summary refs log tree commit diff
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2020-01-29 22:42:12 +0100
committerTobias Geerinckx-Rice <me@tobias.gr>2020-01-29 22:47:00 +0100
commit0d486909083c98d7c75cdfc027f89e69f9bf8f48 (patch)
treeb088f6c01c0196db3062e15bbce2856c3b199498
parent7c73da9907ac452f9a1cd8a8023077e9f79b6005 (diff)
downloadguix-0d486909083c98d7c75cdfc027f89e69f9bf8f48.tar.gz
gnu: opensmtpd-next: Promote to opensmtpd [fixes CVE-2020-7247].
It's still unclear (to me) whether our opensmtpd package is affected,
but this change has been delayed for long enough in any case.

* gnu/packages/mail.scm (opensmtpd-next): Rename to…
(opensmtpd): …this.
* gnu/packages/patches/opensmtpd-fix-crash.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/mail.scm66
-rw-r--r--gnu/packages/patches/opensmtpd-fix-crash.patch44
3 files changed, 0 insertions, 111 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index bc011c09fb..aa8e6e0d0d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1235,7 +1235,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/openjdk-10-idlj-reproducibility.patch	\
   %D%/packages/patches/openmpi-mtl-priorities.patch		\
   %D%/packages/patches/openocd-nrf52.patch			\
-  %D%/packages/patches/opensmtpd-fix-crash.patch		\
   %D%/packages/patches/openssl-runpath.patch			\
   %D%/packages/patches/openssl-1.1-c-rehash-in.patch		\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index aa37c4e38c..0538342977 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -2301,72 +2301,6 @@ transfer protocols.")
 (define-public opensmtpd
   (package
     (name "opensmtpd")
-    (version "6.0.3p1")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "https://www.opensmtpd.org/archives/"
-                                  name "-" version ".tar.gz"))
-              (sha256
-               (base32
-                "10bsfsnlg9d9i6l2izdnxp05s3ri8fvwzqxvx1jmarc852382619"))
-              ;; Fixed upstream: <github.com/OpenSMTPD/OpenSMTPD/pull/835>.
-              (patches (search-patches "opensmtpd-fix-crash.patch"))))
-    (build-system gnu-build-system)
-    (inputs
-     `(("bdb" ,bdb)
-       ("libressl" ,libressl)
-       ("libevent" ,libevent)
-       ("libasr" ,libasr)
-       ("linux-pam" ,linux-pam)
-       ("zlib" ,zlib)))
-    (native-inputs
-     `(("bison" ,bison)
-       ("groff" ,groff)))
-    (arguments
-     `(#:configure-flags
-       (list "--with-table-db" "--with-auth-pam" "--localstatedir=/var"
-             "--with-user-smtpd=smtpd" "--with-user-queue=smtpq"
-             "--with-group-queue=smtpq"
-             "--with-path-socket=/var/run" ; not default (./configure lies)
-             "--with-path-CAfile=/etc/ssl/certs/ca-certificates.crt")
-       #:phases
-       (modify-phases %standard-phases
-         ;; Fix some incorrectly hard-coded external tool file names.
-         (add-after 'unpack 'patch-FHS-file-names
-           (lambda _
-             (substitute* "smtpd/smtpctl.c"
-               (("/bin/cat") (which "cat"))
-               (("/bin/sh") (which "sh")))
-             #t))
-         ;; OpenSMTPD provides a single utility smtpctl to control the daemon and
-         ;; the local submission subsystem.  To accomodate systems that require
-         ;; historical interfaces such as sendmail, newaliases or makemap, the
-         ;; smtpctl utility can operate in compatibility mode if called with the
-         ;; historical name.
-         (add-after 'install 'install-compability-links
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let* ((out  (assoc-ref outputs "out"))
-                    (sbin (string-append out "/sbin/")))
-               (for-each (lambda (command)
-                           (symlink "smtpctl" (string-append sbin command)))
-                         '("makemap" "sendmail" "send-mail"
-                           "newaliases" "mailq")))
-             #t)))))
-    (synopsis "Lightweight SMTP daemon")
-    (description
-     "OpenSMTPD is an implementation of the server-side SMTP protocol, with
-some additional standard extensions.  It allows ordinary machines to exchange
-e-mails with other systems speaking the SMTP protocol.")
-    (home-page "https://www.opensmtpd.org")
-    (license (list bsd-2 bsd-3 bsd-4 (non-copyleft "file://COPYING")
-                   public-domain isc license:openssl))))
-
-;; OpenSMTPd 6.4 introduced a new and incompatible configuration file format.
-;; Use a different name, for now, to avoid auto-upgrades and broken mail boxes.
-;; OPENSMTP-CONFIGURATION in (gnu services mail) will also need an overhaul.
-(define-public opensmtpd-next
-  (package
-    (name "opensmtpd-next")
     (version "6.6.2p1")
     (source
      (origin
diff --git a/gnu/packages/patches/opensmtpd-fix-crash.patch b/gnu/packages/patches/opensmtpd-fix-crash.patch
deleted file mode 100644
index 0030167533..0000000000
--- a/gnu/packages/patches/opensmtpd-fix-crash.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001
-From: johannes <johannes.brechtmann@gmail.com>
-Date: Wed, 21 Feb 2018 23:57:11 +0100
-Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL
- check
-
----
- openbsd-compat/crypt_checkpass.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c
-index dafd2dae..d10b3a57 100644
---- a/openbsd-compat/crypt_checkpass.c
-+++ b/openbsd-compat/crypt_checkpass.c
-@@ -1,5 +1,6 @@
- /* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */
- 
-+#include "includes.h"
- #include <errno.h>
- #ifdef HAVE_CRYPT_H
- #include <crypt.h>
-@@ -10,6 +11,8 @@
- int
- crypt_checkpass(const char *pass, const char *goodhash)
- {
-+	char *c;
-+
- 	if (goodhash == NULL)
- 		goto fail;
- 
-@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash)
- 	if (strlen(goodhash) == 0 && strlen(pass) == 0)
- 		return 0;
- 
--	if (strcmp(crypt(pass, goodhash), goodhash) == 0)
-+	c = crypt(pass, goodhash);
-+	if (c == NULL)
-+		goto fail;
-+
-+	if (strcmp(c, goodhash) == 0)
- 		return 0;
- 
- fail:
-