Security bump - bug #547872

Package-Manager: portage-2.2.18/cvs/Linux x86_64 Manifest-Sign-Key: 0x77F1F175586A3B1F
author: Eray Aslan <eras@gentoo.org> 2015-04-28 19:39:37 +0000
committer: Eray Aslan <eras@gentoo.org> 2015-04-28 19:39:37 +0000
commit: 82a9663e7a2e15bb8e0558952b5b82e154d2dbd2 (patch)
tree: 3328b0fed9d576bf520d74c8fd29109f844b4a77 /net-mail
parent: Add ruby22. (diff)
download: historical-82a9663e7a2e15bb8e0558952b5b82e154d2dbd2.tar.gz
historical-82a9663e7a2e15bb8e0558952b5b82e154d2dbd2.tar.bz2
historical-82a9663e7a2e15bb8e0558952b5b82e154d2dbd2.zip
4 files changed, 374 insertions, 17 deletions
diff --git a/net-mail/dovecot/ChangeLog b/net-mail/dovecot/ChangeLog
index bd190d2cb7a2..29b2ca886d03 100644
--- a/net-mail/dovecot/ChangeLog
+++ b/net-mail/dovecot/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-mail/dovecot
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-mail/dovecot/ChangeLog,v 1.502 2015/03/23 16:02:40 eras Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/dovecot/ChangeLog,v 1.503 2015/04/28 19:39:25 eras Exp $
+
+*dovecot-2.2.16-r1 (28 Apr 2015)
+
+  28 Apr 2015; Eray Aslan <eras@gentoo.org> +dovecot-2.2.16-r1.ebuild,
+  +files/CVE-2015-3420.patch:
+  Security bump - bug #547872
 
   23 Mar 2015; Eray Aslan <eras@gentoo.org> -dovecot-2.2.13.ebuild,
   -dovecot-2.2.14-r1.ebuild, -dovecot-2.2.14.ebuild, -dovecot-2.2.15-r1.ebuild,
diff --git a/net-mail/dovecot/Manifest b/net-mail/dovecot/Manifest
index c0af5b2c989f..cc9ac1806ebb 100644
--- a/net-mail/dovecot/Manifest
+++ b/net-mail/dovecot/Manifest
@@ -1,6 +1,7 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
+AUX CVE-2015-3420.patch 1312 SHA256 d029673b3706b18ba4f14748997702a075259c0b8e303221434ec81a7c145c50 SHA512 534a3ca8e9341de0bb1b13b8420d20a70d15881b3c71b9e7d71fc2e98f90094a6460cf3683b5e752471207faedb2b0126b717bc92c9704cd0bbb1e7283599230 WHIRLPOOL 0a4308a6845c763fba5bfcecb241ae55bc69fd9757d36ee48c672d92a151aa1dc3df62daa4999a9ff5af3c70a145cbd56ed3d9b29f7731accdffd5e3a01aee1c
 AUX dovecot-10-ssl.patch 550 SHA256 04e3fe4d9d974be45c60e461884ad6a0f76803370f9f538eb4ddbc5a788bd667 SHA512 7acc31dd4a3f51a9c13d590fd2803c2cb98c281e0595ca2a800539a143f89b95f923a3678beb0aa2b254a54385522329e0f3e1e8ba4c5852e7b51f8f111122a9 WHIRLPOOL 357aa348975d85fa861cbdca402104db5763cce271c8d20f26d6831dd2c5ab8e527c67f0d4110d21de3977ad8a184a2294ea00d81f3771c3a0a523d935283d8a
 AUX dovecot.init-r4 1609 SHA256 510ebab9dc59832502a9a23d48d12b6e81f3c51c52f5e6652b00b240f621d02e SHA512 9aa5040cd169bfa0dea382d839ef73454105d3befd1e904cef8d0a07eb260051f72f130ba250d716b9bf9b22af542907446e02c4ec92f1c229a2c0a9f560e2cc WHIRLPOOL 51726ed76100521e54470137dab9869537dcf49a58872614312295dff3efab53ac58da30b8bfaaf86677f47ef1e84019e47529226c0a736eed68cac6ce64ae40
