Update pkg-message for local paths and uucp.

Add targets for easy install: root-sasldb, tls-install
Small Security Fix, see http://www.sendmail.org/smrsh.adv.txt

mail/sendmail/Makefile

@@ -7,6 +7,7 @@
 
 PORTNAME=	sendmail
 PORTVERSION=	8.12.6
+PORTREVISION=	1
 CATEGORIES=	mail ipv6
 MASTER_SITES=	ftp://ftp.sendmail.org/pub/sendmail/ \
 		${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/mail/sendmail/&,}
@@ -219,6 +220,31 @@ ${DESTDIR}/etc/mail/submit.cf:	${DESTDIR}/etc/mail/submit.mc
 		SENDMAIL_CF_DIR=${PREFIX}/share/sendmail/cf \
 		SENDMAIL_MC=submit )
 
+# create basics for smtp-auth
+#
+root-sasldb:
+	@${ECHO_CMD} "# Links:"
+	@${ECHO_CMD} "#"
+	@${ECHO_CMD} "# http://www.sendmail.org/~ca/email/auth.html"
+	@${ECHO_CMD} "# http://www.asp.ogi.edu/people/paja/linux/sendmail/"
+	@${ECHO_CMD} "# http://blue-labs.org/clue/sendmail.php"
+	@${ECHO_CMD} "# http://www.digitalanswers.org/sendmail/"
+	@${ECHO_CMD} "#"
+.if defined(SASLPWD)
+	-@${ECHO_CMD} ${SASLPWD} | \
+	${LOCALBASE}/sbin/saslpasswd -p -c -u ${REALM} "sendmail"
+.else
+	@${ECHO_CMD} "make SASLPWD=passwort owner-sasldb"
+.endif
+	${CHOWN} root:wheel ${DESTDIR}${PREFIX}/etc/sasldb.db
+	${CHMOD} 0600 ${DESTDIR}${PREFIX}/etc/sasldb.db
+
+# create certificates for TLS/SSL
+#
+tls-install:
+	env DESTDIR=${DESTDIR} FILESDIR=${FILESDIR} \
+		sh ${FILESDIR}/tls-install.sh
+
 .include <bsd.port.pre.mk>
 
 .if defined(SENDMAIL_WITH_TLS) || defined(WITH_TLS)

mail/sendmail/files/patch-smrsh.c

@@ -0,0 +1,63 @@
+Index: smrsh.c
+===================================================================
+RCS file: /cvs/smrsh/smrsh.c,v
+retrieving revision 8.58
+diff -u -r8.58 smrsh.c
+--- smrsh/smrsh.c	25 May 2002 02:41:31 -0000	8.58
++++ smrsh/smrsh.c	24 Sep 2002 23:58:16 -0000
+@@ -57,6 +57,8 @@
+ #include <sm/limits.h>
+ #include <sm/string.h>
+ #include <sys/file.h>
++#include <sys/types.h>
++#include <sys/stat.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <errno.h>
+@@ -145,6 +147,7 @@
+ 	char *newenv[2];
+ 	char pathbuf[1000];
+ 	char specialbuf[32];
++	struct stat st;
+ 
+ #ifndef DEBUG
+ # ifndef LOG_MAIL
+@@ -302,6 +305,38 @@
+ 			(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
+ 					     "Trying %s\n", cmdbuf);
+ #endif /* DEBUG */
++			if (stat(cmdbuf, &st) < 0)
++			{
++				/* can't stat it */
++				(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
++						     "%s: %s not available for sendmail programs (stat failed)\n",
++						      prg, cmd);
++				if (p != NULL)
++					*p = ' ';
++#ifndef DEBUG
++				syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)",
++				       (int) getuid(), cmd);
++#endif /* ! DEBUG */
++				exit(EX_UNAVAILABLE);
++			}
++			if (!S_ISREG(st.st_mode)
++#ifdef S_ISLNK
++			    && !S_ISLNK(st.st_mode)
++#endif /* S_ISLNK */
++			   )
++			{
++				/* can't stat it */
++				(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
++						     "%s: %s not available for sendmail programs (not a file)\n",
++						      prg, cmd);
++				if (p != NULL)
++					*p = ' ';
++#ifndef DEBUG
++				syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)",
++				       (int) getuid(), cmd);
++#endif /* ! DEBUG */
++				exit(EX_UNAVAILABLE);
++			}
+ 			if (access(cmdbuf, X_OK) < 0)
+ 			{
+ 				/* oops....  crack attack possiblity */

