From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 272FE138330 for ; Fri, 23 Sep 2016 06:33:42 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F080EE084C; Fri, 23 Sep 2016 06:33:39 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 75CF1E084C for ; Fri, 23 Sep 2016 06:33:39 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 75B3B33BF08 for ; Fri, 23 Sep 2016 06:33:37 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 9EB44247E for ; Fri, 23 Sep 2016 06:33:35 +0000 (UTC) From: "Patrick McLean" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Patrick McLean" Message-ID: <1474612395.256e681c044e33a785157c060fd9f411af66db71.chutzpah@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: mail-mta/postfix/, mail-mta/postfix/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: mail-mta/postfix/files/postfix-libressl-runtime.patch mail-mta/postfix/postfix-3.1.2-r1.ebuild X-VCS-Directories: mail-mta/postfix/files/ mail-mta/postfix/ X-VCS-Committer: chutzpah X-VCS-Committer-Name: Patrick McLean X-VCS-Revision: 256e681c044e33a785157c060fd9f411af66db71 X-VCS-Branch: master Date: Fri, 23 Sep 2016 06:33:35 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: a150c0ff-adcc-42e3-995c-a70088200304 X-Archives-Hash: 8e044735ec7bb1691232a5dbe3da2f17 commit: 256e681c044e33a785157c060fd9f411af66db71 Author: Patrick McLean gentoo org> AuthorDate: Fri Sep 23 06:33:15 2016 +0000 Commit: Patrick McLean gentoo org> CommitDate: Fri Sep 23 06:33:15 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=256e681c mail-mta/postfix: Revision bump, fix runtime failures with libressl The libressl patch allowed postfix to compile, but TLS was failing to initialize at runtime. This makes postfix actually work with libressl rather than simply compile. Patch constructed from a set of diffs on the FreeBSD git. Package-Manager: portage-2.3.1 .../postfix/files/postfix-libressl-runtime.patch | 102 +++++++ mail-mta/postfix/postfix-3.1.2-r1.ebuild | 309 +++++++++++++++++++++ 2 files changed, 411 insertions(+) diff --git a/mail-mta/postfix/files/postfix-libressl-runtime.patch b/mail-mta/postfix/files/postfix-libressl-runtime.patch new file mode 100644 index 00000000..8140886 --- /dev/null +++ b/mail-mta/postfix/files/postfix-libressl-runtime.patch @@ -0,0 +1,102 @@ +--- src/posttls-finger/posttls-finger.c.orig 2016-08-27 20:27:50 UTC ++++ src/posttls-finger/posttls-finger.c +@@ -1511,7 +1511,8 @@ static int finger(STATE *state) + return (0); + } + +-#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L ++#if defined(USE_TLS) && \ ++ ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ) + + /* ssl_cleanup - free memory allocated in the OpenSSL library */ + +@@ -1958,7 +1959,8 @@ int main(int argc, char *argv[]) + cleanup(&state); + + /* OpenSSL 1.1.0 and later (de)initialization is implicit */ +-#if defined(USE_TLS) && OPENSSL_VERSION_NUMBER < 0x10100000L ++#if defined(USE_TLS) && \ ++ ( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ) + ssl_cleanup(); + #endif + +--- src/tls/tls_client.c.orig 2016-08-27 20:27:50 UTC ++++ src/tls/tls_client.c +@@ -299,7 +299,7 @@ TLS_APPL_STATE *tls_client_init(const TL + */ + tls_check_version(); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + /* + * Initialize the OpenSSL library by the book! To start with, we must +@@ -441,7 +441,7 @@ TLS_APPL_STATE *tls_client_init(const TL + /* + * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev + */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + /* + * According to the OpenSSL