From bdcfa74624ec6f20fb94661457a3ba5fe70e56c3 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 25 Feb 2020 10:01:47 +0800 Subject: mail-mta/opensmtpd: apply security fixes Package-Manager: Portage-2.3.88, Repoman-2.3.20 Signed-off-by: Jason A. Donenfeld --- mail-mta/opensmtpd/Manifest | 2 +- .../files/opensmtpd-6.0.3_p1-security-fixes.patch | 32 +++++++++ mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r2.ebuild | 78 --------------------- mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r3.ebuild | 78 +++++++++++++++++++++ mail-mta/opensmtpd/opensmtpd-6.6.2_p1.ebuild | 81 ---------------------- mail-mta/opensmtpd/opensmtpd-6.6.4_p1.ebuild | 81 ++++++++++++++++++++++ 6 files changed, 192 insertions(+), 160 deletions(-) delete mode 100644 mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r2.ebuild create mode 100644 mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r3.ebuild delete mode 100644 mail-mta/opensmtpd/opensmtpd-6.6.2_p1.ebuild create mode 100644 mail-mta/opensmtpd/opensmtpd-6.6.4_p1.ebuild (limited to 'mail-mta') diff --git a/mail-mta/opensmtpd/Manifest b/mail-mta/opensmtpd/Manifest index 725fb5960549..0c001fb94e6e 100644 --- a/mail-mta/opensmtpd/Manifest +++ b/mail-mta/opensmtpd/Manifest @@ -1,2 +1,2 @@ DIST opensmtpd-6.0.3p1.tar.gz 699702 BLAKE2B 49f08e8329adc049a562b6ef7efa4c0a39cbcfe8a158cb905cfc726a7302ffe9833ccfb52041340767d55d0f2ae2087e8eac92b7359016c6c76b4d963a334558 SHA512 e579818a0ddbe637deb5a4e40f43eaf797783903ceac18fd89a57581b135b9e407d424e1a70ff7b4b06a0ee50bafb6e8ab2451371917887904b06ff1b55d320f -DIST opensmtpd-6.6.2p1.tar.gz 777422 BLAKE2B e372a10f618e83ccb6c782d056750f89a5224898a28957509ab306fbe8bb4ea94462c1bbccbbe9c0dea64623c250d9fe9f3b74f2e26eda5d6c232bec50bff1d0 SHA512 b0f7ea94514a4a1880a22996064caa7da0a15e6453236ca2f004402125affa80e9d8c25d3e63826b45045305851959bc58c2c855829e46d6967bf6cd13bd1e91 +DIST opensmtpd-6.6.4p1.tar.gz 790754 BLAKE2B 18cc19569ae764eff3d672cbfb87df7bd00afcce93705ad128e935c0a47a246c3a6166fca7b6f844c0dd5e728492d8aeb7e0f8a8c1f5a756bf356ae9afb80852 SHA512 267307c91f4fcf21624b0897dfb1f5638b77da7b8d9a02211d734ed2cc5bd39ea7542ae7f200255e2945518fbe7609a0e5aa4e5c6dcb8146014f08b3845c108b diff --git a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-security-fixes.patch b/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-security-fixes.patch index 58f3ed8c38b1..b22f3af1fbe4 100644 --- a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-security-fixes.patch +++ b/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-security-fixes.patch @@ -89,3 +89,35 @@ diff -ru OpenSMTPD-opensmtpd-6.0.3/smtpd/smtp_session.c OpenSMTPD-opensmtpd-6.0. return (1); } +diff -ru opensmtpd-6.0.3p1/smtpd/mta_session.c opensmtpd-6.0.3p1-modified/smtpd/mta_session.c +--- opensmtpd-6.0.3p1/smtpd/mta_session.c 2018-01-10 21:06:40.000000000 +0800 ++++ opensmtpd-6.0.3p1-modified/smtpd/mta_session.c 2020-02-25 09:57:04.624147227 +0800 +@@ -1214,7 +1214,7 @@ + if (cont) { + if (s->replybuf[0] == '\0') + (void)strlcat(s->replybuf, line, sizeof s->replybuf); +- else { ++ else if (len > 4) { + line = line + 4; + if (isdigit((int)*line) && *(line + 1) == '.' && + isdigit((int)*line+2) && *(line + 