gnu: opensmtpd-next: Promote to opensmtpd [fixes CVE-2020-7247].

It's still unclear (to me) whether our opensmtpd package is affected,
but this change has been delayed for long enough in any case.

* gnu/packages/mail.scm (opensmtpd-next): Rename to…
(opensmtpd): …this.
* gnu/packages/patches/opensmtpd-fix-crash.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
Tobias Geerinckx-Rice 2020-01-29 22:42:12 +01:00
parent 7c73da9907
commit 0d48690908
No known key found for this signature in database
GPG key ID: 0DB0FF884F556D79
3 changed files with 0 additions and 111 deletions

View file

@ -1235,7 +1235,6 @@ dist_patch_DATA = \
%D%/packages/patches/openjdk-10-idlj-reproducibility.patch \
%D%/packages/patches/openmpi-mtl-priorities.patch \
%D%/packages/patches/openocd-nrf52.patch \
%D%/packages/patches/opensmtpd-fix-crash.patch \
%D%/packages/patches/openssl-runpath.patch \
%D%/packages/patches/openssl-1.1-c-rehash-in.patch \
%D%/packages/patches/openssl-c-rehash-in.patch \

View file

@ -2301,72 +2301,6 @@ (define-public sendmail
(define-public opensmtpd
(package
(name "opensmtpd")
(version "6.0.3p1")
(source (origin
(method url-fetch)
(uri (string-append "https://www.opensmtpd.org/archives/"
name "-" version ".tar.gz"))
(sha256
(base32
"10bsfsnlg9d9i6l2izdnxp05s3ri8fvwzqxvx1jmarc852382619"))
;; Fixed upstream: <github.com/OpenSMTPD/OpenSMTPD/pull/835>.
(patches (search-patches "opensmtpd-fix-crash.patch"))))
(build-system gnu-build-system)
(inputs
`(("bdb" ,bdb)
("libressl" ,libressl)
("libevent" ,libevent)
("libasr" ,libasr)
("linux-pam" ,linux-pam)
("zlib" ,zlib)))
(native-inputs
`(("bison" ,bison)
("groff" ,groff)))
(arguments
`(#:configure-flags
(list "--with-table-db" "--with-auth-pam" "--localstatedir=/var"
"--with-user-smtpd=smtpd" "--with-user-queue=smtpq"
"--with-group-queue=smtpq"
"--with-path-socket=/var/run" ; not default (./configure lies)
"--with-path-CAfile=/etc/ssl/certs/ca-certificates.crt")
#:phases
(modify-phases %standard-phases
;; Fix some incorrectly hard-coded external tool file names.
(add-after 'unpack 'patch-FHS-file-names
(lambda _
(substitute* "smtpd/smtpctl.c"
(("/bin/cat") (which "cat"))
(("/bin/sh") (which "sh")))
#t))
;; OpenSMTPD provides a single utility smtpctl to control the daemon and
;; the local submission subsystem. To accomodate systems that require
;; historical interfaces such as sendmail, newaliases or makemap, the
;; smtpctl utility can operate in compatibility mode if called with the
;; historical name.
(add-after 'install 'install-compability-links
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(sbin (string-append out "/sbin/")))
(for-each (lambda (command)
(symlink "smtpctl" (string-append sbin command)))
'("makemap" "sendmail" "send-mail"
"newaliases" "mailq")))
#t)))))
(synopsis "Lightweight SMTP daemon")
(description
"OpenSMTPD is an implementation of the server-side SMTP protocol, with
some additional standard extensions. It allows ordinary machines to exchange
e-mails with other systems speaking the SMTP protocol.")
(home-page "https://www.opensmtpd.org")
(license (list bsd-2 bsd-3 bsd-4 (non-copyleft "file://COPYING")
public-domain isc license:openssl))))
;; OpenSMTPd 6.4 introduced a new and incompatible configuration file format.
;; Use a different name, for now, to avoid auto-upgrades and broken mail boxes.
;; OPENSMTP-CONFIGURATION in (gnu services mail) will also need an overhaul.
(define-public opensmtpd-next
(package
(name "opensmtpd-next")
(version "6.6.2p1")
(source
(origin

View file

@ -1,44 +0,0 @@
From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001
From: johannes <johannes.brechtmann@gmail.com>
Date: Wed, 21 Feb 2018 23:57:11 +0100
Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL
check
---
openbsd-compat/crypt_checkpass.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c
index dafd2dae..d10b3a57 100644
--- a/openbsd-compat/crypt_checkpass.c
+++ b/openbsd-compat/crypt_checkpass.c
@@ -1,5 +1,6 @@
/* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */
+#include "includes.h"
#include <errno.h>
#ifdef HAVE_CRYPT_H
#include <crypt.h>
@@ -10,6 +11,8 @@
int
crypt_checkpass(const char *pass, const char *goodhash)
{
+ char *c;
+
if (goodhash == NULL)
goto fail;
@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash)
if (strlen(goodhash) == 0 && strlen(pass) == 0)
return 0;
- if (strcmp(crypt(pass, goodhash), goodhash) == 0)
+ c = crypt(pass, goodhash);
+ if (c == NULL)
+ goto fail;
+
+ if (strcmp(c, goodhash) == 0)
return 0;
fail: