mail-mta/sendmail: fix openssl 1.1.x compatibility
authorHans de Graaff <graaff@gentoo.org>
Mon, 15 Jul 2019 05:09:51 +0000 (07:09 +0200)
committerHans de Graaff <graaff@gentoo.org>
Mon, 15 Jul 2019 05:10:38 +0000 (07:10 +0200)
Patch provided by Attila Tóth.

Fixes: https://bugs.gentoo.org/673986
Signed-off-by: Hans de Graaff <graaff@gentoo.org>
Package-Manager: Portage-2.3.66, Repoman-2.3.11

mail-mta/sendmail/files/sendmail-8.15.2-openssl-1.1.0-fix.patch [new file with mode: 0644]
mail-mta/sendmail/sendmail-8.15.2-r1.ebuild [new file with mode: 0644]

diff --git a/mail-mta/sendmail/files/sendmail-8.15.2-openssl-1.1.0-fix.patch b/mail-mta/sendmail/files/sendmail-8.15.2-openssl-1.1.0-fix.patch
new file mode 100644 (file)
index 0000000..54a6754
--- /dev/null
@@ -0,0 +1,182 @@
+--- sendmail-8.15.2.orig/sendmail/tls.c        2016-12-01 15:20:59.953546417 +0100
++++ sendmail-8.15.2.orig/sendmail/tls.c        2016-12-01 17:26:43.868521378 +0100
+@@ -63,14 +63,28 @@ static unsigned char dh512_g[] =
+ static DH *
+ get_dh512()
+ {
+-      DH *dh = NULL;
++      DH *dh;
++      BIGNUM *p, *g;
+       if ((dh = DH_new()) == NULL)
+               return NULL;
+-      dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+-      dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+-      if ((dh->p == NULL) || (dh->g == NULL))
++      p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
++      g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
++      if (p == NULL || g == NULL)
++      {
++              BN_free(p);
++              BN_free(g);
++              DH_free(dh);
+               return NULL;
++      }
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++      DH_set0_pqg(dh, p, NULL, g);
++#else
++      dh->p = p;
++      dh->g = g;
++#endif
++
+       return dh;
+ }
+@@ -117,16 +131,27 @@ get_dh2048()
+               };
+       static unsigned char dh2048_g[]={ 0x02, };
+       DH *dh;
++      BIGNUM *p, *g;
+       if ((dh=DH_new()) == NULL)
+               return(NULL);
+-      dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+-      dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+-      if ((dh->p == NULL) || (dh->g == NULL))
++      p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
++      g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
++      if (p == NULL || g == NULL)
+       {
++              BN_free(p);
++              BN_free(g);
+               DH_free(dh);
+-              return(NULL);
++              return NULL;
+       }
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++      DH_set0_pqg(dh, p, NULL, g);
++#else
++      dh->p = p;
++      dh->g = g;
++#endif
++
+       return(dh);
+ }
+ # endif /* !NO_DH */
+@@ -715,6 +740,54 @@ static char server_session_id_context[]
+ # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG      0
+ #endif
++static RSA *
++generate_rsa_key(bits, e)
++      int bits;
++      unsigned long e;
++{
++#if OPENSSL_VERSION_NUMBER < 0x00908000L
++      return RSA_generate_key(bits, e, NULL, NULL);
++#else
++      BIGNUM *bne;
++      RSA *rsa = NULL;
++
++      bne = BN_new();
++      if (bne && BN_set_word(bne, e) != 1)
++              rsa = RSA_new();
++      if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1)
++      {
++              RSA_free(rsa);
++              rsa = NULL;
++      }
++      BN_free(bne);
++      return rsa;
++#endif
++}
++
++static DSA *
++generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret)
++      int bits;
++      unsigned char *seed;
++      int seed_len;
++      int *counter_ret;
++      unsigned long *h_ret;
++{
++#if OPENSSL_VERSION_NUMBER < 0x00908000L
++      return DSA_generate_parameters(bits, seed, seed_len, counter_ret,
++                                     h_ret, NULL, NULL);
++#else
++      DSA *dsa = DSA_new();
++
++      if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len,
++                                            counter_ret, h_ret, NULL) != 1)
++      {
++              DSA_free(dsa);
++              dsa = NULL;
++      }
++      return dsa;
++#endif
++}
++
+ bool
+ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
+       SSL_CTX **ctx;
+@@ -926,7 +999,7 @@ inittls(ctx, req, options, srv, certfile
