gentoo resync : 12.01.2019

author: V3n3RiX <venerix@redcorelinux.org> 2019-01-12 16:58:08 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2019-01-12 16:58:08 +0000
commit: c8a77dfe4d3d307c1d5dd2650b7297447d8b609d (patch)
tree: 9ea78393bc3ecd6ab4de449383d4e97e5f3648ae /mail-mta/opensmtpd
parent: 2891d29af8907ce881662f4a02844926d7a293c7 (diff)
4 files changed, 773 insertions, 2 deletions
diff --git a/mail-mta/opensmtpd/Manifest b/mail-mta/opensmtpd/Manifest
index 3b2601ea74fc..77f635bf66df 100644
--- a/mail-mta/opensmtpd/Manifest
+++ b/mail-mta/opensmtpd/Manifest
@@ -1,9 +1,11 @@
+AUX opensmtpd-6.0.3_p1-fix-crash-on-auth.patch 1130 BLAKE2B ca2a207549056dc729c34d394ffcc6b3f565ca3963a7c9b56f9f2a2ed68997f2839716945c412f6ba2340931297a8e0afeebae93ef6d767ec251dbe66b196a05 SHA512 23558294281527c679c563f35103ccaac04efa4c62a1494e9907480c38a554b551b86a838204df8a314f7fa86452cbf816690abedf3b5c0179758a9205616c38
+AUX opensmtpd-6.0.3_p1-openssl_1.1.patch 21039 BLAKE2B 05e6e416f8253bb42d3d0cb213c14d2d07ec8d6beee3058621ac41f7a3815562098be4e5eed863d78443d08ad55f70a94d0c9c031630e87a73388510f4e42c55 SHA512 7e6567889ca823ada283153861806e69cee0185d6dc98aa15675c18ee81d2e118e9bc3a9848551b9f49e772de38234b7d4170e66fb6e6b932a50654b5d9a3806
 AUX smtpd.initd 231 BLAKE2B a4991c9226daa2289cb20238dcee0dad8b4ff83474327649b61c7394e46fc929c7792b885f58bf76769567ad2058134b97e5019b508e2edec108a4bafb9cc2b4 SHA512 e4c8386bd7e8d8171172aa181305a55ca67cba6d4c82d77d8846e1bd3301dd9d118bb39dad6c144677f050194de813e4d83e06ea6dd591d4f07da8c4a1edde37
 AUX smtpd.pam 147 BLAKE2B 1706fe27cf53621428f563af146d1197dfc59133dda79fe08141ec4ca9b240880ef63da3f27e4fb8b653af4ae413ca42cdeb343e1f4e737b7e6258c0d338223d SHA512 d0574cc732138fefffe3ca78da2d689f0849de70dfd65204c99a98a58b2165eb46b23a1c32b356ea2eaf8abd56a4929c7419b29cec1d6b284e344680bab24086
 AUX smtpd.service 138 BLAKE2B c76db1847110622621701cdf1fdb764d26bf28b86a25adf9ae8e0ba15838a2a9ddc677f54f5d5fe191591b2bd5c7f20067fc00b6679f448e25371e27f231589d SHA512 b70b173ac275b871d78bac0e55b2e0c8d8a6538c7f2c4dc86fe67fb37a1ee942e0442353b338b286759618299f51b144396251db13f82c9afa035dcaae11a258
 AUX smtpd.socket 114 BLAKE2B e684727be39592dce128cc0ab02f8e5bc4510591dcb2c170b49c120e84319b53e10eae275bc6a26ed8c9d51e53a21e41c551f18afd2441602cefc4e93344d50c SHA512 fbbccb4aab80a4a4612609e590965940642321119a65359cf2490530f81d55706a0105309d321a624d40348f12776724d2cf6b8bf29ea24391e60ef8b8bc8ba2
 DIST opensmtpd-6.0.3p1.tar.gz 699702 BLAKE2B 49f08e8329adc049a562b6ef7efa4c0a39cbcfe8a158cb905cfc726a7302ffe9833ccfb52041340767d55d0f2ae2087e8eac92b7359016c6c76b4d963a334558 SHA512 e579818a0ddbe637deb5a4e40f43eaf797783903ceac18fd89a57581b135b9e407d424e1a70ff7b4b06a0ee50bafb6e8ab2451371917887904b06ff1b55d320f
 DIST opensmtpd-6.4.0p1.tar.gz 718638 BLAKE2B 23c1c286a865efcbd16461ec8930f5325a6e164a58ceb7bbe0feb9088bcf615b7fd7e2eb6820bcde161864c476087b39c289c75ea5ca0b18c46710f9723b3dd7 SHA512 c60dbac857925041769104adae33393f526a328767e19bc78d06e45a13b7dd50f3eefdaa3811b8da330c24a670e98da74e18af5ac486266dade6255a6f3b5135
-EBUILD opensmtpd-6.0.3_p1.ebuild 2118 BLAKE2B 495035e86ae34e04f0d68ae4d82227351b72cebb7e214b36e50d1c6cf5cefffe9cb2fef41f6214c723a141bca87460983889e20f8b3335872a43f13920f36744 SHA512 6a8aafcfd54d7bb3c11f745a8a8d46a861a129777302add1f54cda396320677cb12e993b097aefc0d5ff081febc93b85fe32d6caece03f0c9a0dadeb7ace0d81
