From 6a445145a567f6d93430f7211b9e4712fbd45a1d Mon Sep 17 00:00:00 2001 From: kth5 Date: Sun, 9 Feb 2025 23:16:57 +0100 Subject: [PATCH] * update opendkim to 2.11.0beta-8.1 --- opendkim/PKGBUILD | 39 ++- opendkim/conf_refcnt.patch | 13 + opendkim/fix-RSA_Sign-call.patch | 27 +++ opendkim/ftbfs-gcc-14-1075339.patch | 17 ++ opendkim/insheader.patch | 69 ++++++ opendkim/mlfi_close.patch | 90 +++++++ opendkim/nsupdate_output.patch | 125 ++++++++++ .../opendkim-2.10.3-fix-ldap-sasl-pc.patch | 69 ++++++ ...opendkim-2.10.3-fix-libmilter-search.patch | 223 ++++++++++++++++++ ...im-2.10.3-incompatible-pointer-types.patch | 32 +++ .../opendkim-2.10.3-snprintf-include.patch | 27 +++ .../opendkim-2.10.3-vsnprintf-include.patch | 26 ++ opendkim/replace-headers.patch | 14 ++ 13 files changed, 768 insertions(+), 3 deletions(-) create mode 100644 opendkim/conf_refcnt.patch create mode 100644 opendkim/fix-RSA_Sign-call.patch create mode 100644 opendkim/ftbfs-gcc-14-1075339.patch create mode 100644 opendkim/insheader.patch create mode 100644 opendkim/mlfi_close.patch create mode 100644 opendkim/nsupdate_output.patch create mode 100644 opendkim/opendkim-2.10.3-fix-ldap-sasl-pc.patch create mode 100644 opendkim/opendkim-2.10.3-fix-libmilter-search.patch create mode 100644 opendkim/opendkim-2.10.3-incompatible-pointer-types.patch create mode 100644 opendkim/opendkim-2.10.3-snprintf-include.patch create mode 100644 opendkim/opendkim-2.10.3-vsnprintf-include.patch create mode 100644 opendkim/replace-headers.patch diff --git a/opendkim/PKGBUILD b/opendkim/PKGBUILD index a8affd6372..d848c1b712 100644 --- a/opendkim/PKGBUILD +++ b/opendkim/PKGBUILD @@ -4,7 +4,7 @@ pkgname=opendkim pkgver=2.11.0beta -pkgrel=8 +pkgrel=8.1 _commit=551ab3820476234def82eb2223ca6c7b45b45076 pkgdesc="Open source implementation of the DKIM sender authentication system. Based on a fork of dkim-milter." arch=(x86_64 powerpc64le powerpc64 powerpc) @@ -21,17 +21,50 @@ source=("git+https://github.com/trusteddomainproject/OpenDKIM.git#commit=${_comm opendkim.sysusers opendkim.tmpfiles opendkim.service - openssl_1.1.0_compat.patch) + opendkim-2.10.3-fix-ldap-sasl-pc.patch + opendkim-2.10.3-incompatible-pointer-types.patch + opendkim-2.10.3-snprintf-include.patch + opendkim-2.10.3-vsnprintf-include.patch + conf_refcnt.patch + fix-RSA_Sign-call.patch + ftbfs-gcc-14-1075339.patch + insheader.patch + mlfi_close.patch + nsupdate_output.patch + replace-headers.patch) sha256sums=('7ecf55e6cc7f2b167ac109223e270d35d0c1f467f0574260cafab5ced0f2d0d3' 'd677e975977a94c09aaf1c92a98797189d969cdce98ac3867d7a3737ad4eaab0' '9cf80fce628104be279f82c120119284e5ab295d5ce64ced5b9d98271d2c752e' 'ab66c9fdcb8913f2a550289dd44d56d17b960cf5275839ffd03cba70a27ab6ed' 'a9beeedc6fb543d92a9dd50c99c018dccdc2b7123675d37d7a4123a93d211487' - '5095a7516493af08396060852851231c9b1cba5ee00493f810f0dfc9a69f8dfe') + '7b2627e3f787952d36f33b052a0723d0bf8dbfc36de40fc11d4b9b4c4cfbd485' + '0499d37648554d186fcee44d90dcb1c6ebd0666c2169409f211389f5ffcd3d74' + '1bdf003c597aaa1d62ca51bfb43589c02aa9b0bbd7ab0659d77d6d6c04fa4ce6' + 'b0cacfa7407b7d9c7d24591f4b8fca9deb8254c4754ec25aace5411866fbe219' + '07ee5ff2a0664bd40db6cc98d58fd2ba5cfcd46ffc52f1e4dafdd8d11790db4b' + '9910a3899313dec7f313153818cd71bdd57526931433b5b96d28f840e1afbe59' + '731aed3eae50e55c7c2a9810ba12f99366a437fc72e634fe9ec5ae19f1237578' + 'b26859b22027099432982e467549de4cbb56675379b43b252298879ebfa3b76d' + '9a3e177ba92806d63a5bf8504fe27f60a069513dd7c0119889756d39bb894c62' + 