Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sendmail: update to 8.16.1

Browse source 
Refreshed patches and removed upstreamed ones.

Switched main URL and removed others. None of them have the proper
file. The first actually has a bad one. The changed URL is from the
official website.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
This commit is contained in:
Rosen Penev 2020-09-22 15:58:47 -07:00
parent 3a32eec211
commit aea5236367
No known key found for this signature in database
GPG key ID: 36D31CFA845F0E3B
6 changed files with 34 additions and 496 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
mail/sendmail/Makefile
View file

@ -7,14 +7,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=sendmail
PKG_VERSION:=8.15.2
PKG_RELEASE:=4
PKG_VERSION:=8.16.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME).$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://artfiles.org/sendmail.org/pub/sendmail/ \
ftp://ftp.cs.berkeley.edu/ucb/sendmail/ \
http://www.netgull.com/sendmail/
PKG_HASH:=24f94b5fd76705f15897a78932a5f2439a32b1a2fdc35769bb1a5f5d9b4db439
PKG_SOURCE_URL:=ftp://ftp.sendmail.org/pub/sendmail
PKG_HASH:=7886d5dc4b436b86175f32b5b9c7305c80787749847e2909bf99123ecc4e64ba
PKG_MAINTAINER:=Val Kulkov <val.kulkov@gmail.com>
PKG_LICENSE:=Sendmail

60
mail/sendmail/patches/100-misc-os-musl-fixes.patch
View file

@ -1,33 +1,3 @@
--- a/include/sm/conf.h
+++ b/include/sm/conf.h
@@ -57,7 +57,7 @@
# endif /* ! HASNICE */
# ifndef HASRRESVPORT
-# define HASRRESVPORT 1 /* has rrsevport(3) call */
+# define HASRRESVPORT 0 /* has rrsevport(3) call */
# endif /* ! HASRRESVPORT */
/**********************************************************************
@@ -1470,7 +1470,9 @@ extern void *malloc();
# define SM_CONF_GETOPT 0 /* need a replacement for getopt(3) */
# define HASUNAME 1 /* use System V uname(2) system call */
# define HASUNSETENV 1 /* has unsetenv(3) call */
-# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
+# ifdef __GLIBC__
+# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
+# endif /* __GLIBC__ */
# define GIDSET_T gid_t /* from <linux/types.h> */
# ifndef HASGETUSERSHELL
# define HASGETUSERSHELL 0 /* getusershell(3) broken in Slackware 2.0 */
@@ -1508,6 +1510,7 @@ extern void *malloc();
# if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
# define HASSTRERROR 1 /* has strerror(3) */
# endif /* defined(__GLIBC__) && defined(__GLIBC_MINOR__) */
+# define HASSTRERROR 1 /* Patch for LEDE/OpenWRT: has strerror(3) */
# ifndef TZ_TYPE
# define TZ_TYPE TZ_NONE /* no standard for Linux */
# endif /* ! TZ_TYPE */
--- a/devtools/bin/Build
+++ b/devtools/bin/Build
@@ -320,6 +320,16 @@ then
@ -47,3 +17,33 @@
if [ ! "$arch" -a ! "$os" -a ! "$rel" ]
then
arch=`uname -m | sed -e 's/ //g' -e 's/\//-/g'`
--- a/include/sm/conf.h
+++ b/include/sm/conf.h
@@ -57,7 +57,7 @@
# endif
# ifndef HASRRESVPORT
-# define HASRRESVPORT 1 /* has rrsevport(3) call */
+# define HASRRESVPORT 0 /* has rrsevport(3) call */
# endif
/**********************************************************************
@@ -1484,7 +1484,9 @@ extern void *malloc();
# define SM_CONF_GETOPT 0 /* need a replacement for getopt(3) */
# define HASUNAME 1 /* use System V uname(2) system call */
# define HASUNSETENV 1 /* has unsetenv(3) call */
-# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
+# ifdef __GLIBC__
+# define ERRLIST_PREDEFINED /* don't declare sys_errlist */
+# endif
# define GIDSET_T gid_t /* from <linux/types.h> */
# ifndef HASGETUSERSHELL
# define HASGETUSERSHELL 0 /* getusershell(3) broken in Slackware 2.0 */
@@ -1522,6 +1524,7 @@ extern void *malloc();
# if defined(__GLIBC__) && defined(__GLIBC_MINOR__)
# define HASSTRERROR 1 /* has strerror(3) */
# endif
+# define HASSTRERROR 1 /* Patch for LEDE/OpenWRT: has strerror(3) */
# ifndef TZ_TYPE
# define TZ_TYPE TZ_NONE /* no standard for Linux */
# endif