+EBUILD opensmtpd-6.0.3_p1-r1.ebuild 2212 BLAKE2B 95f84100d0fe2f277626682673af2a8fc2244bbe65fed568e77af0562117615e17b567ae1882b65aaf9ae55cf24b89f8d5fe08cdbb0b12e1339f9f7f1f8f13a2 SHA512 fa1ec0814e76537dafa599aa79ae7dfcbf56f766e3338d89f47a6c0ca7d34b020ce502d156028022a8408d3d35cfa35be5b11ecdc31272734a443434b66b439b
 EBUILD opensmtpd-6.4.0_p1.ebuild 2062 BLAKE2B aa407d9d5a94c1b3243cd6c9994b1698b1ea2449d52239d118a7c1071404055edea6e1e29fa2edfaf6c9629d63889d8f577ffc5857d060cf6bb4ae384c67df7e SHA512 e040f564469f5b50927d7a7c0e6e78e8d2cb206b9c5e26ba71fc562ec43f0857db04d21280857f2ee1960ecac4828b1aec1b0ae7dd2021787b171e1cdd4dfe55
 MISC metadata.xml 595 BLAKE2B c13a49c15ec7c4430834682a4428b80e81be9832cbf6fbdd506ce9bcfc625aabf342d094ee83c689e63573cff9bfb2abee86196374c617c75aa487eb83ad0e4c SHA512 aa7344806cd011cec6c7afa277345eb2988f11970ea3038d969efa50d5b1f485f199f15a1b632197700791c2242ed8f712ff3cc382b1491e44c14ee94075a1d5
diff --git a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-fix-crash-on-auth.patch b/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-fix-crash-on-auth.patch
new file mode 100644
index 000000000000..c20b5e0a0ef9
--- /dev/null
+++ b/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-fix-crash-on-auth.patch
@@ -0,0 +1,43 @@
+From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001
+From: johannes <johannes.brechtmann@gmail.com>
+Date: Wed, 21 Feb 2018 23:57:11 +0100
+Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL
+ check
+
+---
+ openbsd-compat/crypt_checkpass.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c
+index dafd2dae..d10b3a57 100644
+--- a/openbsd-compat/crypt_checkpass.c
++++ b/openbsd-compat/crypt_checkpass.c
+@@ -1,5 +1,6 @@
+ /* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */
+ 
++#include "includes.h"
+ #include <errno.h>
+ #ifdef HAVE_CRYPT_H
+ #include <crypt.h>
+@@ -10,6 +11,8 @@
+ int
+ crypt_checkpass(const char *pass, const char *goodhash)
+ {
++	char *c;
++
+ 	if (goodhash == NULL)
+ 		goto fail;
+ 
+@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash)
+ 	if (strlen(goodhash) == 0 && strlen(pass) == 0)
+ 		return 0;
+ 
+-	if (strcmp(crypt(pass, goodhash), goodhash) == 0)
++	c = crypt(pass, goodhash);
++	if (c == NULL)
++		goto fail;
++
++	if (strcmp(c, goodhash) == 0)
+ 		return 0;
+ 
+ fail:
diff --git a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-openssl_1.1.patch b/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-openssl_1.1.patch
new file mode 100644
index 000000000000..40a62ae92519
--- /dev/null
+++ b/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-openssl_1.1.patch
@@ -0,0 +1,722 @@
+Description: Enable support for OpenSSL 1.1
+Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+        Ryan Kavanagh <rak@debian.org>
+Origin: Debian
+Bug: https://github.com/OpenSMTPD/OpenSMTPD/issues/738
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859544
+Forwarded: https://github.com/OpenSMTPD/OpenSMTPD/pull/825
+Last-Update: 2018-03-18
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+diff --git a/openbsd-compat/libressl.c b/openbsd-compat/libressl.c
+index f4f2b52e..d06e006f 100644
+--- a/openbsd-compat/libressl.c
++++ b/openbsd-compat/libressl.c
