Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 3 Jun 2022 04:45:57 GMT
From:      Dirk Meyer <dinoex@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 7384f5368e82 - main - mail/sendmail: New options MTA-STS TLS_CERT_CHAIN
Message-ID:  <202206030445.2534jvaJ036443@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by dinoex:

URL: https://cgit.FreeBSD.org/ports/commit/?id=7384f5368e82dd9644322da2b07abc32a3c44ca9

commit 7384f5368e82dd9644322da2b07abc32a3c44ca9
Author:     Dirk Meyer <dinoex@FreeBSD.org>
AuthorDate: 2022-06-03 04:45:38 +0000
Commit:     Dirk Meyer <dinoex@FreeBSD.org>
CommitDate: 2022-06-03 04:45:38 +0000

    mail/sendmail: New options MTA-STS TLS_CERT_CHAIN
    
    PR: 264324
---
 mail/sendmail/Makefile                            | 19 +++++++++++++------
 mail/sendmail/files/patch-cfsts.m4                |  9 +++++++++
 mail/sendmail/files/site.config.m4.mta-sts        |  1 +
 mail/sendmail/files/site.config.m4.tls            |  4 +++-
 mail/sendmail/files/site.config.m4.tls-cert-chain |  1 +
 5 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile
index f83d376b872a..0df6543f1256 100644
--- a/mail/sendmail/Makefile
+++ b/mail/sendmail/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	sendmail
 PORTVERSION=	8.17.1
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.sendmail.org/pub/sendmail/
 DISTNAME=	${PORTNAME}.${PORTVERSION}
@@ -46,7 +46,7 @@ MILTER_SOVER?=	6
 
 OPTIONS_DEFINE?=	SHMEM SEM LA NIS IPV6 TLS DANE SASL SASLAUTHD LDAP \
 			BDB GDBM SOCKETMAP CYRUSLOOKUP BLACKLISTD SMTPUTF8 \
-			PICKY_HELO_CHECK MILTER DOCS
+			PICKY_HELO_CHECK MILTER MTA_STS TLS_CERT_CHAIN DOCS
 OPTIONS_DEFAULT?=	SHMEM SEM LA NIS TLS DANE SASL SASLAUTHD BDB1 \
 			BLACKLISTD PICKY_HELO_CHECK MILTER
 NO_OPTIONS_SORT=yes
@@ -63,6 +63,8 @@ CYRUSLOOKUP_DESC=	Enable cyruslookup feature
 PICKY_HELO_CHECK_DESC=	Enable picky HELO check
 MILTER_DESC=		Enable milter support
 SMTPUTF8_DESC=		Enable unicode address support
+MTA_STS_DESC=		Emable MTA-STS support (option SOCKETMAP and TLS needed)
+TLS_CERT_CHAIN_DESC=	Enable certificate chain file support (incompatibility)
 
 TLS_USES=	ssl
 SASL_LIB_DEPENDS=	libsasl2.so:security/cyrus-sasl2
@@ -73,7 +75,10 @@ LDAP_IMPLIES=	DANE
 BDB_USES=	bdb
 GDBM_LIB_DEPENDS=	libgdbm.so:databases/gdbm
 GDBM_CONFIGURE_WITH=	compat
+CYRUSLOOKUP_IMPLIES=	SOCKETMAP
 SMTPUTF8_LIB_DEPENDS=	libidn2.so:dns/libidn2 libicui18n.so:devel/icu
+MTA_STS_IMPLIES=	SOCKETMAP TLS
+TLS_CERT_CHAIN_IMPLIES=	TLS
 
