tnet-mail/dovecot: Add 2.3.0 - parlay - yet another gentoo overlay
(HTM) git clone https://git.parazyd.org/parlay
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
(DIR) commit 1e02e865997ff07398b8f8fe4bb202e4aca6e851
(DIR) parent 67921abf89337afa94c1de82e0b22f8952f4c031
(HTM) Author: parazyd <parazyd@dyne.org>
Date: Wed, 28 Feb 2018 14:16:17 +0100
net-mail/dovecot: Add 2.3.0
Diffstat:
A net-mail/dovecot/Manifest | 2 ++
A net-mail/dovecot/dovecot-2.3.0-r3.… | 289 +++++++++++++++++++++++++++++++
A net-mail/dovecot/files/dovecot-2.2… | 37 +++++++++++++++++++++++++++++++
A net-mail/dovecot/files/dovecot-2.2… | 14 ++++++++++++++
A net-mail/dovecot/files/dovecot.ini… | 57 +++++++++++++++++++++++++++++++
A net-mail/dovecot/metadata.xml | 28 ++++++++++++++++++++++++++++
6 files changed, 427 insertions(+), 0 deletions(-)
---
(DIR) diff --git a/net-mail/dovecot/Manifest b/net-mail/dovecot/Manifest
t@@ -0,0 +1,2 @@
+DIST dovecot-2.3-pigeonhole-0.5.0.1.tar.gz 1783039 BLAKE2B 8452c11d1c5f26d2ee9a0c54a2c30642bce5117f1ad140db8a8509a2bcc03236361a99c6f622267279eb75c19c68de7d96947557b595c345db34e34a135b492c SHA512 60016145caa444eeba13b49735f87ab2ebe7f178f104ad57283b5aa7e5119920d9f579032b775547e0866e86045a4ab653fd084068187d0cbe2e088cc15fc288
+DIST dovecot-2.3.0.tar.gz 6635541 BLAKE2B 3c76ccc0fac19511c9852aabd5d86c2fb815893b983b8bdf74a48c4c9040efe95fceff49189d6ed7eb4b1c2cbc47472630a367891950690feec68190d518a565 SHA512 8d8591e371ba2ebf8d3c1561af49b970d8351c4acdde8a97ff0ab403bf4cad6e4d96e9556c9be747a85085552449cab4c52bb41bda36e1a822594ec87661ce7f
(DIR) diff --git a/net-mail/dovecot/dovecot-2.3.0-r3.ebuild b/net-mail/dovecot/dovecot-2.3.0-r3.ebuild
t@@ -0,0 +1,289 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+# do not add a ssl USE flag. ssl is mandatory
+SSL_DEPS_SKIP=1
+inherit ssl-cert systemd user versionator
+
+MY_P="${P/_/.}"
+MY_S="${PN}-ce-${PV}"
+major_minor="$(get_version_component_range 1-2)"
+sieve_version="0.5.0.1"
+if [[ ${PV} == *_rc* ]] ; then
+ rc_dir="rc/"
+else
+ rc_dir=""
+fi
+SRC_URI="https://dovecot.org/releases/${major_minor}/${rc_dir}${MY_P}.tar.gz
+ sieve? (
+ https://pigeonhole.dovecot.org/releases/${major_minor}/${rc_dir}${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz
+ )
+ managesieve? (
+ https://pigeonhole.dovecot.org/releases/${major_minor}/${rc_dir}${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz
+ ) "
+DESCRIPTION="An IMAP and POP3 server written with security primarily in mind"
+HOMEPAGE="http://www.dovecot.org/"
+
+SLOT="0"
+LICENSE="LGPL-2.1 MIT"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86"
+
+IUSE_DOVECOT_AUTH="kerberos ldap lua mysql pam postgres sqlite vpopmail"
+IUSE_DOVECOT_COMPRESS="bzip2 lzma lz4 zlib"
