diff options
author | Robin Gloster <mail@glob.in> | 2016-05-30 19:39:34 +0000 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-05-30 19:39:34 +0000 |
commit | 2d382f3d981fc9e4a350badb43736c252415d27c (patch) | |
tree | 3d5f7a96aa71be52c86f3c243b23424e319cc286 /pkgs/servers/mail | |
parent | 365379857fb561df949fc841e80458e317a1d682 (diff) | |
parent | 2661511cdb39bd7612dd5311b46420785fc1eac8 (diff) | |
download | nixlib-2d382f3d981fc9e4a350badb43736c252415d27c.tar nixlib-2d382f3d981fc9e4a350badb43736c252415d27c.tar.gz nixlib-2d382f3d981fc9e4a350badb43736c252415d27c.tar.bz2 nixlib-2d382f3d981fc9e4a350badb43736c252415d27c.tar.lz nixlib-2d382f3d981fc9e4a350badb43736c252415d27c.tar.xz nixlib-2d382f3d981fc9e4a350badb43736c252415d27c.tar.zst nixlib-2d382f3d981fc9e4a350badb43736c252415d27c.zip |
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
Diffstat (limited to 'pkgs/servers/mail')
-rw-r--r-- | pkgs/servers/mail/opensmtpd/default.nix | 50 | ||||
-rw-r--r-- | pkgs/servers/mail/opensmtpd/extras.nix | 2 | ||||
-rw-r--r-- | pkgs/servers/mail/opensmtpd/proc_path.diff | 76 | ||||
-rw-r--r-- | pkgs/servers/mail/postfix/default.nix | 2 |
4 files changed, 78 insertions, 52 deletions
diff --git a/pkgs/servers/mail/opensmtpd/default.nix b/pkgs/servers/mail/opensmtpd/default.nix index 94bc9f2bfe98..46fc9bc00f2b 100644 --- a/pkgs/servers/mail/opensmtpd/default.nix +++ b/pkgs/servers/mail/opensmtpd/default.nix @@ -1,33 +1,51 @@ -{ stdenv, fetchurl, autoconf, automake, libtool, bison -, libasr, libevent, zlib, openssl, db, pam, cacert +{ stdenv, lib, fetchurl, autoconf, automake, libtool, bison +, libasr, libevent, zlib, openssl, db, pam + +# opensmtpd requires root for no reason to encrypt passwords, this patch fixes it +# see also https://github.com/OpenSMTPD/OpenSMTPD/issues/678 +, unpriviledged_smtpctl_encrypt ? true + +# This enables you to override the '+' character which typically separates the user from the tag in user+tag@domain.tld +, tag_char ? null }: stdenv.mkDerivation rec { name = "opensmtpd-${version}"; - version = "5.7.3p2"; + version = "5.9.2p1"; nativeBuildInputs = [ autoconf automake libtool bison ]; buildInputs = [ libasr libevent zlib openssl db pam ]; src = fetchurl { url = "http://www.opensmtpd.org/archives/${name}.tar.gz"; - sha256 = "0d2973008d0f66bebb84bed516be6c32617735241cc54dd26643529281a8e52b"; + sha256 = "07d7f1m5sxyz6mkk228rcm7fsf7350994ayvmhgph333q5rz48im"; }; patches = [ ./proc_path.diff ]; + postPatch = with builtins; with lib; + optionalString (isString tag_char) '' + sed -i -e "s,TAG_CHAR.*'+',TAG_CHAR '${tag_char}'," smtpd/smtpd-defines.h + '' + + optionalString unpriviledged_smtpctl_encrypt '' + substituteInPlace smtpd/smtpctl.c --replace \ + 'if (geteuid())' \ + 'if (geteuid() != 0 && !