pkgsrc-WIP-changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

wip/opensmtpd: update to opensmtpd-7.3.0p1



Module Name:	pkgsrc-wip
Committed By:	Paolo Vincenzo Olivo <vms%retrobsd.ddns.net@localhost>
Pushed By:	vms
Date:		Sun Jul 30 19:30:53 2023 +0200
Changeset:	2d3f1abd5e67aee58b4d75deca3e3e3cbe37fe44

Modified Files:
	opensmtpd/Makefile
	opensmtpd/TODO
	opensmtpd/distinfo
	opensmtpd/files/mailer.conf
	opensmtpd/files/opensmtpd.sh
	opensmtpd/patches/patch-mk_smtpd_Makefile.am
	opensmtpd/patches/patch-openbsd-compat_imsg-buffer.c
	opensmtpd/patches/patch-openbsd-compat_imsg.c
	opensmtpd/patches/patch-usr.sbin_smtpd_queue__fs.c
Added Files:
	opensmtpd/PLIST.common
	opensmtpd/PLIST.nowrap
	opensmtpd/files/smtp.conf
	opensmtpd/options.mk
	opensmtpd/patches/patch-usr.sbin_smtpd_proxy.c
	opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c
Removed Files:
	opensmtpd/PLIST
	opensmtpd/patches/patch-smtpd_proxy.c
	opensmtpd/patches/patch-smtpd_smtp__session.c

Log Message:
wip/opensmtpd: update to opensmtpd-7.3.0p1

* Address remaining issues in TODO: noticeably remove CONFLICTS+ lines
  as OpenSMTPD no more installs sendmail-equivalent binaries. Retain
  CONFLICTS for systems where mailwrapper isn't available and symbolic
  links are required for backward compatibility.
  Use a 'mailwrapper' option to handle this (to potentially include in
  the options-description files)
* Enable PAM support, making it optional
* Build with LibreTLS (3.7.0) and OpenSSL (1.1.1.*). Hopefully the
  regression currently affecting LibreTLS with OpenSSL 3.x gets a fix
  before OpenSSL3 is imported. Otherwise, attempt to build with
  OpenSSL3 + bundled-libtls (widely reported working).
* Move package configuration directory to $PKG_SYSCONFDIR/smtp,
  to organize files (conf, aliases, secrets, virtuals) in a cleaner way.
* install sample aliases file
* Fix hard-coded paths in man pages and sample configuration
* Fix smtpctl permissions (needs to be setgid _smtpq)
* Revise and improve rc.d script and mailer.conf
* Require mozilla-rootcerts for ca-certificates.
* rename patches to match target files.
* lint package.

[OpenSMTPD 7.3.0p1]

    * add missing include of stdio.h for fparseln(3) on FreeBSD
    * fix a typo in the configure
    * use fatal() instead of err(3) in xclosefrom()
    * don't add "-lcrypto -lssl" thrice
    * fix the build of the bundled libtls with LibreSSL
    * force the use of the bundled libtls and libasr
    * append, not prepend, to LIBS during automatic configuration
    * do not add -L/usr/local/lib or -L/usr/lib, nor -I/usr/local/include
      or -I/usr/include, as consequence of missing --with-libevent
    * optionally link libbsd-ctor too

[OpenSMTPD 7.3.0p]

This release builds with LibreSSL, or OpenSSL > 1.1.1 optionally with
LibreTLS.

LibreTLS 3.7.0 has a known regression with OpenSSL 3+, so please use the
bundled one using the --with-bundled-libtls configure flag until it is
updated.

It's preferable to depend on LibreSSL as OpenSMTPD is written and tested
with that dependency. OpenSSL library is considered as a best effort
target TLS library and provided as a commodity, LibreSSL has become our
target TLS library.

- Includes the following security fixes:

  * OpenBSD 7.2 errata 20 "smtpd(8) could abort due to a connection
    from a local, scoped ipv6 address"
  * OpenBSD 7.2 errata 22 "Out of bounds accesses in libc resolver"

- Configuration changes:

  The certificate to use is now selected by looking at the names found in
  the certificates themselves rather than the pki name. The set of
  certificates for a TLS listener must be defined explicitly by using the
  pki listener option multiple times.

- Synced with OpenBSD 7.3:

 | OpenBSD 6.9:
	* Introduced smtp(1) -a to perform authentication before sending a
	  message.
	* Fixed a memory leak in smtpd(8) resolver.
	* Prevented a crash due to premature release of resources by the
	  smtpd(8) filter state machine.
	* Switch to libtls internally.
	* Change the way SNI works in smtpd.conf(5). TLS listeners may be
	  configured with multiple certificates. The matching is based on
	  the names included in the certificates.
	* Allow to specify TLS protocols and ciphers per listener and relay action.
 | OpenBSD 7.0:
	* Fixed incorrect status code for expired mails resulting in
	  misleading bounce report in smtpd(8).
	* Added TLS options cafile=(path), nosni, noverify and
	  servername=(name) to smtp(1).
	* Allowed specification of TLS ciphers and protocols in smtp(1).
 | OpenBSD 7.1:
	* Stop verifying the cert or CA for a relay using opportunistic TLS.
	* Enabled TLS verify by default for outbound "smtps://" and
	  "smtp+tls://", restoring documented smtpd(8) behavior.
 | OpenBSD 7.3:
	* Prevented smtpd(8) abort due to a connection from a local, scoped
	  ipv6 address.

Portable layer changes:

 | libbsd and libtls are now optionally used if found:
	* Added --with-libbsd/--without-libbsd configure flag to enable
	  linking to libbsd-overlay.
	* Added --with-bundled-libtls to force the usage of the bundled libtls
	  LibreTLS 3.7.0 (last version at the time of writing) and previous
	  have a regression with OpenSSL 3+, so please use the bundled one.
	  See the GitHub issue #1171 for more info.

 | Updated and cleanup of the OpenBSD compats.
	* Ported res_randomid() from OpenBSD.