3) == '.' && +@@ -1229,7 +1229,9 @@ + /* last line of a reply, check if we're on a continuation to parse out status and ESC. + * if we overflow reply buffer or are not on continuation, log entire last line. + */ +- if (s->replybuf[0] != '\0') { ++ if (s->replybuf[0] == '\0') ++ (void)strlcat(s->replybuf, line, sizeof s->replybuf); ++ else if (len > 4) { + p = line + 4; + if (isdigit((int)*p) && *(p + 1) == '.' && + isdigit((int)*p+2) && *(p + 3) == '.' && +@@ -1238,8 +1240,6 @@ + if (strlcat(s->replybuf, p, sizeof s->replybuf) >= sizeof s->replybuf) + (void)strlcpy(s->replybuf, line, sizeof s->replybuf); + } +- else +- (void)strlcpy(s->replybuf, line, sizeof s->replybuf); + + if (s->state == MTA_QUIT) { + log_info("%016"PRIx64" mta event=closed reason=quit messages=%zu", diff --git a/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r2.ebuild b/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r2.ebuild deleted file mode 100644 index 14d9fa69ea4a..000000000000 --- a/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r2.ebuild +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit pam toolchain-funcs systemd - -DESCRIPTION="Lightweight but featured SMTP daemon from OpenBSD" -HOMEPAGE="https://www.opensmtpd.org" -SRC_URI="https://www.opensmtpd.org/archives/${P/_}.tar.gz" - -LICENSE="ISC BSD BSD-1 BSD-2 BSD-4" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~x86" -IUSE="libressl pam +mta" - -DEPEND=" - acct-user/smtpd - acct-user/smtpq - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:0= ) - elibc_musl? ( sys-libs/fts-standalone ) - sys-libs/zlib - pam? ( sys-libs/pam ) - sys-libs/db:= - dev-libs/libevent - app-misc/ca-certificates - net-mail/mailbase - net-libs/libasr - !mail-mta/courier - !mail-mta/esmtp - !mail-mta/exim - !mail-mta/mini-qmail - !mail-mta/msmtp[mta] - !mail-mta/netqmail - !mail-mta/nullmailer - !mail-mta/postfix - !mail-mta/qmail-ldap - !mail-mta/sendmail - !mail-mta/ssmtp[mta] -" -RDEPEND="${DEPEND}" - -S=${WORKDIR}/${P/_} -PATCHES=( - "${FILESDIR}/${P}-fix-crash-on-auth.patch" - "${FILESDIR}/${P}-openssl_1.1.patch" - "${FILESDIR}/${P}-security-fixes.patch" -) - -src_configure() { - tc-export AR - AR="$(which "$AR")" econf \ - --with-table-db \ - --with-user-smtpd=smtpd \ - --with-user-queue=smtpq \ - --with-group-queue=smtpq \ - --with-path-socket=/run \ - --with-path-CAfile=/etc/ssl/certs/ca-certificates.crt \ - --sysconfdir=/etc/opensmtpd \ - $(use_with pam auth-pam) -} - -src_install() { - default - newinitd "${FILESDIR}"/smtpd.initd smtpd - systemd_dounit "${FILESDIR}"/smtpd.{service,socket} - use pam && newpamd "${FILESDIR}"/smtpd.pam smtpd - dosym smtpctl /usr/sbin/makemap - dosym smtpctl /usr/sbin/newaliases - if use mta ; then - dodir /usr/sbin - dosym smtpctl /usr/sbin/sendmail - dosym ../sbin/smtpctl /usr/bin/sendmail - mkdir -p "${ED}"/usr/$(get_libdir) || die - ln -s --relative "${ED}"/usr/sbin/smtpctl "${ED}"/usr/$(get_libdir)/sendmail || die - fi -} diff --git a/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r3.ebuild b/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r3.ebuild new file mode 100644 index 000000000000..14d9fa69ea4a --- /dev/null +++ b/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r3.ebuild @@ -0,0 +1,78 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit pam toolchain-funcs systemd + +DESCRIPTION="Lightweight but featured SMTP daemon from OpenBSD" +HOMEPAGE="https://www.opensmtpd.org" +SRC_URI="https://www.opensmtpd.org/archives/${P/_}.tar.gz" + +LICENSE="ISC BSD BSD-1 BSD-2 BSD-4" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~x86" +IUSE="libressl pam +mta" + +DEPEND=" + acct-user/smtpd + acct-user/smtpq + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + elibc_musl? ( sys-libs/fts-standalone ) + sys-libs/zlib + pam? ( sys-libs/pam ) + sys-libs/db:= + dev-libs/libevent + app-misc/ca-certificates + net-mail/mailbase + net-libs/libasr + !mail-mta/courier + !mail-mta/esmtp + !mail-mta/exim + !mail-mta/mini-qmail + !mail-mta/msmtp[mta] + !mail-mta/netqmail + !mail-mta/nullmailer + !mail-mta/postfix + !mail-mta/qmail-ldap + !mail-mta/sendmail + !mail-mta/ssmtp[mta] +" +RDEPEND="${DEPEND}" + +S=${WORKDIR}/${P/_} +PATCHES=( + "${FILESDIR}/${P}-fix-crash-on-auth.patch" + "${FILESDIR}/${P}-openssl_1.1.patch" + "${FILESDIR}/${P}-security-fixes.patch" +) + +src_configure() { + tc-export AR + AR="$(which "$AR")" econf \ + --with-table-db \ + --with-user-smtpd=smtpd \ + --with-user-queue=smtpq \ + --with-group-queue=smtpq \ + --with-path-socket=/run \ + --with-path-CAfile=/etc/ssl/certs/ca-certificates.crt \ + --sysconfdir=/etc/opensmtpd \ + $(use_with pam auth-pam) +} + +src_install() { + default + newinitd "${FILESDIR}"/smtpd.initd smtpd + systemd_dounit "${FILESDIR}"/smtpd.{service,socket} + use pam && newpamd "${FILESDIR}"/smtpd.pam smtpd + dosym smtpctl /usr/sbin/makemap + dosym smtpctl /usr/sbin/newaliases + if use mta ; then + dodir /usr/sbin + dosym smtpctl /usr/sbin/sendmail + dosym ../sbin/smtpctl /usr/bin/sendmail + mkdir -p "${ED}"/usr/$(get_libdir) || die + ln -s --relative "${ED}"/usr/sbin/smtpctl "${ED}"/usr/$(get_libdir)/sendmail || die + fi +} diff --git a/mail-mta/opensmtpd/opensmtpd-6.6.2_p1.ebuild b/mail-mta/opensmtpd/opensmtpd-6.6.2_p1.ebuild deleted file mode 100644 index 143540cb4f1c..000000000000 --- a/mail-mta/opensmtpd/opensmtpd-6.6.2_p1.ebuild +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit pam systemd - -DESCRIPTION="Lightweight but featured SMTP daemon from OpenBSD" -HOMEPAGE="https://www.opensmtpd.org" -SRC_URI="https://www.opensmtpd.org/archives/${P/_}.tar.gz" - -LICENSE="ISC BSD BSD-1 BSD-2 BSD-4" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" -IUSE="libressl pam +mta" - -DEPEND=" - acct-user/smtpd - acct-user/smtpq - !libressl? ( >=dev-libs/openssl-1.1:0= ) - libressl? ( dev-libs/libressl:0= ) - elibc_musl? ( sys-libs/fts-standalone ) - sys-libs/zlib - pam? ( sys-libs/pam ) - sys-libs/db:= - dev-libs/libevent - app-misc/ca-certificates - net-mail/mailbase - net-libs/libasr - !mail-mta/courier - !mail-mta/esmtp - !mail-mta/exim - !mail-mta/mini-qmail - !mail-mta/msmtp[mta] - !mail-mta/netqmail - !mail-mta/nullmailer - !mail-mta/postfix - !mail-mta/qmail-ldap - !mail-mta/sendmail - !mail-mta/ssmtp[mta] -" -RDEPEND="${DEPEND}" - -S=${WORKDIR}/${P/_} - -src_configure() { - econf \ - --sysconfdir=/etc/smtpd \ - --with-path-mbox=/var/spool/mail \ - --with-path-empty=/var/empty \ - --with-path-socket=/run \ - --with-path-CAfile=/etc/ssl/certs/ca-certificates.crt \ - --with-user-smtpd=smtpd \ - --with-user-queue=smtpq \ - --with-group-queue=smtpq \ - $(use_with pam auth-pam) -} - -src_install() { - default - newinitd "${FILESDIR}"/smtpd.initd smtpd - systemd_dounit "${FILESDIR}"/smtpd.