forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
net-mail/dovecot: security bump - bug 615264
Package-Manager: Portage-2.3.5, Repoman-2.3.2
- Loading branch information
Showing
2 changed files
with
309 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,8 @@ | ||
DIST dovecot-2.2-pigeonhole-0.4.16.tar.gz 1713634 SHA256 8f0b98f18062d6e241eef74ebe16cc167cd246361cbe6657d94f0ecc5d7d3234 SHA512 5f59fb35dbe638f8ddd19c0fd0f3fbd6fec1fa238f3781b94c50a8f7ce72a53ac1381a6f8ad9bcc90df1edfa2b263a6dfba88521578e55ce4b3d840bed022b79 WHIRLPOOL 5e037d1e271b9c12a111966306c30536035126e9ba1213697804614d8a3d38996b117b37a744cb5b97873e136bddf110177c501d46c5ce0ffd2110932b911f00 | ||
DIST dovecot-2.2-pigeonhole-0.4.17.tar.gz 1787177 SHA256 74d869c7532cbf4fe41e3cc95a1aa6ce32e98f4d423f0d099da1e0fba022dae3 SHA512 3ea6faebf04154649c32612f204e909aa131582c99867865bff3d3a78a75593d96109586eeb6403bc915046b8b6f02e8bacbf6cb6733ea186d2e1a209a7e2b79 WHIRLPOOL bccf0c679c627cd791af69e8f7efa232b6448d7246af0108c3917ab9f65fc16ca860240c8b69fa8dda23d7b3b485fc9527bfca33bc49b42a10d84a29897a2a3b | ||
DIST dovecot-2.2-pigeonhole-0.4.18.tar.gz 1742357 SHA256 dd871bb57fad22795460f613f3c9484a8bf229272ac00956d837a34444f1c3a9 SHA512 6f49a6a6435b0e4dcbe29f852ce17c016df2f367f5460301a2a2c6bd5f5ba6260b23bfe1c5e78b91c6041554ee67d1ce14ad3adf219505f692c61681d9e70cc4 WHIRLPOOL 809ca6efbdf8688087bbfa48902d7c5467a5313135ce23d621eb84541854140e48c94e7ce8180f9e64816df8c1faf85a8cb42c29bf749da1eb7ebfb125469080 | ||
DIST dovecot-2.2-pigeonhole-0.4.9.tar.gz 1577127 SHA256 82892f876d26008a076973dfddf1cffaf5a0451825fd44e06287e94b89078649 SHA512 9e7a18b43d59ed955b142d16696ca221822a547ea59ac70c1bb374eedb28b6ed99ea49f34ead1f9a16ded4573605e410a5cc8e038e1bdf5f943a65588b5d3af2 WHIRLPOOL be309436b43af82a7cb8eff205e1638b2c59751927fdab187e6fde72330e4abd99878cbfa94ca50440ec8de1f9b569bf334d426891ddc73d5f647ee2040c193f | ||
DIST dovecot-2.2.19.tar.gz 5256627 SHA256 759e1e3f9d907cdaabad1f5fbacc793ca191d234c084bec3bba42966952a4e9f SHA512 1b9d605a6a5862ade9d1ca634a9e0171b7c212ab025fc2059051c3795470685b66516fa9fbe5ad91d84388268ea15795f2dcd70ffdf81736ce4d80fd284835e9 WHIRLPOOL 30dbe70bfeef10dbe414ebf3f091041ad66926a8748cd401ecaf9ed5c7602939e86943d98bfb839f32c0aa1d0081ab71adacf23bb4adba34e828ee296e9a7278 | ||
DIST dovecot-2.2.27.tar.gz 5794668 SHA256 897f92a87cda4b27b243f8149ce0ba7b7e71a2be8fb7994eb0a025e54cde18e9 SHA512 faab441bb2afa1e6de3e6ec6207c92a333773941bbc10c4761483ef6ccc193d3a4983de1acc73325122c22b197ea25c1e54886cccfb6b060ede90936a69b71f2 WHIRLPOOL dd17a079118a300a56b26c48c152e44267f69a2138af066944a207ca5851c4b430a40c8553a794061321b67b2e5d7f721ba897b7a17826651c884db72e6d4424 | ||
DIST dovecot-2.2.28.tar.gz 5921992 SHA256 e0288f59e326ab87cb3881fdabadafe542f4dc7ab9996db13863a439ebbc1f25 SHA512 3f40eb52413130dd47da98470d797ede63db3296923c2888b48f1a021e473cfcad064671ad804037d101990457ee57def30f2c27010ede2d758f3d3cfd8ef741 WHIRLPOOL cb92cdafcbfa2d42d9a7c16d20495e3d6828c8f836341a736d740df51e246c40f75417d8959bd5c9a4429f2217790f0edde262806d62a643a8d0da8b76db9600 | ||
DIST dovecot-2.2.29.1.tar.gz 5972119 SHA256 ccfa9ffb7eb91e9e87c21c108324b911250c9ffa838bffb64b1caafadcb0f388 SHA512 1e5ea6080ebe7dd4afe6fcfe8e98ed6d2ad2735655a18cc96e439dd044ccc3a1a6a80428bc746b4d6250820895d6a62121562e97e4b46c8b1cf88a19443bc111 WHIRLPOOL 97a3b45191a32e78a08b4113a6e8b34e0bc538ec8359210d0bdf63990246af89be25cdaf9017c46f3107a7ec82758fa25820d61c25eda94f14ce7351d3aaea7a |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,307 @@ | ||
