pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc



Module Name:    pkgsrc
Committed By:   manu
Date:           Thu May 27 16:52:00 UTC 2021

Modified Files:
        pkgsrc/doc: CHANGES-2021
        pkgsrc/mail/opendmarc: Makefile distinfo
        pkgsrc/mail/opendmarc/patches: patch-RequiredFrom
            patch-libopendmarc_opendmarc__dns.c
            patch-opendmarc_opendmarc-arcares.c
            patch-opendmarc_opendmarc-arcseal.c
Added Files:
        pkgsrc/mail/opendmarc/patches: patch-opendmarc_parse.c
Removed Files:
        pkgsrc/mail/opendmarc/patches: patch-configure.ac
            patch-libopendmarc_opendmarc__spf__dns.c

Log Message:
Update mail/opendmarc to 1.4.1.1

Changes since 1.4.0 from the RELEASE_NOTES file
        NOTE: In response to CVE-2019-20790, opendmarc has changed
                how it evaluates headers added by previous
                SPF milters.  Users are encouraged to read the
                CVE-2019-20790 file in the "SECURITY" folder
                for more details. (#49, #158).  Originally reported by
                Jianjun Chen, feedback by Simon Wilson and
                David Bürgin <dbuergin%gluet.ch@localhost>.
        NOTE: OpenDMARC's internal SPF handling will be removed
                in a future version.  Users are encouraged to
                build linked against libspf2.  Many pre-built
                packages provided by OS packagers already do this.
                (See https://www.libspf2.org)
        Addition of defines for MUSL C Library. (#129/#133).  Patches by
                Marco Rebhan.
        Updated opendmarc.conf manpage and opendmarc.conf.sample to point to
                https://publicsuffix.org/list/.
        Added a CONTRIBUTING document.
        Fix two #ifdefs in arc functions for strlcpy. (#138).  Reported by
                Leo Bicknell.
        Fixes to MySQL Schema (#98/#99).  Patch by Bond Keevil.
        LIBSPF2 calls would not compile on OpenBSD due to OpenBSD not
                having the ns_type definition in arpa/resolv.h.
                Added detection to configure script.  (#134)
        Reworked hcreate_r calls to use hcreate, to compile natively on
                OpenBSD and MacOS. (Part of #94)  Reported by Rupert
                Gallagher.
        Add compatibility with AutoConf 2.70. (#95)
        Documentation updates about SourceForge being deprecated.  (#101)
        Only accept results from Received-SPF fields that indicate clearly
                which identifier was being evaluated, since DMARC specifically
                only wants results based on MAIL FROM.
        Many build-time fixes (#100, #91, #90, #86, #85, #84, #83, #82, #81)
                Patches provided by Rupert Gallagher (ruga%protonmail.com@localhost)
        Added config option HoldQuarantinedMessages (default false), which
                controls if messages with p=quarantine will be passed on to
                the mail stream (if False) or placed in the MTA's "hold"
                queue (if True).  Issue #105.  Patch by Marcos Moraes, on
                the OpenDMARC mailing list.
        Remove "--with-wall" from "configure".  Suggested by Leo Bicknell.
        LIBOPENDMARC: Fix bug #50: Ignore all RRTYPEs other than TXT.
                Problem reported by Jan Bouwhuis.
        LIBOPENDMARC: Fix bug #89: Repair absurd RRTYPE test in SPF code.
        LIBOPENDMARC: Fix bug #104: Fix bogus header field parsing code.
        LIBOPENDMARC: Fix bug #161: Don't pass the client IP address through
                htonl() since it's already in network byte order.  This
                was causing SPF errors when the internal SPF
                implementation was in use.
        LIBOPENDMARC: Fix numerous problems with the internal SPF
                implementation.


To generate a diff of this commit:
cvs rdiff -u -r1.2998 -r1.2999 pkgsrc/doc/CHANGES-2021
cvs rdiff -u -r1.25 -r1.26 pkgsrc/mail/opendmarc/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/mail/opendmarc/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/opendmarc/patches/patch-RequiredFrom \
    pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c \
    pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c
cvs rdiff -u -r1.3 -r0 pkgsrc/mail/opendmarc/patches/patch-configure.ac
cvs rdiff -u -r1.2 -r1.3 \
    pkgsrc/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c
cvs rdiff -u -r1.2 -r0 \
    pkgsrc/mail/opendmarc/patches/patch-libopendmarc_opendmarc__spf__dns.c
cvs rdiff -u -r0 -r1.1 pkgsrc/mail/opendmarc/patches/patch-opendmarc_parse.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/CHANGES-2021
diff -u pkgsrc/doc/CHANGES-2021:1.2998 pkgsrc/doc/CHANGES-2021:1.2999
--- pkgsrc/doc/CHANGES-2021:1.2998      Thu May 27 15:25:34 2021
+++ pkgsrc/doc/CHANGES-2021     Thu May 27 16:51:59 2021
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2021,v 1.2998 2021/05/27 15:25:34 bsiegert Exp $
+$NetBSD: CHANGES-2021,v 1.2999 2021/05/27 16:51:59 manu Exp $
 
 Changes to the packages collection and infrastructure in 2021:
 
@@ -4631,3 +4631,4 @@ Changes to the packages collection and i
        Removed graphics/go-smartcrop [bsiegert 2021-05-27]
        Removed graphics/go-resize [bsiegert 2021-05-27]
        Removed graphics/go-imaging [bsiegert 2021-05-27]
+       Updated mail/opendmarc to 1.4.1.1 [manu 2021-05-27]

Index: pkgsrc/mail/opendmarc/Makefile
diff -u pkgsrc/mail/opendmarc/Makefile:1.25 pkgsrc/mail/opendmarc/Makefile:1.26
--- pkgsrc/mail/opendmarc/Makefile:1.25 Mon May 24 19:52:43 2021
+++ pkgsrc/mail/opendmarc/Makefile      Thu May 27 16:52:00 2021
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.25 2021/05/24 19:52:43 wiz Exp $
+# $NetBSD: Makefile,v 1.26 2021/05/27 16:52:00 manu Exp $
 
 GITHUB_PROJECT=        OpenDMARC
-GITHUB_TAG=    rel-opendmarc-1-4-0-Beta1
-DISTNAME=      rel-opendmarc-1-4-0-Beta1
-PKGNAME=       opendmarc-1.4.0b1
-PKGREVISION=   4
+GITHUB_TAG=    rel-opendmarc-1-4-1-1
+DISTNAME=      rel-opendmarc-1-4-1-1
+PKGNAME=       opendmarc-1.4.1.1
+#PKGREVISION=  1
 CATEGORIES=    mail
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=trusteddomainproject/}
 DIST_SUBDIR=   ${GITHUB_PROJECT}

Index: pkgsrc/mail/opendmarc/distinfo
diff -u pkgsrc/mail/opendmarc/distinfo:1.10 pkgsrc/mail/opendmarc/distinfo:1.11
--- pkgsrc/mail/opendmarc/distinfo:1.10 Mon Mar 29 09:30:59 2021
+++ pkgsrc/mail/opendmarc/distinfo      Thu May 27 16:52:00 2021
@@ -1,12 +1,11 @@
-$NetBSD: distinfo,v 1.10 2021/03/29 09:30:59 manu Exp $
+$NetBSD: distinfo,v 1.11 2021/05/27 16:52:00 manu Exp $
 
-SHA1 (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = 74ad1ef9f9a12b5fadef5919807cd55f7655d8d8
-RMD160 (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = e8dda5350a734509843a04329777478d9410b796
-SHA512 (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = d562050da9c4b96e7707157fbbf385ab3ac551cf07754b45deb6a010b4c47e7f478dfe35bc2c8625f6553af4fbf120820bf2a9f0ce246b26cabf81e7d1174405
-Size (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = 1247386 bytes
-SHA1 (patch-RequiredFrom) = a21d77abbe93c806c6abee55e77e477c9c435c00
-SHA1 (patch-configure.ac) = d174911e4de37d3b50b525469cbe410bb7ae119f
-SHA1 (patch-libopendmarc_opendmarc__dns.c) = e76ca13707677525b72609b4a5268d77efcfba84
-SHA1 (patch-libopendmarc_opendmarc__spf__dns.c) = b6e1311be8e9ef44c333be57fef474f6b080a199
-SHA1 (patch-opendmarc_opendmarc-arcares.c) = 6bf207d9984341fe13120ff8d25a77ff7f6ae1e5
-SHA1 (patch-opendmarc_opendmarc-arcseal.c) = a2ace25f687736876ea4299a0177d3c3ed1e247b
+SHA1 (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 2983653fa076f3843f3ef064d58f35d39e21a3fe
+RMD160 (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 6bb61ad0e1e1a8cb3ce23cbe4eb61fb02be26610
+SHA512 (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = ee034386c70c75b87ca2fce0849a1a3538e10e0aebfb0fc9dcba6817d2cf71f52aa5586ccaacdee620190c5fbb81498419fb8e8db9fac15d7c71a61a7da396a6
+Size (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 426618 bytes
+SHA1 (patch-RequiredFrom) = c89853a3fabcc48653b94169f49ea3c5923254d3
+SHA1 (patch-libopendmarc_opendmarc__dns.c) = b1f697c930808b5c5724331dead3cf29c024d69b
+SHA1 (patch-opendmarc_opendmarc-arcares.c) = 0984b42e943d6a17eeb5725508dfbcf107b23169
+SHA1 (patch-opendmarc_opendmarc-arcseal.c) = 98edb0d22e7c693d327ba98ba186605060d36e2f
+SHA1 (patch-opendmarc_parse.c) = c4b521a4542a4dc7db8baf088bb297493bf46a83

