From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1500944-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 8F17815802F
	for <garchives@archives.gentoo.org>; Sun, 26 Mar 2023 22:59:13 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id CFF66E0896;
	Sun, 26 Mar 2023 22:59:12 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 98A34E0896
	for <gentoo-commits@lists.gentoo.org>; Sun, 26 Mar 2023 22:59:12 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 965E733BE3B
	for <gentoo-commits@lists.gentoo.org>; Sun, 26 Mar 2023 22:59:11 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 078318E4
	for <gentoo-commits@lists.gentoo.org>; Sun, 26 Mar 2023 22:59:10 +0000 (UTC)
From: "Michael Orlitzky" <mjo@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Michael Orlitzky" <mjo@gentoo.org>
Message-ID: <1679871541.08a4e9d40cf9011fc7b98ab51ed7be6b9b9048bc.mjo@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: mail-filter/spf-engine/
X-VCS-Repository: repo/gentoo
X-VCS-Files: mail-filter/spf-engine/Manifest mail-filter/spf-engine/spf-engine-3.0.3.ebuild
X-VCS-Directories: mail-filter/spf-engine/
X-VCS-Committer: mjo
X-VCS-Committer-Name: Michael Orlitzky
X-VCS-Revision: 08a4e9d40cf9011fc7b98ab51ed7be6b9b9048bc
X-VCS-Branch: master
Date: Sun, 26 Mar 2023 22:59:10 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: b4731279-5ce3-47c9-a12a-b4f474209549
X-Archives-Hash: 011807b87ae0c6512c3540c78e174872

commit:     08a4e9d40cf9011fc7b98ab51ed7be6b9b9048bc
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 25 23:48:14 2023 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Sun Mar 26 22:59:01 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08a4e9d4

mail-filter/spf-engine: add 3.0.3

The new 3.x packaging makes the milter a first-class citizen, but I've
left it disabled for now. There are incorrect paths, unnecessary PID
files and privilege-dropping, and a chown() exploit -- all reported
upstream. But since the milter was never available on Gentoo in the
first place, it seems prudent to leave it disabled until those issues
are sorted out.

Closes: https://bugs.gentoo.org/896976
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

 mail-filter/spf-engine/Manifest                |  1 +
 mail-filter/spf-engine/spf-engine-3.0.3.ebuild | 74 ++++++++++++++++++++++++++
 2 files changed, 75 insertions(+)

diff --git a/mail-filter/spf-engine/Manifest b/mail-filter/spf-engine/Manifest
index 4303d92ba1b5..a1a785990a37 100644
--- a/mail-filter/spf-engine/Manifest
+++ b/mail-filter/spf-engine/Manifest
@@ -1 +1,2 @@
 DIST spf-engine-2.9.3.tar.gz 52974 BLAKE2B 9e6c47af7d523e1486d9bbfee2b0e53a4a97dbfc93e1cd14f70d4676542defaf6fede397d33e21c00e9bb2cdd1016c98981b6c0e735bdfd225b226920b9470b1 SHA512 adde80eca38f372ad00ed7355951007b9c02ef8a52a5a4edcbf2fa9959220f1083e3e313668e9c7ad2c26144148ae8ff62ec468d79936d96b43897598254f528
+DIST spf-engine-3.0.3.tar.gz 61350 BLAKE2B f28dfb10559bfd61be152a4b65a5653ec50b25718fcb63f8a2c9532fd9d52a51c131c99ba5408bd6aa424adc5ce6094da7eeb97dbacd7e60e8abb48c65c4f188 SHA512 08db392d2cce16651ba416fcd265e6606e1a8af3cb88721ed149a2286d11ac9ea6ed4d01572cea6950740890c3334e8e0d496d1d1e9edcc29d04833fec049ab0

diff --git a/mail-filter/spf-engine/spf-engine-3.0.3.ebuild b/mail-filter/spf-engine/spf-engine-3.0.3.ebuild
new file mode 100644
index 000000000000..2c680c53fd35
--- /dev/null
+++ b/mail-filter/spf-engine/spf-engine-3.0.3.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_9 python3_10 python3_11 )
+
+# The built-in ipaddress module handles the parsing of IP addresses. If
+# python is built without ipv6 support, then ipaddress can't parse ipv6
+# addresses, and the daemon will crash if it sees an ipv6 SPF record. In
+# other words, it's completely broken.
+PYTHON_REQ_USE="ipv6(+)"
+DISTUTILS_USE_PEP517=flit
+PYPI_NO_NORMALIZE=1
+inherit distutils-r1 pypi
+
+DESCRIPTION="Policy daemon for Postfix SPF verification"
+HOMEPAGE="https://launchpad.net/spf-engine"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+RDEPEND="dev-python/pyspf[${PYTHON_USEDEP}]
+	dev-python/authres[${PYTHON_USEDEP}]"
+
+DOCS=( CHANGES )
+
+python_prepare_all() {
+	distutils-r1_python_prepare_all
+
+	# The tarball has a "data" directory containing a hierarchy that
+	# flit wants to insert right into /usr. Before it does that, we have
+	# to remove the parts we don't want, and fix some of the paths.
+	#
+	# Note that one of our patches already mangles a few of these
+	# before we even see them.
+
+	einfo "removing milter files"
+	rm -v -r data/lib data/etc/init.d data/share/man/man8 || die
+	rm -v data/etc/pyspf-milter/pyspf-milter.conf || die
+	rm -v spf_engine/milter_spf.py || die
+
+	# And don't create a python-exec wrapper for it.
+	sed -e '/^pyspf-milter = /d' -i pyproject.toml || die
+
+	# The commented conf example is documentation, not configuration.
+	mv -v data/etc/python-policyd-spf/policyd-spf.conf.commented \
+	   data/share/doc/python-policyd-spf/ || die
+
+	# The man page hard-codes /usr/local/etc, it should be /etc.
+	sed -e 's:/usr/local/etc:/etc:g' \
+		-i data/share/man/man1/policyd-spf.1 || die
+
+	# Fix the documentation path.
+	mv -v data/share/doc/python-policyd-spf "data/share/doc/${PF}" || die
+
+	# The "real" config file mentions the commented one, so we point
+	# users in the right direction. Caveat: the documentation is
+	# compressed, so we're usually off by a ".bz2" suffix anyway.
+	local oldconf="policyd-spf.conf.commented"
+	local newconf="/usr/share/doc/${PF}/${oldconf}"
+	sed -e "1 s~ ${oldconf}~,\n#  ${newconf}~" \
+		-i "data/etc/python-policyd-spf/policyd-spf.conf" \
+		|| die 'failed to update commented config file path'
+}
+
+src_install() {
+	distutils-r1_src_install
+
+	# The "data" installation is relative to python's prefix, so
+	# data/etc gets installed to /usr/etc. Let's fix that.
+	mv -v "${ED}/usr/etc" "${ED}/" || die 'failed to relocate sysconfdir'
+}