	* The configure option --with-path-CAfile shouldn't be required
	  anymore in most systems but it is retained since it could be
	  useful in some configuration when using the bundled libtls.

	* Various minor portability fixes.

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=2d3f1abd5e67aee58b4d75deca3e3e3cbe37fe44

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 opensmtpd/Makefile                                 | 80 +++++++++++++++-------
 opensmtpd/PLIST                                    | 23 -------
 opensmtpd/PLIST.common                             | 33 +++++++++
 opensmtpd/PLIST.nowrap                             |  5 ++
 opensmtpd/TODO                                     | 10 +--
 opensmtpd/distinfo                                 | 18 ++---
 opensmtpd/files/mailer.conf                        |  6 +-
 opensmtpd/files/opensmtpd.sh                       | 33 +++++++--
 opensmtpd/files/smtp.conf                          | 16 +++++
 opensmtpd/options.mk                               | 72 +++++++++++++++++++
 opensmtpd/patches/patch-mk_smtpd_Makefile.am       | 10 +--
 .../patches/patch-openbsd-compat_imsg-buffer.c     | 13 +---
 opensmtpd/patches/patch-openbsd-compat_imsg.c      | 13 +---
 opensmtpd/patches/patch-smtpd_proxy.c              | 32 ---------
 opensmtpd/patches/patch-smtpd_smtp__session.c      | 64 -----------------
 opensmtpd/patches/patch-usr.sbin_smtpd_proxy.c     | 32 +++++++++
 opensmtpd/patches/patch-usr.sbin_smtpd_queue__fs.c |  2 +
 .../patches/patch-usr.sbin_smtpd_smtp__session.c   | 64 +++++++++++++++++
 18 files changed, 336 insertions(+), 190 deletions(-)

diffs:
diff --git a/opensmtpd/Makefile b/opensmtpd/Makefile
index a78f457bac..165f35d4e0 100644
--- a/opensmtpd/Makefile
+++ b/opensmtpd/Makefile
@@ -1,8 +1,7 @@
 # $NetBSD$
 
-VERSION=	6.8.0p2
+VERSION=	7.3.0p1
 DISTNAME=	opensmtpd-${VERSION}
-PKGREVISION=	1
 CATEGORIES=	mail net
 MASTER_SITES=	https://www.opensmtpd.org/archives/
 
@@ -11,19 +10,19 @@ HOMEPAGE=	https://www.opensmtpd.org/
 COMMENT=	The OpenSMTPD mail transfer agent, a replacement for sendmail
 LICENSE=	isc AND modified-bsd AND 2-clause-bsd
 
-CONFLICTS+=	courier-mta-[0-9]* fastforward>=0.51nb2 sendmail-[0-9]*
-CONFLICTS+=	esmtp>=1.2 nullmailer-[0-9]* postfix-[0-9]*
-
 BUILD_DEFS+=	VARBASE
 
-USE_LANGUAGES=	c
 USE_LIBTOOL=	yes
-USE_TOOLS+=	pkg-config yacc
+USE_TOOLS+=	awk pkg-config yacc
 USE_TOOLS+=	automake aclocal autoheader autoconf
 
+DEPENDS+=	mozilla-rootcerts-[0-9]*:../../security/mozilla-rootcerts
+
 SMTPD_HOME=	${VARBASE}/chroot/smtpd
 OWN_DIRS=	${SMTPD_HOME}
 
+PLIST_SRC=	PLIST.common
+
 PKG_GROUPS=		_smtpd _smtpq
 PKG_USERS=		_smtpd:_smtpd _smtpq:_smtpq
 PKG_GECOS._smtpd=	OpenSMTPD pseudo-user
@@ -31,32 +30,58 @@ PKG_HOME._smtpd=	${SMTPD_HOME}
 PKG_GECOS._smtpq=	OpenSMTPD pseudo-user
 PKG_HOME._smtpq=	${SMTPD_HOME}
 
+.include "../../mk/bsd.prefs.mk"
+
 GNU_CONFIGURE=		yes
 USE_DB185=		yes
-CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR:Q}
+CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}/smtpd
 CONFIGURE_ARGS+=	--with-mantype=man
 CONFIGURE_ARGS+=	--with-libssl=${SSLBASE:Q}
+CONFIGURE_ARGS+=	--with-path-CAfile=${SSLCERTS}/ca-certificates.crt
+CONFIGURE_ARGS+=	--with-path-empty=${VARBASE}/empty
+.if ${OPSYS} == "Linux"
+CONFIGURE_ARGS+=	--with-path-mbox=${VARBASE}/spool/mail
+.else
+CONFIGURE_ARGS+=	--with-path-mbox=${VARBASE}/mail
+.endif
+CONFIGURE_ARGS+=	--with-libevent=${BUILDLINK_PREFIX.libevent}
+#CONFIGURE_ARGS+=	--with-bundled-libtls	# required for OpenSSL 3+
 CONFIGURE_ARGS+=	--with-table-db
+CONFIGURE_ARGS+=	--with-pie
 
-CFLAGS.SunOS+=		-D__EXTENSIONS__
+.include "options.mk"
 
-EXAMPLEDIR=	${PREFIX}/share/examples/opensmtpd
-CONF_FILES=	${EXAMPLEDIR}/smtpd.conf ${PKG_SYSCONFDIR}/smtpd.conf
+CFLAGS.SunOS+=		-D__EXTENSIONS__
 
