pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
wip/opensmtpd: update to opensmtpd-7.3.0p1
Module Name: pkgsrc-wip
Committed By: Paolo Vincenzo Olivo <vms%retrobsd.ddns.net@localhost>
Pushed By: vms
Date: Sun Jul 30 19:30:53 2023 +0200
Changeset: 2d3f1abd5e67aee58b4d75deca3e3e3cbe37fe44
Modified Files:
opensmtpd/Makefile
opensmtpd/TODO
opensmtpd/distinfo
opensmtpd/files/mailer.conf
opensmtpd/files/opensmtpd.sh
opensmtpd/patches/patch-mk_smtpd_Makefile.am
opensmtpd/patches/patch-openbsd-compat_imsg-buffer.c
opensmtpd/patches/patch-openbsd-compat_imsg.c
opensmtpd/patches/patch-usr.sbin_smtpd_queue__fs.c
Added Files:
opensmtpd/PLIST.common
opensmtpd/PLIST.nowrap
opensmtpd/files/smtp.conf
opensmtpd/options.mk
opensmtpd/patches/patch-usr.sbin_smtpd_proxy.c
opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c
Removed Files:
opensmtpd/PLIST
opensmtpd/patches/patch-smtpd_proxy.c
opensmtpd/patches/patch-smtpd_smtp__session.c
Log Message:
wip/opensmtpd: update to opensmtpd-7.3.0p1
* Address remaining issues in TODO: noticeably remove CONFLICTS+ lines
as OpenSMTPD no more installs sendmail-equivalent binaries. Retain
CONFLICTS for systems where mailwrapper isn't available and symbolic
links are required for backward compatibility.
Use a 'mailwrapper' option to handle this (to potentially include in
the options-description files)
* Enable PAM support, making it optional
* Build with LibreTLS (3.7.0) and OpenSSL (1.1.1.*). Hopefully the
regression currently affecting LibreTLS with OpenSSL 3.x gets a fix
before OpenSSL3 is imported. Otherwise, attempt to build with
OpenSSL3 + bundled-libtls (widely reported working).
* Move package configuration directory to $PKG_SYSCONFDIR/smtp,
to organize files (conf, aliases, secrets, virtuals) in a cleaner way.
* install sample aliases file
* Fix hard-coded paths in man pages and sample configuration
* Fix smtpctl permissions (needs to be setgid _smtpq)
* Revise and improve rc.d script and mailer.conf
* Require mozilla-rootcerts for ca-certificates.
* rename patches to match target files.
* lint package.
[OpenSMTPD 7.3.0p1]
* add missing include of stdio.h for fparseln(3) on FreeBSD
* fix a typo in the configure
* use fatal() instead of err(3) in xclosefrom()
* don't add "-lcrypto -lssl" thrice
* fix the build of the bundled libtls with LibreSSL
* force the use of the bundled libtls and libasr
* append, not prepend, to LIBS during automatic configuration
* do not add -L/usr/local/lib or -L/usr/lib, nor -I/usr/local/include
or -I/usr/include, as consequence of missing --with-libevent
* optionally link libbsd-ctor too
[OpenSMTPD 7.3.0p]
This release builds with LibreSSL, or OpenSSL > 1.1.1 optionally with
LibreTLS.
LibreTLS 3.7.0 has a known regression with OpenSSL 3+, so please use the
bundled one using the --with-bundled-libtls configure flag until it is
updated.
It's preferable to depend on LibreSSL as OpenSMTPD is written and tested
with that dependency. OpenSSL library is considered as a best effort
target TLS library and provided as a commodity, LibreSSL has become our
target TLS library.
- Includes the following security fixes:
* OpenBSD 7.2 errata 20 "smtpd(8) could abort due to a connection
from a local, scoped ipv6 address"
* OpenBSD 7.2 errata 22 "Out of bounds accesses in libc resolver"
- Configuration changes:
The certificate to use is now selected by looking at the names found in
the certificates themselves rather than the pki name. The set of
certificates for a TLS listener must be defined explicitly by using the
pki listener option multiple times.
- Synced with OpenBSD 7.3:
| OpenBSD 6.9:
* Introduced smtp(1) -a to perform authentication before sending a
message.
* Fixed a memory leak in smtpd(8) resolver.
* Prevented a crash due to premature release of resources by the
smtpd(8) filter state machine.
* Switch to libtls internally.
* Change the way SNI works in smtpd.conf(5). TLS listeners may be
configured with multiple certificates. The matching is based on
the names included in the certificates.
* Allow to specify TLS protocols and ciphers per listener and relay action.
| OpenBSD 7.0:
* Fixed incorrect status code for expired mails resulting in
misleading bounce report in smtpd(8).
* Added TLS options cafile=(path), nosni, noverify and
servername=(name) to smtp(1).
* Allowed specification of TLS ciphers and protocols in smtp(1).
| OpenBSD 7.1:
* Stop verifying the cert or CA for a relay using opportunistic TLS.
* Enabled TLS verify by default for outbound "smtps://" and
"smtp+tls://", restoring documented smtpd(8) behavior.
| OpenBSD 7.3:
* Prevented smtpd(8) abort due to a connection from a local, scoped
ipv6 address.
Portable layer changes:
| libbsd and libtls are now optionally used if found:
* Added --with-libbsd/--without-libbsd configure flag to enable
linking to libbsd-overlay.
* Added --with-bundled-libtls to force the usage of the bundled libtls
LibreTLS 3.7.0 (last version at the time of writing) and previous
have a regression with OpenSSL 3+, so please use the bundled one.
