Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 4f69f2c9afc3
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: bf7c0f0461e0
Choose a head ref
  • 8 commits
  • 1 file changed
  • 6 contributors

Commits on Mar 17, 2020

  1. opensmtpd: 6.4.2p1 -> 6.6.1p1 

    The substitition in smtpd/parse.y isn't necessary anymore.
The hardcoded /usr/libexec/ has been replaced by a PATH_LIBEXEC #define,
which will be set properly by the build system.

(cherry picked from commit 9658850)
    @flokli @Mic92
    flokli authored and Mic92 committed Mar 17, 2020
    Copy the full SHA
    7db6a85 View commit details

  2. opensmtpd: 6.6.1p1 -> 6.6.2p1 

    Fixes critical vulnerability:
  https://www.mail-archive.com/misc@opensmtpd.org/msg04850.html

(cherry picked from commit 7b9bd59)
    @fpletz @Mic92
    fpletz authored and Mic92 committed Mar 17, 2020
    Copy the full SHA
    3ecd571 View commit details

  3. opensmtpd: 6.6.2p1 -> 6.6.3p1 

    (cherry picked from commit 77da495)
    @r-ryantm @Mic92
    r-ryantm authored and Mic92 committed Mar 17, 2020
    Copy the full SHA
    7a106bd View commit details

  4. opensmtpd: 6.6.3p1 -> 6.6.4p1 

    Release notes aren't available at this time [1] it is likely to be
related to a recent mail to oss-security (either [2] or [3]).

[1] https://www.mail-archive.com/misc@opensmtpd.org/msg04888.html
[2] https://www.openwall.com/lists/oss-security/2020/02/24/5
[3] https://www.openwall.com/lists/oss-security/2020/02/24/4

(cherry picked from commit 09725e5)
    @andir @Mic92
    andir authored and Mic92 committed Mar 17, 2020
    Copy the full SHA
    521c676 View commit details

  5. Revert "opensmtpd: mark as insecure due to CVE-2020-8794 / #80978" 

    This reverts commit 4f69f2c.

We backported the latest opensmtpd version.
    @Mic92
    Mic92 committed Mar 17, 2020
    Copy the full SHA
    ce282f0 View commit details

  6. Revert "opensmtpd: apply patch for CVE-2020-7247.patch" 

    This reverts commit f5c74e6.

Already included in the opensmtpd version.
    @Mic92
    Mic92 committed Mar 17, 2020
    Copy the full SHA
    fe67f42 View commit details

  7. opensmtpd: build against openssl 

    build fails against our local libressl version
    @Mic92
    Mic92 committed Mar 17, 2020
    Copy the full SHA
    29431a0 View commit details

  8. Merge pull request #82775 from Mic92/opensmtpd-backport 

    opensmtpd: 6.4.2p1 -> 6.6.4p1 [backport 19.09]
    @obadz
    obadz authored Mar 17, 2020
    Copy the full SHA
    bf7c0f0 View commit details
Showing with 4 additions and 12 deletions.
  1. +4 −12 pkgs/servers/mail/opensmtpd/default.nix
16 changes: 4 additions & 12 deletions pkgs/servers/mail/opensmtpd/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,33 +1,26 @@
{ stdenv, fetchurl, autoconf, automake, libtool, bison
, libasr, libevent, zlib, libressl, db, pam, nixosTests
, libasr, libevent, zlib, openssl, db, pam, nixosTests
}:

stdenv.mkDerivation rec {
pname = "opensmtpd";
version = "6.4.2p1";
version = "6.6.4p1";

nativeBuildInputs = [ autoconf automake libtool bison ];
buildInputs = [ libasr libevent zlib libressl db pam ];
buildInputs = [ libasr libevent zlib openssl db pam ];

src = fetchurl {
url = "https://www.opensmtpd.org/archives/${pname}-${version}.tar.gz";
sha256 = "0pgv080ai7d98l9340jadp9wjiaqj2qvgpqhilcz0kps2mdiawbd";
sha256 = "1kyph9ycq0j21dl9n1sq5fns9p4gckdi0fmnf8awrcwrdcm9dyg2";
};

patches = [
./proc_path.diff # TODO: upstream to OpenSMTPD, see https://github.com/NixOS/nixpkgs/issues/54045
(fetchurl {
name = "CVE-2020-7247.patch";
url = "https://github.com/OpenSMTPD/OpenSMTPD/commit/d2688c097e0ff53037c7403e09426771876a3907.patch";
sha256 = "1mr5zb7mgpapf80xrcjvvzinzyiqcd3i0z4jwj11wl3zrfq5kwwn";
})
];

# See https://github.com/OpenSMTPD/OpenSMTPD/issues/885 for the `sh bootstrap`
# requirement
postPatch = ''
substituteInPlace smtpd/parse.y \
--replace "/usr/libexec/" "$out/libexec/opensmtpd/"
substituteInPlace mk/smtpctl/Makefile.am --replace "chgrp" "true"
substituteInPlace mk/smtpctl/Makefile.am --replace "chmod 2555" "chmod 0555"
sh bootstrap
@@ -65,7 +58,6 @@ stdenv.mkDerivation rec {
license = licenses.isc;
platforms = platforms.linux;
maintainers = with maintainers; [ rickynils obadz ekleog ];
knownVulnerabilities = [ "CVE-2020-8794" ];
};
passthru.tests = {
basic-functionality-and-dovecot-interaction = nixosTests.opensmtpd;