 .include <bsd.port.options.mk>
 
@@ -97,12 +102,8 @@ SASL_SUFFIX?=	+sasl2
 CONFLICTS+=	sendmail-ldap-8.* sendmail-tls-8.*
 .endif
 .if ${PORT_OPTIONS:MCYRUSLOOKUP}
-.if ! ${PORT_OPTIONS:MSOCKETMAP}
-IGNORE=		option CYRUSLOOKUP requires option SOCKETMAP
-.else
 EXTRA_PATCHES+=	${FILESDIR}/cyruslookup.patch
 .endif
-.endif
 .if ${PORT_OPTIONS:MTLS}
 TLS_SUFFIX?=	+tls
 CONFLICTS+=	sendmail-ldap-8.* sendmail-sasl2-8.*
@@ -146,6 +147,9 @@ SITE+=	${FILESDIR}/site.config.m4.milter
 LICENSE_PERMS=	dist-mirror dist-sell no-pkg-mirror no-pkg-sell auto-accept
 SITE+=	${FILESDIR}/site.config.m4.gdbm
 .endif
+.if ${PORT_OPTIONS:MMTA_STS}
+SITE+=	${FILESDIR}/site.config.m4.mta-sts
+.endif
 
 SED_SCRIPT=	-e "s|\`-O'|\`${CFLAGS}'|" \
 		-e 's|%%CC%%|${CC}|' -e 's|%%LD%%|${LD}|'
@@ -344,6 +348,9 @@ help:
 SITE+=	${FILESDIR}/site.config.m4.ssl
 .endif
 SITE+=	${FILESDIR}/site.config.m4.tls
+.if ${PORT_OPTIONS:MTLS_CERT_CHAIN}
+SITE+=	${FILESDIR}/site.config.m4.tls-cert-chain
+.endif
 .endif
 
 .if exists(${FILESDIR}/site.config.m4.local)
diff --git a/mail/sendmail/files/patch-cfsts.m4 b/mail/sendmail/files/patch-cfsts.m4
new file mode 100644
index 000000000000..d72176c43a21
--- /dev/null
+++ b/mail/sendmail/files/patch-cfsts.m4
@@ -0,0 +1,9 @@
+--- cf/feature/sts.m4.orig	2021-06-08 04:03:56.000000000 +0900
++++ cf/feature/sts.m4	2022-02-24 21:30:48.072162000 +0900
+@@ -15,5 +15,5 @@
+ LOCAL_CONFIG
+ O StrictTransportSecurity=true
+ ifelse(_ARG2_,`NO_SAN_TST',`',`O SetCertAltnames=true')
+-Ksts ifelse(defn(`_ARG_'), `', socket -d5 -T<TMPF> inet:5461@127.0.0.1,
++Ksts ifelse(defn(`_ARG_'), `', socket -d5 -T<TMPF> inet:8461@127.0.0.1,
+ 	       defn(`_NARG_'), `', `_ARG_', `_NARG_')
diff --git a/mail/sendmail/files/site.config.m4.mta-sts b/mail/sendmail/files/site.config.m4.mta-sts
new file mode 100644
index 000000000000..27167096539d
--- /dev/null
+++ b/mail/sendmail/files/site.config.m4.mta-sts
@@ -0,0 +1 @@
+APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_MTA_STS')
diff --git a/mail/sendmail/files/site.config.m4.tls b/mail/sendmail/files/site.config.m4.tls
index ec8a57bdbee1..49ed44d92ebe 100644
--- a/mail/sendmail/files/site.config.m4.tls
+++ b/mail/sendmail/files/site.config.m4.tls
@@ -1,2 +1,4 @@
-APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -DTLS_EC')
+APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -DTLS_EC=2')
+APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TLS_ALTNAMES')
+APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_VRFY_TRUSTED_FIRST')
 APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
diff --git a/mail/sendmail/files/site.config.m4.tls-cert-chain b/mail/sendmail/files/site.config.m4.tls-cert-chain
new file mode 100644
index 000000000000..c65889272804
--- /dev/null
+++ b/mail/sendmail/files/site.config.m4.tls-cert-chain
@@ -0,0 +1 @@
+APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE')



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206030445.2534jvaJ036443>