HEADSUP: mail/opendmarc config file moved

[Jonathan Perkin <jperkin%joyent.com@localhost>]

I've upgraded mail/opendmarc to the latest version, and also made a 
number of improvements and cleanups to the package.

If you are a user of this package then the most important difference is 
that the configuration file is now located in PKG_SYSCONFSUBDIR.  You 
will need to migrate any custom configuration over to the new location, 
for most users this will be /usr/pkg/etc/opendmarc/opendmarc.conf.

The package now supports an opendmarc user and group, but I have only 
enabled this for the SMF manifest.  Users of the rc.d script are welcome 
to test changes to support running under the user/group and submit the 
diffs for inclusion too.

Otherwise, despite the number of changes in this update, everything else 
should be the same!

Cheers,

--
Jonathan Perkin  -  Joyent, Inc.  -  www.joyent.com

--- Begin Message ---

• To: pkgsrc-changes%NetBSD.org@localhost
• Subject: CVS commit: pkgsrc/mail/opendmarc
• From: "Jonathan Perkin" <jperkin%netbsd.org@localhost>
• Date: Thu, 12 May 2022 13:49:29 +0000

Module Name:	pkgsrc
Committed By:	jperkin
Date:		Thu May 12 13:49:29 UTC 2022

Modified Files:
	pkgsrc/mail/opendmarc: Makefile distinfo
	pkgsrc/mail/opendmarc/patches: patch-libopendmarc_opendmarc__dns.c
	    patch-opendmarc_opendmarc-arcares.c
	    patch-opendmarc_opendmarc-arcseal.c patch-opendmarc_parse.c
Added Files:
	pkgsrc/mail/opendmarc/files/smf: manifest.xml opendmarc.sh
	pkgsrc/mail/opendmarc/patches: patch-opendmarc_opendmarc-config.h
	    patch-opendmarc_opendmarc.c patch-opendmarc_opendmarc.conf.5.in
	    patch-opendmarc_opendmarc.conf.sample
Removed Files:
	pkgsrc/mail/opendmarc/patches: patch-RequiredFrom

Log Message:
opendmarc: Update to 1.4.2 and overhaul package.

pkgsrc changes:

  * Use PKG_SYSCONFSUBDIR, there are a number of extra files supported in
    the configuration file so everything should live in a sub-directory.

    HEADS-UP! Users will need to migrate over to new config file location.

  * Create opendmarc user/group, not currently used in rc.d script.

  * Fix build on SunOS and add SMF support.

  * Split multi-file patch correctly into separate files.

  * Add TEST_TARGET.

  * Various pkglint and cleanup.

opendmarc changes:

1.4.2           2021/12/19
        Fix issue #175: Don't reject a multi-valued From when all of the
                domains match.
        Fix issue #179: Don't crash when a value in a multi-valued From field
                is missing a domain name.  Resolves CVE-2021-34555.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 pkgsrc/mail/opendmarc/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/opendmarc/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/mail/opendmarc/files/smf/manifest.xml \
    pkgsrc/mail/opendmarc/files/smf/opendmarc.sh
cvs rdiff -u -r1.2 -r0 pkgsrc/mail/opendmarc/patches/patch-RequiredFrom
cvs rdiff -u -r1.3 -r1.4 \
    pkgsrc/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c
cvs rdiff -u -r1.2 -r1.3 \
    pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c \
    pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-config.h \
    pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc.c \
    pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc.conf.5.in \
    pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc.conf.sample
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/mail/opendmarc/patches/patch-opendmarc_parse.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/opendmarc/Makefile
diff -u pkgsrc/mail/opendmarc/Makefile:1.26 pkgsrc/mail/opendmarc/Makefile:1.27
--- pkgsrc/mail/opendmarc/Makefile:1.26	Thu May 27 16:52:00 2021
+++ pkgsrc/mail/opendmarc/Makefile	Thu May 12 13:49:28 2022
@@ -1,13 +1,11 @@
-# $NetBSD: Makefile,v 1.26 2021/05/27 16:52:00 manu Exp $
+# $NetBSD: Makefile,v 1.27 2022/05/12 13:49:28 jperkin Exp $
 