109
mail/sendmail/patches/101-fix-format-security.patch
View file

@ -1,109 +0,0 @@
Index: sendmail-8.15.2/sendmail/envelope.c
===================================================================
--- sendmail-8.15.2.orig/sendmail/envelope.c
+++ sendmail-8.15.2/sendmail/envelope.c
@@ -323,7 +323,7 @@ dropenvelope(e, fulldrop, split)
/* don't free, allocated from e_rpool */
e->e_message = sm_rpool_strdup_x(e->e_rpool, buf);
- message(buf);
+ message("%s", buf);
e->e_flags |= EF_CLRQUEUE;
}
if (msg_timeout == MSG_NOT_BY)
@@ -420,7 +420,7 @@ dropenvelope(e, fulldrop, split)
/* don't free, allocated from e_rpool */
e->e_message = sm_rpool_strdup_x(e->e_rpool,
buf);
- message(buf);
+ message("%s", buf);
e->e_flags |= EF_WARNING;
}
if (msg_timeout == MSG_WARN_BY)
Index: sendmail-8.15.2/sendmail/parseaddr.c
===================================================================
--- sendmail-8.15.2.orig/sendmail/parseaddr.c
+++ sendmail-8.15.2/sendmail/parseaddr.c
@@ -218,7 +218,7 @@ parseaddr(addr, a, flags, delim, delimpt
msg = "Deferring message until queue run";
if (tTd(20, 1))
sm_dprintf("parseaddr: queueing message\n");
- message(msg);
+ message("%s", msg);
if (e->e_message == NULL && e->e_sendmode != SM_DEFER)
e->e_message = sm_rpool_strdup_x(e->e_rpool, msg);
a->q_state = QS_QUEUEUP;
Index: sendmail-8.15.2/sendmail/srvrsmtp.c
===================================================================
--- sendmail-8.15.2.orig/sendmail/srvrsmtp.c
+++ sendmail-8.15.2/sendmail/srvrsmtp.c
@@ -578,13 +578,13 @@ static bool smtp_data __P((SMTP_T *, ENV
bool tsave = QuickAbort; \
\
QuickAbort = false; \
- usrerr(response); \
+ usrerr("%s", response); \
QuickAbort = tsave; \
e->e_sendqueue = NULL; \
goto doquit; \
} \
else \
- usrerr(response); \
+ usrerr("%s", response); \
break; \
\
case SMFIR_REJECT: \
@@ -615,7 +615,7 @@ static bool smtp_data __P((SMTP_T *, ENV
str, addr, MSG_TEMPFAIL); \
LogUsrErrs = false; \
} \
- usrerr(MSG_TEMPFAIL); \
+ usrerr("%s", MSG_TEMPFAIL); \
break; \
default: \
milter_cmd_fail = false; \
@@ -931,7 +931,7 @@ smtp(nullserver, d_flags, e)
}
else if (strncmp(nullserver, "421 ", 4) == 0)
{
- message(nullserver);
+ message("%s", nullserver);
goto doquit;
}
@@ -1849,7 +1849,7 @@ smtp(nullserver, d_flags, e)
if (nullserver != NULL)
{
if (ISSMTPREPLY(nullserver))
- usrerr(nullserver);
+ usrerr("%s", nullserver);
else
usrerr("550 5.0.0 %s",
nullserver);
@@ -2452,7 +2452,7 @@ smtp(nullserver, d_flags, e)
tempfail = true;
smtp.sm_milterize = false;
if (response != NULL)
- usrerr(response);
+ usrerr("%s", response);
else
message("421 4.7.0 %s closing connection",
MyHostName);
@@ -3659,7 +3659,7 @@ smtp_data(smtp, e)
(void) extenhsc(response + 4, ' ', e->e_enhsc);
#endif /* _FFR_MILTER_ENHSC */
- usrerr(response);
+ usrerr("%s", response);
if (strncmp(response, "421 ", 4) == 0
|| strncmp(response, "421-", 4) == 0)
{
@@ -3779,7 +3779,7 @@ smtp_data(smtp, e)
if (ISSMTPCODE(response))
(void) extenhsc(response + 4, ' ', e->e_enhsc);
#endif /* _FFR_MILTER_ENHSC */
- usrerr(response);
+ usrerr("%s", response);
if (strncmp(response, "421 ", 4) == 0
|| strncmp(response, "421-", 4) == 0)
rv = false;

