Update mail/opendmarc to 1.4.1.1

Changes since 1.4.0 from the RELEASE_NOTES file
        NOTE: In response to CVE-2019-20790, opendmarc has changed
                how it evaluates headers added by previous
                SPF milters.  Users are encouraged to read the
                CVE-2019-20790 file in the "SECURITY" folder
                for more details. (#49, #158).  Originally reported by
                Jianjun Chen, feedback by Simon Wilson and
                David Bürgin <dbuergin@gluet.ch>.
        NOTE: OpenDMARC's internal SPF handling will be removed
                in a future version.  Users are encouraged to
                build linked against libspf2.  Many pre-built
                packages provided by OS packagers already do this.
                (See https://www.libspf2.org)
        Addition of defines for MUSL C Library. (#129/#133).  Patches by
                Marco Rebhan.
        Updated opendmarc.conf manpage and opendmarc.conf.sample to point to
                https://publicsuffix.org/list/.
        Added a CONTRIBUTING document.
        Fix two #ifdefs in arc functions for strlcpy. (#138).  Reported by
                Leo Bicknell.
        Fixes to MySQL Schema (#98/#99).  Patch by Bond Keevil.
        LIBSPF2 calls would not compile on OpenBSD due to OpenBSD not
                having the ns_type definition in arpa/resolv.h.
                Added detection to configure script.  (#134)
        Reworked hcreate_r calls to use hcreate, to compile natively on
                OpenBSD and MacOS. (Part of #94)  Reported by Rupert
                Gallagher.
        Add compatibility with AutoConf 2.70. (#95)
        Documentation updates about SourceForge being deprecated.  (#101)
        Only accept results from Received-SPF fields that indicate clearly
                which identifier was being evaluated, since DMARC specifically
                only wants results based on MAIL FROM.
        Many build-time fixes (#100, #91, #90, #86, #85, #84, #83, #82, #81)
                Patches provided by Rupert Gallagher (ruga@protonmail.com)
        Added config option HoldQuarantinedMessages (default false), which
                controls if messages with p=quarantine will be passed on to
                the mail stream (if False) or placed in the MTA's "hold"
                queue (if True).  Issue #105.  Patch by Marcos Moraes, on
                the OpenDMARC mailing list.
        Remove "--with-wall" from "configure".  Suggested by Leo Bicknell.
        LIBOPENDMARC: Fix bug #50: Ignore all RRTYPEs other than TXT.
                Problem reported by Jan Bouwhuis.
        LIBOPENDMARC: Fix bug #89: Repair absurd RRTYPE test in SPF code.
        LIBOPENDMARC: Fix bug #104: Fix bogus header field parsing code.
        LIBOPENDMARC: Fix bug #161: Don't pass the client IP address through
                htonl() since it's already in network byte order.  This
                was causing SPF errors when the internal SPF
                implementation was in use.
        LIBOPENDMARC: Fix numerous problems with the internal SPF
                implementation.

doc/CHANGES-2021

@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2021,v 1.2998 2021/05/27 15:25:34 bsiegert Exp $
+$NetBSD: CHANGES-2021,v 1.2999 2021/05/27 16:51:59 manu Exp $
 
 Changes to the packages collection and infrastructure in 2021:
 
@@ -4631,3 +4631,4 @@ Changes to the packages collection and infrastructure in 2021:
 	Removed graphics/go-smartcrop [bsiegert 2021-05-27]
 	Removed graphics/go-resize [bsiegert 2021-05-27]
 	Removed graphics/go-imaging [bsiegert 2021-05-27]
+	Updated mail/opendmarc to 1.4.1.1 [manu 2021-05-27]

mail/opendmarc/Makefile

@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.25 2021/05/24 19:52:43 wiz Exp $
+# $NetBSD: Makefile,v 1.26 2021/05/27 16:52:00 manu Exp $
 
 GITHUB_PROJECT=	OpenDMARC
-GITHUB_TAG=	rel-opendmarc-1-4-0-Beta1
-DISTNAME=	rel-opendmarc-1-4-0-Beta1
-PKGNAME=	opendmarc-1.4.0b1
-PKGREVISION=	4
+GITHUB_TAG=	rel-opendmarc-1-4-1-1
+DISTNAME=	rel-opendmarc-1-4-1-1
+PKGNAME=	opendmarc-1.4.1.1
+#PKGREVISION=	1
 CATEGORIES=	mail
 MASTER_SITES=	${MASTER_SITE_GITHUB:=trusteddomainproject/}
 DIST_SUBDIR=	${GITHUB_PROJECT}

mail/opendmarc/distinfo

@@ -1,12 +1,11 @@
-$NetBSD: distinfo,v 1.10 2021/03/29 09:30:59 manu Exp $
+$NetBSD: distinfo,v 1.11 2021/05/27 16:52:00 manu Exp $
 