-GITHUB_PROJECT=	OpenDMARC
-GITHUB_TAG=	rel-opendmarc-1-4-1-1
-DISTNAME=	rel-opendmarc-1-4-1-1
-PKGNAME=	opendmarc-1.4.1.1
-#PKGREVISION=	1
+DISTNAME=	rel-${PKGNAME:C/\./-/g}
+PKGNAME=	opendmarc-1.4.2
 CATEGORIES=	mail
 MASTER_SITES=	${MASTER_SITE_GITHUB:=trusteddomainproject/}
-DIST_SUBDIR=	${GITHUB_PROJECT}
+GITHUB_PROJECT=	OpenDMARC
+GITHUB_TAG=	${DISTNAME}
 
 MAINTAINER=	pettai%NetBSD.org@localhost
 HOMEPAGE=	http://www.trusteddomain.org/opendmarc/
@@ -15,13 +13,10 @@ COMMENT=	Open source DMARC library, MTA 
 LICENSE=	modified-bsd
 
 DEPENDS+=	p5-DBI-[0-9]*:../../databases/p5-DBI
-DEPENDS+=	p5-DBD-mysql-[0-9]*:../../databases/p5-DBD-mysql
-#DEPENDS+=	{perl>=5.6.1,p5-File-Temp-[0-9]*}:../../devel/p5-File-Temp
+DEPENDS+=	p5-DBD-{mariadb,mysql,percona}*-[0-9]*:../../databases/p5-DBD-mysql
 DEPENDS+=	p5-Switch-[0-9]*:../../lang/p5-Switch
 DEPENDS+=	p5-HTTP-Message-[0-9]*:../../www/p5-HTTP-Message
 
-RCD_SCRIPTS=	opendmarc
-
 USE_LIBTOOL=	yes
 USE_TOOLS+=	perl autoconf automake
 
@@ -30,27 +25,49 @@ CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSC
 CONFIGURE_ARGS+=	--with-milter=${BUILDLINK_PREFIX.libmilter}
 CONFIGURE_ARGS+=	--with-spf
 CONFIGURE_ARGS+=	--with-spf2-lib=${BUILDLINK_PREFIX.libspf2}/lib
-CONFIGURE_ARGS+= --with-spf2-include=${BUILDLINK_PREFIX.libspf2}/include/spf2
+CONFIGURE_ARGS+=	--with-spf2-include=${BUILDLINK_PREFIX.libspf2}/include/spf2
+
+LDFLAGS.SunOS+=	-lsocket -lnsl
+
+TEST_TARGET=	check
 
 REPLACE_PERL=	reports/opendmarc-expire.in
 REPLACE_PERL+=	reports/opendmarc-import.in
 REPLACE_PERL+=	reports/opendmarc-params.in
 REPLACE_PERL+=	reports/opendmarc-reports.in
 
+OPENDMARC_USER?=	opendmarc
+OPENDMARC_GROUP?=	opendmarc
+PKG_GROUPS=		${OPENDMARC_GROUP}
+PKG_USERS=		${OPENDMARC_USER}:${OPENDMARC_GROUP}
+PKG_GROUPS_VARS=	OPENDMARC_GROUP
+PKG_USERS_VARS=		OPENDMARC_USER
+
+PKG_GECOS.${OPENDMARC_USER}=	OpenDMARC user
+
 EGDIR=		${PREFIX}/share/examples/${PKGBASE}
 
+FILES_SUBST+=	OPENDMARC_USER=${OPENDMARC_USER}
+FILES_SUBST+=	OPENDMARC_GROUP=${OPENDMARC_GROUP}
+
+RCD_SCRIPTS=	opendmarc
+SMF_METHODS=	opendmarc
+
+PKG_SYSCONFSUBDIR=	opendmarc
+
+CONF_FILES+=	${EGDIR}/opendmarc.conf.sample ${PKG_SYSCONFDIR}/opendmarc.conf
+
 INSTALLATION_DIRS=	${EGDIR}
 
 pre-configure:
-	set -e; cd ${WRKSRC}; \
-	libtoolize; aclocal; autoheader; automake -a --foreign -i; autoconf
+	${RUN} cd ${WRKSRC} && autoreconf -fiv
 
 post-install:
-	${INSTALL_DATA} ${WRKSRC}/opendmarc/opendmarc.conf.sample \
-		${DESTDIR}${EGDIR}/
+	${SED} -e 's,/usr/local/etc/opendmarc,${PKG_SYSCONFDIR},g' \
+		${WRKSRC}/opendmarc/opendmarc.conf.sample \
+		> ${DESTDIR}${EGDIR}/opendmarc.conf.sample
 