(argc > 1 && !strcmp(argv[1], "encrypt")))' + ''; + configureFlags = [ "--sysconfdir=/etc" "--localstatedir=/var" "--with-mantype=doc" - "--with-pam" - "--without-bsd-auth" - "--with-sock-dir=/run" - "--with-privsep-user=smtpd" - "--with-queue-user=smtpq" - "--with-ca-file=/etc/ssl/certs/ca-certificates.crt" - "--with-libevent-dir=${libevent.dev}" - "--enable-table-db" + "--with-auth-pam" + "--without-auth-bsdauth" + "--with-path-socket=/run" + "--with-user-smtpd=smtpd" + "--with-user-queue=smtpq" + "--with-group-queue=smtpq" + "--with-path-CAfile=/etc/ssl/certs/ca-certificates.crt" + "--with-libevent=${libevent.dev}" + "--with-table-db" ]; installFlags = [ @@ -35,14 +53,14 @@ stdenv.mkDerivation rec { "localstatedir=\${TMPDIR}" ]; - meta = { + meta = with stdenv.lib; { homepage = https://www.opensmtpd.org/; description = '' A free implementation of the server-side SMTP protocol as defined by RFC 5321, with some additional standard extensions ''; - license = stdenv.lib.licenses.isc; - platforms = stdenv.lib.platforms.linux; - maintainers = [ stdenv.lib.maintainers.rickynils ]; + license = licenses.isc; + platforms = platforms.linux; + maintainers = with maintainers; [ rickynils obadz ]; }; } diff --git a/pkgs/servers/mail/opensmtpd/extras.nix b/pkgs/servers/mail/opensmtpd/extras.nix index 0123d19bf3fa..cf93b11ba9aa 100644 --- a/pkgs/servers/mail/opensmtpd/extras.nix +++ b/pkgs/servers/mail/opensmtpd/extras.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { "--sysconfdir=/etc" "--localstatedir=/var" "--with-privsep-user=smtpd" - "--with-libevent-dir=${libevent}" + "--with-libevent-dir=${libevent.dev}" "--with-filter-clamav" "--with-filter-dkim-signer" diff --git a/pkgs/servers/mail/opensmtpd/proc_path.diff b/pkgs/servers/mail/opensmtpd/proc_path.diff index 0e8eac0bb83b..9306685e365e 100644 --- a/pkgs/servers/mail/opensmtpd/proc_path.diff +++ b/pkgs/servers/mail/opensmtpd/proc_path.diff @@ -1,11 +1,12 @@ -diff -Naur opensmtpd-5.7.1p1/smtpd/parse.y opensmtpd-5.7.1p1.patched/smtpd/parse.y ---- opensmtpd-5.7.1p1/smtpd/parse.y 2015-06-30 10:13:34.000000000 +0200 -+++ opensmtpd-5.7.1p1.patched/smtpd/parse.y 2015-09-26 08:41:17.012472516 +0200 -@@ -2519,13 +2519,19 @@ +diff --git a/smtpd/parse.y b/smtpd/parse.y +index ab02719..c1c77d9 100644 +--- a/smtpd/parse.y ++++ b/smtpd/parse.y +@@ -2534,13 +2534,19 @@ create_filter_proc(char *name, char *prog) { struct filter_conf *f; char *path; -+ const char *proc_path; ++ const char *proc_path; if (dict_get(&conf->sc_filters, name)) { yyerror("filter \"%s\" already defined", name); @@ -13,64 +14,71 @@ diff -Naur opensmtpd-5.7.1p1/smtpd/parse.y opensmtpd-5.7.1p1.patched/smtpd/parse } - if (asprintf(&path, "%s/filter-%s", PATH_LIBEXEC, prog) == -1) { -+ proc_path = getenv("OPENSMTPD_PROC_PATH"); -+ if (proc_path == NULL) { -+ proc_path = PATH_LIBEXEC; -+ } ++ proc_path = getenv("OPENSMTPD_PROC_PATH"); ++ if (proc_path == NULL) { ++ proc_path = PATH_LIBEXEC; ++ } + + if (asprintf(&path, "%s/filter-%s", proc_path, prog) == -1) { yyerror("filter \"%s\" asprintf failed", name); return (0); } -diff -Naur opensmtpd-5.7.1p1/smtpd/smtpd.c opensmtpd-5.7.1p1.patched/smtpd/smtpd.c ---- opensmtpd-5.7.1p1/smtpd/smtpd.c 2015-06-30 10:13:34.000000000 +0200 -+++ opensmtpd-5.7.1p1.patched/smtpd/smtpd.c 2015-09-26 08:41:16.998472557 +0200 -@@ -854,6 +854,7 @@ +diff --git a/smtpd/smtpd.c b/smtpd/smtpd.c +index afc8891..9b0a80f 100644 +--- a/smtpd/smtpd.c ++++ b/smtpd/smtpd.c +@@ -795,6 +795,7 @@ fork_proc_backend(const