documentation, temporary RSA key is needed +--- src/tls/tls_dane.c.orig 2016-08-27 20:27:50 UTC ++++ src/tls/tls_dane.c +@@ -2163,7 +2163,7 @@ static SSL_CTX *ctx_init(const char *CAf + tls_param_init(); + tls_check_version(); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + SSL_load_error_strings(); + SSL_library_init(); + #endif +--- src/tls/tls_rsa.c.orig 2016-01-03 14:49:51 UTC ++++ src/tls/tls_rsa.c +@@ -57,7 +57,7 @@ + /* + * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev + */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + /* tls_tmp_rsa_cb - call-back to generate ephemeral RSA key */ + +@@ -109,7 +109,7 @@ int main(int unused_argc, char *cons + /* + * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev + */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + RSA *rsa; + + msg_vstream_init(argv[0], VSTREAM_ERR); +--- src/tls/tls_server.c.orig 2016-08-27 20:27:50 UTC ++++ src/tls/tls_server.c +@@ -174,7 +174,7 @@ static const char server_session_id_cont + #endif /* OPENSSL_VERSION_NUMBER */ + + /* OpenSSL 1.1.0 bitrot */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + typedef const unsigned char *session_id_t; + + #else +@@ -377,7 +377,7 @@ TLS_APPL_STATE *tls_server_init(const TL + */ + tls_check_version(); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + /* + * Initialize the OpenSSL library by the book! To start with, we must +@@ -588,7 +588,7 @@ TLS_APPL_STATE *tls_server_init(const TL + /* + * 2015-12-05: Ephemeral RSA removed from OpenSSL 1.1.0-dev + */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + /* + * According to OpenSSL documentation, a temporary RSA key is needed when diff --git a/mail-mta/postfix/postfix-3.1.2-r1.ebuild b/mail-mta/postfix/postfix-3.1.2-r1.ebuild new file mode 100644 index 00000000..15f8e1d --- /dev/null +++ b/mail-mta/postfix/postfix-3.1.2-r1.ebuild @@ -0,0 +1,309 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 +inherit flag-o-matic pam systemd toolchain-funcs user + +MY_PV="${PV/_rc/-RC}" +MY_SRC="${PN}-${MY_PV}" +MY_URI="ftp://ftp.porcupine.org/mirrors/postfix-release/official" +RC_VER="2.7" + +DESCRIPTION="A fast and secure drop-in replacement for sendmail" +HOMEPAGE="http://www.postfix.org/" +SRC_URI="${MY_URI}/${MY_SRC}.tar.gz" + +LICENSE="IBM" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="+berkdb cdb doc dovecot-sasl +eai hardened ldap ldap-bind libressl lmdb memcached mbox mysql nis pam postgres sasl selinux sqlite ssl" + +DEPEND=">=dev-libs/libpcre-3.4 + dev-lang/perl + berkdb? ( >=sys-libs/db-3.2:* ) + cdb? ( || ( >=dev-db/tinycdb-0.76 >=dev-db/cdb-0.75-r4 ) ) + eai? ( dev-libs/icu:= ) + ldap? ( net-nds/openldap ) + ldap-bind? ( net-nds/openldap[sasl] ) + lmdb? ( >=dev-db/lmdb-0.9.11 ) + mysql? ( virtual/mysql ) + pam? ( virtual/pam ) + postgres? ( dev-db/postgresql:* ) + sasl? ( >=dev-libs/cyrus-sasl-2 ) + sqlite? ( dev-db/sqlite:3 ) + ssl? ( + !libressl? ( dev-libs/openssl:0 ) + libressl? ( dev-libs/libressl ) + )" + +RDEPEND="${DEPEND} + dovecot-sasl? ( net-mail/dovecot ) + memcached? ( net-misc/memcached ) + net-mail/mailbase + !mail-mta/courier + !mail-mta/esmtp + !mail-mta/exim + !mail-mta/mini-qmail + !mail-mta/msmtp[mta] + !mail-mta/netqmail + !mail-mta/nullmailer + !mail-mta/qmail-ldap + !mail-mta/sendmail + !mail-mta/opensmtpd + !