pkgsrc-WIP-changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

opensmtpd: Update to 6.7.1p1



Module Name:	pkgsrc-wip
Committed By:	Michael Baeuerle <micha%NetBSD.org@localhost>
Pushed By:	micha
Date:		Tue Sep 8 10:41:11 2020 +0200
Changeset:	48e18e0bc17ae26349e39e925ee43147ebfdcfaa

Added Files:
	opensmtpd/DESCR
	opensmtpd/Makefile
	opensmtpd/PLIST
	opensmtpd/README
	opensmtpd/TODO
	opensmtpd/distinfo
	opensmtpd/files/mailer.conf
	opensmtpd/files/opensmtpd.sh
	opensmtpd/patches/patch-mk_smtpd_Makefile.am
	opensmtpd/patches/patch-smtpd_smtp__session.c

Log Message:
opensmtpd: Update to 6.7.1p1

New Features:
- Allowed use of the smtpd(8) session username in built-in filters when
  available.
- Introduced a bypass keyword to smtpd(8) so that built-in filters can bypass
  processing when a condition is met.
- Allowed use of 'auth' as an origin in smtpd.conf(5).
- Allowed use of mail-from and rctp-to as for and from parameters in
  smtpd.conf(5).

Bug fixes:
- Ensured legacy ssl(8) session ID is persistent during a client TLS session,
  fixing an issue using TLSv1.3 with smtp.mail.yahoo.com.
- Fixed security vulnerabilities in smtpd(8). Corrected an out-of-bounds read
  in smtpd allowing an attacker to inject arbitrary commands into the envelope
  file to be executed as root, and ensured privilege revocation in smtpctl(8)
  to prevent arbitrary commands from being run with the _smtpq group.
- Allowed mail.local(8) to be run as non-root, opening a pipe to lockspool(1)
  for file locking.
- Fixed a security vulnerability in smtpd(8) which could lead to a privilege
  escalation on mbox deliveries and unprivileged code execution on lmtp
  deliveries.
- Added support for CIDR in a: spf atoms in smtpd(8).
- Fixed a possible crash in smtpd(8) when combining "from rdns" with nested
  virtual aliases under a particular configuration.

Experimental Features:
- Introduced smtp-out event reporting.
- Improved filtering protocol.

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=48e18e0bc17ae26349e39e925ee43147ebfdcfaa

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 opensmtpd/DESCR                               | 10 ++++
 opensmtpd/Makefile                            | 77 +++++++++++++++++++++++++++
 opensmtpd/PLIST                               | 23 ++++++++
 opensmtpd/README                              |  1 +
 opensmtpd/TODO                                | 12 +++++
 opensmtpd/distinfo                            |  8 +++
 opensmtpd/files/mailer.conf                   |  9 ++++
 opensmtpd/files/opensmtpd.sh                  | 19 +++++++
 opensmtpd/patches/patch-mk_smtpd_Makefile.am  | 29 ++++++++++
 opensmtpd/patches/patch-smtpd_smtp__session.c | 64 ++++++++++++++++++++++
 10 files changed, 252 insertions(+)

