aboutsummaryrefslogtreecommitdiff
path: root/network/opensmtpd
diff options
context:
space:
mode:
authorRichard Narron <richard@aaazen.com>2020-01-31 23:32:10 +0700
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2020-01-31 23:32:10 +0700
commit3d15f138064a4db9a924115e062cfbcccecd806d (patch)
tree59179827682511896e049821ecc7c360681915cb /network/opensmtpd
parent4c9d334e71b58fbffaf5c6c103d913db08fd841b (diff)
network/opensmtpd: Updated for version 6.6.2p1.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'network/opensmtpd')
-rw-r--r--network/opensmtpd/fix-crash-on-authentication.patch43
-rw-r--r--network/opensmtpd/openbsd64-020-smtpd.patch31
-rw-r--r--network/opensmtpd/openbsd65-029-smptd-tls.patch52
-rw-r--r--network/opensmtpd/openbsd66-019-smtpd-exec.patch46
-rw-r--r--network/opensmtpd/opensmtpd.SlackBuild18
-rw-r--r--network/opensmtpd/opensmtpd.info6
6 files changed, 6 insertions, 190 deletions
diff --git a/network/opensmtpd/fix-crash-on-authentication.patch b/network/opensmtpd/fix-crash-on-authentication.patch
deleted file mode 100644
index c20b5e0a0ef9..000000000000
--- a/network/opensmtpd/fix-crash-on-authentication.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001
-From: johannes <johannes.brechtmann@gmail.com>
-Date: Wed, 21 Feb 2018 23:57:11 +0100
-Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL
- check
-
----
- openbsd-compat/crypt_checkpass.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c
-index dafd2dae..d10b3a57 100644
---- a/openbsd-compat/crypt_checkpass.c
-+++ b/openbsd-compat/crypt_checkpass.c
-@@ -1,5 +1,6 @@
- /* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */
-
-+#include "includes.h"
- #include <errno.h>
- #ifdef HAVE_CRYPT_H
- #include <crypt.h>
-@@ -10,6 +11,8 @@
- int
- crypt_checkpass(const char *pass, const char *goodhash)
- {
-+ char *c;
-+
- if (goodhash == NULL)
- goto fail;
-
-@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash)
- if (strlen(goodhash) == 0 && strlen(pass) == 0)
- return 0;
-
-- if (strcmp(crypt(pass, goodhash), goodhash) == 0)
-+ c = crypt(pass, goodhash);
-+ if (c == NULL)
-+ goto fail;
-+
-+ if (strcmp(c, goodhash) == 0)
- return 0;
-
- fail:
diff --git a/network/opensmtpd/openbsd64-020-smtpd.patch b/network/opensmtpd/openbsd64-020-smtpd.patch
deleted file mode 100644
index 8ce7178da8b1..000000000000
--- a/network/opensmtpd/openbsd64-020-smtpd.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-OpenBSD 6.4 errata 020, August 2, 2019
-
-smtpd can crash on excessively large input, causing a denial of service.
-
---- a/smtpd/smtp_session.c 3 Sep 2018 19:01:29 -0000 1.337
-+++ b/smtpd/smtp_session.c 1 Aug 2019 21:18:53 -0000
-@@ -1904,15 +1904,21 @@ smtp_reply(struct smtp_session *s, char
- {
- va_list ap;
- int n;
-- char buf[LINE_MAX], tmp[LINE_MAX];
-+ char buf[LINE_MAX*2], tmp[LINE_MAX*2];
-
- va_start(ap, fmt);
- n = vsnprintf(buf, sizeof buf, fmt, ap);
- va_end(ap);
-- if (n == -1 || n >= LINE_MAX)
-- fatalx("smtp_reply: line too long");
-+ if (n < 0)
-+ fatalx("smtp_reply: response format error");
- if (n < 4)
- fatalx("smtp_reply: response too short");
-+ if (n >= (int)sizeof buf) {
-+ /* only first three bytes are used by SMTP logic,
-+ * so if _our_ reply does not fit entirely in the
-+ * buffer, it's ok to truncate.
-+ */
-+ }
-
- log_trace(TRACE_SMTP, "smtp: %p: >>> %s", s, buf);
-
diff --git a/network/opensmtpd/openbsd65-029-smptd-tls.patch b/network/opensmtpd/openbsd65-029-smptd-tls.patch
deleted file mode 100644
index a2727decf8f7..000000000000
--- a/network/opensmtpd/openbsd65-029-smptd-tls.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-OpenBSD 6.5 errata 029, January 30, 2020:
-
-smtpd can crash on opportunistic TLS downgrade, causing a denial of service.
-
---- usr.sbin/smtpd/mta_session.c 23 Dec 2018 16:37:53 -0000 1.115
-+++ usr.sbin/smtpd/mta_session.c 20 Jan 2020 10:36:58 -0000
-@@ -1292,40 +1292,20 @@ mta_io(struct io *io, int evt, void *arg
- break;
-
- case IO_ERROR:
-+ case IO_TLSERROR:
- log_debug("debug: mta: %p: IO error: %s", s, io_error(io));
-- if (!s->ready) {
-- mta_error(s, "IO Error: %s", io_error(io));
-- mta_connect(s);
-- break;
-- }
-- else if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) {
-- /* error in non-strict SSL negotiation, downgrade to plain */
-- if (s->flags & MTA_TLS) {
-- log_info("smtp-out: Error on session %016"PRIx64
-- ": opportunistic TLS failed, "
-- "downgrading to plain", s->id);
-- s->flags &= ~MTA_TLS;
-- s->flags |= MTA_DOWNGRADE_PLAIN;
-- mta_connect(s);
-- break;
-- }
-- }
-- mta_error(s, "IO Error: %s", io_error(io));
-- mta_free(s);
-- break;
-
-- case IO_TLSERROR:
-- log_debug("debug: mta: %p: TLS IO error: %s", s, io_error(io));
-- if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) {
-+ if (s->state == MTA_STARTTLS && s->use_smtp_tls) {
- /* error in non-strict SSL negotiation, downgrade to plain */
-- log_info("smtp-out: TLS Error on session %016"PRIx64
-- ": TLS failed, "
-+ log_info("smtp-out: Error on session %016"PRIx64
-+ ": opportunistic TLS failed, "
- "downgrading to plain", s->id);
- s->flags &= ~MTA_TLS;
- s->flags |= MTA_DOWNGRADE_PLAIN;
- mta_connect(s);
- break;
- }
-+
- mta_error(s, "IO Error: %s", io_error(io));
- mta_free(s);
- break;
diff --git a/network/opensmtpd/openbsd66-019-smtpd-exec.patch b/network/opensmtpd/openbsd66-019-smtpd-exec.patch
deleted file mode 100644
index 93ce19dcb170..000000000000
--- a/network/opensmtpd/openbsd66-019-smtpd-exec.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-OpenBSD 6.6 errata 019, January 30, 2020:
-
-An incorrect check allows an attacker to trick mbox delivery into executing
-arbitrary commands as root and lmtp delivery into executing arbitrary commands
-as an unprivileged user.
-
---- usr.sbin/smtpd/smtp_session.c 4 Oct 2019 08:34:29 -0000 1.415
-+++ usr.sbin/smtpd/smtp_session.c 26 Jan 2020 05:56:37 -0000
-@@ -2012,24 +2012,22 @@ smtp_mailaddr(struct mailaddr *maddr, ch
- memmove(maddr->user, p, strlen(p) + 1);
- }
-
-- if (!valid_localpart(maddr->user) ||
-- !valid_domainpart(maddr->domain)) {
-- /* accept empty return-path in MAIL FROM, required for bounces */
-- if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0')
-- return (1);
-+ /* accept empty return-path in MAIL FROM, required for bounces */
-+ if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0')
-+ return (1);
-
-- /* no user-part, reject */
-- if (maddr->user[0] == '\0')
-- return (0);
--
-- /* no domain, local user */
-- if (maddr->domain[0] == '\0') {
-- (void)strlcpy(maddr->domain, domain,
-- sizeof(maddr->domain));
-- return (1);
-- }
-+ /* no or invalid user-part, reject */
-+ if (maddr->user[0] == '\0' || !valid_localpart(maddr->user))
- return (0);
-+
-+ /* no domain part, local user */
-+ if (maddr->domain[0] == '\0') {
-+ (void)strlcpy(maddr->domain, domain,
-+ sizeof(maddr->domain));
- }
-+
-+ if (!valid_domainpart(maddr->domain))
-+ return (0);
-
- return (1);
- }
diff --git a/network/opensmtpd/opensmtpd.SlackBuild b/network/opensmtpd/opensmtpd.SlackBuild
index 052a1fcf0373..c1dfd8d7d696 100644
--- a/network/opensmtpd/opensmtpd.SlackBuild
+++ b/network/opensmtpd/opensmtpd.SlackBuild
@@ -24,8 +24,8 @@
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRGNAM=opensmtpd
-VERSION=${VERSION:-6.0.3p1}
-BUILD=${BUILD:-5}
+VERSION=${VERSION:-6.6.2p1}
+BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
if [ -z "$ARCH" ]; then
@@ -92,18 +92,6 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
-# fix reply buffer overflow
-cat $CWD/openbsd64-020-smtpd.patch | patch -p1
-
-# fix tls downgrade
-cat $CWD/openbsd65-029-smptd-tls.patch | patch -p1
-
-# fix exec
-cat $CWD/openbsd66-019-smtpd-exec.patch | patch -p1
-
-# check null from crypt function
-cat $CWD/fix-crash-on-authentication.patch | patch -p1
-
CFLAGS="$SLKCFLAGS -D_DEFAULT_SOURCE" \
CXXFLAGS="$SLKCFLAGS" \
./configure \
@@ -173,7 +161,7 @@ find $PKG/usr/man -type f -exec gzip -9 {} \;
for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
-cp -a INSTALL LICENSE README.md THANKS $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a INSTALL LICENSE README.md $PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README.slackware
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
diff --git a/network/opensmtpd/opensmtpd.info b/network/opensmtpd/opensmtpd.info
index 093088029945..4254ccf7364c 100644
--- a/network/opensmtpd/opensmtpd.info
+++ b/network/opensmtpd/opensmtpd.info
@@ -1,8 +1,8 @@
PRGNAM="opensmtpd"
-VERSION="6.0.3p1"
+VERSION="6.6.2p1"
HOMEPAGE="https://www.opensmtpd.org/"
-DOWNLOAD="https://www.opensmtpd.org/archives/opensmtpd-6.0.3p1.tar.gz"
-MD5SUM="66e496bb0f3303d660744f4fa2178765"
+DOWNLOAD="https://www.opensmtpd.org/archives/opensmtpd-6.6.2p1.tar.gz"
+MD5SUM="bd29619f56c009a4eb4879304771822b"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
REQUIRES="libasr"