+IUSE_DOVECOT_OTHER="argon2 caps doc ipv6 libressl lucene managesieve selinux sieve solr static-libs suid tcpd textcat"
+
+IUSE="${IUSE_DOVECOT_AUTH} ${IUSE_DOVECOT_STORAGE} ${IUSE_DOVECOT_COMPRESS} ${IUSE_DOVECOT_OTHER}"
+
+DEPEND="argon2? ( dev-libs/libsodium )
+ bzip2? ( app-arch/bzip2 )
+ caps? ( sys-libs/libcap )
+ kerberos? ( virtual/krb5 )
+ ldap? ( net-nds/openldap )
+ lua? ( dev-lang/lua:* )
+ lucene? ( >=dev-cpp/clucene-2.3 )
+ lzma? ( app-arch/xz-utils )
+ lz4? ( app-arch/lz4 )
+ mysql? ( virtual/mysql )
+ pam? ( virtual/pam )
+ postgres? ( dev-db/postgresql:* !dev-db/postgresql[ldap,threads] )
+ selinux? ( sec-policy/selinux-dovecot )
+ solr? ( net-misc/curl dev-libs/expat )
+ sqlite? ( dev-db/sqlite:* )
+ !libressl? ( dev-libs/openssl:0 )
+ libressl? ( dev-libs/libressl )
+ tcpd? ( sys-apps/tcp-wrappers )
+ textcat? ( app-text/libexttextcat )
+ vpopmail? ( net-mail/vpopmail )
+ zlib? ( sys-libs/zlib )
+ virtual/libiconv
+ dev-libs/icu:="
+
+RDEPEND="${DEPEND}
+ net-mail/mailbase"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.2.33.2-CVE-2017-15132.patch
+ "${FILESDIR}"/${PN}-2.2.33.2-CVE-2017-15132-fixup.patch
+)
+
+S=${WORKDIR}/${MY_S}
+
+pkg_setup() {
+ if use managesieve && ! use sieve; then
+ ewarn "managesieve USE flag selected but sieve USE flag unselected"
+ ewarn "sieve USE flag will be turned on"
+ fi
+ # default internal user
+ enewgroup dovecot 97
+ enewuser dovecot 97 -1 /dev/null dovecot
+ # default login user
+ enewuser dovenull -1 -1 /dev/null
+ # add "mail" group for suid'ing. Better security isolation.
+ if use suid; then
+ enewgroup mail
+ fi
+}
+
+src_configure() {
+ local conf=""
+
+ if use postgres || use mysql || use sqlite; then
+ conf="${conf} --with-sql"
+ fi
+
+ # turn valgrind tests off. Bug #340791
+ VALGRIND=no econf \
+ --with-rundir="${EPREFIX}/run/dovecot" \
+ --with-statedir="${EPREFIX}/var/lib/dovecot" \
+ --with-moduledir="${EPREFIX}/usr/$(get_libdir)/dovecot" \
+ --with-stemmer \
+ --disable-rpath \
+ --without-libbsd \
+ --with-icu \
+ --with-ssl \
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
+ $( use_with argon2 sodium ) \
+ $( use_with bzip2 bzlib ) \
+ $( use_with caps libcap ) \
+ $( use_with kerberos gssapi ) \
+ $( use_with lua ) \
+ $( use_with ldap ) \
+ $( use_with lucene ) \
+ $( use_with lz4 ) \
+ $( use_with lzma ) \
+ $( use_with mysql ) \
+ $( use_with pam ) \
+ $( use_with postgres pgsql ) \
+ $( use_with sqlite ) \
+ $( use_with solr ) \
+ $( use_with tcpd libwrap ) \
+ $( use_with textcat ) \
+ $( use_with vpopmail ) \
+ $( use_with zlib ) \
+ $( use_enable static-libs static ) \
+ ${conf}
+
+ if use sieve || use managesieve ; then
+ # The sieve plugin needs this file to be build to determine the plugin
+ # directory and the list of libraries to link to.