See the GitHub issue #1171 for more info.
| Updated and cleanup of the OpenBSD compats.
* Ported res_randomid() from OpenBSD.
* The configure option --with-path-CAfile shouldn't be required
anymore in most systems but it is retained since it could be
useful in some configuration when using the bundled libtls.
* Various minor portability fixes.
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=2d3f1abd5e67aee58b4d75deca3e3e3cbe37fe44
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
opensmtpd/Makefile | 80 +++++++++++++++-------
opensmtpd/PLIST | 23 -------
opensmtpd/PLIST.common | 33 +++++++++
opensmtpd/PLIST.nowrap | 5 ++
opensmtpd/TODO | 10 +--
opensmtpd/distinfo | 18 ++---
opensmtpd/files/mailer.conf | 6 +-
opensmtpd/files/opensmtpd.sh | 33 +++++++--
opensmtpd/files/smtp.conf | 16 +++++
opensmtpd/options.mk | 72 +++++++++++++++++++
opensmtpd/patches/patch-mk_smtpd_Makefile.am | 10 +--
.../patches/patch-openbsd-compat_imsg-buffer.c | 13 +---
opensmtpd/patches/patch-openbsd-compat_imsg.c | 13 +---
opensmtpd/patches/patch-smtpd_proxy.c | 32 ---------
opensmtpd/patches/patch-smtpd_smtp__session.c | 64 -----------------
opensmtpd/patches/patch-usr.sbin_smtpd_proxy.c | 32 +++++++++
opensmtpd/patches/patch-usr.sbin_smtpd_queue__fs.c | 2 +
.../patches/patch-usr.sbin_smtpd_smtp__session.c | 64 +++++++++++++++++
18 files changed, 336 insertions(+), 190 deletions(-)
diffs:
diff --git a/opensmtpd/Makefile b/opensmtpd/Makefile
index a78f457bac..165f35d4e0 100644
--- a/opensmtpd/Makefile
+++ b/opensmtpd/Makefile
@@ -1,8 +1,7 @@
# $NetBSD$
-VERSION= 6.8.0p2
+VERSION= 7.3.0p1
DISTNAME= opensmtpd-${VERSION}
-PKGREVISION= 1
CATEGORIES= mail net
MASTER_SITES= https://www.opensmtpd.org/archives/
@@ -11,19 +10,19 @@ HOMEPAGE= https://www.opensmtpd.org/
COMMENT= The OpenSMTPD mail transfer agent, a replacement for sendmail
LICENSE= isc AND modified-bsd AND 2-clause-bsd
-CONFLICTS+= courier-mta-[0-9]* fastforward>=0.51nb2 sendmail-[0-9]*
-CONFLICTS+= esmtp>=1.2 nullmailer-[0-9]* postfix-[0-9]*
-
BUILD_DEFS+= VARBASE
-USE_LANGUAGES= c
USE_LIBTOOL= yes
-USE_TOOLS+= pkg-config yacc
+USE_TOOLS+= awk pkg-config yacc
USE_TOOLS+= automake aclocal autoheader autoconf
+DEPENDS+= mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts
+
SMTPD_HOME= ${VARBASE}/chroot/smtpd
OWN_DIRS= ${SMTPD_HOME}
+PLIST_SRC= PLIST.common
+
PKG_GROUPS= _smtpd _smtpq
PKG_USERS= _smtpd:_smtpd _smtpq:_smtpq
PKG_GECOS._smtpd= OpenSMTPD pseudo-user
@@ -31,32 +30,58 @@ PKG_HOME._smtpd= ${SMTPD_HOME}
PKG_GECOS._smtpq= OpenSMTPD pseudo-user
PKG_HOME._smtpq= ${SMTPD_HOME}
+.include "../../mk/bsd.prefs.mk"
+
GNU_CONFIGURE= yes
USE_DB185= yes
-CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q}
+CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}/smtpd
CONFIGURE_ARGS+= --with-mantype=man
CONFIGURE_ARGS+= --with-libssl=${SSLBASE:Q}
+CONFIGURE_ARGS+= --with-path-CAfile=${SSLCERTS}/ca-certificates.crt
+CONFIGURE_ARGS+= --with-path-empty=${VARBASE}/empty
+.if ${OPSYS} == "Linux"
+CONFIGURE_ARGS+= --with-path-mbox=${VARBASE}/spool/mail
+.else
+CONFIGURE_ARGS+= --with-path-mbox=${VARBASE}/mail
+.endif
+CONFIGURE_ARGS+= --with-libevent=${BUILDLINK_PREFIX.libevent}
+#CONFIGURE_ARGS+= --with-bundled-libtls # required for OpenSSL 3+
CONFIGURE_ARGS+= --with-table-db
+CONFIGURE_ARGS+= --with-pie
-CFLAGS.SunOS+= -D__EXTENSIONS__
+.include "options.mk"
-EXAMPLEDIR= ${PREFIX}/share/examples/opensmtpd
-CONF_FILES= ${EXAMPLEDIR}/smtpd.conf ${PKG_SYSCONFDIR}/smtpd.conf
+CFLAGS.SunOS+= -D__EXTENSIONS__
-MAKE_DIRS+= ${VARBASE}/empty ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0700
+EGDIR= ${PREFIX}/share/examples/opensmtpd
+CONF_FILES+= ${EGDIR}/smtpd.conf ${PKG_SYSCONFDIR}/smtpd/smtpd.conf
+CONF_FILES+= ${EGDIR}/aliases ${PKG_SYSCONFDIR}/smtpd/aliases
RCD_SCRIPTS= opensmtpd
+SETUID_ROOT_PERMS?= ${REAL_ROOT_USER} _smtpq 2555
+SPECIAL_PERMS+= sbin/smtpctl ${SETUID_ROOT_PERMS}
+
+MAKE_DIRS+= ${PKG_SYSCONFDIR}/smtpd
+MAKE_DIRS+= ${VARBASE}/empty ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 070
+
+SUBST_CLASSES+= prefix
+SUBST_STAGE.prefix= pre-configure
+SUBST_FILES.prefix= ${WRKDIR}/mailer.conf
+SUBST_VARS.prefix= PREFIX
+SUBST_MESSAGE.prefix= Replacing PREFIX placeholders.
