From bccf2ea2f117c28889359760444e1740e96b7f97 Mon Sep 17 00:00:00 2001 From: Eray Aslan Date: Thu, 9 Apr 2020 17:07:45 +0300 Subject: [PATCH] net-mail/cyrus-imapd: security bump to 3.0.13 also fixes building with new versions of libcap and gcc-10 Closes: https://bugs.gentoo.org/713728 Closes: https://bugs.gentoo.org/713502 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Eray Aslan --- net-mail/cyrus-imapd/Manifest | 1 + .../cyrus-imapd/cyrus-imapd-3.0.13.ebuild | 230 ++++++++++++++++++ .../files/cyrus-imapd-libcap.patch | 64 +++++ net-mail/cyrus-imapd/metadata.xml | 2 +- 4 files changed, 296 insertions(+), 1 deletion(-) create mode 100644 net-mail/cyrus-imapd/cyrus-imapd-3.0.13.ebuild create mode 100644 net-mail/cyrus-imapd/files/cyrus-imapd-libcap.patch diff --git a/net-mail/cyrus-imapd/Manifest b/net-mail/cyrus-imapd/Manifest index cfb8cb572cda..7449e34e203b 100644 --- a/net-mail/cyrus-imapd/Manifest +++ b/net-mail/cyrus-imapd/Manifest @@ -1,2 +1,3 @@ DIST cyrus-imapd-3.0.10.tar.gz 10766263 BLAKE2B 366a8f524849d2173b8ea836e9f239ae20295dd435594af17d4c4682e7e672bc92c9f1bb0a60d7f7dce638beb94954f20906f9454b33830d2dcabb956ebd558a SHA512 1ae153a8f181bbe020326bec2dc177b78ef3c442f94e24e89b7a719298d93701006596dd21fa1c3a40afd75f01162b03524cf793dd7438ec7192f9a13f7614d0 DIST cyrus-imapd-3.0.11.tar.gz 10797507 BLAKE2B ac62c11e50b6d92c17056a050f3adcfdeb055930a8568873f65c14a131a04223929c00679265ab7b96a056d7642f93f484ac75b136a9d09c0fa5e0dba0e89a06 SHA512 058efc2e462729b79e431e1b5dab1addfe737aeec8b686698cd2270748275028ca5722ed3960fcd680a0393027ee1b1d7dff65872dd1d8349a3f933e81227e48 +DIST cyrus-imapd-3.0.13.tar.gz 10840005 BLAKE2B f4790837a198673b42d553bc7cbc825456ff5a3d1d14ff382ca0f40252d09eb355f92c2020c0a974cc99eda9af4323a3a5b9428375288bf8892dfba35602da4e SHA512 5cd066916797efb975cdb97720f65edc72d3fe82afbd78a26aa8369d95ae4ca09c0593dd4bec5521156c64ea38af7a13065f3b35447a76267dec93feb0ac6ac6 diff --git a/net-mail/cyrus-imapd/cyrus-imapd-3.0.13.ebuild b/net-mail/cyrus-imapd/cyrus-imapd-3.0.13.ebuild new file mode 100644 index 000000000000..2ba848e86250 --- /dev/null +++ b/net-mail/cyrus-imapd/cyrus-imapd-3.0.13.ebuild @@ -0,0 +1,230 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +inherit autotools flag-o-matic pam ssl-cert + +DESCRIPTION="The Cyrus IMAP Server" +HOMEPAGE="https://www.cyrusimap.org/" +SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz" + +LICENSE="BSD-with-attribution GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="afs backup calalarm caps clamav http kerberos ldap lmdb \ + mysql nntp pam perl postgres replication +server sieve snmp \ + sqlite ssl static-libs tcpd test xapian" +RESTRICT="!test? ( test )" + +CDEPEND=" + sys-libs/zlib:0= + dev-libs/libpcre:3 + >=dev-libs/cyrus-sasl-2.1.13:2 + dev-libs/jansson + dev-libs/icu:0= + sys-libs/e2fsprogs-libs + afs? ( net-fs/openafs ) + calalarm? ( dev-libs/libical:0= ) + caps? ( sys-libs/libcap ) + clamav? ( app-antivirus/clamav ) + http? ( dev-libs/libxml2:2 dev-libs/libical:0= net-libs/nghttp2 ) + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap ) + lmdb? ( dev-db/lmdb:0= ) + mysql? ( dev-db/mysql-connector-c:0= ) + nntp? ( !net-nntp/leafnode ) + pam? ( + sys-libs/pam + >=net-mail/mailbase-1 + ) + perl? ( dev-lang/perl:= ) + postgres? ( dev-db/postgresql:* ) + snmp? ( >=net-analyzer/net-snmp-5.2.2-r1:0= ) + ssl? ( >=dev-libs/openssl-1.0.1e:0=[-bindist] ) + sqlite? ( dev-db/sqlite:3 ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 + snmp? ( net-analyzer/net-snmp:0=[tcpd=] ) + ) + xapian? ( >=dev-libs/xapian-1.4.0:0= ) +" +DEPEND="${CDEPEND} + test? ( dev-util/cunit ) +" + +# all blockers