summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Narron <richard@aaazen.com>2020-01-31 21:53:20 +0700
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2020-01-31 21:53:20 +0700
commitf4a7890228d1f350afb35efb6751e2ddd212e1e2 (patch)
tree685fa1eec6aaad849a55f4c121acd237182c2f6f
parente9d3d3f3c79ea71059f590496d62f004e4f07c40 (diff)
downloadslackbuilds-f4a7890228d1f350afb35efb6751e2ddd212e1e2.tar.gz
network/opensmtpd: Fix more security issues.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
-rw-r--r--network/opensmtpd/openbsd64-020-smtpd.patch4
-rw-r--r--network/opensmtpd/openbsd65-029-smptd-tls.patch52
-rw-r--r--network/opensmtpd/openbsd66-019-smtpd-exec.patch46
-rw-r--r--network/opensmtpd/opensmtpd.SlackBuild10
4 files changed, 110 insertions, 2 deletions
diff --git a/network/opensmtpd/openbsd64-020-smtpd.patch b/network/opensmtpd/openbsd64-020-smtpd.patch
index a1aa51607a..8ce7178da8 100644
--- a/network/opensmtpd/openbsd64-020-smtpd.patch
+++ b/network/opensmtpd/openbsd64-020-smtpd.patch
@@ -1,3 +1,7 @@
+OpenBSD 6.4 errata 020, August 2, 2019
+
+smtpd can crash on excessively large input, causing a denial of service.
+
--- a/smtpd/smtp_session.c 3 Sep 2018 19:01:29 -0000 1.337
+++ b/smtpd/smtp_session.c 1 Aug 2019 21:18:53 -0000
@@ -1904,15 +1904,21 @@ smtp_reply(struct smtp_session *s, char
diff --git a/network/opensmtpd/openbsd65-029-smptd-tls.patch b/network/opensmtpd/openbsd65-029-smptd-tls.patch
new file mode 100644
index 0000000000..a2727decf8
--- /dev/null
+++ b/network/opensmtpd/openbsd65-029-smptd-tls.patch
@@ -0,0 +1,52 @@
+OpenBSD 6.5 errata 029, January 30, 2020:
+
+smtpd can crash on opportunistic TLS downgrade, causing a denial of service.
+
+--- usr.sbin/smtpd/mta_session.c 23 Dec 2018 16:37:53 -0000 1.115
++++ usr.sbin/smtpd/mta_session.c 20 Jan 2020 10:36:58 -0000
+@@ -1292,40 +1292,20 @@ mta_io(struct io *io, int evt, void *arg
+ break;
+
+ case IO_ERROR:
++ case IO_TLSERROR:
+ log_debug("debug: mta: %p: IO error: %s", s, io_error(io));
+- if (!s->ready) {
+- mta_error(s, "IO Error: %s", io_error(io));
+- mta_connect(s);
+- break;
+- }
+- else if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) {
+- /* error in non-strict SSL negotiation, downgrade to plain */
+- if (s->flags & MTA_TLS) {
+- log_info("smtp-out: Error on session %016"PRIx64
+- ": opportunistic TLS failed, "
+- "downgrading to plain", s->id);
+- s->flags &= ~MTA_TLS;
+- s->flags |= MTA_DOWNGRADE_PLAIN;
+- mta_connect(s);
+- break;
+- }
+- }
+- mta_error(s, "IO Error: %s", io_error(io));
+- mta_free(s);
+- break;
+
+- case IO_TLSERROR:
+- log_debug("debug: mta: %p: TLS IO error: %s", s, io_error(io));
+- if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) {
++ if (s->state == MTA_STARTTLS && s->use_smtp_tls) {
+ /* error in non-strict SSL negotiation, downgrade to plain */
+- log_info("smtp-out: TLS Error on session %016"PRIx64
+- ": TLS failed, "
++ log_info("smtp-out: Error on session %016"PRIx64
++ ": opportunistic TLS failed, "
+ "downgrading to plain", s->id);
+ s->flags &= ~MTA_TLS;
+ s->flags |= MTA_DOWNGRADE_PLAIN;
+ mta_connect(s);
+ break;
+ }
++
+ mta_error(s, "IO Error: %s", io_error(io));
+ mta_free(s);
+ break;
diff --git a/network/opensmtpd/openbsd66-019-smtpd-exec.patch b/network/opensmtpd/openbsd66-019-smtpd-exec.patch
new file mode 100644
index 0000000000..93ce19dcb1
--- /dev/null
+++ b/network/opensmtpd/openbsd66-019-smtpd-exec.patch
@@ -0,0 +1,46 @@
+OpenBSD 6.6 errata 019, January 30, 2020:
+
+An incorrect check allows an attacker to trick mbox delivery into executing
+arbitrary commands as root and lmtp delivery into executing arbitrary commands
+as an unprivileged user.
+
+--- usr.sbin/smtpd/smtp_session.c 4 Oct 2019 08:34:29 -0000 1.415
++++ usr.sbin/smtpd/smtp_session.c 26 Jan 2020 05:56:37 -0000
+@@ -2012,24 +2012,22 @@ smtp_mailaddr(struct mailaddr *maddr, ch
+ memmove(maddr->user, p, strlen(p) + 1);
+ }
+
+- if (!valid_localpart(maddr->user) ||
+- !valid_domainpart(maddr->domain)) {
+- /* accept empty return-path in MAIL FROM, required for bounces */
+- if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0')
+- return (1);
++ /* accept empty return-path in MAIL FROM, required for bounces */
++ if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0')
++ return (1);
+
+- /* no user-part, reject */
+- if (maddr->user[0] == '\0')
+- return (0);
+-
+- /* no domain, local user */
+- if (maddr->domain[0] == '\0') {
+- (void)strlcpy(maddr->domain, domain,
+- sizeof(maddr->domain));
+- return (1);
+- }
++ /* no or invalid user-part, reject */
++ if (maddr->user[0] == '\0' || !valid_localpart(maddr->user))
+ return (0);
++
++ /* no domain part, local user */
++ if (maddr->domain[0] == '\0') {
++ (void)strlcpy(maddr->domain, domain,
++ sizeof(maddr->domain));
+ }
++
++ if (!valid_domainpart(maddr->domain))
++ return (0);
+
+ return (1);
+ }
diff --git a/network/opensmtpd/opensmtpd.SlackBuild b/network/opensmtpd/opensmtpd.SlackBuild
index d2e54fba71..052a1fcf03 100644
--- a/network/opensmtpd/opensmtpd.SlackBuild
+++ b/network/opensmtpd/opensmtpd.SlackBuild
@@ -3,7 +3,7 @@
# Slackware build script for opensmtpd
# Copyright 2013-2014 Robby Workman, Northport, Alabama, USA
-# Copyright 2015-2018 Richard Narron, California, USA
+# Copyright 2015-2020 Richard Narron, California, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -25,7 +25,7 @@
PRGNAM=opensmtpd
VERSION=${VERSION:-6.0.3p1}
-BUILD=${BUILD:-4}
+BUILD=${BUILD:-5}
TAG=${TAG:-_SBo}
if [ -z "$ARCH" ]; then
@@ -95,6 +95,12 @@ find -L . \
# fix reply buffer overflow
cat $CWD/openbsd64-020-smtpd.patch | patch -p1
+# fix tls downgrade
+cat $CWD/openbsd65-029-smptd-tls.patch | patch -p1
+
+# fix exec
+cat $CWD/openbsd66-019-smtpd-exec.patch | patch -p1
+
# check null from crypt function
cat $CWD/fix-crash-on-authentication.patch | patch -p1