-SHA1 (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = 74ad1ef9f9a12b5fadef5919807cd55f7655d8d8
-RMD160 (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = e8dda5350a734509843a04329777478d9410b796
-SHA512 (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = d562050da9c4b96e7707157fbbf385ab3ac551cf07754b45deb6a010b4c47e7f478dfe35bc2c8625f6553af4fbf120820bf2a9f0ce246b26cabf81e7d1174405
-Size (OpenDMARC/rel-opendmarc-1-4-0-Beta1.tar.gz) = 1247386 bytes
-SHA1 (patch-RequiredFrom) = a21d77abbe93c806c6abee55e77e477c9c435c00
-SHA1 (patch-configure.ac) = d174911e4de37d3b50b525469cbe410bb7ae119f
-SHA1 (patch-libopendmarc_opendmarc__dns.c) = e76ca13707677525b72609b4a5268d77efcfba84
-SHA1 (patch-libopendmarc_opendmarc__spf__dns.c) = b6e1311be8e9ef44c333be57fef474f6b080a199
-SHA1 (patch-opendmarc_opendmarc-arcares.c) = 6bf207d9984341fe13120ff8d25a77ff7f6ae1e5
-SHA1 (patch-opendmarc_opendmarc-arcseal.c) = a2ace25f687736876ea4299a0177d3c3ed1e247b
+SHA1 (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 2983653fa076f3843f3ef064d58f35d39e21a3fe
+RMD160 (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 6bb61ad0e1e1a8cb3ce23cbe4eb61fb02be26610
+SHA512 (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = ee034386c70c75b87ca2fce0849a1a3538e10e0aebfb0fc9dcba6817d2cf71f52aa5586ccaacdee620190c5fbb81498419fb8e8db9fac15d7c71a61a7da396a6
+Size (OpenDMARC/rel-opendmarc-1-4-1-1.tar.gz) = 426618 bytes
+SHA1 (patch-RequiredFrom) = c89853a3fabcc48653b94169f49ea3c5923254d3
+SHA1 (patch-libopendmarc_opendmarc__dns.c) = b1f697c930808b5c5724331dead3cf29c024d69b
+SHA1 (patch-opendmarc_opendmarc-arcares.c) = 0984b42e943d6a17eeb5725508dfbcf107b23169
+SHA1 (patch-opendmarc_opendmarc-arcseal.c) = 98edb0d22e7c693d327ba98ba186605060d36e2f
+SHA1 (patch-opendmarc_parse.c) = c4b521a4542a4dc7db8baf088bb297493bf46a83

mail/opendmarc/patches/patch-RequiredFrom

@@ -1,13 +1,13 @@
-$NetBSD: patch-RequiredFrom,v 1.1 2021/03/29 09:30:59 manu Exp $
+$NetBSD: patch-RequiredFrom,v 1.2 2021/05/27 16:52:00 manu Exp $
 
 Add RequiredFrom option to reject messages that lack a From header
 from which a valid domain can be extracted
 
 Submitted upstream as 
 https://github.com/trusteddomainproject/OpenDMARC/pull/147
 
---- opendmarc/opendmarc.c.orig	2021-03-29 09:13:11.534047039 +0200
-+++ opendmarc/opendmarc.c	2021-03-29 10:02:01.105977120 +0200
+--- ./opendmarc/opendmarc.c.orig	2021-04-30 18:34:43.000000000 +0200
++++ ./opendmarc/opendmarc.c	2021-05-27 10:20:33.880652427 +0200
 @@ -163,8 +163,9 @@
  /* DMARCF_CONFIG -- configuration object */
  struct dmarcf_config
@@ -18,7 +18,7 @@ https://github.com/trusteddomainproject/OpenDMARC/pull/147
  	_Bool			conf_afrfnone;
  	_Bool			conf_rejectfail;
  	_Bool			conf_dolog;
-@@ -1349,8 +1350,12 @@
+@@ -1422,8 +1423,12 @@
  		(void) config_get(data, "RequiredHeaders",
  		                  &conf->conf_reqhdrs,
  		                  sizeof conf->conf_reqhdrs);
@@ -31,7 +31,7 @@ https://github.com/trusteddomainproject/OpenDMARC/pull/147
  		                  &conf->conf_afrf,
  		                  sizeof conf->conf_afrf);
 
-@@ -2367,13 +2372,17 @@
+@@ -2453,13 +2458,17 @@
  	{
  		if (conf->conf_dolog)
  		{
@@ -50,11 +50,17 @@ https://github.com/trusteddomainproject/OpenDMARC/pull/147
 +			return SMFIS_ACCEPT;
  	}
 