255
mail/sendmail/patches/200-openssl-1.1.1.patch
View file

@ -1,255 +0,0 @@
Not needed for 8.16
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat, 10 Sep 2016 19:27:17 +0000
Subject: [PATCH] sendmail: compile against openssl 1.1.0
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
--- a/sendmail/tls.c
+++ b/sendmail/tls.c
@@ -60,18 +60,58 @@ static unsigned char dh512_g[] =
0x02
};
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+
+static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+ /* If the fields p and g in d are NULL, the corresponding input
+ * parameters MUST be non-NULL. q may remain NULL.
+ */
+ if ((dh->p == NULL && p == NULL)
+ || (dh->g == NULL && g == NULL))
+ return 0;
+
+ if (p != NULL) {
+ BN_free(dh->p);
+ dh->p = p;
+ }
+ if (q != NULL) {
+ BN_free(dh->q);
+ dh->q = q;
+ }
+ if (g != NULL) {
+ BN_free(dh->g);
+ dh->g = g;
+ }
+
+ if (q != NULL) {
+ dh->length = BN_num_bits(q);
+ }
+
+ return 1;
+}
+#endif
+
static DH *
get_dh512()
{
DH *dh = NULL;
+ BIGNUM *p;
+ BIGNUM *g;
- if ((dh = DH_new()) == NULL)
- return NULL;
- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- return NULL;
+ dh = DH_new();
+ p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+ g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+ if (!dh || !p || !g)
+ goto err;
+ if (!DH_set0_pqg(dh, p, NULL, g))
+ goto err;
return dh;
+err:
+ DH_free(dh);
+ BN_free(p);
+ BN_free(g);
+ return NULL;
}
# if 0
@@ -117,17 +157,22 @@ get_dh2048()
};
static unsigned char dh2048_g[]={ 0x02, };
DH *dh;
+ BIGNUM *p;
+ BIGNUM *g;
- if ((dh=DH_new()) == NULL)
- return(NULL);
- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- {
- DH_free(dh);
- return(NULL);
- }
+ dh = DH_new();
+ p = BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+ g = BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+ if (!dh || !p || !g)
+ goto err;
+ if (!DH_set0_pqg(dh, p, NULL, g))
+ goto err;
return(dh);
+err:
+ DH_free(dh);
+ BN_free(p);
+ BN_free(g);
+ return NULL;
}
# endif /* !NO_DH */
@@ -926,7 +971,7 @@ inittls(ctx, req, options, srv, certfile
{
/* get a pointer to the current certificate validation store */
store = SSL_CTX_get_cert_store(*ctx); /* does not fail */
- crl_file = BIO_new(BIO_s_file_internal());
+ crl_file = BIO_new(BIO_s_file());
if (crl_file != NULL)
{
if (BIO_read_filename(crl_file, CRLFile) >= 0)
@@ -1000,26 +1045,43 @@ inittls(ctx, req, options, srv, certfile
** maybe we should do it only on demand...
*/
- if (bitset(TLS_I_RSA_TMP, req)
# if SM_CONF_SHM
- && ShmId != SM_SHM_NO_ID &&
- (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
- NULL)) == NULL
-# else /* SM_CONF_SHM */
- && 0 /* no shared memory: no need to generate key now */
-# endif /* SM_CONF_SHM */
- )
+ if (bitset(TLS_I_RSA_TMP, req)
+ && ShmId != SM_SHM_NO_ID)
{
- if (LogLevel > 7)
+ BIGNUM *bn;
+
+ bn = BN_new();
+ rsa_tmp = RSA_new();
+ if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
+ if (rsa_tmp)
{
- sm_syslog(LOG_WARNING, NOQID,
- "STARTTLS=%s, error: RSA_generate_key failed",
- who);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ if (!RSA_generate_key_ex(rsa_tmp, RSA_KEYLENGTH, bn, NULL))
+ {
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
+ }
+ BN_free(bn);
+ if (!rsa_tmp)
+ {
+ if (LogLevel > 7)
+ {
+ sm_syslog(LOG_WARNING, NOQID,
+ "STARTTLS=%s, error: RSA_generate_key failed",
+ who);
+ if (LogLevel > 9)
+ tlslogerr(LOG_WARNING, who);
+ }
+ return false;
}
- return false;
}
+# else /* SM_CONF_SHM */
+ /* no shared memory: no need to generate key now */
+# endif /* SM_CONF_SHM */
# endif /* !TLS_NO_RSA */
/*
@@ -1210,9 +1272,15 @@ inittls(ctx, req, options, srv, certfile
sm_dprintf("inittls: Generating %d bit DH parameters\n", bits);
/* this takes a while! */
- dsa = DSA_generate_parameters(bits, NULL, 0, NULL,
- NULL, 0, NULL);
- dh = DSA_dup_DH(dsa);
+ dsa = DSA_new();
+ if (dsa) {
+ int r;
+
+ r = DSA_generate_parameters_ex(dsa, bits, NULL, 0,
+ NULL, NULL, NULL);
+ if (r != 0)
+ dh = DSA_dup_DH(dsa);
+ }
DSA_free(dsa);
}
else if (dh == NULL && bitset(TLS_I_DHFIXED, req))
@@ -1733,6 +1801,9 @@ tmp_rsa_key(s, export, keylength)
int export;
int keylength;
{
+ BIGNUM *bn;
+ int ret;
+
# if SM_CONF_SHM
extern int ShmId;
extern int *PRSATmpCnt;
@@ -1742,10 +1813,22 @@ tmp_rsa_key(s, export, keylength)
return rsa_tmp;
# endif /* SM_CONF_SHM */
- if (rsa_tmp != NULL)
- RSA_free(rsa_tmp);
- rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL);
- if (rsa_tmp == NULL)
+ if (rsa_tmp == NULL) {
+ rsa_tmp = RSA_new();
+ if (!rsa_tmp)
+ return NULL;
+ }
+
+ bn = BN_new();
+ if (!bn)
+ return NULL;
+ if (!BN_set_word(bn, RSA_F4)) {
+ BN_free(bn);
+ return NULL;
+ }
+ ret = RSA_generate_key_ex(rsa_tmp, RSA_KEYLENGTH, bn, NULL);
+ BN_free(bn);
+ if (!ret)
{
if (LogLevel > 0)
sm_syslog(LOG_ERR, NOQID,
@@ -1971,9 +2054,9 @@ x509_verify_cb(ok, ctx)
{
if (LogLevel > 13)
tls_verify_log(ok, ctx, "x509");
- if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL)
+ if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL)
{
- ctx->error = 0;
+ X509_STORE_CTX_set_error(ctx, 0);
return 1; /* override it */
}
}
--- a/doc/op/op.me
+++ b/doc/op/op.me
@@ -10898,7 +10898,7 @@ C=FileName_of_CA_Certificate
ln -s $C `openssl x509 -noout -hash < $C`.0
.)b
A better way to do this is to use the
-.b c_rehash
+.b "openssl rehash"
command that is part of the OpenSSL distribution
because it handles subject hash collisions
by incrementing the number in the suffix of the filename of the symbolic link,