+@@ -81,14 +81,14 @@ SSL_CTX_use_certificate_chain(SSL_CTX *ctx, char *buf, off_t len)
+ 	x = ca = NULL;
+ 
+ 	if ((in = BIO_new_mem_buf(buf, len)) == NULL) {
+-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
++		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
+ 		goto end;
+ 	}
+ 
+ 	if ((x = PEM_read_bio_X509(in, NULL,
+-		    ctx->default_passwd_callback,
+-		    ctx->default_passwd_callback_userdata)) == NULL) {
+-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
++		    SSL_CTX_get_default_passwd_cb(ctx),
++		    SSL_CTX_get_default_passwd_cb_userdata(ctx))) == NULL) {
++		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
+ 		goto end;
+ 	}
+ 
+@@ -99,14 +99,11 @@ SSL_CTX_use_certificate_chain(SSL_CTX *ctx, char *buf, off_t len)
+ 	 * the CA certificates.
+ 	 */
+ 
+-	if (ctx->extra_certs != NULL) {
+-		sk_X509_pop_free(ctx->extra_certs, X509_free);
+-		ctx->extra_certs = NULL;
+-	}
++	SSL_CTX_clear_extra_chain_certs(ctx);
+ 
+ 	while ((ca = PEM_read_bio_X509(in, NULL,
+-		    ctx->default_passwd_callback,
+-		    ctx->default_passwd_callback_userdata)) != NULL) {
++		    SSL_CTX_get_default_passwd_cb(ctx),
++		    SSL_CTX_get_default_passwd_cb_userdata(ctx))) != NULL) {
+ 
+ 		if (!SSL_CTX_add_extra_chain_cert(ctx, ca))
+ 			goto end;
+diff --git a/smtpd/ca.c b/smtpd/ca.c
+index e383c6a1..29a44b9b 100644
+--- a/smtpd/ca.c
++++ b/smtpd/ca.c
+@@ -170,6 +170,190 @@ ca_verify_cb(int ok, X509_STORE_CTX *ctx)
+ 	return ok;
+ }
+ 
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
++
++static int RSA_meth_get_flags(RSA_METHOD *meth)
++{
++	return meth->flags;
++}
++
++static int RSA_meth_set_flags(RSA_METHOD *meth, int flags)
++{
++	meth->flags = flags;
++	return 1;
++}
++
++static void *RSA_meth_get0_app_data(const RSA_METHOD *meth)
++{
++	return meth->app_data;
++}
++
++static int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
++{
++	meth->app_data = app_data;
++	return 1;
++}
++
++static int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
++(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
++{
++	return meth->rsa_pub_enc;
++}
++
++static int RSA_meth_set_pub_enc(RSA_METHOD *meth,
++	int (*pub_enc) (int flen, const unsigned char *from,
++			unsigned char *to, RSA *rsa,
++			int padding))
++{
++	meth->rsa_pub_enc = pub_enc;
++	return 1;
++}
++
++static int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
++(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
++{
++	return meth->rsa_pub_dec;
++}
++
++static int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
++(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
++{
++	return meth->rsa_priv_enc;
++}
++
++int RSA_meth_set_priv_enc(RSA_METHOD *meth,
++  int (*priv_enc) (int flen, const unsigned char *from,
++  unsigned char *to, RSA *rsa, int padding))
++{
++	meth->rsa_priv_enc = priv_enc;
++	return 1;
++}
++
++static int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
++(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
++{
++	return meth->rsa_priv_dec;
++}
++
++static int RSA_meth_set_priv_dec(RSA_METHOD *meth,
++  int (*priv_dec) (int flen, const unsigned char *from,
++  unsigned char *to, RSA *rsa, int padding))
++{
++	meth->rsa_priv_dec = priv_dec;
++	return 1;
++}
++
