#!/bin/sh set -eu name=sqmail version=4.2.24 upname=${name}_$version.orig.tar.gz srcname=$name-$version rel_project_root=$name/$name-$version abs_project_root=$name-$version/$rel_project_root orig_project_root=$name-$version.orig/$rel_project_root qmail_home=var/lib/qmail wget https://www.fehcom.de/$name/$name-$version.tgz ln -sf $name-$version.tgz $upname tar -xf $upname mv mail $srcname cd $srcname debmake --email jannis@fehcom.de --fullname 'Jannis M. Hoffmann' patch debian/control <<'END' 2c2 < Section: unknown --- > Section: mail 5c5 < Build-Depends: debhelper-compat (= 13) --- > Build-Depends: debhelper-compat (= 13), dh-exec, libqlibs, libucspissl-dev 7c7 < Homepage: --- > Homepage: https://www.fehcom.de/sqmail/sqmail.html 15a16,18 > Provides: mail-transport-agent > Conflicts: mail-transport-agent > Replaces: mail-transport-agent END cat <debian/rules #!/usr/bin/make -f # You must remove unused comment lines for the released package. export DH_VERBOSE = 1 #export DEB_BUILD_MAINT_OPTIONS = hardening=+all export DEB_CFLAGS_MAINT_APPEND = -g #export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed %: dh \$@ --buildsystem=none override_dh_auto_clean: rm -f $rel_project_root/src/ssl.lib rm -f $rel_project_root/conf-cc \$(MAKE) -C $rel_project_root/src clean override_dh_auto_configure: echo "-lssl -lcrypto" >$rel_project_root/src/ssl.lib echo "\$(CC) -Iinclude $(pkg-config -cflags qlibs) \$(CFLAGS)" >$rel_project_root/conf-cc \$(MAKE) -C $rel_project_root/src auto-uid \$(MAKE) -C $rel_project_root/src auto-gid cp debian/contrib/auto_uids.c $rel_project_root/src/ override_dh_auto_build: \$(MAKE) -C $rel_project_root/src default override_dh_auto_install: dh_installsysusers END # tcp-environ.5 conflicts with ucspitcp6 package cat <debian/manpages $rel_project_root/man/*.[13789] $rel_project_root/man/addresses.5 $rel_project_root/man/envelopes.5 $rel_project_root/man/maildir.5 $rel_project_root/man/mbox.5 $rel_project_root/man/qmail-header.5 $rel_project_root/man/qmail-log.5 $rel_project_root/man/tai64nfrac.5 END cat <debian/install # base $rel_project_root/src/qmail-clean usr/bin $rel_project_root/src/qmail-inject usr/bin $rel_project_root/src/qmail-local usr/bin $rel_project_root/src/qmail-lspawn usr/bin $rel_project_root/src/qmail-send usr/bin $rel_project_root/src/qmail-queue usr/bin $rel_project_root/src/qmail-rspawn usr/bin $rel_project_root/src/qmail-start usr/bin $rel_project_root/src/qmail-todo usr/bin # clients $rel_project_root/src/mailsubj usr/bin $rel_project_root/src/qmail-remote usr/bin $rel_project_root/src/qmail-qmqpc usr/bin $rel_project_root/src/sendmail usr/bin # control $rel_project_root/src/qmail-mfrules usr/bin $rel_project_root/src/qmail-showctl usr/bin $rel_project_root/src/qmail-badloadertypes usr/bin $rel_project_root/src/qmail-badmimetypes usr/bin $rel_project_root/src/qmail-recipients usr/bin # dkim $rel_project_root/src/qmail-dkim usr/bin $rel_project_root/src/qmail-dksign usr/bin # dns $rel_project_root/src/dnscname usr/bin $rel_project_root/src/dnsfq usr/bin $rel_project_root/src/dnsip usr/bin $rel_project_root/src/dnsmxip usr/bin $rel_project_root/src/dnsptr usr/bin $rel_project_root/src/dnstlsa usr/bin $rel_project_root/src/dnstxt usr/bin $rel_project_root/src/hostname usr/bin $rel_project_root/src/ipmeprint usr/bin $rel_project_root/src/spfquery usr/bin # forward $rel_project_root/src/fastforward usr/bin $rel_project_root/src/forward usr/bin $rel_project_root/src/setforward usr/bin $rel_project_root/src/newaliases usr/bin $rel_project_root/src/newinclude usr/bin $rel_project_root/src/printforward usr/bin $rel_project_root/src/printmaillist usr/bin $rel_project_root/src/setmaillist usr/bin # log $rel_project_root/src/qmail-mrtg usr/bin $rel_project_root/src/qmail-mrtg-queue usr/bin $rel_project_root/src/splogger usr/bin $rel_project_root/src/tai64nfrac usr/bin # mbox $rel_project_root/src/condredirect usr/bin $rel_project_root/src/bouncesaying usr/bin $rel_project_root/src/except usr/bin $rel_project_root/src/maildirmake usr/bin $rel_project_root/src/maildir2mbox usr/bin $rel_project_root/src/maildirwatch usr/bin $rel_project_root/src/preline usr/bin $rel_project_root/src/qbiff usr/bin $rel_project_root/src/qreceipt usr/bin # pam $rel_project_root/src/qmail-authuser usr/bin $rel_project_root/src/qmail-smtpam usr/bin $rel_project_root/src/qmail-vmailuser usr/bin $rel_project_root/src/qmail-postgrey usr/bin # pop $rel_project_root/src/qmail-pop3d usr/bin $rel_project_root/src/qmail-popup usr/bin # queue $rel_project_root/src/qmail-qread usr/bin $rel_project_root/src/qmail-qstat usr/bin $rel_project_root/src/qmail-tcpok usr/bin $rel_project_root/src/qmail-tcpto usr/bin $rel_project_root/src/qmail-qmaint usr/bin # recipients #$rel_project_root/src/qmail-alias2recipients usr/bin # scan #$rel_project_root/src/qmail-queue-scan usr/bin # server $rel_project_root/src/qmail-qmtpd usr/bin $rel_project_root/src/qmail-qmqpd usr/bin $rel_project_root/src/qmail-smtpd usr/bin # srs $rel_project_root/src/srsforward usr/bin $rel_project_root/src/srsreverse usr/bin # user $rel_project_root/src/qmail-getpw usr/bin $rel_project_root/src/qmail-newu usr/bin $rel_project_root/src/qmail-newmrh usr/bin $rel_project_root/src/qmail-pw2u usr/bin # x509 #$rel_project_root/src/x509fingerprint usr/bin #$rel_project_root/src/mkdkimkey usr/bin # analog $rel_project_root/src/columnt usr/bin $rel_project_root/src/ddist usr/bin $rel_project_root/src/deferrals usr/bin $rel_project_root/src/failures usr/bin $rel_project_root/src/matchup usr/bin $rel_project_root/src/recipients usr/bin $rel_project_root/src/rhosts usr/bin $rel_project_root/src/rxdelay usr/bin $rel_project_root/src/senders usr/bin $rel_project_root/src/successes usr/bin $rel_project_root/src/suids usr/bin $rel_project_root/src/xqp usr/bin $rel_project_root/src/xrecipient usr/bin $rel_project_root/src/xsender usr/bin $rel_project_root/src/zddist usr/bin $rel_project_root/src/zdeferrals usr/bin $rel_project_root/src/zfailures usr/bin $rel_project_root/src/zoverall usr/bin $rel_project_root/src/zrecipients usr/bin $rel_project_root/src/zrhosts usr/bin $rel_project_root/src/zrxdelay usr/bin $rel_project_root/src/zsenders usr/bin $rel_project_root/src/zsendmail usr/bin $rel_project_root/src/zsuccesses usr/bin $rel_project_root/src/zsuids usr/bin # other $rel_project_root/src/qmail-dkverify usr/bin $rel_project_root/ctl/* etc/sqmail debian/contrib/sqmail-send.service usr/lib/systemd/system debian/contrib/sqmail-smtpd.service usr/lib/systemd/system END mkdir debian/contrib cat <debian/contrib/convert_ids.awk # Format of sqmail/$srcname/conf-ids is 'uid:name:description:group:home' BEGIN { FS = ":"; OFS = "\t"; print "# Generated by 'convert_ids.awk'; DO NOT EDIT!" } /^#/ { next } \$3 ~ /group/ { print "g", \$2, \$1; next } \$3 ~ /user/ { if (\$5) print "u", \$2, \$1":"\$4, "\""\$3"\"", "/$qmail_home/"\$5 else print "u", \$2, \$1":"\$4, "\""\$3"\"" next } { exit 1 } END awk -f debian/contrib/convert_ids.awk sqmail/$srcname/conf-ids | expand -t 3,12,26,50 >debian/sysusers cat <<'END' >debian/contrib/sqmail-send.service [Unit] Description=qmail delivery daemon After=local-fs.target network.target [Install] WantedBy=multi-user.target [Service] Restart=always ExecStart=/usr/bin/qmail-start Maildir/ END cat <<'END' >debian/contrib/sqmail-smtpd.service [Unit] Description=qmail delivery daemon After=local-fs.target network.target [Install] WantedBy=multi-user.target [Service] Restart=always ExecStart=/service/qmail-smtpd/run #ExecReload=/var/qmail/bin/qmail-tcpok ; /bin/kill -ALRM ${MAINPID} END cat <<'END' >debian/contrib/auto_uids.c int auto_uida = 7790; int auto_uidd = 7791; int auto_uidl = 7792; int auto_uido = 0; int auto_uidp = 7793; int auto_uidq = 7794; int auto_uidr = 7795; int auto_uids = 7796; int auto_gidq = 2109; int auto_gidn = 2108; END cat <debian/clean $rel_project_root/src/auto_break.c $rel_project_root/src/install $rel_project_root/src/instcheck $rel_project_root/src/libqdkim.a $rel_project_root/src/predate $rel_project_root/src/qmail-dksign $rel_project_root/src/qmail-dkverify $rel_project_root/src/srsforward $rel_project_root/src/srsreverse $rel_project_root/src/auto_usera.c $rel_project_root/src/config $rel_project_root/src/config-fast $rel_project_root/src/datemail $rel_project_root/src/hasspnam.h $rel_project_root/src/hasutmp.h END cat <debian/links /etc/sqmail/ $qmail_home/control /usr/bin/ $qmail_home/bin END cat <debian/postinst #!/bin/sh # postinst script for #PACKAGE# # # See: dh_installdeb(1). set -e # Summary of how this script can be called: # * 'configure' # * 'abort-upgrade' # * 'abort-remove' 'in-favour' # # * 'abort-remove' # * 'abort-deconfigure' 'in-favour' # 'removing' # # for details, see https://www.debian.org/doc/debian-policy/ or # the debian-policy package. case "\$1" in configure) hostname >$qmail_home/control/me hostname >$qmail_home/control/rcpthosts chown :sqmail usr/bin/qmail-authuser chmod ug+s usr/bin/qmail-authuser chown qmailq:sqmail usr/bin/qmail-dksign chmod u+s usr/bin/qmail-dksign chown qmailq:sqmail usr/bin/qmail-dkverify chmod u+s usr/bin/qmail-dkverify chown :sqmail usr/bin/qmail-postgrey chmod ug+s usr/bin/qmail-postgrey chown qmailq:sqmail usr/bin/qmail-queue chmod ug+s usr/bin/qmail-queue chown :sqmail usr/bin/qmail-vmailuser chmod ug+s usr/bin/qmail-vmailuser install -d -g sqmail $qmail_home install -d -o alias -g sqmail $qmail_home/alias install -d -o qmailq -g sqmail -m 750 $qmail_home/queue install -d -o qmails -g sqmail -m 700 $qmail_home/queue/bounce install -d -o qmailq -g sqmail -m 750 $qmail_home/queue/dkim install -d -o qmails -g sqmail -m 700 $qmail_home/queue/info install -d -o qmailq -g sqmail -m 700 $qmail_home/queue/intd install -d -o qmails -g sqmail -m 700 $qmail_home/queue/local install -d -o qmailq -g sqmail -m 750 $qmail_home/queue/lock install -d -o qmailq -g sqmail -m 750 $qmail_home/queue/mess install -d -o qmailq -g sqmail -m 700 $qmail_home/queue/pid install -d -o qmails -g sqmail -m 700 $qmail_home/queue/remote install -d -o qmailq -g sqmail -m 750 $qmail_home/queue/todo install -d -o sqmtls -g nofiles $qmail_home/ssl install -d -g sqmail $qmail_home/users touch $qmail_home/queue/lock/sendmutex chown qmails:sqmail $qmail_home/queue/lock/sendmutex chmod 600 $qmail_home/queue/lock/sendmutex touch $qmail_home/queue/lock/tcpto chown qmailr:sqmail $qmail_home/queue/lock/tcpto chmod 644 $qmail_home/queue/lock/tcpto fallocate -l 1024 $qmail_home/queue/lock/tcpto [ -p $qmail_home/queue/lock/trigger ] || mkfifo $qmail_home/queue/lock/trigger chown qmails:sqmail $qmail_home/queue/lock/trigger chmod 622 $qmail_home/queue/lock/trigger ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument '\$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 END cat <debian/postrm #!/bin/sh # postrm script for #PACKAGE#. # # See: dh_installdeb(1). set -e # Summary of how this script can be called: # * 'remove' # * 'purge' # * 'upgrade' # * 'failed-upgrade' # * 'abort-install' # * 'abort-install' # * 'abort-upgrade' # * 'disappear' # # for details, see https://www.debian.org/doc/debian-policy/ or # the debian-policy package. case "\$1" in remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; purge) rm -rf $qmail_home/queue/* ;; *) echo "postrm called with unknown argument '\$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 END cat <debian/patches/000-config.patch Author: Jannis M. Hoffmann Description: Adjust build configuration so that the \`configure' step creates conf-XX files. --- $abs_project_root/conf-cc +++ /dev/null @@ -0,18 +0,0 @@ -cc -O2 -Wall -Wno-narrowing -Iinclude -I\`head -1 ../conf-qlibs\`/include \`head -1 ../conf-ssl\` - -# This will work for both i386 and AMD64 architecture enabling INET6 support. -# IDN2 support is NOT enabled by default. You do not have 'libidns2' installed and set: -DIDN2 - -# For obfuscation, you can hide the virtual user's local part for VERP addresses; inappropriate for VPOPMAIL: - -cc -O2 -Wall -Wno-narrowing -Iinclude -I\`head -1 ../conf-qlibs\`/include \`head -1 ../conf-ssl\` -DHIDEVIRTUALUSER - -# qmail-remote will bounce mails immediately, if no DNS record is found; or mail may stay in the queue until it expires: - -cc -O2 -Wall -Wno-narrowing -Iinclude -I\`head -1 ../conf-qlibs\`/include \`head -1 ../conf-ssl\` -DDEFERREDBOUNCES - -# security might be enhanced, using the following compiler flags: - -cc -Wall -pipe -z relro -z now -pie -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2 -O2 -DIDN2 - -# This is for gcc and with strong security in mind. --- $abs_project_root/conf-home +++ $abs_project_root/conf-home @@ -1,1 +1,1 @@ +/$qmail_home -/var/qmail END cat <debian/patches/000-make-ucspissl.patch Author: Jannis M. Hoffmann Description: replace direct ucspissl.a with libucspissl --- $orig_project_root/src/Makefile +++ $abs_project_root/src/Makefile @@ -900,10 +900,10 @@ load qmail-smtpam.o control.o now.o dns.o constmap.o \\ ipalloc.o ipme.o quote.o auto_qmail.o tcpto.o \\ tls_timeoutio.o tls_errors.o tls_remote.o dns_tlsa.o \\ -ssl.lib dns.lib socket.lib qlibs.lib ucspissl.a +ssl.lib dns.lib socket.lib qlibs.lib ./load qmail-smtpam constmap.o control.o dns_tlsa.o \\ tcpto.o now.o dns.o ipalloc.o ipme.o quote.o auto_qmail.o \\ - tls_errors.o tls_remote.o tls_timeoutio.o ucspissl.a \\ + tls_errors.o tls_remote.o tls_timeoutio.o -lucspissl \\ \`cat ssl.lib\` \`cat dns.lib\` \`cat socket.lib\` \`cat qlibs.lib\` qmail-smtpam.o: \\ @@ -1048,11 +1048,11 @@ load qmail-remote.o control.o tcpto.o now.o dns.o ipalloc.o ipme.o \\ quote.o tls_timeoutio.o tls_errors.o tls_remote.o dns_tlsa.o \\ base64.o constmap.o md5c.o hmac_md5.o auto_qmail.o \\ -ssl.lib dns.lib socket.lib qlibs.lib idn2.lib ucspissl.a +ssl.lib dns.lib socket.lib qlibs.lib idn2.lib ./load qmail-remote control.o tcpto.o now.o \\ base64.o constmap.o md5c.o hmac_md5.o ipalloc.o ipme.o \\ - quote.o dns.o ucspissl.a auto_qmail.o dns_tlsa.o \\ - tls_errors.o tls_remote.o tls_timeoutio.o ucspissl.a \\ + quote.o dns.o auto_qmail.o dns_tlsa.o \\ + tls_errors.o tls_remote.o tls_timeoutio.o -lucspissl \\ \`cat ssl.lib\` \`cat dns.lib\` \`cat socket.lib\` \`cat qlibs.lib\` \`cat idn2.lib\` qmail-remote.o: \\ END cat <debian/patches/000-error-narrowing.patch Author: Jannis M. Hoffmann --- $orig_project_root/src/dkimverify.cpp +++ $abs_project_root/src/dkimverify.cpp @@ -377,14 +377,14 @@ unsigned DecodeBase64(char *ptr) { static const unsigned char base64_table[256] = { - -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, - -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-1,-1,-1, - -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1, - -1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,-1,-1,-1,-1,-1, - -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, - -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, - -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, - -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1}; + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255, 62,255,255,255, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61,255,255,255,255,255,255, + 255, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,255,255,255,255,255, + 255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255}; unsigned char* s = (unsigned char* )ptr; unsigned char* d = (unsigned char* )ptr; END printf "000-config.patch\n000-make-ucspissl.patch\n000-error-narrowing.patch\n" >>debian/patches/series rm debian/source/control debian/tests/control