aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2020-01-29 22:42:12 +0100
committerTobias Geerinckx-Rice <me@tobias.gr>2020-01-29 22:47:00 +0100
commit0d486909083c98d7c75cdfc027f89e69f9bf8f48 (patch)
treeb088f6c01c0196db3062e15bbce2856c3b199498
parent7c73da9907ac452f9a1cd8a8023077e9f79b6005 (diff)
downloadguix-0d486909083c98d7c75cdfc027f89e69f9bf8f48.tar.gz
guix-0d486909083c98d7c75cdfc027f89e69f9bf8f48.zip
gnu: opensmtpd-next: Promote to opensmtpd [fixes CVE-2020-7247].
It's still unclear (to me) whether our opensmtpd package is affected, but this change has been delayed for long enough in any case. * gnu/packages/mail.scm (opensmtpd-next): Rename to… (opensmtpd): …this. * gnu/packages/patches/opensmtpd-fix-crash.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/mail.scm66
-rw-r--r--gnu/packages/patches/opensmtpd-fix-crash.patch44
3 files changed, 0 insertions, 111 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index bc011c09fb..aa8e6e0d0d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1235,7 +1235,6 @@ dist_patch_DATA = \
%D%/packages/patches/openjdk-10-idlj-reproducibility.patch \
%D%/packages/patches/openmpi-mtl-priorities.patch \
%D%/packages/patches/openocd-nrf52.patch \
- %D%/packages/patches/opensmtpd-fix-crash.patch \
%D%/packages/patches/openssl-runpath.patch \
%D%/packages/patches/openssl-1.1-c-rehash-in.patch \
%D%/packages/patches/openssl-c-rehash-in.patch \
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index aa37c4e38c..0538342977 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -2301,72 +2301,6 @@ transfer protocols.")
(define-public opensmtpd
(package
(name "opensmtpd")
- (version "6.0.3p1")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://www.opensmtpd.org/archives/"
- name "-" version ".tar.gz"))
- (sha256
- (base32
- "10bsfsnlg9d9i6l2izdnxp05s3ri8fvwzqxvx1jmarc852382619"))
- ;; Fixed upstream: <github.com/OpenSMTPD/OpenSMTPD/pull/835>.
- (patches (search-patches "opensmtpd-fix-crash.patch"))))
- (build-system gnu-build-system)
- (inputs
- `(("bdb" ,bdb)
- ("libressl" ,libressl)
- ("libevent" ,libevent)
- ("libasr" ,libasr)
- ("linux-pam" ,linux-pam)
- ("zlib" ,zlib)))
- (native-inputs
- `(("bison" ,bison)
- ("groff" ,groff)))
- (arguments
- `(#:configure-flags
- (list "--with-table-db" "--with-auth-pam" "--localstatedir=/var"
- "--with-user-smtpd=smtpd" "--with-user-queue=smtpq"
- "--with-group-queue=smtpq"
- "--with-path-socket=/var/run" ; not default (./configure lies)
- "--with-path-CAfile=/etc/ssl/certs/ca-certificates.crt")
- #:phases
- (modify-phases %standard-phases
- ;; Fix some incorrectly hard-coded external tool file names.
- (add-after 'unpack 'patch-FHS-file-names
- (lambda _
- (substitute* "smtpd/smtpctl.c"
- (("/bin/cat") (which "cat"))
- (("/bin/sh") (which "sh")))
- #t))
- ;; OpenSMTPD provides a single utility smtpctl to control the daemon and
- ;; the local submission subsystem. To accomodate systems that require
- ;; historical interfaces such as sendmail, newaliases or makemap, the
- ;; smtpctl utility can operate in compatibility mode if called with the
- ;; historical name.
- (add-after 'install 'install-compability-links
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (sbin (string-append out "/sbin/")))
- (for-each (lambda (command)
- (symlink "smtpctl" (string-append sbin command)))
- '("makemap" "sendmail" "send-mail"
- "newaliases" "mailq")))
- #t)))))
- (synopsis "Lightweight SMTP daemon")
- (description
- "OpenSMTPD is an implementation of the server-side SMTP protocol, with
-some additional standard extensions. It allows ordinary machines to exchange
-e-mails with other systems speaking the SMTP protocol.")
- (home-page "https://www.opensmtpd.org")
- (license (list bsd-2 bsd-3 bsd-4 (non-copyleft "file://COPYING")
- public-domain isc license:openssl))))
-
-;; OpenSMTPd 6.4 introduced a new and incompatible configuration file format.
-;; Use a different name, for now, to avoid auto-upgrades and broken mail boxes.
-;; OPENSMTP-CONFIGURATION in (gnu services mail) will also need an overhaul.
-(define-public opensmtpd-next
- (package
- (name "opensmtpd-next")
(version "6.6.2p1")
(source
(origin
diff --git a/gnu/packages/patches/opensmtpd-fix-crash.patch b/gnu/packages/patches/opensmtpd-fix-crash.patch
deleted file mode 100644
index 0030167533..0000000000
--- a/gnu/packages/patches/opensmtpd-fix-crash.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001
-From: johannes <johannes.brechtmann@gmail.com>
-Date: Wed, 21 Feb 2018 23:57:11 +0100
-Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL
- check
-
----
- openbsd-compat/crypt_checkpass.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c
-index dafd2dae..d10b3a57 100644
---- a/openbsd-compat/crypt_checkpass.c
-+++ b/openbsd-compat/crypt_checkpass.c
-@@ -1,5 +1,6 @@
- /* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */
-
-+#include "includes.h"
- #include <errno.h>
- #ifdef HAVE_CRYPT_H
- #include <crypt.h>
-@@ -10,6 +11,8 @@
- int
- crypt_checkpass(const char *pass, const char *goodhash)
- {
-+ char *c;
-+
- if (goodhash == NULL)
- goto fail;
-
-@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash)
- if (strlen(goodhash) == 0 && strlen(pass) == 0)
- return 0;
-
-- if (strcmp(crypt(pass, goodhash), goodhash) == 0)
-+ c = crypt(pass, goodhash);
-+ if (c == NULL)
-+ goto fail;
-+
-+ if (strcmp(c, goodhash) == 0)
- return 0;
-
- fail:
-