'a9bf505214a5c48d95be0ddd1b953d7221b73c11cdec4c0d3c4f017e1e8536fe' + '969b409b23f7b1352e399963a6105ff906d27a2134e63ca672d26f9c543ea275') prepare() { cd "$srcdir/OpenDKIM" patch -p1 -i "$srcdir"/7c70ee7c86da1cecc621182355cc950d3b193314.patch + + patch -Np1 -i ${srcdir}/opendkim-2.10.3-fix-ldap-sasl-pc.patch + patch -Np1 -i ${srcdir}/opendkim-2.10.3-incompatible-pointer-types.patch + patch -Np1 -i ${srcdir}/opendkim-2.10.3-snprintf-include.patch + patch -Np1 -i ${srcdir}/opendkim-2.10.3-vsnprintf-include.patch + patch -Np1 -i ${srcdir}/conf_refcnt.patch + patch -Np1 -i ${srcdir}/fix-RSA_Sign-call.patch + patch -Np1 -i ${srcdir}/ftbfs-gcc-14-1075339.patch + patch -Np1 -i ${srcdir}/insheader.patch + patch -Np1 -i ${srcdir}/mlfi_close.patch + patch -Np1 -i ${srcdir}/nsupdate_output.patch + patch -Np1 -i ${srcdir}/replace-headers.patch + autoreconf -i } diff --git a/opendkim/conf_refcnt.patch b/opendkim/conf_refcnt.patch new file mode 100644 index 0000000000..0fd776e484 --- /dev/null +++ b/opendkim/conf_refcnt.patch @@ -0,0 +1,13 @@ +Description: opendkim/opendkim.c:dkimf_config_free(): don't assert conf->refcnt == 0 +Bug: https://github.com/trusteddomainproject/OpenDKIM/issues/22 + +--- a/opendkim/opendkim.c ++++ b/opendkim/opendkim.c +@@ -5902,7 +5902,6 @@ + dkimf_config_free(struct dkimf_config *conf) + { + assert(conf != NULL); +- assert(conf->conf_refcnt == 0); + + dkimf_zapkey(conf); + diff --git a/opendkim/fix-RSA_Sign-call.patch b/opendkim/fix-RSA_Sign-call.patch new file mode 100644 index 0000000000..e42d541b1d --- /dev/null +++ b/opendkim/fix-RSA_Sign-call.patch @@ -0,0 +1,27 @@ +Description: Fix signedness bug in RSA_Sign call +Author: Martin Grimm +Bug: https://github.com/trusteddomainproject/OpenDKIM/pull/159 + +--- a/libopendkim/dkim.c ++++ b/libopendkim/dkim.c +@@ -3951,6 +3951,7 @@ + { + int nid; + struct dkim_crypto *crypto; ++ unsigned int ui_l = 0; + + crypto = (struct dkim_crypto *) sig->sig_signature; + +@@ -3961,9 +3962,11 @@ + sig->sig_hashtype == DKIM_HASHTYPE_SHA256) + nid = NID_sha256; + ++ /* use variable ui_l to savely get the length (unsigned int *) out of RSA_sign and into size_t type l */ + status = RSA_sign(nid, digest, diglen, +- crypto->crypto_out, (int *) &l, ++ crypto->crypto_out, &ui_l, + crypto->crypto_key); ++ l = ui_l; + if (status != 1 || l == 0) + { + dkim_load_ssl_errors(dkim, 0); diff --git a/opendkim/ftbfs-gcc-14-1075339.patch b/opendkim/ftbfs-gcc-14-1075339.patch new file mode 100644 index 0000000000..489b75d73e --- /dev/null +++ b/opendkim/ftbfs-gcc-14-1075339.patch @@ -0,0 +1,17 @@ +Description: Fix FTBFS with gcc-14 +Author: Tim Woodall +Bug-Debian: https://bugs.debian.org/1075339 +Forwarded: no +Last-Update: 2024-08-25 + +--- opendkim-2.11.0~beta2.orig/librbl/rbl.c ++++ opendkim-2.11.0~beta2/librbl/rbl.c +@@ -329,7 +329,7 @@ void + rbl_res_close(void *srv) + { + #ifdef HAVE_RES_NINIT +- struct state *res; ++ struct __res_state *res; + + res = srv; + diff --git a/opendkim/insheader.patch b/opendkim/insheader.patch new file mode 100644 index 0000000000..91626b26fe --- /dev/null +++ b/opendkim/insheader.patch @@ -0,0 +1,69 @@ +Description: Insert trace headers at index 0 +Author: David Bürgin +Bug: https://github.com/trusteddomainproject/OpenDKIM/pull/126 + +--- a/opendkim/opendkim.c ++++ b/opendkim/opendkim.c +@@ -3670,7 +3670,7 @@ + + if (ctx == NULL) + lua_pushnil(l); +- else if (dkimf_insheader(ctx, 1, name, value) == MI_SUCCESS) ++ else if (dkimf_insheader(ctx, 0, name, value) == MI_SUCCESS) + lua_pushnumber(l, 