1 |
commit: ea5bd9d4206b4e0c2c75a03337509e0d6d72ef51 |
2 |
Author: Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Mar 7 00:30:24 2020 +0000 |
4 |
Commit: Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Mar 7 00:32:31 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea5bd9d4 |
7 |
|
8 |
mail-mta/opensmtpd: remove ancient ~6.0.3_p1 version |
9 |
|
10 |
Closes: https://bugs.gentoo.org/710754 |
11 |
Package-Manager: Portage-2.3.88, Repoman-2.3.20 |
12 |
Signed-off-by: Jason A. Donenfeld <zx2c4 <AT> gentoo.org> |
13 |
|
14 |
mail-mta/opensmtpd/Manifest | 1 - |
15 |
.../opensmtpd-6.0.3_p1-fix-crash-on-auth.patch | 43 -- |
16 |
.../files/opensmtpd-6.0.3_p1-openssl_1.1.patch | 722 --------------------- |
17 |
.../files/opensmtpd-6.0.3_p1-security-fixes.patch | 123 ---- |
18 |
mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r3.ebuild | 78 --- |
19 |
profiles/package.mask | 8 - |
20 |
6 files changed, 975 deletions(-) |
21 |
|
22 |
diff --git a/mail-mta/opensmtpd/Manifest b/mail-mta/opensmtpd/Manifest |
23 |
index 0c001fb94e6..ef56b7e6d94 100644 |
24 |
--- a/mail-mta/opensmtpd/Manifest |
25 |
+++ b/mail-mta/opensmtpd/Manifest |
26 |
@@ -1,2 +1 @@ |
27 |
-DIST opensmtpd-6.0.3p1.tar.gz 699702 BLAKE2B 49f08e8329adc049a562b6ef7efa4c0a39cbcfe8a158cb905cfc726a7302ffe9833ccfb52041340767d55d0f2ae2087e8eac92b7359016c6c76b4d963a334558 SHA512 e579818a0ddbe637deb5a4e40f43eaf797783903ceac18fd89a57581b135b9e407d424e1a70ff7b4b06a0ee50bafb6e8ab2451371917887904b06ff1b55d320f |
28 |
DIST opensmtpd-6.6.4p1.tar.gz 790754 BLAKE2B 18cc19569ae764eff3d672cbfb87df7bd00afcce93705ad128e935c0a47a246c3a6166fca7b6f844c0dd5e728492d8aeb7e0f8a8c1f5a756bf356ae9afb80852 SHA512 267307c91f4fcf21624b0897dfb1f5638b77da7b8d9a02211d734ed2cc5bd39ea7542ae7f200255e2945518fbe7609a0e5aa4e5c6dcb8146014f08b3845c108b |
29 |
|
30 |
diff --git a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-fix-crash-on-auth.patch b/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-fix-crash-on-auth.patch |
31 |
deleted file mode 100644 |
32 |
index c20b5e0a0ef..00000000000 |
33 |
--- a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-fix-crash-on-auth.patch |
34 |
+++ /dev/null |
35 |
@@ -1,43 +0,0 @@ |
36 |
-From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001 |
37 |
-From: johannes <johannes.brechtmann@×××××.com> |
38 |
-Date: Wed, 21 Feb 2018 23:57:11 +0100 |
39 |
-Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL |
40 |
- check |
41 |
- |
42 |
---- |
43 |
- openbsd-compat/crypt_checkpass.c | 9 ++++++++- |
44 |
- 1 file changed, 8 insertions(+), 1 deletion(-) |
45 |
- |
46 |
-diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c |
47 |
-index dafd2dae..d10b3a57 100644 |
48 |
---- a/openbsd-compat/crypt_checkpass.c |
49 |
-+++ b/openbsd-compat/crypt_checkpass.c |
50 |
-@@ -1,5 +1,6 @@ |
51 |
- /* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */ |
52 |
- |
53 |
-+#include "includes.h" |
54 |
- #include <errno.h> |
55 |
- #ifdef HAVE_CRYPT_H |
56 |
- #include <crypt.h> |
57 |
-@@ -10,6 +11,8 @@ |
58 |
- int |
59 |
- crypt_checkpass(const char *pass, const char *goodhash) |
60 |
- { |
61 |
-+ char *c; |
62 |
-+ |
63 |
- if (goodhash == NULL) |
64 |
- goto fail; |
65 |
- |
66 |
-@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash) |
67 |
- if (strlen(goodhash) == 0 && strlen(pass) == 0) |
68 |
- return 0; |
69 |
- |
70 |
-- if (strcmp(crypt(pass, goodhash), goodhash) == 0) |
71 |
-+ c = crypt(pass, goodhash); |
72 |
-+ if (c == NULL) |
73 |
-+ goto fail; |
74 |
-+ |
75 |
-+ if (strcmp(c, goodhash) == 0) |
76 |
- return 0; |
77 |
- |
78 |
- fail: |
79 |
|
80 |
diff --git a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-openssl_1.1.patch b/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-openssl_1.1.patch |
81 |
deleted file mode 100644 |
82 |
index 40a62ae9251..00000000000 |
83 |
--- a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-openssl_1.1.patch |
84 |
+++ /dev/null |
85 |
@@ -1,722 +0,0 @@ |
86 |
-Description: Enable support for OpenSSL 1.1 |
87 |
-Author: Sebastian Andrzej Siewior <sebastian@××××××××××.cc> |
88 |
- Ryan Kavanagh <rak@××××××.org> |
89 |
-Origin: Debian |
90 |
-Bug: https://github.com/OpenSMTPD/OpenSMTPD/issues/738 |
91 |
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859544 |
92 |
-Forwarded: https://github.com/OpenSMTPD/OpenSMTPD/pull/825 |
93 |
-Last-Update: 2018-03-18 |
94 |
---- |
95 |
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ |
96 |
-diff --git a/openbsd-compat/libressl.c b/openbsd-compat/libressl.c |
97 |
-index f4f2b52e..d06e006f 100644 |
98 |
---- a/openbsd-compat/libressl.c |
99 |
-+++ b/openbsd-compat/libressl.c |
100 |
-@@ -81,14 +81,14 @@ SSL_CTX_use_certificate_chain(SSL_CTX *ctx, char *buf, off_t len) |
101 |
- x = ca = NULL; |
102 |
- |
103 |
- if ((in = BIO_new_mem_buf(buf, len)) == NULL) { |
104 |
-- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); |
105 |
-+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); |
106 |
- goto end; |
107 |