 DIST dovecot-2.2-pigeonhole-0.4.2.tar.gz 1159311 SHA256 0499f07037b86489fdc1d48fb19e298d5360ec41273bccaec230eb1bcf5a3e13 SHA512 3b66d00a8462ee668b8671f5eaa48bb91d47ed8bf8b331f7d879ba8c581e2bef11e236b06a8c5da9f1248572348ad0b3e2b867fd0a17badf32152fedbe61c1ed WHIRLPOOL 4d86bd5c010434620d0741156d4b7b24c60252de76958c0fc774418abff4bebeb4a8a78b5490ee34b20d48f61fb2ee75c4ff04202108ecdd33e1eaa9e2763ad9
@@ -13,26 +14,27 @@ DIST dovecot-2.2.16.tar.gz 4830169 SHA256 56ce1287a17fa88a2083116db00200deff1a53
 DIST dovecot-2.2.9.tar.gz 4540858 SHA256 7c3b6b8a05f6ebcc9fd01736fdcac0de12158959f5b99d1f7077f7a8626ee2d5 SHA512 41f826df22d3b34116de7abaa4543cbcf9362d7db1348e3b685019263b89d0ffe8bf0c1ddf21e4baa3bb7e98c87047b85b6fec78873df7f0db18ccecf63cea55 WHIRLPOOL 775cdbca9be788b1d20cd7f45e4d9a6265936b39a780b2232efa84958fa75a11f0984f680249e2af5faf40c9c91fa5c57026b55865dcaeddabcc90d44e3b6fae
 EBUILD dovecot-2.2.13-r1.ebuild 8912 SHA256 22954359d8aacf718526dc70dffe51292f53cb9b03ecb729a82eeffd2e1f624e SHA512 42a452c04cb4414a0bab7b40ee291d8f02beaf8bc81d5380b9e434f8e2bedb626e79428ebb7342b577125da9f1a0e7f9677bf66d3b300d23c007e39516aa9fd0 WHIRLPOOL 6484ba28dbaefb5f6e8b8d41d8b94f16103fc40c952a333d4eb0fa02f7d0f213a1744e26dfda256662b6fd58385fa2d7c7513b3341418d58d686e7c34f685809
 EBUILD dovecot-2.2.15-r3.ebuild 8976 SHA256 187b66130f3d71db9ec7c92d7e60dd123da2ffe8b6315d52c96f2dbc1549f415 SHA512 4ec59dbd7d3667bccf97774612748c8a39eb8fa4f8c05a496357354c88bfdcd28468b750f46a52551ce321cc15038e6b5db9594e5bb49135e462ecfb9981711d WHIRLPOOL 1f3feb1b5b565fdb80858e4dfb9532d9caaff1f578e8936a4b77fcc7b1a1c985b9ad67420f2895a070073b7f0845136fe3b21ef0b7048789855eee9ace29f6ce
+EBUILD dovecot-2.2.16-r1.ebuild 9018 SHA256 61accf3f24da930f96aab6729e16a3853635b85f45d9b4031f0ff1a212e041fd SHA512 daf872889dd5ffb21c5aa66922de9b2f6ccad9132e4e35ba701e21aa480af7a4cb5a46cd062aa12816432f69ef289be45fd4be28e5df21b15c631541beb9ceff WHIRLPOOL caa27d6d1a620ec0d1cb2a860569189981b1b9f768062e4d572b0b72406ab513314ca56047ca848a2374d9d59b375ea3a4627355ce2d28700250cce816847446
 EBUILD dovecot-2.2.16.ebuild 8973 SHA256 0b17860989f6393d71a99e6f04b9e12dc73b1a26ad931324cd03fc4e5b0be109 SHA512 d5fd428948042bcec2a13a3bfaa19f2939ff5ce2f9e98374bd2ae17fe6a318fec40e6fb932d9234849c70fabb07e7fce50c20ef1d9ba63ff1b0eb8d1c470efc1 WHIRLPOOL 55df2b4bdcae1fe8d114435b20f21a46f55d357e7b4577fc971e7c1faa556f7ba0119009db5890a393ee229a176d2e800faff31209e2b5ff0cd035997beca137
 EBUILD dovecot-2.2.9.ebuild 8619 SHA256 39c03397415304be588ee4a0539bdf87f27a71b07b13563bf0fd5a7bb53fcace SHA512 c55803bde7cdac61939f115c284148eba8697dacd863676267cb90d171eb01e452e397a6521daa9b240a3e214b9f40bd3773a88bbd753eaa42da8ebcd516a016 WHIRLPOOL f9e219d3d8d5136b17bc8d6d349f4143126a974415ddc2219285be8d30401afd8013c1ffb786dca5ecdbe55307fb2d6c56f65cfbfba1704b61003a979769173f