1); + else + lua_pushnil(l); +@@ -4246,7 +4246,7 @@ + assert(conf != NULL); + assert(ctx != NULL); + +- if (dkimf_insheader(ctx, 1, AUTHRESULTSHDR, ++ if (dkimf_insheader(ctx, 0, AUTHRESULTSHDR, + (char *) dfc->mctx_dkimar) == MI_FAILURE) + { + if (conf->conf_dolog) +@@ -13517,7 +13517,7 @@ + dkimf_lookup_inttostr(dfc->mctx_status, + dkimf_statusstrings)); + +- if (dkimf_insheader(ctx, 1, AUTHRESULTSHDR, ++ if (dkimf_insheader(ctx, 0, AUTHRESULTSHDR, + (char *) header) == MI_FAILURE) + { + if (conf->conf_dolog) +@@ -14962,7 +14962,7 @@ + sizeof header); + } + +- if (dkimf_insheader(ctx, 1, ++ if (dkimf_insheader(ctx, 0, + AUTHRESULTSHDR, + (char *) header) == MI_FAILURE) + { +@@ -15165,7 +15165,7 @@ + dkimf_stripcr((char *) start); + dkimf_dstring_cat(dfc->mctx_tmpstr, start); + +- if (dkimf_insheader(ctx, 1, DKIM_SIGNHEADER, ++ if (dkimf_insheader(ctx, 0, DKIM_SIGNHEADER, + (char *) dkimf_dstring_get(dfc->mctx_tmpstr)) == MI_FAILURE) + { + if (conf->conf_dolog) +@@ -15201,7 +15201,7 @@ + /* add VBR-Info header if generated */ + if (dfc->mctx_vbrinfo != NULL) + { +- if (dkimf_insheader(ctx, 1, VBR_INFOHEADER, ++ if (dkimf_insheader(ctx, 0, VBR_INFOHEADER, + dfc->mctx_vbrinfo) == MI_FAILURE) + { + if (conf->conf_dolog) +@@ -15251,7 +15251,7 @@ + dfc->mctx_jobid != NULL ? dfc->mctx_jobid + : (u_char *) JOBIDUNKNOWN); + +- if (dkimf_insheader(ctx, 1, SWHEADERNAME, xfhdr) != MI_SUCCESS) ++ if (dkimf_insheader(ctx, 0, SWHEADERNAME, xfhdr) != MI_SUCCESS) + { + if (conf->conf_dolog) + { diff --git a/opendkim/mlfi_close.patch b/opendkim/mlfi_close.patch new file mode 100644 index 0000000000..2966c645c2 --- /dev/null +++ b/opendkim/mlfi_close.patch @@ -0,0 +1,90 @@ +Description: Reorder mlfi_close logic fixing use-after-free error +Author: David Bürgin +Bug: https://github.com/trusteddomainproject/OpenDKIM/pull/129 + +--- a/opendkim/opendkim.c ++++ b/opendkim/opendkim.c +@@ -15360,6 +15360,41 @@ + cc = (connctx) dkimf_getpriv(ctx); + if (cc != NULL) + { ++#ifdef QUERY_CACHE ++ if (querycache) ++ { ++ time_t now; ++ ++ (void) time(&now); ++ if (cache_lastlog + CACHESTATSINT < now) ++ { ++ u_int c_hits; ++ u_int c_queries; ++ u_int c_expired; ++ u_int c_pct; ++ u_int c_keys; ++ ++ dkim_getcachestats(cc->cctx_config->conf_libopendkim, ++ &c_queries, &c_hits, &c_expired, ++ &c_keys, FALSE); ++ ++ cache_lastlog = now; ++ ++ if (c_queries == 0) ++ c_pct = 0; ++ else ++ c_pct = (c_hits * 100) / c_queries; ++ ++ syslog(LOG_INFO, ++ "cache: %u quer%s, %u hit%s (%d%%), %u expired, %u key%s", ++ c_queries, c_queries == 1 ? "y" : "ies", ++ c_hits, c_hits == 1 ? "" : "s", ++ c_pct, c_expired, ++ c_keys, c_keys == 1 ? "" : "s"); ++ } ++ } ++#endif /* QUERY_CACHE */ ++ + pthread_mutex_lock(&conf_lock); + + cc->cctx_config->conf_refcnt--; +@@ -15374,41 +15409,6 @@ + dkimf_setpriv(ctx, NULL); + } + +-#ifdef QUERY_CACHE +- if (querycache) +- { +- time_t now; +- +- (void) time(&now); +- if (cache_lastlog + CACHESTATSINT < now) +- { +- u_int c_hits; +- u_int c_queries; +- u_int c_expired; +- u_int c_pct; +- u_int c_keys; +- +- dkim_getcachestats(cc->cctx_config->conf_libopendkim, +- &c_queries, &c_hits, &c_expired, +- &c_keys, FALSE); +- +- cache_lastlog = now; +- +- if (c_queries == 0) +- c_pct = 0; +- else +- c_pct = (c_hits * 100) / c_queries; +- +- syslog(LOG_INFO, +- "cache: %u quer%s, %u hit%s (%d%%), %u expired, %u key%s", +- c_queries, c_queries == 1 ? "y" : "ies", +- c_hits, c_hits == 1 ? "" : "s", +- c_pct, c_expired, +- c_keys, c_keys == 