version bump that fixes security vulnerability (dkim validation weakness - see release notes). old vulnerable versions removed

(Portage version: 2.2_rc20/cvs/Linux 2.6.26-gentoo-r4 x86_64)

6 files changed, 13 insertions, 622 deletions

diff --git a/mail-filter/dkim-milter/ChangeLog b/mail-filter/dkim-milter/ChangeLog
index 5ad12c262938..517862285bbf 100644
--- a/mail-filter/dkim-milter/ChangeLog
+++ b/mail-filter/dkim-milter/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for mail-filter/dkim-milter
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-filter/dkim-milter/ChangeLog,v 1.26 2009/01/11 07:51:29 dragonheart Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-filter/dkim-milter/ChangeLog,v 1.27 2009/01/17 03:18:17 dragonheart Exp $
+
+*dkim-milter-2.8.1 (17 Jan 2009)
+
+  17 Jan 2009; Daniel Black <dragonheart@gentoo.org>
+  -files/dkim-milter-2.7.0-gentoo.patch,
+  -files/dkim-milter-2.7.2-gentoo.patch, -dkim-milter-2.7.0.ebuild,
+  -dkim-milter-2.7.2.ebuild, -dkim-milter-2.8.0.ebuild,
+  +dkim-milter-2.8.1.ebuild:
+  version bump that fixes security vulnerability (dkim validation weakness -
+  see release notes). old vulnerable versions removed
 
 *dkim-milter-2.8.0 (11 Jan 2009)
 
diff --git a/mail-filter/dkim-milter/dkim-milter-2.7.0.ebuild b/mail-filter/dkim-milter/dkim-milter-2.7.0.ebuild
deleted file mode 100644
index 5cb29127a09b..000000000000
--- a/mail-filter/dkim-milter/dkim-milter-2.7.0.ebuild
+++ /dev/null
@@ -1,145 +0,0 @@
-# Copyright 1999-2008 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/mail-filter/dkim-milter/dkim-milter-2.7.0.ebuild,v 1.1 2008/07/25 12:51:40 dragonheart Exp $
-
-inherit eutils toolchain-funcs
-
-DESCRIPTION="A milter-based application to provide DomainKeys Identified Mail (DKIM) service"
-HOMEPAGE="http://sourceforge.net/projects/dkim-milter/"
-SRC_URI="mirror://sourceforge/dkim-milter/${P}.tar.gz"
-
-LICENSE="Sendmail-Open-Source"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="ipv6 diffheaders"
-
-RDEPEND="dev-libs/openssl
-	>=sys-libs/db-3.2
-	diffheaders? ( dev-libs/tre )"
-DEPEND="${RDEPEND}
-	|| ( mail-filter/libmilter mail-mta/sendmail )" # libmilter is a static library
-
-pkg_setup() {
-	enewgroup milter
-	enewuser milter -1 -1 -1 milter
-}
-
-src_unpack() {
-	unpack ${A}
-
-	cd "${S}" || die "source dir not found"
-
-	cp site.config.m4.dist devtools/Site/site.config.m4 || \
-		die "failed to copy site.config.m4"
-	epatch "${FILESDIR}/${P}-gentoo.patch"
-
-	local ENVDEF=""
-	use ipv6 && ENVDEF="${ENVDEF} -DNETINET6"
-	sed -i -e "s:@@CFLAGS@@:${CFLAGS}:" -e "s:@@ENVDEF@@:${ENVDEF}:" \
-		devtools/Site/site.config.m4
-	echo "APPENDDEF(\`confNO_MAN_BUILD', \` ')">>devtools/Site/site.config.m4
-
-	use diffheaders && epatch "${FILESDIR}/${PN}-diffheaders.patch"
-}
-
-src_compile() {
-	emake -j1 CC="$(tc-getCC)" || die "emake failed"
-}
-
-src_test() {
-	emake -j1 CC="$(tc-getCC)" OPTIONS=check \
-		|| die "emake check failed"
-}
-
-src_install() {
-	# no other program need to read from here
-	dodir /etc/mail/dkim-filter
-	fowners milter:milter /etc/mail/dkim-filter
-	fperms 700 /etc/mail/dkim-filter
-
-	insinto /etc/mail/dkim-filter
-	newins dkim-filter/dkim-filter.conf.sample dkim-filter.conf
-
-	newinitd "${FILESDIR}/dkim-filter.init" dkim-filter \
-		|| die "newinitd failed"
-	sed -i -e s:bin/dkim-filter:sbin/dkim-filter: "${D}/etc/init.d/dkim-filter" \
-		|| die 'failed to correct dkim-filter path'
-
-	# prepare directory for .pid, .sock and .stats files
-	dodir /var/run/dkim-filter
-	fowners milter:milter /var/run/dkim-filter
-
-	dodir /usr/bin /usr/sbin
-	emake -j1 DESTDIR="${D}" \
-		SBINOWN=root SBINGRP=root UBINOWN=root UBINGRP=root \
-		install || die "make install failed"
-
-	# man build is broken; do man page installation by hand
-	doman */*.{3,5,8}
-
-	# some people like docs
-	dodoc RELEASE_NOTES *.txt
-}
-
-pkg_postinst() {
-	elog "If you want to sign your mail messages, you will have to run"
-	elog "  emerge --config ${CATEGORY}/${PN}"
-	elog "It will help you create your key and give you hints on how"
-	elog "to configure your DNS and MTA."
-
-	ewarn "Make sure your MTA has r/w access to the socket file."
-	ewarn "This can be done either by setting UMask to 002 and adding MTA's user"
-	ewarn "to milter group or you can simply set UMask to 000."
-}
-
-pkg_config() {
-	local selector keysize pubkey
-
-	read -p "Enter the selector name (default ${HOSTNAME}): " selector
-	[[ -n "${selector}" ]] || selector=${HOSTNAME}
-	if [[ -z "${selector}" ]]; then
-		eerror "Oddly enough, you don't have a HOSTNAME."
-		return 1
-	fi
-	if [[ -f "${ROOT}"etc/mail/dkim-filter/${selector}.private ]]; then
-		ewarn "The private key for this selector already exists."
-	else
-		einfo "Select the size of private key:"
-		einfo "  [1] 512 bits"
-		einfo "  [2] 1024 bits"
-		while read -n 1 -s -p "  Press 1 or 2 on the keyboard to select the key size " keysize ; do
-			[[ "${keysize}" == "1" || "${keysize}" == "2" ]] && echo && break
-		done
-		case ${keysize} in
-			1) keysize=512 ;;
-			*) keysize=1024 ;;
-		esac
-
-		# generate the private and public keys
-		dkim-genkey -b ${keysize} -D "${ROOT}"etc/mail/dkim-filter/ \
-			-s ${selector} && \
-			chown milter:milter \
-			"${ROOT}"etc/mail/dkim-filter/"${selector}".private || \
-				{ eerror "Failed to create private and public keys." ; return 1; }
-	fi
-
-	# dkim-filter selector configuration
-	echo
-	einfo "Make sure you have the following settings in your dkim-filter.conf:"
-	einfo "  Keyfile /etc/mail/dkim-filter/${selector}.private"
-	einfo "  Selector ${selector}"
-
-	# MTA configuration
-	echo
-	einfo "If you are using Postfix, add following lines to your main.cf:"
-	einfo "  smtpd_milters     = unix:/var/run/dkim-filter/dkim-filter.sock"
-	einfo "  non_smtpd_milters = unix:/var/run/dkim-filter/dkim-filter.sock"
-
-	# DNS configuration
-	einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:"
-	cat "${ROOT}"etc/mail/dkim-filter/${selector}.txt
-	einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:"
-	einfo "  http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text"
-	einfo
-	einfo "Also look at the draft ASP http://www.dkim.org/specs/draft-ietf-dkim-ssp-03.html"
-}
diff --git a/mail-filter/dkim-milter/dkim-milter-2.7.2.ebuild b/mail-filter/dkim-milter/dkim-milter-2.7.2.ebuild
deleted file mode 100644
index 7925ac17ef28..000000000000
--- a/mail-filter/dkim-milter/dkim-milter-2.7.2.ebuild
+++ /dev/null
@@ -1,145 +0,0 @@
-# Copyright 1999-2008 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/mail-filter/dkim-milter/dkim-milter-2.7.2.ebuild,v 1.1 2008/10/16 19:35:35 mrness Exp $
-
-inherit eutils toolchain-funcs
-
-DESCRIPTION="A milter-based application to provide DomainKeys Identified Mail (DKIM) service"
-HOMEPAGE="http://sourceforge.net/projects/dkim-milter/"
-SRC_URI="mirror://sourceforge/dkim-milter/${P}.tar.gz"
-