-MISC ChangeLog 74087 SHA256 144cf5da521c02e76941cc92627a873449b7f042bddb67f393ed4a4a4413d71e SHA512 4ca2618f3484bf6d1dff7e06fabbd42a07b2a089210bbb625cee0ede689f592962a83f74a56d84910367692504b2222a20a1383fc544edbbee731cb850854014 WHIRLPOOL 0713ffd47d3e86fb932b00e8ea8d940eed38daee084a00cbb7f20aca0b2774144c94ee85904a6c1a0393a77ef4d16cda1a3ff658f3f0b3964549a1a4fcde1d6a
+MISC ChangeLog 74253 SHA256 46f87c5c8e6a533fb081a1a89b29159e0ee0b47c565f18049aabd03b945e6d39 SHA512 54591fa5f09b0670692e78ae7f96f3ce3442a296a2c2337bd4b1a1482c42c48891feacc1a69f19d4bea4d0c6402a996ec79628042199bb5d563f5aecf52d3b4a WHIRLPOOL f7843e79058f8f715cde163545775143589aaa260084131dbe9d0e4fa7dcd74713879ee1ec1595e2e762d573a0decad3a73848a32d682c35110c4089548d8455
 MISC metadata.xml 1078 SHA256 cad311926efedde5a689ae18496389ca80a1e4c5b4b16f1bfb456e8e27ce118c SHA512 f208e189f4901e1385d4c237cb7c91f333021b7bc4656d8b8365d7f6d827dc3a3e7ef58963baec88f399ffea505577e94e7901c5e58119e5952736f1c129e4bb WHIRLPOOL d94e39a391cf3ce8c31647d55a387c6102e244fcc3ebdb34909024f8b2faecf7a225552c77dbc5d841ac45f2583ec38b7f8e18e9eee92fbc702210dbdb581740
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0
+Version: GnuPG v2.1
 
-iQJ8BAEBCABmBQJVEDlIXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
+iQJ8BAEBCABmBQJVP+JTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
 ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQjk1NkM0NUMxNzFCRTY4Rjk4NENDMDk3
-N0YxRjE3NTU4NkEzQjFGAAoJEHfx8XVYajsfkikP/3j7zCvMrp6Uh6x3ra+uASk3
-mXo/zhHn+crROiLlSKGXtEV84t8E51fQY+4w4b2YNpsT2Q0Rk+V1qYb/DYmITmVm
-Uqm3XWE1JaIrtAZ8RXOsLf2ikUVye9DI7/pNq6GWCrLtq39UPfzGcKkLQ2cZUVk8
-a+/kxX0FTGgjRqIOdUAMdZ5inzYd0ME3S4iLegKrA2X6iIL7fNu642J99He8J0h3
-YE5E+A2O5ff+LIWLhPybZ/6Oo/q610SXopItt9JseahwbQoGrQhUg0Gsd00SNCIm
-JLKwAMaifVhOgtIP4Gd41exWfT1VZPEOyiSFYQSmdwT8zstBeN/5phanDTZlduVK
-jP7ZTsGMWVbbBXt03O0AtfwIDtGCPaYdgwDEO7bWY+CypCUkIvn7pE9Ue+j/Nk5w
-bKPO9uUhXwma0ygwC7imdDKYC2blsHkMqXMLUhI//gyA3RAbXeVcqLxJHvNtnSYe
-w908V5XxzPtvyDNF1WsfO37tn2WsH+7iA+fFfokjWZSzsP4+nnlkB/o+btmcKbPK
-74CHbpjLNLzMn3adTGURooBRKJKA6z/jSg4fIE9QuKK19Y/vqBTtV/NoZdqtpIwG
-q+X4r0ky1u3twCU3KzF5yeXDe+WPhOlHm7qUxI8u6TOI0b6H/d/e3XxX38uIvv2W
-kXt3mzETPToLkr3nroWp
-=oCNE
+N0YxRjE3NTU4NkEzQjFGAAoJEHfx8XVYajsf45kQAITXK0mPRU9FsaO5Kh83/O89
+waij6PbIkop6Ea4Yr80/pneio4L3sExyy4djsYZ0rwrMLBkCctWJ9qt0uAVTYOfO
+T243hBemwOx0PEYEeQyiiaT+dnKG/qEEEGNG3M0woZrbgj/TcCLqAVySWMP/KWWC
+V19NO/44tD2yZGsSfoIPQlAwCKjUTdUPGYD6IkY7/tmvOEoo5mAnaSqO8MDs7lwR
+vT9zX+oR6UAF52b13rWoFMfV3kF5MP/8xbpNA39kO2dSJlr7tMF5EwmVCInFwJEX
+WTee1P4oA/CP40XgVVdQ0720VBww1o5Uy0dULA6cw08blDW7lxyN/7z1WgvqWnKP
+5ZOkZ7B+31vMoY/tWwZuo8uV+ADZvWmUPyMWUmbAeOYkC16xSLsKymsRi3ctVHnl
+eLLNXGvG+2KVxFmffd3JCGqMZoY5ExP8rj/KD5/PgC+QHeBqxxVk2cScE4zFTrb9
+PN4J8POu7VqTd4kK6nEf73bFvRsJ7HaOr0zmZcrYz8rSGH1JAC0x5ezZyVMBgIlV