+       {
+               /* get a pointer to the current certificate validation store */
+               store = SSL_CTX_get_cert_store(*ctx);   /* does not fail */
+-              crl_file = BIO_new(BIO_s_file_internal());
++              crl_file = BIO_new(BIO_s_file());
+               if (crl_file != NULL)
+               {
+                       if (BIO_read_filename(crl_file, CRLFile) >= 0)
+@@ -1003,8 +1076,7 @@ inittls(ctx, req, options, srv, certfile
+       if (bitset(TLS_I_RSA_TMP, req)
+ #  if SM_CONF_SHM
+           && ShmId != SM_SHM_NO_ID &&
+-          (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
+-                                      NULL)) == NULL
++          (rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL
+ #  else /* SM_CONF_SHM */
+           && 0        /* no shared memory: no need to generate key now */
+ #  endif /* SM_CONF_SHM */
+@@ -1210,8 +1282,8 @@ inittls(ctx, req, options, srv, certfile
+                               sm_dprintf("inittls: Generating %d bit DH parameters\n", bits);
+                       /* this takes a while! */
+-                      dsa = DSA_generate_parameters(bits, NULL, 0, NULL,
+-                                                    NULL, 0, NULL);
++                      dsa = generate_dsa_parameters(bits, NULL, 0, NULL,
++                                                    NULL);
+                       dh = DSA_dup_DH(dsa);
+                       DSA_free(dsa);
+               }
+@@ -1747,7 +1819,7 @@ tmp_rsa_key(s, export, keylength)
+       if (rsa_tmp != NULL)
+               RSA_free(rsa_tmp);
+-      rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL);
++      rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4);
+       if (rsa_tmp == NULL)
+       {
+               if (LogLevel > 0)
+@@ -1974,11 +2046,20 @@ x509_verify_cb(ok, ctx)
+       {
+               if (LogLevel > 13)
+                       tls_verify_log(ok, ctx, "x509");
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++              if (X509_STORE_CTX_get_error(ctx) ==
++                  X509_V_ERR_UNABLE_TO_GET_CRL)
++              {
++                      X509_STORE_CTX_set_error(ctx, 0);
++                      return 1;       /* override it */
++              }
++#else
+               if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL)
+               {
+                       ctx->error = 0;
+                       return 1;       /* override it */
+               }
++#endif
+       }
+       return ok;
+ }
diff --git a/mail-mta/sendmail/sendmail-8.15.2-r1.ebuild b/mail-mta/sendmail/sendmail-8.15.2-r1.ebuild
new file mode 100644 (file)
index 0000000..b4933bf
--- /dev/null
@@ -0,0 +1,207 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit multilib systemd toolchain-funcs user
+
+DESCRIPTION="Widely-used Mail Transport Agent (MTA)"
+HOMEPAGE="http://www.sendmail.org/"
+SRC_URI="ftp://ftp.sendmail.org/pub/${PN}/${PN}.${PV}.tar.gz"
+
+LICENSE="Sendmail GPL-2" # GPL-2 is here for initscript
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ssl ldap libressl sasl tcpd mbox ipv6 nis sockets"
+
+DEPEND="net-mail/mailbase
+       sys-devel/m4
+       sasl? ( >=dev-libs/cyrus-sasl-2.1.10 )
+       tcpd? ( sys-apps/tcp-wrappers )
+       ssl? (
+               !libressl? ( dev-libs/openssl:0= )
+               libressl? ( dev-libs/libressl:= )
+       )
+       ldap? ( net-nds/openldap )
+       >=sys-libs/db-3.2
+       !net-mail/vacation
+       "
+RDEPEND="${DEPEND}
+       >=net-mail/mailbase-0.00
+       !mail-mta/courier
+       !mail-mta/esmtp
+       !mail-mta/exim
+       !mail-mta/mini-qmail
+       !mail-mta/msmtp[mta]
+       !mail-mta/netqmail
+       !mail-mta/nullmailer
+       !mail-mta/postfix
+       !mail-mta/opensmtpd
+       !mail-mta/qmail-ldap
+       !<mail-mta/ssmtp-2.64-r2
+       !>=mail-mta/ssmtp-2.64-r2[mta]"
+
+PDEPEND="!mbox? ( mail-filter/procmail )"
+
+# libmilter library is part of sendmail, but it does not share the version number with it.
+# In order to find the right libmilter version number, check SMFI_VERSION definition
+# that can be found in ${S}/include/libmilter/mfapi.h (see also SM_LM_VRS_* defines).