{service,socket} - use pam && newpamd "${FILESDIR}"/smtpd.pam smtpd - dosym smtpctl /usr/sbin/makemap - dosym smtpctl /usr/sbin/newaliases - if use mta ; then - dodir /usr/sbin - dosym smtpctl /usr/sbin/sendmail - dosym ../sbin/smtpctl /usr/bin/sendmail - mkdir -p "${ED}"/usr/$(get_libdir) || die - ln -s --relative "${ED}"/usr/sbin/smtpctl "${ED}"/usr/$(get_libdir)/sendmail || die - fi -} - -pkg_postinst() { - ewarn - ewarn "If you're upgrading from version 6.0, note that the" - ewarn "configuration syntax has changed, and config files" - ewarn "now live in /etc/smtpd instead of /etc/opensmtpd." - ewarn -} diff --git a/mail-mta/opensmtpd/opensmtpd-6.6.4_p1.ebuild b/mail-mta/opensmtpd/opensmtpd-6.6.4_p1.ebuild new file mode 100644 index 000000000000..143540cb4f1c --- /dev/null +++ b/mail-mta/opensmtpd/opensmtpd-6.6.4_p1.ebuild @@ -0,0 +1,81 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit pam systemd + +DESCRIPTION="Lightweight but featured SMTP daemon from OpenBSD" +HOMEPAGE="https://www.opensmtpd.org" +SRC_URI="https://www.opensmtpd.org/archives/${P/_}.tar.gz" + +LICENSE="ISC BSD BSD-1 BSD-2 BSD-4" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" +IUSE="libressl pam +mta" + +DEPEND=" + acct-user/smtpd + acct-user/smtpq + !libressl? ( >=dev-libs/openssl-1.1:0= ) + libressl? ( dev-libs/libressl:0= ) + elibc_musl? ( sys-libs/fts-standalone ) + sys-libs/zlib + pam? ( sys-libs/pam ) + sys-libs/db:= + dev-libs/libevent + app-misc/ca-certificates + net-mail/mailbase + net-libs/libasr + !mail-mta/courier + !mail-mta/esmtp + !mail-mta/exim + !mail-mta/mini-qmail + !mail-mta/msmtp[mta] + !mail-mta/netqmail + !mail-mta/nullmailer + !mail-mta/postfix + !mail-mta/qmail-ldap + !mail-mta/sendmail + !mail-mta/ssmtp[mta] +" +RDEPEND="${DEPEND}" + +S=${WORKDIR}/${P/_} + +src_configure() { + econf \ + --sysconfdir=/etc/smtpd \ + --with-path-mbox=/var/spool/mail \ + --with-path-empty=/var/empty \ + --with-path-socket=/run \ + --with-path-CAfile=/etc/ssl/certs/ca-certificates.crt \ + --with-user-smtpd=smtpd \ + --with-user-queue=smtpq \ + --with-group-queue=smtpq \ + $(use_with pam auth-pam) +} + +src_install() { + default + newinitd "${FILESDIR}"/smtpd.initd smtpd + systemd_dounit "${FILESDIR}"/smtpd.{service,socket} + use pam && newpamd "${FILESDIR}"/smtpd.pam smtpd + dosym smtpctl /usr/sbin/makemap + dosym smtpctl /usr/sbin/newaliases + if use mta ; then + dodir /usr/sbin + dosym smtpctl /usr/sbin/sendmail + dosym ../sbin/smtpctl /usr/bin/sendmail + mkdir -p "${ED}"/usr/$(get_libdir) || die + ln -s --relative "${ED}"/usr/sbin/smtpctl "${ED}"/usr/$(get_libdir)/sendmail || die + fi +} + +pkg_postinst() { + ewarn + ewarn "If you're upgrading from version 6.0, note that the" + ewarn "configuration syntax has changed, and config files" + ewarn "now live in /etc/smtpd instead of /etc/opensmtpd." + ewarn +} -- cgit v1.2.3-65-gdbad