diff options
author | Fabian Groffen <grobian@gentoo.org> | 2011-05-07 19:12:59 +0000 |
---|---|---|
committer | Fabian Groffen <grobian@gentoo.org> | 2011-05-07 19:12:59 +0000 |
commit | 9918b3f052f0fb8b48534bc8c5dadf8877f599c4 (patch) | |
tree | eac985137cf79b55f041c75cb77bc676f3fa82d4 /mail-mta/exim | |
parent | arm/ia64/m68k/s390/sh/sparc stable wrt #355265 (diff) | |
download | gentoo-2-9918b3f052f0fb8b48534bc8c5dadf8877f599c4.tar.gz gentoo-2-9918b3f052f0fb8b48534bc8c5dadf8877f599c4.tar.bz2 gentoo-2-9918b3f052f0fb8b48534bc8c5dadf8877f599c4.zip |
Revbump for backport of fix for CVE-2011-1764, bug #366369
(Portage version: 2.2.01.18252-prefix/cvs/Darwin powerpc)
Diffstat (limited to 'mail-mta/exim')
-rw-r--r-- | mail-mta/exim/ChangeLog | 8 | ||||
-rw-r--r-- | mail-mta/exim/exim-4.75-r1.ebuild | 326 | ||||
-rw-r--r-- | mail-mta/exim/files/exim-4.75-CVE-2011-1764.patch | 33 |
3 files changed, 366 insertions, 1 deletions
diff --git a/mail-mta/exim/ChangeLog b/mail-mta/exim/ChangeLog index e39b838e7728..84e58307baad 100644 --- a/mail-mta/exim/ChangeLog +++ b/mail-mta/exim/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for mail-mta/exim # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/mail-mta/exim/ChangeLog,v 1.187 2011/04/22 16:07:44 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-mta/exim/ChangeLog,v 1.188 2011/05/07 19:12:59 grobian Exp $ + +*exim-4.75-r1 (07 May 2011) + + 07 May 2011; Fabian Groffen <grobian@gentoo.org> +exim-4.75-r1.ebuild, + +files/exim-4.75-CVE-2011-1764.patch: + Revbump for backport of fix for CVE-2011-1764, bug #366369 22 Apr 2011; Diego E. Pettenò <flameeyes@gentoo.org> exim-4.72.ebuild, exim-4.72-r1.ebuild, exim-4.74-r1.ebuild, exim-4.74-r2.ebuild, diff --git a/mail-mta/exim/exim-4.75-r1.ebuild b/mail-mta/exim/exim-4.75-r1.ebuild new file mode 100644 index 000000000000..0e876c2e09a8 --- /dev/null +++ b/mail-mta/exim/exim-4.75-r1.ebuild @@ -0,0 +1,326 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/mail-mta/exim/exim-4.75-r1.ebuild,v 1.1 2011/05/07 19:12:59 grobian Exp $ + +EAPI="3" + +inherit eutils toolchain-funcs multilib pam + +IUSE="tcpd ssl postgres mysql ldap pam exiscan-acl lmtp ipv6 sasl dnsdb perl mbx X nis syslog spf srs gnutls sqlite dovecot-sasl radius maildir +dkim dcc dsn" + +DSN_EXIM_V=469 +DSN_V=1_3 + +DESCRIPTION="A highly configurable, drop-in replacement for sendmail" +SRC_URI="ftp://ftp.exim.org/pub/exim/exim4/${P}.tar.bz2 + mirror://gentoo/system_filter.exim.gz + dsn? ( mirror://sourceforge/eximdsn/eximdsn-patch-1.3/exim_${DSN_EXIM_V}_dsn_${DSN_V}.patch )" +HOMEPAGE="http://www.exim.org/" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" + +DEPEND=">=sys-apps/sed-4.0.5 + >=sys-libs/db-3.2 + dev-libs/libpcre + perl? ( sys-devel/libperl ) + pam? ( virtual/pam ) + tcpd? ( sys-apps/tcp-wrappers ) + ssl? ( >=dev-libs/openssl-0.9.6 ) + gnutls? ( net-libs/gnutls + dev-libs/libtasn1 ) + ldap? ( >=net-nds/openldap-2.0.7 ) + mysql? ( virtual/mysql ) + postgres? ( dev-db/postgresql-base ) + sasl? ( >=dev-libs/cyrus-sasl-2.1.14 ) + spf? ( >=mail-filter/libspf2-1.2.5-r1 ) + srs? ( mail-filter/libsrs_alt ) + X? ( x11-proto/xproto + x11-libs/libX11 + x11-libs/libXmu + x11-libs/libXt + x11-libs/libXaw + ) + sqlite? ( dev-db/sqlite ) + radius? ( net-dialup/radiusclient ) + virtual/libiconv + " + # added X check for #57206 +RDEPEND="${DEPEND} + !mail-mta/courier + !mail-mta/esmtp + !mail-mta/mini-qmail + !mail-mta/msmtp + !mail-mta/nbsmtp + !mail-mta/netqmail + !mail-mta/nullmailer + !mail-mta/postfix + !mail-mta/qmail-ldap + !mail-mta/sendmail + !