++static int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
++  (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
++{
++	return meth->rsa_mod_exp;
++}
++
++static int RSA_meth_set_mod_exp(RSA_METHOD *meth,
++  int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx))
++{
++	meth->rsa_mod_exp = mod_exp;
++	return 1;
++}
++
++static int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
++(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
++{
++	return meth->bn_mod_exp;
++}
++
++static int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth, int (*bn_mod_exp)
++  (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
++   BN_CTX *ctx, BN_MONT_CTX *m_ctx))
++{
++	meth->bn_mod_exp = bn_mod_exp;
++	return 1;
++}
++
++static int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa)
++{
++	return meth->init;
++}
++
++static int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa))
++{
++	meth->init = init;
++	return 1;
++}
++
++static int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa)
++{
++	return meth->finish;
++}
++
++static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
++{
++	meth->finish = finish;
++	return 1;
++}
++
++static int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
++  (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
++{
++	return meth->rsa_keygen;
++}
++
++static int RSA_meth_set_keygen(RSA_METHOD *meth, int (*keygen)
++  (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb))
++{
++	meth->rsa_keygen = keygen;
++	return 1;
++}
++
++static int (*RSA_meth_get_verify(const RSA_METHOD *meth))
++  (int dtype, const unsigned char *m,
++   unsigned int m_length, const unsigned char *sigbuf,
++   unsigned int siglen, const RSA *rsa)
++{
++	if (meth->flags & RSA_FLAG_SIGN_VER)
++		return meth->rsa_verify;
++	return NULL;
++}
++
++static int (*RSA_meth_get_sign(const RSA_METHOD *meth))
++  (int type,
++   const unsigned char *m, unsigned int m_length,
++   unsigned char *sigret, unsigned int *siglen,
++   const RSA *rsa)
++{
++	if (meth->flags & RSA_FLAG_SIGN_VER)
++		return meth->rsa_sign;
++	return NULL;
++}
++
++static int RSA_meth_set_pub_dec(RSA_METHOD *meth,
++ int (*pub_dec) (int flen, const unsigned char *from,
++   unsigned char *to, RSA *rsa, int padding))
++{
++	meth->rsa_pub_dec = pub_dec;
++	return 1;
++}
++
++static RSA_METHOD *RSA_meth_new(const char *name, int flags)
++{
++	RSA_METHOD *meth = malloc(sizeof(*meth));
++
++	if (meth != NULL) {
++		memset(meth, 0, sizeof(*meth));
++		meth->flags = flags;
++
++		meth->name = strdup(name);
++		if (meth->name != NULL)
++			return meth;
++
++		free(meth);
++	}
++
++	return NULL;
++}
++
++#endif
++
+ int
+ ca_X509_verify(void *certificate, void *chain, const char *CAfile,
+     const char *CRLfile, const char **errstr)
+@@ -201,7 +385,7 @@ end:
+ 	*errstr = NULL;
+ 	if (ret != 1) {
+ 		if (xsc)
+-			*errstr = X509_verify_cert_error_string(xsc->error);
++			*errstr = X509_verify_cert_error_string(X509_STORE_CTX_get_error(xsc));
+ 		else if (ERR_peek_last_error())
+ 			*errstr = ERR_error_string(ERR_peek_last_error(), NULL);
+ 	}
+@@ -302,24 +486,9 @@ ca_imsg(struct mproc *p, struct imsg *imsg)
+  * RSA privsep engine (called from unprivileged processes)
+  */
+ 
+-const RSA_METHOD *rsa_default = NULL;
+-
