pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc Update mail/opendmarc to 1.4.1.1
details: https://anonhg.NetBSD.org/pkgsrc/rev/35b3de587f56
branches: trunk
changeset: 453309:35b3de587f56
user: manu <manu%pkgsrc.org@localhost>
date: Thu May 27 16:51:59 2021 +0000
description:
Update mail/opendmarc to 1.4.1.1
Changes since 1.4.0 from the RELEASE_NOTES file
NOTE: In response to CVE-2019-20790, opendmarc has changed
how it evaluates headers added by previous
SPF milters. Users are encouraged to read the
CVE-2019-20790 file in the "SECURITY" folder
for more details. (#49, #158). Originally reported by
Jianjun Chen, feedback by Simon Wilson and
David Bürgin <dbuergin%gluet.ch@localhost>.
NOTE: OpenDMARC's internal SPF handling will be removed
in a future version. Users are encouraged to
build linked against libspf2. Many pre-built
packages provided by OS packagers already do this.
(See https://www.libspf2.org)
Addition of defines for MUSL C Library. (#129/#133). Patches by
Marco Rebhan.
Updated opendmarc.conf manpage and opendmarc.conf.sample to point to
https://publicsuffix.org/list/.
Added a CONTRIBUTING document.
Fix two #ifdefs in arc functions for strlcpy. (#138). Reported by
Leo Bicknell.
Fixes to MySQL Schema (#98/#99). Patch by Bond Keevil.
LIBSPF2 calls would not compile on OpenBSD due to OpenBSD not
having the ns_type definition in arpa/resolv.h.
Added detection to configure script. (#134)
Reworked hcreate_r calls to use hcreate, to compile natively on
OpenBSD and MacOS. (Part of #94) Reported by Rupert
Gallagher.
Add compatibility with AutoConf 2.70. (#95)
Documentation updates about SourceForge being deprecated. (#101)
Only accept results from Received-SPF fields that indicate clearly
which identifier was being evaluated, since DMARC specifically
only wants results based on MAIL FROM.
Many build-time fixes (#100, #91, #90, #86, #85, #84, #83, #82, #81)
Patches provided by Rupert Gallagher (ruga%protonmail.com@localhost)
Added config option HoldQuarantinedMessages (default false), which
controls if messages with p=quarantine will be passed on to
the mail stream (if False) or placed in the MTA's "hold"
queue (if True). Issue #105. Patch by Marcos Moraes, on
the OpenDMARC mailing list.
Remove "--with-wall" from "configure". Suggested by Leo Bicknell.
LIBOPENDMARC: Fix bug #50: Ignore all RRTYPEs other than TXT.
Problem reported by Jan Bouwhuis.
LIBOPENDMARC: Fix bug #89: Repair absurd RRTYPE test in SPF code.
LIBOPENDMARC: Fix bug #104: Fix bogus header field parsing code.
LIBOPENDMARC: Fix bug #161: Don't pass the client IP address through
htonl() since it's already in network byte order. This
was causing SPF errors when the internal SPF
implementation was in use.
LIBOPENDMARC: Fix numerous problems with the internal SPF
implementation.