mail/sendmail/files/tls-install.sh

@@ -0,0 +1,87 @@
+#!/bin/sh
+#
+CADIR="${CADIR-${DESTDIR}/etc/mail/certs}"
+FILSEDIR="${FILESDIR-/usr/ports/mail/sendmail/files}"
+REALM=`hostname`
+
+echo "creating: ${CADIR} on ${REALM}"
+for i in certs crl newcerts private
+do
+	if test ! -d "${CADIR}/${i}"
+	then
+		mkdir -p "${CADIR}/${i}"
+	fi
+done
+chmod 0600 "${CADIR}/private"
+cd "${CADIR}" || exit 65
+
+if test ! -f openssl.cnf
+then
+	echo "generating: openssl.cnf"
+	sed -e "s=./demoCA=${CADIR}=" /etc/ssl/openssl.cnf > "openssl.cnf"
+fi
+
+if test ! -f "serial"
+then
+	echo "generating: serial"
+	echo "01" > "serial"
+fi
+
+if test ! -f "index.txt"
+then
+	echo "generating: index.txt"
+	cp /dev/null "index.txt"
+fi
+
+if test ! -f "cacert.pem"
+then
+	echo "generating CA"
+	openssl req -new -x509 -config openssl.cnf \
+		-keyout private/cakey.pem \
+		-out cacert.pem
+	chmod 0600 "private/cakey.pem"
+fi
+
+if test ! -f "sendmailcert.pem"
+then
+	if test ! -f "private/sendmailkey.pem"
+	then
+		echo "generating server CERT"
+		umask 0066
+		openssl req -nodes -new -x509 -config openssl.cnf \
+			-keyout private/sendmailkey.pem \
+			-out private/sendmailkey.pem
+	fi
+	if test ! -f "newcsr.pem"
+	then
+		echo "signing CERT1"
+		openssl x509 -x509toreq \
+			-in private/sendmailkey.pem \
+			-signkey private/sendmailkey.pem \
+			-out newcsr.pem
+	fi
+	if test ! -f "sendmailcert.pem"
+	then
+		echo "signing CERT2"
+		openssl ca -config openssl.cnf -policy policy_anything \
+			-out sendmailcert.pem \
+			-infiles newcsr.pem
+		rm -f newcsr.pem
+	fi
+fi
+
+sed 's/^X//' << 'END-of-files/tls.m4'
+X# links:
+X# http://www.sendmail.org/~ca/email/starttls.html
+X# http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml
+X#
+X# You may need to add this to your sendmail.mc file:
+X
+Xdefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
+Xdefine(`confCACERT_PATH', `CERT_DIR')dnl
+Xdefine(`confCACERT', `CERT_DIR/cacert.pem')dnl
+Xdefine(`confSERVER_CERT', `CERT_DIR/sendmailcert.pem')dnl
+Xdefine(`confSERVER_KEY', `CERT_DIR/private/sendmailkey.pem')dnl
+X
+END-of-files/tls.m4
+exit

mail/sendmail/pkg-message

@@ -20,6 +20,12 @@ in FreeBSD-RELEASE < 4.6 set your flags in /etc/rc.conf:
 sendmail_flags="-L sm-msp-queue -Ac -q1m"
 