+
SUBST_CLASSES+= paths
-SUBST_FILES.paths= ${WRKDIR}/mailer.conf
-SUBST_VARS.paths= PREFIX
SUBST_STAGE.paths= pre-configure
-
-SUBST_CLASSES+= exampledir
-SUBST_STAGE.exampledir= pre-configure
-SUBST_MESSAGE.exampledir= Fixing exampledir path
-SUBST_FILES.exampledir= mk/smtpd/Makefile.am
-SUBST_SED.exampledir+= -e 's,@EXAMPLE_DIR@,${EXAMPLEDIR},'
+SUBST_MESSAGE.paths= Replacing hard-coded paths.
+SUBST_FILES.paths+= mk/smtpd/Makefile.am usr.sbin/smtpd/smtpd.conf \
+ usr.sbin/smtpd/smtpd.8 usr.sbin/smtpd/smtpd.conf.5 \
+ usr.sbin/smtpd/aliases.5 usr.sbin/smtpd/makemap.8 \
+ usr.sbin/smtpd/newaliases.8
+SUBST_SED.paths+= -e "s:/etc/mail:${PKG_SYSCONFDIR}/smtpd:g"
+SUBST_SED.paths+= -e "s:/usr/local/etc:${PKG_SYSCONFDIR}/smtpd:g"
+SUBST_SED.paths+= -e "s:@EXAMPLE_DIR@:${EGDIR}:g"
+SUBST_SED.paths+= -e "s:/etc/ssl:${SSLDIR}:g"
post-extract:
cp ${FILESDIR}/mailer.conf ${WRKDIR}/mailer.conf
@@ -68,13 +93,20 @@ pre-configure:
cd ${WRKSRC} && ${TOOLS_CMD.autoheader}
cd ${WRKSRC} && ${TOOLS_CMD.automake} --foreign --add-missing --copy
-post-install:
- ${INSTALL_DATA} ${WRKDIR}/mailer.conf \
- ${DESTDIR}${EXAMPLEDIR}/mailer.conf
+.PHONY: install-aliases
+install-aliases:
+ ${INSTALL_DATA} ${WRKSRC}/etc/aliases ${DESTDIR}${EGDIR}
+.if ${OPSYS} == "Linux"
+. include "../../devel/libbsd/buildlink3.mk"
+.endif
.include "../../databases/db5/buildlink3.mk"
.include "../../devel/libevent/buildlink3.mk"
.include "../../devel/zlib/buildlink3.mk"
.include "../../net/libasr/buildlink3.mk"
-.include "../../security/openssl/buildlink3.mk"
+# OpenSSL 3+ may require building with bundled libtls
+# instead of pkgsrc LibreTLS
+#.include "../../security/openssl/buildlink3.mk"
+.include "../../security/libretls/buildlink3.mk"
+.include "../../mk/dlopen.buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
diff --git a/opensmtpd/PLIST b/opensmtpd/PLIST
deleted file mode 100644
index 94d89fdb1b..0000000000
--- a/opensmtpd/PLIST
+++ /dev/null
@@ -1,23 +0,0 @@
-@comment $NetBSD$
-bin/smtp
-libexec/opensmtpd/encrypt
-libexec/opensmtpd/lockspool
-libexec/opensmtpd/mail.lmtp
-libexec/opensmtpd/mail.local
-libexec/opensmtpd/mail.maildir
-libexec/opensmtpd/mail.mboxfile
-libexec/opensmtpd/mail.mda
-man/man1/smtp.1
-man/man5/aliases.5
-man/man5/forward.5
-man/man5/smtpd.conf.5
-man/man5/table.5
-man/man8/makemap.8
-man/man8/newaliases.8
-man/man8/sendmail.8
-man/man8/smtpctl.8
-man/man8/smtpd.8
-sbin/smtpctl
-sbin/smtpd
-share/examples/opensmtpd/mailer.conf
-share/examples/opensmtpd/smtpd.conf
diff --git a/opensmtpd/PLIST.common b/opensmtpd/PLIST.common
new file mode 100644
index 0000000000..3654426eba
--- /dev/null
+++ b/opensmtpd/PLIST.common
@@ -0,0 +1,33 @@
+@comment $NetBSD$
+bin/smtp
+libexec/opensmtpd/encrypt
+libexec/opensmtpd/lockspool
+libexec/opensmtpd/mail.lmtp
+libexec/opensmtpd/mail.local
+libexec/opensmtpd/mail.maildir
+libexec/opensmtpd/mail.mboxfile
+libexec/opensmtpd/mail.mda
+${PLIST.mailwrapper}libexec/opensmtpd/makemap
+man/man1/lockspool.1
+man/man1/smtp.1
+man/man5/aliases.5
+man/man5/forward.5
+man/man5/smtpd.conf.5
+man/man5/table.5
+man/man7/smtpd-filters.7
+man/man8/mail.lmtp.8
+man/man8/mail.local.8
+man/man8/mail.maildir.8
+man/man8/mail.mboxfile.8
+man/man8/mail.mda.8
+man/man8/makemap.8
+man/man8/newaliases.8
+man/man8/sendmail.8
+man/man8/smtpctl.8
+man/man8/smtpd.8
+sbin/smtpctl
+sbin/smtpd
