1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-12 03:00:28 +00:00
Commit Graph

88 Commits

Author SHA1 Message Date
Dima Panov
f8c87108f4 mail/opensmtpd: update to 6.7.1p1 portable release
- fixes a packaging issue causing asr.h to be installed in target system
- fixes a possible crash in the MTA when establishing IPv6 connections
2020-05-22 03:55:47 +00:00
Dima Panov
9c9a6014de mail/opensmtpd: update to 6.7.0p1 portable release
Changes in this release:
========================

New Features:

- Allowed use of the smtpd(8) session username in built-in filters when available.
- Introduced a bypass keyword to smtpd(8) so that built-in filters can bypass processing when a condition is met.
- Allowed use of 'auth' as an origin in smtpd.conf(5).
- Allowed use of mail-from and rctp-to as for and from parameters in smtpd.conf(5).

Bug fixes:

- Ensured legacy ssl(8) session ID is persistent during a client TLS session, fixing an issue using TLSv1.3 with smtp.mail.yahoo.com.
- Fixed security vulnerabilities in smtpd(8). Corrected an out-of-bounds read in smtpd allowing an attacker to inject arbitrary commands into the envelope file to be executed as root, and ensured privilege revocation in smtpctl(8) to prevent arbitrary commands from being run with the _smtpq group.
- Allowed mail.local(8) to be run as non-root, opening a pipe to lockspool(1) for file locking.
- Fixed a security vulnerability in smtpd(8) which could lead to a privilege escalation on mbox deliveries and unprivileged code execution on lmtp deliveries.
- Added support for CIDR in a: spf atoms in smtpd(8).
- Fixed a possible crash in smtpd(8) when combining "from rdns" with nested virtual aliases under a particular configuration.
2020-05-19 16:14:25 +00:00
Dima Panov
3110b020c9 Fix missed '\' at line end
Pointyhat to: fluffy
2020-03-31 17:48:10 +00:00
Dima Panov
b49be27ea0 mail/opensmtpd: We not need to care about OpenBSD here
Make configure args for mbox path unconditional

Noted by:	mat
2020-03-31 17:44:14 +00:00
Dima Panov
4214e3e63b mail/opensmtpd: honor hier(1) for mbox homedir
By default, OpenSMTPd rely on OpenBSD defaults, /var/spool/mail, instead of /var/mail
Point it on /var/mail on all supported platforms != OpenBSD

Reported by:	Denis Fortin via private mail
MFH:		2020Q1
2020-03-26 08:55:42 +00:00
Dima Panov
35c76eef93 mail/opensmtpd: update to 6.6.4p1 security releaase
SECURITY RELEASE

An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.

MFH:		2020Q1
2020-02-24 18:36:49 +00:00
Dima Panov
709e896e3e mail/opensmtpd: update to 6.6.3p1 release
- switch default configuration to maildir
- allow mbox to deliver to users without requiring privileges in the daemon
- allow lmtp to receive sender/recipient in environment

MFH:		2020Q1
2020-02-11 15:32:35 +00:00
Dima Panov
9fc14f090e mil/opensmtpd: update to 6.6.2p1 relase
This update addressed LPE and RCE vulnerabilities in OpenSMTPD (CVE-2020-7247)
https://www.openwall.com/lists/oss-security/2020/01/28/3

This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch
smtpd to new grammar") and allows an attacker to execute arbitrary shell
commands, as root:

- either locally, in OpenSMTPD's default configuration (which listens on
  the loopback interface and only accepts mail from localhost);

- or locally and remotely, in OpenSMTPD's "uncommented" default
  configuration (which listens on all interfaces and accepts external
  mail).