 To update your configuration look at %%PREFIX%%/share/sendmail/cf/README.
+---------------------------------------------------
+To use the ports versions you may add to your sendmail.mc file:
+
+define(`confEBINDIR', `/usr/local/libexec')dnl
+define(`UUCP_MAILER_PATH', `/usr/local/bin/uux')dnl
+
 ---------------------------------------------------
 To activate sendmail as your default mailer, call the target 'mailer.conf':
 /usr/ports/mail/sendmail$ make mailer.conf

mail/sendmail812/Makefile

@@ -7,6 +7,7 @@
 
 PORTNAME=	sendmail
 PORTVERSION=	8.12.6
+PORTREVISION=	1
 CATEGORIES=	mail ipv6
 MASTER_SITES=	ftp://ftp.sendmail.org/pub/sendmail/ \
 		${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/mail/sendmail/&,}
@@ -219,6 +220,31 @@ ${DESTDIR}/etc/mail/submit.cf:	${DESTDIR}/etc/mail/submit.mc
 		SENDMAIL_CF_DIR=${PREFIX}/share/sendmail/cf \
 		SENDMAIL_MC=submit )
 
+# create basics for smtp-auth
+#
+root-sasldb:
+	@${ECHO_CMD} "# Links:"
+	@${ECHO_CMD} "#"
+	@${ECHO_CMD} "# http://www.sendmail.org/~ca/email/auth.html"
+	@${ECHO_CMD} "# http://www.asp.ogi.edu/people/paja/linux/sendmail/"
+	@${ECHO_CMD} "# http://blue-labs.org/clue/sendmail.php"
+	@${ECHO_CMD} "# http://www.digitalanswers.org/sendmail/"
+	@${ECHO_CMD} "#"
+.if defined(SASLPWD)
+	-@${ECHO_CMD} ${SASLPWD} | \
+	${LOCALBASE}/sbin/saslpasswd -p -c -u ${REALM} "sendmail"
+.else
+	@${ECHO_CMD} "make SASLPWD=passwort owner-sasldb"
+.endif
+	${CHOWN} root:wheel ${DESTDIR}${PREFIX}/etc/sasldb.db
+	${CHMOD} 0600 ${DESTDIR}${PREFIX}/etc/sasldb.db
+
+# create certificates for TLS/SSL
+#
+tls-install:
+	env DESTDIR=${DESTDIR} FILESDIR=${FILESDIR} \
+		sh ${FILESDIR}/tls-install.sh
+
 .include <bsd.port.pre.mk>
 
 .if defined(SENDMAIL_WITH_TLS) || defined(WITH_TLS)

mail/sendmail812/files/patch-smrsh.c

@@ -0,0 +1,63 @@
+Index: smrsh.c
+===================================================================
+RCS file: /cvs/smrsh/smrsh.c,v
+retrieving revision 8.58
+diff -u -r8.58 smrsh.c
+--- smrsh/smrsh.c	25 May 2002 02:41:31 -0000	8.58
++++ smrsh/smrsh.c	24 Sep 2002 23:58:16 -0000
+@@ -57,6 +57,8 @@
+ #include <sm/limits.h>
+ #include <sm/string.h>
+ #include <sys/file.h>
++#include <sys/types.h>
++#include <sys/stat.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <errno.h>
+@@ -145,6 +147,7 @@
+ 	char *newenv[2];
+ 	char pathbuf[1000];
+ 	char specialbuf[32];
++	struct stat st;
+ 
+ #ifndef DEBUG
+ # ifndef LOG_MAIL
+@@ -302,6 +305,38 @@
+ 			(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
+ 					     "Trying %s\n", cmdbuf);
+ #endif /* DEBUG */
++			if (stat(cmdbuf, &st) < 0)
++			{
++				/* can't stat it */
++				(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
++						     "%s: %s not available for sendmail programs (stat failed)\n",
++						      prg, cmd);
++				if (p != NULL)
++					*p = ' ';
++#ifndef DEBUG
++				syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)",
++				       (int) getuid(), cmd);
++#endif /* ! DEBUG */
++				exit(EX_UNAVAILABLE);
++			}
++			if (!S_ISREG(st.st_mode)
++#ifdef S_ISLNK
++			    && !S_ISLNK(st.st_mode)
++#endif /* S_ISLNK */
++			   )
++			{
++				/* can't stat it */
++				(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
++						     "%s: %s not available for sendmail programs (not a file)\n",
++						      prg, cmd);
++				if (p != NULL)
++					*p = ' ';
++#ifndef DEBUG
++				syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)",
++				       (int) getuid(), cmd);
++#endif /* ! DEBUG */
++				exit(EX_UNAVAILABLE);
++			}
+ 			if (access(cmdbuf, X_OK) < 0)
+ 			{
+ 				/* oops....  crack attack possiblity */