-MAKE_DIRS+=	${VARBASE}/empty ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0700
+EGDIR=		${PREFIX}/share/examples/opensmtpd
+CONF_FILES+=	${EGDIR}/smtpd.conf ${PKG_SYSCONFDIR}/smtpd/smtpd.conf
+CONF_FILES+=	${EGDIR}/aliases ${PKG_SYSCONFDIR}/smtpd/aliases
 
 RCD_SCRIPTS=	opensmtpd
 
+SETUID_ROOT_PERMS?=	${REAL_ROOT_USER} _smtpq 2555
+SPECIAL_PERMS+=		sbin/smtpctl ${SETUID_ROOT_PERMS}
+
+MAKE_DIRS+=	${PKG_SYSCONFDIR}/smtpd
+MAKE_DIRS+=	${VARBASE}/empty ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 070
+
+SUBST_CLASSES+=		prefix
+SUBST_STAGE.prefix=	pre-configure
+SUBST_FILES.prefix=	${WRKDIR}/mailer.conf
+SUBST_VARS.prefix=	PREFIX
+SUBST_MESSAGE.prefix=	Replacing PREFIX placeholders.
+
 SUBST_CLASSES+=		paths
-SUBST_FILES.paths=	${WRKDIR}/mailer.conf
-SUBST_VARS.paths=	PREFIX
 SUBST_STAGE.paths=	pre-configure
-
-SUBST_CLASSES+=			exampledir
-SUBST_STAGE.exampledir=		pre-configure
-SUBST_MESSAGE.exampledir=	Fixing exampledir path
-SUBST_FILES.exampledir=		mk/smtpd/Makefile.am
-SUBST_SED.exampledir+=		-e 's,@EXAMPLE_DIR@,${EXAMPLEDIR},'
+SUBST_MESSAGE.paths=	Replacing hard-coded paths.
+SUBST_FILES.paths+=	mk/smtpd/Makefile.am usr.sbin/smtpd/smtpd.conf	\
+			usr.sbin/smtpd/smtpd.8 usr.sbin/smtpd/smtpd.conf.5 \
+			usr.sbin/smtpd/aliases.5 usr.sbin/smtpd/makemap.8 \
+			usr.sbin/smtpd/newaliases.8
+SUBST_SED.paths+=	-e "s:/etc/mail:${PKG_SYSCONFDIR}/smtpd:g"
+SUBST_SED.paths+=	-e "s:/usr/local/etc:${PKG_SYSCONFDIR}/smtpd:g"
+SUBST_SED.paths+=	-e "s:@EXAMPLE_DIR@:${EGDIR}:g"
+SUBST_SED.paths+=	-e "s:/etc/ssl:${SSLDIR}:g"
 
 post-extract:
 	cp ${FILESDIR}/mailer.conf ${WRKDIR}/mailer.conf
@@ -68,13 +93,20 @@ pre-configure:
 	cd ${WRKSRC} && ${TOOLS_CMD.autoheader}
 	cd ${WRKSRC} && ${TOOLS_CMD.automake} --foreign --add-missing --copy
 
-post-install:
-	${INSTALL_DATA} ${WRKDIR}/mailer.conf \
-		${DESTDIR}${EXAMPLEDIR}/mailer.conf
+.PHONY: install-aliases
+install-aliases:
+	${INSTALL_DATA} ${WRKSRC}/etc/aliases ${DESTDIR}${EGDIR}
 