 .include "../../security/openssl/buildlink3.mk"
-BUILDLINK_API_DEPENDS.libmilter+=	libmilter>=8.13.0
 .include "../../mail/libmilter/buildlink3.mk"
 .include "../../mail/libspf2/buildlink3.mk"
 .include "../../mk/pthread.buildlink3.mk"

Index: pkgsrc/mail/opendmarc/distinfo
diff -u pkgsrc/mail/opendmarc/distinfo:1.13 pkgsrc/mail/opendmarc/distinfo:1.14
--- pkgsrc/mail/opendmarc/distinfo:1.13	Tue Oct 26 10:54:11 2021
+++ pkgsrc/mail/opendmarc/distinfo	Thu May 12 13:49:28 2022
@@ -1,10 +1,13 @@
-$NetBSD: distinfo,v 1.13 2021/10/26 10:54:11 nia Exp $
+$NetBSD: distinfo,v 1.14 2022/05/12 13:49:28 jperkin Exp $
 
-BLAKE2s (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 21878b7811a533941b51eaad28b27bdd2f6cd0fe143820eb6ac55e767ad2d923
-SHA512 (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = ee034386c70c75b87ca2fce0849a1a3538e10e0aebfb0fc9dcba6817d2cf71f52aa5586ccaacdee620190c5fbb81498419fb8e8db9fac15d7c71a61a7da396a6
-Size (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 426618 bytes
-SHA1 (patch-RequiredFrom) = c89853a3fabcc48653b94169f49ea3c5923254d3
-SHA1 (patch-libopendmarc_opendmarc__dns.c) = b1f697c930808b5c5724331dead3cf29c024d69b
-SHA1 (patch-opendmarc_opendmarc-arcares.c) = 0984b42e943d6a17eeb5725508dfbcf107b23169
-SHA1 (patch-opendmarc_opendmarc-arcseal.c) = 98edb0d22e7c693d327ba98ba186605060d36e2f
-SHA1 (patch-opendmarc_parse.c) = c4b521a4542a4dc7db8baf088bb297493bf46a83
+BLAKE2s (rel-opendmarc-1-4-2.tar.gz) = 7b26aee1966989d89f862a8dd1771ab18c06585dcf2bba8e951d0d89d5324118
+SHA512 (rel-opendmarc-1-4-2.tar.gz) = 415278c6c09460379538ad10ea4033815a677ddad138b8a07609c287360d1739acdba5d1fe07d0e35764850af8a141c0c70a9311254104b93d2c1bbc8b6f7a69
+Size (rel-opendmarc-1-4-2.tar.gz) = 426996 bytes
+SHA1 (patch-libopendmarc_opendmarc__dns.c) = 44a8edc083c922257695835dc6de3d840ee4a7ab
+SHA1 (patch-opendmarc_opendmarc-arcares.c) = cd38a216b2c1b115c78044007d9480168302f5d8
+SHA1 (patch-opendmarc_opendmarc-arcseal.c) = 93e2779d7a46f163d28092ef71faf7bfe7eead39
+SHA1 (patch-opendmarc_opendmarc-config.h) = f488fcccdde9aa1151f6bf65bcadf2564a8acec2
+SHA1 (patch-opendmarc_opendmarc.c) = b23746dc57ac52813311890a569eb1ef6ad64f7e
+SHA1 (patch-opendmarc_opendmarc.conf.5.in) = 86ee7fb06760f9f79cddb7f8e694a0e9fb91750f
+SHA1 (patch-opendmarc_opendmarc.conf.sample) = f1a8f5d55bd6e6a14bce1d900bfd655f1b7243de
+SHA1 (patch-opendmarc_parse.c) = f0dfe945792dcf072b2a34b549814464ccb1f4e9

Index: pkgsrc/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c
diff -u pkgsrc/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c:1.3 pkgsrc/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c:1.4
--- pkgsrc/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c:1.3	Thu May 27 16:52:00 2021
+++ pkgsrc/mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c	Thu May 12 13:49:28 2022
@@ -1,11 +1,10 @@
-$NetBSD: patch-libopendmarc_opendmarc__dns.c,v 1.3 2021/05/27 16:52:00 manu Exp $
+$NetBSD: patch-libopendmarc_opendmarc__dns.c,v 1.4 2022/05/12 13:49:28 jperkin Exp $
 
