mail/sendmail-devel: New options MTA-STS TLS_CERT_CHAIN

freebsd · Jun 26, 2022 · 34d292c · 34d292c
1 parent ddd19f6
commit 34d292c
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 7 deletions.
diff --git a/mail/sendmail-devel/Makefile b/mail/sendmail-devel/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	sendmail
 PORTVERSION=	8.17.1.9
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.sendmail.org/pub/sendmail/snapshots/
 PKGNAMESUFFIX?=	-devel${PKGNAMESUFFIX2}
@@ -47,7 +47,7 @@ MILTER_SOVER?=	6
 
 OPTIONS_DEFINE?=	SHMEM SEM LA NIS IPV6 TLS DANE SASL SASLAUTHD LDAP \
 			BDB GDBM SOCKETMAP CYRUSLOOKUP BLACKLISTD SMTPUTF8 \
-			PICKY_HELO_CHECK MILTER DOCS
+			PICKY_HELO_CHECK MILTER MTA_STS TLS_CERT_CHAIN DOCS
 OPTIONS_DEFAULT?=	SHMEM SEM LA NIS TLS DANE SASL SASLAUTHD BDB1 \
 			BLACKLISTD PICKY_HELO_CHECK MILTER
 NO_OPTIONS_SORT=yes
@@ -64,6 +64,8 @@ CYRUSLOOKUP_DESC=	Enable cyruslookup feature
 PICKY_HELO_CHECK_DESC=	Enable picky HELO check
 MILTER_DESC=		Enable milter support
 SMTPUTF8_DESC=		Enable unicode address support
+MTA_STS_DESC=		Enable MTA-STS support (option SOCKETMAP and TLS needed)
+TLS_CERT_CHAIN_DESC=	Enable certificate chain file support (incompatibility)
 
 TLS_USES=	ssl
 SASL_LIB_DEPENDS=	libsasl2.so:security/cyrus-sasl2
@@ -74,7 +76,10 @@ LDAP_IMPLIES=	DANE
 BDB_USES=	bdb
 GDBM_LIB_DEPENDS=	libgdbm.so:databases/gdbm
 GDBM_CONFIGURE_WITH=	compat
+CYRUSLOOKUP_IMPLIES=	SOCKETMAP
 SMTPUTF8_LIB_DEPENDS=	libidn2.so:dns/libidn2 libicui18n.so:devel/icu
+MTA_STS_IMPLIES=	SOCKETMAP TLS
+TLS_CERT_CHAIN_IMPLIES=	TLS
 
 .include <bsd.port.options.mk>
 
@@ -98,12 +103,8 @@ SASL_SUFFIX?=	+sasl2
 CONFLICTS+=	sendmail-ldap-8.* sendmail-tls-8.*
 .endif
 .if ${PORT_OPTIONS:MCYRUSLOOKUP}
-.if ! ${PORT_OPTIONS:MSOCKETMAP}
-IGNORE=		option CYRUSLOOKUP requires option SOCKETMAP
-.else
 EXTRA_PATCHES+=	${FILESDIR}/cyruslookup.patch
 .endif
-.endif
 .if ${PORT_OPTIONS:MTLS}
 TLS_SUFFIX?=	+tls
 CONFLICTS+=	sendmail-ldap-8.* sendmail-sasl2-8.*
@@ -147,6 +148,9 @@ SITE+=	${FILESDIR}/site.config.m4.milter
 LICENSE_PERMS=	dist-mirror dist-sell no-pkg-mirror no-pkg-sell auto-accept
 SITE+=	${FILESDIR}/site.config.m4.gdbm
 .endif
+.if ${PORT_OPTIONS:MMTA_STS}
+SITE+=	${FILESDIR}/site.config.m4.mta-sts
+.endif
 
 SED_SCRIPT=	-e "s|\`-O'|\`${CFLAGS}'|" \
 		-e 's|%%CC%%|${CC}|' -e 's|%%LD%%|${LD}|'
@@ -345,6 +349,9 @@ help:
 SITE+=	${FILESDIR}/site.config.m4.ssl
 .endif
 SITE+=	${FILESDIR}/site.config.m4.tls
+.if ${PORT_OPTIONS:MTLS_CERT_CHAIN}
+SITE+=	${FILESDIR}/site.config.m4.tls-cert-chain
+.endif
 .endif
 
 .if exists(${FILESDIR}/site.config.m4.local)

diff --git a/mail/sendmail-devel/files/patch-cfsts.m4 b/mail/sendmail-devel/files/patch-cfsts.m4
@@ -0,0 +1,9 @@
+--- cf/feature/sts.m4.orig	2021-06-08 04:03:56.000000000 +0900
++++ cf/feature/sts.m4	2022-02-24 21:30:48.072162000 +0900
+@@ -15,5 +15,5 @@
+ LOCAL_CONFIG
+ O StrictTransportSecurity=true
+ ifelse(_ARG2_,`NO_SAN_TST',`',`O SetCertAltnames=true')
+-Ksts ifelse(defn(`_ARG_'), `', socket -d5 -T<TMPF> inet:5461@127.0.0.1,
++Ksts ifelse(defn(`_ARG_'), `', socket -d5 -T<TMPF> inet:8461@127.0.0.1,
+ 	       defn(`_NARG_'), `', `_ARG_', `_NARG_')
diff --git a/mail/sendmail-devel/files/site.config.m4.mta-sts b/mail/sendmail-devel/files/site.config.m4.mta-sts
@@ -0,0 +1 @@
+APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_MTA_STS')
diff --git a/mail/sendmail-devel/files/site.config.m4.tls b/mail/sendmail-devel/files/site.config.m4.tls
@@ -1,2 +1,4 @@
-APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -DTLS_EC')
+APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -DTLS_EC=1')
+APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TLS_ALTNAMES')
+APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_VRFY_TRUSTED_FIRST')
 APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
diff --git a/mail/sendmail-devel/files/site.config.m4.tls-cert-chain b/mail/sendmail-devel/files/site.config.m4.tls-cert-chain
@@ -0,0 +1 @@
+APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE')