commit: 6b52d85af94a36c9eac2655ac49f956c3bff757c Author: Hanno Böck <hanno <AT> gentoo <DOT> org> AuthorDate: Fri Feb 24 19:48:03 2023 +0000 Commit: Hanno Böck <hanno <AT> gentoo <DOT> org> CommitDate: Fri Feb 24 19:48:03 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b52d85a
mail-mta/courier: Fix errors with getgrnam_r buffer. This patches a bug that can cause courier to malfunction on systems with a large number of users. See upstream pull request for details: https://github.com/svarshavchik/courier-libs/pull/30 Signed-off-by: Hanno Böck <hanno <AT> gentoo.org> mail-mta/courier/courier-1.2.2-r1.ebuild | 315 +++++++++++++++++++++ .../files/courier-1.2.2-fix-getgrnam-buffer.diff | 120 ++++++++ 2 files changed, 435 insertions(+) diff --git a/mail-mta/courier/courier-1.2.2-r1.ebuild b/mail-mta/courier/courier-1.2.2-r1.ebuild new file mode 100644 index 000000000000..7ef2ccb961ea --- /dev/null +++ b/mail-mta/courier/courier-1.2.2-r1.ebuild @@ -0,0 +1,315 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit flag-o-matic + +# Avoids failures on systems with large numbers of users in a group, +# see https://github.com/svarshavchik/courier-libs/pull/30 +PATCHES=( "${FILESDIR}/courier-1.2.2-fix-getgrnam-buffer.diff" ) + +DESCRIPTION="An MTA designed specifically for maildirs" +HOMEPAGE="https://www.courier-mta.org/"; +SRC_URI="mirror://sourceforge/courier/${P}.tar.bz2" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="postgres ldap mysql pam nls ipv6 spell fax crypt norewrite \ + fam web webmail gnutls" + +DEPEND=" + >=net-libs/courier-authlib-0.72.0 + >=net-libs/courier-unicode-2.2.6:= + net-dns/libidn2:= + gnutls? ( net-libs/gnutls:= ) + !gnutls? ( + dev-libs/openssl:0= + ) + >=sys-libs/gdbm-1.8.0:= + dev-libs/libpcre + app-misc/mime-types + fax? ( >=media-libs/netpbm-9.12 app-text/ghostscript-gpl >=net-dialup/mgetty-1.1.28 ) + pam? ( sys-libs/pam ) + mysql? ( dev-db/mysql-connector-c ) + ldap? ( >=net-nds/openldap-1.2.11:= ) + postgres? ( dev-db/postgresql:= ) + spell? ( app-text/aspell ) + fam? ( virtual/fam ) + !mail-filter/maildrop + !mail-mta/esmtp + !mail-mta/exim + !mail-mta/msmtp[mta] + !mail-mta/netqmail + !mail-mta/nullmailer + !mail-mta/postfix + !mail-mta/sendmail + !mail-mta/ssmtp[mta] + !mail-mta/opensmtpd + !net-mail/dot-forward + !sys-apps/ucspi-tcp + " + +RDEPEND="${DEPEND} + dev-lang/perl + sys-process/procps" + +# get rid of old style virtual/imapd - bug 350792 +# all blockers really needed? +RDEPEND="${RDEPEND} + !net-mail/courier-imap + !net-mail/cyrus-imapd" + +PDEPEND="pam? ( net-mail/mailbase ) + crypt? ( >=app-crypt/gnupg-1.0.4 )" + +src_prepare() { + use norewrite && eapply "${FILESDIR}/norewrite.patch" + default +} + +src_configure() { + filter-flags '-fomit-frame-pointer' + + local myconf + myconf="" + + use ldap && myconf="${myconf} --with-ldapconfig=/etc/courier/maildropldap.conf" + + econf ${myconf} \ + $(use_with fam) \ + $(use_with ipv6) \ + $(use_with spell ispell) \ + $(use_with ldap ldapaliasd) \ + $(use_enable ldap maildroldap) \ + $(use_with gnutls) \ + --with-notice=unicode \ + --enable-mimetypes=/etc/mime.types \ + --prefix=/usr \ + --disable-root-check \ + --mandir=/usr/share/man \ + --sysconfdir=/etc/courier \ + --datadir=/usr/share/courier \ + --sharedstatedir=/var/lib/courier/com \ + --localstatedir=/var/lib/courier \ + --with-piddir=/var/run/courier \ + --with-authdaemonvar=/var/lib/courier/authdaemon \ + --with-mailuser=mail \ + --with-mailgroup=mail \ + --with-paranoid-smtpext \ + --with-db=gdbm \ + --disable-autorenamesent \ + --cache-file="${S}/configuring.cache" \ + --host="${CHOST}" debug=true || die "./configure" +} + +src_compile() { + default +} + +etc_courier() { + # Import existing /etc/courier/file if it exists. + # Add option only if it was not already set or even commented out + file="${1}" ; word="`echo \"${2}\" | sed -e\"s|=.*$||\" -e\"s|^.*opt ||\"`" + [ ! -e "${D}/etc/courier/${file}" ] && [ -e "/etc/courier/${file}" ] && \ + cp "/etc/courier/${file}" "${D}/etc/courier/${file}" + grep -q "${word}" "${D}/etc/courier/${file}" || \ + echo "${2}" >> "${D}/etc/courier/${file}" +} + +etc_courier_chg() { + file="${1}" ; key="${2}" ; value="${3}" ; section="${4}" + [ -z "${section}" ] && section="${2}" + grep -q "${key}" "${file}" && elog "Changing ${file}: ${key} to ${value}" + sed -i -e"/\#\#NAME: ${section}/,+30 s|${key}=.*|${key}=\"${value}\"|g" ${file} +} + +src_install() { + local f + diropts -o mail -g mail + keepdir /var/lib/courier/tmp + keepdir /var/lib/courier/msgs + make install DESTDIR="${D}" || die "install" + make install-configure DESTDIR="${D}" || die "install-configure" + + # init script takes care of this + rm -rf "${D}/var/run" + + # Get rid of files we dont want + if ! use webmail ; then + rm -rf "${D}/usr/$(get_libdir)/courier/courier/webmail" \ + "${D}/usr/$(get_libdir)/courier/courier/sqwebmaild" \ + "${D}/usr/share/courier/sqwebmail/" \ + "${D}/usr/sbin/webmaild" \ + "${D}/usr/sbin/webgpg" \ + "${D}/etc/courier/webmail.authpam" \ + "${D}/var/lib/courier/webmail-logincache" \ + "${D}"/etc/courier/sqwebmaild* + fi + + if ! use web ; then + rm -rf "${D}/usr/share/courier/courierwebadmin/" \ + "${D}/etc/courier/webadmin" + fi + + for dir2keep in $(cd "${D}" && find ./var/lib/courier -type d) ; do + keepdir "$dir2keep" || die "failed running keepdir: $dir2keep" + done + + newinitd "${FILESDIR}/courier-init-r4" "courier" + use fam || sed -i -e's|^.*use famd$||g' "${D}/etc/init.d/courier" + + cd "${D}/etc/courier" + if use webmail ; then + insinto /etc/courier + newins "${FILESDIR}/apache-sqwebmail.inc" apache-sqwebmail.inc + fi + + for f in *.dist ; do cp "${f}" "${f%%.dist}" ; done + if use ldap ; then + [ -e ldapaliasrc ] && ( chown root:mail ldapaliasrc ; chmod 640 ldapaliasrc ) + else + rm -f ldapaliasrc + fi + + ( [ -e /etc/courier/sizelimit ] && cat /etc/courier/sizelimit || echo 0 ) \ + > "${D}/etc/courier/sizelimit" + etc_courier maildroprc "" + etc_courier esmtproutes "" + etc_courier backuprelay "" + etc_courier locallowercase "" + etc_courier bofh "opt BOFHBADMIME=accept" + etc_courier bofh "opt BOFHSPFTRUSTME=1" + etc_courier bofh "opt BOFHSPFHELO=pass,neutral,unknown,none,error,softfail,fail" + etc_courier bofh "opt BOFHSPFHELO=pass,neutral,unknown,none" + etc_courier bofh "opt BOFHSPFFROM=all" + etc_courier bofh "opt BOFHSPFMAILFROM=all" + etc_courier bofh "#opt BOFHSPFHARDERROR=fail" + etc_courier esmtpd "BOFHBADMIME=accept" + etc_courier esmtpd-ssl "BOFHBADMIME=accept" + etc_courier esmtpd-msa "BOFHBADMIME=accept" + + use fam && etc_courier_chg imapd IMAP_CAPABILITY "IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE" + use fam || etc_courier_chg imapd IMAP_CAPABILITY "IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256" + + # Fix for a sandbox violation on subsequential merges + # - ti...