mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: opensmtpd-next: Promote to opensmtpd [fixes CVE-2020-7247].
It's still unclear (to me) whether our opensmtpd package is affected, but this change has been delayed for long enough in any case. * gnu/packages/mail.scm (opensmtpd-next): Rename to… (opensmtpd): …this. * gnu/packages/patches/opensmtpd-fix-crash.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
parent
7c73da9907
commit
0d48690908
3 changed files with 0 additions and 111 deletions
|
@ -1235,7 +1235,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/openjdk-10-idlj-reproducibility.patch \
|
%D%/packages/patches/openjdk-10-idlj-reproducibility.patch \
|
||||||
%D%/packages/patches/openmpi-mtl-priorities.patch \
|
%D%/packages/patches/openmpi-mtl-priorities.patch \
|
||||||
%D%/packages/patches/openocd-nrf52.patch \
|
%D%/packages/patches/openocd-nrf52.patch \
|
||||||
%D%/packages/patches/opensmtpd-fix-crash.patch \
|
|
||||||
%D%/packages/patches/openssl-runpath.patch \
|
%D%/packages/patches/openssl-runpath.patch \
|
||||||
%D%/packages/patches/openssl-1.1-c-rehash-in.patch \
|
%D%/packages/patches/openssl-1.1-c-rehash-in.patch \
|
||||||
%D%/packages/patches/openssl-c-rehash-in.patch \
|
%D%/packages/patches/openssl-c-rehash-in.patch \
|
||||||
|
|
|
@ -2301,72 +2301,6 @@ (define-public sendmail
|
||||||
(define-public opensmtpd
|
(define-public opensmtpd
|
||||||
(package
|
(package
|
||||||
(name "opensmtpd")
|
(name "opensmtpd")
|
||||||
(version "6.0.3p1")
|
|
||||||
(source (origin
|
|
||||||
(method url-fetch)
|
|
||||||
(uri (string-append "https://www.opensmtpd.org/archives/"
|
|
||||||
name "-" version ".tar.gz"))
|
|
||||||
(sha256
|
|
||||||
(base32
|
|
||||||
"10bsfsnlg9d9i6l2izdnxp05s3ri8fvwzqxvx1jmarc852382619"))
|
|
||||||
;; Fixed upstream: <github.com/OpenSMTPD/OpenSMTPD/pull/835>.
|
|
||||||
(patches (search-patches "opensmtpd-fix-crash.patch"))))
|
|
||||||
(build-system gnu-build-system)
|
|
||||||
(inputs
|
|
||||||
`(("bdb" ,bdb)
|
|
||||||
("libressl" ,libressl)
|
|
||||||
("libevent" ,libevent)
|
|
||||||
("libasr" ,libasr)
|
|
||||||
("linux-pam" ,linux-pam)
|
|
||||||
("zlib" ,zlib)))
|
|
||||||
(native-inputs
|
|
||||||
`(("bison" ,bison)
|
|
||||||
("groff" ,groff)))
|
|
||||||
(arguments
|
|
||||||
`(#:configure-flags
|
|
||||||
(list "--with-table-db" "--with-auth-pam" "--localstatedir=/var"
|
|
||||||
"--with-user-smtpd=smtpd" "--with-user-queue=smtpq"
|
|
||||||
"--with-group-queue=smtpq"
|
|
||||||
"--with-path-socket=/var/run" ; not default (./configure lies)
|
|
||||||
"--with-path-CAfile=/etc/ssl/certs/ca-certificates.crt")
|
|
||||||
#:phases
|
|
||||||
(modify-phases %standard-phases
|
|
||||||
;; Fix some incorrectly hard-coded external tool file names.