 Make sure res_init works on zeroed structure
 
---- libopendmarc/opendmarc_dns.c.orig	2021-05-27 10:27:22.653313507 +0200
-+++ libopendmarc/opendmarc_dns.c	2021-05-27 10:26:59.377412037 +0200
-@@ -202,8 +202,9 @@
- 	while (*bp == '.')
+--- libopendmarc/opendmarc_dns.c.orig	2021-12-20 06:40:37.000000000 +0000
++++ libopendmarc/opendmarc_dns.c
+@@ -203,6 +203,7 @@ dmarc_dns_get_record(char *domain, int *
  		++bp;
  
  #ifdef HAVE_RES_NINIT   
@@ -13,4 +12,3 @@ Make sure res_init works on zeroed struc
  	res_ninit(&resp);
  #ifdef RES_USE_DNSSEC
  	resp.options |= RES_USE_DNSSEC;
- #endif

Index: pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c
diff -u pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c:1.2 pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c:1.3
--- pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c:1.2	Thu May 27 16:52:00 2021
+++ pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c	Thu May 12 13:49:28 2022
@@ -1,11 +1,10 @@
-$NetBSD: patch-opendmarc_opendmarc-arcares.c,v 1.2 2021/05/27 16:52:00 manu Exp $
+$NetBSD: patch-opendmarc_opendmarc-arcares.c,v 1.3 2022/05/12 13:49:28 jperkin Exp $
 
 Avoid handling a NULL pointer when parsing a malformed header
 
---- opendmarc/opendmarc-arcares.c.orig	2021-04-30 18:34:43.000000000 +0200
-+++ opendmarc/opendmarc-arcares.c	2021-05-27 10:30:03.036068852 +0200
-@@ -265,8 +265,10 @@
- 		token_ptr = token + leading_space_len;
+--- opendmarc/opendmarc-arcares.c.orig	2021-12-20 06:40:37.000000000 +0000
++++ opendmarc/opendmarc-arcares.c
+@@ -266,6 +266,8 @@ opendmarc_arcares_arc_parse (u_char *hdr
  		if (*token_ptr == '\0')
  			return 0;
  		tag_label = strsep(&token_ptr, "=");
@@ -14,4 +13,3 @@ Avoid handling a NULL pointer when parsi
  		tag_value = opendmarc_arcares_strip_whitespace(token_ptr);
  		tag_code = opendmarc_arcares_convert(aar_arc_tags, tag_label);
  
- 		switch (tag_code)
Index: pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c
diff -u pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c:1.2 pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c:1.3
--- pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c:1.2	Thu May 27 16:52:00 2021
+++ pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c	Thu May 12 13:49:28 2022
@@ -1,11 +1,10 @@
-$NetBSD: patch-opendmarc_opendmarc-arcseal.c,v 1.2 2021/05/27 16:52:00 manu Exp $
+$NetBSD: patch-opendmarc_opendmarc-arcseal.c,v 1.3 2022/05/12 13:49:28 jperkin Exp $
 
 Avoid handling a NULL pointer when parsing a malformed header
 
---- opendmarc/opendmarc-arcseal.c.orig	2021-04-30 18:34:43.000000000 +0200
-+++ opendmarc/opendmarc-arcseal.c	2021-05-27 10:31:21.308140659 +0200
-@@ -166,9 +166,13 @@
- 		token_ptr = token + leading_space_len;
+--- opendmarc/opendmarc-arcseal.c.orig	2021-12-20 06:40:37.000000000 +0000
++++ opendmarc/opendmarc-arcseal.c
+@@ -167,7 +167,11 @@ opendmarc_arcseal_parse(u_char *hdr, str
  		if (*token_ptr == '\0')
  			return 0;
  		tag_label = strsep(&token_ptr, "=");
@@ -17,4 +16,3 @@ Avoid handling a NULL pointer when parsi
  
  		tag_code = opendmarc_arcseal_convert(as_tags, tag_label);
  
- 		switch (tag_code)