+ emake dovecot-config
+ cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+ econf \
+ $( use_enable static-libs static ) \
+ --localstatedir="${EPREFIX}/var" \
+ --enable-shared \
+ --with-dovecot="../${MY_S}" \
+ $( use_with managesieve )
+ fi
+}
+
+src_compile() {
+ default
+ if use sieve || use managesieve ; then
+ cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+ emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}"
+ fi
+}
+
+src_test() {
+ default
+ if use sieve || use managesieve ; then
+ cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+ default
+ fi
+}
+
+src_install () {
+ default
+
+ # insecure:
+ # use suid && fperms u+s /usr/libexec/dovecot/deliver
+ # better:
+ if use suid;then
+ einfo "Changing perms to allow deliver to be suided"
+ fowners root:mail "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"
+ fperms 4750 "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"
+ fi
+
+ newinitd "${FILESDIR}"/dovecot.init-r4 dovecot
+
+ rm -rf "${ED}"/usr/share/doc/dovecot
+
+ dodoc AUTHORS NEWS README TODO
+ dodoc doc/*.{txt,cnf,xml,sh}
+ docinto example-config
+ dodoc doc/example-config/*.{conf,ext}
+ docinto example-config/conf.d
+ dodoc doc/example-config/conf.d/*.{conf,ext}
+ docinto wiki
+ dodoc doc/wiki/*
+ doman doc/man/*.{1,7}
+
+ # Create the dovecot.conf file from the dovecot-example.conf file that
+ # the dovecot folks nicely left for us....
+ local conf="${ED}/etc/dovecot/dovecot.conf"
+ local confd="${ED}/etc/dovecot/conf.d"
+
+ insinto /etc/dovecot
+ doins doc/example-config/*.{conf,ext}
+ insinto /etc/dovecot/conf.d
+ doins doc/example-config/conf.d/*.{conf,ext}
+ fperms 0600 "${EPREFIX}"/etc/dovecot/dovecot-{ldap,sql}.conf.ext
+ rm -f "${confd}/../README"
+
+ # .maildir is the Gentoo default
+ local mail_location="maildir:~/.maildir"
+ sed -i -e \
+ "s|#mail_location =|mail_location = ${mail_location}|" \
+ "${confd}/10-mail.conf" \
+ || die "failed to update mail location settings in 10-mail.conf"
+
+ # We're using pam files (imap and pop3) provided by mailbase
+ if use pam; then
+ sed -i -e '/driver = pam/,/^[ \t]*}/ s|#args = dovecot|args = "\*"|' \
+ "${confd}/auth-system.conf.ext" \
+ || die "failed to update PAM settings in auth-system.conf.ext"
+ # mailbase does not provide a sieve pam file
+ use managesieve && dosym imap /etc/pam.d/sieve
+ sed -i -e \
+ 's/#!include auth-system.conf.ext/!include auth-system.conf.ext/' \
+ "${confd}/10-auth.conf" \
+ || die "failed to update PAM settings in 10-auth.conf"
+ fi
+
+ # Disable ipv6 if necessary
+ if ! use ipv6; then
+ sed -i -e 's/^#listen = \*, ::/listen = \*/g' "${conf}" \
+ || die "failed to update listen settings in dovecot.conf"
+ fi
+
+ # Update ssl cert locations
+ sed -i -e 's:^#ssl = yes:ssl = yes:' "${confd}/10-ssl.conf" \
+ || die "ssl conf failed"
+ sed -i -e 's:^ssl_cert =.*:ssl_cert = </etc/ssl/dovecot/server.pem:' \
+ -e 's:^ssl_key =.*:ssl_key = </etc/ssl/dovecot/server.key:' \
+ "${confd}/10-ssl.conf" || die "failed to update SSL settings in 10-ssl.conf"
+
+ # Install SQL configuration
+ if use mysql || use postgres; then
+ sed -i -e \
+ 's/#!include auth-sql.conf.ext/!include auth-sql.conf.ext/' \
+ "${confd}/10-auth.conf" || die "failed to update SQL settings in \
+ 10-auth.conf"
+ fi
+
+ # Install LDAP configuration
+ if use ldap; then
+ sed -i -e \
+ 's/#!include auth-ldap.conf.ext/!include auth-ldap.conf.ext/' \
+ "${confd}/10-auth.conf" \
