dbmail-3.2.5 Fix: crypt passwords

2021-11-07 06:37:18 -06:00 · 2021-11-07 06:37:18 -06:00 · cb4c952073
commit cb4c952073
parent a0f5afba85
4 changed files with 159 additions and 0 deletions
--- a/net-mail/dbmail/Manifest
+++ b/net-mail/dbmail/Manifest
@ -5,6 +5,8 @@ AUX README.gentoo 1652 BLAKE2B beb9d27ac8de471d4ac8a3c4f626e7005d471477943b424b2
 AUX dbmail-2.0.11-lcrypt.patch 642 BLAKE2B 211081aff5d1597054be134f091fce21d36e083d254f53803cb87de66b77cbd35160d548f3d7d6b43c8dfdb93cd4a533dda009f7ce9d5c7f69f5a8fe1fbe9835 SHA512 aa3c25ab2206f104e4de6b20929d55c0e3ceeebd41a670dea553797486696b145feee47f720f4043a1b1fa6b37c73c1684eeb467eace5142e1090a08b63044ff
 AUX dbmail-2.0.4-01_quota.patch 5108 BLAKE2B 4b6ccfef889abcc50679d23e1f250fa46097f0f344cc080f218e06ab36e4ba44e01c33ced11fe4b508fcff40c7656fe80b5d11b94178e8e1028285d38c73a002 SHA512 3cbc50be3d2766185a37e627e7e2b7f737a083821755b099b6fade2aa3163ca291b368346a961c32dd40892dd3de64c6fa901980fa8c5d54e573a3b9d7e1d050
 AUX dbmail-2.0.4-fPIC.patch 2871 BLAKE2B 3c87fba8ccd33efc2b7d875f15c6e146f9493a7930b0e5103a0fa5da6c669a6ebaa86857e6bd8ce1ad9a52e0a4d1177c6133830c4f7b6b09b3a98f4f22ea610f SHA512 dffcc1f79bb1dd4e38aa1842c1aac38fde44ef56c0152013eecabb293154d2d0045596f13321f4c07aaee63e5cf02663305042db5842d612bef461c98fbb67ef
+AUX dbmail-3.2.5-crypt.patch 874 BLAKE2B bd550f1f0c0fe06b87c380a41a3a4a870978511871b4fd2d8367cf683d5fc0e7f66df2ae29abd94c7efca449294de69ea500e0e9f67c7d45c9216e1c64385d46 SHA512 abf0b859cadbb5eeceacd3c23edf7d94c90c70ebf6308de42ccb69e9bfbf59b0ac697f80476f2422647e5433d6f5ad4fc67262b302011b53c841e57fdb9ec39a
+AUX dbmail-3.2.5-debug.patch 1475 BLAKE2B c0c466c6dd1cb0f6479e81a280ad4746db7b36d175f6bca50649f4b7833ce527c269743267c0cecc92831d3d41297cfa468581741bdbd42f979b008764640170 SHA512 4be630f5c2cd9aaf2eb3cf37fa61c64c5bfe03f916d9de7936e212dcd16b8129fdf0d746fef0ca86b93552251bd21beaafca43e4564a2728861d59a1cc3b2207
 AUX dbmail-imapd.initd 726 BLAKE2B 98627190c184c837480c7fcbe5ee2afa7118de0a299a89c9d7b9a38fdb0b389df734504f79bb361d52324000e1dd2e6d20c64af47e1d81e2808e2cb3c8acc028 SHA512 3a9b175dfa189d74a241f770f701e07d0555e94c45ab162256d60972e4368bea7f9f040f2fa0e1d35969253d8c17fedf1d68f11e975084146d41219067f46486
 AUX dbmail-imapd.rc 540 BLAKE2B 1aa1b0a64d62efb9c73313decdd34688c4ef193e5bb8f9aa530b2f8f849133f3d6732616e99342d5ab67671229fbd966efc79c9f827d196a45311946ab1f3174 SHA512 57e6eb07b2492543716f60306017cfff95db4872e0a16becf919ed2113f7ab8a802f6f83c9467ae0174185f13fd703dba4bbde0bf3b6b5e050da4336507d8158