-LICENSE="Sendmail-Open-Source"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="ipv6 diffheaders"
-
-RDEPEND="dev-libs/openssl
-	>=sys-libs/db-3.2
-	diffheaders? ( dev-libs/tre )"
-DEPEND="${RDEPEND}
-	|| ( mail-filter/libmilter mail-mta/sendmail )" # libmilter is a static library
-
-pkg_setup() {
-	enewgroup milter
-	enewuser milter -1 -1 -1 milter
-}
-
-src_unpack() {
-	unpack ${A}
-
-	cd "${S}" || die "source dir not found"
-
-	cp site.config.m4.dist devtools/Site/site.config.m4 || \
-		die "failed to copy site.config.m4"
-	epatch "${FILESDIR}/${P}-gentoo.patch"
-
-	local ENVDEF=""
-	use ipv6 && ENVDEF="${ENVDEF} -DNETINET6"
-	sed -i -e "s:@@CFLAGS@@:${CFLAGS}:" -e "s:@@ENVDEF@@:${ENVDEF}:" \
-		devtools/Site/site.config.m4
-	echo "APPENDDEF(\`confNO_MAN_BUILD', \` ')">>devtools/Site/site.config.m4
-
-	use diffheaders && epatch "${FILESDIR}/${PN}-diffheaders.patch"
-}
-
-src_compile() {
-	emake -j1 CC="$(tc-getCC)" || die "emake failed"
-}
-
-src_test() {
-	emake -j1 CC="$(tc-getCC)" OPTIONS=check \
-		|| die "emake check failed"
-}
-
-src_install() {
-	# no other program need to read from here
-	dodir /etc/mail/dkim-filter
-	fowners milter:milter /etc/mail/dkim-filter
-	fperms 700 /etc/mail/dkim-filter
-
-	insinto /etc/mail/dkim-filter
-	newins dkim-filter/dkim-filter.conf.sample dkim-filter.conf
-
-	newinitd "${FILESDIR}/dkim-filter.init" dkim-filter \
-		|| die "newinitd failed"
-	sed -i -e s:bin/dkim-filter:sbin/dkim-filter: "${D}/etc/init.d/dkim-filter" \
-		|| die 'failed to correct dkim-filter path'
-
-	# prepare directory for .pid, .sock and .stats files
-	dodir /var/run/dkim-filter
-	fowners milter:milter /var/run/dkim-filter
-
-	dodir /usr/bin /usr/sbin
-	emake -j1 DESTDIR="${D}" \
-		SBINOWN=root SBINGRP=root UBINOWN=root UBINGRP=root \
-		install || die "make install failed"
-
-	# man build is broken; do man page installation by hand
-	doman */*.{3,5,8}
-
-	# some people like docs
-	dodoc RELEASE_NOTES *.txt
-}
-
-pkg_postinst() {
-	elog "If you want to sign your mail messages, you will have to run"
-	elog "  emerge --config ${CATEGORY}/${PN}"
-	elog "It will help you create your key and give you hints on how"
-	elog "to configure your DNS and MTA."
-
-	ewarn "Make sure your MTA has r/w access to the socket file."
-	ewarn "This can be done either by setting UMask to 002 and adding MTA's user"
-	ewarn "to milter group or you can simply set UMask to 000."
-}
-
-pkg_config() {
-	local selector keysize pubkey
-
-	read -p "Enter the selector name (default ${HOSTNAME}): " selector
-	[[ -n "${selector}" ]] || selector=${HOSTNAME}
-	if [[ -z "${selector}" ]]; then
-		eerror "Oddly enough, you don't have a HOSTNAME."
-		return 1
-	fi
-	if [[ -f "${ROOT}"etc/mail/dkim-filter/${selector}.private ]]; then
-		ewarn "The private key for this selector already exists."