Index: pkgsrc/mail/opendmarc/patches/patch-RequiredFrom
diff -u pkgsrc/mail/opendmarc/patches/patch-RequiredFrom:1.1 pkgsrc/mail/opendmarc/patches/patch-RequiredFrom:1.2
--- pkgsrc/mail/opendmarc/patches/patch-RequiredFrom:1.1        Mon Mar 29 09:30:59 2021
+++ pkgsrc/mail/opendmarc/patches/patch-RequiredFrom    Thu May 27 16:52:00 2021
@@ -1,4 +1,4 @@
-$NetBSD: patch-RequiredFrom,v 1.1 2021/03/29 09:30:59 manu Exp $
+$NetBSD: patch-RequiredFrom,v 1.2 2021/05/27 16:52:00 manu Exp $
 
 Add RequiredFrom option to reject messages that lack a From header
 from which a valid domain can be extracted
@@ -6,8 +6,8 @@ from which a valid domain can be extract
 Submitted upstream as 
 https://github.com/trusteddomainproject/OpenDMARC/pull/147
 
---- opendmarc/opendmarc.c.orig 2021-03-29 09:13:11.534047039 +0200
-+++ opendmarc/opendmarc.c      2021-03-29 10:02:01.105977120 +0200
+--- ./opendmarc/opendmarc.c.orig       2021-04-30 18:34:43.000000000 +0200
++++ ./opendmarc/opendmarc.c    2021-05-27 10:20:33.880652427 +0200
 @@ -163,8 +163,9 @@
  /* DMARCF_CONFIG -- configuration object */
  struct dmarcf_config
@@ -18,7 +18,7 @@ https://github.com/trusteddomainproject/
        _Bool                   conf_afrfnone;
        _Bool                   conf_rejectfail;
        _Bool                   conf_dolog;
-@@ -1349,8 +1350,12 @@
+@@ -1422,8 +1423,12 @@
                (void) config_get(data, "RequiredHeaders",
                                  &conf->conf_reqhdrs,
                                  sizeof conf->conf_reqhdrs);
@@ -31,7 +31,7 @@ https://github.com/trusteddomainproject/
                                  &conf->conf_afrf,
                                  sizeof conf->conf_afrf);
  
-@@ -2367,13 +2372,17 @@
+@@ -2453,13 +2458,17 @@
        {
                if (conf->conf_dolog)
                {
@@ -50,11 +50,17 @@ https://github.com/trusteddomainproject/
 +                      return SMFIS_ACCEPT;
        }
  
-       /* extract From: domain */
+       /* extract From: addresses */
        memset(addrbuf, '\0', sizeof addrbuf);
-@@ -2387,9 +2396,9 @@
-                              "%s: unable to parse From header field",
-                              dfc->mctx_jobid);
+@@ -2495,13 +2504,13 @@
+       {
+               if (conf->conf_dolog)
+               {
+                       syslog(LOG_ERR,
+-                             "%s: unable to parse From header field",
+-                             dfc->mctx_jobid);
++                             "%s: unable to parse From header field \"%s\"",
++                             dfc->mctx_jobid, from->hdr_value);
                }
  
 -              if (conf->conf_reqhdrs)
@@ -63,9 +69,9 @@ https://github.com/trusteddomainproject/
                else
                        return SMFIS_ACCEPT;
        }
---- opendmarc/opendmarc.conf.5.in.orig 2021-03-29 09:15:03.877101090 +0200
-+++ opendmarc/opendmarc.conf.5.in      2021-03-29 09:21:56.423837778 +0200
-@@ -258,8 +258,16 @@
+--- ./opendmarc/opendmarc.conf.5.in.orig       2021-04-30 18:34:43.000000000 +0200
++++ ./opendmarc/opendmarc.conf.5.in    2021-05-27 10:20:33.881043733 +0200
+@@ -287,8 +287,16 @@
  failing this test are rejected without further processing.  A From:
  field from which no domain name could be extracted will also be rejected.
  