# Copyright 1999-2017 Gentoo Foundation | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
EAPI=6 | ||
inherit ssl-cert systemd user versionator | ||
|
||
MY_P="${P/_/.}" | ||
major_minor="$(get_version_component_range 1-2)" | ||
sieve_version="0.4.18" | ||
if [[ ${PV} == *_rc* ]] ; then | ||
rc_dir="rc/" | ||
else | ||
rc_dir="" | ||
fi | ||
SRC_URI="https://dovecot.org/releases/${major_minor}/${rc_dir}${MY_P}.tar.gz | ||
sieve? ( | ||
https://pigeonhole.dovecot.org/releases/${major_minor}/${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz | ||
) | ||
managesieve? ( | ||
https://pigeonhole.dovecot.org/releases/${major_minor}/${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz | ||
) " | ||
DESCRIPTION="An IMAP and POP3 server written with security primarily in mind" | ||
HOMEPAGE="http://www.dovecot.org/" | ||
|
||
SLOT="0" | ||
LICENSE="LGPL-2.1 MIT" | ||
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~s390 ~x86" | ||
|
||
IUSE_DOVECOT_AUTH="kerberos ldap mysql pam postgres sqlite vpopmail" | ||
IUSE_DOVECOT_STORAGE="cydir imapc +maildir mbox mdbox pop3c sdbox" | ||
IUSE_DOVECOT_COMPRESS="bzip2 lzma lz4 zlib" | ||
IUSE_DOVECOT_OTHER="caps doc ipv6 libressl lucene managesieve selinux sieve solr +ssl static-libs suid tcpd textcat" | ||
|
||
IUSE="${IUSE_DOVECOT_AUTH} ${IUSE_DOVECOT_STORAGE} ${IUSE_DOVECOT_COMPRESS} ${IUSE_DOVECOT_OTHER}" | ||
|
||
DEPEND="bzip2? ( app-arch/bzip2 ) | ||
caps? ( sys-libs/libcap ) | ||
kerberos? ( virtual/krb5 ) | ||
ldap? ( net-nds/openldap ) | ||
lucene? ( >=dev-cpp/clucene-2.3 ) | ||
lzma? ( app-arch/xz-utils ) | ||
lz4? ( app-arch/lz4 ) | ||
mysql? ( virtual/mysql ) | ||
pam? ( virtual/pam ) | ||
postgres? ( dev-db/postgresql:* !dev-db/postgresql[ldap,threads] ) | ||
selinux? ( sec-policy/selinux-dovecot ) | ||
solr? ( net-misc/curl dev-libs/expat ) | ||
sqlite? ( dev-db/sqlite:* ) | ||
ssl? ( | ||
!libressl? ( dev-libs/openssl:0 ) | ||
libressl? ( dev-libs/libressl ) | ||
) | ||
tcpd? ( sys-apps/tcp-wrappers ) | ||
textcat? ( app-text/libexttextcat ) | ||
vpopmail? ( net-mail/vpopmail ) | ||
zlib? ( sys-libs/zlib ) | ||
virtual/libiconv | ||
dev-libs/icu:=" | ||
|
||
RDEPEND="${DEPEND} | ||
net-mail/mailbase" | ||
|
||
S=${WORKDIR}/${MY_P} | ||
|
||
pkg_setup() { | ||
if use managesieve && ! use sieve; then | ||
ewarn "managesieve USE flag selected but sieve USE flag unselected" | ||
ewarn "sieve USE flag will be turned on" | ||
fi | ||
# default internal user | ||
enewgroup dovecot 97 | ||
enewuser dovecot 97 -1 /dev/null dovecot | ||
# default login user | ||
enewuser dovenull -1 -1 /dev/null | ||
# add "mail" group for suid'ing. Better security isolation. | ||
if use suid; then | ||
enewgroup mail | ||
fi | ||
} | ||
|
||
src_prepare() { | ||
eapply -p0 "${FILESDIR}/${PN}-10-ssl.patch" | ||
eapply_user | ||
} | ||
|
||
src_configure() { | ||
local conf="" | ||
|
||
if use postgres || use mysql || use sqlite; then | ||
conf="${conf} --with-sql" | ||
fi | ||
|
||
local storages="" | ||
for storage in ${IUSE_DOVECOT_STORAGE//+/}; do | ||
use ${storage} && storages="${storage} ${storages}" | ||
done | ||
[ "${storages}" ] || storages="maildir" | ||
|
||
# turn valgrind tests off. Bug #340791 | ||
VALGRIND=no econf \ | ||
--localstatedir="${EPREFIX}/var" \ | ||
--runstatedir="${EPREFIX}/run" \ | ||
--with-moduledir="${EPREFIX}/usr/$(get_libdir)/dovecot" \ | ||