-	else
-		einfo "Select the size of private key:"
-		einfo "  [1] 512 bits"
-		einfo "  [2] 1024 bits"
-		while read -n 1 -s -p "  Press 1 or 2 on the keyboard to select the key size " keysize ; do
-			[[ "${keysize}" == "1" || "${keysize}" == "2" ]] && echo && break
-		done
-		case ${keysize} in
-			1) keysize=512 ;;
-			*) keysize=1024 ;;
-		esac
-
-		# generate the private and public keys
-		dkim-genkey -b ${keysize} -D "${ROOT}"etc/mail/dkim-filter/ \
-			-s ${selector} && \
-			chown milter:milter \
-			"${ROOT}"etc/mail/dkim-filter/"${selector}".private || \
-				{ eerror "Failed to create private and public keys." ; return 1; }
-	fi
-
-	# dkim-filter selector configuration
-	echo
-	einfo "Make sure you have the following settings in your dkim-filter.conf:"
-	einfo "  Keyfile /etc/mail/dkim-filter/${selector}.private"
-	einfo "  Selector ${selector}"
-
-	# MTA configuration
-	echo
-	einfo "If you are using Postfix, add following lines to your main.cf:"
-	einfo "  smtpd_milters     = unix:/var/run/dkim-filter/dkim-filter.sock"
-	einfo "  non_smtpd_milters = unix:/var/run/dkim-filter/dkim-filter.sock"
-
-	# DNS configuration
-	einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:"
-	cat "${ROOT}"etc/mail/dkim-filter/${selector}.txt
-	einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:"
-	einfo "  http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text"
-	einfo
-	einfo "Also look at the draft ASP http://www.dkim.org/specs/draft-ietf-dkim-ssp-03.html"
-}
diff --git a/mail-filter/dkim-milter/dkim-milter-2.8.0.ebuild b/mail-filter/dkim-milter/dkim-milter-2.8.1.ebuild
index 5ac36af4697e..8fe018cbfca6 100644
--- a/mail-filter/dkim-milter/dkim-milter-2.8.0.ebuild
+++ b/mail-filter/dkim-milter/dkim-milter-2.8.1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/mail-filter/dkim-milter/dkim-milter-2.8.0.ebuild,v 1.1 2009/01/11 07:51:29 dragonheart Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-filter/dkim-milter/dkim-milter-2.8.1.ebuild,v 1.1 2009/01/17 03:18:18 dragonheart Exp $
 
 inherit eutils toolchain-funcs
 
@@ -31,7 +31,7 @@ src_unpack() {
 
 	cp site.config.m4.dist devtools/Site/site.config.m4 || \
 		die "failed to copy site.config.m4"
-	epatch "${FILESDIR}/${P}-gentoo.patch"
+	epatch "${FILESDIR}"/${PN}-2.8.0-gentoo.patch
 
 	local ENVDEF=""
 	use ipv6 && ENVDEF="${ENVDEF} -DNETINET6"
diff --git a/mail-filter/dkim-milter/files/dkim-milter-2.7.0-gentoo.patch b/mail-filter/dkim-milter/files/dkim-milter-2.7.0-gentoo.patch
deleted file mode 100644
index c417d1fba4b4..000000000000
--- a/mail-filter/dkim-milter/files/dkim-milter-2.7.0-gentoo.patch
+++ /dev/null
@@ -1,165 +0,0 @@
-diff -ru dkim-milter-2.7.0.orig/devtools/Site/site.config.m4 dkim-milter-2.7.0/devtools/Site/site.config.m4
---- dkim-milter-2.7.0.orig/devtools/Site/site.config.m4	2008-07-25 22:29:11.000000000 +1000
-+++ dkim-milter-2.7.0/devtools/Site/site.config.m4	2008-07-25 22:30:35.000000000 +1000
-@@ -11,7 +11,10 @@
- dnl If you are encountering coredumps and want to be able to analyze them
- dnl using something like "gdb", enable this next line by deleting the "dnl"
- dnl at the front of it.
--dnl define(`confOPTIMIZE', `-g')
-+define(`confOPTIMIZE', `@@CFLAGS@@')
-+define(`confENVDEF', `@@ENVDEF@@')
-+dnl man build is broken
-+define(`confNO_MAN_BUILD',`')
- 
- dnl Shared library for libdkim
- dnl
-@@ -40,7 +43,7 @@
- dnl
- dnl If you want to use the asynchronous resolver library, enable this
- dnl next line by deleting the "dnl" at the front of it.
--dnl define(`bld_USE_ARLIB', `true')
-+define(`bld_USE_ARLIB', `true')
- dnl 
- dnl libar normally uses res_init() or res_ninit() to load the contents
- dnl of resolv.conf for its use.  If neither of these work on your system
-@@ -65,7 +68,7 @@
- dnl it has seen, rather than relying on the DNS server to provide caching,
- dnl enable this next line by deleting the "dnl" at the front of it.  Also
- dnl see the section below called "BerkeleyDB".