+1M917eEn8kkadBPz99KlbQsoCB7RhnZ3cIA7INggY5ZyyCmrQa04Ek3/rCsAasLG
+03GKGoei8aRoQnMGo5JXwqiOQNjwrFjv/XaxfcECEzXJrxdxQlTFw/MQE6uamMex
++jE4/50F6eslGaxaHteT
+=4DPB
 -----END PGP SIGNATURE-----
diff --git a/net-mail/dovecot/dovecot-2.2.16-r1.ebuild b/net-mail/dovecot/dovecot-2.2.16-r1.ebuild
new file mode 100644
index 000000000000..618bbe0edb20
--- /dev/null
+++ b/net-mail/dovecot/dovecot-2.2.16-r1.ebuild
@@ -0,0 +1,297 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-mail/dovecot/dovecot-2.2.16-r1.ebuild,v 1.1 2015/04/28 19:39:25 eras Exp $
+
+EAPI=5
+inherit eutils multilib ssl-cert systemd user versionator
+
+MY_P="${P/_/.}"
+major_minor="$(get_version_component_range 1-2)"
+sieve_version="0.4.7"
+if [[ ${PV} == *_rc* ]] ; then
+	rc_dir="rc/"
+else
+	rc_dir=""
+fi
+SRC_URI="http://dovecot.org/releases/${major_minor}/${rc_dir}${MY_P}.tar.gz
+	sieve? (
+	http://pigeonhole.dovecot.org/releases/${major_minor}/${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz
+	)
+	managesieve? (
+	http://pigeonhole.dovecot.org/releases/${major_minor}/${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz
+	) "
+DESCRIPTION="An IMAP and POP3 server written with security primarily in mind"
+HOMEPAGE="http://www.dovecot.org/"
+
+SLOT="0"
+LICENSE="LGPL-2.1 MIT"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~x86"
+
+IUSE_DOVECOT_AUTH="kerberos ldap mysql pam postgres sqlite vpopmail"
+IUSE_DOVECOT_STORAGE="cydir imapc +maildir mbox mdbox pop3c sdbox"
+IUSE_DOVECOT_COMPRESS="bzip2 lzma lz4 zlib"
+IUSE_DOVECOT_OTHER="caps doc ipv6 lucene managesieve selinux sieve solr +ssl static-libs suid tcpd"
+
+IUSE="${IUSE_DOVECOT_AUTH} ${IUSE_DOVECOT_STORAGE} ${IUSE_DOVECOT_COMPRESS} ${IUSE_DOVECOT_OTHER}"
+
+DEPEND="bzip2? ( app-arch/bzip2 )
+	caps? ( sys-libs/libcap )
+	kerberos? ( virtual/krb5 )
+	ldap? ( net-nds/openldap )
+	lucene? ( >=dev-cpp/clucene-2.3 )
+	lzma? ( app-arch/xz-utils )
+	lz4? ( app-arch/lz4 )
+	mysql? ( virtual/mysql )
+	pam? ( virtual/pam )
+	postgres? ( dev-db/postgresql:* !dev-db/postgresql[ldap,threads] )
+	selinux? ( sec-policy/selinux-dovecot )
+	solr? ( net-misc/curl dev-libs/expat )
+	sqlite? ( dev-db/sqlite:* )
+	ssl? ( dev-libs/openssl:* )
+	tcpd? ( sys-apps/tcp-wrappers )
+	vpopmail? ( net-mail/vpopmail )
+	zlib? ( sys-libs/zlib )
+	virtual/libiconv"
+
+RDEPEND="${DEPEND}
+	net-mail/mailbase"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+	if use managesieve && ! use sieve; then
+		ewarn "managesieve USE flag selected but sieve USE flag unselected"
+		ewarn "sieve USE flag will be turned on"
+	fi
+	# default internal user
+	enewgroup dovecot 97
+	enewuser dovecot 97 -1 /dev/null dovecot
+	# default login user
+	enewuser dovenull -1 -1 /dev/null
+	# add "mail" group for suid'ing. Better security isolation.