- } |
108 |
- |
109 |
- if ((x = PEM_read_bio_X509(in, NULL, |
110 |
-- ctx->default_passwd_callback, |
111 |
-- ctx->default_passwd_callback_userdata)) == NULL) { |
112 |
-- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); |
113 |
-+ SSL_CTX_get_default_passwd_cb(ctx), |
114 |
-+ SSL_CTX_get_default_passwd_cb_userdata(ctx))) == NULL) { |
115 |
-+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB); |
116 |
- goto end; |
117 |
- } |
118 |
- |
119 |
-@@ -99,14 +99,11 @@ SSL_CTX_use_certificate_chain(SSL_CTX *ctx, char *buf, off_t len) |
120 |
- * the CA certificates. |
121 |
- */ |
122 |
- |
123 |
-- if (ctx->extra_certs != NULL) { |
124 |
-- sk_X509_pop_free(ctx->extra_certs, X509_free); |
125 |
-- ctx->extra_certs = NULL; |
126 |
-- } |
127 |
-+ SSL_CTX_clear_extra_chain_certs(ctx); |
128 |
- |
129 |
- while ((ca = PEM_read_bio_X509(in, NULL, |
130 |
-- ctx->default_passwd_callback, |
131 |
-- ctx->default_passwd_callback_userdata)) != NULL) { |
132 |
-+ SSL_CTX_get_default_passwd_cb(ctx), |
133 |
-+ SSL_CTX_get_default_passwd_cb_userdata(ctx))) != NULL) { |
134 |
- |
135 |
- if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) |
136 |
- goto end; |
137 |
-diff --git a/smtpd/ca.c b/smtpd/ca.c |
138 |
-index e383c6a1..29a44b9b 100644 |
139 |
---- a/smtpd/ca.c |
140 |
-+++ b/smtpd/ca.c |
141 |
-@@ -170,6 +170,190 @@ ca_verify_cb(int ok, X509_STORE_CTX *ctx) |
142 |
- return ok; |
143 |
- } |
144 |
- |
145 |
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) |
146 |
-+ |
147 |
-+static int RSA_meth_get_flags(RSA_METHOD *meth) |
148 |
-+{ |
149 |
-+ return meth->flags; |
150 |
-+} |
151 |
-+ |
152 |
-+static int RSA_meth_set_flags(RSA_METHOD *meth, int flags) |
153 |
-+{ |
154 |
-+ meth->flags = flags; |
155 |
-+ return 1; |
156 |
-+} |
157 |
-+ |
158 |
-+static void *RSA_meth_get0_app_data(const RSA_METHOD *meth) |
159 |
-+{ |
160 |
-+ return meth->app_data; |
161 |
-+} |
162 |
-+ |
163 |
-+static int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data) |
164 |
-+{ |
165 |
-+ meth->app_data = app_data; |
166 |
-+ return 1; |
167 |
-+} |
168 |
-+ |
169 |
-+static int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) |
170 |
-+(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) |
171 |
-+{ |
172 |
-+ return meth->rsa_pub_enc; |
173 |
-+} |
174 |
-+ |
175 |
-+static int RSA_meth_set_pub_enc(RSA_METHOD *meth, |
176 |
-+ int (*pub_enc) (int flen, const unsigned char *from, |
177 |
-+ unsigned char *to, RSA *rsa, |
178 |
-+ int padding)) |
179 |
-+{ |
180 |
-+ meth->rsa_pub_enc = pub_enc; |
181 |
-+ return 1; |
182 |
-+} |
183 |
-+ |
184 |
-+static int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) |
185 |
-+(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) |
186 |
-+{ |
187 |
-+ return meth->rsa_pub_dec; |
188 |
-+} |
189 |
-+ |
190 |
-+static int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) |
191 |
-+(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) |
192 |
-+{ |
193 |
-+ return meth->rsa_priv_enc; |
194 |
-+} |
195 |
-+ |
196 |
-+int RSA_meth_set_priv_enc(RSA_METHOD *meth, |
197 |
-+ int (*priv_enc) (int flen, const unsigned char *from, |
198 |
-+ unsigned char *to, RSA *rsa, int padding)) |
199 |
-+{ |
200 |
-+ meth->rsa_priv_enc = priv_enc; |
201 |
-+ return 1; |
202 |
-+} |
203 |
-+ |
204 |
-+static int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) |
205 |
-+(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) |
206 |
-+{ |
207 |
-+ return meth->rsa_priv_dec; |
208 |
-+} |
209 |
-+ |
210 |
-+static int RSA_meth_set_priv_dec(RSA_METHOD *meth, |
211 |
-+ int (*priv_dec) (int flen, const unsigned char *from, |
212 |
-+ unsigned char *to, RSA *rsa, int padding)) |
213 |
-+{ |
214 |
-+ meth->rsa_priv_dec = priv_dec; |
215 |
-+ return 1; |
216 |
-+} |
217 |
-+ |
218 |
-+static int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) |
219 |
-+ (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) |
220 |
-+{ |
221 |
-+ return meth->rsa_mod_exp; |
222 |
-+} |
223 |
-+ |
224 |
-+static int RSA_meth_set_mod_exp(RSA_METHOD *meth, |
225 |
-+ int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)) |
226 |
-+{ |
227 |
-+ meth->rsa_mod_exp = mod_exp; |
228 |
-+ return 1; |
229 |
-+} |
230 |
-+ |
231 |
-+static int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) |
232 |
-+(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) |
233 |
-+{ |
234 |
-+ return meth->bn_mod_exp; |
235 |
-+} |
236 |
-+ |
237 |
-+static int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth, int (*bn_mod_exp) |
238 |
-+ (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, |
239 |
-+ BN_CTX *ctx, BN_MONT_CTX *m_ctx)) |
240 |
-+{ |
241 |
-+ meth->bn_mod_exp = bn_mod_exp; |
242 |
-+ return 1; |
243 |
-+} |
244 |
-+ |
245 |
-+static int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa) |
246 |
-+{ |
247 |
-+ return meth->init; |
248 |
-+} |
249 |
-+ |
250 |
-+static int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa)) |
251 |
-+{ |
252 |