<mail-mta/ssmtp-2.64-r2 + !>=mail-mta/ssmtp-2.64-r2[mta] + !net-mail/mailwrapper + >=net-mail/mailbase-0.00-r5 + virtual/logger + dcc? ( mail-filter/dcc ) + " + +src_prepare() { + epatch "${FILESDIR}"/exim-4.14-tail.patch + epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch + epatch "${FILESDIR}"/exim-4.69-r1.27021.patch + epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426 + epatch "${FILESDIR}"/exim-4.75-CVE-2011-1764.patch + + use maildir && epatch "${FILESDIR}"/exim-4.20-maildir.patch + use dsn && epatch "${DISTDIR}"/exim_${DSN_EXIM_V}_dsn_${DSN_V}.patch +} + +src_configure() { + local myconf + + sed -i "/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" "${S}"/src/configure.default + cp "${S}"/src/configure.default "${S}"/src/configure.default.orig + + sed -e "48i\CFLAGS=${CFLAGS}" \ + -e "s:# AUTH_CRAM_MD5=yes:AUTH_CRAM_MD5=yes:" \ + -e "s:# AUTH_PLAINTEXT=yes:AUTH_PLAINTEXT=yes:" \ + -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \ + -e "s:COMPRESS_COMMAND=/usr/bin/gzip:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \ + -e "s:ZCAT_COMMAND=/usr/bin/zcat:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \ + -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \ + -e "s:EXIM_MONITOR=eximon.bin:# EXIM_MONITOR=eximon.bin:" \ + -e "s:# INFO_DIRECTORY=/usr/local/info:INFO_DIRECTORY=${EPREFIX}/usr/share/info:" \ + -e "s:# LOG_FILE_PATH=/var/log/exim_%slog:LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log:" \ + -e "s:# PID_FILE_PATH=/var/lock/exim.pid:PID_FILE_PATH=${EPREFIX}/var/run/exim.pid:" \ + -e "s:# SPOOL_DIRECTORY=/var/spool/exim:SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim:" \ + -e "s:# SUPPORT_MAILDIR=yes:SUPPORT_MAILDIR=yes:" \ + -e "s:# SUPPORT_MAILSTORE=yes:SUPPORT_MAILSTORE=yes:" \ + -e "s:EXIM_USER=:EXIM_USER=mail:" \ + -e "s:# AUTH_SPA=yes:AUTH_SPA=yes:" \ + -e "s:^ZCAT_COMMAND.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \ + -e "s:# LOOKUP_PASSWD=yes:LOOKUP_PASSWD=yes:" \ + src/EDITME > Local/Makefile + + # exiscan-acl is now integrated - enable it when use-flag set + if use exiscan-acl; then + sed -i "s:# WITH_CONTENT_SCAN=yes:WITH_CONTENT_SCAN=yes:" Local/Makefile + sed -i "s:# WITH_OLD_DEMIME=yes:WITH_OLD_DEMIME=yes:" Local/Makefile + elif (use spf || use srs ) then + eerror SPF and SRS support require exiscan-acl to be enabled, please add + eerror to your USE settings. + exit 1 + fi + + if use spf; then + myconf="${myconf} -lspf2" + sed -i "s:# EXPERIMENTAL_SPF=yes:EXPERIMENTAL_SPF=yes:" Local/Makefile + mycflags="${mycflags} -DEXPERIMENTAL_SPF" + fi + if use srs; then + myconf="${myconf} -lsrs_alt" + sed -i "s:# EXPERIMENTAL_SRS=yes:EXPERIMENTAL_SRS=yes:" Local/Makefile + fi + + cd Local + # enable optional exim_monitor support via X use flag bug #46778 + if use X; then + einfo "Configuring eximon" + cp ../exim_monitor/EDITME eximon.conf + sed -i "s:# EXIM_MONITOR=eximon.bin:EXIM_MONITOR=eximon.bin:" Makefile + fi + if use perl; then + sed -i "s:# EXIM_PERL=perl.o:EXIM_PERL=perl.o:" Makefile + fi + # mbox useflag renamed, see bug #110741 + if use mbx; then + sed -i "s:# SUPPORT_MBX=yes:SUPPORT_MBX=yes:" Makefile + fi + if use pam; then + sed -i "s:# \(SUPPORT_PAM=yes\):\1:" Makefile + myconf="${myconf} -lpam" + fi + if use sasl; then + sed -i "s:# CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/var/state/saslauthd/mux:CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/var/lib/sasl2/mux:" Makefile + sed -i "s:# AUTH_CYRUS_SASL=yes:AUTH_CYRUS_SASL=yes:" Makefile + myconf="${myconf} -lsasl2" + fi + if use tcpd; then + sed -i "s:# \(USE_TCP_WRAPPERS=yes\):\1:" Makefile + myconf="${myconf} -lwrap" + fi + if use lmtp; then + sed -i "s:# \(TRANSPORT_LMTP=yes\):\1:" Makefile + fi + if use ipv6; then + echo "HAVE_IPV6=YES" >> Makefile + # to fix bug #41196 + echo "IPV6_USE_INET_PTON=yes" >> Makefile + fi + if use dovecot-sasl; then + sed -i "s:# AUTH_DOVECOT=yes:AUTH_DOVECOT=yes:" Makefile + fi + if use radius; then + myconf="${myconf} -lradiusclient" + sed -i "s:# RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf:RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf:" Makefile + sed -i "s:# RADIUS_LIB_TYPE=RADIUSCLIENT$:RADIUS_LIB_TYPE=RADIUSCLIENT:" Makefile + fi + echo "EXTRALIBS=${myconf} ${LDFLAGS}" >> Makefile + + # make iconv usage explicit + echo "HAVE_ICONV=yes" >> Makefile + # if we use libiconv, now is the time to tell so + use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile + + cd "${S}" + if use ssl; then + sed -i \ + -e "s:# \(SUPPORT_TLS=yes\):\1:" Local/Makefile + if use gnutls; then + sed -i \ + -e "s:# \(USE_GNUTLS=yes\):\1:" \ + -e "s:# \(TLS_LIBS=-lgnutls -ltasn1 -lgcrypt\):\1:" Local/Makefile + else + sed -i \ + -e "s:# \(TLS_LIBS=-lssl -lcrypto\):\1:" Local/Makefile + fi + fi + + LOOKUP_INCLUDE= + LOOKUP_LIBS= + + if use ldap; then + sed -i \ + -e "s:# \(LOOKUP_LDAP=yes\):\1:" \ + -e "s:# \(LDAP_LIB_TYPE=OPENLDAP2\):\1:" Local/Makefile + LOOKUP_INCLUDE="-I${EROOT}usr/include/ldap" + LOOKUP_LIBS="-lldap -llber" + fi + + if use mysql; then + sed -i "s:# LOOKUP_MYSQL=yes:LOOKUP_MYSQL=yes:" Local/Makefile + LOOKUP_INCLUDE="$LOOKUP_INCLUDE -I${EROOT}usr/include/mysql" + LOOKUP_LIBS="$LOOKUP_LIBS -lmysqlclient" + fi + + if use postgres; then + sed -i "s:# LOOKUP_PGSQL=yes:LOOKUP_PGSQL=yes:" Local/Makefile + LOOKUP_INCLUDE="$LOOKUP_INCLUDE -I${EROOT}usr/include/postgresql" + LOOKUP_LIBS="$LOOKUP_LIBS -lpq" + fi + + if use sqlite; then + sed -i "s:# LOOKUP_SQLITE=yes: LOOKUP_SQLITE=yes:" Local/Makefile + LOOKUP_INCLUDE="$LOOKUP_INCLUDE -I${EROOT}usr/include/sqlite" + LOOKUP_LIBS="$LOOKUP_LIBS -lsqlite3" + fi + + if [[ -n ${LOOKUP_INCLUDE} ]]; then + sed -i "s:# LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include:LOOKUP_INCLUDE=$LOOKUP_INCLUDE:" \ + Local/Makefile + fi + + if [[ -n ${LOOKUP_LIBS} ]]; then + sed -i "s:# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3:LOOKUP_LIBS=$LOOKUP_LIBS:" \ + Local/Makefile + fi + + sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile + + sed -i "s:# LOOKUP_DSEARCH=yes:LOOKUP_DSEARCH=yes:" Local/Makefile + + if use dnsdb; then + sed -i "s:# LOOKUP_DNSDB=yes:LOOKUP_DNSDB=yes:" Local/Makefile + fi + sed -i "s:# LOOKUP_CDB=yes:LOOKUP_CDB=yes:" Local/Makefile + + if use nis; then + sed -i -e "s:# LOOKUP_NIS=yes:LOOKUP_NIS=yes:" \ + -e "s:# LOOKUP_NISPLUS=yes:LOOKUP_NISPLUS=yes:" Local/Makefile + fi + if use syslog; then + sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Local/Makefile + fi + if ! use dkim; then + # DKIM is enabled by default. We have to explicitly disable it. + echo "DISABLE_DKIM=yes">> Local/Makefile + fi + if use dcc; then + echo "EXPERIMENTAL_DCC=yes">> Local/Makefile + fi + if use dsn; then + sed -i -e "s:#define SUPPORT_DSN:define SUPPORT_DSN:" Local/Makefile + fi + + # use the "native" interface to the DBM library + echo "USE_DB=yes" >> Local/Makefile +} + +src_compile() { + emake -j1 CC="$(tc-getCC)" FULLECHO='' || die "make failed" +} + +src_install () { + cd "${S}"/build-exim-gentoo + exeinto /usr/sbin + doexe exim + if use X; then + doexe eximon.bin + doexe eximon + fi + fperms 4755 /usr/sbin/exim + + dodir /usr/bin /usr/sbin /usr/lib + + dosym exim /usr/sbin/sendmail + dosym exim /usr/sbin/rsmtp + dosym exim /usr/sbin/rmail + dosym /usr/sbin/exim /usr/bin/mailq + dosym /usr/sbin/exim /usr/bin/newaliases + dosym /usr/sbin/sendmail /usr/lib/sendmail + + exeinto /usr/sbin + for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \ + exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \ + convert4r3 convert4r4 exipick + do + doexe $i + done + + dodoc "${S}"/doc/* + doman "${S}"/doc/exim.8 + use dsn && dodoc "${S}"/README.DSN + + # conf files + insinto /etc/exim + newins "${S}"/src/configure.default.orig exim.conf.dist + if use exiscan-acl; then + newins "${S}"/src/configure.default exim.conf.exiscan-acl + fi + doins "${WORKDIR}"/system_filter.exim + doins "${FILESDIR}"/auth_conf.sub + + pamd_mimic system-auth exim auth account + + insinto /etc/logrotate.d + newins "${FILESDIR}/exim.logrotate" exim + + newinitd "${FILESDIR}"/exim.rc6 exim + + newconfd "${FILESDIR}"/exim.confd exim + + DIROPTIONS="--mode=0750 --owner=mail --group=mail" + dodir /var/log/${PN} +} + +pkg_postinst() { + einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter." + einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth." + einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist." + if use dcc ; then + einfo "DCC support is experimental, you can find some limited" + einfo "documentation at the bottom of this prerelease message:" + einfo "http://article.gmane.org/gmane.mail.exim.devel/3579" + fi +} diff --git a/mail-mta/exim/files/exim-4.75-CVE-2011-1764.patch b/mail-mta/exim/files/exim-4.75-CVE-2011-1764.patch new file mode 100644 index 000000000000..2ce6ec039852 --- /dev/null +++ b/mail-mta/exim/files/exim-4.75-CVE-2011-1764.patch @@ -0,0 +1,33 @@ +http://bugs.gentoo.org/show_bug.cgi?id=366369 + +From: Tom Kistner <tom@tahini.csx.cam.ac.uk> +Date: Sat, 30 Apr 2011 12:20:17 +0000 (+0100) +Subject: Bugzilla #1106: Don't pass DKIM compound log line as format string +X-Git-Tag: exim-4_76_RC1~2 +X-Git-Url: http://git.exim.org/exim.git/commitdiff_plain/337e3505b0e6cd4309db6bf6062b33fa56e06cf8 + +Bugzilla #1106: Don't pass DKIM compound log line as format string +--- + +diff --git a/src/src/dkim.c b/src/src/dkim.c +index e25ff8c..2318cc3 100644 +--- a/src/src/dkim.c ++++ b/src/src/dkim.c +@@ -108,7 +108,7 @@ void dkim_exim_verify_finish(void) { + /* Log a line for each signature */ + uschar *logmsg = string_append(NULL, &size, &ptr, 5, + +- string_sprintf( "DKIM: d=%s s=%s c=%s/%s a=%s ", ++ string_sprintf( "d=%s s=%s c=%s/%s a=%s ", + sig->domain, + sig->selector, + (sig->canon_headers == PDKIM_CANON_SIMPLE)?"simple":"relaxed", +@@ -176,7 +176,7 @@ void dkim_exim_verify_finish(void) { + } + + logmsg[ptr] = '\0'; +- log_write(0, LOG_MAIN, (char *)logmsg); ++ log_write(0, LOG_MAIN, "DKIM: %s", logmsg); + + /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */ + dkim_signers = string_append(dkim_signers, |