+-static RSA_METHOD rsae_method = {
+-	"RSA privsep engine",
+-	rsae_pub_enc,
+-	rsae_pub_dec,
+-	rsae_priv_enc,
+-	rsae_priv_dec,
+-	rsae_mod_exp,
+-	rsae_bn_mod_exp,
+-	rsae_init,
+-	rsae_finish,
+-	0,
+-	NULL,
+-	NULL,
+-	NULL,
+-	rsae_keygen
+-};
++static const RSA_METHOD *rsa_default = NULL;
++
++static const char *rsae_method_name = "RSA privsep engine";
+ 
+ static int
+ rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to,
+@@ -404,7 +573,7 @@ rsae_pub_enc(int flen,const unsigned char *from, unsigned char *to, RSA *rsa,
+     int padding)
+ {
+ 	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
+-	return (rsa_default->rsa_pub_enc(flen, from, to, rsa, padding));
++	return (RSA_meth_get_pub_enc(rsa_default)(flen, from, to, rsa, padding));
+ }
+ 
+ static int
+@@ -412,7 +581,7 @@ rsae_pub_dec(int flen,const unsigned char *from, unsigned char *to, RSA *rsa,
+     int padding)
+ {
+ 	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
+-	return (rsa_default->rsa_pub_dec(flen, from, to, rsa, padding));
++	return (RSA_meth_get_pub_dec(rsa_default)(flen, from, to, rsa, padding));
+ }
+ 
+ static int
+@@ -424,7 +593,7 @@ rsae_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,
+ 		return (rsae_send_imsg(flen, from, to, rsa, padding,
+ 		    IMSG_CA_PRIVENC));
+ 	}
+-	return (rsa_default->rsa_priv_enc(flen, from, to, rsa, padding));
++	return (RSA_meth_get_priv_enc(rsa_default)(flen, from, to, rsa, padding));
+ }
+ 
+ static int
+@@ -436,14 +605,14 @@ rsae_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,
+ 		return (rsae_send_imsg(flen, from, to, rsa, padding,
+ 		    IMSG_CA_PRIVDEC));
+ 	}
+-	return (rsa_default->rsa_priv_dec(flen, from, to, rsa, padding));
++	return (RSA_meth_get_priv_dec(rsa_default)(flen, from, to, rsa, padding));
+ }
+ 
+ static int
+ rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ {
+ 	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
+-	return (rsa_default->rsa_mod_exp(r0, I, rsa, ctx));
++	return (RSA_meth_get_mod_exp(rsa_default)(r0, I, rsa, ctx));
+ }
+ 
+ static int
+@@ -451,34 +620,36 @@ rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+ {
+ 	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
+-	return (rsa_default->bn_mod_exp(r, a, p, m, ctx, m_ctx));
++	return (RSA_meth_get_bn_mod_exp(rsa_default)(r, a, p, m, ctx, m_ctx));
+ }
+ 
+ static int
+ rsae_init(RSA *rsa)
+ {
+ 	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
+-	if (rsa_default->init == NULL)
++	if (RSA_meth_get_init(rsa_default) == NULL)
+ 		return (1);
+-	return (rsa_default->init(rsa));
++	return (RSA_meth_get_init(rsa_default)(rsa));
+ }
+ 
+ static int
+ rsae_finish(RSA *rsa)
+ {
+ 	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
+-	if (rsa_default->finish == NULL)
++	if (RSA_meth_get_finish(rsa_default) == NULL)
+ 		return (1);
+-	return (rsa_default->finish(rsa));
++	return (RSA_meth_get_finish(rsa_default)(rsa));
+ }
+ 
+ static int
+ rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+ {
+ 	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
+-	return (rsa_default->rsa_keygen(rsa, bits, e, cb));
++	return (RSA_meth_get_keygen(rsa_default)(rsa, bits, e, cb));
+ }
+ 
++static RSA_METHOD *rsae_method;
++
+ void
+ ca_engine_init(void)
+ {
+@@ -490,7 +661,7 @@ ca_engine_init(void)