--dnl APPENDDEF(`confENVDEF', `-DQUERY_CACHE ')
-+APPENDDEF(`confENVDEF', `-DQUERY_CACHE ')
- 
- dnl BerkeleyDB -- Berkeley DB ("Sleepycat") database
- dnl 
-@@ -78,7 +81,7 @@
- dnl by deleting "dnl" from the front of them:
- dnl APPENDDEF(`confINCDIRS', `-I/usr/local/BerkeleyDB/include ')
- dnl APPENDDEF(`confLIBDIRS', `-L/usr/local/BerkeleyDB/lib ')
--dnl APPENDDEF(`confLIBS', `-ldb ')
-+APPENDDEF(`confLIBS', `-ldb ')
- 
- dnl OpenSSL -- cryptography library
- dnl
-@@ -116,7 +119,7 @@
- dnl APPENDDEF(`confENVDEF', `-D_FFR_REQUIRED_HEADERS ')
- dnl APPENDDEF(`confENVDEF', `-D_FFR_SELECT_CANONICALIZATION ')
- dnl APPENDDEF(`confENVDEF', `-D_FFR_SELECTOR_HEADER ')
--dnl APPENDDEF(`confENVDEF', `-D_FFR_STATS ')
-+APPENDDEF(`confENVDEF', `-D_FFR_STATS ')
- dnl APPENDDEF(`confENVDEF', `-D_FFR_VBR ')
- dnl APPENDDEF(`confENVDEF', `-D_FFR_ZTAGS ')
- 
-diff -ru dkim-milter-2.7.0.orig/dkim-filter/dkim-filter.conf.sample dkim-milter-2.7.0/dkim-filter/dkim-filter.conf.sample
---- dkim-milter-2.7.0.orig/dkim-filter/dkim-filter.conf.sample	2008-07-17 11:52:39.000000000 +1000
-+++ dkim-milter-2.7.0/dkim-filter/dkim-filter.conf.sample	2008-07-25 22:30:35.000000000 +1000
-@@ -74,13 +74,6 @@
- 
- # AutoRestartRate	n/tu
- 
--##  Background { yes | no }
--##  	default "yes"
--##
--##  Indicate whether or not the filter should run in the background.
--
--# Background		Yes
--
- ##  BodyLengths { yes | no }
- ##  	default "no"
- ##
-@@ -129,7 +122,7 @@
- ##  Specify for which domain(s) signing should be done.  No default; must
- ##  be specified for signing.
- 
--Domain			example.com
-+Domain			my-domain.com
- 
- ##  DontSignMailTo	addrlist
- ##  	default (none)
-@@ -160,14 +153,14 @@
- ##  hosts from which mail should be signed rather than verified.
- ##  Automatically contains 127.0.0.1.  See man page for file format.
- 
--# InternalHosts		filename
-+# InternalHosts		/etc/mail/dkim-filter/internalhosts
- 
- ##  KeyFile filename
- ##
- ##  Specifies the path to the private key to use when signing.  Ignored if
- ##  Keylist is set.  No default; must be specified for signing.
- 
--KeyFile			/var/db/dkim/example.private
-+KeyFile			/etc/mail/dkim-filter/my-selector-name.private
- 
- ##  KeyList filename
- ##
-@@ -184,7 +177,7 @@
- ##  as the beginning of a comment.  See dkim-filter.conf(5) for more
- ##  information.
- 
--# KeyList		/var/db/dkim/keylist
-+# KeyList		/etc/mail/dkim-filter/keylist
- 
- ##  LocalADSP filename
- ##
-@@ -309,22 +302,6 @@
- 
- # PeerList		filename
- 
--##  PidFile filename
--## 
--##  Name of the file where the filter should write its pid before beginning
--##  normal operations.
--
--# PidFile		filename
--
--##  POPDBFile filename
--##
--##  Names a database which should be checked for "POP before SMTP" records
--##  as a form of authentication of users who may be sending mail through
--##  the MTA for signing.  Requires special compilation of the filter.
--##  See dkim-filter.conf(5) for more information.
