/lib/sendmail + + exeinto /usr/sbin + for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \ + exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \ + convert4r3 convert4r4 exipick + do + doexe $i + done + + dodoc "${S}"/doc/* + doman "${S}"/doc/exim.8 + use dsn && dodoc "${S}"/README.DSN + + # conf files + insinto /etc/exim + newins "${S}"/src/configure.default.orig exim.conf.dist + if use exiscan-acl; then + newins "${S}"/src/configure.default exim.conf.exiscan-acl + fi + doins "${WORKDIR}"/system_filter.exim + doins "${FILESDIR}"/auth_conf.sub + + pamd_mimic system-auth exim auth account + + insinto /etc/logrotate.d + newins "${FILESDIR}/exim.logrotate" exim + + newinitd "${FILESDIR}"/exim.rc6 exim + + newconfd "${FILESDIR}"/exim.confd exim + + DIROPTIONS="--mode=0750 --owner=mail --group=mail" + dodir /var/log/${PN} +} + +pkg_postinst() { + einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter." + einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth." + einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist." + if use dcc ; then + einfo "DCC support is experimental, you can find some limited" + einfo "documentation at the bottom of this prerelease message:" + einfo "http://article.gmane.org/gmane.mail.exim.devel/3579" + fi +} |