+.if ${OPSYS} == "Linux"
+.  include "../../devel/libbsd/buildlink3.mk"
+.endif
 .include "../../databases/db5/buildlink3.mk"
 .include "../../devel/libevent/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../net/libasr/buildlink3.mk"
-.include "../../security/openssl/buildlink3.mk"
+# OpenSSL 3+ may require building with bundled libtls
+# instead of pkgsrc LibreTLS
+#.include "../../security/openssl/buildlink3.mk"
+.include "../../security/libretls/buildlink3.mk"
+.include "../../mk/dlopen.buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
diff --git a/opensmtpd/PLIST b/opensmtpd/PLIST
deleted file mode 100644
index 94d89fdb1b..0000000000
--- a/opensmtpd/PLIST
+++ /dev/null
@@ -1,23 +0,0 @@
-@comment $NetBSD$
-bin/smtp
-libexec/opensmtpd/encrypt
-libexec/opensmtpd/lockspool
-libexec/opensmtpd/mail.lmtp
-libexec/opensmtpd/mail.local
-libexec/opensmtpd/mail.maildir
-libexec/opensmtpd/mail.mboxfile
-libexec/opensmtpd/mail.mda
-man/man1/smtp.1
-man/man5/aliases.5
-man/man5/forward.5
-man/man5/smtpd.conf.5
-man/man5/table.5
-man/man8/makemap.8
-man/man8/newaliases.8
-man/man8/sendmail.8
-man/man8/smtpctl.8
-man/man8/smtpd.8
-sbin/smtpctl
-sbin/smtpd
-share/examples/opensmtpd/mailer.conf
-share/examples/opensmtpd/smtpd.conf
diff --git a/opensmtpd/PLIST.common b/opensmtpd/PLIST.common
new file mode 100644
index 0000000000..3654426eba
--- /dev/null
+++ b/opensmtpd/PLIST.common
@@ -0,0 +1,33 @@
+@comment $NetBSD$
+bin/smtp
+libexec/opensmtpd/encrypt
+libexec/opensmtpd/lockspool
+libexec/opensmtpd/mail.lmtp
+libexec/opensmtpd/mail.local
+libexec/opensmtpd/mail.maildir
+libexec/opensmtpd/mail.mboxfile
+libexec/opensmtpd/mail.mda
+${PLIST.mailwrapper}libexec/opensmtpd/makemap
+man/man1/lockspool.1
+man/man1/smtp.1
+man/man5/aliases.5
+man/man5/forward.5
+man/man5/smtpd.conf.5
+man/man5/table.5
+man/man7/smtpd-filters.7
+man/man8/mail.lmtp.8
+man/man8/mail.local.8
+man/man8/mail.maildir.8
+man/man8/mail.mboxfile.8
+man/man8/mail.mda.8
+man/man8/makemap.8
+man/man8/newaliases.8
+man/man8/sendmail.8
+man/man8/smtpctl.8
+man/man8/smtpd.8
+sbin/smtpctl
+sbin/smtpd
+share/examples/opensmtpd/aliases
+${PLIST.mailwrapper}share/examples/opensmtpd/mailer.conf
+${PLIST.pam}share/examples/opensmtpd/pam.d/smtp
+share/examples/opensmtpd/smtpd.conf
diff --git a/opensmtpd/PLIST.nowrap b/opensmtpd/PLIST.nowrap
new file mode 100644
index 0000000000..35893da9c9
--- /dev/null
+++ b/opensmtpd/PLIST.nowrap
@@ -0,0 +1,5 @@
+@comment $NetBSD$
+sbin/mailq
+sbin/makemap
+sbin/newaliases
+sbin/sendmail
diff --git a/opensmtpd/TODO b/opensmtpd/TODO
index 823c13dfdc..8beb511d8a 100644
--- a/opensmtpd/TODO
+++ b/opensmtpd/TODO
@@ -6,10 +6,12 @@
       The buffersize for "username" was already increased upstream
 [X] Update PLIST
     Binaries with sendmail names are no longer installed
-[ ] Check CONFLICTS
+[X] Check CONFLICTS
     Maybe some can be removed after sendmail binaries are no longer installed
 [X] Remove BROKEN_FOR_PLATFORM
     - OpenBSD-*-* (not tested yet)
-
-This package has known vulnerabilities, please investigate and fix if possible:
-  CVE-2023-29323
+[X] CVE-2023-29323 is fixed upstream as of OpenSMTPD version 7.0.0-portable
+[ ] Write a README.pkgsrc
+[ ] Switch to bundled-libtls if OpenSSL3 is imported and LibreTLS
+    doesn't get a fix in the meantime. See:
+    https://github.com/OpenSMTPD/OpenSMTPD/pull/1208
diff --git a/opensmtpd/distinfo b/opensmtpd/distinfo
index 2f7058c7d9..702d1d43f5 100644
--- a/opensmtpd/distinfo
+++ b/opensmtpd/distinfo
@@ -1,13 +1,13 @@
 $NetBSD: distinfo,v 1.6 2016/06/01 11:47:06 wiz Exp $
 
-BLAKE2s (opensmtpd-6.8.0p2.tar.gz) = 2c4877e8f2de1ba710b3da2aea0129bb4a8746a8211d2c9763bac75043f58eb4
-SHA512 (opensmtpd-6.8.0p2.tar.gz) = 48f152b75575146fdd09bdf47123041ea62fefb6e5de33a69826bf91a2126a918f8db1caffadb2f142a1a21de8126d492de88cb65bdf169e61c0b22d3e78d290
-Size (opensmtpd-6.8.0p2.tar.gz) = 860189 bytes
+BLAKE2s (opensmtpd-7.3.0p1.tar.gz) = 0b2b46d52ae98647cb952d175b718b5bbb13c407cbde997a5d3350099227ccc2
+SHA512 (opensmtpd-7.3.0p1.tar.gz) = 2106de43e4b7435e49df759570ec758672ca8271dc451e30a261c250b41908b6ffe28e571a5f52e2ac14f59af132d1df45b272f8fcafeab04fcfb6bd5db970bb
+Size (opensmtpd-7.3.0p1.tar.gz) = 849026 bytes
 SHA1 (patch-contrib_libexec_mail.local_mail.local.c) = bec19540fa52c7c6596ab5923f3a67b334ddf168
-SHA1 (patch-mk_smtpd_Makefile.am) = 57a7921cb5de3f6388ad98f9b74b98ca49da38bb
+SHA1 (patch-mk_smtpd_Makefile.am) = cc3f82922e3e56bc0205085f7e311f2beeda7fc4
 SHA1 (patch-openbsd-compat_getpeereid.c) = 8d60140bffcabb6accf9b7bbe0f419c2c25d352d
-SHA1 (patch-openbsd-compat_imsg-buffer.c) = 88ca16db5dd400de14dafe7cc35d40adfd45a4c0
-SHA1 (patch-openbsd-compat_imsg.c) = ef84b7883b75bfc726085dac67b7bead16029e20
-SHA1 (patch-smtpd_proxy.c) = 895d3e9532bf53dcdb7a52825043acacac51b378
-SHA1 (patch-smtpd_smtp__session.c) = 565b1df1a6d4d3c5ee786f4501c1cd73992f2d3e
-SHA1 (patch-usr.sbin_smtpd_queue__fs.c) = f3c7f867e6542a0b080acd2b6ce9f28efed1a5e6
+SHA1 (patch-openbsd-compat_imsg-buffer.c) = 4b6861eec3461a192e20aa2daba4d74bd2659339
+SHA1 (patch-openbsd-compat_imsg.c) = 762b2ae2362716947ea007fa229e9e31fa6d08f3
+SHA1 (patch-usr.sbin_smtpd_proxy.c) = 895d3e9532bf53dcdb7a52825043acacac51b378
+SHA1 (patch-usr.sbin_smtpd_queue__fs.c) = f40d5be4c05d8d54f7368af8d20f4ee007860dc7
+SHA1 (patch-usr.sbin_smtpd_smtp__session.c) = 565b1df1a6d4d3c5ee786f4501c1cd73992f2d3e
diff --git a/opensmtpd/files/mailer.conf b/opensmtpd/files/mailer.conf
index 0cd17abbb4..287925bf1f 100644
--- a/opensmtpd/files/mailer.conf
+++ b/opensmtpd/files/mailer.conf
@@ -4,6 +4,6 @@
 #
 sendmail	@PREFIX@/sbin/smtpctl
 send-mail	@PREFIX@/sbin/smtpctl
-mailq		@PREFIX@/sbin/mailq
-makemap         @PREFIX@/sbin/makemap
-newaliases	@PREFIX@/sbin/newaliases
+mailq		@PREFIX@/sbin/smtpctl
+makemap		@PREFIX@/sbin/smptctl
+newaliases	@PREFIX@/sbin/smtpctl
diff --git a/opensmtpd/files/opensmtpd.sh b/opensmtpd/files/opensmtpd.sh
index 31417bb79d..d1e9be4962 100644
--- a/opensmtpd/files/opensmtpd.sh
+++ b/opensmtpd/files/opensmtpd.sh
@@ -1,19 +1,42 @@
-#!@RCD_SCRIPTS_SHELL@
+#!/bin/sh
 #
 # $NetBSD: opensmtpd.sh,v 1.1 2013/11/18 22:50:01 pettai Exp $
 #
 
