diff options
author | Eray Aslan <eras@gentoo.org> | 2024-10-05 09:23:47 +0200 |
---|---|---|
committer | Eray Aslan <eras@gentoo.org> | 2024-10-05 09:53:39 +0200 |
commit | c16397904a998b5f011a6870e9d35d98b21e2e0c (patch) | |
tree | 887b99ba2fe5f543030d22f2d693b139f7dd532d /mail-mta/postfix | |
parent | dev-db/sqlmap: Stabilize 1.8.8 amd64, #940769 (diff) | |
download | gentoo-c16397904a998b5f011a6870e9d35d98b21e2e0c.tar.gz gentoo-c16397904a998b5f011a6870e9d35d98b21e2e0c.tar.bz2 gentoo-c16397904a998b5f011a6870e9d35d98b21e2e0c.zip |
mail-mta/postfix: backport fix for too eager warning
do not log a warning for minor version changes for openssl >= 3.0.0. The
overall warning logic is:
when the OpenSSL library compile-time version
differs from the run-time version, allow forward-compatible
minor version differences with OpenSSL >= 3.x.x, allow
forward-compatible micro version differences with OpenSSL
1.1.x, and allow no version difference with OpenSSL <=
1.0.x. Otherwise, log a potential version mismatch warning
Closes: https://bugs.gentoo.org/940708
Signed-off-by: Eray Aslan <eras@gentoo.org>
Diffstat (limited to 'mail-mta/postfix')
-rw-r--r-- | mail-mta/postfix/files/openssl-compatibility-warning.patch | 40 | ||||
-rw-r--r-- | mail-mta/postfix/postfix-3.9.0-r2.ebuild | 315 |
2 files changed, 355 insertions, 0 deletions
diff --git a/mail-mta/postfix/files/openssl-compatibility-warning.patch b/mail-mta/postfix/files/openssl-compatibility-warning.patch new file mode 100644 index 000000000000..275efed85971 --- /dev/null +++ b/mail-mta/postfix/files/openssl-compatibility-warning.patch @@ -0,0 +1,40 @@ +# bug 940708 +--- postfix-3.9.0/src/tls/tls_misc.c 2023-08-07 15:42:24.000000000 +0200 ++++ postfix-3.10_pre20240612/work/postfix-3.10-20240612/src/tls/tls_misc.c 2024-06-12 17:59:54.000000000 +0200 +@@ -1433,20 +1433,29 @@ + { + TLS_VINFO hdr_info; + TLS_VINFO lib_info; ++ int warn_compat = 0; + + tls_version_split(OPENSSL_VERSION_NUMBER, &hdr_info); + tls_version_split(OpenSSL_version_num(), &lib_info); + + /* + * Warn if run-time library is different from compile-time library, +- * allowing later run-time "micro" versions starting with 1.1.0. ++ * allowing later run-time "micro" versions starting with 1.1.0, and ++ * later minor numbers starting with 3.0.0. + */ +- if (lib_info.major != hdr_info.major +- || lib_info.minor != hdr_info.minor +- || (lib_info.micro != hdr_info.micro +- && (lib_info.micro < hdr_info.micro +- || hdr_info.major == 0 +- || (hdr_info.major == 1 && hdr_info.minor == 0)))) ++ if (hdr_info.major >= 3) { ++ warn_compat = lib_info.major != hdr_info.major ++ || lib_info.minor < hdr_info.minor; ++ } else if (hdr_info.major == 1 && hdr_info.minor != 0) { ++ warn_compat = lib_info.major != hdr_info.major ++ || lib_info.minor != hdr_info.minor ++ || lib_info.micro < hdr_info.micro; ++ } else { ++ warn_compat = lib_info.major != hdr_info.major ++ || lib_info.minor != hdr_info.minor ++ || lib_info.micro != hdr_info.micro; ++ } ++ if (warn_compat) + msg_warn("run-time library vs. compile-time header version mismatch: " + "OpenSSL %d.