+share/examples/opensmtpd/aliases
+${PLIST.mailwrapper}share/examples/opensmtpd/mailer.conf
+${PLIST.pam}share/examples/opensmtpd/pam.d/smtp
+share/examples/opensmtpd/smtpd.conf
diff --git a/opensmtpd/PLIST.nowrap b/opensmtpd/PLIST.nowrap
new file mode 100644
index 0000000000..35893da9c9
--- /dev/null
+++ b/opensmtpd/PLIST.nowrap
@@ -0,0 +1,5 @@
+@comment $NetBSD$
+sbin/mailq
+sbin/makemap
+sbin/newaliases
+sbin/sendmail
diff --git a/opensmtpd/TODO b/opensmtpd/TODO
index 823c13dfdc..8beb511d8a 100644
--- a/opensmtpd/TODO
+++ b/opensmtpd/TODO
@@ -6,10 +6,12 @@
The buffersize for "username" was already increased upstream
[X] Update PLIST
Binaries with sendmail names are no longer installed
-[ ] Check CONFLICTS
+[X] Check CONFLICTS
Maybe some can be removed after sendmail binaries are no longer installed
[X] Remove BROKEN_FOR_PLATFORM
- OpenBSD-*-* (not tested yet)
-
-This package has known vulnerabilities, please investigate and fix if possible:
- CVE-2023-29323
+[X] CVE-2023-29323 is fixed upstream as of OpenSMTPD version 7.0.0-portable
+[ ] Write a README.pkgsrc
+[ ] Switch to bundled-libtls if OpenSSL3 is imported and LibreTLS
+ doesn't get a fix in the meantime. See:
+ https://github.com/OpenSMTPD/OpenSMTPD/pull/1208
diff --git a/opensmtpd/distinfo b/opensmtpd/distinfo
index 2f7058c7d9..702d1d43f5 100644
--- a/opensmtpd/distinfo
+++ b/opensmtpd/distinfo
@@ -1,13 +1,13 @@
$NetBSD: distinfo,v 1.6 2016/06/01 11:47:06 wiz Exp $
-BLAKE2s (opensmtpd-6.8.0p2.tar.gz) = 2c4877e8f2de1ba710b3da2aea0129bb4a8746a8211d2c9763bac75043f58eb4
-SHA512 (opensmtpd-6.8.0p2.tar.gz) = 48f152b75575146fdd09bdf47123041ea62fefb6e5de33a69826bf91a2126a918f8db1caffadb2f142a1a21de8126d492de88cb65bdf169e61c0b22d3e78d290
-Size (opensmtpd-6.8.0p2.tar.gz) = 860189 bytes
+BLAKE2s (opensmtpd-7.3.0p1.tar.gz) = 0b2b46d52ae98647cb952d175b718b5bbb13c407cbde997a5d3350099227ccc2
+SHA512 (opensmtpd-7.3.0p1.tar.gz) = 2106de43e4b7435e49df759570ec758672ca8271dc451e30a261c250b41908b6ffe28e571a5f52e2ac14f59af132d1df45b272f8fcafeab04fcfb6bd5db970bb
+Size (opensmtpd-7.3.0p1.tar.gz) = 849026 bytes
SHA1 (patch-contrib_libexec_mail.local_mail.local.c) = bec19540fa52c7c6596ab5923f3a67b334ddf168
-SHA1 (patch-mk_smtpd_Makefile.am) = 57a7921cb5de3f6388ad98f9b74b98ca49da38bb
+SHA1 (patch-mk_smtpd_Makefile.am) = cc3f82922e3e56bc0205085f7e311f2beeda7fc4
SHA1 (patch-openbsd-compat_getpeereid.c) = 8d60140bffcabb6accf9b7bbe0f419c2c25d352d
-SHA1 (patch-openbsd-compat_imsg-buffer.c) = 88ca16db5dd400de14dafe7cc35d40adfd45a4c0
-SHA1 (patch-openbsd-compat_imsg.c) = ef84b7883b75bfc726085dac67b7bead16029e20
-SHA1 (patch-smtpd_proxy.c) = 895d3e9532bf53dcdb7a52825043acacac51b378
-SHA1 (patch-smtpd_smtp__session.c) = 565b1df1a6d4d3c5ee786f4501c1cd73992f2d3e
-SHA1 (patch-usr.sbin_smtpd_queue__fs.c) = f3c7f867e6542a0b080acd2b6ce9f28efed1a5e6
+SHA1 (patch-openbsd-compat_imsg-buffer.c) = 4b6861eec3461a192e20aa2daba4d74bd2659339
+SHA1 (patch-openbsd-compat_imsg.c) = 762b2ae2362716947ea007fa229e9e31fa6d08f3
+SHA1 (patch-usr.sbin_smtpd_proxy.c) = 895d3e9532bf53dcdb7a52825043acacac51b378
+SHA1 (patch-usr.sbin_smtpd_queue__fs.c) = f40d5be4c05d8d54f7368af8d20f4ee007860dc7
+SHA1 (patch-usr.sbin_smtpd_smtp__session.c) = 565b1df1a6d4d3c5ee786f4501c1cd73992f2d3e
diff --git a/opensmtpd/files/mailer.conf b/opensmtpd/files/mailer.conf
index 0cd17abbb4..287925bf1f 100644