+ || die "failed to update ldap settings in 10-auth.conf"
+ fi
+
+ if use vpopmail; then
+ sed -i -e \
+ 's/#!include auth-vpopmail.conf.ext/!include auth-vpopmail.conf.ext/' \
+ "${confd}/10-auth.conf" \
+ || die "failed to update vpopmail settings in 10-auth.conf"
+ fi
+
+ if use sieve || use managesieve ; then
+ cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+ emake DESTDIR="${ED}" install
+ sed -i -e \
+ 's/^[[:space:]]*#mail_plugins = $mail_plugins/mail_plugins = sieve/' "${confd}/15-lda.conf" \
+ || die "failed to update sieve settings in 15-lda.conf"
+ rm -rf "${ED}"/usr/share/doc/dovecot
+ docinto example-config/conf.d
+ dodoc doc/example-config/conf.d/*.conf
+ insinto /etc/dovecot/conf.d
+ doins doc/example-config/conf.d/90-sieve{,-extprograms}.conf
+ use managesieve && doins doc/example-config/conf.d/20-managesieve.conf
+ docinto sieve/rfc
+ dodoc doc/rfc/*.txt
+ docinto sieve/devel
+ dodoc doc/devel/DESIGN
+ docinto plugins
+ dodoc doc/plugins/*.txt
+ docinto extensions
+ dodoc doc/extensions/*.txt
+ docinto locations
+ dodoc doc/locations/*.txt
+ doman doc/man/*.{1,7}
+ fi
+
+ use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete
+}
+
+pkg_postinst() {
+ # Let's not make a new certificate if we already have one
+ if ! [[ -e "${ROOT}"/etc/ssl/dovecot/server.pem && \
+ -e "${ROOT}"/etc/ssl/dovecot/server.key ]]; then
+ einfo "Creating SSL certificate"
+ SSL_ORGANIZATION="${SSL_ORGANIZATION:-Dovecot IMAP Server}"
+ install_cert /etc/ssl/dovecot/server
+ fi
+
+ elog "Please read http://wiki2.dovecot.org/Upgrading/ for upgrade notes."
+}
(DIR) diff --git a/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132-fixup.patch b/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132-fixup.patch
t@@ -0,0 +1,37 @@
+Upstream: https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22
+
+Link: http://seclists.org/oss-sec/2018/q1/119
+
+--- a/src/lib-auth/auth-client-request.c
++++ b/src/lib-auth/auth-client-request.c
+@@ -186,6 +186,8 @@ void auth_client_request_abort(struct auth_client_request **_request)
+
+ auth_client_send_cancel(request->conn->client, request->id);
+ call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
++ /* remove the request */
++ auth_server_connection_remove_request(request->conn, request->id);
+ pool_unref(&request->pool);
+ }
+
+--- a/src/lib-auth/auth-server-connection.c
++++ b/src/lib-auth/auth-server-connection.c
+@@ -483,3 +483,10 @@ auth_server_connection_add_request(struct auth_server_connection *conn,
+ hash_table_insert(conn->requests, POINTER_CAST(id), request);
+ return id;
+ }
++
++void auth_server_connection_remove_request(struct auth_server_connection *conn,
++ unsigned int id)
++{
++ i_assert(conn->handshake_received);
++ hash_table_remove(conn->requests, POINTER_CAST(id));
++}
+--- a/src/lib-auth/auth-server-connection.h
++++ b/src/lib-auth/auth-server-connection.h
+@@ -40,4 +40,6 @@ void auth_server_connection_disconnect(struct auth_server_connection *conn,
+ unsigned int
+ auth_server_connection_add_request(struct auth_server_connection *conn,
+ struct auth_client_request *request);
++void auth_server_connection_remove_request(struct auth_server_connection *conn,
++ unsigned int id);
+ #endif
(DIR) diff --git a/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132.patch b/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132.patch
t@@ -0,0 +1,14 @@
+CVE-2017-15132: dovecot: auth client leaks memory if SASL authentication is aborted.