-# PROVIDE: mail
+# PROVIDE: smtpd mail
 # REQUIRE: LOGIN
+# KEYWORD: shutdown
 #       we make mail start late, so that things like .forward's are not
 #       processed until the system is fully operational
 
-. /etc/rc.subr
+$_rc_subr_loaded . @SYSCONFBASE@/rc.subr
 
 name="smtpd"
 rcvar=opensmtpd
-command="@PREFIX@/sbin/${name}"
-required_files="@PKG_SYSCONFDIR@/smtpd.conf"
+
+: ${smtpd_config:="@PKG_SYSCONFDIR@/smtpd/${name}.conf"}
+: ${smtpd_server:="@PREFIX@/sbin/${name}"}
+: ${smtpd_flags:=""}
+
+command="${smtpd_server}"
+command_args="-f ${smtpd_config} -v"
+required_files="${smtpd_config}"
+pidfile="@VARBASE@/run/${name}.pid"
+
+start_precmd="smtpd_precmd"
+check_cmd="smtpd_check"
+extra_commands="check"
+
+smtpd_check()
+{
+	echo "Performing sanity check on smtpd configuration:"
+	eval ${command} ${command_args} ${smtpd_flags} -n
+}
+
+smtpd_precmd()
+{
+	smtpd_check
+}
 
 load_rc_config $name
 run_rc_command "$1"
diff --git a/opensmtpd/files/smtp.conf b/opensmtpd/files/smtp.conf
new file mode 100644
index 0000000000..33dd209efe
--- /dev/null
+++ b/opensmtpd/files/smtp.conf
@@ -0,0 +1,16 @@
+#
+# PAM configuration for the "smtp" service
+#
+
+# auth
+auth		required	pam_nologin.so		no_warn
+auth		include		system
+
+# account
+account		include		system
+
+# password
+password	include		system
+
+# session
+session		include		system
diff --git a/opensmtpd/options.mk b/opensmtpd/options.mk
new file mode 100644
index 0000000000..43a40be5c9
--- /dev/null
+++ b/opensmtpd/options.mk
@@ -0,0 +1,72 @@
+# $NetBSD: options.mk,v 1.2 2023/02/23 19:10:06 vins Exp $
+
+PKG_OPTIONS_VAR=	PKG_OPTIONS.opensmtpd
+
+PKG_SUPPORTED_OPTIONS=	mailwrapper pam
+
+.if ${OPSYS} != "OpenBSD"
+PKG_SUGGESTED_OPTIONS+=	pam
+.endif
+
+.if exists(/etc/mailer.conf) || exists(/etc/mail/mailer.conf) || exists(${PKG_SYSCONFDIR}/mailer.conf)
+PKG_SUGGESTED_OPTIONS+=	mailwrapper
+.endif
+
+PLIST_VARS+=		mailwrapper pam
+
+.include "../../mk/bsd.options.mk"
+
+#
+# PAM support
+#
+.if !empty(PKG_OPTIONS:Mpam)
+.  include "../../mk/pam.buildlink3.mk"
+
+CONFIGURE_ARGS+=	--with-auth-pam=smtp
+
+EGDIR=			${PREFIX}/share/examples/${PKGBASE}
+CONF_FILES+=		${EGDIR}/pam.d/smtp \
+			${PKG_SYSCONFDIR}/pam.d/smtp
+
+MAKE_DIRS+=		${PKG_SYSCONFDIR}/pam.d
+INSTALLATION_DIRS+=	share/examples/${PKGBASE}/pam.d
+
+PLIST.pam=		yes
+
+.PHONY:	pam-install
+
+pam-install:
+	${INSTALL_DATA} ${FILESDIR}/smtp.conf	\
+		${DESTDIR}${EGDIR}/pam.d/smtp
+.endif
+
+#
+# MTA symlinks
+# Create the appriopriate symbolic links to `smtpctl' if mailwrapper is
+# unavailable. This is done to accomodate clients that require historical
+# interfaces such as sendmail, newaliases or makemap.
+# The smtpctl utility can operate in compatibility mode if called with
+# the historical name.
+#
+.if !empty(PKG_OPTIONS:Mmailwrapper)
+post-install: install-aliases pam-install
+	${INSTALL_DATA} ${WRKDIR}/mailer.conf \
+		${DESTDIR}${EGDIR}/mailer.conf
+	${RUN}${LN} -sf ${PREFIX}/sbin/smtpctl \
+		${DESTDIR}${PREFIX}/libexec/opensmtpd/makemap
+
+PLIST.mailwrapper=	yes
+
+.else
+
+CONFLICTS+=	courier-mta-[0-9]* fastforward>=0.51nb2 sendmail-[0-9]*
+CONFLICTS+=	esmtp>=1.2 nullmailer-[0-9]* postfix-[0-9]* qmail-[0-9]*
+
+post-install: install-aliases pam-install
+.  for i in mailq makemap newaliases sendmail
+	${RUN}${LN} -sf ${PREFIX}/sbin/smtpctl	\
+		${DESTDIR}${PREFIX}/sbin/${i}
+.  endfor
+
+PLIST_SRC+=	PLIST.nowrap
+.endif
diff --git a/opensmtpd/patches/patch-mk_smtpd_Makefile.am b/opensmtpd/patches/patch-mk_smtpd_Makefile.am
index 5021302886..2e47858c28 100644
--- a/opensmtpd/patches/patch-mk_smtpd_Makefile.am
+++ b/opensmtpd/patches/patch-mk_smtpd_Makefile.am
@@ -2,9 +2,9 @@ $NetBSD$
 
