keks-overlay.git

@@ -0,0 +1,7 @@

+AUX dovecot-10-ssl.patch 675 SHA256 973d6736a13ac8e56618e1a4d1b0e7a4e47c44e792d542803745fd5f2aec6ae1 SHA512 a201cbc275dbe4182d26971cc1c90ece22c05455535b7e55241ac0e71d61233882ad088d127cca2d1cd0d82dc86b1731ec98570254e29b056315567a1fd4d4a7 WHIRLPOOL ac9f4762684713507d3f196b97d7de16d228ac3f7ebd69e759b13efcb86caba821a439a15df300c41fd9c22738aec651e92c300350228f878a9c205d28850f6c

+AUX dovecot-sslfix-1.diff 1435 SHA256 17ac8312474ec779da124f1f7f9f023b7ed88f73599e06af63b966d1144c51cd SHA512 7367421c920c237df8bbb9f96b12d58785ee681e16814934425c82fdb0b49da4c9206a5e52bb458998f74092fd791898c8742906f045241ac4f5e4d76ed7825d WHIRLPOOL 0147dd5fa1654a616910e1db6c777891cf615d6bf865c4c8ddb5e7d07d4bc49c1d1ec1205ef2add6b043e2e4c620f1ad2aef21341aeeb4b5ecf6326c616b469f

+AUX dovecot-sslfix-2.diff 880 SHA256 650ea97731946f1c0334478552f915515e6a33ce5f02291334f1f749bfacd3e9 SHA512 738e02aad4eb59f863516410f05c3456e6d0e83a2b931d030f6c31a24d556ba15db8b0dcb4ab804af6dd6cc0fa750790246000ef5c22ac8ce700d71ffee40e6a WHIRLPOOL 85ae45d1ba6f4dadb9c3f57aa38b09335d8ed89bc2a16bba79d87b093189e2bf720aab4f85e83210236004cd420586bf653e14ee55b1a344057f2eba4f892603

+AUX dovecot.init-r4 1609 SHA256 510ebab9dc59832502a9a23d48d12b6e81f3c51c52f5e6652b00b240f621d02e SHA512 9aa5040cd169bfa0dea382d839ef73454105d3befd1e904cef8d0a07eb260051f72f130ba250d716b9bf9b22af542907446e02c4ec92f1c229a2c0a9f560e2cc WHIRLPOOL 51726ed76100521e54470137dab9869537dcf49a58872614312295dff3efab53ac58da30b8bfaaf86677f47ef1e84019e47529226c0a736eed68cac6ce64ae40

+DIST dovecot-2.2-pigeonhole-0.4.3.tar.gz 1184029 SHA256 d692f4ab077bdf2c43c98829ed24b2e6f148db488ef8ba429b430394d8b4d757 SHA512 f2bb83578bb05c7ca2213ecc110f5e7059935746f720ee43897508394f3ab8a7072d193c78caf1fa77df81a20fbbeab1ac14069989250b3032ef459e798c54ff WHIRLPOOL 854d58cdb6b0d51d6e6337a2716858020a1ec22b7da24db903965fc01a00a75af5efcde7c4ddf572c0ee2a36a51bf467da011276f8a4e092463dc76e2622bfbb

+DIST dovecot-2.2.13.tar.gz 4613824 SHA256 133cf3d2aa81733f6688ec986c91dbe07602fad81e856ba3d8046ffca85d9dce SHA512 1f3c0e600048ac2c1b2e497286620976c0fc821a6cac8e4e1492180af8eb9620cd143c89ee6d12872cecacbcadca573435cce1050c46325de3072c98ab5a9331 WHIRLPOOL 7bb81575faf69820b07d654c469fdd3fcf12c47517bb1dd6ea5566771bb60ce8f9c3a1a7b5c6df6d5f4b903d10472ffa1cca1a01c7fd158b6055794a44aacf39