Index: pkgsrc/mail/opendmarc/patches/patch-opendmarc_parse.c
diff -u pkgsrc/mail/opendmarc/patches/patch-opendmarc_parse.c:1.1 pkgsrc/mail/opendmarc/patches/patch-opendmarc_parse.c:1.2
--- pkgsrc/mail/opendmarc/patches/patch-opendmarc_parse.c:1.1	Thu May 27 16:52:00 2021
+++ pkgsrc/mail/opendmarc/patches/patch-opendmarc_parse.c	Thu May 12 13:49:28 2022
@@ -1,7 +1,6 @@
-$NetBSD: patch-opendmarc_parse.c,v 1.1 2021/05/27 16:52:00 manu Exp $
+$NetBSD: patch-opendmarc_parse.c,v 1.2 2022/05/12 13:49:28 jperkin Exp $
 
-Make sure a trailing brackets corresponds to a leading one
-aaa98f5
+Make sure a trailing brackets corresponds to a leading one.
 
 This fixes the case where the sender e-mail address is user%example.net@localhost>
 Without this fix, OpenDMARC parses the domain as example.net> and skip
@@ -12,10 +11,9 @@ own, letting forged e-mail passing throu
 
 Submitted upstream https://github.com/trusteddomainproject/OpenDMARC/pull/174
 
---- opendmarc/parse.c.orig	2021-05-27 09:45:40.873727663 +0200
-+++ opendmarc/parse.c	2021-05-27 09:45:27.545312746 +0200
-@@ -444,8 +444,13 @@
- 					*w++ = '\0';
+--- opendmarc/parse.c.orig	2021-12-20 06:40:37.000000000 +0000
++++ opendmarc/parse.c
+@@ -454,6 +454,11 @@ dmarcf_mail_parse(unsigned char *line, u
  					*domain_out = w;
  					ws = 0;
  				}
@@ -27,4 +25,3 @@ Submitted upstream https://github.com/tr
  				else
  				{
  
- 					if (*user_out == NULL)

Added files:

Index: pkgsrc/mail/opendmarc/files/smf/manifest.xml
diff -u /dev/null pkgsrc/mail/opendmarc/files/smf/manifest.xml:1.1
--- /dev/null	Thu May 12 13:49:29 2022
+++ pkgsrc/mail/opendmarc/files/smf/manifest.xml	Thu May 12 13:49:28 2022
@@ -0,0 +1,41 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<service_bundle type="manifest" name="export">
+  <service name="@SMF_PREFIX@/@SMF_NAME@" type="service" version="1">
+    <create_default_instance enabled="false" />
+    <single_instance />
+    <dependency name="network" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/milestone/network:default" />
+    </dependency>
+    <dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/system/filesystem/local" />
+    </dependency>
+    <method_context working_directory="@VARBASE@/run/opendmarc">
+      <method_credential user="@OPENDMARC_USER@" group="@OPENDMARC_USER@" />
+    </method_context>
+    <exec_method type="method" name="start" exec="@PREFIX@/@SMF_METHOD_FILE.opendmarc@ -c %{config_file}" timeout_seconds="60" />
+    <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60" />
+    <property_group name="startd" type="framework">
+      <propval name="duration" type="astring" value="contract" />
+      <propval name="ignore_error" type="astring" value="core,signal" />
+    </property_group>
+    <property_group name="application" type="application">
+      <propval name="config_file" type="astring" value="@PKG_SYSCONFDIR@/opendmarc.conf" />
+    </property_group>
+    <template>
+      <common_name>
+        <loctext xml:lang="C">OpenDMARC daemon</loctext>
+      </common_name>
+      <documentation>
+        <manpage title="opendmarc.conf" section="5" manpath="@PREFIX@/@PKGMANDIR@"/>
+        <manpage title="opendmarc-check" section="8" manpath="@PREFIX@/@PKGMANDIR@"/>
+        <manpage title="opendmarc-expire" section="8" manpath="@PREFIX@/@PKGMANDIR@"/>
+        <manpage title="opendmarc-import" section="8" manpath="@PREFIX@/@PKGMANDIR@"/>
+        <manpage title="opendmarc-importstats" section="8" manpath="@PREFIX@/@PKGMANDIR@"/>
+        <manpage title="opendmarc-params" section="8" manpath="@PREFIX@/@PKGMANDIR@"/>
+        <manpage title="opendmarc-reports" section="8" manpath="@PREFIX@/@PKGMANDIR@"/>
+        <manpage title="opendmarc" section="8" manpath="@PREFIX@/@PKGMANDIR@"/>
+      </documentation>
+    </template>
+  </service>
+</service_bundle>
Index: pkgsrc/mail/opendmarc/files/smf/opendmarc.sh
diff -u /dev/null pkgsrc/mail/opendmarc/files/smf/opendmarc.sh:1.1
--- /dev/null	Thu May 12 13:49:29 2022
+++ pkgsrc/mail/opendmarc/files/smf/opendmarc.sh	Thu May 12 13:49:28 2022
@@ -0,0 +1,14 @@
+#!@SMF_METHOD_SHELL@
+#
+# $NetBSD: opendmarc.sh,v 1.1 2022/05/12 13:49:28 jperkin Exp $
+#
+
+. /lib/svc/share/smf_include.sh
+
+if [ ! -d @VARBASE@/run/opendmarc ]; then
+	@MKDIR@ @VARBASE@/run/opendmarc
+	@CHMOD@ 0750 @VARBASE@/run/opendmarc
+	@CHOWN@ @OPENDMARC_USER@:@OPENDMARC_GROUP@ @VARBASE@/run/opendmarc
+fi
+
+@PREFIX@/sbin/opendmarc "$@"