%d.%d may not be compatible with OpenSSL %d.%d.%d", + lib_info.major, lib_info.minor, lib_info.micro, diff --git a/mail-mta/postfix/postfix-3.9.0-r2.ebuild b/mail-mta/postfix/postfix-3.9.0-r2.ebuild new file mode 100644 index 000000000000..316613eea2d2 --- /dev/null +++ b/mail-mta/postfix/postfix-3.9.0-r2.ebuild @@ -0,0 +1,315 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit pam systemd toolchain-funcs + +MY_PV="${PV/_pre/-}" +MY_SRC="${PN}-${MY_PV}" +MY_URI="ftp://ftp.porcupine.org/mirrors/postfix-release/official" +RC_VER="2.7" + +DESCRIPTION="A fast and secure drop-in replacement for sendmail" +HOMEPAGE="http://www.postfix.org/" +SRC_URI="${MY_URI}/${MY_SRC}.tar.gz" +S="${WORKDIR}/${MY_SRC}" + +LICENSE="|| ( IBM EPL-2.0 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + +IUSE="+berkdb cdb dovecot-sasl +eai ldap ldap-bind lmdb mbox memcached mongodb mysql nis pam postgres sasl selinux sqlite ssl" + +DEPEND=" + acct-group/postfix + acct-group/postdrop + acct-user/postfix + dev-libs/libpcre2:0 + dev-lang/perl + berkdb? ( >=sys-libs/db-3.2:* ) + cdb? ( || ( >=dev-db/tinycdb-0.76 >=dev-db/cdb-0.75-r4 ) ) + eai? ( dev-libs/icu:= ) + ldap? ( net-nds/openldap:= ) + ldap-bind? ( net-nds/openldap:=[sasl] ) + lmdb? ( >=dev-db/lmdb-0.9.11:= ) + mongodb? ( >=dev-libs/mongo-c-driver-1.23.0 >=dev-libs/libbson-1.23.0 ) + mysql? ( dev-db/mysql-connector-c:0= ) + nis? ( net-libs/libnsl:= ) + pam? ( sys-libs/pam ) + postgres? ( dev-db/postgresql:* ) + sasl? ( >=dev-libs/cyrus-sasl-2 ) + sqlite? ( dev-db/sqlite:3 ) + ssl? ( >=dev-libs/openssl-1.1.1:0= ) + " + +RDEPEND="${DEPEND} + memcached? ( net-misc/memcached ) + net-mail/mailbase + !mail-mta/courier + !mail-mta/esmtp + !mail-mta/exim + !mail-mta/msmtp[mta] + !mail-mta/netqmail + !mail-mta/nullmailer + !mail-mta/sendmail + !mail-mta/opensmtpd + !mail-mta/ssmtp[mta] + selinux? ( sec-policy/selinux-postfix )" + +# require at least one db implementation for newalias (and postmap) +# command to function properly +REQUIRED_USE=" + || ( berkdb cdb lmdb ) + ldap-bind? ( ldap sasl ) + " + +PATCHES=( + "${FILESDIR}/openssl-compatibility-warning.patch" +) + +src_prepare() { + default + sed -i -e "/^#define ALIAS_DB_MAP/s|:/etc/aliases|:/etc/mail/aliases|" \ + src/util/sys_defs.h || die "sed failed" + # change default paths to better comply with portage standard paths + sed -i -e "s:/usr/local/:/usr/:g" conf/master.cf || die "sed failed" +} + +src_configure() { + # bug #915670 + unset LD_LIBRARY_PATH + + for name in CDB LDAP LMDB MONGODB MYSQL PCRE PGSQL SDBM SQLITE + do + local AUXLIBS_${name}="" + done + + # Make sure LDFLAGS get passed down to the executables. + local mycc="" mylibs="${LDFLAGS} -ldl" + + # libpcre is EOL. prefer libpcre2 + mycc=" -DHAS_PCRE=2" + AUXLIBS_PCRE="$(pcre2-config --libs8)" + + use pam && mylibs="${mylibs} -lpam" + + if use ssl; then + mycc="${mycc} -DUSE_TLS" + mylibs="${mylibs} -lssl -lcrypto" + fi + + if ! use eai; then + mycc="${mycc} -DNO_EAI" + fi + + if use ldap; then + mycc="${mycc} -DHAS_LDAP" + AUXLIBS_LDAP="-lldap -llber" + fi + + if use lmdb; then + mycc="${mycc} -DHAS_LMDB" + AUXLIBS_LMDB="-llmdb -lpthread" + fi + + if use mongodb; then + mycc="${mycc} -DHAS_MONGODB $(pkg-config --cflags libmongoc-1.0)" + AUXLIBS_MONGODB="-lmongoc-1.0 -lbson-1.0" + fi + + if use mysql; then + mycc="${mycc} -DHAS_MYSQL $(mysql_config --include)" + AUXLIBS_MYSQL="$(mysql_config --libs)" + fi + + if use postgres; then + mycc="${mycc} -DHAS_PGSQL -I$(pg_config --includedir)" + AUXLIBS_PGSQL="-L$(pg_config --libdir) -lpq" + fi + + if use sqlite; then + mycc="${mycc} -DHAS_SQLITE" + AUXLIBS_SQLITE="-lsqlite3 -lpthread" + fi + + if use sasl; then + if use dovecot-sasl; then + # Set dovecot as default. + mycc="${mycc} -DDEF_SASL_SERVER=\\\"dovecot\\\"" + fi + if use ldap-bind; then + mycc="${mycc} -DUSE_LDAP_SASL" + fi + mycc="${mycc} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl" + mylibs="${mylibs} -lsasl2" + elif use dovecot-sasl; then + mycc="${mycc} -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\\\"dovecot\\\"" + fi + + if ! use nis; then + mycc="${mycc} -DNO_NIS" + fi + + if ! use berkdb; then + mycc="${mycc} -DNO_DB" + # change default database type + if use lmdb; then + mycc="${mycc} -DDEF_DB_TYPE=\\\"lmdb\\\"" + elif use cdb; then + mycc="${mycc} -DDEF_DB_TYPE=\\\"cdb\\\"" + fi + fi + + if use cdb; then + mycc="${mycc} -DHAS_CDB -I/usr/include/cdb" + # Tinycdb is preferred. + if has_version dev-db/tinycdb ; then + AUXLIBS_CDB="-lcdb" + else + CDB_PATH="/usr/$(get_libdir)" + for i in cdb.a alloc.a buffer.a unix.a byte.a ; do + AUXLIBS_CDB="${AUXLIBS_CDB} ${CDB_PATH}/${i}" + done + fi + fi + + sed -i -e "/^RANLIB/s/ranlib/$(tc-getRANLIB)/g" "${S}"/makedefs + sed -i -e "/^AR/s/ar/$(tc-getAR)/g" "${S}"/makedefs + + emake makefiles \ + shared=yes \ + dynamicmaps=no \ + pie=yes \ + shlib_directory="/usr/$(get_libdir)/postfix/MAIL_VERSION" \ + DEBUG="" \ + CC="$(tc-getCC)" \ + OPT="${CFLAGS}" \ + CCARGS="${mycc}" \ + AUXLIBS="${mylibs}" \ + AUXLIBS_CDB="${AUXLIBS_CDB}" \ + AUXLIBS_LDAP="${AUXLIBS_LDAP}" \ + AUXLIBS_LMDB="${AUXLIBS_LMDB}" \ + AUXLIBS_MONGODB="${AUXLIBS_MONGODB}" \ + AUXLIBS_MYSQL="${AUXLIBS_MYSQL}" \ + AUXLIBS_PCRE="${AUXLIBS_PCRE}" \ + AUXLIBS_PGSQL="${AUXLIBS_PGSQL}" \ + AUXLIBS_SDBM="${AUXLIBS_SDBM}" \ + AUXLIBS_SQLITE="${AUXLIBS_SQLITE}" +} + +src_install() { + LD_LIBRARY_PATH="${S}/lib" \ + /bin/sh postfix-install \ + -non-interactive \ + install_root="${D}" \ + config_directory="/etc/postfix" \ + manpage_directory="/usr/share/man" \ + command_directory="/usr/sbin" \ + mailq_path="/usr/bin/mailq" \ + newaliases_path="/usr/bin/newaliases" \ + sendmail_path="/usr/sbin/sendmail" \ + || die "postfix-install failed" + + # Fix spool removal on upgrade + rm -Rf "${D}"/var + keepdir /var/spool/postfix + + # Install rmail for UUCP, closes bug #19127 + dobin auxiliary/rmail/rmail + + # Provide another link for legacy