mail/sendmail812/files/tls-install.sh

@@ -0,0 +1,87 @@
+#!/bin/sh
+#
+CADIR="${CADIR-${DESTDIR}/etc/mail/certs}"
+FILSEDIR="${FILESDIR-/usr/ports/mail/sendmail/files}"
+REALM=`hostname`
+
+echo "creating: ${CADIR} on ${REALM}"
+for i in certs crl newcerts private
+do
+	if test ! -d "${CADIR}/${i}"
+	then
+		mkdir -p "${CADIR}/${i}"
+	fi
+done
+chmod 0600 "${CADIR}/private"
+cd "${CADIR}" || exit 65
+
+if test ! -f openssl.cnf
+then
+	echo "generating: openssl.cnf"
+	sed -e "s=./demoCA=${CADIR}=" /etc/ssl/openssl.cnf > "openssl.cnf"
+fi
+
+if test ! -f "serial"
+then
+	echo "generating: serial"
+	echo "01" > "serial"
+fi
+
+if test ! -f "index.txt"
+then
+	echo "generating: index.txt"
+	cp /dev/null "index.txt"
+fi
+
+if test ! -f "cacert.pem"
+then
+	echo "generating CA"
+	openssl req -new -x509 -config openssl.cnf \
+		-keyout private/cakey.pem \
+		-out cacert.pem
+	chmod 0600 "private/cakey.pem"
+fi
+
+if test ! -f "sendmailcert.pem"
+then
+	if test ! -f "private/sendmailkey.pem"
+	then
+		echo "generating server CERT"
+		umask 0066
+		openssl req -nodes -new -x509 -config openssl.cnf \
+			-keyout private/sendmailkey.pem \
+			-out private/sendmailkey.pem
+	fi
+	if test ! -f "newcsr.pem"
+	then
+		echo "signing CERT1"
+		openssl x509 -x509toreq \
+			-in private/sendmailkey.pem \
+			-signkey private/sendmailkey.pem \
+			-out newcsr.pem
+	fi
+	if test ! -f "sendmailcert.pem"
+	then
+		echo "signing CERT2"
+		openssl ca -config openssl.cnf -policy policy_anything \
+			-out sendmailcert.pem \
+			-infiles newcsr.pem
+		rm -f newcsr.pem
+	fi
+fi
+
+sed 's/^X//' << 'END-of-files/tls.m4'
+X# links:
+X# http://www.sendmail.org/~ca/email/starttls.html
+X# http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml
+X#
+X# You may need to add this to your sendmail.mc file:
+X
+Xdefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
+Xdefine(`confCACERT_PATH', `CERT_DIR')dnl
+Xdefine(`confCACERT', `CERT_DIR/cacert.pem')dnl
+Xdefine(`confSERVER_CERT', `CERT_DIR/sendmailcert.pem')dnl
+Xdefine(`confSERVER_KEY', `CERT_DIR/private/sendmailkey.pem')dnl
+X
+END-of-files/tls.m4
+exit

mail/sendmail812/pkg-message

@@ -20,6 +20,12 @@ in FreeBSD-RELEASE < 4.6 set your flags in /etc/rc.conf:
 sendmail_flags="-L sm-msp-queue -Ac -q1m"
 
 To update your configuration look at %%PREFIX%%/share/sendmail/cf/README.
+---------------------------------------------------
+To use the ports versions you may add to your sendmail.mc file:
+
+define(`confEBINDIR', `/usr/local/libexec')dnl
+define(`UUCP_MAILER_PATH', `/usr/local/bin/uux')dnl
+
 ---------------------------------------------------
 To activate sendmail as your default mailer, call the target 'mailer.conf':
 /usr/ports/mail/sendmail$ make mailer.conf