--- a/opensmtpd/files/mailer.conf
+++ b/opensmtpd/files/mailer.conf
@@ -4,6 +4,6 @@
#
sendmail @PREFIX@/sbin/smtpctl
send-mail @PREFIX@/sbin/smtpctl
-mailq @PREFIX@/sbin/mailq
-makemap @PREFIX@/sbin/makemap
-newaliases @PREFIX@/sbin/newaliases
+mailq @PREFIX@/sbin/smtpctl
+makemap @PREFIX@/sbin/smptctl
+newaliases @PREFIX@/sbin/smtpctl
diff --git a/opensmtpd/files/opensmtpd.sh b/opensmtpd/files/opensmtpd.sh
index 31417bb79d..d1e9be4962 100644
--- a/opensmtpd/files/opensmtpd.sh
+++ b/opensmtpd/files/opensmtpd.sh
@@ -1,19 +1,42 @@
-#!@RCD_SCRIPTS_SHELL@
+#!/bin/sh
#
# $NetBSD: opensmtpd.sh,v 1.1 2013/11/18 22:50:01 pettai Exp $
#
-# PROVIDE: mail
+# PROVIDE: smtpd mail
# REQUIRE: LOGIN
+# KEYWORD: shutdown
# we make mail start late, so that things like .forward's are not
# processed until the system is fully operational
-. /etc/rc.subr
+$_rc_subr_loaded . @SYSCONFBASE@/rc.subr
name="smtpd"
rcvar=opensmtpd
-command="@PREFIX@/sbin/${name}"
-required_files="@PKG_SYSCONFDIR@/smtpd.conf"
+
+: ${smtpd_config:="@PKG_SYSCONFDIR@/smtpd/${name}.conf"}
+: ${smtpd_server:="@PREFIX@/sbin/${name}"}
+: ${smtpd_flags:=""}
+
+command="${smtpd_server}"
+command_args="-f ${smtpd_config} -v"
+required_files="${smtpd_config}"
+pidfile="@VARBASE@/run/${name}.pid"
+
+start_precmd="smtpd_precmd"
+check_cmd="smtpd_check"
+extra_commands="check"
+
+smtpd_check()
+{
+ echo "Performing sanity check on smtpd configuration:"
+ eval ${command} ${command_args} ${smtpd_flags} -n
+}
+
+smtpd_precmd()
+{
+ smtpd_check
+}
load_rc_config $name
run_rc_command "$1"
diff --git a/opensmtpd/files/smtp.conf b/opensmtpd/files/smtp.conf
new file mode 100644
index 0000000000..33dd209efe
--- /dev/null
+++ b/opensmtpd/files/smtp.conf
@@ -0,0 +1,16 @@
+#
+# PAM configuration for the "smtp" service
+#
+
+# auth
+auth required pam_nologin.so no_warn
+auth include system
+
+# account
+account include system
+
+# password
+password include system
+
+# session
+session include system
diff --git a/opensmtpd/options.mk b/opensmtpd/options.mk
new file mode 100644
index 0000000000..43a40be5c9
--- /dev/null
+++ b/opensmtpd/options.mk
@@ -0,0 +1,72 @@
+# $NetBSD: options.mk,v 1.2 2023/02/23 19:10:06 vins Exp $
+
+PKG_OPTIONS_VAR= PKG_OPTIONS.opensmtpd
+
+PKG_SUPPORTED_OPTIONS= mailwrapper pam
+
+.if ${OPSYS} != "OpenBSD"
+PKG_SUGGESTED_OPTIONS+= pam
+.endif
+
+.if exists(/etc/mailer.conf) || exists(/etc/mail/mailer.conf) || exists(${PKG_SYSCONFDIR}/mailer.conf)
+PKG_SUGGESTED_OPTIONS+= mailwrapper
+.endif
+
+PLIST_VARS+= mailwrapper pam
+
+.include "../../mk/bsd.options.mk"
+
+#
+# PAM support
+#
+.if !empty(PKG_OPTIONS:Mpam)
+. include "../../mk/pam.buildlink3.mk"
+
+CONFIGURE_ARGS+= --with-auth-pam=smtp
+
+EGDIR= ${PREFIX}/share/examples/${PKGBASE}
+CONF_FILES+= ${EGDIR}/pam.d/smtp \
+ ${PKG_SYSCONFDIR}/pam.d/smtp
+
+MAKE_DIRS+= ${PKG_SYSCONFDIR}/pam.d
+INSTALLATION_DIRS+= share/examples/${PKGBASE}/pam.d
+
+PLIST.pam= yes
+
+.PHONY: pam-install
+
+pam-install:
+ ${INSTALL_DATA} ${FILESDIR}/smtp.conf \
+ ${DESTDIR}${EGDIR}/pam.d/smtp
+.endif
+
+#
+# MTA symlinks
+# Create the appriopriate symbolic links to `smtpctl' if mailwrapper is
+# unavailable. This is done to accomodate clients that require historical
+# interfaces such as sendmail, newaliases or makemap.
+# The smtpctl utility can operate in compatibility mode if called with
+# the historical name.