+	if use suid; then
+		enewgroup mail
+	fi
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/CVE-2015-3420.patch"
+	epatch "${FILESDIR}/${PN}-10-ssl.patch"
+
+	epatch_user
+}
+
+src_configure() {
+	local conf=""
+
+	if use postgres || use mysql || use sqlite; then
+		conf="${conf} --with-sql"
+	fi
+
+	local storages=""
+	for storage in ${IUSE_DOVECOT_STORAGE//+/}; do
+		use ${storage} && storages="${storage} ${storages}"
+	done
+	[ "${storages}" ] || storages="maildir"
+
+	# turn valgrind tests off. Bug #340791
+	VALGRIND=no econf \
+		--localstatedir="${EPREFIX}/var" \
+		--with-moduledir="${EPREFIX}/usr/$(get_libdir)/dovecot" \
+		--without-stemmer \
+		--with-storages="${storages}" \
+		--disable-rpath \
+		$( systemd_with_unitdir ) \
+		$( use_with bzip2 bzlib ) \
+		$( use_with caps libcap ) \
+		$( use_with kerberos gssapi ) \
+		$( use_with ldap ) \
+		$( use_with lucene ) \
+		$( use_with lz4 ) \
+		$( use_with lzma ) \
+		$( use_with mysql ) \
+		$( use_with pam ) \
+		$( use_with postgres pgsql ) \
+		$( use_with sqlite ) \
+		$( use_with solr ) \
+		$( use_with ssl ) \
+		$( use_with tcpd libwrap ) \
+		$( use_with vpopmail ) \
+		$( use_with zlib ) \
+		$( use_enable static-libs static ) \
+		${conf}
+
+	if use sieve || use managesieve ; then
+		# The sieve plugin needs this file to be build to determine the plugin
+		# directory and the list of libraries to link to.
+		emake dovecot-config
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		econf \
+			$( use_enable static-libs static ) \
+			--localstatedir="${EPREFIX}/var" \
+			--enable-shared \
+			--with-dovecot="../${MY_P}" \
+			$( use_with managesieve )
+	fi
+}
+
+src_compile() {
+	default
+	if use sieve || use managesieve ; then
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}"
+	fi
+}
+
+src_test() {
+	default
+	if use sieve || use managesieve ; then
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		default
+	fi
+}
+
+src_install () {
+	default
+
+	# insecure:
+	# use suid && fperms u+s /usr/libexec/dovecot/deliver
+	# better:
+	if use suid;then
+		einfo "Changing perms to allow deliver to be suided"
+		fowners root:mail "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"
+		fperms 4750 "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"
+	fi
+
+	newinitd "${FILESDIR}"/dovecot.init-r4 dovecot
+
+	rm -rf "${ED}"/usr/share/doc/dovecot
+
+	dodoc AUTHORS NEWS README TODO
+	dodoc doc/*.{txt,cnf,xml,sh}
+	docinto example-config
+	dodoc doc/example-config/*.{conf,ext}
+	docinto example-config/conf.d
+	dodoc doc/example-config/conf.d/*.{conf,ext}
+	docinto wiki
+	dodoc doc/wiki/*
+	doman doc/man/*.{1,7}
+
+	# Create the dovecot.conf file from the dovecot-example.conf file that
+	# the dovecot folks nicely left for us....