+EBUILD dovecot-2.2.13-r1.ebuild 8991 SHA256 77ddaaacbf7a3d26a66021db8593b63280929595d18dd2f5e7ba468eb29dbde2 SHA512 7b8e9bb143decec9d8e2922d0b975cbb6c0dd226cf789d8523d9046560d8af595abb11015b5c19ba20b509786ce351c54063c79b12ec6b7f1604ad9ba48db175 WHIRLPOOL 2cf6b1736982f4270f9fecc086e1c778a558d3f80f249b4ae2e3dddde8dea067470973674cc8de0ef786294cd373cc49bb866dc97cdecd000f8668f7618d7e2e

@@ -0,0 +1,294 @@

+# Copyright 1999-2014 Gentoo Foundation

+# Distributed under the terms of the GNU General Public License v2

+# $Header: /var/cvsroot/gentoo-x86/net-mail/dovecot/dovecot-2.2.13-r1.ebuild,v 1.3 2014/05/28 12:29:57 pinkbyte Exp $

+

+EAPI=5

+inherit eutils multilib ssl-cert systemd user versionator

+

+MY_P="${P/_/.}"

+major_minor="$(get_version_component_range 1-2)"

+sieve_version="0.4.3"

+if [[ ${PV} == *_rc* ]] ; then

+	rc_dir="rc/"

+else

+	rc_dir=""

+fi

+SRC_URI="http://dovecot.org/releases/${major_minor}/${rc_dir}${MY_P}.tar.gz

+	sieve? (

+	http://pigeonhole.dovecot.org/releases/${major_minor}/${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz

+	)

+	managesieve? (

+	http://pigeonhole.dovecot.org/releases/${major_minor}/${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz

+	) "

+DESCRIPTION="An IMAP and POP3 server written with security primarily in mind"

+HOMEPAGE="http://www.dovecot.org/"

+

+SLOT="0"

+LICENSE="LGPL-2.1 MIT"

+KEYWORDS="amd64 ~arm hppa ~ia64 x86"

+

+IUSE_DOVECOT_AUTH="kerberos ldap mysql pam postgres sqlite vpopmail"

+IUSE_DOVECOT_STORAGE="cydir imapc +maildir mbox mdbox pop3c sdbox"

+IUSE_DOVECOT_COMPRESS="bzip2 lzma lz4 zlib"

+IUSE_DOVECOT_OTHER="caps doc ipv6 lucene managesieve selinux sieve solr +ssl static-libs suid tcpd"

+

+IUSE="${IUSE_DOVECOT_AUTH} ${IUSE_DOVECOT_STORAGE} ${IUSE_DOVECOT_COMPRESS} ${IUSE_DOVECOT_OTHER}"

+

+DEPEND="bzip2? ( app-arch/bzip2 )

+	caps? ( sys-libs/libcap )

+	kerberos? ( virtual/krb5 )

+	ldap? ( net-nds/openldap )

+	lucene? ( >=dev-cpp/clucene-2.3 )

+	lzma? ( app-arch/xz-utils )

+	lz4? ( app-arch/lz4 )

+	mysql? ( virtual/mysql )

+	pam? ( virtual/pam )

+	postgres? ( dev-db/postgresql-base !dev-db/postgresql-base[ldap,threads] )

+	selinux? ( sec-policy/selinux-dovecot )

+	solr? ( net-misc/curl dev-libs/expat )

+	sqlite? ( dev-db/sqlite )

+	ssl? ( dev-libs/openssl )

+	tcpd? ( sys-apps/tcp-wrappers )

+	vpopmail? ( net-mail/vpopmail )

+	zlib? ( sys-libs/zlib )

+	virtual/libiconv"

+

+RDEPEND="${DEPEND}

+	net-mail/mailbase"

+

+S=${WORKDIR}/${MY_P}

+

+pkg_setup() {

+	if use managesieve && ! use sieve; then

+		ewarn "managesieve USE flag selected but sieve USE flag unselected"

+		ewarn "sieve USE flag will be turned on"

+	fi

+	# default internal user

+	enewgroup dovecot 97

+	enewuser dovecot 97 -1 /dev/null dovecot

+	# default login user

+	enewuser dovenull -1 -1 /dev/null

+	# add "mail" group for suid'ing. Better security isolation.