=mail-mta/ssmtp-2.64-r2[mta] + !net-mail/fastforward + selinux? ( sec-policy/selinux-postfix )" + +REQUIRED_USE="ldap-bind? ( ldap sasl )" + +S="${WORKDIR}/${MY_SRC}" + +pkg_setup() { + # Add postfix, postdrop user/group (bug #77565) + enewgroup postfix 207 + enewgroup postdrop 208 + enewuser postfix 207 -1 /var/spool/postfix postfix,mail +} + +src_prepare() { + default + sed -i -e "/^#define ALIAS_DB_MAP/s|:/etc/aliases|:/etc/mail/aliases|" \ + src/util/sys_defs.h || die "sed failed" + # change default paths to better comply with portage standard paths + sed -i -e "s:/usr/local/:/usr/:g" conf/master.cf || die "sed failed" + eapply -p0 "${FILESDIR}/${PN}-libressl.patch" + eapply -p0 "${FILESDIR}/${PN}-libressl-runtime.patch" +} + +src_configure() { + for name in CDB LDAP LMDB MYSQL PCRE PGSQL SDBM SQLITE + do + local AUXLIBS_${name}="" + done + + # Make sure LDFLAGS get passed down to the executables. + local mycc="-DHAS_PCRE" mylibs="${LDFLAGS} -ldl" + AUXLIBS_PCRE="$(pcre-config --libs)" + + use pam && mylibs="${mylibs} -lpam" + + if use ldap; then + mycc="${mycc} -DHAS_LDAP" + AUXLIBS_LDAP="-lldap -llber" + fi + + if use mysql; then + mycc="${mycc} -DHAS_MYSQL $(mysql_config --include)" + AUXLIBS_MYSQL="$(mysql_config --libs)" + fi + + if use postgres; then + mycc="${mycc} -DHAS_PGSQL -I$(pg_config --includedir)" + AUXLIBS_PGSQL="-L$(pg_config --libdir) -lpq" + fi + + if use sqlite; then + mycc="${mycc} -DHAS_SQLITE" + AUXLIBS_SQLITE="-lsqlite3 -lpthread" + fi + + if use ssl; then + mycc="${mycc} -DUSE_TLS" + mylibs="${mylibs} -lssl -lcrypto" + fi + + if use lmdb; then + mycc="${mycc} -DHAS_LMDB" + AUXLIBS_LMDB="-llmdb -lpthread" + fi + + if ! use eai; then + mycc="${mycc} -DNO_EAI" + fi + + # broken. and "in other words, not supported" by upstream. + # Use inet_protocols setting in main.cf + #if ! use ipv6; then + # mycc="${mycc} -DNO_IPV6" + #fi + + if use sasl; then + if use dovecot-sasl; then + # Set dovecot as default. + mycc="${mycc} -DDEF_SASL_SERVER=\\\"dovecot\\\"" + fi + if use ldap-bind; then + mycc="${mycc} -DUSE_LDAP_SASL" + fi + mycc="${mycc} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl" + mylibs="${mylibs} -lsasl2" + elif use dovecot-sasl; then + mycc="${mycc} -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\\\"dovecot\\\"" + fi + + if ! use nis; then + mycc="${mycc} -DNO_NIS" + fi + + if ! use berkdb; then + mycc="${mycc} -DNO_DB" + if use cdb; then + # change default hash format from Berkeley DB to cdb + mycc="${mycc} -DDEF_DB_TYPE=\\\"cdb\\\"" + fi + fi + + if use cdb; then + mycc="${mycc} -DHAS_CDB -I/usr/include/cdb" + # Tinycdb is preferred. + if has_version dev-db/tinycdb ; then + einfo "Building with dev-db/tinycdb" + AUXLIBS_CDB="-lcdb" + else + einfo "Building with dev-db/cdb" + CDB_PATH="/usr/$(get_libdir)" + for i in cdb.a alloc.a buffer.a unix.a byte.a ; do + AUXLIBS_CDB="${AUXLIBS_CDB} ${CDB_PATH}/${i}" + done + fi + fi + + # Robin H. Johnson 17/Nov/2006 + # Fix because infra boxes hit 2Gb .db files that fail a 32-bit fstat signed check. + mycc="${mycc} -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" + filter-lfs-flags + + # Workaround for bug #76512 + if use hardened; then + [[ "$(gcc-version)" == "3.4" ]] && replace-flags -O? -Os + fi + + # Remove annoying C++ comment style warnings - bug #378099 + append-flags -Wno-comment + + sed -i -e "/^RANLIB/s/ranlib/$(tc-getRANLIB)/g" "${S}"/makedefs + sed -i -e "/^AR/s/ar/$(tc-getAR)/g" "${S}"/makedefs + + emake makefiles shared=yes dynamicmaps=no pie=yes \ + shlib_directory="/usr/$(get_libdir)/postfix/MAIL_VERSION" \ + DEBUG="" CC="$(tc-getCC)" OPT="${CFLAGS}" CCARGS="${mycc}" AUXLIBS="${mylibs}" \ + AUXLIBS_CDB="${AUXLIBS_CDB}" AUXLIBS_LDAP="${AUXLIBS_LDAP}" \ + AUXLIBS_LMDB="${AUXLIBS_LMDB}" AUXLIBS_MYSQL="${AUXLIBS_MYSQL}" \ + AUXLIBS_PCRE="${AUXLIBS_PCRE}" AUXLIBS_PGSQL="${AUXLIBS_PGSQL}" \ + AUXLIBS_SQLITE="${AUXLIBS_SQLITE}" +} + +src_install () { + local myconf + use doc && myconf="readme_directory=\"/usr/share/doc/${PF}/readme\" \ + html_directory=\"/usr/share/doc/${PF}/html\"" + + LD_LIBRARY_PATH="${S}/lib" \ + /bin/sh postfix-install \ + -non-interactive \ + install_root="${D}" \ + config_directory="/etc/postfix" \ + manpage_directory="/usr/share/man" \ + command_directory="/usr/sbin" \ + mailq_path="/usr/bin/mailq" \ + newaliases_path="/usr/bin/newaliases" \ + sendmail_path="/usr/sbin/sendmail" \ + ${myconf} \ + || die "postfix-install failed" + + # Fix spool removal on upgrade + rm -Rf "${D}"/var + keepdir /var/spool/postfix + + # Install rmail for UUCP, closes bug #19127 + dobin auxiliary/rmail/rmail + + # Provide another link for legacy FSH + dosym /usr/sbin/sendmail /usr/$(get_libdir)/sendmail + + # Install qshape and posttls-finger + dobin auxiliary/qshape/qshape.pl + doman man/man1/qshape.1 + dobin bin/posttls-finger + doman man/man1/posttls-finger.1 + + # Performance tuning tools and their manuals + dosbin bin/smtp-{source,sink} bin/qmqp-{source,sink} + doman man/man1/smtp-{source,sink}.1 man/man1/qmqp-{source,sink}.1 + + # Set proper permissions on required files/directories + dodir /var/lib/postfix + keepdir /var/lib/postfix + fowners -R postfix:postfix /var/lib/postfix + fperms 0750 /var/lib/postfix + fowners root:postdrop /usr/sbin/post{drop,queue} + fperms 02711 /usr/sbin/post{drop,queue} + + keepdir /etc/postfix + if use mbox; then + mypostconf="mail_spool_directory=/var/spool/mail" + else + mypostconf="home_mailbox=.maildir/" + fi + LD_LIBRARY_PATH="${S}/lib" \ + "${D}"/usr/sbin/postconf -c "${D}"/etc/postfix \ + -e ${mypostconf} || die "postconf failed" + + insinto /etc/postfix + newins "${FILESDIR}"/smtp.pass saslpass + fperms 600 /etc/postfix/saslpass + + newinitd "${FILESDIR}"/postfix.rc6.${RC_VER} postfix + # do not start mysql/postgres unnecessarily - bug #359913 + use mysql || sed -i -e "s/mysql //" "${D}/etc/init.d/postfix" + use postgres || sed -i -e "s/postgresql //" "${D}/etc/init.d/postfix" + + dodoc *README COMPATIBILITY HISTORY PORTING RELEASE_NOTES* + use doc && mv "${S}"/examples "${D}"/usr/share/doc/${PF}/ + + pamd_mimic_system smtp auth account + + if use sasl; then + insinto /etc/sasl2 + newins "${FILESDIR}"/smtp.sasl smtpd.conf + fi + + # header files + insinto /usr/include/postfix + doins include/*.h + + # Keep config_dir clean + rm -f "${D}"/etc/postfix/{*LICENSE,access,aliases,canonical,generic} + rm -f "${D}"/etc/postfix/{header_checks,relocated,transport,virtual} + + if has_version mail-mta/postfix; then + # let the sysadmin decide when to change the compatibility_level + sed -i -e /^compatibility_level/"s/^/#/" "${D}"/etc/postfix/main.cf || die + fi + + systemd_dounit "${FILESDIR}/${PN}.service" +} + +pkg_postinst() { + if [[ ! -e /etc/mail/aliases.db ]] ; then + ewarn + ewarn "You must edit /etc/mail/aliases to suit your needs" + ewarn "and then run /usr/bin/newaliases. Postfix will not" + ewarn "work correctly without it." + ewarn + fi + + # configure tls + if use ssl ; then + if "${EROOT}"/usr/sbin/postfix tls all-default-client; then + elog "To configure client side TLS settings:" + elog "${EROOT}"usr/sbin/postfix tls enable-client + fi + if "${EROOT}"/usr/sbin/postfix tls all-default-server; then + elog "To configure server side TLS settings:" + elog "${EROOT}"usr/sbin/postfix tls enable-server + fi + fi +}