+	local conf="${ED}/etc/dovecot/dovecot.conf"
+	local confd="${ED}/etc/dovecot/conf.d"
+
+	insinto /etc/dovecot
+	doins doc/example-config/*.{conf,ext}
+	insinto /etc/dovecot/conf.d
+	doins doc/example-config/conf.d/*.{conf,ext}
+	fperms 0600 "${EPREFIX}"/etc/dovecot/dovecot-{ldap,sql}.conf.ext
+	rm -f "${confd}/../README"
+
+	# .maildir is the Gentoo default
+	local mail_location="maildir:~/.maildir"
+	if ! use maildir; then
+		if use mbox; then
+			mail_location="mbox:/var/spool/mail/%u:INDEX=/var/dovecot/%u"
+			keepdir /var/dovecot
+			sed -i -e 's|#mail_privileged_group =|mail_privileged_group = mail|' \
+			"${confd}/10-mail.conf" || die "sed failed"
+		elif use mdbox ; then
+			mail_location="mdbox:~/.mdbox"
+		elif use sdbox ; then
+			mail_location="sdbox:~/.sdbox"
+		fi
+	fi
+	sed -i -e \
+		"s|#mail_location =|mail_location = ${mail_location}|" \
+		"${confd}/10-mail.conf" \
+		|| die "failed to update mail location settings in 10-mail.conf"
+
+	# We're using pam files (imap and pop3) provided by mailbase
+	if use pam; then
+		sed -i -e '/driver = pam/,/^[ \t]*}/ s|#args = dovecot|args = "\*"|' \
+			"${confd}/auth-system.conf.ext" \
+			|| die "failed to update PAM settings in auth-system.conf.ext"
+		# mailbase does not provide a sieve pam file
+		use managesieve && dosym imap /etc/pam.d/sieve
+		sed -i -e \
+			's/#!include auth-system.conf.ext/!include auth-system.conf.ext/' \
+			"${confd}/10-auth.conf" \
+			|| die "failed to update PAM settings in 10-auth.conf"
+	fi
+
+	# Disable ipv6 if necessary
+	if ! use ipv6; then
+		sed -i -e 's/^#listen = \*, ::/listen = \*/g' "${conf}" \
+			|| die "failed to update listen settings in dovecot.conf"
+	fi
+
+	# Update ssl cert locations
+	if use ssl; then
+		sed -i -e 's:^#ssl = yes:ssl = yes:' "${confd}/10-ssl.conf" \
+		|| die "ssl conf failed"
+		sed -i -e 's:^ssl_cert =.*:ssl_cert = </etc/ssl/dovecot/server.pem:' \
+			-e 's:^ssl_key =.*:ssl_key = </etc/ssl/dovecot/server.key:' \
+			"${confd}/10-ssl.conf" || die "failed to update SSL settings in 10-ssl.conf"
+	fi
+
+	# Install SQL configuration
+	if use mysql || use postgres; then
+		sed -i -e \
+			's/#!include auth-sql.conf.ext/!include auth-sql.conf.ext/' \
+			"${confd}/10-auth.conf" || die "failed to update SQL settings in \
+			10-auth.conf"
+	fi
+
+	# Install LDAP configuration
+	if use ldap; then
+		sed -i -e \
+			's/#!include auth-ldap.conf.ext/!include auth-ldap.conf.ext/' \
+			"${confd}/10-auth.conf" \
+			|| die "failed to update ldap settings in 10-auth.conf"
+	fi
+
+	if use vpopmail; then
+		sed -i -e \
+			's/#!include auth-vpopmail.conf.ext/!include auth-vpopmail.conf.ext/' \
+			"${confd}/10-auth.conf" \
+			|| die "failed to update vpopmail settings in 10-auth.conf"
+	fi
+
+	if use sieve || use managesieve ; then
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		emake DESTDIR="${ED}" install
+		sed -i -e \
+			's/^[[:space:]]*#mail_plugins = $mail_plugins/mail_plugins = sieve/' "${confd}/15-lda.conf" \
+			|| die "failed to update sieve settings in 15-lda.conf"
+		rm -rf "${ED}"/usr/share/doc/dovecot
+		dodoc doc/*.txt
+		docinto example-config/conf.d
+		dodoc doc/example-config/conf.d/*.conf
+		insinto /etc/dovecot/conf.d
+		doins doc/example-config/conf.d/90-sieve{,-extprograms}.conf
+		use managesieve && doins doc/example-config/conf.d/20-managesieve.conf
+		docinto sieve/rfc
+		dodoc doc/rfc/*.txt
+		docinto sieve/devel
+		dodoc doc/devel/DESIGN
+		doman doc/man/*.{1,7}
+	fi
+
+	use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete
+}
+
+pkg_postinst() {
+	if use ssl; then
+	# Let's not make a new certificate if we already have one
+		if ! [[ -e "${ROOT}"/etc/ssl/dovecot/server.pem && \
+		-e "${ROOT}"/etc/ssl/dovecot/server.key ]];	then
+			einfo "Creating SSL	certificate"
+			SSL_ORGANIZATION="${SSL_ORGANIZATION:-Dovecot IMAP Server}"
+			install_cert /etc/ssl/dovecot/server
+		fi
+	fi
+
+	elog "Please read http://wiki2.dovecot.org/Upgrading/ for upgrade notes."