+	if use suid; then

+		enewgroup mail

+	fi

+}

+

+src_prepare() {

+	epatch "${FILESDIR}/${PN}-10-ssl.patch"

+	epatch "${FILESDIR}/dovecot-sslfix-1.diff"

+	epatch "${FILESDIR}/dovecot-sslfix-2.diff"

+}

+

+src_configure() {

+	local conf=""

+

+	if use postgres || use mysql || use sqlite; then

+		conf="${conf} --with-sql"

+	fi

+

+	local storages=""

+	for storage in ${IUSE_DOVECOT_STORAGE//+/}; do

+		use ${storage} && storages="${storage} ${storages}"

+	done

+	[ "${storages}" ] || storages="maildir"

+

+	# turn valgrind tests off. Bug #340791

+	VALGRIND=no econf \

+		--localstatedir="${EPREFIX}/var" \

+		--with-moduledir="${EPREFIX}/usr/$(get_libdir)/dovecot" \

+		--without-stemmer \

+		--with-storages="${storages}" \

+		--disable-rpath \

+		$( systemd_with_unitdir ) \

+		$( use_with bzip2 bzlib ) \

+		$( use_with caps libcap ) \

+		$( use_with kerberos gssapi ) \

+		$( use_with ldap ) \

+		$( use_with lucene ) \

+		$( use_with mysql ) \

+		$( use_with pam ) \

+		$( use_with postgres pgsql ) \

+		$( use_with sqlite ) \

+		$( use_with solr ) \

+		$( use_with ssl ) \

+		$( use_with tcpd libwrap ) \

+		$( use_with vpopmail ) \

+		$( use_with zlib ) \

+		$( use_enable static-libs static ) \

+		${conf}

+

+	if use sieve || use managesieve ; then

+		# The sieve plugin needs this file to be build to determine the plugin

+		# directory and the list of libraries to link to.

+		emake dovecot-config

+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"

+		econf \

+			$( use_enable static-libs static ) \

+			--localstatedir="${EPREFIX}/var" \

+			--enable-shared \

+			--with-dovecot="../${MY_P}" \

+			$( use_with managesieve )

+	fi

+}

+

+src_compile() {

+	default

+	if use sieve || use managesieve ; then

+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"

+		emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}"

+	fi

+}

+

+src_test() {

+	default

+	if use sieve || use managesieve ; then

+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"

+		default

+	fi

+}

+

+src_install () {

+	default

+

+	# insecure:

+	# use suid && fperms u+s /usr/libexec/dovecot/deliver

+	# better:

+	if use suid;then

+		einfo "Changing perms to allow deliver to be suided"

+		fowners root:mail "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"

+		fperms 4750 "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"

+	fi

+

+	newinitd "${FILESDIR}"/dovecot.init-r4 dovecot

+

+	rm -rf "${ED}"/usr/share/doc/dovecot

+

+	dodoc AUTHORS NEWS README TODO

+	dodoc doc/*.{txt,cnf,xml,sh}

+	docinto example-config

+	dodoc doc/example-config/*.{conf,ext}

+	docinto example-config/conf.d

+	dodoc doc/example-config/conf.d/*.{conf,ext}

+	docinto wiki

+	dodoc doc/wiki/*

+	doman doc/man/*.{1,7}

+

+	# Create the dovecot.conf file from the dovecot-example.conf file that

+	# the dovecot folks nicely left for us....

+	local conf="${ED}/etc/dovecot/dovecot.conf"

+	local confd="${ED}/etc/dovecot/conf.d"

+

+	insinto /etc/dovecot

+	doins doc/example-config/*.{conf,ext}

+	insinto /etc/dovecot/conf.d

+	doins doc/example-config/conf.d/*.{conf,ext}

+	fperms 0600 "${EPREFIX}"/etc/dovecot/dovecot-{ldap,sql}.conf.ext

+	rm -f "${confd}/../README"

+

+	# .maildir is the Gentoo default

+	local mail_location="maildir:~/.maildir"

+	if ! use maildir; then

+		if use mbox; then

+			mail_location="mbox:/var/spool/mail/%u:INDEX=/var/dovecot/%u"

+			keepdir /var/dovecot

+			sed -i -e 's|#mail_privileged_group =|mail_privileged_group = mail|' \

+			"${confd}/10-mail.conf" || die "sed failed"

+		elif use mdbox ; then

+			mail_location="mdbox:~/.mdbox"

+		elif use sdbox ; then

+			mail_location="sdbox:~/.sdbox"

+		fi

+	fi

+	sed -i -e \

+		"s|#mail_location =|mail_location = ${mail_location}|" \

+		"${confd}/10-mail.conf" \

+		|| die "failed to update mail location settings in 10-mail.conf"

+

+	# We're using pam files (imap and pop3) provided by mailbase

+	if use pam; then

+		sed -i -e '/driver = pam/,/^[ \t]*}/ s|#args = dovecot|args = "\*"|' \

+			"${confd}/auth-system.conf.ext" \

+			|| die "failed to update PAM settings in auth-system.conf.ext"

+		# mailbase does not provide a sieve pam file

+		use managesieve && dosym imap /etc/pam.d/sieve

+		sed -i -e \

+			's/#!include auth-system.conf.ext/!include auth-system.conf.ext/' \

+			"${confd}/10-auth.conf" \

+			|| die "failed to update PAM settings in 10-auth.conf"

+	fi

+

+	# Disable ipv6 if necessary

+	if ! use ipv6; then

+		sed -i -e 's/^#listen = \*, ::/listen = \*/g' "${conf}" \

+			|| die "failed to update listen settings in dovecot.conf"

+	fi

+

+	# Update ssl cert locations

+	if use ssl; then

+		sed -i -e 's:^#ssl = yes:ssl = yes:' "${confd}/10-ssl.conf" \

+		|| die "ssl conf failed"

+		sed -i -e 's:^ssl_cert =.*:ssl_cert = </etc/ssl/dovecot/server.pem:' \

+			-e 's:^ssl_key =.*:ssl_key = </etc/ssl/dovecot/server.key:' \

+			"${confd}/10-ssl.conf" || die "failed to update SSL settings in 10-ssl.conf"

+	fi

+

+	# Install SQL configuration

+	if use mysql || use postgres; then

+		sed -i -e \

+			's/#!include auth-sql.conf.ext/!include auth-sql.conf.ext/' \

+			"${confd}/10-auth.conf" || die "failed to update SQL settings in \

+			10-auth.conf"

+	fi

+

+	# Install LDAP configuration

+	if use ldap; then

+		sed -i -e \

+			's/#!include auth-ldap.conf.ext/!include auth-ldap.conf.ext/' \

+			"${confd}/10-auth.conf" \

+			|| die "failed to update ldap settings in 10-auth.conf"

+	fi

+

+	if use vpopmail; then

+		sed -i -e \

+			's/#!include auth-vpopmail.conf.ext/!include auth-vpopmail.conf.ext/' \

+			"${confd}/10-auth.conf" \

+			|| die "failed to update vpopmail settings in 10-auth.conf"

+	fi

+

+	if use sieve || use managesieve ; then

+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"

+		emake DESTDIR="${ED}" install

+		sed -i -e \

+			's/^[[:space:]]*#mail_plugins = $mail_plugins/mail_plugins = sieve/' "${confd}/15-lda.conf" \

+			|| die "failed to update sieve settings in 15-lda.conf"