--
--# POPDBFile		filename
--
- ##  Quarantine { yes | no }
- ##  	default "no"
- ##
-@@ -437,7 +414,7 @@
- ##  inet:port			to listen on all interfaces
- ##  local:/path/to/socket	to listen on a UNIX domain socket
- 
--Socket			inet:port@localhost
-+Socket			local:/var/run/dkim-filter/dkim-filter.sock
- 
- ##  StrictTestMode { yes | no }
- ##  	default "no"
-@@ -496,7 +473,7 @@
- ##  The system has its own default which will be used (usually 022).
- ##  See the umask(2) man page for more information.
- 
--# UMask			022
-+UMask			002
- 
- ##  Userid userid
- ##  	default (none)
-@@ -504,7 +481,7 @@
- ##  Change to user "userid" before starting normal operation?  May include
- ##  a group ID as well, separated from the userid by a colon.
- 
--# UserID		userid
-+UserID		milter
- 
- ##  X-Header { yes | no }
- ##  	default "no"
-@@ -513,3 +490,10 @@
- ##  messages it has processed.
- 
- # X-Header		No
-+
-+##  Statistics filename
-+##
-+##  Names a file to which useful statistics will be saved.
-+##  See man dkim-stats page
-+
-+Statistics		/var/run/dkim-filter/dkim-filter.stats
-Only in dkim-milter-2.7.0/dkim-filter: dkim-filter.conf.sample.orig
diff --git a/mail-filter/dkim-milter/files/dkim-milter-2.7.2-gentoo.patch b/mail-filter/dkim-milter/files/dkim-milter-2.7.2-gentoo.patch
deleted file mode 100644
index 8dd5d890eb93..000000000000
--- a/mail-filter/dkim-milter/files/dkim-milter-2.7.2-gentoo.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-diff -Nru dkim-milter-2.7.2.orig/devtools/Site/site.config.m4 dkim-milter-2.7.2/devtools/Site/site.config.m4
---- dkim-milter-2.7.2.orig/devtools/Site/site.config.m4	2008-10-16 19:27:01.000000000 +0000
-+++ dkim-milter-2.7.2/devtools/Site/site.config.m4	2008-10-16 19:27:42.000000000 +0000
-@@ -11,7 +11,10 @@
- dnl If you are encountering coredumps and want to be able to analyze them
- dnl using something like "gdb", enable this next line by deleting the "dnl"
- dnl at the front of it.
--dnl define(`confOPTIMIZE', `-g')
-+define(`confOPTIMIZE', `@@CFLAGS@@')
-+define(`confENVDEF', `@@ENVDEF@@')
-+dnl man build is broken
-+define(`confNO_MAN_BUILD',`')
- 
- dnl Shared library for libdkim
- dnl
-@@ -40,7 +43,7 @@
- dnl
- dnl If you want to use the asynchronous resolver library, enable this
- dnl next line by deleting the "dnl" at the front of it.
--dnl define(`bld_USE_ARLIB', `true')
-+define(`bld_USE_ARLIB', `true')
- dnl 
- dnl libar normally uses res_init() or res_ninit() to load the contents
- dnl of resolv.conf for its use.  If neither of these work on your system
-@@ -65,7 +68,7 @@
- dnl it has seen, rather than relying on the DNS server to provide caching,
- dnl enable this next line by deleting the "dnl" at the front of it.  Also
- dnl see the section below called "BerkeleyDB".