--without-stemmer \ | ||
--with-storages="${storages}" \ | ||
--disable-rpath \ | ||
--with-icu \ | ||
--with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ | ||
$( use_with bzip2 bzlib ) \ | ||
$( use_with caps libcap ) \ | ||
$( use_with kerberos gssapi ) \ | ||
$( use_with ldap ) \ | ||
$( use_with lucene ) \ | ||
$( use_with lz4 ) \ | ||
$( use_with lzma ) \ | ||
$( use_with mysql ) \ | ||
$( use_with pam ) \ | ||
$( use_with postgres pgsql ) \ | ||
$( use_with sqlite ) \ | ||
$( use_with solr ) \ | ||
$( use_with ssl ) \ | ||
$( use_with tcpd libwrap ) \ | ||
$( use_with textcat ) \ | ||
$( use_with vpopmail ) \ | ||
$( use_with zlib ) \ | ||
$( use_enable static-libs static ) \ | ||
${conf} | ||
|
||
if use sieve || use managesieve ; then | ||
# The sieve plugin needs this file to be build to determine the plugin | ||
# directory and the list of libraries to link to. | ||
emake dovecot-config | ||
cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed" | ||
econf \ | ||
$( use_enable static-libs static ) \ | ||
--localstatedir="${EPREFIX}/var" \ | ||
--enable-shared \ | ||
--with-dovecot="../${MY_P}" \ | ||
$( use_with managesieve ) | ||
fi | ||
} | ||
|
||
src_compile() { | ||
default | ||
if use sieve || use managesieve ; then | ||
cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed" | ||
emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}" | ||
fi | ||
} | ||
|
||
src_test() { | ||
default | ||
if use sieve || use managesieve ; then | ||
cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed" | ||
default | ||
fi | ||
} | ||
|
||
src_install () { | ||
default | ||
|
||
# insecure: | ||
# use suid && fperms u+s /usr/libexec/dovecot/deliver | ||
# better: | ||
if use suid;then | ||
einfo "Changing perms to allow deliver to be suided" | ||
fowners root:mail "${EPREFIX}/usr/libexec/dovecot/dovecot-lda" | ||
fperms 4750 "${EPREFIX}/usr/libexec/dovecot/dovecot-lda" | ||
fi | ||
|
||
newinitd "${FILESDIR}"/dovecot.init-r4 dovecot | ||
|
||
rm -rf "${ED}"/usr/share/doc/dovecot | ||
|
||
dodoc AUTHORS NEWS README TODO | ||
dodoc doc/*.{txt,cnf,xml,sh} | ||
docinto example-config | ||
dodoc doc/example-config/*.{conf,ext} | ||
docinto example-config/conf.d | ||
dodoc doc/example-config/conf.d/*.{conf,ext} | ||
docinto wiki | ||
dodoc doc/wiki/* | ||
doman doc/man/*.{1,7} | ||
|
||
# Create the dovecot.conf file from the dovecot-example.conf file that | ||
# the dovecot folks nicely left for us.... | ||
local conf="${ED}/etc/dovecot/dovecot.conf" | ||
local confd="${ED}/etc/dovecot/conf.d" | ||
|
||
insinto /etc/dovecot | ||
doins doc/example-config/*.{conf,ext} | ||
insinto /etc/dovecot/conf.d | ||
doins doc/example-config/conf.d/*.{conf,ext} | ||
fperms 0600 "${EPREFIX}"/etc/dovecot/dovecot-{ldap,sql}.conf.ext | ||
rm -f "${confd}/../README" | ||
|
||
# .maildir is the Gentoo default | ||
local mail_location="maildir:~/.maildir" | ||
if ! use maildir; then | ||
if use mbox; then | ||
mail_location="mbox:/var/spool/mail/%u:INDEX=/var/dovecot/%u" | ||
keepdir /var/dovecot | ||
sed -i -e 's|#mail_privileged_group =|mail_privileged_group = mail|' \ | ||
"${confd}/10-mail.conf" || die "sed failed" | ||
elif use mdbox ; then | ||
mail_location="mdbox:~/.mdbox" | ||
elif use sdbox ; then | ||
mail_location="sdbox:~/.sdbox" | ||
fi | ||
fi | ||
sed -i -e \ | ||
"s|#mail_location =|mail_location = ${mail_location}|" \ | ||
"${confd}/10-mail.conf" \ | ||