+		rm -rf "${ED}"/usr/share/doc/dovecot

+		dodoc doc/*.txt

+		docinto example-config/conf.d

+		dodoc doc/example-config/conf.d/*.conf

+		insinto /etc/dovecot/conf.d

+		doins doc/example-config/conf.d/90-sieve{,-extprograms}.conf

+		use managesieve && doins doc/example-config/conf.d/20-managesieve.conf

+		docinto sieve/rfc

+		dodoc doc/rfc/*.txt

+		docinto sieve/devel

+		dodoc doc/devel/DESIGN

+		doman doc/man/*.{1,7}

+	fi

+

+	use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete

+}

+

+pkg_postinst() {

+	if use ssl; then

+	# Let's not make a new certificate if we already have one

+		if ! [[ -e "${ROOT}"/etc/ssl/dovecot/server.pem && \

+		-e "${ROOT}"/etc/ssl/dovecot/server.key ]];	then

+			einfo "Creating SSL	certificate"

+			SSL_ORGANIZATION="${SSL_ORGANIZATION:-Dovecot IMAP Server}"

+			install_cert /etc/ssl/dovecot/server

+		fi

+	fi

+

+	elog "Please read http://wiki2.dovecot.org/Upgrading/ for upgrade notes."

+}

@@ -0,0 +1,19 @@

+# bug 508552

+--- doc/example-config/conf.d/10-ssl.conf	2013-11-24 13:37:39.000000000 +0000

++++ doc/example-config/conf.d/10-ssl.conf	2014-05-12 14:42:26.000000000 +0000

+@@ -51,6 +51,15 @@

+ # SSL ciphers to use

+ #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

+ 

++# ##########################################

++# You are strongly encouraged to change the above two settings to

++#

++#ssl_protocols = !SSLv2 !SSLv3

++#ssl_cipher_list = ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:+RC4:@STRENGTH

++#

++# if you are not required to support legacy mail clients.

++# ##########################################

++

+ # Prefer the server's order of ciphers over client's.

+ #ssl_prefer_server_ciphers = no

+ 

@@ -0,0 +1,45 @@

+

+# HG changeset patch

+# User Timo Sirainen <tss@iki.fi>

+# Date 1401957019 -10800

+# Node ID 09d3c9c6f0ad473e0114edac67d4ec43cf7255bd

+# Parent  304d545927d25ea352ac596b7d7ce2e96468fe2e

+*-login: Flush SSL output when logging out.

+The BYE and LOGOUT replies weren't being sent when they were sent from

+imap-login process (before logging in).

+

+diff -r 304d545927d2 -r 09d3c9c6f0ad src/login-common/client-common.c

+--- a/src/login-common/client-common.c	Wed Jun 04 00:35:27 2014 +0300

++++ b/src/login-common/client-common.c	Thu Jun 05 11:30:19 2014 +0300

+@@ -172,6 +172,7 @@

+ 		last_client = client->prev;

+ 	DLLIST_REMOVE(&clients, client);

+ 

++	o_stream_uncork(client->output);

+ 	if (!client->login_success && client->ssl_proxy != NULL)

+ 		ssl_proxy_destroy(client->ssl_proxy);

+ 	if (client->input != NULL)

+diff -r 304d545927d2 -r 09d3c9c6f0ad src/login-common/ssl-proxy-openssl.c

+--- a/src/login-common/ssl-proxy-openssl.c	Wed Jun 04 00:35:27 2014 +0300

++++ b/src/login-common/ssl-proxy-openssl.c	Thu Jun 05 11:30:19 2014 +0300

+@@ -806,10 +806,19 @@

+ 	i_free(proxy);

+ }

+ 

++static void ssl_proxy_flush(struct ssl_proxy *proxy)

++{

++	/* this is pretty kludgy. mainly this is just for flushing the final

++	   LOGOUT command output. */

++	plain_read(proxy);

++	ssl_step(proxy);

++}

++

+ void ssl_proxy_destroy(struct ssl_proxy *proxy)

+ {

+ 	if (proxy->destroyed)

+ 		return;

++	ssl_proxy_flush(proxy);

+ 	proxy->destroyed = TRUE;

+ 

+ 	ssl_proxy_count--;

+

@@ -0,0 +1,31 @@

+

+# HG changeset patch

+# User Teemu Huovila <teemu.huovila@dovecot.fi>

+# Date 1402305282 -10800

+# Node ID 7129fe8bc260642cb79c8bbad9d20ef47e82f3d2

+# Parent  6a9508d28d340091b0a2897e4e4b5ba826d39a17

+login-common: Fixed infinite loop in ssl proxy flushing.