--dnl APPENDDEF(`confENVDEF', `-DQUERY_CACHE ')
-+APPENDDEF(`confENVDEF', `-DQUERY_CACHE ')
- 
- dnl BerkeleyDB -- Berkeley DB ("Sleepycat") database
- dnl 
-@@ -78,7 +81,7 @@
- dnl by deleting "dnl" from the front of them:
- dnl APPENDDEF(`confINCDIRS', `-I/usr/local/BerkeleyDB/include ')
- dnl APPENDDEF(`confLIBDIRS', `-L/usr/local/BerkeleyDB/lib ')
--dnl APPENDDEF(`confLIBS', `-ldb ')
-+APPENDDEF(`confLIBS', `-ldb ')
- 
- dnl OpenSSL -- cryptography library
- dnl
-@@ -116,7 +119,7 @@
- dnl APPENDDEF(`confENVDEF', `-D_FFR_REQUIRED_HEADERS ')
- dnl APPENDDEF(`confENVDEF', `-D_FFR_SELECT_CANONICALIZATION ')
- dnl APPENDDEF(`confENVDEF', `-D_FFR_SELECTOR_HEADER ')
--dnl APPENDDEF(`confENVDEF', `-D_FFR_STATS ')
-+APPENDDEF(`confENVDEF', `-D_FFR_STATS ')
- dnl APPENDDEF(`confENVDEF', `-D_FFR_VBR ')
- dnl APPENDDEF(`confENVDEF', `-D_FFR_ZTAGS ')
- 
-diff -Nru dkim-milter-2.7.2.orig/dkim-filter/dkim-filter.conf.sample dkim-milter-2.7.2/dkim-filter/dkim-filter.conf.sample
---- dkim-milter-2.7.2.orig/dkim-filter/dkim-filter.conf.sample	2008-09-02 20:43:04.000000000 +0000
-+++ dkim-milter-2.7.2/dkim-filter/dkim-filter.conf.sample	2008-10-16 19:27:42.000000000 +0000
-@@ -74,13 +74,6 @@
- 
- # AutoRestartRate	n/tu
- 
--##  Background { yes | no }
--##  	default "yes"
--##
--##  Indicate whether or not the filter should run in the background.
--
--# Background		Yes
--
- ##  BodyLengths { yes | no }
- ##  	default "no"
- ##
-@@ -129,7 +122,7 @@
- ##  Specify for which domain(s) signing should be done.  No default; must
- ##  be specified for signing.
- 
--Domain			example.com
-+Domain			my-domain.com
- 
- ##  DontSignMailTo	addrlist
- ##  	default (none)
-@@ -160,14 +153,14 @@
- ##  hosts from which mail should be signed rather than verified.
- ##  Automatically contains 127.0.0.1.  See man page for file format.
- 
--# InternalHosts		filename
-+# InternalHosts		/etc/mail/dkim-filter/internalhosts
- 
- ##  KeyFile filename
- ##
- ##  Specifies the path to the private key to use when signing.  Ignored if
- ##  Keylist is set.  No default; must be specified for signing.
- 
--KeyFile			/var/db/dkim/example.private
-+KeyFile			/etc/mail/dkim-filter/my-selector-name.private
- 
- ##  KeyList filename
- ##
-@@ -184,7 +177,7 @@
- ##  as the beginning of a comment.  See dkim-filter.conf(5) for more
- ##  information.
- 
--# KeyList		/var/db/dkim/keylist
-+# KeyList		/etc/mail/dkim-filter/keylist
- 
- ##  LocalADSP filename
- ##
-@@ -309,22 +302,6 @@
- 
- # PeerList		filename
- 
--##  PidFile filename
--## 
--##  Name of the file where the filter should write its pid before beginning
--##  normal operations.
--
--# PidFile		filename
--
--##  POPDBFile filename
--##
--##  Names a database which should be checked for "POP before SMTP" records
--##  as a form of authentication of users who may be sending mail through
--##  the MTA for signing.  Requires special compilation of the filter.
--##  See dkim-filter.conf(5) for more information.
--
--# POPDBFile		filename
--
- ##  Quarantine { yes | no }
- ##  	default "no"
- ##
-@@ -437,7 +414,7 @@
- ##  inet:port			to listen on all interfaces
- ##  local:/path/to/socket	to listen on a UNIX domain socket
- 
--Socket			inet:port@localhost
-+Socket			local:/var/run/dkim-filter/dkim-filter.sock
- 
- ##  StrictTestMode { yes | no }
- ##  	default "no"
-@@ -496,7 +473,7 @@
- ##  The system has its own default which will be used (usually 022).
- ##  See the umask(2) man page for more information.
- 
--# UMask			022
-+UMask			002
- 
- ##  Userid userid
- ##  	default (none)
-@@ -504,7 +481,7 @@
- ##  Change to user "userid" before starting normal operation?  May include
- ##  a group ID as well, separated from the userid by a colon.
- 
--# UserID		userid
-+UserID		milter
- 
- ##  X-Header { yes | no }
- ##  	default "no"
-@@ -513,3 +490,10 @@
- ##  messages it has processed.
- 
- # X-Header		No
-+
-+##  Statistics filename
-+##
-+##  Names a file to which useful statistics will be saved.
-+##  See man dkim-stats page
-+
-+Statistics		/var/run/dkim-filter/dkim-filter.stats