CVS commit: pkgsrc/mail/opensmtpd

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/mail/opensmtpd
From: "Paolo Vincenzo Olivo" <vins%netbsd.org@localhost>
Date: Sun, 2 Nov 2025 20:13:39 +0000

Module Name:    pkgsrc
Committed By:   vins
Date:           Sun Nov  2 20:13:39 UTC 2025

Modified Files:
        pkgsrc/mail/opensmtpd: Makefile distinfo
        pkgsrc/mail/opensmtpd/patches: patch-usr.sbin_smtpd_smtp__session.c
Added Files:
        pkgsrc/mail/opensmtpd/patches: patch-openbsd-compat_libtls_tls.c

Log Message:
mail/opensmtpd: update to 7.8.0p0

# pkgsrc changes
* Depend on openssl instead of libretls, since apparently OpenSMTPD
  forces built-in libtls since 7.7.0.

# upstream changes
- Don't reject single character AUTH PLAIN passwords.
- Fix address family typo (PF_INET->PF_INET6).
- Various documentation improvements.
- Removed support for world-writable mail spools.
- Updated contrib mail.local and lockspool.
- Don't die if garbage is being sent on the local socket.

This release includes the OpenBSD errata 005 which fixes CVE-2025-62875.


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/mail/opensmtpd/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/mail/opensmtpd/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/mail/opensmtpd/patches/patch-openbsd-compat_libtls_tls.c
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/mail/opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/opensmtpd/Makefile
diff -u pkgsrc/mail/opensmtpd/Makefile:1.35 pkgsrc/mail/opensmtpd/Makefile:1.36
--- pkgsrc/mail/opensmtpd/Makefile:1.35 Sat Sep 13 16:26:01 2025
+++ pkgsrc/mail/opensmtpd/Makefile      Sun Nov  2 20:13:39 2025
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.35 2025/09/13 16:26:01 vins Exp $
+# $NetBSD: Makefile,v 1.36 2025/11/02 20:13:39 vins Exp $
 
-VERSION=       7.7.0p0
+VERSION=       7.8.0p0
 DISTNAME=      opensmtpd-${VERSION}
-PKGREVISION=   2
 CATEGORIES=    mail net
 MASTER_SITES=  https://www.opensmtpd.org/archives/
 
@@ -18,7 +17,7 @@ SMTPD_QUEUE=  _smtpq
 GNU_CONFIGURE= yes
 USE_DB185=     yes
 USE_LIBTOOL=   yes
-USE_TOOLS+=    awk pkg-config yacc
+USE_TOOLS+=    awk groff pkg-config yacc
 USE_TOOLS+=    automake aclocal autoheader autoconf pkg-config
 
 CHECK_BUILTIN.openssl:= yes
@@ -87,7 +86,7 @@ SUBST_MESSAGE.pkgsrc= Replacing pkgsrc p
 SUBST_CLASSES+=                paths
 SUBST_STAGE.paths=     pre-configure
 SUBST_MESSAGE.paths=   Fixing hard-coded paths.
-SUBST_FILES.paths+=    configure mk/smtpd/Makefile.am usr.sbin/smtpd/smtpd.conf \
+SUBST_FILES.paths+=    mk/smtpd/Makefile.am usr.sbin/smtpd/smtpd.conf \
                        usr.sbin/smtpd/smtpd.h usr.sbin/smtpd/smtpd.8 \
                        usr.sbin/smtpd/smtpd.conf.5 usr.sbin/smtpd/aliases.5 \
                        usr.sbin/smtpd/makemap.8 usr.sbin/smtpd/newaliases.8
@@ -125,6 +124,6 @@ doc-install:
 .include "../../devel/libevent/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../net/libasr/buildlink3.mk"
-.include "../../security/libretls/buildlink3.mk"
+.include "../../security/openssl/buildlink3.mk"
 .include "../../mk/dlopen.buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"

