diff options
-rw-r--r-- | network/opensmtpd/fix-crash-on-authentication.patch | 43 | ||||
-rw-r--r-- | network/opensmtpd/openbsd64-020-smtpd.patch | 31 | ||||
-rw-r--r-- | network/opensmtpd/openbsd65-029-smptd-tls.patch | 52 | ||||
-rw-r--r-- | network/opensmtpd/openbsd66-019-smtpd-exec.patch | 46 | ||||
-rw-r--r-- | network/opensmtpd/opensmtpd.SlackBuild | 18 | ||||
-rw-r--r-- | network/opensmtpd/opensmtpd.info | 6 |
6 files changed, 6 insertions, 190 deletions
diff --git a/network/opensmtpd/fix-crash-on-authentication.patch b/network/opensmtpd/fix-crash-on-authentication.patch deleted file mode 100644 index c20b5e0a0ef9..000000000000 --- a/network/opensmtpd/fix-crash-on-authentication.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001 -From: johannes <johannes.brechtmann@gmail.com> -Date: Wed, 21 Feb 2018 23:57:11 +0100 -Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL - check - ---- - openbsd-compat/crypt_checkpass.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c -index dafd2dae..d10b3a57 100644 ---- a/openbsd-compat/crypt_checkpass.c -+++ b/openbsd-compat/crypt_checkpass.c -@@ -1,5 +1,6 @@ - /* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */ - -+#include "includes.h" - #include <errno.h> - #ifdef HAVE_CRYPT_H - #include <crypt.h> -@@ -10,6 +11,8 @@ - int - crypt_checkpass(const char *pass, const char *goodhash) - { -+ char *c; -+ - if (goodhash == NULL) - goto fail; - -@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash) - if (strlen(goodhash) == 0 && strlen(pass) == 0) - return 0; - -- if (strcmp(crypt(pass, goodhash), goodhash) == 0) -+ c = crypt(pass, goodhash); -+ if (c == NULL) -+ goto fail; -+ -+ if (strcmp(c, goodhash) == 0) - return 0; - - fail: diff --git a/network/opensmtpd/openbsd64-020-smtpd.patch b/network/opensmtpd/openbsd64-020-smtpd.patch deleted file mode 100644 index 8ce7178da8b1..000000000000 --- a/network/opensmtpd/openbsd64-020-smtpd.patch +++ /dev/null @@ -1,31 +0,0 @@ -OpenBSD 6.4 errata 020, August 2, 2019 - -smtpd can crash on excessively large input, causing a denial of service. - ---- a/smtpd/smtp_session.c 3 Sep 2018 19:01:29 -0000 1.337 -+++ b/smtpd/smtp_session.c 1 Aug 2019 21:18:53 -0000 -@@ -1904,15 +1904,21 @@ smtp_reply(struct smtp_session *s, char - { - va_list ap; - int n; -- char buf[LINE_MAX], tmp[LINE_MAX]; -+ char buf[LINE_MAX*2], tmp[LINE_MAX*2]; - - va_start(ap, fmt); - n = vsnprintf(buf, sizeof buf, fmt, ap); - va_end(ap); -- if (n == -1 || n >= LINE_MAX) -- fatalx("smtp_reply: line too long"); -+ if (n < 0) -+ fatalx("smtp_reply: response format error"); - if (n < 4) - fatalx("smtp_reply: response too short"); -+ if (n >= (int)sizeof buf) { -+ /* only first three bytes are used by SMTP logic, -+ * so if _our_ reply does not fit entirely in the -+ * buffer, it's ok to truncate. -+ */ -+ } - - log_trace(TRACE_SMTP, "smtp: %p: >>> %s", s, buf); - diff --git a/network/opensmtpd/openbsd65-029-smptd-tls.patch b/network/opensmtpd/openbsd65-029-smptd-tls.patch deleted file mode 100644 index a2727decf8f7..000000000000 --- a/network/opensmtpd/openbsd65-029-smptd-tls.patch +++ /dev/null @@ -1,52 +0,0 @@ -OpenBSD 6.5 errata 029, January 30, 2020: - -smtpd can crash on opportunistic TLS downgrade, causing a denial of service. - ---- usr.sbin/smtpd/mta_session.c 23 Dec 2018 16:37:53 -0000 1.115 -+++ usr.sbin/smtpd/mta_session.c 20 Jan 2020 10:36:58 -0000 -@@ -1292,40 +1292,20 @@ mta_io(struct io *io, int evt, void *arg - break; - - case IO_ERROR: -+ case IO_TLSERROR: - log_debug("debug: mta: %p: IO error: %s", s, io_error(io)); -- if (!s->ready) { -- mta_error(s, "IO Error: %s", io_error(io)); -- mta_connect(s); -- break; -- } -- else if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) { -- /* error in non-strict SSL negotiation, downgrade to plain */ -- if (s->flags & MTA_TLS) { -- log_info("smtp-out: Error on session %016"PRIx64 -- ": opportunistic TLS failed, " -- "downgrading to plain", s->id); -- s->flags &= ~MTA_TLS; -- s->flags |= MTA_DOWNGRADE_PLAIN; -- mta_connect(s); -- break; -- } -- } -- mta_error(s, "IO Error: %s", io_error(io)); -- mta_free(s); -- break; - -- case IO_TLSERROR: -- log_debug("debug: mta: %p: TLS IO error: %s", s, io_error(io)); -- if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) { -+ if (s->state == MTA_STARTTLS && s->use_smtp_tls) { - /* error in non-strict SSL negotiation, downgrade to plain */ -- log_info("smtp-out: TLS Error on session %016"PRIx64 -- ": TLS failed, " -+ log_info("smtp-out: Error on session %016"PRIx64 -+ ": opportunistic TLS failed, " - "downgrading to plain", s->id); - s->flags &= ~MTA_TLS; - s->flags |= MTA_DOWNGRADE_PLAIN; - mta_connect(s); - break; - } -+ - mta_error(s, "IO Error: %s", io_error(io)); - mta_free(s); - break; diff --git a/network/opensmtpd/openbsd66-019-smtpd-exec.patch b/network/opensmtpd/openbsd66-019-smtpd-exec.patch deleted file mode 100644 index 93ce19dcb170..000000000000 --- a/network/opensmtpd/openbsd66-019-smtpd-exec.patch +++ /dev/null @@ -1,46 +0,0 @@ -OpenBSD 6.6 errata 019, January 30, 2020: - -An incorrect check allows an attacker to trick mbox delivery into executing -arbitrary commands as root and lmtp delivery into executing arbitrary commands -as an unprivileged user. - ---- usr.sbin/smtpd/smtp_session.c 4 Oct 2019 08:34:29 -0000 1.415 -+++ usr.sbin/smtpd/smtp_session.c 26 Jan 2020 05:56:37 -0000 -@@ -2012,24 +2012,22 @@ smtp_mailaddr(struct mailaddr *maddr, ch - memmove(maddr->user, p, strlen(p) + 1); - } - -- if (!valid_localpart(maddr->user) || -- !valid_domainpart(maddr->domain)) { -- /* accept empty return-path in MAIL FROM, required for bounces */ -- if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0') -- return (1); -+ /* accept empty return-path in MAIL FROM, required for bounces */ -+ if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0') -+ return (1); - -- /* no user-part, reject */ -- if (maddr->user[0] == '\0') -- return (0); -- -- /* no domain, local user */ -- if (maddr->domain[0] == '\0') { -- (void)strlcpy(maddr->domain, domain, -- sizeof(maddr->domain)); -- return (1); -- } -+ /* no or invalid user-part, reject */ -+ if (maddr->user[0] == '\0' || !valid_localpart(maddr->user)) - return (0); -+ -+ /* no domain part, local user */ -+ if (maddr->domain[0] == '\0') { -+ (void)strlcpy(maddr->domain, domain, -+ sizeof(maddr->domain)); - } -+ -+ if (!valid_domainpart(maddr->domain)) -+ return (0); - - return (1); - } diff --git a/network/opensmtpd/opensmtpd.SlackBuild b/network/opensmtpd/opensmtpd.SlackBuild index 052a1fcf0373..c1dfd8d7d696 100644 --- a/network/opensmtpd/opensmtpd.SlackBuild +++ b/network/opensmtpd/opensmtpd.SlackBuild @@ -24,8 +24,8 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM=opensmtpd -VERSION=${VERSION:-6.0.3p1} -BUILD=${BUILD:-5} +VERSION=${VERSION:-6.6.2p1} +BUILD=${BUILD:-1} TAG=${TAG:-_SBo} if [ -z "$ARCH" ]; then @@ -92,18 +92,6 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; -# fix reply buffer overflow -cat $CWD/openbsd64-020-smtpd.patch | patch -p1 - -# fix tls downgrade -cat $CWD/openbsd65-029-smptd-tls.patch | patch -p1 - -# fix exec -cat $CWD/openbsd66-019-smtpd-exec.patch | patch -p1 - -# check null from crypt function -cat $CWD/fix-crash-on-authentication.patch | patch -p1 - CFLAGS="$SLKCFLAGS -D_DEFAULT_SOURCE" \ CXXFLAGS="$SLKCFLAGS" \ ./configure \ @@ -173,7 +161,7 @@ find $PKG/usr/man -type f -exec gzip -9 {} \; for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a INSTALL LICENSE README.md THANKS $PKG/usr/doc/$PRGNAM-$VERSION +cp -a INSTALL LICENSE README.md $PKG/usr/doc/$PRGNAM-$VERSION cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README.slackware cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild diff --git a/network/opensmtpd/opensmtpd.info b/network/opensmtpd/opensmtpd.info index 093088029945..4254ccf7364c 100644 --- a/network/opensmtpd/opensmtpd.info +++ b/network/opensmtpd/opensmtpd.info @@ -1,8 +1,8 @@ PRGNAM="opensmtpd" -VERSION="6.0.3p1" +VERSION="6.6.2p1" HOMEPAGE="https://www.opensmtpd.org/" -DOWNLOAD="https://www.opensmtpd.org/archives/opensmtpd-6.0.3p1.tar.gz" -MD5SUM="66e496bb0f3303d660744f4fa2178765" +DOWNLOAD="https://www.opensmtpd.org/archives/opensmtpd-6.6.2p1.tar.gz" +MD5SUM="bd29619f56c009a4eb4879304771822b" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="libasr" |