 AUX dbmail-lmtpd.initd 726 BLAKE2B beb9d6396d906df897aabbbdb92cb30bd8f256c4bda58111a486bd668168e9db3c90672c02ab2faeb74cf7b36e71b943a6d982625a2dcd5a82c829ab1854cc9e SHA512 e0a0c50600ea151c9e2c19f0b460e85f91c560627a71c6133560804f7364ecc0506c052e2b6203df5921bb9d0941b25b2c80d28a9d4f0e3207a1684e86aed9cb
@ -17,5 +19,6 @@ DIST dbmail-3.2.4.tar.gz 2461068 BLAKE2B 2aea108bd314f2f0f3ac5c1764683aa093f07b9
 DIST dbmail-3.2.5.tar.gz 2463966 BLAKE2B f4099c6f869dbb041d7eccdf20f3a34d36918237cc0386c71a1d339da8651b9301e676b25201856038045bb9590f880353c6ccafd57330f9cf48382c1b4c603c SHA512 6b0d7e1f6f7449869db1e094ffce9e1ef315c60784ea5ae5f814f2cf9a18c358b4c5d107a420c7317961ffa343fc59c9083789177514aee96523927688f276a0
 EBUILD dbmail-3.2.3-r102.ebuild 4749 BLAKE2B a5b5f821cd256bee124d0649b910718db20b679f76fde36ff5a82e51fbc15fade8380c99ebc367a68a2ecd7c7ab1b9c43c4ea00f27d1a8f5408968ec2db16071 SHA512 aabb8ce3bd21b133cf32bd9323a5970d8c173be6d13ba013e7d99107b7370545ac6dde716f395fcdd83e185358b87a0275f30a87ae0076817038eed959baac4c
 EBUILD dbmail-3.2.4.ebuild 4876 BLAKE2B dcd2aef5ad6572080af315eb5604137ec7b340f3b1b3858a0591a30ef5d95cd95569a7b68e4aeeed356464cfcbd6b37e34d0d89e790da296f7a639ec6031d5ce SHA512 50caa2e33bd1f8111df1d3c44a43093e6a776287122e70208ab6a63f4201b790cc8edf6ddd13a1b2ad1bc735b6ee40372c483e4c0c028b0d43125ad558ffad93
+EBUILD dbmail-3.2.5-r2.ebuild 2440 BLAKE2B 00c1740b96418850b8f8f71220ff06f4879df5ba0522930305e4fd087819639c4e291af1cb1a4cbc6e918ea85c36f840a40779099802ba612df8b5a4e0f674c4 SHA512 36c0abd2b88422e4497036dfbbaebcd749e605edbe31609c88fa60ee101a4c2ad7b6b1d2d40b648c0f22289fa29be3f0dd386764b6cd9acb057474fd6bcba282
 EBUILD dbmail-3.2.5.ebuild 2433 BLAKE2B 6830616ea4e99605fdc88cd30322bc5df24b3e673bd83a6189f43608586ba1643f4b1cb02eb1ddc7313832ce9c2bf1931ee4eb967ce1e7b38c1e76ddb1be0d0b SHA512 730b9793e00bf28e99eec82c14ba6e4dd28530b2382d26f4e54aacb6879fa14b55a0a237340e542f24e5e4cc7ad8738365360c5581c214af5bef43f62ebfae2a
 MISC metadata.xml 644 BLAKE2B 70a3c2d8665df2f44e04a95a47ba9ff39778fb386c0cd9d23fe0bf824767a432c5fd9b7a87a50635b9d6592dc72632957be5c45e6777cb77625810a38823f354 SHA512 e1be3706af1329c23f831c4b2d58e076bdd0f5f30c01a4a08fd7554be392ea1dfb5f219c6852099f9c45df17cd37a71a3c228434fddbcebfac3a6ca235128877
--- a/net-mail/dbmail/dbmail-3.2.5-r2.ebuild
+++ b/net-mail/dbmail/dbmail-3.2.5-r2.ebuild
@ -0,0 +1,97 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd readme.gentoo-r1
+