Index: pkgsrc/mail/opensmtpd/distinfo
diff -u pkgsrc/mail/opensmtpd/distinfo:1.14 pkgsrc/mail/opensmtpd/distinfo:1.15
--- pkgsrc/mail/opensmtpd/distinfo:1.14 Sat Sep 13 16:26:01 2025
+++ pkgsrc/mail/opensmtpd/distinfo      Sun Nov  2 20:13:39 2025
@@ -1,14 +1,15 @@
-$NetBSD: distinfo,v 1.14 2025/09/13 16:26:01 vins Exp $
+$NetBSD: distinfo,v 1.15 2025/11/02 20:13:39 vins Exp $
 
-BLAKE2s (opensmtpd-7.7.0p0.tar.gz) = a51ecac58934e880c4d006d536ae4adb011b1121cbd55f53420362fac61740a7
-SHA512 (opensmtpd-7.7.0p0.tar.gz) = 6a46a93bc0689603250376e414fc481fd5997c2bc7fc4e12d1522a9f4a2cad610f1c9452e9501b077e3ba2219a253e693160540fcfba595da8f68349bf795b92
-Size (opensmtpd-7.7.0p0.tar.gz) = 978481 bytes
+BLAKE2s (opensmtpd-7.8.0p0.tar.gz) = 81e58867f8b5685ae8b4d8abb0e4b152fca68b6dfd82387390cd10cde9b134c9
+SHA512 (opensmtpd-7.8.0p0.tar.gz) = ef4233909497c604c5c3de18c5ff50ee1e04f417d6ef0e6def3ebef214acee3a63306b27f5c7eab00992e24f3a7f2b2f2748fee2e535b3b291e194f1b8bd8652
+Size (opensmtpd-7.8.0p0.tar.gz) = 744995 bytes
 SHA1 (patch-configure.ac) = ff6534e28ecba1de479660a00340600feefd5d7e
 SHA1 (patch-contrib_libexec_mail.local_mail.local.c) = bec19540fa52c7c6596ab5923f3a67b334ddf168
 SHA1 (patch-mk_smtpd_Makefile.am) = cc3f82922e3e56bc0205085f7e311f2beeda7fc4
 SHA1 (patch-openbsd-compat_getpeereid.c) = 8d60140bffcabb6accf9b7bbe0f419c2c25d352d
 SHA1 (patch-openbsd-compat_imsg-buffer.c) = 4b6861eec3461a192e20aa2daba4d74bd2659339
 SHA1 (patch-openbsd-compat_imsg.c) = 762b2ae2362716947ea007fa229e9e31fa6d08f3
+SHA1 (patch-openbsd-compat_libtls_tls.c) = 09b9ab78709e8989b86843a5ddc24a0a7231c604
 SHA1 (patch-usr.sbin_smtpd_proxy.c) = 895d3e9532bf53dcdb7a52825043acacac51b378
 SHA1 (patch-usr.sbin_smtpd_queue__fs.c) = f40d5be4c05d8d54f7368af8d20f4ee007860dc7
-SHA1 (patch-usr.sbin_smtpd_smtp__session.c) = 565b1df1a6d4d3c5ee786f4501c1cd73992f2d3e
+SHA1 (patch-usr.sbin_smtpd_smtp__session.c) = d153c13e56b1bae8a6e07ca62ed2f5428a3be2fc

Index: pkgsrc/mail/opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c
diff -u pkgsrc/mail/opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c:1.1 pkgsrc/mail/opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c:1.2
--- pkgsrc/mail/opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c:1.1      Thu Aug 24 15:26:40 2023
+++ pkgsrc/mail/opensmtpd/patches/patch-usr.sbin_smtpd_smtp__session.c  Sun Nov  2 20:13:39 2025
@@ -1,20 +1,10 @@
-$NetBSD: patch-usr.sbin_smtpd_smtp__session.c,v 1.1 2023/08/24 15:26:40 vins Exp $
+$NetBSD: patch-usr.sbin_smtpd_smtp__session.c,v 1.2 2025/11/02 20:13:39 vins Exp $
 
-Add a patch to handle long usernames during SMTP authentication,
-e.g. often username exceeds the limit when it contains @host.name
-part.
+Add a patch to handle long usernames during SMTP authentication.
 
-From FreeBSD's ports.
-
-cf.http://svnweb.freebsd.org/ports?view=revision&revision=394424
-
-For update 6.7.1p1:
-Removed hunk to increase buffersize to LOGIN_NAME_MAX+HOST_NAME_MAX+1,
-this was already increased upstream to SMTPD_MAXMAILADDRSIZE.
-
---- usr.sbin/smtpd/smtp_session.c.orig 2020-05-21 19:06:04.000000000 +0000
+--- usr.sbin/smtpd/smtp_session.c.orig 2025-07-30 20:26:49.764391744 +0000
 +++ usr.sbin/smtpd/smtp_session.c
-@@ -84,6 +84,7 @@ enum {
+@@ -80,6 +80,7 @@ enum {
        TX_ERROR_ENVELOPE,
        TX_ERROR_SIZE,
        TX_ERROR_IO,
@@ -22,7 +12,7 @@ this was already increased upstream to S
        TX_ERROR_LOOP,
        TX_ERROR_MALFORMED,
        TX_ERROR_RESOURCES,
-@@ -970,6 +971,15 @@ smtp_session_imsg(struct mproc *p, struc
+@@ -962,6 +963,15 @@ smtp_session_imsg(struct mproc *p, struc
  
                s = tree_xpop(&wait_parent_auth, reqid);
                strnvis(user, s->username, sizeof user, VIS_WHITE | VIS_SAFE);
@@ -38,16 +28,16 @@ this was already increased upstream to S
                if (success == LKA_OK) {
                        log_info("%016"PRIx64" smtp "
                            "authentication user=%s "
-@@ -1967,7 +1977,7 @@ smtp_rfc4954_auth_plain(struct smtp_sess
-               user++; /* skip NUL */
-               if (strlcpy(s->username, user, sizeof(s->username))
-                   >= sizeof(s->username))
+@@ -1964,7 +1974,7 @@ smtp_rfc4954_auth_plain(struct smtp_sess
+               /* String is not NUL terminated, leave room. */
+               if ((len = base64_decode(arg, (unsigned char *)buf,
+                           sizeof(buf) - 1)) == -1)
 -                      goto abort;
 +                      s->flags |= SF_USERTOOLONG;
+               /* buf is a byte string, NUL terminate. */
+               buf[len] = '\0';
  
-               pass = memchr(user, '\0', len - (user - buf));
-               if (pass == NULL || pass >= buf + len - 2)
-@@ -2011,9 +2021,12 @@ smtp_rfc4954_auth_login(struct smtp_sess
+@@ -2021,9 +2031,12 @@ smtp_rfc4954_auth_login(struct smtp_sess
  
        case STATE_AUTH_USERNAME:
                memset(s->username, 0, sizeof(s->username));

Added files:

Index: pkgsrc/mail/opensmtpd/patches/patch-openbsd-compat_libtls_tls.c
diff -u /dev/null pkgsrc/mail/opensmtpd/patches/patch-openbsd-compat_libtls_tls.c:1.1
--- /dev/null   Sun Nov  2 20:13:39 2025
+++ pkgsrc/mail/opensmtpd/patches/patch-openbsd-compat_libtls_tls.c     Sun Nov  2 20:13:39 2025
@@ -0,0 +1,20 @@
+$NetBSD: patch-openbsd-compat_libtls_tls.c,v 1.1 2025/11/02 20:13:39 vins Exp $
+
+Use the correct OpenSSL idiom to load the trust store.
+
+--- openbsd-compat/libtls/tls.c.orig   2025-07-30 20:26:49.614399725 +0000
++++ openbsd-compat/libtls/tls.c
+@@ -635,10 +635,10 @@ tls_configure_ssl_verify(struct tls *ctx
+ 
+       /* If no CA has been specified, attempt to load the default. */
+       if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
+-              if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(),
+-                  &ca_mem, &ca_len) != 0)
++              if (!SSL_CTX_set_default_verify_paths(ssl_ctx)) {
++                      tls_set_error(ctx, TLS_ERROR_UNKNOWN, "failed to load default trust store");
+                       goto err;
+-              ca_free = ca_mem;
++              }
+       }
+ 
+       if (ca_mem != NULL) {

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index