+}
diff --git a/net-mail/dovecot/files/CVE-2015-3420.patch b/net-mail/dovecot/files/CVE-2015-3420.patch
new file mode 100644
index 000000000000..9bf389c06ae5
--- /dev/null
+++ b/net-mail/dovecot/files/CVE-2015-3420.patch
@@ -0,0 +1,52 @@
+--- a/src/login-common/ssl-proxy-openssl.c	Sat Apr 25 12:16:07 2015 +0300
++++ b/src/login-common/ssl-proxy-openssl.c	Tue Apr 28 11:27:04 2015 +0200
+@@ -80,6 +80,7 @@
+ 	unsigned int cert_broken:1;
+ 	unsigned int client_proxy:1;
+ 	unsigned int flushing:1;
++	unsigned int failed:1;
+ };
+ 
+ struct ssl_parameters {
+@@ -131,6 +132,12 @@
+ static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
+ #endif
+ 
++static void ssl_proxy_destroy_failed(struct ssl_proxy *proxy)
++{
++	proxy->failed = TRUE;
++	ssl_proxy_destroy(proxy);
++}
++
+ static unsigned int ssl_server_context_hash(const struct ssl_server_context *ctx)
+ {
+ 	unsigned int i, g, h = 0;
+@@ -462,7 +469,7 @@
+ 
+ 	if (errstr != NULL) {
+ 		proxy->last_error = i_strdup(errstr);
+-		ssl_proxy_destroy(proxy);
++		ssl_proxy_destroy_failed(proxy);
+ 	}
+ 	ssl_proxy_unref(proxy);
+ }
+@@ -492,7 +499,7 @@
+ 
+ 	if (proxy->handshake_callback != NULL) {
+ 		if (proxy->handshake_callback(proxy->handshake_context) < 0)
+-			ssl_proxy_destroy(proxy);
++			ssl_proxy_destroy_failed(proxy);
+ 	}
+ }
+ 
+@@ -822,7 +829,8 @@
+ 	if (proxy->destroyed || proxy->flushing)
+ 		return;
+ 	proxy->flushing = TRUE;
+-	ssl_proxy_flush(proxy);
++	if (!proxy->failed && proxy->handshaked)
++		ssl_proxy_flush(proxy);
+ 	proxy->destroyed = TRUE;
+ 
+ 	ssl_proxy_count--;
+
author	Eray Aslan <eras@gentoo.org>	2015-04-28 19:39:37 +0000
committer	Eray Aslan <eras@gentoo.org>	2015-04-28 19:39:37 +0000
commit	82a9663e7a2e15bb8e0558952b5b82e154d2dbd2 (patch)
tree	3328b0fed9d576bf520d74c8fd29109f844b4a77 /net-mail
parent	Add ruby22. (diff)
download	historical-82a9663e7a2e15bb8e0558952b5b82e154d2dbd2.tar.gz historical-82a9663e7a2e15bb8e0558952b5b82e154d2dbd2.tar.bz2 historical-82a9663e7a2e15bb8e0558952b5b82e154d2dbd2.zip