really needed? +# file collision with app-arch/dump - bug 619584 +RDEPEND="${CDEPEND} + acct-group/mail + acct-user/cyrus + !mail-mta/courier + !net-mail/bincimap + !net-mail/courier-imap + !net-mail/uw-imap + !app-arch/dump +" + +REQUIRED_USE=" + afs? ( kerberos ) + backup? ( sqlite ) + calalarm? ( http ) + http? ( sqlite ) +" + +# https://bugs.gentoo.org/678754 +# TODO: check underlinking for other libraries +PATCHES=( + "${FILESDIR}/cyrus-imapd-libcap-libs-r1.patch" + "${FILESDIR}/cyrus-imapd-libcap.patch" + ) + +pkg_setup() { + # https://bugs.gentoo.org/604466 + append-ldflags $(no-as-needed) +} + +src_prepare() { + default + # Fix master(8)->cyrusmaster(8) manpage. + for i in `grep -rl -e 'master\.8' -e 'master(8)' "${S}"` ; do + sed -i -e 's:master\.8:cyrusmaster.8:g' \ + -e 's:master(8):cyrusmaster(8):g' \ + "${i}" || die "sed failed" || die "sed failed" + done + mv man/master.8 man/cyrusmaster.8 || die "mv failed" + sed -i -e "s:MASTER:CYRUSMASTER:g" \ + -e "s:Master:Cyrusmaster:g" \ + -e "s:master:cyrusmaster:g" \ + man/cyrusmaster.8 || die "sed failed" + + # lock.h to afs/lock.h + sed -i -e '/lock.h/s:lock.h:afs/lock.h:' \ + ptclient/afskrb.c || die + + eautoreconf +} + +src_configure() { + local myconf + if use afs ; then + myconf+=" --with-afs-libdir=/usr/$(get_libdir)" + myconf+=" --with-afs-incdir=/usr/include/afs" + fi + # sphinx is unmaintained and dead, bug #662944 + econf \ + --enable-unit-tests \ + --enable-murder \ + --enable-idled \ + --enable-event-notification \ + --enable-autocreate \ + --enable-pcre \ + --with-com_err \ + --with-cyrus-user=cyrus \ + --with-sasl \ + --without-krb \ + --without-krbdes \ + --disable-sphinx \ + --enable-squat \ + --with-zlib \ + $(use_enable afs) \ + $(use_enable afs krb5afspts) \ + $(use_enable backup) \ + $(use_enable calalarm calalarmd) \ + $(use_with caps libcap) \ + $(use_with clamav) \ + $(use_enable nntp) \ + $(use_enable http) \ + $(use_with http nghttp2) \ + $(use_enable replication) \ + $(use_enable kerberos gssapi) \ + $(use_with ldap) \ + $(use_with lmdb) \ + $(use_with mysql) \ + $(use_with postgres pgsql) \ + $(use_with perl) \ + $(use_with sqlite) \ + $(use_with ssl openssl) \ + $(use_enable server) \ + $(use_enable sieve) \ + $(use_with snmp) \ + $(use_enable static-libs static) \ + $(use_with tcpd libwrap) \ + $(use_enable xapian) \ + ${myconf} +} + +src_install() { + emake DESTDIR="${D}" INSTALLDIRS=vendor install + + dodoc README* + dodoc -r doc + cp -r contrib tools "${D}/usr/share/doc/${PF}" + rm -f doc/text/Makefile* + + mv "${D}"/usr/libexec/{master,cyrusmaster} || die + + insinto /etc + newins "${D}/usr/share/doc/${PF}/doc/examples/cyrus_conf/normal.conf" cyrus.conf + newins "${D}/usr/share/doc/${PF}/doc/examples/imapd_conf/normal.conf" imapd.conf + + sed -i -e '/^configdirectory/s|/var/.*|/var/imap|' \ + -e '/^partition-default/s|/var/.*|/var/spool/imap|' \ + -e '/^sievedir/s|/var/.*|/var/imap/sieve|' \ + "${D}"/etc/imapd.conf + + sed -i -e 's|/var/imap/socket/lmtp|/run/cyrus/socket/lmtp|' \ + -e 's|/var/imap/socket/notify|/run/cyrus/socket/notify|' \ + "${D}"/etc/cyrus.conf + + # turn off sieve if not installed + if ! use sieve; then + sed -i -e "/sieve/s/^/#/" "${D}/etc/cyrus.conf" || die + fi + # same thing for http(s) as well + if ! use http; then + sed -i -e "/http/s/^/#/" "${D}/etc/cyrus.conf" || die + fi + + newinitd "${FILESDIR}/cyrus.rc8" cyrus + newconfd "${FILESDIR}/cyrus.confd" cyrus + newpamd "${FILESDIR}/cyrus.pam-include" sieve + + for subdir in imap/{,db,log,msg,proc,socket,sieve} spool/imap/{,stage.