1 ? "" : "s"); +- } +- } +-#endif /* QUERY_CACHE */ +- + return SMFIS_CONTINUE; + } + diff --git a/opendkim/nsupdate_output.patch b/opendkim/nsupdate_output.patch new file mode 100644 index 0000000000..299887e37a --- /dev/null +++ b/opendkim/nsupdate_output.patch @@ -0,0 +1,125 @@ +opendkim-genzone: fix nsupdate output + +This patch addresses several issues with the nsupdate output: + +o Add the correct fields (v=DKIM1, etc) before the key +o Properly break fields into 255 byte chunks +o Add the possibility to restrict the key to email signing + +Based on an original patch by Marco Favero as posted at: +https://sourceforge.net/p/opendkim/feature-requests/200/ + +Bug: https://sourceforge.net/p/opendkim/feature-requests/200/ + +--- a/opendkim/opendkim-genzone.8.in ++++ b/opendkim/opendkim-genzone.8.in +@@ -7,6 +7,7 @@ + [\-C address] + [\-d domain] + [\-D] ++[\-M] + [\-E secs] + [\-F] + [\-N ns[,...]] +@@ -64,6 +65,10 @@ + .I \-D + Adds a "._domainkey" suffix to selector names in the zone file. + .TP ++.I \-M ++Restricts the keys for use in e-mail signing only. The default is to allow ++the keys to be used for any service. ++.TP + .I \-E secs + When generating an SOA record (see + .I \-S +--- a/opendkim/opendkim-genzone.c ++++ b/opendkim/opendkim-genzone.c +@@ -52,7 +52,7 @@ + + /* definitions */ + #define BUFRSZ 1024 +-#define CMDLINEOPTS "C:d:DE:Fo:N:r:R:sSt:T:uvx:" ++#define CMDLINEOPTS "C:d:DME:Fo:N:r:R:sSt:T:uvx:" + #define DEFCONFFILE CONFIG_BASE "/opendkim.conf" + #define DEFEXPIRE 604800 + #define DEFREFRESH 10800 +@@ -195,6 +195,7 @@ + "\t-D \tinclude '._domainkey' suffix\n" + "\t-E secs \tuse specified expiration time in SOA\n" + "\t-F \tinclude '._domainkey' suffix and domainname\n" ++ "\t-M \trestricts the keys for use in e-mail signing only\n" + "\t-o file \toutput file\n" + "\t-N ns[,...] \tlist NS records\n" + "\t-r secs \tuse specified refresh time in SOA\n" +@@ -230,6 +231,7 @@ + _Bool fqdnsuffix = FALSE; + _Bool subdomains = FALSE; + _Bool writesoa = FALSE; ++ _Bool mailrestrict = FALSE; + int c; + int status; + int verbose = 0; +@@ -309,6 +311,10 @@ + fqdnsuffix = TRUE; + break; + ++ case 'M': ++ mailrestrict = TRUE; ++ break; ++ + case 'N': + nameservers = strdup(optarg); + break; +@@ -873,42 +879,42 @@ + fprintf(out, "zone %s\n", domain); + + snprintf(tmpbuf, sizeof tmpbuf, +- "update add %s%s%s%s%s %d TXT \"", ++ "update add %s%s%s%s%s %d TXT \"v=DKIM1\\;k=rsa\\;%sp=", + selector, suffix ? DKIMZONE : "", + fqdnsuffix ? "." : "", + fqdnsuffix ? domain : "", + fqdnsuffix ? "." : "", +- ttl == -1 ? defttl : ttl); ++ ttl == -1 ? defttl : ttl, ++ mailrestrict ? "s=email\\;" : ""); + } + else + { + if (ttl == -1) + { + snprintf(tmpbuf, sizeof tmpbuf, +- "%s%s%s%s%s\tIN\tTXT\t( \"v=DKIM1; k=rsa; p=", ++ "%s%s%s%s%s\tIN\tTXT\t( \"v=DKIM1\\;k=rsa\\;%sp=", + selector, suffix ? DKIMZONE : "", + fqdnsuffix ? "." : "", + fqdnsuffix ? domain : "", +- fqdnsuffix ? "." : ""); ++ fqdnsuffix ? "." : "", ++ mailrestrict ? "s=email\\;" : ""); + } + else + { + snprintf(tmpbuf, sizeof tmpbuf, +- "%s%s%s%s%s\t%d\tIN\tTXT\t( \"v=DKIM1; k=rsa; p=", ++ "%s%s%s%s%s\t%d\tIN\tTXT\t( \"v=DKIM1\\;k=rsa\\;%sp=", + selector, suffix ? DKIMZONE : "", + fqdnsuffix ? "." : "", + fqdnsuffix ? domain : "", + fqdnsuffix ? "." : "", +- ttl); ++ ttl, ++ mailrestrict ? "s=email\\;" : ""); + } + } + + fprintf(out, "%s", tmpbuf); + +- if (nsupdate) +- olen = 0; +- else +- olen = strflen(tmpbuf); ++ olen = strflen(strstr(tmpbuf, "v=DKIM1")); + + seenlf = FALSE; + diff --git a/opendkim/opendkim-2.10.3-fix-ldap-sasl-pc.patch b/opendkim/opendkim-2.10.3-fix-ldap-sasl-pc.patch new file mode 100644 index 0000000000..9375d3c8ba --- /dev/null +++ b/opendkim/opendkim-2.10.3-fix-ldap-sasl-pc.patch @@ -0,0 +1,69 @@ +From f203e0a001468cd30a0a3b780c90f0f90cdc35b8 Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky +Date: Sat, 2 Dec 2023 18:44:20 -0500 +Subject: [PATCH 1/2] configure.ac: update OpenLDAP's pkgconfig name + +OpenLDAP provides the file ldap.pc for its libldap library. This can +be verified via libraries/libldap/ldap.pc.in in the repository, + + https://git.openldap.org/openldap/openldap/-/blob/master/ + +Our ./configure script checks instead for the name "openldap", which +at some point may have been correct, but no longer works. We switch to +"ldap" so that we can locate the upstream file. + +On some platforms (https://bugs.gentoo.org/918512) this will fix a +linking error. Thanks to Chris Pritchard for the report and the +diagnosis. +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 1eaa95d8..b8353077 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1800,7 +1800,7 @@ OPENLDAP_LIBS="" + if test \( x"$ldappath" = x"auto" -o x"$ldappath" = x"yes" \) -a \ + x"$PKG_CONFIG" != x"" + then +- PKG_CHECK_MODULES([OPENLDAP], [openldap >= 2.0.0], ++ PKG_CHECK_MODULES([OPENLDAP], [ldap >= 2.0.0], + [ + ldap_found="yes" + OPENLDAP_CPPFLAGS="$OPENLDAP_CFLAGS" + +From 12b1403eea40f3df59ef130a28164f16d08053fc Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky +Date: Sat, 2 Dec 2023 18:52:09 -0500 +Subject: [PATCH 2/2] configure.ac: update Cyrus SASL's pkgconfig name + +Cyrus SASL provides the file libsasl2.pc for its libsasl2 +library. This can be verified in its git repository: + + https://github.com/cyrusimap/cyrus-sasl/blob/master/libsasl2.pc.in + +Our ./configure script checks instead for the name "cyrussasl", which +at some point may have been correct, but no longer works. We switch to +"libsasl2" so that we can locate the upstream file. + +On some platforms (https://bugs.gentoo.org/918512) this will fix a +linking error. Thanks to Chris Pritchard for the report and the +diagnosis. +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index b8353077..071e8511 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1890,7 +1890,7 @@ sasl_found="no" + if test \( x"$saslpath" = x"auto" -o x"$saslpath" = x"yes" \) -a \ + x"$PKG_CONFIG" != x"" + then +- PKG_CHECK_MODULES([SASL], [cyrussasl >= 2.1.0], ++ PKG_CHECK_MODULES([SASL], [libsasl2 >= 2.1.0], + [ + sasl_found="yes" + SASL_CPPFLAGS="$SASL_CFLAGS" diff --git a/opendkim/opendkim-2.10.3-fix-libmilter-search.patch b/opendkim/opendkim-2.10.3-fix-libmilter-search.patch new file mode 100644 index 0000000000..5e03a9931c --- /dev/null +++ b/opendkim/opendkim-2.10.3-fix-libmilter-search.patch @@ -0,0 +1,223 @@ +From a1371d8c81d5fc22cbc8ea2b1c9eb465e9a8e874 Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky +Date: Fri, 6 Nov 2020 07:40:06 -0500 +Subject: [PATCH] configure.ac: simplify the search for libmilter. + +This commit (temporarily?) reverts the --with-milter flag to a boolean, +disallowing the user to pass it a path. This is done for several reasons: + + * There's only one standard major version of libmilter, so people are + unlikely to have multiple copies of it installed side-by-side. And + When only one copy is present and usable with "-lmilter", the + ability to specify a path is redundant. + + * The "milter path" was used for