diffstat:
doc/CHANGES-2021 | 3 +-
mail/opendmarc/Makefile | 10 +-
mail/opendmarc/distinfo | 21 +-
mail/opendmarc/patches/patch-RequiredFrom | 44 +++--
mail/opendmarc/patches/patch-configure.ac | 29 ---
mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c | 21 +--
mail/opendmarc/patches/patch-libopendmarc_opendmarc__spf__dns.c | 82 ----------
mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c | 10 +-
mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c | 8 +-
mail/opendmarc/patches/patch-opendmarc_parse.c | 30 +++
10 files changed, 85 insertions(+), 173 deletions(-)
diffs (truncated from 391 to 300 lines):
diff -r 941e70b6f405 -r 35b3de587f56 doc/CHANGES-2021
--- a/doc/CHANGES-2021 Thu May 27 15:25:34 2021 +0000
+++ b/doc/CHANGES-2021 Thu May 27 16:51:59 2021 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2021,v 1.2998 2021/05/27 15:25:34 bsiegert Exp $
+$NetBSD: CHANGES-2021,v 1.2999 2021/05/27 16:51:59 manu Exp $
Changes to the packages collection and infrastructure in 2021:
@@ -4631,3 +4631,4 @@
Removed graphics/go-smartcrop [bsiegert 2021-05-27]
Removed graphics/go-resize [bsiegert 2021-05-27]
Removed graphics/go-imaging [bsiegert 2021-05-27]
+ Updated mail/opendmarc to 1.4.1.1 [manu 2021-05-27]
diff -r 941e70b6f405 -r 35b3de587f56 mail/opendmarc/Makefile
--- a/mail/opendmarc/Makefile Thu May 27 15:25:34 2021 +0000
+++ b/mail/opendmarc/Makefile Thu May 27 16:51:59 2021 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.25 2021/05/24 19:52:43 wiz Exp $
+# $NetBSD: Makefile,v 1.26 2021/05/27 16:52:00 manu Exp $
GITHUB_PROJECT= OpenDMARC
-GITHUB_TAG= rel-opendmarc-1-4-0-Beta1
-DISTNAME= rel-opendmarc-1-4-0-Beta1
-PKGNAME= opendmarc-1.4.0b1
-PKGREVISION= 4
+GITHUB_TAG= rel-opendmarc-1-4-1-1
+DISTNAME= rel-opendmarc-1-4-1-1
+PKGNAME= opendmarc-1.4.1.1
+#PKGREVISION= 1
CATEGORIES= mail
MASTER_SITES= ${MASTER_SITE_GITHUB:=trusteddomainproject/}
DIST_SUBDIR= ${GITHUB_PROJECT}
diff -r 941e70b6f405 -r 35b3de587f56 mail/opendmarc/distinfo
--- a/mail/opendmarc/distinfo Thu May 27 15:25:34 2021 +0000
+++ b/mail/opendmarc/distinfo Thu May 27 16:51:59 2021 +0000
@@ -1,12 +1,11 @@
-$NetBSD: distinfo,v 1.10 2021/03/29 09:30:59 manu Exp $
+$NetBSD: distinfo,v 1.11 2021/05/27 16:52:00 manu Exp $
-SHA1 (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = 74ad1ef9f9a12b5fadef5919807cd55f7655d8d8
-RMD160 (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = e8dda5350a734509843a04329777478d9410b796
-SHA512 (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = d562050da9c4b96e7707157fbbf385ab3ac551cf07754b45deb6a010b4c47e7f478dfe35bc2c8625f6553af4fbf120820bf2a9f0ce246b26cabf81e7d1174405
-Size (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = 1247386 bytes
-SHA1 (patch-RequiredFrom) = a21d77abbe93c806c6abee55e77e477c9c435c00
-SHA1 (patch-configure.ac) = d174911e4de37d3b50b525469cbe410bb7ae119f
-SHA1 (patch-libopendmarc_opendmarc__dns.c) = e76ca13707677525b72609b4a5268d77efcfba84
-SHA1 (patch-libopendmarc_opendmarc__spf__dns.c) = b6e1311be8e9ef44c333be57fef474f6b080a199
-SHA1 (patch-opendmarc_opendmarc-arcares.c) = 6bf207d9984341fe13120ff8d25a77ff7f6ae1e5
-SHA1 (patch-opendmarc_opendmarc-arcseal.c) = a2ace25f687736876ea4299a0177d3c3ed1e247b