@@ -82,21 +88,21 @@ https://github.com/trusteddomainproject/
  Specifies the socket that should be established by the filter to receive
  connections from
  .I sendmail(8)
---- opendmarc/opendmarc-config.h.orig  2021-03-29 09:19:21.345035861 +0200
-+++ opendmarc/opendmarc-config.h       2021-03-29 09:19:34.235736167 +0200
-@@ -43,8 +43,9 @@
+--- ./opendmarc/opendmarc-config.h.orig        2021-04-30 18:34:43.000000000 +0200
++++ ./opendmarc/opendmarc-config.h     2021-05-27 10:23:12.866999966 +0200
+@@ -44,8 +44,9 @@
        { "PidFile",                    CONFIG_TYPE_STRING,     FALSE },
        { "PublicSuffixList",           CONFIG_TYPE_STRING,     FALSE },
        { "RecordAllMessages",          CONFIG_TYPE_BOOLEAN,    FALSE },
        { "RequiredHeaders",            CONFIG_TYPE_BOOLEAN,    FALSE },
 +      { "RequiredFrom",               CONFIG_TYPE_BOOLEAN,    FALSE },
        { "RejectFailures",             CONFIG_TYPE_BOOLEAN,    FALSE },
+       { "RejectMultiValueFrom",       CONFIG_TYPE_BOOLEAN,    FALSE },
        { "ReportCommand",              CONFIG_TYPE_STRING,     FALSE },
        { "Socket",                     CONFIG_TYPE_STRING,     FALSE },
-       { "SoftwareHeader",             CONFIG_TYPE_BOOLEAN,    FALSE },
---- opendmarc/opendmarc.conf.sample.orig       2021-03-29 09:19:43.400961620 +0200
-+++ opendmarc/opendmarc.conf.sample    2021-03-29 09:22:23.834032438 +0200
-@@ -303,8 +303,17 @@
+--- ./opendmarc/opendmarc.conf.sample.orig     2021-04-30 18:34:43.000000000 +0200
++++ ./opendmarc/opendmarc.conf.sample  2021-05-27 10:20:33.882715995 +0200
+@@ -343,8 +343,17 @@
  ##  rejected.
  #
  # RequiredHeaders false
Index: pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c
diff -u pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c:1.1 pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c:1.2
--- pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c:1.1       Wed Feb 17 01:49:12 2021
+++ pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c   Thu May 27 16:52:00 2021
@@ -1,10 +1,11 @@
-$NetBSD: patch-opendmarc_opendmarc-arcares.c,v 1.1 2021/02/17 01:49:12 manu Exp $
+$NetBSD: patch-opendmarc_opendmarc-arcares.c,v 1.2 2021/05/27 16:52:00 manu Exp $
 
 Avoid handling a NULL pointer when parsing a malformed header
 
---- opendmarc/opendmarc-arcares.c.orig 2021-02-16 16:33:34.454279528 +0000
-+++ opendmarc/opendmarc-arcares.c      2021-02-16 16:35:14.240570993 +0000
-@@ -324,8 +324,10 @@
+--- opendmarc/opendmarc-arcares.c.orig 2021-04-30 18:34:43.000000000 +0200
++++ opendmarc/opendmarc-arcares.c      2021-05-27 10:30:03.036068852 +0200
+@@ -265,8 +265,10 @@
+               token_ptr = token + leading_space_len;
                if (*token_ptr == '\0')
                        return 0;
                tag_label = strsep(&token_ptr, "=");
@@ -14,4 +15,3 @@ Avoid handling a NULL pointer when parsi
                tag_code = opendmarc_arcares_convert(aar_arc_tags, tag_label);
  
                switch (tag_code)
-               {
Index: pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c
diff -u pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c:1.1 pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c:1.2
--- pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c:1.1       Wed Feb 17 01:49:12 2021
+++ pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c   Thu May 27 16:52:00 2021
@@ -1,10 +1,10 @@
-$NetBSD: patch-opendmarc_opendmarc-arcseal.c,v 1.1 2021/02/17 01:49:12 manu Exp $
+$NetBSD: patch-opendmarc_opendmarc-arcseal.c,v 1.2 2021/05/27 16:52:00 manu Exp $
 