- 	/* extract From: domain */
+ 	/* extract From: addresses */
  	memset(addrbuf, '\0', sizeof addrbuf);
-@@ -2387,9 +2396,9 @@
- 			       "%s: unable to parse From header field",
- 			       dfc->mctx_jobid);
+@@ -2495,13 +2504,13 @@
+ 	{
+ 		if (conf->conf_dolog)
+ 		{
+ 			syslog(LOG_ERR,
+-			       "%s: unable to parse From header field",
+-			       dfc->mctx_jobid);
++			       "%s: unable to parse From header field \"%s\"",
++			       dfc->mctx_jobid, from->hdr_value);
  		}
 
 -		if (conf->conf_reqhdrs)
@@ -63,9 +69,9 @@ https://github.com/trusteddomainproject/OpenDMARC/pull/147
  		else
  			return SMFIS_ACCEPT;
  	}
---- opendmarc/opendmarc.conf.5.in.orig	2021-03-29 09:15:03.877101090 +0200
-+++ opendmarc/opendmarc.conf.5.in	2021-03-29 09:21:56.423837778 +0200
-@@ -258,8 +258,16 @@
+--- ./opendmarc/opendmarc.conf.5.in.orig	2021-04-30 18:34:43.000000000 +0200
++++ ./opendmarc/opendmarc.conf.5.in	2021-05-27 10:20:33.881043733 +0200
+@@ -287,8 +287,16 @@
  failing this test are rejected without further processing.  A From:
  field from which no domain name could be extracted will also be rejected.
 
@@ -82,21 +88,21 @@ https://github.com/trusteddomainproject/OpenDMARC/pull/147
  Specifies the socket that should be established by the filter to receive
  connections from
  .I sendmail(8)
---- opendmarc/opendmarc-config.h.orig	2021-03-29 09:19:21.345035861 +0200
-+++ opendmarc/opendmarc-config.h	2021-03-29 09:19:34.235736167 +0200
-@@ -43,8 +43,9 @@
+--- ./opendmarc/opendmarc-config.h.orig	2021-04-30 18:34:43.000000000 +0200
++++ ./opendmarc/opendmarc-config.h	2021-05-27 10:23:12.866999966 +0200
+@@ -44,8 +44,9 @@
  	{ "PidFile",			CONFIG_TYPE_STRING,	FALSE },
  	{ "PublicSuffixList",		CONFIG_TYPE_STRING,	FALSE },
  	{ "RecordAllMessages",		CONFIG_TYPE_BOOLEAN,	FALSE },
  	{ "RequiredHeaders",		CONFIG_TYPE_BOOLEAN,	FALSE },
 +	{ "RequiredFrom",		CONFIG_TYPE_BOOLEAN,	FALSE },
  	{ "RejectFailures",		CONFIG_TYPE_BOOLEAN,	FALSE },
+ 	{ "RejectMultiValueFrom",	CONFIG_TYPE_BOOLEAN,	FALSE },
  	{ "ReportCommand",		CONFIG_TYPE_STRING,	FALSE },
  	{ "Socket",			CONFIG_TYPE_STRING,	FALSE },
- 	{ "SoftwareHeader",		CONFIG_TYPE_BOOLEAN,	FALSE },
---- opendmarc/opendmarc.conf.sample.orig	2021-03-29 09:19:43.400961620 +0200
-+++ opendmarc/opendmarc.conf.sample	2021-03-29 09:22:23.834032438 +0200
-@@ -303,8 +303,17 @@
+--- ./opendmarc/opendmarc.conf.sample.orig	2021-04-30 18:34:43.000000000 +0200
++++ ./opendmarc/opendmarc.conf.sample	2021-05-27 10:20:33.882715995 +0200
+@@ -343,8 +343,17 @@
  ##  rejected.
  #
  # RequiredHeaders false

mail/opendmarc/patches/patch-libopendmarc_opendmarc__dns.c

@@ -1,11 +1,10 @@
-$NetBSD: patch-libopendmarc_opendmarc__dns.c,v 1.2 2020/12/24 01:10:23 manu Exp $
+$NetBSD: patch-libopendmarc_opendmarc__dns.c,v 1.3 2021/05/27 16:52:00 manu Exp $
 
 Make sure res_init works on zeroed structure
-Search for res_ndestroy and use it instead of res_nclose if available
 
---- libopendmarc/opendmarc_dns.c.orig	2018-11-15 01:58:31.000000000 +0100
-+++ libopendmarc/opendmarc_dns.c	2020-12-23 15:57:30.488718786 +0100
-@@ -201,16 +201,21 @@
+--- libopendmarc/opendmarc_dns.c.orig	2021-05-27 10:27:22.653313507 +0200
++++ libopendmarc/opendmarc_dns.c	2021-05-27 10:26:59.377412037 +0200
+@@ -202,8 +202,9 @@
  	while (*bp == '.')
  		++bp;
 