-+ meth->init = init; |
253 |
-+ return 1; |
254 |
-+} |
255 |
-+ |
256 |
-+static int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa) |
257 |
-+{ |
258 |
-+ return meth->finish; |
259 |
-+} |
260 |
-+ |
261 |
-+static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) |
262 |
-+{ |
263 |
-+ meth->finish = finish; |
264 |
-+ return 1; |
265 |
-+} |
266 |
-+ |
267 |
-+static int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) |
268 |
-+ (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) |
269 |
-+{ |
270 |
-+ return meth->rsa_keygen; |
271 |
-+} |
272 |
-+ |
273 |
-+static int RSA_meth_set_keygen(RSA_METHOD *meth, int (*keygen) |
274 |
-+ (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)) |
275 |
-+{ |
276 |
-+ meth->rsa_keygen = keygen; |
277 |
-+ return 1; |
278 |
-+} |
279 |
-+ |
280 |
-+static int (*RSA_meth_get_verify(const RSA_METHOD *meth)) |
281 |
-+ (int dtype, const unsigned char *m, |
282 |
-+ unsigned int m_length, const unsigned char *sigbuf, |
283 |
-+ unsigned int siglen, const RSA *rsa) |
284 |
-+{ |
285 |
-+ if (meth->flags & RSA_FLAG_SIGN_VER) |
286 |
-+ return meth->rsa_verify; |
287 |
-+ return NULL; |
288 |
-+} |
289 |
-+ |
290 |
-+static int (*RSA_meth_get_sign(const RSA_METHOD *meth)) |
291 |
-+ (int type, |
292 |
-+ const unsigned char *m, unsigned int m_length, |
293 |
-+ unsigned char *sigret, unsigned int *siglen, |
294 |
-+ const RSA *rsa) |
295 |
-+{ |
296 |
-+ if (meth->flags & RSA_FLAG_SIGN_VER) |
297 |
-+ return meth->rsa_sign; |
298 |
-+ return NULL; |
299 |
-+} |
300 |
-+ |
301 |
-+static int RSA_meth_set_pub_dec(RSA_METHOD *meth, |
302 |
-+ int (*pub_dec) (int flen, const unsigned char *from, |
303 |
-+ unsigned char *to, RSA *rsa, int padding)) |
304 |
-+{ |
305 |
-+ meth->rsa_pub_dec = pub_dec; |
306 |
-+ return 1; |
307 |
-+} |
308 |
-+ |
309 |
-+static RSA_METHOD *RSA_meth_new(const char *name, int flags) |
310 |
-+{ |
311 |
-+ RSA_METHOD *meth = malloc(sizeof(*meth)); |
312 |
-+ |
313 |
-+ if (meth != NULL) { |
314 |
-+ memset(meth, 0, sizeof(*meth)); |
315 |
-+ meth->flags = flags; |
316 |
-+ |
317 |
-+ meth->name = strdup(name); |
318 |
-+ if (meth->name != NULL) |
319 |
-+ return meth; |
320 |
-+ |
321 |
-+ free(meth); |
322 |
-+ } |
323 |
-+ |
324 |
-+ return NULL; |
325 |
-+} |
326 |
-+ |
327 |
-+#endif |
328 |
-+ |
329 |
- int |
330 |
- ca_X509_verify(void *certificate, void *chain, const char *CAfile, |
331 |
- const char *CRLfile, const char **errstr) |
332 |
-@@ -201,7 +385,7 @@ end: |
333 |
- *errstr = NULL; |
334 |
- if (ret != 1) { |
335 |
- if (xsc) |
336 |
-- *errstr = X509_verify_cert_error_string(xsc->error); |
337 |
-+ *errstr = X509_verify_cert_error_string(X509_STORE_CTX_get_error(xsc)); |
338 |
- else if (ERR_peek_last_error()) |
339 |
- *errstr = ERR_error_string(ERR_peek_last_error(), NULL); |
340 |
- } |
341 |
-@@ -302,24 +486,9 @@ ca_imsg(struct mproc *p, struct imsg *imsg) |
342 |
- * RSA privsep engine (called from unprivileged processes) |
343 |
- */ |
344 |
- |
345 |
--const RSA_METHOD *rsa_default = NULL; |
346 |
-- |
347 |
--static RSA_METHOD rsae_method = { |
348 |
-- "RSA privsep engine", |
349 |
-- rsae_pub_enc, |
350 |
-- rsae_pub_dec, |
351 |
-- rsae_priv_enc, |
352 |
-- rsae_priv_dec, |
353 |
-- rsae_mod_exp, |
354 |
-- rsae_bn_mod_exp, |
355 |
-- rsae_init, |
356 |
-- rsae_finish, |
357 |
-- 0, |
358 |
-- NULL, |
359 |
-- NULL, |
360 |
-- NULL, |
361 |
-- rsae_keygen |
362 |
--}; |
363 |
-+static const RSA_METHOD *rsa_default = NULL; |
364 |
-+ |
365 |
-+static const char *rsae_method_name = "RSA privsep engine"; |
366 |
- |
367 |
- static int |
368 |
- rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to, |
369 |
-@@ -404,7 +573,7 @@ rsae_pub_enc(int flen,const unsigned char *from, unsigned char *to, RSA *rsa, |
370 |
- int padding) |
371 |
- { |
372 |
- log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); |
373 |
-- return (rsa_default->rsa_pub_enc(flen, from, to, rsa, padding)); |
374 |
-+ return (RSA_meth_get_pub_enc(rsa_default)(flen, from, to, rsa, padding)); |
375 |
- } |
376 |
- |
377 |
- static int |
378 |
-@@ -412,7 +581,7 @@ rsae_pub_dec(int flen,const unsigned char *from, unsigned char *to, RSA *rsa, |
379 |
- int padding) |
380 |
- { |
381 |
- log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); |
382 |
-- return (rsa_default->rsa_pub_dec(flen, from, to, rsa, padding)); |
383 |
-+ return (RSA_meth_get_pub_dec(rsa_default)(flen, from, to, rsa, padding)); |
384 |
- } |
385 |
- |
386 |
- static int |
387 |
-@@ -424,7 +593,7 @@ rsae_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, |
388 |
- return (rsae_send_imsg(flen, from, to, rsa, padding, |
389 |
- IMSG_CA_PRIVENC)); |
390 |
- } |
391 |
-- return (rsa_default->rsa_priv_enc(flen, from, to, rsa, padding)); |
392 |
-+ return (RSA_meth_get_priv_enc(rsa_default)(flen, from, to, rsa, padding)); |
393 |
- } |
394 |
- |
395 |
- static int |
396 |
-@@ -436,14 +605,14 @@ rsae_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, |
