diff options
| author | Amish | 2018-05-21 23:42:44 +0530 |
|---|---|---|
| committer | Amish | 2018-05-21 23:42:44 +0530 |
| commit | 48e6ee4a98c6f481e54dd72a9dd424ac5822b1a6 (patch) | |
| tree | d5ddb1dabd8a7e3cf846653bd1bdfec42e35ed09 | |
| parent | 10ce71ffc6b61c0fd6f50b435a65070f434683c6 (diff) | |
| download | aur-48e6ee4a98c6f481e54dd72a9dd424ac5822b1a6.tar.gz | |
Update to 8.15.2-3. Drastic changes and simplification of PKGBUILD.
| -rw-r--r-- | .SRCINFO | 18 | ||||
| -rw-r--r-- | .gitignore | 4 | ||||
| -rw-r--r-- | PKGBUILD | 123 | ||||
| -rw-r--r-- | sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch | 20 | ||||
| -rw-r--r-- | sendmail-8.15.2-openssl-1.1.0-fix.patch | 182 | ||||
| -rw-r--r-- | sendmail-8.15.2-smtp-session-reuse-fix.patch | 249 | ||||
| -rw-r--r-- | sendmail.install | 30 | ||||
| -rw-r--r-- | sendmail.sysusers | 2 | ||||
| -rw-r--r-- | sendmail.tmpfiles | 2 |
9 files changed, 546 insertions, 84 deletions
@@ -1,10 +1,8 @@ pkgbase = sendmail pkgdesc = The sendmail MTA pkgver = 8.15.2 - pkgrel = 2 + pkgrel = 3 url = http://www.sendmail.org - install = sendmail.install - arch = i686 arch = x86_64 license = Sendmail License depends = db @@ -18,12 +16,22 @@ pkgbase = sendmail backup = etc/mail/aliases backup = etc/mail/sendmail.cf source = ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.gz - source = sendmail.service + source = sendmail-8.15.2-smtp-session-reuse-fix.patch + source = sendmail-8.15.2-openssl-1.1.0-fix.patch + source = sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch source = sendmail.conf + source = sendmail.sysusers + source = sendmail.tmpfiles + source = sendmail.service source = sm-client.service sha256sums = 24f94b5fd76705f15897a78932a5f2439a32b1a2fdc35769bb1a5f5d9b4db439 - sha256sums = 380edeb289dfdfc5b0d4ea38df3a0fd35e6f83eeee76254ec7b3506eadfb674f + sha256sums = bc5a0de6c5434d8d46467f93d07b2bb5c7acd62f9dbce2490e0005d21b673250 + sha256sums = 9991dd85428778cec0c2030bf49e6ddf6d3db6026c651f858d72891973537b0e + sha256sums = 746d8ae8dea54cb2599c02181c2ea28ab15b26ba5e1e3b0f9cfe907a0e7a1d22 sha256sums = 39730f2be66bb1f1e6bc7fff61911db632ecf4b891d348df525abe2020274580 + sha256sums = 40ee2d98af98e6a094c42934f10aa7cb0d62fa38184e447a65b45f317e741b5e + sha256sums = 4b5168dea0196a9a03e5a0b54a8354cec7563973705db35a22f451bcedcd388f + sha256sums = 380edeb289dfdfc5b0d4ea38df3a0fd35e6f83eeee76254ec7b3506eadfb674f sha256sums = ecbd0a27e868d73d87fcfec292c19ea9479d0a8e9783788596d9add5e012218f pkgname = sendmail diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..6c53dbc47a8e --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +src +pkg +*x86_64.pkg.tar.xz +sendmail*.tar.gz @@ -1,4 +1,5 @@ -# Maintainer: Thomas Berryhill <tb01110100@gmail.com> +# Maintainer: Amish <contact at via dot aur> +# Contributor: Thomas Berryhill <tb01110100@gmail.com> # Contributor: Vlad M. <vlad@arhclinux.net> # Contributor: chrisl echo archlinux@c2h0r1i2s4t5o6p7h8e9r-l3u4n1a.com|sed 's/[0-9]//g' # Contributor: mazieres @@ -6,68 +7,92 @@ pkgname="sendmail" pkgver=8.15.2 -pkgrel=2 +pkgrel=3 pkgdesc="The sendmail MTA" url="http://www.sendmail.org" -arch=('i686' 'x86_64') +arch=('x86_64') license=('Sendmail License') provides=('sendmail=8.15') -conflicts=('msmtp-mta' - 'postfix' - 'exim' - 'opensmtpd') +conflicts=('msmtp-mta' 'postfix' 'exim' 'opensmtpd') backup=('etc/conf.d/sendmail' 'etc/mail/aliases' - 'etc/mail/sendmail.cf') + 'etc/mail/sendmail.cf') source=("ftp://ftp.sendmail.org/pub/${pkgname}/${pkgname}.