+SHA1 (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 2983653fa076f3843f3ef064d58f35d39e21a3fe
+RMD160 (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 6bb61ad0e1e1a8cb3ce23cbe4eb61fb02be26610
+SHA512 (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = ee034386c70c75b87ca2fce0849a1a3538e10e0aebfb0fc9dcba6817d2cf71f52aa5586ccaacdee620190c5fbb81498419fb8e8db9fac15d7c71a61a7da396a6
+Size (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 426618 bytes
+SHA1 (patch-RequiredFrom) = c89853a3fabcc48653b94169f49ea3c5923254d3
+SHA1 (patch-libopendmarc_opendmarc__dns.c) = b1f697c930808b5c5724331dead3cf29c024d69b
+SHA1 (patch-opendmarc_opendmarc-arcares.c) = 0984b42e943d6a17eeb5725508dfbcf107b23169
+SHA1 (patch-opendmarc_opendmarc-arcseal.c) = 98edb0d22e7c693d327ba98ba186605060d36e2f
+SHA1 (patch-opendmarc_parse.c) = c4b521a4542a4dc7db8baf088bb297493bf46a83
diff -r 941e70b6f405 -r 35b3de587f56 mail/opendmarc/patches/patch-RequiredFrom
--- a/mail/opendmarc/patches/patch-RequiredFrom Thu May 27 15:25:34 2021 +0000
+++ b/mail/opendmarc/patches/patch-RequiredFrom Thu May 27 16:51:59 2021 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-RequiredFrom,v 1.1 2021/03/29 09:30:59 manu Exp $
+$NetBSD: patch-RequiredFrom,v 1.2 2021/05/27 16:52:00 manu Exp $
Add RequiredFrom option to reject messages that lack a From header
from which a valid domain can be extracted
@@ -6,8 +6,8 @@
Submitted upstream as
https://github.com/trusteddomainproject/OpenDMARC/pull/147
---- opendmarc/opendmarc.c.orig 2021-03-29 09:13:11.534047039 +0200
-+++ opendmarc/opendmarc.c 2021-03-29 10:02:01.105977120 +0200
+--- ./opendmarc/opendmarc.c.orig 2021-04-30 18:34:43.000000000 +0200
++++ ./opendmarc/opendmarc.c 2021-05-27 10:20:33.880652427 +0200
@@ -163,8 +163,9 @@
/* DMARCF_CONFIG -- configuration object */
struct dmarcf_config
@@ -18,7 +18,7 @@
_Bool conf_afrfnone;
_Bool conf_rejectfail;
_Bool conf_dolog;
-@@ -1349,8 +1350,12 @@
+@@ -1422,8 +1423,12 @@
(void) config_get(data, "RequiredHeaders",
&conf->conf_reqhdrs,
sizeof conf->conf_reqhdrs);
@@ -31,7 +31,7 @@
&conf->conf_afrf,
sizeof conf->conf_afrf);
-@@ -2367,13 +2372,17 @@
+@@ -2453,13 +2458,17 @@
{
if (conf->conf_dolog)
{
@@ -50,11 +50,17 @@
+ return SMFIS_ACCEPT;
}
- /* extract From: domain */
+ /* extract From: addresses */
memset(addrbuf, '\0', sizeof addrbuf);
-@@ -2387,9 +2396,9 @@
- "%s: unable to parse From header field",
- dfc->mctx_jobid);
+@@ -2495,13 +2504,13 @@
+ {
+ if (conf->conf_dolog)
+ {
+ syslog(LOG_ERR,
+- "%s: unable to parse From header field",
+- dfc->mctx_jobid);
++ "%s: unable to parse From header field \"%s\"",
++ dfc->mctx_jobid, from->hdr_value);
}
- if (conf->conf_reqhdrs)
@@ -63,9 +69,9 @@
else
return SMFIS_ACCEPT;
}
---- opendmarc/opendmarc.conf.5.in.orig 2021-03-29 09:15:03.877101090 +0200
-+++ opendmarc/opendmarc.conf.5.in 2021-03-29 09:21:56.423837778 +0200
-@@ -258,8 +258,16 @@
+--- ./opendmarc/opendmarc.conf.5.in.orig 2021-04-30 18:34:43.000000000 +0200
++++ ./opendmarc/opendmarc.conf.5.in 2021-05-27 10:20:33.881043733 +0200
+@@ -287,8 +287,16 @@
failing this test are rejected without further processing. A From:
field from which no domain name could be extracted will also be rejected.
