[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
branch master updated: gnu: opensmtpd-next: Promote to opensmtpd [fixes
|
From: |
guix-commits |
|
Subject: |
branch master updated: gnu: opensmtpd-next: Promote to opensmtpd [fixes CVE-2020-7247]. |
|
Date: |
Wed, 29 Jan 2020 16:48:30 -0500 |
This is an automated email from the git hooks/post-receive script.
nckx pushed a commit to branch master
in repository guix.
The following commit(s) were added to refs/heads/master by this push:
new 0d48690 gnu: opensmtpd-next: Promote to opensmtpd [fixes
CVE-2020-7247].
0d48690 is described below
commit 0d486909083c98d7c75cdfc027f89e69f9bf8f48
Author: Tobias Geerinckx-Rice <address@hidden>
AuthorDate: Wed Jan 29 22:42:12 2020 +0100
gnu: opensmtpd-next: Promote to opensmtpd [fixes CVE-2020-7247].
It's still unclear (to me) whether our opensmtpd package is affected,
but this change has been delayed for long enough in any case.
* gnu/packages/mail.scm (opensmtpd-next): Rename to…
(opensmtpd): …this.
* gnu/packages/patches/opensmtpd-fix-crash.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
gnu/packages/mail.scm | 66 --------------------------
gnu/packages/patches/opensmtpd-fix-crash.patch | 44 -----------------
3 files changed, 111 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index bc011c0..aa8e6e0 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1235,7 +1235,6 @@ dist_patch_DATA =
\
%D%/packages/patches/openjdk-10-idlj-reproducibility.patch \
%D%/packages/patches/openmpi-mtl-priorities.patch \
%D%/packages/patches/openocd-nrf52.patch \
- %D%/packages/patches/opensmtpd-fix-crash.patch \
%D%/packages/patches/openssl-runpath.patch \
%D%/packages/patches/openssl-1.1-c-rehash-in.patch \
%D%/packages/patches/openssl-c-rehash-in.patch \
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index aa37c4e..0538342 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -2301,72 +2301,6 @@ transfer protocols.")
(define-public opensmtpd
(package
(name "opensmtpd")
- (version "6.0.3p1")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://www.opensmtpd.org/archives/";
- name "-" version ".tar.gz"))
- (sha256
- (base32
- "10bsfsnlg9d9i6l2izdnxp05s3ri8fvwzqxvx1jmarc852382619"))
- ;; Fixed upstream: <github.com/OpenSMTPD/OpenSMTPD/pull/835>.
- (patches (search-patches "opensmtpd-fix-crash.patch"))))
- (build-system gnu-build-system)
- (inputs
- `(("bdb" ,bdb)
- ("libressl" ,libressl)
- ("libevent" ,libevent)
- ("libasr" ,libasr)
- ("linux-pam" ,linux-pam)
- ("zlib" ,zlib)))
- (native-inputs
- `(("bison" ,bison)
- ("groff" ,groff)))
- (arguments
- `(#:configure-flags
- (list "--with-table-db" "--with-auth-pam" "--localstatedir=/var"
- "--with-user-smtpd=smtpd" "--with-user-queue=smtpq"
- "--with-group-queue=smtpq"
- "--with-path-socket=/var/run" ; not default (./configure lies)
- "--with-path-CAfile=/etc/ssl/certs/ca-certificates.crt")
- #:phases
- (modify-phases %standard-phases
- ;; Fix some incorrectly hard-coded external tool file names.
- (add-after 'unpack 'patch-FHS-file-names
- (lambda _
- (substitute* "smtpd/smtpctl.c"
- (("/bin/cat") (which "cat"))
- (("/bin/sh") (which "sh")))
- #t))
- ;; OpenSMTPD provides a single utility smtpctl to control the daemon
and
- ;; the local submission subsystem. To accomodate systems that require
- ;; historical interfaces such as sendmail, newaliases or makemap, the
- ;; smtpctl utility can operate in compatibility mode if called with
the
- ;; historical name.
- (add-after 'install 'install-compability-links
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (sbin (string-append out "/sbin/")))
- (for-each (lambda (command)
- (symlink "smtpctl" (string-append sbin command)))
- '("makemap" "sendmail" "send-mail"
- "newaliases" "mailq")))
- #t)))))
- (synopsis "Lightweight SMTP daemon")
- (description
- "OpenSMTPD is an implementation of the server-side SMTP protocol, with
-some additional standard extensions. It allows ordinary machines to exchange
-e-mails with other systems speaking the SMTP protocol.")
- (home-page "https://www.opensmtpd.org";)
- (license (list bsd-2 bsd-3 bsd-4 (non-copyleft "file://COPYING")
- public-domain isc license:openssl))))
-
-;; OpenSMTPd 6.4 introduced a new and incompatible configuration file format.
-;; Use a different name, for now, to avoid auto-upgrades and broken mail boxes.
-;; OPENSMTP-CONFIGURATION in (gnu services mail) will also need an overhaul.
-(define-public opensmtpd-next
- (package
- (name "opensmtpd-next")
(version "6.6.2p1")
(source
(origin
diff --git a/gnu/packages/patches/opensmtpd-fix-crash.patch
b/gnu/packages/patches/opensmtpd-fix-crash.patch
deleted file mode 100644
index 0030167..0000000
--- a/gnu/packages/patches/opensmtpd-fix-crash.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001
-From: johannes <address@hidden>
-Date: Wed, 21 Feb 2018 23:57:11 +0100
-Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL
- check
-
----
- openbsd-compat/crypt_checkpass.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/openbsd-compat/crypt_checkpass.c
b/openbsd-compat/crypt_checkpass.c
-index dafd2dae..d10b3a57 100644
---- a/openbsd-compat/crypt_checkpass.c
-+++ b/openbsd-compat/crypt_checkpass.c
-@@ -1,5 +1,6 @@
- /* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */
-
-+#include "includes.h"
- #include <errno.h>
- #ifdef HAVE_CRYPT_H
- #include <crypt.h>
-@@ -10,6 +11,8 @@
- int
- crypt_checkpass(const char *pass, const char *goodhash)
- {
-+ char *c;
-+
- if (goodhash == NULL)
- goto fail;
-
-@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash)
- if (strlen(goodhash) == 0 && strlen(pass) == 0)
- return 0;
-
-- if (strcmp(crypt(pass, goodhash), goodhash) == 0)
-+ c = crypt(pass, goodhash);
-+ if (c == NULL)
-+ goto fail;
-+
-+ if (strcmp(c, goodhash) == 0)
- return 0;
-
- fail:
-
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- branch master updated: gnu: opensmtpd-next: Promote to opensmtpd [fixes CVE-2020-7247].,
guix-commits <=