 Avoid handling a NULL pointer when parsing a malformed header
 
---- opendmarc/opendmarc-arcseal.c.orig 2021-02-16 23:42:14.132748160 +0100
-+++ opendmarc/opendmarc-arcseal.c      2021-02-16 23:43:43.400895411 +0100
-@@ -222,9 +222,13 @@
+--- opendmarc/opendmarc-arcseal.c.orig 2021-04-30 18:34:43.000000000 +0200
++++ opendmarc/opendmarc-arcseal.c      2021-05-27 10:31:21.308140659 +0200
+@@ -166,9 +166,13 @@
                token_ptr = token + leading_space_len;
                if (*token_ptr == '\0')
                        return 0;

Index: pkgsrc/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c
diff -u pkgsrc/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c:1.2 pkgsrc/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c:1.3
--- pkgsrc/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c:1.2       Thu Dec 24 01:10:23 2020
+++ pkgsrc/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c   Thu May 27 16:52:00 2021
@@ -1,11 +1,10 @@
-$NetBSD: patch-libopendmarc_opendmarc__dns.c,v 1.2 2020/12/24 01:10:23 manu Exp $
+$NetBSD: patch-libopendmarc_opendmarc__dns.c,v 1.3 2021/05/27 16:52:00 manu Exp $
 
 Make sure res_init works on zeroed structure
-Search for res_ndestroy and use it instead of res_nclose if available
 
---- libopendmarc/opendmarc_dns.c.orig  2018-11-15 01:58:31.000000000 +0100
-+++ libopendmarc/opendmarc_dns.c       2020-12-23 15:57:30.488718786 +0100
-@@ -201,16 +201,21 @@
+--- libopendmarc/opendmarc_dns.c.orig  2021-05-27 10:27:22.653313507 +0200
++++ libopendmarc/opendmarc_dns.c       2021-05-27 10:26:59.377412037 +0200
+@@ -202,8 +202,9 @@
        while (*bp == '.')
                ++bp;
  
@@ -15,15 +14,3 @@ Search for res_ndestroy and use it inste
  #ifdef RES_USE_DNSSEC
        resp.options |= RES_USE_DNSSEC;
  #endif
-       (void) opendmarc_policy_library_dns_hook(&resp.nscount,
-                                                  &resp.nsaddr_list);
-       answer_len = res_nquery(&resp, bp, C_IN, T_TXT, answer_buf, sizeof answer_buf);
-+#ifdef HAVE_RES_NDESTROY
-+      res_ndestroy(&resp);
-+#else /* HAVE_RES_NDESTROY */
-       res_nclose(&resp);
-+#endif /* HAVE_RES_NDESTROY */
- #else /* HAVE_RES_NINIT */
-       res_init();
- #ifdef RES_USE_DNSSEC
-       _res.options |= RES_USE_DNSSEC;

Added files:

Index: pkgsrc/mail/opendmarc/patches/patch-opendmarc_parse.c
diff -u /dev/null pkgsrc/mail/opendmarc/patches/patch-opendmarc_parse.c:1.1
--- /dev/null   Thu May 27 16:52:00 2021
+++ pkgsrc/mail/opendmarc/patches/patch-opendmarc_parse.c       Thu May 27 16:52:00 2021
@@ -0,0 +1,30 @@
+$NetBSD: patch-opendmarc_parse.c,v 1.1 2021/05/27 16:52:00 manu Exp $
+
+Make sure a trailing brackets corresponds to a leading one
+aaa98f5
+
+This fixes the case where the sender e-mail address is user%example.net@localhost>
+Without this fix, OpenDMARC parses the domain as example.net> and skip
+DMARC processing since there is no policy for the domain.
+
+Unfortunately, the MTA or MUA tend to fix the trailing bracket on their
+own, letting forged e-mail passing through to user mailboxes.
+
+Submitted upstream https://github.com/trusteddomainproject/OpenDMARC/pull/174
+
+--- opendmarc/parse.c.orig     2021-05-27 09:45:40.873727663 +0200
++++ opendmarc/parse.c  2021-05-27 09:45:27.545312746 +0200
+@@ -444,8 +444,13 @@
+                                       *w++ = '\0';
+                                       *domain_out = w;
+                                       ws = 0;
+                               }
++                              else if (type == '>')
++                              {
++                                      err = MAILPARSE_ERR_SUNBALANCED;
++                                      return err;
++                              }
+                               else
+                               {
+ 
+                                       if (*user_out == NULL)



Home | Main Index | Thread Index | Old Index