+#
+.if !empty(PKG_OPTIONS:Mmailwrapper)
+post-install: install-aliases pam-install
+ ${INSTALL_DATA} ${WRKDIR}/mailer.conf \
+ ${DESTDIR}${EGDIR}/mailer.conf
+ ${RUN}${LN} -sf ${PREFIX}/sbin/smtpctl \
+ ${DESTDIR}${PREFIX}/libexec/opensmtpd/makemap
+
+PLIST.mailwrapper= yes
+
+.else
+
+CONFLICTS+= courier-mta-[0-9]* fastforward>=0.51nb2 sendmail-[0-9]*
+CONFLICTS+= esmtp>=1.2 nullmailer-[0-9]* postfix-[0-9]* qmail-[0-9]*
+
+post-install: install-aliases pam-install
+. for i in mailq makemap newaliases sendmail
+ ${RUN}${LN} -sf ${PREFIX}/sbin/smtpctl \
+ ${DESTDIR}${PREFIX}/sbin/${i}
+. endfor
+
+PLIST_SRC+= PLIST.nowrap
+.endif
diff --git a/opensmtpd/patches/patch-mk_smtpd_Makefile.am b/opensmtpd/patches/patch-mk_smtpd_Makefile.am
index 5021302886..2e47858c28 100644
--- a/opensmtpd/patches/patch-mk_smtpd_Makefile.am
+++ b/opensmtpd/patches/patch-mk_smtpd_Makefile.am
@@ -2,9 +2,9 @@ $NetBSD$
Install the configuration file in the example directory.
---- mk/smtpd/Makefile.am.orig 2016-02-02 07:40:06.000000000 +0000
+--- mk/smtpd/Makefile.am.orig 2023-06-27 14:04:37.000000000 +0000
+++ mk/smtpd/Makefile.am
-@@ -162,17 +162,16 @@ $(CONFIGFILES): $(CONFIGFILES_IN)
+@@ -164,19 +164,17 @@ $(CONFIGFILES): $(CONFIGFILES_IN)
# smtpd.conf
# newaliases makemap
@@ -16,6 +16,7 @@ Install the configuration file in the example directory.
+ $(MKDIR_P) $(DESTDIR)$(EXAMPLE_DIR)
$(MKDIR_P) $(DESTDIR)$(bindir)
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
+ $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)7
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- @if [ ! -f $(DESTDIR)$(sysconfdir)/smtpd.conf ]; then \
@@ -23,7 +24,8 @@ Install the configuration file in the example directory.
- else \
- echo "$(DESTDIR)$(sysconfdir)/smtpd.conf already exists, install will not overwrite"; \
- fi
-+ $(INSTALL) -m 644 smtpd.conf.out $(DESTDIR)$(EXAMPLE_DIR)/smtpd.conf
-
+-
++ $(INSTALL) -m 644 smtpd.conf.out $(DESTDIR)$(EXAMPLE_DIR)/smtpd.conf
$(INSTALL) -m 644 aliases.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/aliases.5
$(INSTALL) -m 644 forward.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/forward.5
+ $(INSTALL) -m 644 table.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/table.5
diff --git a/opensmtpd/patches/patch-openbsd-compat_imsg-buffer.c b/opensmtpd/patches/patch-openbsd-compat_imsg-buffer.c
index 23e09b6c46..b791f4faac 100644
--- a/opensmtpd/patches/patch-openbsd-compat_imsg-buffer.c
+++ b/opensmtpd/patches/patch-openbsd-compat_imsg-buffer.c
@@ -2,7 +2,7 @@ $NetBSD$
Fix build on SmartOS
---- openbsd-compat/imsg-buffer.c.orig 2020-05-21 19:06:04.000000000 +0000
+--- openbsd-compat/imsg-buffer.c.orig 2023-06-27 14:04:38.000000000 +0000
+++ openbsd-compat/imsg-buffer.c
@@ -16,6 +16,15 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
@@ -19,13 +19,4 @@ Fix build on SmartOS
+
#include "includes.h"
- #include <sys/param.h>
-@@ -26,7 +35,7 @@
- #include <errno.h>
- #include <stdlib.h>
- #include <string.h>
--#ifndef HAVE_EXPLICIT_BZERO
-+#if defined (HAVE_EXPLICIT_BZERO) || (defined(sun) || defined(__sun))
- #include <strings.h>
- #endif
- #include <unistd.h>
+ #include <sys/types.h>
diff --git a/opensmtpd/patches/patch-openbsd-compat_imsg.c b/opensmtpd/patches/patch-openbsd-compat_imsg.c
index 6e101443e3..b9a1b9f820 100644
--- a/opensmtpd/patches/patch-openbsd-compat_imsg.c
+++ b/opensmtpd/patches/patch-openbsd-compat_imsg.c
@@ -2,7 +2,7 @@ $NetBSD$
Fix build on SmartOS
---- openbsd-compat/imsg.c.orig 2020-05-21 19:06:04.000000000 +0000
+--- openbsd-compat/imsg.c.orig 2023-06-27 14:04:38.000000000 +0000
+++ openbsd-compat/imsg.c
@@ -16,6 +16,15 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
@@ -19,13 +19,4 @@ Fix build on SmartOS
+
#include "includes.h"
- #include <sys/param.h>
-@@ -26,7 +35,7 @@
- #include <errno.h>
- #include <stdlib.h>
- #include <string.h>
--#ifndef HAVE_EXPLICIT_BZERO
-+#if !defined (HAVE_EXPLICIT_BZERO) || (defined(sun) || defined(__sun))
- #include <strings.h>
- #endif
- #include <unistd.h>
+ #include <sys/types.h>
diff --git a/opensmtpd/patches/patch-smtpd_proxy.c b/opensmtpd/patches/patch-smtpd_proxy.c
deleted file mode 100644
index 93689a01ed..0000000000
--- a/opensmtpd/patches/patch-smtpd_proxy.c
+++ /dev/null
@@ -1,32 +0,0 @@
-$NetBSD$
-
-Rename local variables to avoid name clash on SmartOS.