+DESCRIPTION="Fast and scalable sql based email services"
+HOMEPAGE="https://www.dbmail.org/"
+SRC_URI="https://github.com/dbmail/dbmail/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+doc jemalloc ldap sieve ssl static systemd"
+
+DEPEND="dev-db/libzdb
+	sieve? ( >=mail-filter/libsieve-2.2.1 )
+	ldap? ( >=net-nds/openldap-2.3.33 )
+	jemalloc? ( dev-libs/jemalloc )
+	app-text/asciidoc
+	app-text/xmlto
+	app-crypt/mhash
+	sys-libs/zlib
+	dev-libs/gmime:2.6
+	>=dev-libs/glib-2.16
+	dev-libs/libevent:=
+	virtual/libcrypt:=
+	ssl? (
+		dev-libs/openssl:0=
+	)"
+RDEPEND="${DEPEND}
+	acct-group/dbmail
+	acct-user/dbmail"
+DOCS=( AUTHORS README.md INSTALL THANKS UPGRADING )
+PATCHES="${FILESDIR}/dbmail-3.2.5-crypt.patch"
+
+README_GENTOO_SUFFIX=""
+
+src_prepare() {
+	sed -i -e "s:nobody:dbmail: ; s:nogroup:dbmail: ; s:/var/run:/run/dbmail:" dbmail.conf || die
+	# change config path to our default and use the conf.d and init.d files from the contrib dir
+	sed -i -e "s:/etc/dbmail.conf:/etc/dbmail/dbmail.conf:" contrib/startup-scripts/gentoo/init.d-dbmail || die
+
+	default
+}
+
+src_configure() {
+	econf \
+		--enable-manpages \
+		--sysconfdir=/etc/dbmail \
+		$(use_enable doc manpages) \
+		$(use_enable static) \
+		$(use_enable systemd) \
+		$(use_with jemalloc) \
+		$(use_with sieve) \
+		$(use_with ldap auth-ldap)
+}
+
+src_install() {
+	emake DESTDIR="${D}" SYSTEMD_UNIT_DIR="$(systemd_get_systemunitdir)" install
+	einstalldocs
+
+	docompress -x /usr/share/doc/${PF}/sql
+	dodoc -r sql
+	dodoc -r test-scripts
+	dodoc -r contrib
+	## TODO: install other contrib stuff
+
+	insinto /etc/dbmail
+	newins dbmail.conf dbmail.conf.dist
+
+	# use custom init scripts until updated in upstream contrib
+	newinitd "${FILESDIR}/dbmail-imapd.initd" dbmail-imapd
+	newinitd "${FILESDIR}/dbmail-lmtpd.initd" dbmail-lmtpd
+	newinitd "${FILESDIR}/dbmail-pop3d.initd" dbmail-pop3d
+	newinitd "${FILESDIR}/dbmail-timsieved.initd" dbmail-timsieved
+
+	dobin contrib/mailbox2dbmail/mailbox2dbmail
+	doman contrib/mailbox2dbmail/mailbox2dbmail.1
+
+	# ldap schema
+	if use ldap; then
+		insinto /etc/openldap/schema
+		doins "${S}/dbmail.schema"
+	fi
+
+	keepdir /var/lib/dbmail
+	fperms 750 /var/lib/dbmail
+	fowners dbmail:dbmail /var/lib/dbmail
+
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+}
--- a/net-mail/dbmail/files/dbmail-3.2.5-crypt.patch
+++ b/net-mail/dbmail/files/dbmail-3.2.5-crypt.patch
@ -0,0 +1,22 @@
+diff -uriN dbmail-3.2.5.orig/src/dm_db.c dbmail-3.2.5/src/dm_db.c