Index: pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-config.h
diff -u /dev/null pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-config.h:1.1
--- /dev/null	Thu May 12 13:49:29 2022
+++ pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc-config.h	Thu May 12 13:49:28 2022
@@ -0,0 +1,17 @@
+$NetBSD: patch-opendmarc_opendmarc-config.h,v 1.1 2022/05/12 13:49:28 jperkin Exp $
+
+Add RequiredFrom option to reject messages that lack a From header from which
+a valid domain can be extracted.
+
+Submitted upstream https://github.com/trusteddomainproject/OpenDMARC/pull/147
+
+--- opendmarc/opendmarc-config.h.orig	2021-12-20 06:40:37.000000000 +0000
++++ opendmarc/opendmarc-config.h
+@@ -45,6 +45,7 @@ struct configdef dmarcf_config[] =
+ 	{ "PublicSuffixList",		CONFIG_TYPE_STRING,	FALSE },
+ 	{ "RecordAllMessages",		CONFIG_TYPE_BOOLEAN,	FALSE },
+ 	{ "RequiredHeaders",		CONFIG_TYPE_BOOLEAN,	FALSE },
++	{ "RequiredFrom",		CONFIG_TYPE_BOOLEAN,	FALSE },
+ 	{ "RejectFailures",		CONFIG_TYPE_BOOLEAN,	FALSE },
+ 	{ "RejectMultiValueFrom",	CONFIG_TYPE_BOOLEAN,	FALSE },
+ 	{ "ReportCommand",		CONFIG_TYPE_STRING,	FALSE },
Index: pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc.c
diff -u /dev/null pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc.c:1.1
--- /dev/null	Thu May 12 13:49:29 2022
+++ pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc.c	Thu May 12 13:49:28 2022
@@ -0,0 +1,62 @@
+$NetBSD: patch-opendmarc_opendmarc.c,v 1.1 2022/05/12 13:49:28 jperkin Exp $
+
+Add RequiredFrom option to reject messages that lack a From header from which
+a valid domain can be extracted.
+
+Submitted upstream https://github.com/trusteddomainproject/OpenDMARC/pull/147
+
+--- opendmarc/opendmarc.c.orig	2021-12-20 06:40:37.000000000 +0000
++++ opendmarc/opendmarc.c
+@@ -164,6 +164,7 @@ typedef struct dmarcf_connctx * DMARCF_C
+ struct dmarcf_config
+ {
+ 	_Bool			conf_reqhdrs;
++	_Bool			conf_reqfrom;
+ 	_Bool			conf_afrf;
+ 	_Bool			conf_afrfnone;
+ 	_Bool			conf_rejectfail;
+@@ -1423,6 +1424,10 @@ dmarcf_config_load(struct config *data,
+ 		                  &conf->conf_reqhdrs,
+ 		                  sizeof conf->conf_reqhdrs);
+ 
++		(void) config_get(data, "RequiredFrom",
++		                  &conf->conf_reqfrom,
++		                  sizeof conf->conf_reqfrom);
++
+ 		(void) config_get(data, "FailureReports",
+ 		                  &conf->conf_afrf,
+ 		                  sizeof conf->conf_afrf);
+@@ -2455,11 +2460,15 @@ mlfi_eom(SMFICTX *ctx)
+ 		if (conf->conf_dolog)
+ 		{
+ 			syslog(LOG_INFO,
+-			       "%s: RFC5322 requirement error: missing From field; accepting",
+-			       dfc->mctx_jobid);
++			       "%s: RFC5322 requirement error: missing From field; %s",
++			       dfc->mctx_jobid,
++			       conf->conf_reqfrom ? "reject" : "accepting");
+ 		}
+ 
+-		return SMFIS_ACCEPT;
++		if (conf->conf_reqfrom)
++			return SMFIS_REJECT;
