commit: 0dbbc52674fccc8c21209fe42b9e66790369901f Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> AuthorDate: Tue Sep 18 02:05:09 2018 +0000 Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> CommitDate: Tue Sep 18 02:43:25 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0dbbc526
mail-filter/spamassassin: new version 3.4.2. This new version incorporates a ton of fixes that have piled on top of v3.4.1 over the past few years. As a result, we are able to drop all of our PATCHES in the new ebuild. The new version also addresses four security vulnerabilities: * CVE-2016-1238 * CVE-2017-15705 * CVE-2018-11780 * CVE-2018-11781 Sadly, there is a new failure in the test suite (upstream bug 7622) so I've added RESTRICT=test for now. Stabilization of this version should already be fast-tracked for the security issues mentioned above, but just in case, the release notes have the following to say: If you do not update to 3.4.2, you will be stuck at the last ruleset with SHA-1 signatures in the near future. Bug: https://bugs.gentoo.org/666348 Bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7622 Package-Manager: Portage-2.3.40, Repoman-2.3.9 mail-filter/spamassassin/Manifest | 1 + mail-filter/spamassassin/spamassassin-3.4.2.ebuild | 242 +++++++++++++++++++++ 2 files changed, 243 insertions(+) diff --git a/mail-filter/spamassassin/Manifest b/mail-filter/spamassassin/Manifest index d2d417e002f..6b7489e6f21 100644 --- a/mail-filter/spamassassin/Manifest +++ b/mail-filter/spamassassin/Manifest @@ -1 +1,2 @@ DIST Mail-SpamAssassin-3.4.1.tar.bz2 2710985 BLAKE2B f85b0ed2bae783bc6dfa39df36589a6cb90e6c657efcff1fa094f952847e4bcb24aa232b6689804bb1170204ae1d33216ed9bde207d7a7a6863410d8f847c391 SHA512 91d50e2ce6520e3e1c7bc66da133a0815be34ced15e26b6e6c17af5a03d5c62f41d8086f25f65084d6634497148cf5439977d7d4a44d7c3e307535beac6629af +DIST Mail-SpamAssassin-3.4.2.tar.bz2 2700016 BLAKE2B a29b4cfce5e578c07ec54b2224191917dc45bcefff071f674c572fc905f1d6324827bcc21c338546bdea11140fc20474a16314218e2fd4fa685965b0e0078df8 SHA512 fe3d9d1d7b9fed3063549afd071066729f1f4d998be91ded1e5afc29bb37c7a298dc5f8f99a282b75435d317b5b5072a81393134ccfe059a73d953e26a9c3885 diff --git a/mail-filter/spamassassin/spamassassin-3.4.2.ebuild b/mail-filter/spamassassin/spamassassin-3.4.2.ebuild new file mode 100644 index 00000000000..340edb07078 --- /dev/null +++ b/mail-filter/spamassassin/spamassassin-3.4.2.ebuild @@ -0,0 +1,242 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit perl-functions systemd toolchain-funcs user + +MY_P="Mail-SpamAssassin-${PV//_/-}" +S="${WORKDIR}/${MY_P}" +DESCRIPTION="An extensible mail filter which can identify and tag spam" +HOMEPAGE="https://spamassassin.apache.org/"; +SRC_URI="mirror://apache/spamassassin/source/${MY_P}.tar.bz2" + +LICENSE="Apache-2.0 GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos" +IUSE="berkdb cron ipv6 ldap libressl mysql postgres qmail sqlite ssl test" + +# Upstream bug 7622. +RESTRICT=test + +# The Makefile.PL script checks for dependencies, but only fails if a +# required (i.e. not optional) dependency is missing. We therefore +# require most of the optional modules only at runtime. +REQDEPEND="dev-lang/perl:= + dev-perl/HTML-Parser + dev-perl/Net-DNS + dev-perl/NetAddr-IP + virtual/perl-Archive-Tar + virtual/perl-Digest-SHA + virtual/perl-IO-Zlib + virtual/perl-Time-HiRes + ssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl ) + )" + +# SpamAssassin doesn't use libwww-perl except as a fallback for when +# curl/wget are missing, so we depend on one of those instead. Some +# mirrors use https, so we need those utilities to support SSL. +# +# re2c is needed to compile the rules (sa-compile). +# +# We still need the old Digest-SHA1 because razor2 has not been ported +# to Digest-SHA. +OPTDEPEND="app-crypt/gnupg + dev-perl/Digest-SHA1 + dev-perl/Encode-Detect + dev-perl/Geo-IP + dev-perl/HTTP-Date + dev-perl/Mail-DKIM + dev-perl/Mail-SPF + dev-perl/Net-Patricia + dev-perl/Net-CIDR-Lite + dev-util/re2c + || ( net-misc/wget[ssl] net-misc/curl[ssl] ) + virtual/perl-MIME-Base64 + virtual/perl-Pod-Parser + berkdb? ( virtual/perl-DB_File ) + ipv6? ( dev-perl/IO-Socket-INET6 ) + ldap? ( dev-perl/perl-ldap ) + mysql? ( + dev-perl/DBI + dev-perl/DBD-mysql + ) + postgres? ( + dev-perl/DBI + dev-perl/DBD-Pg + ) + sqlite? ( + dev-perl/DBI + dev-perl/DBD-SQLite + ) + ssl? ( dev-perl/IO-Socket-SSL )" + +DEPEND="${REQDEPEND} + test? ( + ${OPTDEPEND} + virtual/perl-Test-Harness + )" +RDEPEND="${REQDEPEND} ${OPTDEPEND}" + +src_prepare() { + default + + # The sa_compile test does some weird stuff like hopping around in + # the directory tree and calling "make" to create a dist tarball + # from ${S}. It fails, and is more trouble than it's worth... + perl_rm_files t/sa_compile.t || die 'failed to remove sa_compile test' + + # The spamc tests (which need the networked spamd daemon) fail for + # irrelevant reasons. It's too hard