PR:		243686
Reported by:	authors via irc
MFH:		2020Q1
Relnotes:	https://www.mail-archive.com/misc@opensmtpd.org/msg04850.html
2020-01-29 02:55:05 +00:00
Bernard Spil
0467bf077e Chase rename of security/openssl111
- Categories a-m

MFH:		2020Q1
2020-01-01 17:27:54 +00:00
Dima Panov
b456a4c443 - Update OpenSMTPd to 6.6.1p1 portable release 2019-11-06 12:59:35 +00:00
Dima Panov
2c93cc9558 - Update OpenSMTPd to 6.6.0 portable release
This release builds with LibreSSL > 3.0.2 or OpenSSL > 1.1.0.
    FreeBSD 11.x users should update to 12.x/13.x or switch system-wide
    default ssl library to openssl111/libressl

- Update -extras to 6.4.0 release
    Filters still missing, corresponded ports temporary markes
    as IGNORED

PR:		213442,228937
MFH:		2019Q4
2019-10-26 16:24:47 +00:00
Mathieu Arnold
558224994b onvert to UCL & cleanup pkg-message (categories l-m) 2019-08-13 22:29:42 +00:00
Jan Beich
f18538b989 devel/libevent2: update to 2.1.11
Changes:	https://github.com/libevent/libevent/releases/tag/release-2.1.11-stable
ABI:		https://abi-laboratory.pro/tracker/timeline/libevent/
PR:		239599
Reported by:	GitHub (watch releases)
Approved by:	zeising (maintainer)
MFH:		2019Q3 (maybe security, partially restores 2.1.8 ABI)
Differential Revision:	https://reviews.freebsd.org/D21133
2019-08-02 13:30:40 +00:00
Dima Panov
e834d6e9a9 - Unbreak on 12+ with SSL_DEFAULT=libressl[-devel]
Submitted by:	gahr
2018-12-22 03:21:16 +00:00
Dima Panov
2554ea9c97 - While major 6.4 update still cooking (authors dropped openssl support at all
in favor of libressl), mark OpenSMTPd as BROKEN with openssl 1.1.x api
- Use https in pkg-descr url

MFH:		2018Q4
2018-11-05 23:28:55 +00:00
Dmitry Marakasov
9683af6323 - Update WWW
Approved by:	portmgr blanket
2018-10-21 09:30:16 +00:00
Dima Panov
4e17d75935 - Prevent OpenSMTPD session hangs and retain a descriptor forever on empty body
(i.e. when the dot appears on the line directly after the headers).
    This could be used by an attacker to exhaust resources.

PR:		227899
Submitted by:	grembo
Obtained from:	OpenSMTPD git repo (backported)
MFH:		2018Q2
2018-05-03 23:17:24 +00:00
Dima Panov
200e5f9ce0 - Pet MDA part, add brackets around Return-Path as per RFC5322 §3.6.6.
Missing brackets lead to a panic when a malformed address line
is fed to dovecot-lda

Submitted by:	gahr
Reported by:	brnrd via dovecot ML
Obtained from:	725ba4fa2d
2018-04-26 00:53:01 +00:00
Dima Panov
a784de17f6 - Drop OPENSSL_PORT redefine, it was used for OSVERSION<103000 [1];
follow system-wide DEFAULT_VERSIONS+= ssl=<openssl variant>
- Sort plist
- @sample config

PR:		225067 [1]
Reported by:	Charlie Li [1]
2018-01-11 13:16:40 +00:00
Antoine Brodin
69771bc284 Register dependency on groff
PR:		213725
2017-05-28 10:58:00 +00:00
Jan Beich
a9425224f1 devel/libevent2: drop historical suffix after r362796
PR:		216777
Approved by:	mm (maintainer)
2017-02-20 02:57:04 +00:00
Jan Beich
21a7215c9a devel/libevent2: update to 2.1.8 and cleanup
- DEFAULT_VERSIONS += ssl=openssl-devel is now supported
- devel/py-event and devel/p5-Event-Lib are marked BROKEN

Changes:	https://github.com/libevent/libevent/raw/release-2.1.8-stable/whatsnew-2.1.txt
Changes:	https://github.com/libevent/libevent/raw/release-2.1.8-stable/ChangeLog
PR:		216527
Exp-run by:	antoine
Approved by:	mm (maintainer)
2017-02-04 07:56:59 +00:00
Dmitry Marakasov
8244fe99bc - Remove always-true/false conditions after FreeBSD 9, 10.1, 10.2 EOL
Approved by:	portmgr blanket
2017-01-11 10:08:38 +00:00
Dima Panov
0e79a0f738 - Get rid of USE_OPENSSL, switch to USES= ssl 2016-12-07 15:34:35 +00:00
Ashish SHUKLA
d8be863d00 Assign ports to fluffy@, who is actively tracking OpenSMTPD
development, and has kindly agreed to take the maintainership
of following ports:

  - dns/libasr
  - dns/libasr-devel
  - mail/opensmtpd
  - mail/opensmtpd-devel

Thank you!
2016-10-17 10:38:05 +00:00
Dima Panov
8ca6393dd4 - Allow custom config file in rc script for both stable/devel ports
- While here, create makemap symlink only with TABLE_DB enabled

Reported by:	myself (for adamw)
Reviewed by:	adamw
Approved by:	miwi (mentor, implicit)
2016-05-27 07:02:55 +00:00
Bernard Spil
5811c36f89 mail/opensmtpd: Fix SSL and CA problems
- Change with-ssl to with-ssllib
  - Change with-ca-file to with-path-CAfile
  - Remove broken for libasr-devel

PR:		208991
Submitted by:	fluffy
Approved by:	maintainer (implicit)
2016-05-26 12:56:35 +00:00
Bernard Spil
dfeed7d39e mail/opensmtpd: Update to 5.9.2
- Update to 5.9.2p1
  - Remove usernamelen patch (default 255+1)
  - Fix renamed configure args
  - Add symlink for makemap (now included in smtpctl)
  - Align versioning with other OpenBSD projects
  - Add _smtpq group
  - Add UPDATING entry for existing installs
  - Update pkg-message for existing installs

Reviewed by:	adamw, mat
Approved by:	adamw, maintainer (implicit)
Differential Revision: D6421
2016-05-26 07:15:16 +00:00
Dmitry Marakasov
e87a8bd319 - Fix trailing whitespace in pkg-messages
Approved by:	portmgr blanket
2016-05-19 11:09:14 +00:00
Mathieu Arnold
8d6597e0bb Remove ${PORTSDIR}/ from dependencies, categories m, n, o, and p.
With hat:	portmgr
Sponsored by:	Absolight
2016-04-01 14:16:16 +00:00
Ashish SHUKLA
c204955df4 - Add SSL_PORT option to specify if OpenSSL from ports is to be used[1]
- Make option descriptions generic[1]
- Cleanup OPTIONS[1]
- Enforce SSL_PORT for 9.x[1]
- Mark as broken with LIBASRDEVEL option, due to incompatibility

PR:		206523[1]
Submitted by:	Andrey Fesenko <andrey at bsdnir dot info>[1]
2016-02-25 14:19:16 +00:00
Pietro Cerutti
3b30673276 mail/opensmtpd: restore patch to install .sample config file
Notified by:	adamw@
MFH:			2016Q1
2016-02-02 20:45:04 +00:00
Pietro Cerutti
86a82d2576 mail/opensmtpd: update to 5.7.3p2
Details at https://github.com/OpenSMTPD/OpenSMTPD/issues/650

While at it, remove a stale patch that isn't applicable anymore. Upstream
implements this logic already, and the patch doesn't actually patch anything.

PR:				206816
Submitted by:	sa.inbox@gmail.com
Approved by:	portmgr@
2016-02-02 15:36:11 +00:00
Jason Unovitch
b9090f2d43 mail/opensmtpd: update 5.7.1 -> 5.7.3
Changes:	https://www.opensmtpd.org/announces/release-5.7.2.txt
Changes:	https://www.opensmtpd.org/announces/release-5.7.3.txt

Approved by:	ashish (maintainer, implicit from AFK notice)
Security:	42852f72-6bd3-11e5-9909-002590263bf5
Security:	ee7bdf7f-11bb-4eea-b054-c692ab848c20
Security:	CVE-2015-7687
MFH:		2015Q4
2015-10-06 03:20:22 +00:00
Mathieu Arnold
320514f1dd It seems some people keep adding $FreeBSD$ to patch files.
Patches must not be changed by the vcs, this includes the
svn:keyword expansion.  Set fbsd:nokeywords to a couple of patches.

With hat:	portmgr
Sponsored by:	Absolight
2015-09-16 13:03:45 +00:00
Ashish SHUKLA
3697e41fd7 - Fix typos in the patch committed in r394424
Reported by:	adamw
2015-08-16 23:25:19 +00:00
Ashish SHUKLA
5fa1298b54 - Add a patch to handle long usernames during SMTP authentication,
e.g. often username exceeds the limit when it contains @host.name
  part.