-
---- usr.sbin/smtpd/proxy.c.orig 2020-05-21 19:06:04.000000000 +0000
-+++ usr.sbin/smtpd/proxy.c
-@@ -341,7 +341,7 @@ proxy_translate_ss(struct proxy_session
- {
- struct sockaddr_in *sin = (struct sockaddr_in *) &s->ss;
- struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) &s->ss;
-- struct sockaddr_un *sun = (struct sockaddr_un *) &s->ss;
-+ struct sockaddr_un *lsun = (struct sockaddr_un *) &s->ss;
- size_t sun_len;
-
- switch (s->hdr.fam) {
-@@ -370,13 +370,13 @@ proxy_translate_ss(struct proxy_session
- memset(&s->ss, 0, sizeof(s->ss));
- sun_len = strnlen(s->addr.un.src_addr,
- sizeof(s->addr.un.src_addr));
-- if (sun_len > sizeof(sun->sun_path)) {
-+ if (sun_len > sizeof(lsun->sun_path)) {
- proxy_error(s, "address translation", "Unix socket path"
- " longer than supported");
- return (-1);
- }
-- sun->sun_family = AF_UNIX;
-- memcpy(sun->sun_path, s->addr.un.src_addr, sun_len);
-+ lsun->sun_family = AF_UNIX;
-+ memcpy(lsun->sun_path, s->addr.un.src_addr, sun_len);
- break;
-
- default:
diff --git a/opensmtpd/patches/patch-smtpd_smtp__session.c b/opensmtpd/patches/patch-smtpd_smtp__session.c
deleted file mode 100644
index af2df30103..0000000000
--- a/opensmtpd/patches/patch-smtpd_smtp__session.c
+++ /dev/null
@@ -1,64 +0,0 @@
-$NetBSD$
-
-Add a patch to handle long usernames during SMTP authentication,
-e.g. often username exceeds the limit when it contains @host.name
-part.
-
-From FreeBSD's ports.
-
-cf.http://svnweb.freebsd.org/ports?view=revision&revision=394424
-
-For update 6.7.1p1:
-Removed hunk to increase buffersize to LOGIN_NAME_MAX+HOST_NAME_MAX+1,
-this was already increased upstream to SMTPD_MAXMAILADDRSIZE.
-
---- usr.sbin/smtpd/smtp_session.c.orig 2020-05-21 19:06:04.000000000 +0000
-+++ usr.sbin/smtpd/smtp_session.c
-@@ -84,6 +84,7 @@ enum {
- TX_ERROR_ENVELOPE,
- TX_ERROR_SIZE,
- TX_ERROR_IO,
-+ SF_USERTOOLONG = 0x0400,
- TX_ERROR_LOOP,
- TX_ERROR_MALFORMED,
- TX_ERROR_RESOURCES,
-@@ -970,6 +971,15 @@ smtp_session_imsg(struct mproc *p, struc
-
- s = tree_xpop(&wait_parent_auth, reqid);
- strnvis(user, s->username, sizeof user, VIS_WHITE | VIS_SAFE);
-+
-+ if (s->flags & SF_USERTOOLONG) {
-+ log_info("smtp-in: sesson %016"PRIx64
-+ ": auth failed because username too long",
-+ s->id);
-+ s->flags &= (~SF_USERTOOLONG);
-+ success = LKA_PERMFAIL;
-+ }
-+
- if (success == LKA_OK) {
- log_info("%016"PRIx64" smtp "
- "authentication user=%s "
-@@ -1967,7 +1977,7 @@ smtp_rfc4954_auth_plain(struct smtp_sess
- user++; /* skip NUL */
- if (strlcpy(s->username, user, sizeof(s->username))
- >= sizeof(s->username))
-- goto abort;
-+ s->flags |= SF_USERTOOLONG;
-
- pass = memchr(user, '\0', len - (user - buf));
- if (pass == NULL || pass >= buf + len - 2)
-@@ -2011,9 +2021,12 @@ smtp_rfc4954_auth_login(struct smtp_sess
-
- case STATE_AUTH_USERNAME:
- memset(s->username, 0, sizeof(s->username));
-- if (base64_decode(arg, (unsigned char *)s->username,
-- sizeof(s->username) - 1) == -1)
-+ if (base64_decode(arg, (unsigned char *)buf,
-+ sizeof(buf) - 1) == -1)
- goto abort;
-+ if (strlcpy(s->username, buf, sizeof(s->username))
-+ >= sizeof(s->username))
-+ s->flags |= SF_USERTOOLONG;
-
- smtp_enter_state(s, STATE_AUTH_PASSWORD);
- smtp_reply(s, "334 UGFzc3dvcmQ6");
diff --git a/opensmtpd/patches/patch-usr.sbin_smtpd_proxy.c b/opensmtpd/patches/patch-usr.sbin_smtpd_proxy.c
new file mode 100644
index 0000000000..93689a01ed
--- /dev/null
+++ b/opensmtpd/patches/patch-usr.sbin_smtpd_proxy.c
@@ -0,0 +1,32 @@
+$NetBSD$
+
+Rename local variables to avoid name clash on SmartOS.