to disable them (unlike the + # spamd tests themselves -- see src_test), so use a crude + # workaround. + perl_rm_files t/spamc_*.t || die 'failed to remove spamc tests' +} + +src_configure() { + # This is how and where the perl-module eclass disables the + # MakeMaker interactive prompt. + export PERL_MM_USE_DEFAULT=1 + + # Set SYSCONFDIR explicitly so we can't get bitten by bug 48205 again + # (just to be sure, nobody knows how it could happen in the first place). + # + # We also set the path to the perl executable explictly. This will be + # used to create the initial shebang line in the scripts (bug 62276). + perl Makefile.PL \ + PREFIX="${EPREFIX}/usr" \ + INSTALLDIRS=vendor \ + SYSCONFDIR="${EPREFIX}/etc" \ + DATADIR="${EPREFIX}/usr/share/spamassassin" \ + PERL_BIN="${EPREFIX}/usr/bin/perl" \ + ENABLE_SSL="$(usex ssl)" \ + DESTDIR="${D}" \ + || die 'failed to create a Makefile using Makefile.PL' + + # Now configure spamc. + emake CC="$(tc-getCC)" LDFLAGS="${LDFLAGS}" spamc/Makefile +} + +src_compile() { + emake + use qmail && emake spamc/qmail-spamc +} + +src_install () { + emake install + einstalldocs + + # Create the stub dir used by sa-update and friends + keepdir /var/lib/spamassassin + + # Move spamd to sbin where it belongs. + dodir /usr/sbin + mv "${ED}"/usr/bin/spamd "${ED}"/usr/sbin/spamd || die "move spamd failed" + + if use qmail; then + dobin spamc/qmail-spamc + fi + + dosym mail/spamassassin /etc/spamassassin + + # Disable plugin by default + sed -i -e 's/^loadplugin/\#loadplugin/g' \ + "${ED}/etc/mail/spamassassin/init.pre" \ + || die "failed to disable plugins by default" + + # Add the init and config scripts. + newinitd "${FILESDIR}/3.4.1-spamd.init-r3" spamd + newconfd "${FILESDIR}/3.4.1-spamd.conf-r1" spamd + + systemd_newunit "${FILESDIR}/${PN}.service-r4" "${PN}.service" + systemd_install_serviced "${FILESDIR}/${PN}.service.conf-r2" \ + "${PN}.service" + + use postgres && dodoc sql/*_pg.sql + use mysql && dodoc sql/*_mysql.sql + + dodoc NOTICE TRADEMARK CREDITS UPGRADE USAGE sql/README.bayes \ + sql/README.awl procmailrc.example sample-nonspam.txt \ + sample-spam.txt spamd/PROTOCOL spamd/README.vpopmail \ + spamd-apache2/README.apache + + # Rename some files so that they don't clash with others. + newdoc spamd/README README.spamd + newdoc sql/README README.sql + newdoc ldap/README README.ldap + + if use qmail; then + dodoc spamc/README.qmail + fi + + insinto /etc/mail/spamassassin/ + insopts -m0400 + newins "${FILESDIR}"/secrets.cf secrets.cf.example + + # Create the directory where sa-update stores its GPG key (if you + # choose to import one). If this directory does not exist, the + # import will fail. This is bug 396307. We expect that the import + # will be performed as root, and making the directory accessible + # only to root prevents a warning on the command-line. + diropts -m0700 + dodir /etc/mail/spamassassin/sa-update-keys + + if use cron; then + # Install the cron job if they want it. + exeinto /etc/cron.daily + newexe "${FILESDIR}/update-spamassassin-rules.cron" \ + update-spamassassin-rules + fi + + # Remove perllocal.pod to avoid file collisions (bug #603338). + perl_delete_localpod || die "failed to remove perllocal.pod" + + # The perl-module eclass calls three other functions to clean + # up in src_install. The first fixes references to ${D} in the + # packlist, and is useful to us, too. The other two functions, + # perl_delete_emptybsdir and perl_remove_temppath, don't seem + # to be needed: there are no empty directories, *.bs files, or + # ${D} paths remaining in our installed image. + perl_fix_packlist || die "failed to fix paths in packlist" +} + +src_test() { + # Trick the test suite into skipping the spamd tests. Setting + # SPAMD_HOST to a non-localhost value causes SKIP_SPAMD_TESTS to be + # set in SATest.pm. + export SPAMD_HOST=disabled + default +} + +pkg_preinst() { + # The spamd daemon runs as this user. Use a real home directory so + # that it can hold SA configuration. + enewuser spamd -1 -1 /home/spamd +} + +pkg_postinst() { + elog + elog 'No rules are installed by default. You will need to run sa-update' + elog 'at least once, and most likely configure SpamAssassin before it' + elog 'will work.' + + if ! use cron; then + elog + elog 'You should consider a cron job for sa-update. One is provided' + elog 'for daily updates if you enable the "cron" USE flag.' + fi + elog + elog 'Configuration and update help can be found on the wiki:' + elog + elog ' https://wiki.gentoo.org/wiki/SpamAssassin' + elog + + ewarn 'If this version of SpamAssassin causes permissions issues' + ewarn 'with your user configurations or bayes databases, then you' + ewarn 'may need to set SPAMD_RUN_AS_ROOT=true in your OpenRC service' + ewarn 'configuration file, or remove the --username and --groupname' + ewarn 'flags from the SPAMD_OPTS variable in your systemd service' + ewarn 'configuration file.' +}