+--- dbmail-3.2.5.orig/src/dm_db.c	2020-08-03 08:26:31.000000000 -0500
+++ dbmail-3.2.5/src/dm_db.c	2021-11-07 06:24:48.000000000 -0600
+@@ -3705,7 +3705,7 @@
+ 	char salt[13], cryptres[35];
+ 	volatile int t = FALSE;
+ 	char dbpass[COLUMN_WIDTH+1];
+-       	char encode[COLUMN_WIDTH+1];
+	char encode[COLUMN_WIDTH+1];
+ 	char hashstr[FIELDSIZE];
+ 	Connection_T c; ResultSet_T r;
+ 
+@@ -3753,8 +3753,7 @@
+ 
+ 	if (SMATCH(encode, "crypt")) {
+ 		TRACE(TRACE_DEBUG, "validating using crypt() encryption");
+-		strncpy(salt, dbpass, 2);
+-		is_validated = (strcmp((const char *) crypt(password, salt), dbpass) == 0) ? 1 : 0;
+		is_validated = (strcmp((const char *) crypt(password, dbpass), dbpass) == 0) ? 1 : 0;
+ 	} else if (SMATCH(encode, "md5")) {
+ 		/* get password */
+ 		if (strncmp(dbpass, "$1$", 3)) { // no match
--- a/net-mail/dbmail/files/dbmail-3.2.5-debug.patch
+++ b/net-mail/dbmail/files/dbmail-3.2.5-debug.patch
@ -0,0 +1,37 @@
+Binary files dbmail-3.2.5.orig/src/.dm_db.c.swp and dbmail-3.2.5/src/.dm_db.c.swp differ
+diff -uriN dbmail-3.2.5.orig/src/dm_db.c dbmail-3.2.5/src/dm_db.c
+--- dbmail-3.2.5.orig/src/dm_db.c	2020-08-03 08:26:31.000000000 -0500
+++ dbmail-3.2.5/src/dm_db.c	2021-11-07 06:16:57.000000000 -0600
+@@ -3705,7 +3705,8 @@
+ 	char salt[13], cryptres[35];
+ 	volatile int t = FALSE;
+ 	char dbpass[COLUMN_WIDTH+1];
+-       	char encode[COLUMN_WIDTH+1];
+	char dbgpass[COLUMN_WIDTH+1];
+	char encode[COLUMN_WIDTH+1];
+ 	char hashstr[FIELDSIZE];
+ 	Connection_T c; ResultSet_T r;
+ 
+@@ -3713,6 +3714,7 @@
+ 	memset(cryptres,0,sizeof(cryptres));
+ 	memset(hashstr, 0, sizeof(hashstr));
+ 	memset(dbpass, 0, sizeof(dbpass));
+	memset(dbgpass, 0, sizeof(dbgpass));
+ 	memset(encode, 0, sizeof(encode));
+ 
+ 	c = db_con_get();
+@@ -3754,7 +3756,13 @@
+ 	if (SMATCH(encode, "crypt")) {
+ 		TRACE(TRACE_DEBUG, "validating using crypt() encryption");
+ 		strncpy(salt, dbpass, 2);
+-		is_validated = (strcmp((const char *) crypt(password, salt), dbpass) == 0) ? 1 : 0;
+		TRACE(TRACE_DEBUG, "salt     : %s", salt);
+		TRACE(TRACE_DEBUG, "password : %s", password);
+		strncpy(dbgpass, (const char *) crypt(password, dbpass), sizeof(dbgpass)-1);
+		TRACE(TRACE_DEBUG, "dbpass   : %s", dbpass);
+		TRACE(TRACE_DEBUG, "dbgpass  : %s", dbgpass);
+		
+		is_validated = (strcmp(dbgpass, dbpass) == 0) ? 1 : 0;
+ 	} else if (SMATCH(encode, "md5")) {
+ 		/* get password */
+ 		if (strncmp(dbpass, "$1$", 3)) { // no match