 Install the configuration file in the example directory.
 
---- mk/smtpd/Makefile.am.orig	2016-02-02 07:40:06.000000000 +0000
+--- mk/smtpd/Makefile.am.orig	2023-06-27 14:04:37.000000000 +0000
 +++ mk/smtpd/Makefile.am
-@@ -162,17 +162,16 @@ $(CONFIGFILES): $(CONFIGFILES_IN)
+@@ -164,19 +164,17 @@ $(CONFIGFILES): $(CONFIGFILES_IN)
  
  # smtpd.conf
  # newaliases makemap
@@ -16,6 +16,7 @@ Install the configuration file in the example directory.
 +	$(MKDIR_P) $(DESTDIR)$(EXAMPLE_DIR)
  	$(MKDIR_P) $(DESTDIR)$(bindir)
  	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
+ 	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)7
  	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
  
 -	@if [ ! -f $(DESTDIR)$(sysconfdir)/smtpd.conf ]; then			\
@@ -23,7 +24,8 @@ Install the configuration file in the example directory.
 -	else									\
 -		echo "$(DESTDIR)$(sysconfdir)/smtpd.conf already exists, install will not overwrite"; \
 -	fi
-+	$(INSTALL) -m 644 smtpd.conf.out $(DESTDIR)$(EXAMPLE_DIR)/smtpd.conf
- 
+-
++	$(INSTALL) -m 644 smtpd.conf.out	$(DESTDIR)$(EXAMPLE_DIR)/smtpd.conf
  	$(INSTALL) -m 644 aliases.5.out		$(DESTDIR)$(mandir)/$(mansubdir)5/aliases.5
  	$(INSTALL) -m 644 forward.5.out		$(DESTDIR)$(mandir)/$(mansubdir)5/forward.5
+ 	$(INSTALL) -m 644 table.5.out		$(DESTDIR)$(mandir)/$(mansubdir)5/table.5
diff --git a/opensmtpd/patches/patch-openbsd-compat_imsg-buffer.c b/opensmtpd/patches/patch-openbsd-compat_imsg-buffer.c
index 23e09b6c46..b791f4faac 100644
--- a/opensmtpd/patches/patch-openbsd-compat_imsg-buffer.c
+++ b/opensmtpd/patches/patch-openbsd-compat_imsg-buffer.c
@@ -2,7 +2,7 @@ $NetBSD$
 
 Fix build on SmartOS
 
---- openbsd-compat/imsg-buffer.c.orig	2020-05-21 19:06:04.000000000 +0000
+--- openbsd-compat/imsg-buffer.c.orig	2023-06-27 14:04:38.000000000 +0000
 +++ openbsd-compat/imsg-buffer.c
 @@ -16,6 +16,15 @@
   * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
@@ -19,13 +19,4 @@ Fix build on SmartOS
 +
  #include "includes.h"
  
- #include <sys/param.h>
-@@ -26,7 +35,7 @@
- #include <errno.h>
- #include <stdlib.h>
- #include <string.h>
--#ifndef HAVE_EXPLICIT_BZERO
-+#if defined (HAVE_EXPLICIT_BZERO) || (defined(sun) || defined(__sun))
- #include <strings.h>
- #endif
- #include <unistd.h>
+ #include <sys/types.h>
diff --git a/opensmtpd/patches/patch-openbsd-compat_imsg.c b/opensmtpd/patches/patch-openbsd-compat_imsg.c
index 6e101443e3..b9a1b9f820 100644
--- a/opensmtpd/patches/patch-openbsd-compat_imsg.c
+++ b/opensmtpd/patches/patch-openbsd-compat_imsg.c
@@ -2,7 +2,7 @@ $NetBSD$
 
 Fix build on SmartOS
 
---- openbsd-compat/imsg.c.orig	2020-05-21 19:06:04.000000000 +0000
+--- openbsd-compat/imsg.c.orig	2023-06-27 14:04:38.000000000 +0000
 +++ openbsd-compat/imsg.c
 @@ -16,6 +16,15 @@
   * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
@@ -19,13 +19,4 @@ Fix build on SmartOS
 +
  #include "includes.h"
  