both the headers and the library + itself. As a result, the user was expected to specify something + like "/usr" as the milter path, whence OpenDKIM would infer that + the headers live in /usr/include and that the libraries live + in /usr/. If multiple libraries live in multiple + somewheres -- as is the case with "lib" and "lib64" on multilib + systems -- OpenDKIM is prone to guessing incorrectly. In other + words, the "milter path" mechanism was not fine-grained enough + to specify the correct library, and this led to link failures + in some not-too-uncommon cases. + + * Headers and libraries in non-standard paths should be handled with + pkg-config, anyway. +--- + configure.ac | 129 +++++++------------------------------------ + opendkim/Makefile.am | 9 ++- + 2 files changed, 23 insertions(+), 115 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 828fe53f..8234e588 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -932,120 +932,29 @@ AC_SUBST(LIBCRYPTO_LIBS) + AC_MSG_CHECKING([for milter library and includes]) + AC_ARG_WITH([milter], + AS_HELP_STRING([--with-milter], +- [location of milter includes and library]), +- [milterpath="$withval"], [milterpath="auto"]) +- +-if test x"$enable_filter" = x"no" +-then +- milterpath="no" +-fi +- +-if test "$milterpath" = "auto" -o "$milterpath" = "yes" +-then +- milterdirs="/usr/local /opt/local /usr" +- for d in $milterdirs +- do +- if test -f $d/include/libmilter/mfapi.h +- then +- milterpath=$d +- break +- fi +- done +-fi +-case "$milterpath" in +- no) +- if test x"$enable_filter" = x"yes" +- then +- AC_MSG_ERROR([milter is required]) +- fi +- AC_MSG_RESULT(disabled) +- ;; +- auto) +- AC_MSG_ERROR([milter not found]) +- ;; +- */*) +- if ! test -f $milterpath/include/libmilter/mfapi.h +- then +- AC_MSG_ERROR([milter includes not found at $milterpath]) +- fi +- AC_MSG_RESULT([$milterpath]) +- ;; +- *) +- AC_MSG_ERROR([milter not found]) +- ;; +-esac +- +-LIBMILTER_INCDIRS="" +-LIBMILTER_LIBDIRS="" +-LIBMILTER_LIBS="" ++ [whether or not (yes or no) to use libmilter]), ++ [milterpath="$withval"], [milterpath="no"]) ++ ++AS_IF([test x"$enable_filter" = x"no"],[milterpath="no"]) ++AS_IF([test x"$milterpath" = x"no"], [ ++ AS_IF([test x"$enable_filter" = x"yes"],[ ++ AC_MSG_ERROR([libmilter is required if filtering is enabled]) ++ ]) ++]) + +-if test x"$milterpath" != x"no" +-then +- LIBMILTER_INCDIRS="-I$milterpath/include" ++AS_IF([test x"$milterpath" = x"yes"], [ ++ AC_CHECK_HEADER(libmilter/mfapi.h, ++ [], ++ AC_MSG_ERROR([libmilter/mfapi.h not found])) + +- saved_CC="$CC" +- saved_CFLAGS="$CFLAGS" +- saved_CPPFLAGS="$CPPFLAGS" +- saved_LDFLAGS="$LDFLAGS" +- saved_LIBS="$LIBS" ++ AC_SEARCH_LIBS([smfi_register], ++ [milter], ++ [LIBMILTER_LIBS="-lmilter"], ++ AC_MSG_ERROR([libmilter not found])) + +- CC="$PTHREAD_CC" +- LIBS="$outer_LIBS $PTHREAD_LIBS $saved_LIBS" +- CPPFLAGS="$LIBMILTER_INCDIRS $saved_CPPFLAGS" +- CFLAGS="$PTHREAD_CFLAGS $saved_CFLAGS" +- LDFLAGS="$outer_LDFLAGS $PTHREAD_CFLAGS $saved_LDFLAGS" +- +- breakloop="no" +- for d in lib lib64 lib/libmilter +- do +- unset ac_cv_search_smfi_register +- LDFLAGS="$outer_LDFLAGS $PTHREAD_CFLAGS -L$milterpath/$d $saved_LDFLAGS" +- AC_SEARCH_LIBS([smfi_register], [milter], +- [ +- LIBMILTER_LIBDIRS="-L$milterpath/$d" +- LIBMILTER_LIBS="-lmilter" +- breakloop="yes" +- ]) +- +- AC_CHECK_FUNC([smfi_insheader], +- AC_DEFINE([HAVE_SMFI_INSHEADER], 1, +- [Define if libmilter has smfi_insheader()])) +- +- AC_CHECK_FUNC([smfi_opensocket], +- AC_DEFINE([HAVE_SMFI_OPENSOCKET], 