commit: 08a4e9d40cf9011fc7b98ab51ed7be6b9b9048bc Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> AuthorDate: Sat Feb 25 23:48:14 2023 +0000 Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> CommitDate: Sun Mar 26 22:59:01 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08a4e9d4
mail-filter/spf-engine: add 3.0.3 The new 3.x packaging makes the milter a first-class citizen, but I've left it disabled for now. There are incorrect paths, unnecessary PID files and privilege-dropping, and a chown() exploit -- all reported upstream. But since the milter was never available on Gentoo in the first place, it seems prudent to leave it disabled until those issues are sorted out. Closes: https://bugs.gentoo.org/896976 Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org> mail-filter/spf-engine/Manifest | 1 + mail-filter/spf-engine/spf-engine-3.0.3.ebuild | 74 ++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/mail-filter/spf-engine/Manifest b/mail-filter/spf-engine/Manifest index 4303d92ba1b5..a1a785990a37 100644 --- a/mail-filter/spf-engine/Manifest +++ b/mail-filter/spf-engine/Manifest @@ -1 +1,2 @@ DIST spf-engine-2.9.3.tar.gz 52974 BLAKE2B 9e6c47af7d523e1486d9bbfee2b0e53a4a97dbfc93e1cd14f70d4676542defaf6fede397d33e21c00e9bb2cdd1016c98981b6c0e735bdfd225b226920b9470b1 SHA512 adde80eca38f372ad00ed7355951007b9c02ef8a52a5a4edcbf2fa9959220f1083e3e313668e9c7ad2c26144148ae8ff62ec468d79936d96b43897598254f528 +DIST spf-engine-3.0.3.tar.gz 61350 BLAKE2B f28dfb10559bfd61be152a4b65a5653ec50b25718fcb63f8a2c9532fd9d52a51c131c99ba5408bd6aa424adc5ce6094da7eeb97dbacd7e60e8abb48c65c4f188 SHA512 08db392d2cce16651ba416fcd265e6606e1a8af3cb88721ed149a2286d11ac9ea6ed4d01572cea6950740890c3334e8e0d496d1d1e9edcc29d04833fec049ab0 diff --git a/mail-filter/spf-engine/spf-engine-3.0.3.ebuild b/mail-filter/spf-engine/spf-engine-3.0.3.ebuild new file mode 100644 index 000000000000..2c680c53fd35 --- /dev/null +++ b/mail-filter/spf-engine/spf-engine-3.0.3.ebuild @@ -0,0 +1,74 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_9 python3_10 python3_11 ) + +# The built-in ipaddress module handles the parsing of IP addresses. If +# python is built without ipv6 support, then ipaddress can't parse ipv6 +# addresses, and the daemon will crash if it sees an ipv6 SPF record. In +# other words, it's completely broken. +PYTHON_REQ_USE="ipv6(+)" +DISTUTILS_USE_PEP517=flit +PYPI_NO_NORMALIZE=1 +inherit distutils-r1 pypi + +DESCRIPTION="Policy daemon for Postfix SPF verification" +HOMEPAGE="https://launchpad.net/spf-engine"; + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +RDEPEND="dev-python/pyspf[${PYTHON_USEDEP}] + dev-python/authres[${PYTHON_USEDEP}]" + +DOCS=( CHANGES ) + +python_prepare_all() { + distutils-r1_python_prepare_all + + # The tarball has a "data" directory containing a hierarchy that + # flit wants to insert right into /usr. Before it does that, we have + # to remove the parts we don't want, and fix some of the paths. + # + # Note that one of our patches already mangles a few of these + # before we even see them. + + einfo "removing milter files" + rm -v -r data/lib data/etc/init.d data/share/man/man8 || die + rm -v data/etc/pyspf-milter/pyspf-milter.conf || die + rm -v spf_engine/milter_spf.py || die + + # And don't create a python-exec wrapper for it. + sed -e '/^pyspf-milter = /d' -i pyproject.toml || die + + # The commented conf example is documentation, not configuration. + mv -v data/etc/python-policyd-spf/policyd-spf.conf.commented \ + data/share/doc/python-policyd-spf/ || die + + # The man page hard-codes /usr/local/etc, it should be /etc. + sed -e 's:/usr/local/etc:/etc:g' \ + -i data/share/man/man1/policyd-spf.1 || die + + # Fix the documentation path. + mv -v data/share/doc/python-policyd-spf "data/share/doc/${PF}" || die + + # The "real" config file mentions the commented one, so we point + # users in the right direction. Caveat: the documentation is + # compressed, so we're usually off by a ".bz2" suffix anyway. + local oldconf="policyd-spf.conf.commented" + local newconf="/usr/share/doc/${PF}/${oldconf}" + sed -e "1 s~ ${oldconf}~,\n# ${newconf}~" \ + -i "data/etc/python-policyd-spf/policyd-spf.conf" \ + || die 'failed to update commented config file path' +} + +src_install() { + distutils-r1_src_install + + # The "data" installation is relative to python's prefix, so + # data/etc gets installed to /usr/etc. Let's fix that. + mv -v "${ED}/usr/etc" "${ED}/" || die 'failed to relocate sysconfdir' +}