397 |
- return (rsae_send_imsg(flen, from, to, rsa, padding, |
398 |
- IMSG_CA_PRIVDEC)); |
399 |
- } |
400 |
-- return (rsa_default->rsa_priv_dec(flen, from, to, rsa, padding)); |
401 |
-+ return (RSA_meth_get_priv_dec(rsa_default)(flen, from, to, rsa, padding)); |
402 |
- } |
403 |
- |
404 |
- static int |
405 |
- rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) |
406 |
- { |
407 |
- log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); |
408 |
-- return (rsa_default->rsa_mod_exp(r0, I, rsa, ctx)); |
409 |
-+ return (RSA_meth_get_mod_exp(rsa_default)(r0, I, rsa, ctx)); |
410 |
- } |
411 |
- |
412 |
- static int |
413 |
-@@ -451,34 +620,36 @@ rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
414 |
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) |
415 |
- { |
416 |
- log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); |
417 |
-- return (rsa_default->bn_mod_exp(r, a, p, m, ctx, m_ctx)); |
418 |
-+ return (RSA_meth_get_bn_mod_exp(rsa_default)(r, a, p, m, ctx, m_ctx)); |
419 |
- } |
420 |
- |
421 |
- static int |
422 |
- rsae_init(RSA *rsa) |
423 |
- { |
424 |
- log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); |
425 |
-- if (rsa_default->init == NULL) |
426 |
-+ if (RSA_meth_get_init(rsa_default) == NULL) |
427 |
- return (1); |
428 |
-- return (rsa_default->init(rsa)); |
429 |
-+ return (RSA_meth_get_init(rsa_default)(rsa)); |
430 |
- } |
431 |
- |
432 |
- static int |
433 |
- rsae_finish(RSA *rsa) |
434 |
- { |
435 |
- log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); |
436 |
-- if (rsa_default->finish == NULL) |
437 |
-+ if (RSA_meth_get_finish(rsa_default) == NULL) |
438 |
- return (1); |
439 |
-- return (rsa_default->finish(rsa)); |
440 |
-+ return (RSA_meth_get_finish(rsa_default)(rsa)); |
441 |
- } |
442 |
- |
443 |
- static int |
444 |
- rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) |
445 |
- { |
446 |
- log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); |
447 |
-- return (rsa_default->rsa_keygen(rsa, bits, e, cb)); |
448 |
-+ return (RSA_meth_get_keygen(rsa_default)(rsa, bits, e, cb)); |
449 |
- } |
450 |
- |
451 |
-+static RSA_METHOD *rsae_method; |
452 |
-+ |
453 |
- void |
454 |
- ca_engine_init(void) |
455 |
- { |
456 |
-@@ -490,7 +661,7 @@ ca_engine_init(void) |
457 |
- errstr = "ENGINE_new"; |
458 |
- goto fail; |
459 |
- } |
460 |
-- if (!ENGINE_set_name(e, rsae_method.name)) { |
461 |
-+ if (!ENGINE_set_name(e, rsae_method_name)) { |
462 |
- errstr = "ENGINE_set_name"; |
463 |
- goto fail; |
464 |
- } |
465 |
-@@ -503,25 +674,58 @@ ca_engine_init(void) |
466 |
- goto fail; |
467 |
- } |
468 |
- |
469 |
-+ rsae_method = RSA_meth_new(rsae_method_name, 0); |
470 |
-+ if (!rsae_method) { |
471 |
-+ errstr = "RSA_meth_new"; |
472 |
-+ goto fail; |
473 |
-+ } |
474 |
-+ |
475 |
- if ((name = ENGINE_get_name(e)) == NULL) |
476 |
- name = "unknown RSA engine"; |
477 |
- |
478 |
- log_debug("debug: %s: using %s", __func__, name); |
479 |
- |
480 |
-- if (rsa_default->flags & RSA_FLAG_SIGN_VER) |
481 |
-+ if (RSA_meth_get_sign(rsa_default) || |
482 |
-+ RSA_meth_get_verify(rsa_default)) |
483 |
- fatalx("unsupported RSA engine"); |
484 |
- |
485 |
-- if (rsa_default->rsa_mod_exp == NULL) |
486 |
-- rsae_method.rsa_mod_exp = NULL; |
487 |
-- if (rsa_default->bn_mod_exp == NULL) |
488 |
-- rsae_method.bn_mod_exp = NULL; |
489 |
-- if (rsa_default->rsa_keygen == NULL) |
490 |
-- rsae_method.rsa_keygen = NULL; |
491 |
-- rsae_method.flags = rsa_default->flags | |
492 |
-- RSA_METHOD_FLAG_NO_CHECK; |
493 |
-- rsae_method.app_data = rsa_default->app_data; |
494 |
-- |
495 |
-- if (!ENGINE_set_RSA(e, &rsae_method)) { |
496 |
-+ errstr = "Setting callback"; |
497 |
-+ if (!RSA_meth_set_pub_enc(rsae_method, rsae_pub_enc)) |
498 |
-+ goto fail; |
499 |
-+ if (!RSA_meth_set_pub_dec(rsae_method, rsae_pub_dec)) |
500 |
-+ goto fail; |
501 |
-+ if (!RSA_meth_set_priv_enc(rsae_method, rsae_priv_enc)) |
502 |
-+ goto fail; |
503 |
-+ if (!RSA_meth_set_priv_dec(rsae_method, rsae_priv_dec)) |
504 |
-+ goto fail; |
505 |
-+ |
506 |
-+ if (RSA_meth_get_mod_exp(rsa_default)) { |
507 |
-+ if (!RSA_meth_set_mod_exp(rsae_method, rsae_mod_exp)) |
508 |
-+ goto fail; |
509 |
-+ } |
510 |
-+ |
511 |
-+ if (RSA_meth_get_bn_mod_exp(rsa_default)) |
512 |
-+ if (!RSA_meth_set_bn_mod_exp(rsae_method, rsae_bn_mod_exp)) |
513 |
-+ goto fail; |
514 |
-+ if (!RSA_meth_set_init(rsae_method, rsae_init)) |
515 |
-+ goto fail; |
516 |
-+ if (!RSA_meth_set_finish(rsae_method, rsae_finish)) |
517 |
-+ goto fail; |
518 |
-+ |
519 |
-+ if (RSA_meth_get_keygen(rsa_default)) { |
520 |
-+ if (!RSA_meth_set_keygen(rsae_method, rsae_keygen)) |
521 |
-+ goto fail; |
522 |
-+ } |
523 |
-+ |
524 |
-+ if (!RSA_meth_set_flags(rsae_method, |
525 |
-+ RSA_meth_get_flags(rsa_default) | |
526 |
-+ RSA_METHOD_FLAG_NO_CHECK)) |
527 |
-+ goto fail; |
528 |
-+ |
529 |
-+ if (!RSA_meth_set0_app_data(rsae_method, RSA_meth_get0_app_data(rsa_default))) |
530 |
-+ goto fail; |
531 |
-+ |
532 |