+# For example, version 1.0.1 has a SMFI_VERSION of 0x01000001.
+LIBMILTER_VER=1.0.2
+
+pkg_setup() {
+       enewgroup smmsp 209
+       enewuser smmsp 209 -1 /var/spool/mqueue smmsp
+}
+
+src_prepare() {
+       eapply "${FILESDIR}"/"${PN}"-8.14.6-build-system.patch
+       eapply -p0 "${FILESDIR}"/sendmail-delivered_hdr.patch
+       eapply "${FILESDIR}"/libmilter-sharedlib.patch
+       eapply -p0 "${FILESDIR}"/sendmail-starttls-multi-crl.patch
+       eapply "${FILESDIR}"/${P}-openssl-1.1.0-fix.patch
+
+       local confCC="$(tc-getCC)"
+       local confCCOPTS="${CFLAGS}"
+       local confLDOPTS="${LDFLAGS}"
+       local confMAPDEF="-DMAP_REGEX"
+       local conf_sendmail_LIBS=""
+       use sasl && confLIBS="${confLIBS} -lsasl2"  \
+               && confENVDEF="${confENVDEF} -DSASL=2" \
+               && confCCOPTS="${confCCOPTS} -I/usr/include/sasl" \
+               && conf_sendmail_LIBS="${conf_sendmail_LIBS} -lsasl2"
+       use tcpd && confENVDEF="${confENVDEF} -DTCPWRAPPERS" \
+               && confLIBS="${confLIBS} -lwrap"
+       use ssl && confENVDEF="${confENVDEF} -DSTARTTLS -D_FFR_DEAL_WITH_ERROR_SSL" \
+               && confENVDEF="${confENVDEF} -D_FFR_TLS_1" \
+               && confLIBS="${confLIBS} -lssl -lcrypto" \
+               && conf_sendmail_LIBS="${conf_sendmail_LIBS} -lssl -lcrypto"
+       use ldap && confMAPDEF="${confMAPDEF} -DLDAPMAP" \
+               && confLIBS="${confLIBS} -lldap -llber"
+       use ipv6 && confENVDEF="${confENVDEF} -DNETINET6"
+       use nis && confENVDEF="${confENVDEF} -DNIS"
+       use sockets && confENVDEF="${confENVDEF} -DSOCKETMAP"
+       sed -e "s:@@confCCOPTS@@:${confCCOPTS}:" \
+               -e "s/@@confLDOPTS@@/${confLDOPTS}/" \
+               -e "s/@@confCC@@/${confCC}/" \
+               -e "s/@@confMAPDEF@@/${confMAPDEF}/" \
+               -e "s/@@confENVDEF@@/${confENVDEF}/" \
+               -e "s/@@confLIBS@@/${confLIBS}/" \
+               -e "s/@@conf_sendmail_LIBS@@/${conf_sendmail_LIBS}/" \
+               "${FILESDIR}"/site.config.m4 > devtools/Site/site.config.m4
+
+       eapply_user
+}
+
+src_compile() {
+       sh Build AR="$(tc-getAR)" RANLIB="$(tc-getRANLIB)" || die "compilation failed in main Build script"
+       pushd libmilter
+       sh Build AR="$(tc-getAR)" RANLIB="$(tc-getRANLIB)" MILTER_SOVER=${LIBMILTER_VER} || die "libmilter compilation failed"
+       popd
+}
+
+src_install () {
+       local MY_LIBDIR=/usr/$(get_libdir)
+       local MY_OBJDIR="obj.`uname -s`.`uname -r`.`uname -m`"
+       dodir /usr/bin ${MY_LIBDIR} /usr/include/libmilter
+       dodir /usr/share/man/man{1,5,8} /usr/sbin /var/log /usr/share/sendmail-cf
+       dodir /var/spool/{mqueue,clientmqueue} /etc/conf.d
+       keepdir /var/spool/{clientmqueue,mqueue}
+       for dir in libsmutil sendmail mailstats praliases smrsh makemap vacation editmap
+       do
+               make DESTDIR="${D}" LIBDIR="${MY_LIBDIR}" MANROOT=/usr/share/man/man \
+                       SBINOWN=root SBINGRP=root UBINOWN=root UBINGRP=root \
+                       MANOWN=root MANGRP=root INCOWN=root INCGRP=root \
+                       LIBOWN=root LIBGRP=root GBINOWN=root GBINGRP=root \
+                       MSPQOWN=root CFOWN=root CFGRP=root \
+                       install -C "${MY_OBJDIR}/${dir}" \
+                       || die "install failed"
+       done
+       for dir in rmail mail.local
+       do
+               make DESTDIR="${D}" LIBDIR="${MY_LIBDIR}" MANROOT=/usr/share/man/man \
+                       SBINOWN=root SBINGRP=root UBINOWN=root UBINGRP=root \