@@ -82,21 +88,21 @@
Specifies the socket that should be established by the filter to receive
connections from
.I sendmail(8)
---- opendmarc/opendmarc-config.h.orig 2021-03-29 09:19:21.345035861 +0200
-+++ opendmarc/opendmarc-config.h 2021-03-29 09:19:34.235736167 +0200
-@@ -43,8 +43,9 @@
+--- ./opendmarc/opendmarc-config.h.orig 2021-04-30 18:34:43.000000000 +0200
++++ ./opendmarc/opendmarc-config.h 2021-05-27 10:23:12.866999966 +0200
+@@ -44,8 +44,9 @@
{ "PidFile", CONFIG_TYPE_STRING, FALSE },
{ "PublicSuffixList", CONFIG_TYPE_STRING, FALSE },
{ "RecordAllMessages", CONFIG_TYPE_BOOLEAN, FALSE },
{ "RequiredHeaders", CONFIG_TYPE_BOOLEAN, FALSE },
+ { "RequiredFrom", CONFIG_TYPE_BOOLEAN, FALSE },
{ "RejectFailures", CONFIG_TYPE_BOOLEAN, FALSE },
+ { "RejectMultiValueFrom", CONFIG_TYPE_BOOLEAN, FALSE },
{ "ReportCommand", CONFIG_TYPE_STRING, FALSE },
{ "Socket", CONFIG_TYPE_STRING, FALSE },
- { "SoftwareHeader", CONFIG_TYPE_BOOLEAN, FALSE },
---- opendmarc/opendmarc.conf.sample.orig 2021-03-29 09:19:43.400961620 +0200
-+++ opendmarc/opendmarc.conf.sample 2021-03-29 09:22:23.834032438 +0200
-@@ -303,8 +303,17 @@
+--- ./opendmarc/opendmarc.conf.sample.orig 2021-04-30 18:34:43.000000000 +0200
++++ ./opendmarc/opendmarc.conf.sample 2021-05-27 10:20:33.882715995 +0200
+@@ -343,8 +343,17 @@
## rejected.
#
# RequiredHeaders false
diff -r 941e70b6f405 -r 35b3de587f56 mail/opendmarc/patches/patch-configure.ac
--- a/mail/opendmarc/patches/patch-configure.ac Thu May 27 15:25:34 2021 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,29 +0,0 @@
-$NetBSD: patch-configure.ac,v 1.3 2020/12/24 01:10:23 manu Exp $
-
-Search for res_ndestroy and use it instead of res_nclose if available
-
---- configure.ac.orig 2020-09-22 02:55:01.853002338 +0200
-+++ configure.ac 2020-09-22 02:55:47.922944675 +0200
-@@ -138,8 +138,22 @@
- [return res_ninit(NULL);])])
- AC_SEARCH_LIBS(res_ninit, resolv,
- AC_DEFINE(HAVE_RES_NINIT, 1,
- [Define to 1 if you have the `res_ninit()' function.]))
-+AC_MSG_CHECKING([if res_ndestroy is available])
-+AC_LINK_IFELSE([AC_LANG_PROGRAM([
-+ #include <sys/types.h>
-+ #include <netinet/in.h>
-+ #include <arpa/nameser.h>
-+ #include <resolv.h>
-+ ],[
-+ struct __res_state res;
-+ res_ndestroy(&res);
-+ ])], [AC_DEFINE([HAVE_RES_NDESTROY], [1],
-+ [we have res_ndestroy]) res_ndestroy=yes],
-+ [res_ndestroy=no])
-+AC_MSG_RESULT([$res_ndestroy])
-+
- m4_rename_force([saved_AC_LANG_CALL], [AC_LANG_CALL])
- AC_CHECK_LIB(idn, idn_free)
- AC_CHECK_LIB(rt, nanosleep)
- AC_SEARCH_LIBS(inet_addr, nsl)
diff -r 941e70b6f405 -r 35b3de587f56 mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c
--- a/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c Thu May 27 15:25:34 2021 +0000
+++ b/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c Thu May 27 16:51:59 2021 +0000
@@ -1,11 +1,10 @@
-$NetBSD: patch-libopendmarc_opendmarc__dns.c,v 1.2 2020/12/24 01:10:23 manu Exp $
+$NetBSD: patch-libopendmarc_opendmarc__dns.c,v 1.3 2021/05/27 16:52:00 manu Exp $
Make sure res_init works on zeroed structure
-Search for res_ndestroy and use it instead of res_nclose if available
---- libopendmarc/opendmarc_dns.c.orig 2018-11-15 01:58:31.000000000 +0100
-+++ libopendmarc/opendmarc_dns.c 2020-12-23 15:57:30.488718786 +0100
-@@ -201,16 +201,21 @@
+--- libopendmarc/opendmarc_dns.c.orig 2021-05-27 10:27:22.653313507 +0200
++++ libopendmarc/opendmarc_dns.c 2021-05-27 10:26:59.377412037 +0200
+@@ -202,8 +202,9 @@
while (*bp == '.')