+ 			errstr = "ENGINE_new";
+ 			goto fail;
+ 		}
+-		if (!ENGINE_set_name(e, rsae_method.name)) {
++		if (!ENGINE_set_name(e, rsae_method_name)) {
+ 			errstr = "ENGINE_set_name";
+ 			goto fail;
+ 		}
+@@ -503,25 +674,58 @@ ca_engine_init(void)
+ 		goto fail;
+ 	}
+ 
++	rsae_method = RSA_meth_new(rsae_method_name, 0);
++	if (!rsae_method) {
++		errstr = "RSA_meth_new";
++		goto fail;
++	}
++
+ 	if ((name = ENGINE_get_name(e)) == NULL)
+ 		name = "unknown RSA engine";
+ 
+ 	log_debug("debug: %s: using %s", __func__, name);
+ 
+-	if (rsa_default->flags & RSA_FLAG_SIGN_VER)
++	if (RSA_meth_get_sign(rsa_default) ||
++	    RSA_meth_get_verify(rsa_default))
+ 		fatalx("unsupported RSA engine");
+ 
+-	if (rsa_default->rsa_mod_exp == NULL)
+-		rsae_method.rsa_mod_exp = NULL;
+-	if (rsa_default->bn_mod_exp == NULL)
+-		rsae_method.bn_mod_exp = NULL;
+-	if (rsa_default->rsa_keygen == NULL)
+-		rsae_method.rsa_keygen = NULL;
+-	rsae_method.flags = rsa_default->flags |
+-	    RSA_METHOD_FLAG_NO_CHECK;
+-	rsae_method.app_data = rsa_default->app_data;
+-
+-	if (!ENGINE_set_RSA(e, &rsae_method)) {
++	errstr = "Setting callback";
++	if (!RSA_meth_set_pub_enc(rsae_method, rsae_pub_enc))
++		goto fail;
++        if (!RSA_meth_set_pub_dec(rsae_method, rsae_pub_dec))
++		goto fail;
++        if (!RSA_meth_set_priv_enc(rsae_method, rsae_priv_enc))
++		goto fail;
++        if (!RSA_meth_set_priv_dec(rsae_method, rsae_priv_dec))
++		goto fail;
++
++	if (RSA_meth_get_mod_exp(rsa_default)) {
++		if (!RSA_meth_set_mod_exp(rsae_method, rsae_mod_exp))
++			goto fail;
++	}
++
++	if (RSA_meth_get_bn_mod_exp(rsa_default))
++		if (!RSA_meth_set_bn_mod_exp(rsae_method, rsae_bn_mod_exp))
++			goto fail;
++        if (!RSA_meth_set_init(rsae_method, rsae_init))
++		goto fail;
++        if (!RSA_meth_set_finish(rsae_method, rsae_finish))
++		goto fail;
++
++	if (RSA_meth_get_keygen(rsa_default)) {
++		if (!RSA_meth_set_keygen(rsae_method, rsae_keygen))
++			goto fail;
++	}
++
++	if (!RSA_meth_set_flags(rsae_method,
++			   RSA_meth_get_flags(rsa_default) |
++			   RSA_METHOD_FLAG_NO_CHECK))
++		goto fail;
++
++	if (!RSA_meth_set0_app_data(rsae_method, RSA_meth_get0_app_data(rsa_default)))
++		goto fail;
++
++	if (!ENGINE_set_RSA(e, rsae_method)) {
+ 		errstr = "ENGINE_set_RSA";
+ 		goto fail;
+ 	}
+diff --git a/smtpd/crypto.c b/smtpd/crypto.c
+index 76f98807..01452851 100644
+--- a/smtpd/crypto.c
++++ b/smtpd/crypto.c
+@@ -64,7 +64,7 @@ crypto_setup(const char *key, size_t len)
+ int
+ crypto_encrypt_file(FILE * in, FILE * out)
+ {
+-	EVP_CIPHER_CTX	ctx;
++	EVP_CIPHER_CTX	*ctx;
+ 	uint8_t		ibuf[CRYPTO_BUFFER_SIZE];
+ 	uint8_t		obuf[CRYPTO_BUFFER_SIZE];
+ 	uint8_t		iv[IV_SIZE];
+@@ -91,12 +91,14 @@ crypto_encrypt_file(FILE * in, FILE * out)
+ 	if ((w = fwrite(iv, 1, sizeof iv, out)) != sizeof iv)
+ 		return 0;
+ 
+-	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_EncryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
++        ctx = EVP_CIPHER_CTX_new();
++        if (!ctx)
++                return 0;
++	EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
+ 
+ 	/* encrypt until end of file */
+ 	while ((r = fread(ibuf, 1, CRYPTO_BUFFER_SIZE, in)) != 0) {
+-		if (!EVP_EncryptUpdate(&ctx, obuf, &len, ibuf, r))