- #include <sys/param.h>
-@@ -26,7 +35,7 @@
- #include <errno.h>
- #include <stdlib.h>
- #include <string.h>
--#ifndef HAVE_EXPLICIT_BZERO
-+#if !defined (HAVE_EXPLICIT_BZERO) || (defined(sun) || defined(__sun))
- #include <strings.h>
- #endif
- #include <unistd.h>
+ #include <sys/types.h>
diff --git a/opensmtpd/patches/patch-smtpd_proxy.c b/opensmtpd/patches/patch-smtpd_proxy.c
deleted file mode 100644
index 93689a01ed..0000000000
--- a/opensmtpd/patches/patch-smtpd_proxy.c
+++ /dev/null
@@ -1,32 +0,0 @@
-$NetBSD$
-
-Rename local variables to avoid name clash on SmartOS.
-
---- usr.sbin/smtpd/proxy.c.orig	2020-05-21 19:06:04.000000000 +0000
-+++ usr.sbin/smtpd/proxy.c
-@@ -341,7 +341,7 @@ proxy_translate_ss(struct proxy_session
- {
- 	struct sockaddr_in *sin = (struct sockaddr_in *) &s->ss;
- 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) &s->ss;
--	struct sockaddr_un *sun = (struct sockaddr_un *) &s->ss;
-+	struct sockaddr_un *lsun = (struct sockaddr_un *) &s->ss;
- 	size_t sun_len;
- 
- 	switch (s->hdr.fam) {
-@@ -370,13 +370,13 @@ proxy_translate_ss(struct proxy_session
- 		memset(&s->ss, 0, sizeof(s->ss));
- 		sun_len = strnlen(s->addr.un.src_addr,
- 		    sizeof(s->addr.un.src_addr));
--		if (sun_len > sizeof(sun->sun_path)) {
-+		if (sun_len > sizeof(lsun->sun_path)) {
- 			proxy_error(s, "address translation", "Unix socket path"
- 			    " longer than supported");
- 			return (-1);
- 		}
--		sun->sun_family = AF_UNIX;
--		memcpy(sun->sun_path, s->addr.un.src_addr, sun_len);
-+		lsun->sun_family = AF_UNIX;
-+		memcpy(lsun->sun_path, s->addr.un.src_addr, sun_len);
- 		break;
- 
- 	default:
diff --git a/opensmtpd/patches/patch-smtpd_smtp__session.c b/opensmtpd/patches/patch-smtpd_smtp__session.c
deleted file mode 100644
index af2df30103..0000000000
--- a/opensmtpd/patches/patch-smtpd_smtp__session.c
+++ /dev/null
@@ -1,64 +0,0 @@
-$NetBSD$
-
-Add a patch to handle long usernames during SMTP authentication,
-e.g. often username exceeds the limit when it contains @host.name
-part.
-
-From FreeBSD's ports.
-
-cf.http://svnweb.freebsd.org/ports?view=revision&revision=394424
-
-For update 6.7.1p1:
-Removed hunk to increase buffersize to LOGIN_NAME_MAX+HOST_NAME_MAX+1,
-this was already increased upstream to SMTPD_MAXMAILADDRSIZE.
-
---- usr.sbin/smtpd/smtp_session.c.orig	2020-05-21 19:06:04.000000000 +0000
-+++ usr.sbin/smtpd/smtp_session.c
-@@ -84,6 +84,7 @@ enum {
- 	TX_ERROR_ENVELOPE,
- 	TX_ERROR_SIZE,
- 	TX_ERROR_IO,
-+	SF_USERTOOLONG		= 0x0400,
- 	TX_ERROR_LOOP,
- 	TX_ERROR_MALFORMED,
- 	TX_ERROR_RESOURCES,
-@@ -970,6 +971,15 @@ smtp_session_imsg(struct mproc *p, struc
- 
- 		s = tree_xpop(&wait_parent_auth, reqid);
- 		strnvis(user, s->username, sizeof user, VIS_WHITE | VIS_SAFE);
-+
-+		if (s->flags & SF_USERTOOLONG) {
-+			log_info("smtp-in: sesson %016"PRIx64
-+				": auth failed because username too long",
-+				s->id);
-+			s->flags &= (~SF_USERTOOLONG);
-+			success = LKA_PERMFAIL;
-+		}
-+
- 		if (success == LKA_OK) {
- 			log_info("%016"PRIx64" smtp "
- 			    "authentication user=%s "
-@@ -1967,7 +1977,7 @@ smtp_rfc4954_auth_plain(struct smtp_sess
- 		user++; /* skip NUL */
- 		if (strlcpy(s->username, user, sizeof(s->username))
- 		    >= sizeof(s->username))
--			goto abort;
-+			s->flags |= SF_USERTOOLONG;
- 
- 		pass = memchr(user, '\0', len - (user - buf));
- 		if (pass == NULL || pass >= buf + len - 2)
-@@ -2011,9 +2021,12 @@ smtp_rfc4954_auth_login(struct smtp_sess
- 
- 	case STATE_AUTH_USERNAME:
- 		memset(s->username, 0, sizeof(s->username));
--		if (base64_decode(arg, (unsigned char *)s->username,
--				  sizeof(s->username) - 1) == -1)
-+		if (base64_decode(arg, (unsigned char *)buf,
-+				  sizeof(buf) - 1) == -1)
- 			goto abort;
-+		if (strlcpy(s->username, buf, sizeof(s->username))
-+		    >= sizeof(s->username))
-+			s->flags |= SF_USERTOOLONG;
- 
- 		smtp_enter_state(s, STATE_AUTH_PASSWORD);
- 		smtp_reply(s, "334 UGFzc3dvcmQ6");
diff --git a/opensmtpd/patches/patch-usr.sbin_smtpd_proxy.c b/opensmtpd/patches/patch-usr.sbin_smtpd_proxy.c
new file mode 100644
index 0000000000..93689a01ed
--- /dev/null
+++ b/opensmtpd/patches/patch-usr.sbin_smtpd_proxy.c
@@ -0,0 +1,32 @@
+$NetBSD$
+
+Rename local variables to avoid name clash on SmartOS.
+
+--- usr.sbin/smtpd/proxy.c.orig	2020-05-21 19:06:04.000000000 +0000
++++ usr.sbin/smtpd/proxy.c
+@@ -341,7 +341,7 @@ proxy_translate_ss(struct proxy_session
+ {
+ 	struct sockaddr_in *sin = (struct sockaddr_in *) &s->ss;
+ 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) &s->ss;
+-	struct sockaddr_un *sun = (struct sockaddr_un *) &s->ss;
++	struct sockaddr_un *lsun = (struct sockaddr_un *) &s->ss;
+ 	size_t sun_len;
+ 
+ 	switch (s->hdr.fam) {
+@@ -370,13 +370,13 @@ proxy_translate_ss(struct proxy_session
+ 		memset(&s->ss, 0, sizeof(s->ss));
+ 		sun_len = strnlen(s->addr.un.src_addr,
+ 		    sizeof(s->addr.un.src_addr));
+-		if (sun_len > sizeof(sun->sun_path)) {
++		if (sun_len > sizeof(lsun->sun_path)) {
+ 			proxy_error(s, "address translation", "Unix socket path"
+ 			    " longer than supported");
+ 			return (-1);
+ 		}
+-		sun->sun_family = AF_UNIX;
+-		memcpy(sun->sun_path, s->addr.un.src_addr, sun_len);
++		lsun->sun_family = AF_UNIX;
++		memcpy(lsun->sun_path, s->addr.un.src_addr, sun_len);
+ 		break;
+ 
+ 	default:
diff --git a/opensmtpd/patches/patch-usr.sbin_smtpd_queue__fs.c b/opensmtpd/patches/patch-usr.sbin_smtpd_queue__fs.c
index c74423def7..810c3aac1e 100644
--- a/opensmtpd/patches/patch-usr.sbin_smtpd_queue__fs.c
+++ b/opensmtpd/patches/patch-usr.sbin_smtpd_queue__fs.c
@@ -1,5 +1,7 @@
 $NetBSD$
 