++		else
++			return SMFIS_ACCEPT;
+ 	}
+ 
+ 	/* extract From: addresses */
+@@ -2499,11 +2508,11 @@ mlfi_eom(SMFICTX *ctx)
+ 		if (conf->conf_dolog)
+ 		{
+ 			syslog(LOG_ERR,
+-			       "%s: unable to parse From header field",
+-			       dfc->mctx_jobid);
++			       "%s: unable to parse From header field \"%s\"",
++			       dfc->mctx_jobid, from->hdr_value);
+ 		}
+ 
+-		if (conf->conf_reqhdrs)
++		if (conf->conf_reqhdrs || conf->conf_reqfrom) 
+ 			return SMFIS_REJECT;
+ 		else
+ 			return SMFIS_ACCEPT;
Index: pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc.conf.5.in
diff -u /dev/null pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc.conf.5.in:1.1
--- /dev/null	Thu May 12 13:49:29 2022
+++ pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc.conf.5.in	Thu May 12 13:49:28 2022
@@ -0,0 +1,24 @@
+$NetBSD: patch-opendmarc_opendmarc.conf.5.in,v 1.1 2022/05/12 13:49:28 jperkin Exp $
+
+Add RequiredFrom option to reject messages that lack a From header from which
+a valid domain can be extracted.
+
+Submitted upstream https://github.com/trusteddomainproject/OpenDMARC/pull/147
+
+--- opendmarc/opendmarc.conf.5.in.orig	2021-12-20 06:40:37.000000000 +0000
++++ opendmarc/opendmarc.conf.5.in
+@@ -288,6 +288,14 @@ failing this test are rejected without f
+ field from which no domain name could be extracted will also be rejected.
+ 
+ .TP
++.I RequiredFrom (Boolean)
++If set, the filter will reject without further processing messages that lack a
++From: field from which a domain name could be extracted. This options is
++without effect if
++.I RequiredHeaders
++is set to "true".
++
++.TP
+ .I Socket (string)
+ Specifies the socket that should be established by the filter to receive
+ connections from
Index: pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc.conf.sample
diff -u /dev/null pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc.conf.sample:1.1
--- /dev/null	Thu May 12 13:49:29 2022
+++ pkgsrc/mail/opendmarc/patches/patch-opendmarc_opendmarc.conf.sample	Thu May 12 13:49:28 2022
@@ -0,0 +1,25 @@
+$NetBSD: patch-opendmarc_opendmarc.conf.sample,v 1.1 2022/05/12 13:49:28 jperkin Exp $
+
+Add RequiredFrom option to reject messages that lack a From header from which
+a valid domain can be extracted.
+
+Submitted upstream https://github.com/trusteddomainproject/OpenDMARC/pull/147
+
+--- opendmarc/opendmarc.conf.sample.orig	2021-12-20 06:40:37.000000000 +0000
++++ opendmarc/opendmarc.conf.sample
+@@ -344,6 +344,15 @@
+ #
+ # RequiredHeaders false
+ 
++##  RequiredFrom { true | false }
++##  	default "false"
++##
++##  If set, the filter will reject without further processing messages that 
++##  lack a From: field from which a domain name could be extracted. This 
++##  options is without effect if RequiredHeaders is set to "true".
++#
++# RequiredFrom false
++
+ ##  Socket socketspec
+ ##  	default (none)
+ ##

--- End Message ---