diffs:
diff --git a/opensmtpd/DESCR b/opensmtpd/DESCR
new file mode 100644
index 0000000000..5588b3e2b6
--- /dev/null
+++ b/opensmtpd/DESCR
@@ -0,0 +1,10 @@
+OpenSMTPD is a FREE implementation of the server-side SMTP protocol
+as defined by RFC 5321, with some additional standard extensions.
+It allows ordinary machines to exchange e-mails with other systems
+speaking the SMTP protocol.
+
+Started out of dissatisfaction with other implementations, OpenSMTPD
+nowadays is a fairly complete SMTP implementation.
+
+OpenSMTPD is primarily developed by Gilles Chehade, Eric Faurot and
+Charles Longeau; with contributions from various OpenBSD hackers.
diff --git a/opensmtpd/Makefile b/opensmtpd/Makefile
new file mode 100644
index 0000000000..80cc8f55bd
--- /dev/null
+++ b/opensmtpd/Makefile
@@ -0,0 +1,77 @@
+# $NetBSD$
+
+VERSION=	6.7.1p1
+DISTNAME=	opensmtpd-${VERSION}
+CATEGORIES=	mail net
+MASTER_SITES=	https://www.opensmtpd.org/archives/
+
+MAINTAINER=	pkgsrc-users%NetBSD.org@localhost
+HOMEPAGE=	https://www.opensmtpd.org/
+COMMENT=	The OpenSMTPD mail transfer agent, a replacement for sendmail
+LICENSE=	isc AND modified-bsd AND 2-clause-bsd
+
+CONFLICTS+=	courier-mta-[0-9]* fastforward>=0.51nb2 sendmail-[0-9]*
+CONFLICTS+=	esmtp>=1.2 nullmailer-[0-9]* postfix-[0-9]*
+
+BUILD_DEFS+=	VARBASE
+
+USE_LANGUAGES=	c
+USE_LIBTOOL=	yes
+USE_TOOLS+=	pkg-config yacc
+USE_TOOLS+=	automake aclocal autoheader autoconf
+
+SMTPD_HOME=	${VARBASE}/chroot/smtpd
+OWN_DIRS=	${SMTPD_HOME}
+
+PKG_GROUPS=		_smtpd _smtpq
+PKG_USERS=		_smtpd:_smtpd _smtpq:_smtpq
+PKG_GECOS._smtpd=	OpenSMTPD pseudo-user
+PKG_HOME._smtpd=	${SMTPD_HOME}
+PKG_GECOS._smtpq=	OpenSMTPD pseudo-user
+PKG_HOME._smtpq=	${SMTPD_HOME}
+
+GNU_CONFIGURE=		yes
+USE_DB185=		yes
+CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR:Q}
+CONFIGURE_ARGS+=	--with-mantype=man
+CONFIGURE_ARGS+=	--with-privsep-path=${SMTPD_HOME}
+CONFIGURE_ARGS+=	--with-ssl-dir=${SSLBASE:Q}
+CONFIGURE_ARGS+=	--enable-table-db
+CONFIGURE_ARGS+=	--without-zlib-version-check
+
+EXAMPLEDIR=	${PREFIX}/share/examples/opensmtpd
+CONF_FILES=	${EXAMPLEDIR}/smtpd.conf ${PKG_SYSCONFDIR}/smtpd.conf
+
+RCD_SCRIPTS=	opensmtpd
+
+SUBST_CLASSES+=		paths
+SUBST_FILES.paths=	${WRKDIR}/mailer.conf
+SUBST_VARS.paths=	PREFIX
+SUBST_STAGE.paths=	pre-configure
+
+SUBST_CLASSES+=			exampledir
+SUBST_STAGE.exampledir=		pre-configure
+SUBST_MESSAGE.exampledir=	Fixing exampledir path
+SUBST_FILES.exampledir=		mk/smtpd/Makefile.am
+SUBST_SED.exampledir+=		-e 's,@EXAMPLE_DIR@,${EXAMPLEDIR},'
+
+post-extract:
+	cp ${FILESDIR}/mailer.conf ${WRKDIR}/mailer.conf
+
+pre-configure:
+	cd ${WRKSRC} && ${PREFIX}/bin/libtoolize --copy --force
+	cd ${WRKSRC} && ${TOOLS_CMD.aclocal}
+	cd ${WRKSRC} && ${TOOLS_CMD.autoconf}
+	cd ${WRKSRC} && ${TOOLS_CMD.autoheader}
+	cd ${WRKSRC} && ${TOOLS_CMD.automake} --foreign --add-missing --copy
+
+post-install:
+	${INSTALL_DATA} ${WRKDIR}/mailer.conf \
+		${DESTDIR}${EXAMPLEDIR}/mailer.conf
+
+.include "../../databases/db5/buildlink3.mk"
+.include "../../devel/libevent/buildlink3.mk"
+.include "../../devel/zlib/buildlink3.mk"
+.include "../../net/libasr/buildlink3.mk"
+.include "../../security/openssl/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/opensmtpd/PLIST b/opensmtpd/PLIST
new file mode 100644
index 0000000000..94d89fdb1b
--- /dev/null
+++ b/opensmtpd/PLIST
@@ -0,0 +1,23 @@
+@comment $NetBSD$
+bin/smtp
+libexec/opensmtpd/encrypt
+libexec/opensmtpd/lockspool