-+ if (!ENGINE_set_RSA(e, rsae_method)) { |
533 |
- errstr = "ENGINE_set_RSA"; |
534 |
- goto fail; |
535 |
- } |
536 |
-diff --git a/smtpd/crypto.c b/smtpd/crypto.c |
537 |
-index 76f98807..01452851 100644 |
538 |
---- a/smtpd/crypto.c |
539 |
-+++ b/smtpd/crypto.c |
540 |
-@@ -64,7 +64,7 @@ crypto_setup(const char *key, size_t len) |
541 |
- int |
542 |
- crypto_encrypt_file(FILE * in, FILE * out) |
543 |
- { |
544 |
-- EVP_CIPHER_CTX ctx; |
545 |
-+ EVP_CIPHER_CTX *ctx; |
546 |
- uint8_t ibuf[CRYPTO_BUFFER_SIZE]; |
547 |
- uint8_t obuf[CRYPTO_BUFFER_SIZE]; |
548 |
- uint8_t iv[IV_SIZE]; |
549 |
-@@ -91,12 +91,14 @@ crypto_encrypt_file(FILE * in, FILE * out) |
550 |
- if ((w = fwrite(iv, 1, sizeof iv, out)) != sizeof iv) |
551 |
- return 0; |
552 |
- |
553 |
-- EVP_CIPHER_CTX_init(&ctx); |
554 |
-- EVP_EncryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv); |
555 |
-+ ctx = EVP_CIPHER_CTX_new(); |
556 |
-+ if (!ctx) |
557 |
-+ return 0; |
558 |
-+ EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, cp.key, iv); |
559 |
- |
560 |
- /* encrypt until end of file */ |
561 |
- while ((r = fread(ibuf, 1, CRYPTO_BUFFER_SIZE, in)) != 0) { |
562 |
-- if (!EVP_EncryptUpdate(&ctx, obuf, &len, ibuf, r)) |
563 |
-+ if (!EVP_EncryptUpdate(ctx, obuf, &len, ibuf, r)) |
564 |
- goto end; |
565 |
- if (len && (w = fwrite(obuf, len, 1, out)) != 1) |
566 |
- goto end; |
567 |
-@@ -105,13 +107,13 @@ crypto_encrypt_file(FILE * in, FILE * out) |
568 |
- goto end; |
569 |
- |
570 |
- /* finalize and write last chunk if any */ |
571 |
-- if (!EVP_EncryptFinal_ex(&ctx, obuf, &len)) |
572 |
-+ if (!EVP_EncryptFinal_ex(ctx, obuf, &len)) |
573 |
- goto end; |
574 |
- if (len && (w = fwrite(obuf, len, 1, out)) != 1) |
575 |
- goto end; |
576 |
- |
577 |
- /* get and append tag */ |
578 |
-- EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag); |
579 |
-+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag); |
580 |
- if ((w = fwrite(tag, sizeof tag, 1, out)) != 1) |
581 |
- goto end; |
582 |
- |
583 |
-@@ -119,14 +121,14 @@ crypto_encrypt_file(FILE * in, FILE * out) |
584 |
- ret = 1; |
585 |
- |
586 |
- end: |
587 |
-- EVP_CIPHER_CTX_cleanup(&ctx); |
588 |
-+ EVP_CIPHER_CTX_free(ctx); |
589 |
- return ret; |
590 |
- } |
591 |
- |
592 |
- int |
593 |
- crypto_decrypt_file(FILE * in, FILE * out) |
594 |
- { |
595 |
-- EVP_CIPHER_CTX ctx; |
596 |
-+ EVP_CIPHER_CTX *ctx; |
597 |
- uint8_t ibuf[CRYPTO_BUFFER_SIZE]; |
598 |
- uint8_t obuf[CRYPTO_BUFFER_SIZE]; |
599 |
- uint8_t iv[IV_SIZE]; |
600 |
-@@ -171,11 +173,13 @@ crypto_decrypt_file(FILE * in, FILE * out) |
601 |
- sz -= sizeof tag; |
602 |
- |
603 |
- |
604 |
-- EVP_CIPHER_CTX_init(&ctx); |
605 |
-- EVP_DecryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv); |
606 |
-+ ctx = EVP_CIPHER_CTX_new(); |
607 |
-+ if (!ctx) |
608 |
-+ return 0; |
609 |
-+ EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, cp.key, iv); |
610 |
- |
611 |
- /* set expected tag */ |
612 |
-- EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag); |
613 |
-+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag); |
614 |
- |
615 |
- /* decrypt until end of ciphertext */ |
616 |
- while (sz) { |
617 |
-@@ -185,7 +189,7 @@ crypto_decrypt_file(FILE * in, FILE * out) |
618 |
- r = fread(ibuf, 1, sz, in); |
619 |
- if (!r) |
620 |
- break; |
621 |
-- if (!EVP_DecryptUpdate(&ctx, obuf, &len, ibuf, r)) |
622 |
-+ if (!EVP_DecryptUpdate(ctx, obuf, &len, ibuf, r)) |
623 |
- goto end; |
624 |
- if (len && (w = fwrite(obuf, len, 1, out)) != 1) |
625 |
- goto end; |
626 |
-@@ -195,7 +199,7 @@ crypto_decrypt_file(FILE * in, FILE * out) |
627 |
- goto end; |
628 |
- |
629 |
- /* finalize, write last chunk if any and perform authentication check */ |
630 |
-- if (!EVP_DecryptFinal_ex(&ctx, obuf, &len)) |
631 |
-+ if (!EVP_DecryptFinal_ex(ctx, obuf, &len)) |
632 |
- goto end; |
633 |
- if (len && (w = fwrite(obuf, len, 1, out)) != 1) |
634 |
- goto end; |
635 |
-@@ -204,14 +208,14 @@ crypto_decrypt_file(FILE * in, FILE * out) |
636 |
- ret = 1; |
637 |
- |
638 |
- end: |
639 |
-- EVP_CIPHER_CTX_cleanup(&ctx); |
640 |
-+ EVP_CIPHER_CTX_free(ctx); |
641 |
- return ret; |
642 |
- } |
643 |
- |
644 |
- size_t |
645 |
- crypto_encrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen) |
646 |
- { |
647 |
-- EVP_CIPHER_CTX ctx; |
648 |
-+ EVP_CIPHER_CTX *ctx; |
649 |
- uint8_t iv[IV_SIZE]; |
650 |
- uint8_t tag[GCM_TAG_SIZE]; |
651 |
- uint8_t version = API_VERSION; |
652 |
-@@ -239,33 +243,35 @@ crypto_encrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen) |
653 |
- memcpy(out + len, iv, sizeof iv); |
654 |
- len += sizeof iv; |
655 |
- |
656 |
-- EVP_CIPHER_CTX_init(&ctx); |
657 |
-- EVP_EncryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv); |
658 |
-+ ctx = EVP_CIPHER_CTX_new(); |
659 |
-+ if (!ctx) |
660 |
-+ return 0; |
661 |
-+ EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, cp.key, iv); |
662 |
- |
663 |
- /* encrypt buffer */ |
664 |
-- if (!EVP_EncryptUpdate(&ctx, out + len, &olen, in, inlen)) |
