diff options
author | Tobias Geerinckx-Rice <me@tobias.gr> | 2020-01-29 22:42:12 +0100 |
---|---|---|
committer | Tobias Geerinckx-Rice <me@tobias.gr> | 2020-01-29 22:47:00 +0100 |
commit | 0d486909083c98d7c75cdfc027f89e69f9bf8f48 (patch) | |
tree | b088f6c01c0196db3062e15bbce2856c3b199498 | |
parent | 7c73da9907ac452f9a1cd8a8023077e9f79b6005 (diff) | |
download | guix-0d486909083c98d7c75cdfc027f89e69f9bf8f48.tar.gz guix-0d486909083c98d7c75cdfc027f89e69f9bf8f48.zip |
gnu: opensmtpd-next: Promote to opensmtpd [fixes CVE-2020-7247].
It's still unclear (to me) whether our opensmtpd package is affected,
but this change has been delayed for long enough in any case.
* gnu/packages/mail.scm (opensmtpd-next): Rename to…
(opensmtpd): …this.
* gnu/packages/patches/opensmtpd-fix-crash.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/mail.scm | 66 | ||||
-rw-r--r-- | gnu/packages/patches/opensmtpd-fix-crash.patch | 44 |
3 files changed, 0 insertions, 111 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index bc011c09fb..aa8e6e0d0d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1235,7 +1235,6 @@ dist_patch_DATA = \ %D%/packages/patches/openjdk-10-idlj-reproducibility.patch \ %D%/packages/patches/openmpi-mtl-priorities.patch \ %D%/packages/patches/openocd-nrf52.patch \ - %D%/packages/patches/opensmtpd-fix-crash.patch \ %D%/packages/patches/openssl-runpath.patch \ %D%/packages/patches/openssl-1.1-c-rehash-in.patch \ %D%/packages/patches/openssl-c-rehash-in.patch \ diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index aa37c4e38c..0538342977 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -2301,72 +2301,6 @@ transfer protocols.") (define-public opensmtpd (package (name "opensmtpd") - (version "6.0.3p1") - (source (origin - (method url-fetch) - (uri (string-append "https://www.opensmtpd.org/archives/" - name "-" version ".tar.gz")) - (sha256 - (base32 - "10bsfsnlg9d9i6l2izdnxp05s3ri8fvwzqxvx1jmarc852382619")) - ;; Fixed upstream: <github.com/OpenSMTPD/OpenSMTPD/pull/835>. - (patches (search-patches "opensmtpd-fix-crash.patch")))) - (build-system gnu-build-system) - (inputs - `(("bdb" ,bdb) - ("libressl" ,libressl) - ("libevent" ,libevent) - ("libasr" ,libasr) - ("linux-pam" ,linux-pam) - ("zlib" ,zlib))) - (native-inputs - `(("bison" ,bison) - ("groff" ,groff))) - (arguments - `(#:configure-flags - (list "--with-table-db" "--with-auth-pam" "--localstatedir=/var" - "--with-user-smtpd=smtpd" "--with-user-queue=smtpq" - "--with-group-queue=smtpq" - "--with-path-socket=/var/run" ; not default (./configure lies) - "--with-path-CAfile=/etc/ssl/certs/ca-certificates.crt") - #:phases - (modify-phases %standard-phases - ;; Fix some incorrectly hard-coded external tool file names. - (add-after 'unpack 'patch-FHS-file-names - (lambda _ - (substitute* "smtpd/smtpctl.c" - (("/bin/cat") (which "cat")) - (("/bin/sh") (which "sh"))) - #t)) - ;; OpenSMTPD provides a single utility smtpctl to control the daemon and - ;; the local submission subsystem. To accomodate systems that require - ;; historical interfaces such as sendmail, newaliases or makemap, the - ;; smtpctl utility can operate in compatibility mode if called with the - ;; historical name. - (add-after 'install 'install-compability-links - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (sbin (string-append out "/sbin/"))) - (for-each (lambda (command) - (symlink "smtpctl" (string-append sbin command))) - '("makemap" "sendmail" "send-mail" - "newaliases" "mailq"))) - #t))))) - (synopsis "Lightweight SMTP daemon") - (description - "OpenSMTPD is an implementation of the server-side SMTP protocol, with -some additional standard extensions. It allows ordinary machines to exchange -e-mails with other systems speaking the SMTP protocol.") - (home-page "https://www.opensmtpd.org") - (license (list bsd-2 bsd-3 bsd-4 (non-copyleft "file://COPYING") - public-domain isc license:openssl)))) - -;; OpenSMTPd 6.4 introduced a new and incompatible configuration file format. -;; Use a different name, for now, to avoid auto-upgrades and broken mail boxes. -;; OPENSMTP-CONFIGURATION in (gnu services mail) will also need an overhaul. -(define-public opensmtpd-next - (package - (name "opensmtpd-next") (version "6.6.2p1") (source (origin diff --git a/gnu/packages/patches/opensmtpd-fix-crash.patch b/gnu/packages/patches/opensmtpd-fix-crash.patch deleted file mode 100644 index 0030167533..0000000000 --- a/gnu/packages/patches/opensmtpd-fix-crash.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001 -From: johannes <johannes.brechtmann@gmail.com> -Date: Wed, 21 Feb 2018 23:57:11 +0100 -Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL - check - ---- - openbsd-compat/crypt_checkpass.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c -index dafd2dae..d10b3a57 100644 ---- a/openbsd-compat/crypt_checkpass.c -+++ b/openbsd-compat/crypt_checkpass.c -@@ -1,5 +1,6 @@ - /* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */ - -+#include "includes.h" - #include <errno.h> - #ifdef HAVE_CRYPT_H - #include <crypt.h> -@@ -10,6 +11,8 @@ - int - crypt_checkpass(const char *pass, const char *goodhash) - { -+ char *c; -+ - if (goodhash == NULL) - goto fail; - -@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash) - if (strlen(goodhash) == 0 && strlen(pass) == 0) - return 0; - -- if (strcmp(crypt(pass, goodhash), goodhash) == 0) -+ c = crypt(pass, goodhash); -+ if (c == NULL) -+ goto fail; -+ -+ if (strcmp(c, goodhash) == 0) - return 0; - - fail: - |