+libexec/opensmtpd/mail.lmtp
+libexec/opensmtpd/mail.local
+libexec/opensmtpd/mail.maildir
+libexec/opensmtpd/mail.mboxfile
+libexec/opensmtpd/mail.mda
+man/man1/smtp.1
+man/man5/aliases.5
+man/man5/forward.5
+man/man5/smtpd.conf.5
+man/man5/table.5
+man/man8/makemap.8
+man/man8/newaliases.8
+man/man8/sendmail.8
+man/man8/smtpctl.8
+man/man8/smtpd.8
+sbin/smtpctl
+sbin/smtpd
+share/examples/opensmtpd/mailer.conf
+share/examples/opensmtpd/smtpd.conf
diff --git a/opensmtpd/README b/opensmtpd/README
new file mode 100644
index 0000000000..47b0c45af9
--- /dev/null
+++ b/opensmtpd/README
@@ -0,0 +1 @@
+This package is intended as update for mail/opensmtpd.
diff --git a/opensmtpd/TODO b/opensmtpd/TODO
new file mode 100644
index 0000000000..acf08458b0
--- /dev/null
+++ b/opensmtpd/TODO
@@ -0,0 +1,12 @@
+[X] Modify patches for release 6.7.1p1
+    - Patch for "mk/makemap/Makefile.am" removed (file no longer exists)
+    - Patch for "smtpd/queue_fs.c" removed
+      Use of statfs() is now guarded by "#ifdef __OpenBSD__"
+    - Patch for "smtpd/smtp_session.c" reduced
+      The buffersize for "username" was already increased upstream
+[X] Update PLIST
+    Binaries with sendmail names are no longer installed
+[ ] Check CONFLICTS
+    Maybe some can be removed after sendmail binaries are no longer installed
+[X] Remove BROKEN_FOR_PLATFORM
+    - OpenBSD-*-* (not tested yet)
diff --git a/opensmtpd/distinfo b/opensmtpd/distinfo
new file mode 100644
index 0000000000..a17c63dc83
--- /dev/null
+++ b/opensmtpd/distinfo
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.6 2016/06/01 11:47:06 wiz Exp $
+
+SHA1 (opensmtpd-6.7.1p1.tar.gz) = ddf1033971cf7c87d33b93d5ac80d7e65ac7a08b
+RMD160 (opensmtpd-6.7.1p1.tar.gz) = 8362d14c4620f15ce2d39fd8a68e8919c13b883c
+SHA512 (opensmtpd-6.7.1p1.tar.gz) = 403952e77b360f42d8dc8ae7cd7faeced831b9e37bffd7c67d338b7208f7471d50f3594c3475a9282d18cb17435efd305ec8c05f89eaeab5d363ddb1c4d54a2e
+Size (opensmtpd-6.7.1p1.tar.gz) = 859364 bytes
+SHA1 (patch-mk_smtpd_Makefile.am) = 57a7921cb5de3f6388ad98f9b74b98ca49da38bb
+SHA1 (patch-smtpd_smtp__session.c) = e053facbb726e78691688dbf532882418f08b25d
diff --git a/opensmtpd/files/mailer.conf b/opensmtpd/files/mailer.conf
new file mode 100644
index 0000000000..0cd17abbb4
--- /dev/null
+++ b/opensmtpd/files/mailer.conf
@@ -0,0 +1,9 @@
+#	$NetBSD: mailer.conf,v 1.2 2016/05/01 05:56:40 mef Exp $
+#
+# Use "opensmtpd" replacements 
+#
+sendmail	@PREFIX@/sbin/smtpctl
+send-mail	@PREFIX@/sbin/smtpctl
+mailq		@PREFIX@/sbin/mailq
+makemap         @PREFIX@/sbin/makemap
+newaliases	@PREFIX@/sbin/newaliases
diff --git a/opensmtpd/files/opensmtpd.sh b/opensmtpd/files/opensmtpd.sh
new file mode 100644
index 0000000000..31417bb79d
--- /dev/null
+++ b/opensmtpd/files/opensmtpd.sh
@@ -0,0 +1,19 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: opensmtpd.sh,v 1.1 2013/11/18 22:50:01 pettai Exp $
+#
+
+# PROVIDE: mail
+# REQUIRE: LOGIN
+#       we make mail start late, so that things like .forward's are not
+#       processed until the system is fully operational
+
+. /etc/rc.subr
+
+name="smtpd"
+rcvar=opensmtpd
+command="@PREFIX@/sbin/${name}"
+required_files="@PKG_SYSCONFDIR@/smtpd.conf"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/opensmtpd/patches/patch-mk_smtpd_Makefile.am b/opensmtpd/patches/patch-mk_smtpd_Makefile.am
new file mode 100644
index 0000000000..5021302886
--- /dev/null
+++ b/opensmtpd/patches/patch-mk_smtpd_Makefile.am