665 |
-+ if (!EVP_EncryptUpdate(ctx, out + len, &olen, in, inlen)) |
666 |
- goto end; |
667 |
- len += olen; |
668 |
- |
669 |
- /* finalize and write last chunk if any */ |
670 |
-- if (!EVP_EncryptFinal_ex(&ctx, out + len, &olen)) |
671 |
-+ if (!EVP_EncryptFinal_ex(ctx, out + len, &olen)) |
672 |
- goto end; |
673 |
- len += olen; |
674 |
- |
675 |
- /* get and append tag */ |
676 |
-- EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag); |
677 |
-+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag); |
678 |
- memcpy(out + len, tag, sizeof tag); |
679 |
- ret = len + sizeof tag; |
680 |
- |
681 |
- end: |
682 |
-- EVP_CIPHER_CTX_cleanup(&ctx); |
683 |
-+ EVP_CIPHER_CTX_cleanup(ctx); |
684 |
- return ret; |
685 |
- } |
686 |
- |
687 |
- size_t |
688 |
- crypto_decrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen) |
689 |
- { |
690 |
-- EVP_CIPHER_CTX ctx; |
691 |
-+ EVP_CIPHER_CTX *ctx; |
692 |
- uint8_t iv[IV_SIZE]; |
693 |
- uint8_t tag[GCM_TAG_SIZE]; |
694 |
- int olen; |
695 |
-@@ -292,24 +298,26 @@ crypto_decrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen) |
696 |
- inlen -= sizeof iv; |
697 |
- in += sizeof iv; |
698 |
- |
699 |
-- EVP_CIPHER_CTX_init(&ctx); |
700 |
-- EVP_DecryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv); |
701 |
-+ ctx = EVP_CIPHER_CTX_new(); |
702 |
-+ if (!ctx) |
703 |
-+ return 0; |
704 |
-+ EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, cp.key, iv); |
705 |
- |
706 |
- /* set expected tag */ |
707 |
-- EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag); |
708 |
-+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag); |
709 |
- |
710 |
- /* decrypt buffer */ |
711 |
-- if (!EVP_DecryptUpdate(&ctx, out, &olen, in, inlen)) |
712 |
-+ if (!EVP_DecryptUpdate(ctx, out, &olen, in, inlen)) |
713 |
- goto end; |
714 |
- len += olen; |
715 |
- |
716 |
- /* finalize, write last chunk if any and perform authentication check */ |
717 |
-- if (!EVP_DecryptFinal_ex(&ctx, out + len, &olen)) |
718 |
-+ if (!EVP_DecryptFinal_ex(ctx, out + len, &olen)) |
719 |
- goto end; |
720 |
- ret = len + olen; |
721 |
- |
722 |
- end: |
723 |
-- EVP_CIPHER_CTX_cleanup(&ctx); |
724 |
-+ EVP_CIPHER_CTX_cleanup(ctx); |
725 |
- return ret; |
726 |
- } |
727 |
- |
728 |
-diff --git a/smtpd/libressl.c b/smtpd/libressl.c |
729 |
-index 57d74389..db78d943 100644 |
730 |
---- a/smtpd/libressl.c |
731 |
-+++ b/smtpd/libressl.c |
732 |
-@@ -94,10 +94,10 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) |
733 |
- |
734 |
- ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ |
735 |
- |
736 |
-- x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, |
737 |
-- ctx->default_passwd_callback_userdata); |
738 |
-+ x = PEM_read_bio_X509_AUX(in, NULL, SSL_CTX_get_default_passwd_cb(ctx), |
739 |
-+ SSL_CTX_get_default_passwd_cb_userdata(ctx)); |
740 |
- if (x == NULL) { |
741 |
-- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); |
742 |
-+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB); |
743 |
- goto end; |
744 |
- } |
745 |
- |
746 |
-@@ -115,14 +115,11 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) |
747 |
- int r; |
748 |
- unsigned long err; |
749 |
- |
750 |
-- if (ctx->extra_certs != NULL) { |
751 |
-- sk_X509_pop_free(ctx->extra_certs, X509_free); |
752 |
-- ctx->extra_certs = NULL; |
753 |
-- } |
754 |
-+ SSL_CTX_clear_extra_chain_certs(ctx); |
755 |
- |
756 |
- while ((ca = PEM_read_bio_X509(in, NULL, |
757 |
-- ctx->default_passwd_callback, |
758 |
-- ctx->default_passwd_callback_userdata)) != NULL) { |
759 |
-+ SSL_CTX_get_default_passwd_cb(ctx), |
760 |
-+ SSL_CTX_get_default_passwd_cb_userdata(ctx))) != NULL) { |
761 |
- r = SSL_CTX_add_extra_chain_cert(ctx, ca); |
762 |
- if (!r) { |
763 |
- X509_free(ca); |
764 |
-@@ -160,7 +157,7 @@ SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) |
765 |
- |
766 |
- in = BIO_new_mem_buf(buf, len); |
767 |
- if (in == NULL) { |
768 |
-- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); |
769 |
-+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); |
770 |
- goto end; |
771 |
- } |
772 |
- |
773 |
-diff --git a/smtpd/ssl.c b/smtpd/ssl.c |
774 |
-index b88360eb..0c93d87e 100644 |
775 |
---- a/smtpd/ssl.c |
776 |
-+++ b/smtpd/ssl.c |
777 |
-@@ -425,7 +425,7 @@ ssl_ctx_fake_private_key(SSL_CTX *ctx, const void *data, size_t datalen, |
778 |
- */ |
779 |
- ret = SSL_CTX_use_PrivateKey(ctx, pkey); |
780 |
- if (!ret) |
781 |
-- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_SSL_LIB); |
782 |
-+ SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_SYS_LIB); |
783 |
- |
784 |
- if (pkeyptr != NULL) |
785 |
- *pkeyptr = pkey; |
786 |
-diff --git a/smtpd/ssl.h b/smtpd/ssl.h |
787 |
-index 90f018d0..553120d4 100644 |
788 |
---- a/smtpd/ssl.h |
789 |
-+++ b/smtpd/ssl.h |
790 |
-@@ -73,3 +73,17 @@ void SSL_CTX_set_ecdh_auto(SSL_CTX *, int); |
791 |
- void SSL_CTX_set_dh_auto(SSL_CTX *, int); |
792 |
- #endif |
793 |