@gentoo.org, 2005-07-10 + dosym ../share/courier/pop3d /usr/sbin/courier-pop3d + dosym ../share/courier/pop3d-ssl /usr/sbin/courier-pop3d-ssl + dosym ../share/courier/imapd /usr/sbin/courier-imapd + dosym ../share/courier/imapd-ssl /usr/sbin/courier-imapd-ssl + + cd "${S}" + cp imap/README README.imap + use nls && cp unicode/README README.unicode + dodoc AUTHORS BENCHMARKS COPYING* ChangeLog* INSTALL NEWS README* TODO courier/doc/*.txt + dodoc libs/tcpd/README.couriertls + mv "${D}/usr/share/courier/htmldoc" "${D}/usr/share/doc/${PF}/html" + + if use webmail ; then + insinto /usr/$(get_libdir)/courier/courier + insopts -m 755 -o mail -g mail + doins "${S}/courier/webmaild" + fi + + if use web ; then + insinto /etc/courier/webadmin + insopts -m 400 -o mail -g mail + doins "${FILESDIR}/password.dist" + fi + + # avoid name collisions in /usr/sbin, make webadmin match + cd "${D}/usr/sbin" + for f in imapd imapd-ssl pop3d pop3d-ssl ; do mv "${f}" "courier-${f}" ; done + if use web ; then + sed -i -e 's:\$sbindir\/imapd:\$sbindir\/courier-imapd:g' \ + -e 's:\$sbindir\/imapd-ssl:\$sbindir\/courier-imapd-ssl:g' \ + "${D}/usr/share/courier/courierwebadmin/admin-40imap.pl" \ + || ewarn "failed to fix webadmin" + sed -i -e 's:\$sbindir\/pop3d:\$sbindir\/courier-pop3d:g' \ + -e 's:\$sbindir\/pop3d-ssl:\$sbindir\/courier-pop3d-ssl:g' \ + "${D}/usr/share/courier/courierwebadmin/admin-45pop3.pl" \ + || ewarn "failed to fix webadmin" + fi + + # users should be able to send mail. Could be restricted with suictl. + chmod u+s "${D}/usr/bin/sendmail" + + dosym ../bin/sendmail /usr/sbin/sendmail +} + +src_test() { + if [ `whoami` != 'root' ]; then + # Disable valgrind checks + echo '#!/bin/sh' > libs/imap/testsuitevalgrind + echo '#!/bin/sh' > libs/maildir/testsuitevalgrind + sed -i -e 's:VALGRIND=:#VALGRIND=:g' libs/maildrop/Makefile* + emake -j1 check + else + einfo "make check skipped, can't run as root." + einfo "You can enable it with FEATURES=\"userpriv\"" + fi +} + +pkg_postinst() { + use fam && elog "fam daemon is needed for courier-imapd" \ + || ewarn "courier was built without fam support" +} + +pkg_config() { + mailhost="$(hostname)" + export mailhost + + domainname="$(domainname)" + if [ "x$domainname" = "x(none)" ] ; then + domainname="$(echo ${mailhost} | sed -e "s/[^\.]*\.\(.*\)/\1/")" + fi + export domainname + + if [[ -z "${ROOT}" ]] ; then + file="${ROOT}/etc/courier/locals" + if [ ! -f "${file}" ] ; then + echo "localhost" > "${file}"; + echo "${domainname}" >> "${file}"; + fi + file="${ROOT}/etc/courier/esmtpacceptmailfor.dir/${domainname}" + if [ ! -f "${file}" ] ; then + echo "${domainname}" > "${file}" + /usr/sbin/makeacceptmailfor + fi + + file="${ROOT}/etc/courier/smtpaccess/${domainname}" + if [ ! -f "${file}" ] + then + netstat -nr | grep "^[1-9]" | while read network gateway netmask rest + do + i=1 + net="" + TIFS="${IFS}" + IFS="." + for o in "${netmask}" + do + if [ "${o}" == "255" ] + then + [ "_${net}" == "_" ] || net="${net}." + t="$(echo "${network}" | cut -d " " -f ${i})" + net="${net}${t}" + fi + i="$((${i} + 1))" + done + IFS="${TIFS}" + echo "doing configuration - relay control for the network ${net} !" + echo "${net} allow,RELAYCLIENT" >> ${file} + done + /usr/sbin/makesmtpaccess + fi + fi + + echo "creating cert for esmtpd-ssl:" + /usr/sbin/mkesmtpdcert + echo "creating cert for imapd-ssl:" + /usr/sbin/mkpop3dcert + echo "creating cert for pop3d-ssl:" + /usr/sbin/mkimapdcert +} diff --git a/mail-mta/courier/files/courier-1.2.2-fix-getgrnam-buffer.diff b/mail-mta/courier/files/courier-1.2.2-fix-getgrnam-buffer.diff new file mode 100644 index 000000000000..73384098189c --- /dev/null +++ b/mail-mta/courier/files/courier-1.2.2-fix-getgrnam-buffer.diff @@ -0,0 +1,120 @@ +diff -Naurp a/libs/numlib/changeuidgid.c b/libs/numlib/changeuidgid.c +--- a/libs/numlib/changeuidgid.c 2022-03-06 20:02:45.000000000 +0100 ++++ b/libs/numlib/changeuidgid.c 2023-02-24 17:26:02.452835861 +0100 +@@ -52,10 +52,11 @@ void libmail_changeuidgid(uid_t uid, gid + */ + uid_t libmail_getuid(const char *uname, gid_t *pw_gid) + { +- size_t bufsize; ++ int bufsize; + char *buf; + struct passwd pwbuf; + struct passwd *pw; ++ int s; + + /* + ** uname might be a pointer returned from a previous called to getpw(), +@@ -70,35 +71,39 @@ uid_t libmail_getuid(const char *uname, + } + strcpy(p, uname); + +-#ifdef _SC_GETGR_R_SIZE_MAX +- bufsize = sysconf(_SC_GETGR_R_SIZE_MAX); ++#ifdef _SC_GETPW_R_SIZE_MAX ++ bufsize = sysconf(_SC_GETPW_R_SIZE_MAX); + if (bufsize == -1) /* Value was indeterminate */ +- { + #endif +- bufsize = 16384; /* Should be more than enough */ +- } +- +- buf = malloc(bufsize); +- if (buf == NULL) + { +- perror("malloc"); +- exit(1); ++ bufsize = 16384; /* Should be more than enough */ + } + ++ do { ++ buf = malloc(bufsize); ++ if (buf == NULL) ++ { ++ perror("malloc"); ++ exit(1); ++ } + +- errno=ENOENT; +- +- getpwnam_r(p, &pwbuf, buf, bufsize, &pw); ++ s = getpwnam_r(p, &pwbuf, buf, bufsize, &pw); ++ if (s == ERANGE) { ++ free(buf); ++ bufsize += 1024; ++ } ++ } while (s == ERANGE && bufsize <= 65536); + +- free(buf); ++ free(p); + + if (pw == 0) + { +- free(p); +- perror("getpwnam"); ++ errno = s; ++ perror("getpwnam_r"); + exit(1); + } +- free(p); ++ ++ free(buf); + + if ( pw_gid ) *pw_gid = pw->pw_gid; + +@@ -149,7 +154,7 @@ gid_t libmail_getgid(const char *gname) + struct group grp; + struct group *result; + char *buf; +- size_t bufsize; ++ int bufsize; + int s; + char *p=malloc(strlen(gname)+1); + +@@ -168,14 +173,21 @@ gid_t libmail_getgid(const char *gname) + bufsize = 16384; /* Should be more than enough */ + } + +- buf = malloc(bufsize); +- if (buf == NULL) +- { +- perror("malloc"); +- exit(1); +- } ++ do { ++ buf = malloc(bufsize); ++ if (buf == NULL) ++ { ++ perror("malloc"); ++ exit(1); ++ } ++ ++ s = getgrnam_r(p, &grp, buf, bufsize, &result); ++ if (s == ERANGE) { ++ free(buf); ++ bufsize += 1024; ++ } ++ } while (s == ERANGE && bufsize <= 65536); + +- s = getgrnam_r(p, &grp, buf, bufsize, &result); + free(p); + + if (result == NULL) +@@ -187,7 +199,7 @@ gid_t libmail_getgid(const char *gname) + else + { + errno = s; +- perror("getpwnam_r"); ++ perror("getgrnam_r"); + } + exit(1); + }