+                       MANOWN=root MANGRP=root INCOWN=root INCGRP=root \
+                       LIBOWN=root LIBGRP=root GBINOWN=root GBINGRP=root \
+                       MSPQOWN=root CFOWN=root CFGRP=root \
+                       force-install -C "${MY_OBJDIR}/${dir}" \
+                       || die "install failed"
+       done
+
+       make DESTDIR="${D}" LIBDIR="${MY_LIBDIR}" MANROOT=/usr/share/man/man \
+               SBINOWN=root SBINGRP=root UBINOWN=root UBINGRP=root \
+               MANOWN=root MANGRP=root INCOWN=root INCGRP=root \
+               LIBOWN=root LIBGRP=root GBINOWN=root GBINGRP=root \
+               MSPQOWN=root CFOWN=root CFGRP=root \
+               MILTER_SOVER=${LIBMILTER_VER} \
+               install -C "${MY_OBJDIR}/libmilter" \
+               || die "install failed"
+
+       fowners root:smmsp /usr/sbin/sendmail
+       fperms 2555 /usr/sbin/sendmail
+       fowners smmsp:smmsp /var/spool/clientmqueue
+       fperms 770 /var/spool/clientmqueue
+       fperms 700 /var/spool/mqueue
+       dosym /usr/sbin/makemap /usr/bin/makemap
+       dodoc FAQ KNOWNBUGS README RELEASE_NOTES doc/op/op.ps
+       newdoc sendmail/README README.sendmail
+       newdoc sendmail/SECURITY SECURITY
+       newdoc sendmail/TUNING TUNING
+       newdoc smrsh/README README.smrsh
+       newdoc libmilter/README README.libmilter
+
+       newdoc cf/README README.cf
+       newdoc cf/cf/README README.install-cf
+       cp -pPR cf/* "${D}"/usr/share/sendmail-cf
+
+       docinto contrib
+       dodoc contrib/*
+
+       insinto /etc/mail
+       if use mbox
+       then
+               newins "${FILESDIR}"/sendmail.mc-r1 sendmail.mc
+       else
+               newins "${FILESDIR}"/sendmail-procmail.mc sendmail.mc
+       fi
+       m4 "${D}"/usr/share/sendmail-cf/m4/cf.m4 "${D}"/etc/mail/sendmail.mc \
+               > "${D}"/etc/mail/sendmail.cf
+       echo "include(\`/usr/share/sendmail-cf/m4/cf.m4')dnl" \
+               > "${D}"/etc/mail/submit.mc
+       cat "${D}"/usr/share/sendmail-cf/cf/submit.mc >> "${D}"/etc/mail/submit.mc
+       echo "# local-host-names - include all aliases for your machine here" \
+               > "${D}"/etc/mail/local-host-names
+       cat <<- EOF > "${D}"/etc/mail/trusted-users
+               # trusted-users - users that can send mail as others without a warning
+               # apache, mailman, majordomo, uucp are good candidates
+       EOF
+       cat <<- EOF > "${D}"/etc/mail/access
+               # Check the /usr/share/doc/sendmail/README.cf file for a description
+               # of the format of this file. (search for access_db in that file)
+               # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
+               # package.
+               #
+
+       EOF
+       cat <<- EOF > "${D}"/etc/conf.d/sendmail
+               # Config file for /etc/init.d/sendmail
+               # add start-up options here
+               SENDMAIL_OPTS="-bd -q30m -L sm-mta" # default daemon mode
+               CLIENTMQUEUE_OPTS="-Ac -q30m -L sm-cm" # clientmqueue
+               KILL_OPTS="" # add -9/-15/your favorite evil SIG level here
+
+       EOF
+       if use sasl; then
+               dodir /etc/sasl2
+               cat <<- EOF > "${D}"/etc/sasl2/Sendmail.conf
+               pwcheck_method: saslauthd
+               mech_list: PLAIN LOGIN
+
+               EOF
+       fi
+
+       doinitd "${FILESDIR}"/sendmail
+       systemd_dounit "${FILESDIR}"/sendmail.service
+       systemd_dounit "${FILESDIR}"/sm-client.service
+
+       keepdir /usr/adm/sm.bin
+}