} ; do + keepdir "/var/${subdir}" + fowners cyrus:mail "/var/${subdir}" + fperms 0750 "/var/${subdir}" + done + for subdir in imap/{user,quota,sieve} spool/imap ; do + for i in a b c d e f g h i j k l m n o p q r s t v u w x y z ; do + keepdir "/var/${subdir}/${i}" + fowners cyrus:mail "/var/${subdir}/${i}" + fperms 0750 "/var/${subdir}/${i}" + done + done +} + +pkg_preinst() { + if ! has_version ${CATEGORY}/${PN} ; then + elog "For correct logging add the following to /etc/syslog.conf:" + elog " local6.* /var/log/imapd.log" + elog " auth.debug /var/log/auth.log" + echo + + elog "You have to add user cyrus to the sasldb2. Do this with:" + elog " saslpasswd2 cyrus" + fi +} + +pkg_postinst() { + # do not install server.{key,pem) if they exist + if use ssl ; then + if [ ! -f "${ROOT}"etc/ssl/cyrus/server.key ]; then + install_cert /etc/ssl/cyrus/server + chown cyrus:mail "${ROOT}"etc/ssl/cyrus/server.{key,pem} + fi + fi + + echo + einfo "Please see https://www.cyrusimap.org/imap/download/upgrade.html" + einfo "for upgrade instructions." + echo +} diff --git a/net-mail/cyrus-imapd/files/cyrus-imapd-libcap.patch b/net-mail/cyrus-imapd/files/cyrus-imapd-libcap.patch new file mode 100644 index 000000000000..eda404bf0ddb --- /dev/null +++ b/net-mail/cyrus-imapd/files/cyrus-imapd-libcap.patch @@ -0,0 +1,64 @@ +Bug: https://bugs.gentoo.org/713728 +From f712d1268d5288e7f955567a07e99f409aba3e4a Mon Sep 17 00:00:00 2001 +From: Jakob Gahde +Date: Sat, 15 Feb 2020 17:18:16 +0100 +Subject: [PATCH] Add compatibility with recent versions of libcap + +--- + lib/util.c | 6 +++--- + master/master.c | 4 ++-- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/lib/util.c b/lib/util.c +index 5f3cb1933..1256671f6 100644 +--- a/lib/util.c ++++ b/lib/util.c +@@ -579,7 +579,7 @@ EXPORTED int set_caps(int stage __attribute__((unused)), + } + #endif + +-static int cap_setuid(int uid, int is_master) ++static int cyrus_cap_setuid(int uid, int is_master) + { + int r; + +@@ -599,7 +599,7 @@ EXPORTED int become_cyrus(int is_master) + int result; + static uid_t uid = 0; + +- if (uid) return cap_setuid(uid, is_master); ++ if (uid) return cyrus_cap_setuid(uid, is_master); + + const char *cyrus = cyrus_user(); + const char *mail = cyrus_group(); +@@ -645,7 +645,7 @@ EXPORTED int become_cyrus(int is_master) + return -1; + } + +- result = cap_setuid(newuid, is_master); ++ result = cyrus_cap_setuid(newuid, is_master); + + /* Only set static uid if successful, else future calls won't reset gid */ + if (result == 0) +diff --git a/master/master.c b/master/master.c +index 9c4d6f097..57f49f84a 100644 +--- a/master/master.c ++++ b/master/master.c +@@ -285,7 +285,7 @@ static void get_statsock(int filedes[2]) + fatalf(1, "unable to set close-on-exec: %m"); + } + +-static int cap_bind(int socket, struct sockaddr *addr, socklen_t length) ++static int cyrus_cap_bind(int socket, struct sockaddr *addr, socklen_t length) + { + int r; + +@@ -643,7 +643,7 @@ static void service_create(struct service *s) + #endif + + oldumask = umask((mode_t) 0); /* for linux */ +- r = cap_bind(s->socket, res->ai_addr, res->ai_addrlen); ++ r = cyrus_cap_bind(s->socket, res->ai_addr, res->ai_addrlen); + umask(oldumask); + if (r < 0) { + syslog(LOG_ERR, "unable to bind to %s/%s socket: %m", diff --git a/net-mail/cyrus-imapd/metadata.xml b/net-mail/cyrus-imapd/metadata.xml index 271895d4f887..c0215ef6fa4f 100644 --- a/net-mail/cyrus-imapd/metadata.xml +++ b/net-mail/cyrus-imapd/metadata.xml @@ -5,7 +5,7 @@ Enable replication support Enable sieve support - Enable http support + Enable http and http/2 support Enable building server binaries Enable backup service support Enable CalDAV alarm support -- 2.26.2