${pkgver}.tar.gz" - 'sendmail.service' + 'sendmail-8.15.2-smtp-session-reuse-fix.patch' + 'sendmail-8.15.2-openssl-1.1.0-fix.patch' + 'sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch' 'sendmail.conf' + 'sendmail.sysusers' + 'sendmail.tmpfiles' + 'sendmail.service' 'sm-client.service') -depends=('db' - 'cyrus-sasl') +depends=('db' 'cyrus-sasl') sha256sums=('24f94b5fd76705f15897a78932a5f2439a32b1a2fdc35769bb1a5f5d9b4db439' - '380edeb289dfdfc5b0d4ea38df3a0fd35e6f83eeee76254ec7b3506eadfb674f' + 'bc5a0de6c5434d8d46467f93d07b2bb5c7acd62f9dbce2490e0005d21b673250' + '9991dd85428778cec0c2030bf49e6ddf6d3db6026c651f858d72891973537b0e' + '746d8ae8dea54cb2599c02181c2ea28ab15b26ba5e1e3b0f9cfe907a0e7a1d22' '39730f2be66bb1f1e6bc7fff61911db632ecf4b891d348df525abe2020274580' + '40ee2d98af98e6a094c42934f10aa7cb0d62fa38184e447a65b45f317e741b5e' + '4b5168dea0196a9a03e5a0b54a8354cec7563973705db35a22f451bcedcd388f' + '380edeb289dfdfc5b0d4ea38df3a0fd35e6f83eeee76254ec7b3506eadfb674f' 'ecbd0a27e868d73d87fcfec292c19ea9479d0a8e9783788596d9add5e012218f') -install="${pkgname}.install" -build(){ - cd "$srcdir/${pkgname}-${pkgver}" || return 1 - # Add support for SASL2 - chmod +w devtools/OS/Linux - echo -e "define(\`confSTDIO_TYPE', \`portable')\nAPPENDDEF(\`conf_sendmail_ENVDEF', \`-DSTARTTLS')\nAPPENDDEF(\`conf_sendmail_LIBS', \`-lssl -lcrypto')\n">>devtools/OS/Linux - echo "APPENDDEF(\`conf_sendmail_ENVDEF', \`-DSASL=2')" >>devtools/OS/Linux - echo "APPENDDEF(\`conf_libmilter_ENVDEF', \`-DNETINET6')" >>devtools/OS/Linux - echo "APPENDDEF(\`conf_sendmail_LIBS', \`-lresolv -lsasl2')" >>devtools/OS/Linux - echo "APPENDDEF(\`confLIBS', \`-ldb')" >>devtools/OS/Linux - echo "APPENDDEF(\`confMAPDEF', \`-DNEWDB')" >>devtools/OS/Linux +prepare() { + # patches picked from Fedora + cd "${srcdir}/${pkgname}-${pkgver}" + patch -p1 < "${srcdir}"/sendmail-8.15.2-smtp-session-reuse-fix.patch + patch -p1 < "${srcdir}"/sendmail-8.15.2-openssl-1.1.0-fix.patch + patch -p1 < "${srcdir}"/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch - sed -i -e '58 s/^/dnl /' -e '59 s/^/dnl /' sendmail/Makefile.m4 # Sendmail expects user and group smmsp to exists before make install, this line prevent errors from that - ./Build || return 1 - sed -i -e '449 s/-o [^}]*}[^}]*}//' -e '449 s/-m .{GBINMODE}/-m 755/' obj.*/sendmail/Makefile # Sendmail expects user and group smmsp to exists before make install, this line prevent errors from that - GROFF_NO_SGR=1 make -C doc/op op.txt op.ps + chmod 0644 devtools/OS/Linux + echo "define(\`confSTDIO_TYPE', \`portable')" >> devtools/OS/Linux + echo "define(\`confGBINGRP', \`25')" >> devtools/OS/Linux + echo "define(\`confMSPQOWN', \`150')" >> devtools/OS/Linux + echo "define(\`confINCGRP', \`root')" >> devtools/OS/Linux + echo "define(\`confLIBGRP', \`root')" >> devtools/OS/Linux + echo "define(\`confMANGRP', \`root')" >> devtools/OS/Linux + echo "define(\`confMANOWN', \`root')" >> devtools/OS/Linux + echo "define(\`confMBINGRP', \`root')" >> devtools/OS/Linux + echo "define(\`confSBINGRP', \`root')" >> devtools/OS/Linux + echo "define(\`confUBINGRP', \`root')" >> devtools/OS/Linux + echo "define(\`confUBINOWN', \`root')" >> devtools/OS/Linux + echo "define(\`confEBINDIR', \`/usr/bin')" >> devtools/OS/Linux + echo "define(\`confMBINDIR', \`/usr/bin')" >> devtools/OS/Linux + echo "define(\`confSBINDIR', \`/usr/bin')" >> devtools/OS/Linux + echo "define(\`confMANROOT', \`/usr/share/man/man')" >> devtools/OS/Linux + echo "APPENDDEF(\`conf_sendmail_ENVDEF', \`-DSTARTTLS')" >> devtools/OS/Linux + echo "APPENDDEF(\`conf_sendmail_LIBS', \`-lssl -lcrypto')" >> devtools/OS/Linux + echo "APPENDDEF(\`conf_sendmail_ENVDEF', \`-DSASL=2')" >> devtools/OS/Linux + echo "APPENDDEF(\`conf_libmilter_ENVDEF', \`-DNETINET6')" >>devtools/OS/Linux + echo "APPENDDEF(\`conf_sendmail_LIBS', \`-lresolv -lsasl2')" >> devtools/OS/Linux + echo "APPENDDEF(\`confLIBS', \`-ldb')" >> devtools/OS/Linux + echo "APPENDDEF(\`confMAPDEF', \`-DNEWDB')" >> devtools/OS/Linux + sed -i -e 's/CFGRP=bin/CFGRP=root/g' cf/cf/Makefile } -package(){ - mkdir -p $pkgdir/etc/conf.d/ - mkdir -p $pkgdir/usr/{bin,sbin,share/man,share/doc/sendmail,/lib/systemd/system} \ - $pkgdir/usr/man/man{1,5,8} $pkgdir/var/spool/mqueue \ - || return 1 - cp sendmail.service sm-client.service $pkgdir/usr/lib/systemd/system - cp sendmail.conf $pkgdir/etc/conf.d/sendmail - cd "$srcdir/${pkgname}-${pkgver}" || return 1 - make install DESTDIR="$pkgdir" || return 1 - make -C mail.local force-install DESTDIR="$pkgdir" || return 1 - make -C rmail force-install DESTDIR="$pkgdir" || return 1 - mv $pkgdir/usr/man/* $pkgdir/usr/share/man/ - rmdir $pkgdir/usr/man - cp -r cf $pkgdir/usr/share/sendmail-cf - cp sendmail/aliases $pkgdir/etc/mail/aliases - cp cf/cf/generic-linux.cf $pkgdir/etc/mail/sendmail.cf - cp doc/op/op.{ps,txt} $pkgdir/usr/share/doc/sendmail/ - install -D -m644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" - find $pkgdir -user bin -print | xargs chown root - find $pkgdir -group bin -print | xargs chgrp root - mv $pkgdir/usr/sbin/* $pkgdir/usr/bin/ - rmdir $pkgdir/usr/sbin +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + ./Build + GROFF_NO_SGR=1 make -C doc/op op.txt op.ps +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + install -dm755 "${pkgdir}"/usr/{bin,share/{doc/sendmail,man/man{1,5,8}}} + make install DESTDIR="${pkgdir}" + make -C mail.local force-install DESTDIR="${pkgdir}" + make -C rmail force-install DESTDIR="${pkgdir}" + + cp -r cf "${pkgdir}"/usr/share/sendmail-cf + rmdir "${pkgdir}"/{var/spool/clientmqueue,var/spool,var} + install -Dm644 -t "${pkgdir}"/etc/mail sendmail/aliases + install -Dm644 cf/cf/generic-linux.cf "${pkgdir}"/etc/mail/sendmail.cf + install -Dm644 -t "${pkgdir}"/usr/share/doc/sendmail doc/op/op.{ps,txt} + install -Dm644 -t "${pkgdir}/usr/share/licenses/${pkgname}" LICENSE + + cd "${srcdir}" + install -Dm644 sendmail.conf "${pkgdir}"/etc/conf.d/sendmail + install -Dm644 -t "${pkgdir}"/usr/lib/systemd/system {sendmail,sm-client}.service + install -Dm644 sendmail.sysusers "${pkgdir}"/usr/lib/sysusers.d/sendmail.conf + install -Dm644 sendmail.tmpfiles "${pkgdir}"/usr/lib/tmpfiles.d/sendmail.conf } diff --git a/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch b/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch new file mode 100644 index 000000000000..b470358a7f4b --- /dev/null +++ b/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch @@ -0,0 +1,20 @@ +diff --git a/sendmail/tls.c b/sendmail/tls.c +index 16cb93f..9338380 100644 +--- a/sendmail/tls.c ++++ b/sendmail/tls.c +@@ -1329,13 +1329,8 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar + } + + #if _FFR_TLS_EC +- ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +- if (ecdh != NULL) +- { +- SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE); +- SSL_CTX_set_tmp_ecdh(*ctx, ecdh); +- EC_KEY_free(ecdh); +- } ++ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE); ++ SSL_CTX_set_ecdh_auto(*ctx, 1); + #endif /* _FFR_TLS_EC */ + + } diff --git a/sendmail-8.15.2-openssl-1.1.0-fix.patch b/sendmail-8.15.2-openssl-1.1.0-fix.patch new file mode 100644 index 000000000000..54a67548941d --- /dev/null +++ b/sendmail-8.15.2-openssl-1.1.0-fix.patch @@ -0,0 +1,182 @@ +--- sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 15:20:59.953546417 +0100 ++++ sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 17:26:43.868521378 +0100 +@@ -63,14 +63,28 @@ static unsigned char dh512_g[] = + static DH * + get_dh512() + { +- DH *dh = NULL; ++ DH *dh; ++ BIGNUM *p, *g; + + if ((dh = DH_new()) == NULL) + return NULL; +- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); +- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); ++ g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); ++ if (p == NULL || g == NULL) ++ { ++ BN_free(p); ++ BN_free(g); ++ DH_free(dh); + return NULL; ++ } ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ DH_set0_pqg(dh, p, NULL, g); ++#else ++ dh->p = p; ++ dh->g = g; ++#endif ++ + return dh; + } + +@@ -117,16 +131,27 @@ get_dh2048() + }; + static unsigned char dh2048_g[]={ 0x02, }; + DH *dh; ++ BIGNUM *p, *g; + + if ((dh=DH_new()) == NULL) + return(NULL); +- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); +- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); ++ g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); ++ if (p == NULL || g == NULL) + { ++ BN_free(p); ++ BN_free(g); + DH_free(dh); +- return(NULL); ++ return NULL; + } ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ DH_set0_pqg(dh, p, NULL, g); ++#else ++ dh->p = p; ++ dh->g = g; ++#endif ++ + return(dh); + } + # endif /* !NO_DH */ +@@ -715,6 +740,54 @@ static char server_session_id_context[] + # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0 + #endif + ++static RSA * ++generate_rsa_key(bits, e) ++ int bits; ++ unsigned long e; ++{ ++#if OPENSSL_VERSION_NUMBER < 0x00908000L ++ return RSA_generate_key(bits, e, NULL, NULL); ++#else ++ BIGNUM *bne; ++ RSA *rsa = NULL; ++ ++ bne = BN_new(); ++ if (bne && BN_set_word(bne, e) != 1) ++ rsa = RSA_new(); ++ if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1) ++ { ++ RSA_free(rsa); ++ rsa = NULL; ++ } ++ BN_free(bne); ++ return rsa; ++#endif ++} ++ ++static DSA * ++generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret) ++ int bits; ++ unsigned char *seed; ++ int seed_len; ++ int *counter_ret; ++ unsigned long *h_ret; ++{ ++#if OPENSSL_VERSION_NUMBER < 0x00908000L ++ return DSA_generate_parameters(bits, seed, seed_len, counter_ret, ++ h_ret, NULL, NULL); ++#else ++ DSA *dsa = DSA_new(); ++ ++ if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len, ++ counter_ret, h_ret, NULL) != 1) ++ { ++ DSA_free(dsa); ++ dsa = NULL; ++ } ++ return dsa; ++#endif ++} ++ + bool + inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) + SSL_CTX **ctx; +@@ -926,7 +999,7 @@ inittls(ctx, req, options, srv, certfile + { + /* get a pointer to the current certificate validation store */ + store = SSL_CTX_get_cert_store(*ctx); /* does not fail */ +- crl_file = BIO_new(BIO_s_file_internal()); ++ crl_file = BIO_new(BIO_s_file()); + if (crl_file != NULL) + { + if (BIO_read_filename(crl_file, CRLFile) >= 0) +@@ -1003,8 +1076,7 @@ inittls(ctx, req, options, srv, certfile + if (bitset(TLS_I_RSA_TMP, req) + # if SM_CONF_SHM + && ShmId != SM_SHM_NO_ID && +- (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, +- NULL)) == NULL ++ (rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL + # else /* SM_CONF_SHM */ + && 0 /* no shared memory: no need to generate key now */ + # endif /* SM_CONF_SHM */ +@@ -1210,8 +1282,8 @@ inittls(ctx, req, options, srv, certfile + sm_dprintf("inittls: Generating %d bit DH parameters\n", bits); + + /* this takes a while! */ +- dsa = DSA_generate_parameters(bits, NULL, 0, NULL, +- NULL, 0, NULL); ++ dsa = generate_dsa_parameters(bits, NULL, 0, NULL, ++ NULL); + dh = DSA_dup_DH(dsa); + DSA_free(dsa); + } +@@ -1747,7 +1819,7 @@ tmp_rsa_key(s, export, keylength) + + if (rsa_tmp != NULL) + RSA_free(rsa_tmp); +- rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL); ++ rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4); + if (rsa_tmp == NULL) + { + if (LogLevel > 0) +@@ -1974,11 +2046,20 @@ x509_verify_cb(ok, ctx) + { + if (LogLevel > 13) + tls_verify_log(ok, ctx, "x509"); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ if (X509_STORE_CTX_get_error(ctx) == ++ X509_V_ERR_UNABLE_TO_GET_CRL) ++ { ++ X509_STORE_CTX_set_error(ctx, 0); ++ return 1; /* override it */ ++ } ++#else + if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) + { + ctx->error = 0; + return 1; /* override it */ + } ++#endif + } + return ok; + } diff --git a/sendmail-8.15.2-smtp-session-reuse-fix.patch b/sendmail-8.15.2-smtp-session-reuse-fix.patch new file mode 100644 index 000000000000..bc148419532b --- /dev/null +++ b/sendmail-8.15.2-smtp-session-reuse-fix.patch @@ -0,0 +1,249 @@ +diff -ru a/sendmail/deliver.c b/sendmail/deliver.c +--- a/sendmail/deliver.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/deliver.c 2016-02-29 06:02:06.000000000 -0800 +@@ -6274,8 +6274,7 @@ + tlslogerr(LOG_WARNING, "client"); + } + +- SSL_free(clt_ssl); +- clt_ssl = NULL; ++ SM_SSL_FREE(clt_ssl); + return EX_SOFTWARE; + } + mci->mci_ssl = clt_ssl; +@@ -6287,8 +6286,7 @@ + return EX_OK; + + /* failure */ +- SSL_free(clt_ssl); +- clt_ssl = NULL; ++ SM_SSL_FREE(clt_ssl); + return EX_SOFTWARE; + } + /* +@@ -6309,7 +6307,7 @@ + + if (!bitset(MCIF_TLSACT, mci->mci_flags)) + return EX_OK; +- r = endtls(mci->mci_ssl, "client"); ++ r = endtls(&mci->mci_ssl, "client"); + mci->mci_flags &= ~MCIF_TLSACT; + return r; + } +diff -ru a/sendmail/macro.c b/sendmail/macro.c +--- a/sendmail/macro.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/macro.c 2016-02-29 06:02:06.000000000 -0800 +@@ -362,6 +362,33 @@ + } + + /* ++** MACTABCLEAR -- clear entire macro table ++** ++** Parameters: ++** mac -- Macro table. ++** ++** Returns: ++** none. ++** ++** Side Effects: ++** clears entire mac structure including rpool pointer! ++*/ ++ ++void ++mactabclear(mac) ++ MACROS_T *mac; ++{ ++ int i; ++ ++ if (mac->mac_rpool == NULL) ++ { ++ for (i = 0; i < MAXMACROID; i++) ++ SM_FREE_CLR(mac->mac_table[i]); ++ } ++ memset((char *) mac, '\0', sizeof(*mac)); ++} ++ ++/* + ** MACDEFINE -- bind a macro name to a value + ** + ** Set a macro to a value, with fancy storage management. +diff -ru a/sendmail/mci.c b/sendmail/mci.c +--- a/sendmail/mci.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/mci.c 2016-02-29 06:02:06.000000000 -0800 +@@ -25,6 +25,7 @@ + int, bool)); + static bool mci_load_persistent __P((MCI *)); + static void mci_uncache __P((MCI **, bool)); ++static void mci_clear __P((MCI *)); + static int mci_lock_host_statfile __P((MCI *)); + static int mci_read_persistent __P((SM_FILE_T *, MCI *)); + +@@ -253,6 +254,7 @@ + SM_FREE_CLR(mci->mci_status); + SM_FREE_CLR(mci->mci_rstatus); + SM_FREE_CLR(mci->mci_heloname); ++ mci_clear(mci); + if (mci->mci_rpool != NULL) + { + sm_rpool_free(mci->mci_rpool); +@@ -315,6 +317,41 @@ + } + + /* ++** MCI_CLEAR -- clear mci ++** ++** Parameters: ++** mci -- the connection to clear. ++** ++** Returns: ++** none. ++*/ ++ ++static void ++mci_clear(mci) ++ MCI *mci; ++{ ++ if (mci == NULL) ++ return; ++ ++ mci->mci_maxsize = 0; ++ mci->mci_min_by = 0; ++ mci->mci_deliveries = 0; ++#if SASL ++ if (bitset(MCIF_AUTHACT, mci->mci_flags)) ++ sasl_dispose(&mci->mci_conn); ++#endif ++#if STARTTLS ++ if (bitset(MCIF_TLSACT, mci->mci_flags) && mci->mci_ssl != NULL) ++ SM_SSL_FREE(mci->mci_ssl); ++#endif ++ ++ /* which flags to preserve? */ ++ mci->mci_flags &= MCIF_CACHED; ++ mactabclear(&mci->mci_macro); ++} ++ ++ ++/* + ** MCI_GET -- get information about a particular host + ** + ** Parameters: +@@ -419,6 +456,7 @@ + mci->mci_errno = 0; + mci->mci_exitstat = EX_OK; + } ++ mci_clear(mci); + } + + return mci; +diff -ru a/sendmail/sendmail.h b/sendmail/sendmail.h +--- a/sendmail/sendmail.h 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/sendmail.h 2016-02-29 06:02:06.000000000 -0800 +@@ -1186,6 +1186,7 @@ + #define macid(name) macid_parse(name, NULL) + extern char *macname __P((int)); + extern char *macvalue __P((int, ENVELOPE *)); ++extern void mactabclear __P((MACROS_T *)); + extern int rscheck __P((char *, char *, char *, ENVELOPE *, int, int, char *, char *, ADDRESS *, char **)); + extern int rscap __P((char *, char *, char *, ENVELOPE *, char ***, char *, int)); + extern void setclass __P((int, char *)); +@@ -2002,7 +2003,15 @@ + extern void setclttls __P((bool)); + extern bool initsrvtls __P((bool)); + extern int tls_get_info __P((SSL *, bool, char *, MACROS_T *, bool)); +-extern int endtls __P((SSL *, char *)); ++#define SM_SSL_FREE(ssl) \ ++ do { \ ++ if (ssl != NULL) \ ++ { \ ++ SSL_free(ssl); \ ++ ssl = NULL; \ ++ } \ ++ } while (0) ++extern int endtls __P((SSL **, char *)); + extern void tlslogerr __P((int, const char *)); + + +diff -ru a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c +--- a/sendmail/srvrsmtp.