Reported by:	gahr (via private email)
Obtained from:	Philipp Takacs <philipp@bureaucracy.de> (via IRC)
2015-08-16 21:54:15 +00:00
Ashish SHUKLA
6b1d89f112 - Update to 5.7.1p1
- Add TABLE_DB option to add support for aliases db
- Sort options in alphabetical order

PR:		201241
Submitted by:	brnrd
2015-07-15 15:53:21 +00:00
Ashish SHUKLA
7549d1db78 - Update to 5.4.6
Changes:		http://article.gmane.org/gmane.mail.opensmtpd.general/2759
2015-06-15 02:12:31 +00:00
Ashish SHUKLA
ac029ae52d - Update to 5.4.5p1
- Remove OPTIONS for the features unsupported upstream: SQLITE, MYSQL,
  LDAP, PGSQL, and REDIS
- Add workaround to prevent unnecessary dependency on autotools, due
  to problem with tarball
- Add note to UPDATING about the removal of OPTIONS
2015-04-27 02:42:22 +00:00
Dmitry Marakasov
8eec01be78 - Add LICENSE_FILE
- Add CPE info

Approved by:	portmgr blanket
2015-04-17 11:47:52 +00:00
Ashish SHUKLA
1bef36aa0c - Add OPTION to only update mailer.conf(5) on demand
- Update COMMENT so it complies with guidelines in Porter's
  Handbook

PR:		198375
Submitted by:	adamw
2015-03-29 05:17:43 +00:00
Ashish SHUKLA
94e74ae9d0 - Update rc.d script to add a configtest command to test configuration
before starting/restarting service.

PR:		197587
Submitted by:	elbarto at megadrive.org
2015-02-13 11:52:22 +00:00
Ashish SHUKLA
835bf893ef OpenSMTPD port updates
mail/opensmtpd:
 - Update to 5.4.4p1
 - Add LIBASRDEVEL option to depend on dns/libasr-devel
 - Use OpenSSL from ports, should help with migration to LibreSSL
 - Explicitly provide path to OpenSSL[1]

mail/opensmtpd-devel:
 - Update to 201502012312
 - Add LIBASR option to depend on dns/libasr
 - Remove MYSQL, PGSQL, LDAP, and REDIS options as they're removed
   upstream
 - Add a note for above to UPDATING
 - Explicitly provide path to OpenSSL[1]
 - Add a diff to fix build failure on FreeBSD[2]

Reported by:	TJ <tj at mrsk.me> (via private email)
Submitted by:	Herbert J. Skuhra <herbert at oslo.ath.cx> (via list)
2015-02-07 19:04:15 +00:00
Chris Rees
1e94b6fb2f Switch to USES=pgsql 2014-11-22 19:13:49 +00:00
Baptiste Daroussin
b33d2aff9e Remove useless @dir* 2014-11-22 13:43:55 +00:00
Tijl Coosemans
8b127f2619 - Drop dependency on autoconf and automake
- Use correct form of OPTIONS_SUB
- Remove FreeBSD 7 support
- Remove post-deinstall (handled by pkg)
2014-09-19 12:40:53 +00:00
Ashish SHUKLA
ab8dff2e80 - Fix rc.d script so it can distinguish between smtpd processes
running between host and jail

Submitted by:	Creaky <whatexercise at gmail.com> (via private email)
2014-08-31 04:13:16 +00:00
Dmitry Marakasov
f1ea8652fb - Drop .la files, no dependees require them
Approved by:	portmgr blanket
2014-08-30 11:03:26 +00:00
Baptiste Daroussin
b564653452 Only use libevent2
Remove libevent as libevent2 is providing a good compatibility interface as well
as providing better performances.
Remove custom patches from libevent2 and install libevent2 the regular way
Mark ports abusing private fields of the libevent1 API as broken
Import a patch from fedora to have honeyd working with libevent2
Remove most of the patches necessary to find the custom installation we used to
have for libevent2

With hat:	portmgr
2014-07-24 13:32:58 +00:00