Date: Fri, 3 Jun 2022 04:45:57 GMT From: Dirk Meyer <dinoex@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 7384f5368e82 - main - mail/sendmail: New options MTA-STS TLS_CERT_CHAIN Message-ID: <202206030445.2534jvaJ036443@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by dinoex: URL: https://cgit.FreeBSD.org/ports/commit/?id=7384f5368e82dd9644322da2b07abc32a3c44ca9 commit 7384f5368e82dd9644322da2b07abc32a3c44ca9 Author: Dirk Meyer <dinoex@FreeBSD.org> AuthorDate: 2022-06-03 04:45:38 +0000 Commit: Dirk Meyer <dinoex@FreeBSD.org> CommitDate: 2022-06-03 04:45:38 +0000 mail/sendmail: New options MTA-STS TLS_CERT_CHAIN PR: 264324 --- mail/sendmail/Makefile | 19 +++++++++++++------ mail/sendmail/files/patch-cfsts.m4 | 9 +++++++++ mail/sendmail/files/site.config.m4.mta-sts | 1 + mail/sendmail/files/site.config.m4.tls | 4 +++- mail/sendmail/files/site.config.m4.tls-cert-chain | 1 + 5 files changed, 27 insertions(+), 7 deletions(-) diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile index f83d376b872a..0df6543f1256 100644 --- a/mail/sendmail/Makefile +++ b/mail/sendmail/Makefile @@ -1,6 +1,6 @@ PORTNAME= sendmail PORTVERSION= 8.17.1 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= mail MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/ DISTNAME= ${PORTNAME}.${PORTVERSION} @@ -46,7 +46,7 @@ MILTER_SOVER?= 6 OPTIONS_DEFINE?= SHMEM SEM LA NIS IPV6 TLS DANE SASL SASLAUTHD LDAP \ BDB GDBM SOCKETMAP CYRUSLOOKUP BLACKLISTD SMTPUTF8 \ - PICKY_HELO_CHECK MILTER DOCS + PICKY_HELO_CHECK MILTER MTA_STS TLS_CERT_CHAIN DOCS OPTIONS_DEFAULT?= SHMEM SEM LA NIS TLS DANE SASL SASLAUTHD BDB1 \ BLACKLISTD PICKY_HELO_CHECK MILTER NO_OPTIONS_SORT=yes @@ -63,6 +63,8 @@ CYRUSLOOKUP_DESC= Enable cyruslookup feature PICKY_HELO_CHECK_DESC= Enable picky HELO check MILTER_DESC= Enable milter support SMTPUTF8_DESC= Enable unicode address support +MTA_STS_DESC= Emable MTA-STS support (option SOCKETMAP and TLS needed) +TLS_CERT_CHAIN_DESC= Enable certificate chain file support (incompatibility) TLS_USES= ssl SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 @@ -73,7 +75,10 @@ LDAP_IMPLIES= DANE BDB_USES= bdb GDBM_LIB_DEPENDS= libgdbm.so:databases/gdbm GDBM_CONFIGURE_WITH= compat +CYRUSLOOKUP_IMPLIES= SOCKETMAP SMTPUTF8_LIB_DEPENDS= libidn2.so:dns/libidn2 libicui18n.so:devel/icu +MTA_STS_IMPLIES= SOCKETMAP TLS +TLS_CERT_CHAIN_IMPLIES= TLS .include <bsd.port.options.mk> @@ -97,12 +102,8 @@ SASL_SUFFIX?= +sasl2 CONFLICTS+= sendmail-ldap-8.* sendmail-tls-8.* .endif .if ${PORT_OPTIONS:MCYRUSLOOKUP} -.if ! ${PORT_OPTIONS:MSOCKETMAP} -IGNORE= option CYRUSLOOKUP requires option SOCKETMAP -.else EXTRA_PATCHES+= ${FILESDIR}/cyruslookup.patch .endif -.endif .if ${PORT_OPTIONS:MTLS} TLS_SUFFIX?= +tls CONFLICTS+= sendmail-ldap-8.* sendmail-sasl2-8.* @@ -146,6 +147,9 @@ SITE+= ${FILESDIR}/site.config.m4.milter LICENSE_PERMS= dist-mirror dist-sell no-pkg-mirror no-pkg-sell auto-accept SITE+= ${FILESDIR}/site.config.m4.gdbm .endif +.if ${PORT_OPTIONS:MMTA_STS} +SITE+= ${FILESDIR}/site.config.m4.mta-sts +.endif SED_SCRIPT= -e "s|\`-O'|\`${CFLAGS}'|" \ -e 's|%%CC%%|${CC}|' -e 's|%%LD%%|${LD}|' @@ -344,6 +348,9 @@ help: SITE+= ${FILESDIR}/site.config.m4.ssl .endif SITE+= ${FILESDIR}/site.config.m4.tls +.if ${PORT_OPTIONS:MTLS_CERT_CHAIN} +SITE+= ${FILESDIR}/site.config.m4.tls-cert-chain +.endif .endif .if exists(${FILESDIR}/site.config.m4.local) diff --git a/mail/sendmail/files/patch-cfsts.m4 b/mail/sendmail/files/patch-cfsts.m4 new file mode 100644 index 000000000000..d72176c43a21 --- /dev/null +++ b/mail/sendmail/files/patch-cfsts.m4 @@ -0,0 +1,9 @@ +--- cf/feature/sts.m4.orig 2021-06-08 04:03:56.000000000 +0900 ++++ cf/feature/sts.m4 2022-02-24 21:30:48.072162000 +0900 +@@ -15,5 +15,5 @@ + LOCAL_CONFIG + O StrictTransportSecurity=true + ifelse(_ARG2_,`NO_SAN_TST',`',`O SetCertAltnames=true') +-Ksts ifelse(defn(`_ARG_'), `', socket -d5 -T<TMPF> inet:5461@127.0.0.1, ++Ksts ifelse(defn(`_ARG_'), `', socket -d5 -T<TMPF> inet:8461@127.0.0.1, + defn(`_NARG_'), `', `_ARG_', `_NARG_') diff --git a/mail/sendmail/files/site.config.m4.mta-sts b/mail/sendmail/files/site.config.m4.mta-sts new file mode 100644 index 000000000000..27167096539d --- /dev/null +++ b/mail/sendmail/files/site.config.m4.mta-sts @@ -0,0 +1 @@ +APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_MTA_STS') diff --git a/mail/sendmail/files/site.config.m4.tls b/mail/sendmail/files/site.config.m4.tls index ec8a57bdbee1..49ed44d92ebe 100644 --- a/mail/sendmail/files/site.config.m4.tls +++ b/mail/sendmail/files/site.config.m4.tls @@ -1,2 +1,4 @@ -APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -DTLS_EC') +APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -DTLS_EC=2') +APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TLS_ALTNAMES') +APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_VRFY_TRUSTED_FIRST') APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto') diff --git a/mail/sendmail/files/site.config.m4.tls-cert-chain b/mail/sendmail/files/site.config.m4.tls-cert-chain new file mode 100644 index 000000000000..c65889272804 --- /dev/null +++ b/mail/sendmail/files/site.config.m4.tls-cert-chain @@ -0,0 +1 @@ +APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE')
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206030445.2534jvaJ036443>