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/srvrsmtp.c 2016-02-29 06:02:06.000000000 -0800 +@@ -2122,8 +2122,7 @@ + if (get_tls_se_options(e, srv_ssl, true) != 0) + { + message("454 4.3.3 TLS not available: error setting options"); +- SSL_free(srv_ssl); +- srv_ssl = NULL; ++ SM_SSL_FREE(srv_ssl); + goto tls_done; + } + +@@ -2145,8 +2144,7 @@ + SSL_set_wfd(srv_ssl, wfd) <= 0) + { + message("454 4.3.3 TLS not available: error set fd"); +- SSL_free(srv_ssl); +- srv_ssl = NULL; ++ SM_SSL_FREE(srv_ssl); + goto tls_done; + } + if (!smtps) +@@ -2188,8 +2186,7 @@ + tlslogerr(LOG_WARNING, "server"); + } + tls_ok_srv = false; +- SSL_free(srv_ssl); +- srv_ssl = NULL; ++ SM_SSL_FREE(srv_ssl); + + /* + ** according to the next draft of +@@ -3416,7 +3413,7 @@ + /* shutdown TLS connection */ + if (tls_active) + { +- (void) endtls(srv_ssl, "server"); ++ (void) endtls(&srv_ssl, "server"); + tls_active = false; + } + #endif /* STARTTLS */ +diff -ru a/sendmail/tls.c b/sendmail/tls.c +--- a/sendmail/tls.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/tls.c 2016-02-29 06:02:06.000000000 -0800 +@@ -1624,7 +1624,7 @@ + ** ENDTLS -- shutdown secure connection + ** + ** Parameters: +-** ssl -- SSL connection information. ++** pssl -- pointer to TLS session context + ** side -- server/client (for logging). + ** + ** Returns: +@@ -1632,12 +1632,16 @@ + */ + + int +-endtls(ssl, side) +- SSL *ssl; ++endtls(pssl, side) ++ SSL **pssl; + char *side; + { + int ret = EX_OK; ++ SSL *ssl; + ++ SM_REQUIRE(pssl != NULL); ++ ret = EX_OK; ++ ssl = *pssl; + if (ssl != NULL) + { + int r; +@@ -1703,8 +1707,7 @@ + ret = EX_SOFTWARE; + } + # endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL */ +- SSL_free(ssl); +- ssl = NULL; ++ SM_SSL_FREE(*pssl); + } + return ret; + } diff --git a/sendmail.install b/sendmail.install deleted file mode 100644 index 866adb934edf..000000000000 --- a/sendmail.install +++ /dev/null @@ -1,30 +0,0 @@ -post_install() { - if grep -q "^smmsp:" /etc/group &> /dev/null ; then - groupmod -g 25 -n smmsp smmsp &> /dev/null - else - groupadd -g 25 smmsp &> /dev/null - fi - - if grep -q "^smmsp:" /etc/passwd 2> /dev/null ; then - usermod -s /bin/false -c "sendmail user" -d /var/spool/mail -u 150 -g smmsp smmsp &> /dev/null - else - useradd -s /bin/false -c "sendmail user" -d /var/spool/mail -u 150 -g smmsp -r smmsp &> /dev/null - fi - chown smmsp:smmsp /var/spool/clientmqueue - chown root:smmsp /usr/bin/sendmail - chmod 2555 /usr/bin/sendmail -} - -post_upgrade() { - post_install $1 -} - -pre_remove() { - systemctl stop sendmail|| : - systemctl stop sm-client|| : - killall sendmail || /bin/true - userdel smmsp &> /dev/null - rm -f /etc/mail/aliases.db || /bin/true - groupdel smmsp &> /dev/null || /bin/true - rmdir --ignore-fail-on-non-empty /var/spool/mqueue &> /dev/null || /bin/true -} diff --git a/sendmail.sysusers b/sendmail.sysusers new file mode 100644 index 000000000000..16bcfa50803c --- /dev/null +++ b/sendmail.sysusers @@ -0,0 +1,2 @@ +g smmsp 25 +u smmsp 150:25 "sendmail user" /var/spool/mail /bin/false diff --git a/sendmail.tmpfiles b/sendmail.tmpfiles new file mode 100644 index 000000000000..788c08e9fee0 --- /dev/null +++ b/sendmail.tmpfiles @@ -0,0 +1,2 @@ +d /var/spool/clientmqueue 0770 smmsp smmsp +d /var/spool/mqueue 0755 root root |