@@ -0,0 +1,29 @@
+$NetBSD$
+
+Install the configuration file in the example directory.
+
+--- mk/smtpd/Makefile.am.orig	2016-02-02 07:40:06.000000000 +0000
++++ mk/smtpd/Makefile.am
+@@ -162,17 +162,16 @@ $(CONFIGFILES): $(CONFIGFILES_IN)
+ 
+ # smtpd.conf
+ # newaliases makemap
++
++EXAMPLE_DIR=@EXAMPLE_DIR@
++
+ install-exec-hook: $(CONFIGFILES) $(MANPAGES)
+-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)
++	$(MKDIR_P) $(DESTDIR)$(EXAMPLE_DIR)
+ 	$(MKDIR_P) $(DESTDIR)$(bindir)
+ 	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
+ 	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
+ 
+-	@if [ ! -f $(DESTDIR)$(sysconfdir)/smtpd.conf ]; then			\
+-		$(INSTALL) -m 644 smtpd.conf.out $(DESTDIR)$(sysconfdir)/smtpd.conf; \
+-	else									\
+-		echo "$(DESTDIR)$(sysconfdir)/smtpd.conf already exists, install will not overwrite"; \
+-	fi
++	$(INSTALL) -m 644 smtpd.conf.out $(DESTDIR)$(EXAMPLE_DIR)/smtpd.conf
+ 
+ 	$(INSTALL) -m 644 aliases.5.out		$(DESTDIR)$(mandir)/$(mansubdir)5/aliases.5
+ 	$(INSTALL) -m 644 forward.5.out		$(DESTDIR)$(mandir)/$(mansubdir)5/forward.5
diff --git a/opensmtpd/patches/patch-smtpd_smtp__session.c b/opensmtpd/patches/patch-smtpd_smtp__session.c
new file mode 100644
index 0000000000..5755441dbd
--- /dev/null
+++ b/opensmtpd/patches/patch-smtpd_smtp__session.c
@@ -0,0 +1,64 @@
+$NetBSD$
+
+Add a patch to handle long usernames during SMTP authentication,
+e.g. often username exceeds the limit when it contains @host.name
+part.
+
+From FreeBSD's ports.
+
+cf.http://svnweb.freebsd.org/ports?view=revision&revision=394424
+
+For update 6.7.1p1:
+Removed hunk to increase buffersize to LOGIN_NAME_MAX+HOST_NAME_MAX+1,
+this was already increased upstream to SMTPD_MAXMAILADDRSIZE.
+
+--- smtpd/smtp_session.c.orig	2020-05-21 19:06:04.000000000 +0000
++++ smtpd/smtp_session.c
+@@ -84,6 +84,7 @@ enum {
+ 	TX_ERROR_ENVELOPE,
+ 	TX_ERROR_SIZE,
+ 	TX_ERROR_IO,
++	SF_USERTOOLONG		= 0x0400,
+ 	TX_ERROR_LOOP,
+ 	TX_ERROR_MALFORMED,
+ 	TX_ERROR_RESOURCES,
+@@ -970,6 +971,15 @@ smtp_session_imsg(struct mproc *p, struc
+ 
+ 		s = tree_xpop(&wait_parent_auth, reqid);
+ 		strnvis(user, s->username, sizeof user, VIS_WHITE | VIS_SAFE);
++
++		if (s->flags & SF_USERTOOLONG) {
++			log_info("smtp-in: sesson %016"PRIx64
++				": auth failed because username too long",
++				s->id);
++			s->flags &= (~SF_USERTOOLONG);
++			success = LKA_PERMFAIL;
++		}
++
+ 		if (success == LKA_OK) {
+ 			log_info("%016"PRIx64" smtp "
+ 			    "authentication user=%s "
+@@ -1967,7 +1977,7 @@ smtp_rfc4954_auth_plain(struct smtp_sess
+ 		user++; /* skip NUL */
+ 		if (strlcpy(s->username, user, sizeof(s->username))
+ 		    >= sizeof(s->username))
+-			goto abort;
++			s->flags |= SF_USERTOOLONG;
+ 
+ 		pass = memchr(user, '\0', len - (user - buf));
+ 		if (pass == NULL || pass >= buf + len - 2)
+@@ -2011,9 +2021,12 @@ smtp_rfc4954_auth_login(struct smtp_sess
+ 
+ 	case STATE_AUTH_USERNAME:
+ 		memset(s->username, 0, sizeof(s->username));
+-		if (base64_decode(arg, (unsigned char *)s->username,
+-				  sizeof(s->username) - 1) == -1)
++		if (base64_decode(arg, (unsigned char *)buf,
++				  sizeof(buf) - 1) == -1)
+ 			goto abort;
++		if (strlcpy(s->username, buf, sizeof(s->username))
++		    >= sizeof(s->username))
++			s->flags |= SF_USERTOOLONG;
+ 
+ 		smtp_enter_state(s, STATE_AUTH_PASSWORD);
+ 		smtp_reply(s, "334 UGFzc3dvcmQ6");


Home | Main Index | Thread Index | Old Index