+
+https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060
+
+--- a/src/lib-auth/auth-client-request.c
++++ b/src/lib-auth/auth-client-request.c
+@@ -186,6 +186,7 @@ void auth_client_request_abort(struct auth_client_request **_request)
+
+ auth_client_send_cancel(request->conn->client, request->id);
+ call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
++ pool_unref(&request->pool);
+ }
+
+ unsigned int auth_client_request_get_id(struct auth_client_request *request)
(DIR) diff --git a/net-mail/dovecot/files/dovecot.init-r4 b/net-mail/dovecot/files/dovecot.init-r4
t@@ -0,0 +1,57 @@
+#!/sbin/openrc-run
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License, v2 or later
+
+extra_started_commands="reload"
+
+depend() {
+ need localmount
+ before postfix
+ after bootmisc ldap mysql ntp-client ntpd postgresql saslauthd slapd
+ use logger net
+}
+
+checkconfig() {
+ DOVECOT_INSTANCE=${SVCNAME##*.}
+ if [ -n "${DOVECOT_INSTANCE}" -a "${SVCNAME}" != "dovecot" ]; then
+ DOVECOT_CONF=/etc/dovecot/dovecot.${DOVECOT_INSTANCE}.conf
+ else
+ DOVECOT_CONF=/etc/dovecot/dovecot.conf
+ fi
+ if [ ! -e ${DOVECOT_CONF} ]; then
+ eerror "You will need an ${DOVECOT_CONF} first"
+ return 1
+ fi
+ if [ -x /usr/sbin/dovecot ]; then
+ DOVECOT_BASEDIR=$(/usr/sbin/dovecot -c ${DOVECOT_CONF} -a | grep '^base_dir = ' | sed 's/^base_dir = //')
+ else
+ eerror "dovecot not executable"
+ return 1
+ fi
+ DOVECOT_BASEDIR=${DOVECOT_BASEDIR:-/var/run/dovecot}
+ DOVECOT_PIDFILE=${DOVECOT_BASEDIR}/master.pid
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --exec /usr/sbin/dovecot \
+ --pidfile "${DOVECOT_PIDFILE}" -- -c "${DOVECOT_CONF}"
+ eend $?
+}
+
+stop() {
+ checkconfig || return 1
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --exec /usr/sbin/dovecot \
+ --pidfile "${DOVECOT_PIDFILE}"
+ eend $?
+}
+
+reload() {
+ checkconfig || return 1
+ ebegin "Reloading ${SVCNAME} configs and restarting auth/login processes"
+ start-stop-daemon --signal HUP --exec /usr/sbin/dovecot \
+ --pidfile "${DOVECOT_PIDFILE}"
+ eend $?
+}
(DIR) diff --git a/net-mail/dovecot/metadata.xml b/net-mail/dovecot/metadata.xml
t@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>eras@gentoo.org</email>
+ <name>Eray Aslan</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>net-mail@gentoo.org</email>
+ <name>Net-Mail</name>
+ </maintainer>
+ <use>
+ <flag name="argon2">Add support for ARGON2 password schemes</flag>
+ <flag name="cydir">Add cydir storage support</flag>
+ <flag name="managesieve">Add managesieve protocol support</flag>
+ <flag name="mdbox">Add mdbox storage support</flag>
+ <flag name="sdbox">Add sdbox storage support</flag>
+ <flag name="sieve">Add sieve support</flag>
+ <flag name="vpopmail">Add vpopmail support</flag>
+ <flag name="imapc">Add imap client storage support</flag>
+ <flag name="pop3c">Add pop3 client storage support</flag>
+ <flag name="lucene">Add lucene full text search (FTS) support using <pkg>dev-cpp/clucene</pkg></flag>
+ <flag name="lzma">Add support for lzma (de)compression</flag>
+ <flag name="lz4">Add support for lz4 (de)compression</flag>
+ <flag name="solr">Add solr full text search (FTS) support</flag>
+ <flag name="textcat">Add libtextcat language guessing support for full text search (FTS)</flag>
+ </use>
+</pkgmetadata>