|
|
||||||
(add-after 'unpack 'patch-FHS-file-names
|
|
||||||
(lambda _
|
|
||||||
(substitute* "smtpd/smtpctl.c"
|
|
||||||
(("/bin/cat") (which "cat"))
|
|
||||||
(("/bin/sh") (which "sh")))
|
|
||||||
#t))
|
|
||||||
;; OpenSMTPD provides a single utility smtpctl to control the daemon and
|
|
||||||
;; the local submission subsystem. To accomodate systems that require
|
|
||||||
;; historical interfaces such as sendmail, newaliases or makemap, the
|
|
||||||
;; smtpctl utility can operate in compatibility mode if called with the
|
|
||||||
;; historical name.
|
|
||||||
(add-after 'install 'install-compability-links
|
|
||||||
(lambda* (#:key outputs #:allow-other-keys)
|
|
||||||
(let* ((out (assoc-ref outputs "out"))
|
|
||||||
(sbin (string-append out "/sbin/")))
|
|
||||||
(for-each (lambda (command)
|
|
||||||
(symlink "smtpctl" (string-append sbin command)))
|
|
||||||
'("makemap" "sendmail" "send-mail"
|
|
||||||
"newaliases" "mailq")))
|
|
||||||
#t)))))
|
|
||||||
(synopsis "Lightweight SMTP daemon")
|
|
||||||
(description
|
|
||||||
"OpenSMTPD is an implementation of the server-side SMTP protocol, with
|
|
||||||
some additional standard extensions. It allows ordinary machines to exchange
|
|
||||||
e-mails with other systems speaking the SMTP protocol.")
|
|
||||||
(home-page "https://www.opensmtpd.org")
|
|
||||||
(license (list bsd-2 bsd-3 bsd-4 (non-copyleft "file://COPYING")
|
|
||||||
public-domain isc license:openssl))))
|
|
||||||
|
|
||||||
;; OpenSMTPd 6.4 introduced a new and incompatible configuration file format.
|
|
||||||
;; Use a different name, for now, to avoid auto-upgrades and broken mail boxes.
|
|
||||||
;; OPENSMTP-CONFIGURATION in (gnu services mail) will also need an overhaul.
|
|
||||||
(define-public opensmtpd-next
|
|
||||||
(package
|
|
||||||
(name "opensmtpd-next")
|
|
||||||
(version "6.6.2p1")
|
(version "6.6.2p1")
|
||||||
(source
|
(source
|
||||||
(origin
|
(origin
|
||||||
|
|
|
@ -1,44 +0,0 @@
|
||||||
From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: johannes <johannes.brechtmann@gmail.com>
|
|
||||||
Date: Wed, 21 Feb 2018 23:57:11 +0100
|
|
||||||
Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL
|
|
||||||
check
|
|
||||||
|
|
||||||
---
|
|
||||||
openbsd-compat/crypt_checkpass.c | 9 ++++++++-
|
|
||||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c
|
|
||||||
index dafd2dae..d10b3a57 100644
|
|
||||||
--- a/openbsd-compat/crypt_checkpass.c
|
|
||||||
+++ b/openbsd-compat/crypt_checkpass.c
|
|
||||||
@@ -1,5 +1,6 @@
|
|
||||||
/* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */
|
|
||||||
|
|
||||||
+#include "includes.h"
|
|
||||||
#include <errno.h>
|
|
||||||
#ifdef HAVE_CRYPT_H
|
|
||||||
#include <crypt.h>
|
|
||||||
@@ -10,6 +11,8 @@
|
|
||||||
int
|
|
||||||
crypt_checkpass(const char *pass, const char *goodhash)
|
|
||||||
{
|
|
||||||
+ char *c;
|
|
||||||
+
|
|
||||||
if (goodhash == NULL)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash)
|
|
||||||
if (strlen(goodhash) == 0 && strlen(pass) == 0)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
- if (strcmp(crypt(pass, goodhash), goodhash) == 0)
|
|
||||||
+ c = crypt(pass, goodhash);
|
|
||||||
+ if (c == NULL)
|
|
||||||
+ goto fail;
|
|
||||||
+
|
|
||||||
+ if (strcmp(c, goodhash) == 0)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
fail:
|
|
||||||
|
|
Loading…
Reference in a new issue