1, +- [Define if libmilter has smfi_opensocket()])) +- +- AC_CHECK_FUNC([smfi_progress], +- AC_DEFINE([HAVE_SMFI_PROGRESS], 1, +- [Define if libmilter has smfi_progress()])) +- +- AC_CHECK_FUNC([smfi_setsymlist], +- AC_DEFINE([HAVE_SMFI_SETSYMLIST], 1, +- [Define if libmilter has smfi_setsymlist()])) +- +- AC_CHECK_FUNC([smfi_version], +- AC_DEFINE([HAVE_SMFI_VERSION], 1, +- [Define if libmilter has smfi_version()])) +- +- if test x"$breakloop" = x"yes" +- then +- break +- fi +- done +- if test x"$LIBMILTER_LIBDIRS" = x"" +- then +- AC_MSG_ERROR([libmilter not found]) +- fi +- +- CC="$saved_CC" +- CPPFLAGS="$saved_CPPFLAGS" +- CFLAGS="$saved_CFLAGS" +- LDFLAGS="$saved_LDFLAGS" +- LIBS="$saved_LIBS" +-fi ++ AC_CHECK_FUNCS([smfi_insheader smfi_opensocket smfi_progress smfi_setsymlist smfi_version]) ++]) + +-AC_SUBST(LIBMILTER_INCDIRS) +-AC_SUBST(LIBMILTER_LIBDIRS) + AC_SUBST(LIBMILTER_LIBS) + + # +diff --git a/opendkim/Makefile.am b/opendkim/Makefile.am +index 4aa615c1..e3d1d10e 100644 +--- a/opendkim/Makefile.am ++++ b/opendkim/Makefile.am +@@ -26,7 +26,7 @@ opendkim_SOURCES = opendkim.c opendkim.h opendkim-ar.c opendkim-ar.h opendkim-ar + opendkim_CC = $(PTHREAD_CC) + opendkim_CFLAGS = $(PTHREAD_CFLAGS) $(LIBCRYPTO_CFLAGS) $(COV_CFLAGS) + opendkim_CPPFLAGS = -I$(srcdir)/../libopendkim $(LIBCRYPTO_CPPFLAGS) +-opendkim_LDFLAGS = $(LIBCRYPTO_LIBDIRS) $(LIBMILTER_LIBDIRS) $(PTHREAD_CFLAGS) $(COV_LDFLAGS) ++opendkim_LDFLAGS = $(LIBCRYPTO_LIBDIRS) $(PTHREAD_CFLAGS) $(COV_LDFLAGS) + opendkim_LDADD = ../libopendkim/libopendkim.la $(LIBMILTER_LIBS) $(LIBCRYPTO_LIBS) $(PTHREAD_LIBS) $(COV_LIBADD) $(LIBRESOLV) + if USE_DB_OPENDKIM + opendkim_CPPFLAGS += $(LIBDB_INCDIRS) +@@ -88,7 +88,6 @@ opendkim_CPPFLAGS += -I$(srcdir)/../reprrd + opendkim_LDADD += ../reprrd/libreprrd.la + endif + +-opendkim_CPPFLAGS += $(LIBMILTER_INCDIRS) + endif + + if STATS +@@ -108,7 +107,7 @@ opendkim_testkey_CFLAGS = $(LIBCRYPTO_CFLAGS) $(COV_CFLAGS) $(PTHREAD_CFLAGS) + opendkim_testkey_LDFLAGS = $(LIBCRYPTO_LIBDIRS) $(COV_LDFLAGS) $(PTHREAD_CFLAGS) + opendkim_testkey_LDADD = ../libopendkim/libopendkim.la $(LIBCRYPTO_LIBS) $(LIBRESOLV) $(COV_LIBADD) $(PTHREAD_LIBS) + if LUA +-opendkim_testkey_CPPFLAGS += $(LIBLUA_INCDIRS) $(LIBMILTER_INCDIRS) ++opendkim_testkey_CPPFLAGS += $(LIBLUA_INCDIRS) + opendkim_testkey_LDFLAGS += $(LIBLUA_LIBDIRS) + opendkim_testkey_LDADD += $(LIBLUA_LIBS) + endif +@@ -200,7 +199,7 @@ opendkim_genzone_CPPFLAGS += $(OPENLDAP_CPPFLAGS) + opendkim_genzone_LDADD += $(OPENLDAP_LIBS) + endif + if LUA +-opendkim_genzone_CPPFLAGS += $(LIBLUA_INCDIRS) $(LIBMILTER_INCDIRS) ++opendkim_genzone_CPPFLAGS += $(LIBLUA_INCDIRS) + opendkim_genzone_LDFLAGS += $(LIBLUA_LIBDIRS) + opendkim_genzone_LDADD += $(LIBLUA_LIBS) + endif +@@ -250,7 +249,7 @@ opendkim_atpszone_CPPFLAGS += $(OPENLDAP_CPPFLAGS) + opendkim_atpszone_LDADD += $(OPENLDAP_LIBS) + endif + if LUA +-opendkim_atpszone_CPPFLAGS += $(LIBLUA_INCDIRS) $(LIBMILTER_INCDIRS) ++opendkim_atpszone_CPPFLAGS += $(LIBLUA_INCDIRS) + opendkim_atpszone_LDFLAGS += $(LIBLUA_LIBDIRS) + opendkim_atpszone_LDADD += $(LIBLUA_LIBS) + endif diff --git a/opendkim/opendkim-2.10.3-incompatible-pointer-types.patch b/opendkim/opendkim-2.10.3-incompatible-pointer-types.patch new file mode 100644 index 0000000000..638d2b8b22 --- /dev/null +++ b/opendkim/opendkim-2.10.3-incompatible-pointer-types.patch @@ -0,0 +1,32 @@ +From 514ed1085d7399f7fe3bb53e6ae4693168dd0ab9 Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky +Date: Mon, 22 Apr 2024 07:37:40 -0400 +Subject: [PATCH] opendkim/opendkim.c: add two missing dkimf_dstring_get() + calls + +This fixes the build with CFLAGS="-Werror=incompatible-pointer-types", +which some newer compilers are planning to make default. + +Gentoo-Bug: https://bugs.gentoo.org/919366 +--- + opendkim/opendkim.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/opendkim/opendkim.c b/opendkim/opendkim.c +index d4229e8f..93d05a1e 100644 +--- a/opendkim/opendkim.c ++++ b/opendkim/opendkim.c +@@ -11656,8 +11656,8 @@ mlfi_eoh(SMFICTX *ctx) + (status != 0 || user == NULL || domain == NULL || + user[0] == '\0' || domain[0] == '\0')) + { +- strlcpy(addr, conf->conf_defsender, sizeof addr); +- status = dkim_mail_parse(addr, &user, &domain); ++ strlcpy(dkimf_dstring_get(addr), conf->conf_defsender, sizeof addr); ++ status = dkim_mail_parse(dkimf_dstring_get(addr), &user, &domain); + } + #endif /* _FFR_DEFAULT_SENDER */ + +-- +2.43.2 + diff --git a/opendkim/opendkim-2.10.3-snprintf-include.patch b/opendkim/opendkim-2.10.3-snprintf-include.patch new file mode 100644 index 0000000000..5cbe24b02c --- /dev/null +++ b/opendkim/opendkim-2.10.3-snprintf-include.patch @@ -0,0 +1,27 @@ +From 706554992156dd655e893268f201bbecbe283eb5 Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky +Date: Thu, 23 Feb 2023 17:05:36 -0500 +Subject: [PATCH 1/1] libopendkim/util.c: include stdio.h for snprintf. + +This fixes a build failure on musl, reported at + + https://bugs.gentoo.org/896048 +--- + libopendkim/util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libopendkim/util.c b/libopendkim/util.c +index 6792b169..b1c6a769 100644 +--- a/libopendkim/util.c ++++ b/libopendkim/util.c +@@ -17,6 +17,7 @@ + # include + #endif /* HAVE_STDBOOL_H */ + #include ++#include + #include + #include + #include +-- +2.39.2 + diff --git a/opendkim/opendkim-2.10.3-vsnprintf-include.patch b/opendkim/opendkim-2.10.3-vsnprintf-include.patch new file mode 100644 index 0000000000..7316e21e71 --- /dev/null +++ b/opendkim/opendkim-2.10.3-vsnprintf-include.patch @@ -0,0 +1,26 @@ +From e4d091c594d1b5791f52c9249abd80fd6706e5ee Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky +Date: Sun, 28 Jul 2024 08:00:38 -0400 +Subject: [PATCH] libvbr/vbr.c: include for vsnprintf() + +This fixes an implicit declaration error with newer compilers and on +musl where stdio.h does not incidentally get included by some other +header. + +Bug: https://bugs.gentoo.org/936591 +--- + libvbr/vbr.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libvbr/vbr.c b/libvbr/vbr.c +index cb9124d7..aadfbd03 100644 +--- a/libvbr/vbr.c ++++ b/libvbr/vbr.c +@@ -18,6 +18,7 @@ + #include + #include + #include ++#include + #include + #include + #include diff --git a/opendkim/replace-headers.patch b/opendkim/replace-headers.patch new file mode 100644 index 0000000000..c4788c3d7b --- /dev/null +++ b/opendkim/replace-headers.patch @@ -0,0 +1,14 @@ +Description: Add missing ReplaceHeaders definition +Author: Toby Ovod-Everett +Bug: https://github.com/trusteddomainproject/OpenDKIM/pull/125 + +--- a/opendkim/opendkim-config.h ++++ b/opendkim/opendkim-config.h +@@ -147,6 +147,7 @@ + { "RemoveARFrom", CONFIG_TYPE_STRING, FALSE }, + { "RemoveOldSignatures", CONFIG_TYPE_BOOLEAN, FALSE }, + #ifdef _FFR_REPLACE_RULES ++ { "ReplaceHeaders", CONFIG_TYPE_STRING, FALSE }, + { "ReplaceRules", CONFIG_TYPE_STRING, FALSE }, + #endif /* _FFR_REPLACE_RULES */ + { "ReportAddress", CONFIG_TYPE_STRING, FALSE },