+
+--- usr.sbin/smtpd/proxy.c.orig 2020-05-21 19:06:04.000000000 +0000
++++ usr.sbin/smtpd/proxy.c
+@@ -341,7 +341,7 @@ proxy_translate_ss(struct proxy_session
+ {
+ struct sockaddr_in *sin = (struct sockaddr_in *) &s->ss;
+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) &s->ss;
+- struct sockaddr_un *sun = (struct sockaddr_un *) &s->ss;
++ struct sockaddr_un *lsun = (struct sockaddr_un *) &s->ss;
+ size_t sun_len;
+
+ switch (s->hdr.fam) {
+@@ -370,13 +370,13 @@ proxy_translate_ss(struct proxy_session
+ memset(&s->ss, 0, sizeof(s->ss));
+ sun_len = strnlen(s->addr.un.src_addr,
+ sizeof(s->addr.un.src_addr));
+- if (sun_len > sizeof(sun->sun_path)) {
++ if (sun_len > sizeof(lsun->sun_path)) {
+ proxy_error(s, "address translation", "Unix socket path"
+ " longer than supported");
+ return (-1);
+ }
+- sun->sun_family = AF_UNIX;
+- memcpy(sun->sun_path, s->addr.un.src_addr, sun_len);
++ lsun->sun_family = AF_UNIX;
++ memcpy(lsun->sun_path, s->addr.un.src_addr, sun_len);
+ break;
+
+ default:
diff --git a/opensmtpd/patches/patch-usr.sbin_smtpd_queue__fs.c b/opensmtpd/patches/patch-usr.sbin_smtpd_queue__fs.c
index c74423def7..810c3aac1e 100644
--- a/opensmtpd/patches/patch-usr.sbin_smtpd_queue__fs.c
+++ b/opensmtpd/patches/patch-usr.sbin_smtpd_queue__fs.c
@@ -1,5 +1,7 @@
$NetBSD$
+Fix build on DragonFly
+
--- usr.sbin/smtpd/queue_fs.c.orig 2020-12-24 13:42:14.000000000 +0000
+++ usr.sbin/smtpd/queue_fs.c
@@ -16,6 +16,17 @@
diff --git a/opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c b/opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c
new file mode 100644
index 0000000000..af2df30103
--- /dev/null
+++ b/opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c
@@ -0,0 +1,64 @@
+$NetBSD$
+
+Add a patch to handle long usernames during SMTP authentication,
+e.g. often username exceeds the limit when it contains @host.name
+part.
+
+From FreeBSD's ports.
+
+cf.http://svnweb.freebsd.org/ports?view=revision&revision=394424
+
+For update 6.7.1p1:
+Removed hunk to increase buffersize to LOGIN_NAME_MAX+HOST_NAME_MAX+1,
+this was already increased upstream to SMTPD_MAXMAILADDRSIZE.
+
+--- usr.sbin/smtpd/smtp_session.c.orig 2020-05-21 19:06:04.000000000 +0000
++++ usr.sbin/smtpd/smtp_session.c
+@@ -84,6 +84,7 @@ enum {
+ TX_ERROR_ENVELOPE,
+ TX_ERROR_SIZE,
+ TX_ERROR_IO,
++ SF_USERTOOLONG = 0x0400,
+ TX_ERROR_LOOP,
+ TX_ERROR_MALFORMED,
+ TX_ERROR_RESOURCES,
+@@ -970,6 +971,15 @@ smtp_session_imsg(struct mproc *p, struc
+
+ s = tree_xpop(&wait_parent_auth, reqid);
+ strnvis(user, s->username, sizeof user, VIS_WHITE | VIS_SAFE);
++
++ if (s->flags & SF_USERTOOLONG) {
++ log_info("smtp-in: sesson %016"PRIx64
++ ": auth failed because username too long",
++ s->id);
++ s->flags &= (~SF_USERTOOLONG);
++ success = LKA_PERMFAIL;
++ }
++
+ if (success == LKA_OK) {
+ log_info("%016"PRIx64" smtp "
+ "authentication user=%s "
+@@ -1967,7 +1977,7 @@ smtp_rfc4954_auth_plain(struct smtp_sess
+ user++; /* skip NUL */
+ if (strlcpy(s->username, user, sizeof(s->username))
+ >= sizeof(s->username))
+- goto abort;
++ s->flags |= SF_USERTOOLONG;
+
+ pass = memchr(user, '\0', len - (user - buf));
+ if (pass == NULL || pass >= buf + len - 2)
+@@ -2011,9 +2021,12 @@ smtp_rfc4954_auth_login(struct smtp_sess
+
+ case STATE_AUTH_USERNAME:
+ memset(s->username, 0, sizeof(s->username));
+- if (base64_decode(arg, (unsigned char *)s->username,
+- sizeof(s->username) - 1) == -1)
++ if (base64_decode(arg, (unsigned char *)buf,
++ sizeof(buf) - 1) == -1)
+ goto abort;
++ if (strlcpy(s->username, buf, sizeof(s->username))
++ >= sizeof(s->username))
++ s->flags |= SF_USERTOOLONG;
+
+ smtp_enter_state(s, STATE_AUTH_PASSWORD);
+ smtp_reply(s, "334 UGFzc3dvcmQ6");
Home |
Main Index |
Thread Index |
Old Index