+

+diff -r 6a9508d28d34 -r 7129fe8bc260 src/login-common/ssl-proxy-openssl.c

+--- a/src/login-common/ssl-proxy-openssl.c	Mon Jun 09 12:12:58 2014 +0300

++++ b/src/login-common/ssl-proxy-openssl.c	Mon Jun 09 12:14:42 2014 +0300

+@@ -79,6 +79,7 @@

+ 	unsigned int cert_received:1;

+ 	unsigned int cert_broken:1;

+ 	unsigned int client_proxy:1;

++	unsigned int flushing:1;

+ };

+ 

+ struct ssl_parameters {

+@@ -816,8 +817,9 @@

+ 

+ void ssl_proxy_destroy(struct ssl_proxy *proxy)

+ {

+-	if (proxy->destroyed)

++	if (proxy->destroyed || proxy->flushing)

+ 		return;

++	proxy->flushing = TRUE;

+ 	ssl_proxy_flush(proxy);

+ 	proxy->destroyed = TRUE;

+ 

+

@@ -0,0 +1,58 @@

+#!/sbin/runscript

+# Copyright 1999-2012 Gentoo Foundation

+# Distributed under the terms of the GNU General Public License, v2 or later

+# $Header: /var/cvsroot/gentoo-x86/net-mail/dovecot/files/dovecot.init-r4,v 1.1 2012/12/01 10:40:49 eras Exp $

+

+extra_started_commands="reload"

+

+depend() {

+	need localmount

+	before postfix

+	after bootmisc ldap mysql ntp-client ntpd postgresql saslauthd slapd 

+	use logger net

+}

+

+checkconfig() {

+	DOVECOT_INSTANCE=${SVCNAME##*.}

+	if [ -n "${DOVECOT_INSTANCE}" -a "${SVCNAME}" != "dovecot" ]; then

+		DOVECOT_CONF=/etc/dovecot/dovecot.${DOVECOT_INSTANCE}.conf

+	else

+		DOVECOT_CONF=/etc/dovecot/dovecot.conf

+	fi

+	if [ ! -e ${DOVECOT_CONF} ]; then

+		eerror "You will need an ${DOVECOT_CONF} first"

+		return 1

+	fi

+	if [ -x /usr/sbin/dovecot ]; then

+		DOVECOT_BASEDIR=$(/usr/sbin/dovecot -c ${DOVECOT_CONF} -a | grep '^base_dir = ' | sed 's/^base_dir = //')

+	else

+		eerror "dovecot not executable"

+		return 1

+	fi

+	DOVECOT_BASEDIR=${DOVECOT_BASEDIR:-/var/run/dovecot}

+	DOVECOT_PIDFILE=${DOVECOT_BASEDIR}/master.pid

+}

+

+start() {

+	checkconfig || return 1

+	ebegin "Starting ${SVCNAME}"

+	start-stop-daemon --start --exec /usr/sbin/dovecot \

+		--pidfile "${DOVECOT_PIDFILE}" -- -c "${DOVECOT_CONF}"

+	eend $?

+}

+

+stop() {

+	checkconfig || return 1

+	ebegin "Stopping ${SVCNAME}"

+	start-stop-daemon --stop --exec /usr/sbin/dovecot \

+		--pidfile "${DOVECOT_PIDFILE}"

+	eend $?

+}

+

+reload() {

+	checkconfig || return 1

+	ebegin "Reloading ${SVCNAME} configs and restarting auth/login processes"

+	start-stop-daemon --signal HUP --exec /usr/sbin/dovecot \

+		--pidfile "${DOVECOT_PIDFILE}"

+	eend $?

+}