|| die "failed to update mail location settings in 10-mail.conf" | ||
|
||
# We're using pam files (imap and pop3) provided by mailbase | ||
if use pam; then | ||
sed -i -e '/driver = pam/,/^[ \t]*}/ s|#args = dovecot|args = "\*"|' \ | ||
"${confd}/auth-system.conf.ext" \ | ||
|| die "failed to update PAM settings in auth-system.conf.ext" | ||
# mailbase does not provide a sieve pam file | ||
use managesieve && dosym imap /etc/pam.d/sieve | ||
sed -i -e \ | ||
's/#!include auth-system.conf.ext/!include auth-system.conf.ext/' \ | ||
"${confd}/10-auth.conf" \ | ||
|| die "failed to update PAM settings in 10-auth.conf" | ||
fi | ||
|
||
# Disable ipv6 if necessary | ||
if ! use ipv6; then | ||
sed -i -e 's/^#listen = \*, ::/listen = \*/g' "${conf}" \ | ||
|| die "failed to update listen settings in dovecot.conf" | ||
fi | ||
|
||
# Update ssl cert locations | ||
if use ssl; then | ||
sed -i -e 's:^#ssl = yes:ssl = yes:' "${confd}/10-ssl.conf" \ | ||
|| die "ssl conf failed" | ||
sed -i -e 's:^ssl_cert =.*:ssl_cert = </etc/ssl/dovecot/server.pem:' \ | ||
-e 's:^ssl_key =.*:ssl_key = </etc/ssl/dovecot/server.key:' \ | ||
"${confd}/10-ssl.conf" || die "failed to update SSL settings in 10-ssl.conf" | ||
fi | ||
|
||
# Install SQL configuration | ||
if use mysql || use postgres; then | ||
sed -i -e \ | ||
's/#!include auth-sql.conf.ext/!include auth-sql.conf.ext/' \ | ||
"${confd}/10-auth.conf" || die "failed to update SQL settings in \ | ||
10-auth.conf" | ||
fi | ||
|
||
# Install LDAP configuration | ||
if use ldap; then | ||
sed -i -e \ | ||
's/#!include auth-ldap.conf.ext/!include auth-ldap.conf.ext/' \ | ||
"${confd}/10-auth.conf" \ | ||
|| die "failed to update ldap settings in 10-auth.conf" | ||
fi | ||
|
||
if use vpopmail; then | ||
sed -i -e \ | ||
's/#!include auth-vpopmail.conf.ext/!include auth-vpopmail.conf.ext/' \ | ||
"${confd}/10-auth.conf" \ | ||
|| die "failed to update vpopmail settings in 10-auth.conf" | ||
fi | ||
|
||
if use sieve || use managesieve ; then | ||
cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed" | ||
emake DESTDIR="${ED}" install | ||
sed -i -e \ | ||
's/^[[:space:]]*#mail_plugins = $mail_plugins/mail_plugins = sieve/' "${confd}/15-lda.conf" \ | ||
|| die "failed to update sieve settings in 15-lda.conf" | ||
rm -rf "${ED}"/usr/share/doc/dovecot | ||
docinto example-config/conf.d | ||
dodoc doc/example-config/conf.d/*.conf | ||
insinto /etc/dovecot/conf.d | ||
doins doc/example-config/conf.d/90-sieve{,-extprograms}.conf | ||
use managesieve && doins doc/example-config/conf.d/20-managesieve.conf | ||
docinto sieve/rfc | ||
dodoc doc/rfc/*.txt | ||
docinto sieve/devel | ||
dodoc doc/devel/DESIGN | ||
docinto plugins | ||
dodoc doc/plugins/*.txt | ||
docinto extensions | ||
dodoc doc/extensions/*.txt | ||
docinto locations | ||
dodoc doc/locations/*.txt | ||
doman doc/man/*.{1,7} | ||
fi | ||
|
||
use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete | ||
} | ||
|
||
pkg_postinst() { | ||
if use ssl; then | ||
# Let's not make a new certificate if we already have one | ||
if ! [[ -e "${ROOT}"/etc/ssl/dovecot/server.pem && \ | ||
-e "${ROOT}"/etc/ssl/dovecot/server.key ]]; then | ||
einfo "Creating SSL certificate" | ||
SSL_ORGANIZATION="${SSL_ORGANIZATION:-Dovecot IMAP Server}" | ||
install_cert /etc/ssl/dovecot/server | ||
fi | ||
fi | ||
|
||
elog "Please read http://wiki2.dovecot.org/Upgrading/ for upgrade notes." | ||
} |