20
mail/sendmail/patches/201-openssl-1.1.1-ecdhe.patch
View file

@ -1,20 +0,0 @@
Not needed for 8.16
--- a/sendmail/tls.c
+++ b/sendmail/tls.c
@@ -1325,13 +1325,8 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
}
#if _FFR_TLS_EC
- ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- if (ecdh != NULL)
- {
- SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
- SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
- EC_KEY_free(ecdh);
- }
+ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
+ SSL_CTX_set_ecdh_auto(*ctx, 1);
#endif /* _FFR_TLS_EC */
}

76
mail/sendmail/patches/202-openssl-deprecated.patch
View file

@ -1,76 +0,0 @@
Must be rebased for 8.16
--- a/sendmail/main.c
+++ b/sendmail/main.c
@@ -17,6 +17,9 @@
#include <sm/xtrap.h>
#include <sm/signal.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define OpenSSL_version_num SSLeay
+#endif
#ifndef lint
SM_UNUSED(static char copyright[]) =
"@(#) Copyright (c) 1998-2013 Proofpoint, Inc. and its suppliers.\n\
@@ -650,7 +653,7 @@ main(argc, argv, envp)
sm_dprintf(" OpenSSL: compiled 0x%08x\n",
(uint) OPENSSL_VERSION_NUMBER);
sm_dprintf(" OpenSSL: linked 0x%08x\n",
- (uint) SSLeay());
+ (uint) OpenSSL_version_num());
}
#endif /* STARTTLS */
--- a/sendmail/tls.c
+++ b/sendmail/tls.c
@@ -16,9 +16,25 @@ SM_RCSID("@(#)$Id: tls.c,v 8.127 2013-11-27 02:51:11 gshapiro Exp $")
# include <openssl/err.h>
# include <openssl/bio.h>
# include <openssl/pem.h>
+# include <openssl/bn.h>
+# include <openssl/dh.h>
+# include <openssl/dsa.h>
+# include <openssl/rsa.h>
# ifndef HASURANDOMDEV
# include <openssl/rand.h>
# endif /* ! HASURANDOMDEV */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define OpenSSL_version_num SSLeay
+#endif
+
+#ifndef CRYPTO_thread_id
+#define CRYPTO_thread_id() (0UL)
+#endif
+
+#ifndef SSL_CTX_set_tmp_rsa_callback
+#define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0)
+#endif
+
# if !TLS_NO_RSA
static RSA *rsa_tmp = NULL; /* temporary RSA key */
static RSA *tmp_rsa_key __P((SSL *, int, int));
@@ -380,6 +396,7 @@ init_tls_library(fipsmode)
{
bool bv;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* basic TLS initialization, ignore result for now */
SSL_library_init();
SSL_load_error_strings();
@@ -388,6 +405,7 @@ init_tls_library(fipsmode)
/* this is currently a macro for SSL_library_init */
SSLeay_add_ssl_algorithms();
# endif /* 0 */
+#endif /* OPENSSL_VERSION_NUMBER */
bv = tls_rand_init(RandFile, 7);
# if _FFR_FIPSMODE
@@ -1207,7 +1225,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
** just the compile time version.
*/
- rt_version = SSLeay();
+ rt_version = OpenSSL_version_num();
if (rt_version >= 0x00908000L && rt_version <= 0x0090802fL)
{
comp_methods = SSL_COMP_get_compression_methods();