FSH + dosym ../sbin/sendmail /usr/$(get_libdir)/sendmail + + # Install qshape, posttls-finger, collate and tlstype + dobin auxiliary/qshape/qshape.pl + doman man/man1/qshape.1 + dobin bin/posttls-finger + doman man/man1/posttls-finger.1 + dobin auxiliary/collate/collate.pl + newdoc auxiliary/collate/README README.collate + dobin auxiliary/collate/tlstype.pl + dodoc auxiliary/collate/README.tlstype + + # Performance tuning tools and their manuals + dosbin bin/smtp-{source,sink} bin/qmqp-{source,sink} + doman man/man1/smtp-{source,sink}.1 man/man1/qmqp-{source,sink}.1 + + # Set proper permissions on required files/directories + keepdir /var/lib/postfix + fowners -R postfix:postfix /var/lib/postfix + fperms 0750 /var/lib/postfix + fowners root:postdrop /usr/sbin/post{drop,queue,log} + fperms 02755 /usr/sbin/post{drop,queue,log} + + keepdir /etc/postfix + keepdir /etc/postfix/postfix-files.d + if use mbox; then + mypostconf="mail_spool_directory=/var/mail" + else + mypostconf="home_mailbox=.maildir/" + fi + LD_LIBRARY_PATH="${S}/lib" \ + "${D}"/usr/sbin/postconf -c "${D}"/etc/postfix \ + -e ${mypostconf} || die "postconf failed" + + insinto /etc/postfix + newins "${FILESDIR}"/smtp.pass saslpass + fperms 600 /etc/postfix/saslpass + + newinitd "${FILESDIR}"/postfix.rc6.${RC_VER} postfix + # do not start mysql/postgres unnecessarily - bug #359913 + use mysql || sed -i -e "s/mysql //" "${D}/etc/init.d/postfix" + use postgres || sed -i -e "s/postgresql //" "${D}/etc/init.d/postfix" + + dodoc *README COMPATIBILITY HISTORY PORTING RELEASE_NOTES* + dodoc -r README_FILES/ examples/ + # postfix set-permissions expects uncompressed man files + docompress -x /usr/share/man + + if use pam; then + pamd_mimic_system smtp auth account + fi + + if use sasl; then + insinto /etc/sasl2 + newins "${FILESDIR}"/smtp.sasl smtpd.conf + fi + + # header files + insinto /usr/include/postfix + doins include/*.h + + systemd_dounit "${FILESDIR}/${PN}.service" +} + +pkg_postinst() { + # warn if no aliases database + # do not assume berkdb + if [[ ! -e /etc/mail/aliases.db \ + && ! -e /etc/mail/aliases.cdb \ + && ! -e /etc/mail/aliases.lmdb ]] ; then + ewarn + ewarn "You must edit /etc/mail/aliases to suit your needs" + ewarn "and then run /usr/bin/newaliases. Postfix will not" + ewarn "work correctly without it." + ewarn + fi + # run newaliases anyway. otherwise, we might break when switching + # default database implementation - from berkdb to cdb for example + "${EROOT}"/usr/bin/newaliases + + # check and fix file permissions + "${EROOT}"/usr/sbin/postfix set-permissions + + # hint for configuring tls + if use ssl ; then + if "${EROOT}"/usr/sbin/postfix tls all-default-client; then + elog "To configure client side TLS settings, please run:" + elog "${EROOT}"/usr/sbin/postfix tls enable-client + fi + if "${EROOT}"/usr/sbin/postfix tls all-default-server; then + elog "To configure server side TLS settings, please run:" + elog "${EROOT}"/usr/sbin/postfix tls enable-server + fi + fi +} |