+Fix build on DragonFly
+
 --- usr.sbin/smtpd/queue_fs.c.orig	2020-12-24 13:42:14.000000000 +0000
 +++ usr.sbin/smtpd/queue_fs.c
 @@ -16,6 +16,17 @@
diff --git a/opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c b/opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c
new file mode 100644
index 0000000000..af2df30103
--- /dev/null
+++ b/opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c
@@ -0,0 +1,64 @@
+$NetBSD$
+
+Add a patch to handle long usernames during SMTP authentication,
+e.g. often username exceeds the limit when it contains @host.name
+part.
+
+From FreeBSD's ports.
+
+cf.http://svnweb.freebsd.org/ports?view=revision&revision=394424
+
+For update 6.7.1p1:
+Removed hunk to increase buffersize to LOGIN_NAME_MAX+HOST_NAME_MAX+1,
+this was already increased upstream to SMTPD_MAXMAILADDRSIZE.
+
+--- usr.sbin/smtpd/smtp_session.c.orig	2020-05-21 19:06:04.000000000 +0000
++++ usr.sbin/smtpd/smtp_session.c
+@@ -84,6 +84,7 @@ enum {
+ 	TX_ERROR_ENVELOPE,
+ 	TX_ERROR_SIZE,
+ 	TX_ERROR_IO,
++	SF_USERTOOLONG		= 0x0400,
+ 	TX_ERROR_LOOP,
+ 	TX_ERROR_MALFORMED,
+ 	TX_ERROR_RESOURCES,
+@@ -970,6 +971,15 @@ smtp_session_imsg(struct mproc *p, struc
+ 
+ 		s = tree_xpop(&wait_parent_auth, reqid);
+ 		strnvis(user, s->username, sizeof user, VIS_WHITE | VIS_SAFE);
++
++		if (s->flags & SF_USERTOOLONG) {
++			log_info("smtp-in: sesson %016"PRIx64
++				": auth failed because username too long",
++				s->id);
++			s->flags &= (~SF_USERTOOLONG);
++			success = LKA_PERMFAIL;
++		}
++
+ 		if (success == LKA_OK) {
+ 			log_info("%016"PRIx64" smtp "
+ 			    "authentication user=%s "
+@@ -1967,7 +1977,7 @@ smtp_rfc4954_auth_plain(struct smtp_sess
+ 		user++; /* skip NUL */
+ 		if (strlcpy(s->username, user, sizeof(s->username))
+ 		    >= sizeof(s->username))
+-			goto abort;
++			s->flags |= SF_USERTOOLONG;
+ 
+ 		pass = memchr(user, '\0', len - (user - buf));
+ 		if (pass == NULL || pass >= buf + len - 2)
+@@ -2011,9 +2021,12 @@ smtp_rfc4954_auth_login(struct smtp_sess
+ 
+ 	case STATE_AUTH_USERNAME:
+ 		memset(s->username, 0, sizeof(s->username));
+-		if (base64_decode(arg, (unsigned char *)s->username,
+-				  sizeof(s->username) - 1) == -1)
++		if (base64_decode(arg, (unsigned char *)buf,
++				  sizeof(buf) - 1) == -1)
+ 			goto abort;
++		if (strlcpy(s->username, buf, sizeof(s->username))
++		    >= sizeof(s->username))
++			s->flags |= SF_USERTOOLONG;
+ 
+ 		smtp_enter_state(s, STATE_AUTH_PASSWORD);
+ 		smtp_reply(s, "334 UGFzc3dvcmQ6");


Home | Main Index | Thread Index | Old Index