@@ -15,15 +14,3 @@ Search for res_ndestroy and use it instead of res_nclose if available
  #ifdef RES_USE_DNSSEC
  	resp.options |= RES_USE_DNSSEC;
  #endif
- 	(void) opendmarc_policy_library_dns_hook(&resp.nscount,
-                                                  &resp.nsaddr_list);
- 	answer_len = res_nquery(&resp, bp, C_IN, T_TXT, answer_buf, sizeof answer_buf);
-+#ifdef HAVE_RES_NDESTROY
-+	res_ndestroy(&resp);
-+#else /* HAVE_RES_NDESTROY */
- 	res_nclose(&resp);
-+#endif /* HAVE_RES_NDESTROY */
- #else /* HAVE_RES_NINIT */
- 	res_init();
- #ifdef RES_USE_DNSSEC
- 	_res.options |= RES_USE_DNSSEC;

mail/opendmarc/patches/patch-opendmarc_opendmarc-arcares.c

@@ -1,10 +1,11 @@
-$NetBSD: patch-opendmarc_opendmarc-arcares.c,v 1.1 2021/02/17 01:49:12 manu Exp $
+$NetBSD: patch-opendmarc_opendmarc-arcares.c,v 1.2 2021/05/27 16:52:00 manu Exp $
 
 Avoid handling a NULL pointer when parsing a malformed header
 
---- opendmarc/opendmarc-arcares.c.orig	2021-02-16 16:33:34.454279528 +0000
-+++ opendmarc/opendmarc-arcares.c	2021-02-16 16:35:14.240570993 +0000
-@@ -324,8 +324,10 @@
+--- opendmarc/opendmarc-arcares.c.orig	2021-04-30 18:34:43.000000000 +0200
++++ opendmarc/opendmarc-arcares.c	2021-05-27 10:30:03.036068852 +0200
+@@ -265,8 +265,10 @@
+ 		token_ptr = token + leading_space_len;
  		if (*token_ptr == '\0')
  			return 0;
  		tag_label = strsep(&token_ptr, "=");
@@ -14,4 +15,3 @@ Avoid handling a NULL pointer when parsing a malformed header
  		tag_code = opendmarc_arcares_convert(aar_arc_tags, tag_label);
 
  		switch (tag_code)
- 		{

mail/opendmarc/patches/patch-opendmarc_opendmarc-arcseal.c

@@ -1,10 +1,10 @@
-$NetBSD: patch-opendmarc_opendmarc-arcseal.c,v 1.1 2021/02/17 01:49:12 manu Exp $
+$NetBSD: patch-opendmarc_opendmarc-arcseal.c,v 1.2 2021/05/27 16:52:00 manu Exp $
 
 Avoid handling a NULL pointer when parsing a malformed header
 
---- opendmarc/opendmarc-arcseal.c.orig	2021-02-16 23:42:14.132748160 +0100
-+++ opendmarc/opendmarc-arcseal.c	2021-02-16 23:43:43.400895411 +0100
-@@ -222,9 +222,13 @@
+--- opendmarc/opendmarc-arcseal.c.orig	2021-04-30 18:34:43.000000000 +0200
++++ opendmarc/opendmarc-arcseal.c	2021-05-27 10:31:21.308140659 +0200
+@@ -166,9 +166,13 @@
  		token_ptr = token + leading_space_len;
  		if (*token_ptr == '\0')
  			return 0;

mail/opendmarc/patches/patch-opendmarc_parse.c

@@ -0,0 +1,30 @@
+$NetBSD: patch-opendmarc_parse.c,v 1.1 2021/05/27 16:52:00 manu Exp $
+
+Make sure a trailing brackets corresponds to a leading one
+aaa98f5
+
+This fixes the case where the sender e-mail address is user@example.net>
+Without this fix, OpenDMARC parses the domain as example.net> and skip
+DMARC processing since there is no policy for the domain.
+
+Unfortunately, the MTA or MUA tend to fix the trailing bracket on their
+own, letting forged e-mail passing through to user mailboxes.
+
+Submitted upstream https://github.com/trusteddomainproject/OpenDMARC/pull/174
+
+--- opendmarc/parse.c.orig	2021-05-27 09:45:40.873727663 +0200
++++ opendmarc/parse.c	2021-05-27 09:45:27.545312746 +0200
+@@ -444,8 +444,13 @@
+ 					*w++ = '\0';
+ 					*domain_out = w;
+ 					ws = 0;
+ 				}
++				else if (type == '>')
++				{
++					err = MAILPARSE_ERR_SUNBALANCED;
++					return err;
++				}
+ 				else
+ 				{
+
+ 					if (*user_out == NULL)