- int SSL_CTX_use_certificate_chain_mem(SSL_CTX *, void *, int); |
794 |
-+ |
795 |
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) |
796 |
-+ |
797 |
-+static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) |
798 |
-+{ |
799 |
-+ return ctx->default_passwd_callback; |
800 |
-+} |
801 |
-+ |
802 |
-+static inline void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) |
803 |
-+{ |
804 |
-+ return ctx->default_passwd_callback_userdata; |
805 |
-+} |
806 |
-+ |
807 |
-+#endif |
808 |
|
809 |
diff --git a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-security-fixes.patch b/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-security-fixes.patch |
810 |
deleted file mode 100644 |
811 |
index b22f3af1fbe..00000000000 |
812 |
--- a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-security-fixes.patch |
813 |
+++ /dev/null |
814 |
@@ -1,123 +0,0 @@ |
815 |
-diff -ru OpenSMTPD-opensmtpd-6.0.3/smtpd/mta_session.c OpenSMTPD-opensmtpd-6.0.3-fixed/smtpd/mta_session.c |
816 |
---- OpenSMTPD-opensmtpd-6.0.3/smtpd/mta_session.c 2018-01-04 23:24:01.000000000 +0100 |
817 |
-+++ OpenSMTPD-opensmtpd-6.0.3-fixed/smtpd/mta_session.c 2020-01-29 09:47:24.607457717 +0100 |
818 |
-@@ -1290,40 +1290,20 @@ |
819 |
- break; |
820 |
- |
821 |
- case IO_ERROR: |
822 |
-+ case IO_TLSERROR: |
823 |
- log_debug("debug: mta: %p: IO error: %s", s, io_error(io)); |
824 |
-- if (!s->ready) { |
825 |
-- mta_error(s, "IO Error: %s", io_error(io)); |
826 |
-- mta_connect(s); |
827 |
-- break; |
828 |
-- } |
829 |
-- else if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) { |
830 |
-- /* error in non-strict SSL negotiation, downgrade to plain */ |
831 |
-- if (s->flags & MTA_TLS) { |
832 |
-- log_info("smtp-out: Error on session %016"PRIx64 |
833 |
-- ": opportunistic TLS failed, " |
834 |
-- "downgrading to plain", s->id); |
835 |
-- s->flags &= ~MTA_TLS; |
836 |
-- s->flags |= MTA_DOWNGRADE_PLAIN; |
837 |
-- mta_connect(s); |
838 |
-- break; |
839 |
-- } |
840 |
-- } |
841 |
-- mta_error(s, "IO Error: %s", io_error(io)); |
842 |
-- mta_free(s); |
843 |
-- break; |
844 |
- |
845 |
-- case IO_TLSERROR: |
846 |
-- log_debug("debug: mta: %p: TLS IO error: %s", s, io_error(io)); |
847 |
-- if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) { |
848 |
-+ if (s->state == MTA_STARTTLS && s->use_smtp_tls) { |
849 |
- /* error in non-strict SSL negotiation, downgrade to plain */ |
850 |
-- log_info("smtp-out: TLS Error on session %016"PRIx64 |
851 |
-- ": TLS failed, " |
852 |
-+ log_info("smtp-out: Error on session %016"PRIx64 |
853 |
-+ ": opportunistic TLS failed, " |
854 |
- "downgrading to plain", s->id); |
855 |
- s->flags &= ~MTA_TLS; |
856 |
- s->flags |= MTA_DOWNGRADE_PLAIN; |
857 |
- mta_connect(s); |
858 |
- break; |
859 |
- } |
860 |
-+ |
861 |
- mta_error(s, "IO Error: %s", io_error(io)); |
862 |
- mta_free(s); |
863 |
- break; |
864 |
-diff -ru OpenSMTPD-opensmtpd-6.0.3/smtpd/smtp_session.c OpenSMTPD-opensmtpd-6.0.3-fixed/smtpd/smtp_session.c |
865 |
---- OpenSMTPD-opensmtpd-6.0.3/smtpd/smtp_session.c 2018-01-04 23:24:01.000000000 +0100 |
866 |
-+++ OpenSMTPD-opensmtpd-6.0.3-fixed/smtpd/smtp_session.c 2020-01-29 09:47:24.610791335 +0100 |
867 |
-@@ -2004,25 +2004,23 @@ |
868 |
- memmove(maddr->user, p, strlen(p) + 1); |
869 |
- } |
870 |
- |
871 |
-- if (!valid_localpart(maddr->user) || |
872 |
-- !valid_domainpart(maddr->domain)) { |
873 |
-- /* accept empty return-path in MAIL FROM, required for bounces */ |
874 |
-- if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0') |
875 |
-- return (1); |
876 |
-+ /* accept empty return-path in MAIL FROM, required for bounces */ |
877 |
-+ if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0') |
878 |
-+ return (1); |
879 |
- |
880 |
-- /* no user-part, reject */ |
881 |
-- if (maddr->user[0] == '\0') |
882 |
-- return (0); |
883 |
-- |
884 |
-- /* no domain, local user */ |
885 |
-- if (maddr->domain[0] == '\0') { |
886 |
-- (void)strlcpy(maddr->domain, domain, |
887 |
-- sizeof(maddr->domain)); |
888 |
-- return (1); |
889 |
-- } |
890 |
-+ /* no or invalid user-part, reject */ |
891 |
-+ if (maddr->user[0] == '\0' || !valid_localpart(maddr->user)) |
892 |
- return (0); |
893 |
-+ |
894 |
-+ /* no domain part, local user */ |
895 |
-+ if (maddr->domain[0] == '\0') { |
896 |
-+ (void)strlcpy(maddr->domain, domain, |
897 |
-+ sizeof(maddr->domain)); |
898 |
- } |
899 |
- |
900 |
-+ if (!valid_domainpart(maddr->domain)) |
901 |
-+ return (0); |
902 |
-+ |
903 |
- return (1); |
904 |
- } |
905 |
- |
906 |
-diff -ru opensmtpd-6.0.3p1/smtpd/mta_session.c opensmtpd-6.0.3p1-modified/smtpd/mta_session.c |
907 |
---- opensmtpd-6.0.3p1/smtpd/mta_session.c 2018-01-10 21:06:40.000000000 +0800 |
908 |
-+++ opensmtpd-6.0.3p1-modified/smtpd/mta_session.c 2020-02-25 09:57:04.624147227 +0800 |
909 |
-@@ -1214,7 +1214,7 @@ |
910 |
- if (cont) { |
911 |
- if (s->replybuf[0] == '\0') |
912 |
- (void)strlcat(s->replybuf, line, sizeof s->replybuf); |
913 |
-- else { |
914 |
-+ else if (len > 4) { |