++		if (!EVP_EncryptUpdate(ctx, obuf, &len, ibuf, r))
+ 			goto end;
+ 		if (len && (w = fwrite(obuf, len, 1, out)) != 1)
+ 			goto end;
+@@ -105,13 +107,13 @@ crypto_encrypt_file(FILE * in, FILE * out)
+ 		goto end;
+ 
+ 	/* finalize and write last chunk if any */
+-	if (!EVP_EncryptFinal_ex(&ctx, obuf, &len))
++	if (!EVP_EncryptFinal_ex(ctx, obuf, &len))
+ 		goto end;
+ 	if (len && (w = fwrite(obuf, len, 1, out)) != 1)
+ 		goto end;
+ 
+ 	/* get and append tag */
+-	EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag);
++	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag);
+ 	if ((w = fwrite(tag, sizeof tag, 1, out)) != 1)
+ 		goto end;
+ 
+@@ -119,14 +121,14 @@ crypto_encrypt_file(FILE * in, FILE * out)
+ 	ret = 1;
+ 
+ end:
+-	EVP_CIPHER_CTX_cleanup(&ctx);
++	EVP_CIPHER_CTX_free(ctx);
+ 	return ret;
+ }
+ 
+ int
+ crypto_decrypt_file(FILE * in, FILE * out)
+ {
+-	EVP_CIPHER_CTX	ctx;
++	EVP_CIPHER_CTX	*ctx;
+ 	uint8_t		ibuf[CRYPTO_BUFFER_SIZE];
+ 	uint8_t		obuf[CRYPTO_BUFFER_SIZE];
+ 	uint8_t		iv[IV_SIZE];
+@@ -171,11 +173,13 @@ crypto_decrypt_file(FILE * in, FILE * out)
+ 	sz -= sizeof tag;
+ 
+ 
+-	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_DecryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
++        ctx = EVP_CIPHER_CTX_new();
++        if (!ctx)
++                return 0;
++	EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
+ 
+ 	/* set expected tag */
+-	EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);
++	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);
+ 
+ 	/* decrypt until end of ciphertext */
+ 	while (sz) {
+@@ -185,7 +189,7 @@ crypto_decrypt_file(FILE * in, FILE * out)
+ 			r = fread(ibuf, 1, sz, in);
+ 		if (!r)
+ 			break;
+-		if (!EVP_DecryptUpdate(&ctx, obuf, &len, ibuf, r))
++		if (!EVP_DecryptUpdate(ctx, obuf, &len, ibuf, r))
+ 			goto end;
+ 		if (len && (w = fwrite(obuf, len, 1, out)) != 1)
+ 			goto end;
+@@ -195,7 +199,7 @@ crypto_decrypt_file(FILE * in, FILE * out)
+ 		goto end;
+ 
+ 	/* finalize, write last chunk if any and perform authentication check */
+-	if (!EVP_DecryptFinal_ex(&ctx, obuf, &len))
++	if (!EVP_DecryptFinal_ex(ctx, obuf, &len))
+ 		goto end;
+ 	if (len && (w = fwrite(obuf, len, 1, out)) != 1)
+ 		goto end;
+@@ -204,14 +208,14 @@ crypto_decrypt_file(FILE * in, FILE * out)
+ 	ret = 1;
+ 
+ end:
+-	EVP_CIPHER_CTX_cleanup(&ctx);
++	EVP_CIPHER_CTX_free(ctx);
+ 	return ret;
+ }
+ 
+ size_t
+ crypto_encrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen)
+ {
+-	EVP_CIPHER_CTX	ctx;
++	EVP_CIPHER_CTX	*ctx;
+ 	uint8_t		iv[IV_SIZE];
+ 	uint8_t		tag[GCM_TAG_SIZE];
+ 	uint8_t		version = API_VERSION;
+@@ -239,33 +243,35 @@ crypto_encrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen)
+ 	memcpy(out + len, iv, sizeof iv);
+ 	len += sizeof iv;
+ 
+-	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_EncryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
++        ctx = EVP_CIPHER_CTX_new();
++        if (!ctx)
++                return 0;
++	EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
+ 
+ 	/* encrypt buffer */
+-	if (!EVP_EncryptUpdate(&ctx, out + len, &olen, in, inlen))
++	if (!EVP_EncryptUpdate(ctx, out + len, &olen, in, inlen))
+ 		goto end;
+ 	len += olen;
+ 
+ 	/* finalize and write last chunk if any */