++bp;
@@ -15,15 +14,3 @@
#ifdef RES_USE_DNSSEC
resp.options |= RES_USE_DNSSEC;
#endif
- (void) opendmarc_policy_library_dns_hook(&resp.nscount,
- &resp.nsaddr_list);
- answer_len = res_nquery(&resp, bp, C_IN, T_TXT, answer_buf, sizeof answer_buf);
-+#ifdef HAVE_RES_NDESTROY
-+ res_ndestroy(&resp);
-+#else /* HAVE_RES_NDESTROY */
- res_nclose(&resp);
-+#endif /* HAVE_RES_NDESTROY */
- #else /* HAVE_RES_NINIT */
- res_init();
- #ifdef RES_USE_DNSSEC
- _res.options |= RES_USE_DNSSEC;
diff -r 941e70b6f405 -r 35b3de587f56 mail/opendmarc/patches/patch-libopendmarc_opendmarc__spf__dns.c
--- a/mail/opendmarc/patches/patch-libopendmarc_opendmarc__spf__dns.c Thu May 27 15:25:34 2021 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,82 +0,0 @@
---- libopendmarc/opendmarc_spf_dns.c.orig 2020-09-22 03:01:49.272695446 +0200
-+++ libopendmarc/opendmarc_spf_dns.c 2020-09-22 03:05:01.660275230 +0200
-@@ -107,9 +107,13 @@
- ++bp;
-
- #ifdef HAVE_RES_NINIT
- k = res_nquery(&resp, bp, C_IN, sought, a_buf, sizeof a_buf);
-+#ifdef HAVE_RES_NDESTROY
-+ res_ndestroy(&resp);
-+#else /* HAVE_RES_NDESTROY */
- res_nclose(&resp);
-+#endif /* HAVE_RES_NDESTROY */
- #else /* HAVE_RES_NINIT */
- k = res_query(bp, C_IN, sought, a_buf, sizeof a_buf);
- #endif /* HAVE_RES_NINIT */
- if (k < 0)
-@@ -252,9 +256,13 @@
- #ifdef HAVE_RES_NINIT
- memset(&resp, '\0', sizeof resp);
- res_ninit(&resp);
- k = res_nquery(&resp, domain, C_IN, T_MX, (u_char *) &q, sizeof(q));
-+#ifdef HAVE_RES_NDESTROY
-+ res_ndestroy(&resp);
-+#else /* HAVE_RES_NDESTROY */
- res_nclose(&resp);
-+#endif /* HAVE_RES_NDESTROY */
- #else /* HAVE_RES_NINIT */
- k = res_query(domain, C_IN, T_MX, (u_char *) &q, sizeof(q));
- #endif /* HAVE_RES_NINIT */
-
-@@ -365,9 +373,13 @@
- #ifdef HAVE_RES_NINIT
- memset(&resp, '\0', sizeof resp);
- res_ninit(&resp);
- k = res_nquery(&resp, (char *)buf, C_IN, T_PTR, (u_char *) &q, sizeof(q));
-+#ifdef HAVE_RES_NDESTROY
-+ res_ndestroy(&resp);
-+#else /* HAVE_RES_NDESTROY */
- res_nclose(&resp);
-+#endif /* HAVE_RES_NDESTROY */
- #else /* HAVE_RES_NINIT */
- k = res_query((char *)buf, C_IN, T_PTR, (u_char *) &q, sizeof(q));
- #endif /* HAVE_RES_NINIT */
-
-@@ -460,9 +472,13 @@
- #ifdef T_AAAA
- (void) res_nquery(&resp, domain, C_IN, T_AAAA, aaaa_q, sizeof aaaa_q);
- #endif /* T_AAAA */
- (void) res_nquery(&resp, domain, C_IN, T_MX, mx_q, sizeof mx_q);
-+#ifdef HAVE_RES_NDESTROY
-+ res_ndestroy(&resp);
-+#else /* HAVE_RES_NDESTROY */
- res_nclose(&resp);
-+#endif /* HAVE_RES_NDESTROY */
- #else /* HAVE_RES_NINIT */
- (void) res_query(domain, C_IN, T_A, a_q, sizeof a_q);
- #ifdef T_AAAA
- (void) res_query(domain, C_IN, T_AAAA, aaaa_q, sizeof aaaa_q);
-@@ -602,15 +618,23 @@
- goto got_spf_record;
- }
- *rp = h_errno;
- #ifdef HAVE_RES_NINIT
-+#ifdef HAVE_RES_NDESTROY
-+ res_ndestroy(&resp);
-+#else /* HAVE_RES_NDESTROY */
- res_nclose(&resp);
Home |
Main Index |
Thread Index |
Old Index