915 |
- line = line + 4; |
916 |
- if (isdigit((int)*line) && *(line + 1) == '.' && |
917 |
- isdigit((int)*line+2) && *(line + 3) == '.' && |
918 |
-@@ -1229,7 +1229,9 @@ |
919 |
- /* last line of a reply, check if we're on a continuation to parse out status and ESC. |
920 |
- * if we overflow reply buffer or are not on continuation, log entire last line. |
921 |
- */ |
922 |
-- if (s->replybuf[0] != '\0') { |
923 |
-+ if (s->replybuf[0] == '\0') |
924 |
-+ (void)strlcat(s->replybuf, line, sizeof s->replybuf); |
925 |
-+ else if (len > 4) { |
926 |
- p = line + 4; |
927 |
- if (isdigit((int)*p) && *(p + 1) == '.' && |
928 |
- isdigit((int)*p+2) && *(p + 3) == '.' && |
929 |
-@@ -1238,8 +1240,6 @@ |
930 |
- if (strlcat(s->replybuf, p, sizeof s->replybuf) >= sizeof s->replybuf) |
931 |
- (void)strlcpy(s->replybuf, line, sizeof s->replybuf); |
932 |
- } |
933 |
-- else |
934 |
-- (void)strlcpy(s->replybuf, line, sizeof s->replybuf); |
935 |
- |
936 |
- if (s->state == MTA_QUIT) { |
937 |
- log_info("%016"PRIx64" mta event=closed reason=quit messages=%zu", |
938 |
|
939 |
diff --git a/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r3.ebuild b/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r3.ebuild |
940 |
deleted file mode 100644 |
941 |
index 14d9fa69ea4..00000000000 |
942 |
--- a/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r3.ebuild |
943 |
+++ /dev/null |
944 |
@@ -1,78 +0,0 @@ |
945 |
-# Copyright 1999-2020 Gentoo Authors |
946 |
-# Distributed under the terms of the GNU General Public License v2 |
947 |
- |
948 |
-EAPI=7 |
949 |
- |
950 |
-inherit pam toolchain-funcs systemd |
951 |
- |
952 |
-DESCRIPTION="Lightweight but featured SMTP daemon from OpenBSD" |
953 |
-HOMEPAGE="https://www.opensmtpd.org" |
954 |
-SRC_URI="https://www.opensmtpd.org/archives/${P/_}.tar.gz" |
955 |
- |
956 |
-LICENSE="ISC BSD BSD-1 BSD-2 BSD-4" |
957 |
-SLOT="0" |
958 |
-KEYWORDS="~amd64 ~arm ~arm64 ~x86" |
959 |
-IUSE="libressl pam +mta" |
960 |
- |
961 |
-DEPEND=" |
962 |
- acct-user/smtpd |
963 |
- acct-user/smtpq |
964 |
- !libressl? ( dev-libs/openssl:0= ) |
965 |
- libressl? ( dev-libs/libressl:0= ) |
966 |
- elibc_musl? ( sys-libs/fts-standalone ) |
967 |
- sys-libs/zlib |
968 |
- pam? ( sys-libs/pam ) |
969 |
- sys-libs/db:= |
970 |
- dev-libs/libevent |
971 |
- app-misc/ca-certificates |
972 |
- net-mail/mailbase |
973 |
- net-libs/libasr |
974 |
- !mail-mta/courier |
975 |
- !mail-mta/esmtp |
976 |
- !mail-mta/exim |
977 |
- !mail-mta/mini-qmail |
978 |
- !mail-mta/msmtp[mta] |
979 |
- !mail-mta/netqmail |
980 |
- !mail-mta/nullmailer |
981 |
- !mail-mta/postfix |
982 |
- !mail-mta/qmail-ldap |
983 |
- !mail-mta/sendmail |
984 |
- !mail-mta/ssmtp[mta] |
985 |
-" |
986 |
-RDEPEND="${DEPEND}" |
987 |
- |
988 |
-S=${WORKDIR}/${P/_} |
989 |
-PATCHES=( |
990 |
- "${FILESDIR}/${P}-fix-crash-on-auth.patch" |
991 |
- "${FILESDIR}/${P}-openssl_1.1.patch" |
992 |
- "${FILESDIR}/${P}-security-fixes.patch" |
993 |
-) |
994 |
- |
995 |
-src_configure() { |
996 |
- tc-export AR |
997 |
- AR="$(which "$AR")" econf \ |
998 |
- --with-table-db \ |
999 |
- --with-user-smtpd=smtpd \ |
1000 |
- --with-user-queue=smtpq \ |
1001 |
- --with-group-queue=smtpq \ |
1002 |
- --with-path-socket=/run \ |
1003 |
- --with-path-CAfile=/etc/ssl/certs/ca-certificates.crt \ |
1004 |
- --sysconfdir=/etc/opensmtpd \ |
1005 |
- $(use_with pam auth-pam) |
1006 |
-} |
1007 |
- |
1008 |
-src_install() { |
1009 |
- default |
1010 |
- newinitd "${FILESDIR}"/smtpd.initd smtpd |
1011 |
- systemd_dounit "${FILESDIR}"/smtpd.{service,socket} |
1012 |
- use pam && newpamd "${FILESDIR}"/smtpd.pam smtpd |
1013 |
- dosym smtpctl /usr/sbin/makemap |
1014 |
- dosym smtpctl /usr/sbin/newaliases |
1015 |
- if use mta ; then |
1016 |
- dodir /usr/sbin |
1017 |
- dosym smtpctl /usr/sbin/sendmail |
1018 |
- dosym ../sbin/smtpctl /usr/bin/sendmail |
1019 |
- mkdir -p "${ED}"/usr/$(get_libdir) || die |
1020 |
- ln -s --relative "${ED}"/usr/sbin/smtpctl "${ED}"/usr/$(get_libdir)/sendmail || die |
1021 |
- fi |
1022 |
-} |
1023 |
|
1024 |
diff --git a/profiles/package.mask b/profiles/package.mask |
1025 |
index d5a4bc79b9e..5ef30fbb59c 100644 |
1026 |
--- a/profiles/package.mask |
1027 |
+++ b/profiles/package.mask |
1028 |
@@ -109,14 +109,6 @@ sci-misc/pythoncad |
1029 |
# Last release in 2013, bug #710164, masked for removal in 30 days. |
1030 |
sci-electronics/gresistor |
1031 |
|
1032 |
-# Jason A. Donenfeld <zx2c4@g.o> (2020-02-24) |
1033 |
-# Unsupported upstream version, likely has security bugs. Not removed |
1034 |
-# immediately because of backwards incompatible configuration changes |
1035 |
-# with the newer version in the tree. |
1036 |
-# |
1037 |
-# Removal in 14 days. Bug #710754. |
1038 |
-~mail-mta/opensmtpd-6.0.3_p1 |
1039 |
- |
1040 |
# Marek Szuba <marecki@g.o> (2020-02-24) |
1041 |
# Deprecated upstream in Q1'2018 in favour of dev-libs/intel-neo and |
1042 |
# while it officially remains the recommended solution for "legacy HW |