char *key, const char *conf, const char *procname) char path[PATH_MAX]; char name[PATH_MAX]; char *arg; -+ char *proc_path; ++ char *proc_path; if (strlcpy(name, conf, sizeof(name)) >= sizeof(name)) { log_warnx("warn: %s-proc: conf too long", key); -@@ -864,7 +865,12 @@ +@@ -805,7 +806,12 @@ fork_proc_backend(const char *key, const char *conf, const char *procname) if (arg) *arg++ = '\0'; - if (snprintf(path, sizeof(path), PATH_LIBEXEC "/%s-%s", key, name) >= -+ proc_path = getenv("OPENSMTPD_PROC_PATH"); -+ if (proc_path == NULL) { -+ proc_path = PATH_LIBEXEC; -+ } ++ proc_path = getenv("OPENSMTPD_PROC_PATH"); ++ if (proc_path == NULL) { ++ proc_path = PATH_LIBEXEC; ++ } + + if (snprintf(path, sizeof(path), "%s/%s-%s", proc_path, key, name) >= (ssize_t)sizeof(path)) { log_warn("warn: %s-proc: exec path too long", key); return (-1); -diff -Naur opensmtpd-5.7.1p1/smtpd/table.c opensmtpd-5.7.1p1.patched/smtpd/table.c ---- opensmtpd-5.7.1p1/smtpd/table.c 2015-06-30 10:13:34.000000000 +0200 -+++ opensmtpd-5.7.1p1.patched/smtpd/table.c 2015-09-26 08:41:17.005472536 +0200 -@@ -201,6 +201,7 @@ +diff --git a/smtpd/table.c b/smtpd/table.c +index 21ee237..95b5164 100644 +--- a/smtpd/table.c ++++ b/smtpd/table.c +@@ -193,6 +193,7 @@ table_create(const char *backend, const char *name, const char *tag, struct table_backend *tb; char buf[LINE_MAX]; char path[LINE_MAX]; -+ const char *proc_path; ++ const char *proc_path; size_t n; struct stat sb; -@@ -215,8 +216,14 @@ +@@ -207,11 +208,16 @@ table_create(const char *backend, const char *name, const char *tag, if (name && table_find(name, NULL)) fatalx("table_create: table \"%s\" already defined", name); -+ proc_path = getenv("OPENSMTPD_PROC_PATH"); -+ if (proc_path == NULL) { -+ proc_path = PATH_LIBEXEC; -+ } ++ proc_path = getenv("OPENSMTPD_PROC_PATH"); ++ if (proc_path == NULL) { ++ proc_path = PATH_LIBEXEC; ++ } + if ((tb = table_backend_lookup(backend)) == NULL) { -- if ((size_t)snprintf(path, sizeof(path), PATH_LIBEXEC "/table-%s", +- if ((size_t)snprintf(path, sizeof(path), PATH_LIBEXEC"/table-%s", +- backend) >= sizeof(path)) { +- fatalx("table_create: path too long \"" +- PATH_LIBEXEC"/table-%s\"", backend); + if ((size_t)snprintf(path, sizeof(path), "%s/table-%s", -+ proc_path, - backend) >= sizeof(path)) { - fatalx("table_create: path too long \"" - PATH_LIBEXEC "/table-%s\"", backend); ++ proc_path, backend) >= sizeof(path)) { ++ fatalx("table_create: path too long \"%s/table-%s\"", ++ proc_path, backend); + } + if (stat(path, &sb) == 0) { + tb = table_backend_lookup("proc"); diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix index 70f834791607..392b1014656f 100644 --- a/pkgs/servers/mail/postfix/default.nix +++ b/pkgs/servers/mail/postfix/default.nix @@ -7,7 +7,7 @@ let ccargs = lib.concatStringsSep " " ([ - "-DUSE_TLS" "-DUSE_SASL_AUTH" "-DUSE_CYRUS_SASL" "-I${cyrus_sasl}/include/sasl" + "-DUSE_TLS" "-DUSE_SASL_AUTH" "-DUSE_CYRUS_SASL" "-I${cyrus_sasl.dev}/include/sasl" "-DHAS_DB_BYPASS_MAKEDEFS_CHECK" ] ++ lib.optional withPgSQL "-DHAS_PGSQL" ++ lib.optionals withMySQL [ "-DHAS_MYSQL" "-I${libmysql}/include/mysql" ] |