+-	if (!EVP_EncryptFinal_ex(&ctx, out + len, &olen))
++	if (!EVP_EncryptFinal_ex(ctx, out + len, &olen))
+ 		goto end;
+ 	len += olen;
+ 
+ 	/* get and append tag */
+-	EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag);
++	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag);
+ 	memcpy(out + len, tag, sizeof tag);
+ 	ret = len + sizeof tag;
+ 
+ end:
+-	EVP_CIPHER_CTX_cleanup(&ctx);
++	EVP_CIPHER_CTX_cleanup(ctx);
+ 	return ret;
+ }
+ 
+ size_t
+ crypto_decrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen)
+ {
+-	EVP_CIPHER_CTX	ctx;
++	EVP_CIPHER_CTX	*ctx;
+ 	uint8_t		iv[IV_SIZE];
+ 	uint8_t		tag[GCM_TAG_SIZE];
+ 	int		olen;
+@@ -292,24 +298,26 @@ crypto_decrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen)
+ 	inlen -= sizeof iv;
+ 	in += sizeof iv;
+ 
+-	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_DecryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
++        ctx = EVP_CIPHER_CTX_new();
++        if (!ctx)
++                return 0;
++	EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
+ 
+ 	/* set expected tag */
+-	EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);
++	EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);
+ 
+ 	/* decrypt buffer */
+-	if (!EVP_DecryptUpdate(&ctx, out, &olen, in, inlen))
++	if (!EVP_DecryptUpdate(ctx, out, &olen, in, inlen))
+ 		goto end;
+ 	len += olen;
+ 
+ 	/* finalize, write last chunk if any and perform authentication check */
+-	if (!EVP_DecryptFinal_ex(&ctx, out + len, &olen))
++	if (!EVP_DecryptFinal_ex(ctx, out + len, &olen))
+ 		goto end;
+ 	ret = len + olen;
+ 
+ end:
+-	EVP_CIPHER_CTX_cleanup(&ctx);
++	EVP_CIPHER_CTX_cleanup(ctx);
+ 	return ret;
+ }
+ 
+diff --git a/smtpd/libressl.c b/smtpd/libressl.c
+index 57d74389..db78d943 100644
+--- a/smtpd/libressl.c
++++ b/smtpd/libressl.c
+@@ -94,10 +94,10 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
+ 
+ 	ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
+ 
+-	x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
+-	    ctx->default_passwd_callback_userdata);
++	x = PEM_read_bio_X509_AUX(in, NULL, SSL_CTX_get_default_passwd_cb(ctx),
++	    SSL_CTX_get_default_passwd_cb_userdata(ctx));
+ 	if (x == NULL) {
+-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
++		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
+ 		goto end;
+ 	}
+ 
+@@ -115,14 +115,11 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
+ 		int r;
+ 		unsigned long err;
+ 
+-		if (ctx->extra_certs != NULL) {
+-			sk_X509_pop_free(ctx->extra_certs, X509_free);
+-			ctx->extra_certs = NULL;
+-		}
++		SSL_CTX_clear_extra_chain_certs(ctx);
+ 
+ 		while ((ca = PEM_read_bio_X509(in, NULL,
+-		    ctx->default_passwd_callback,
+-		    ctx->default_passwd_callback_userdata)) != NULL) {
++		    SSL_CTX_get_default_passwd_cb(ctx),
++		    SSL_CTX_get_default_passwd_cb_userdata(ctx))) != NULL) {
+ 			r = SSL_CTX_add_extra_chain_cert(ctx, ca);
+ 			if (!r) {
+ 				X509_free(ca);
+@@ -160,7 +157,7 @@ SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len)
+ 
+ 	in = BIO_new_mem_buf(buf, len);
+ 	if (in == NULL) {
+-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
++		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
+ 		goto end;
+ 	}
+ 
+diff --git a/smtpd/ssl.c b/smtpd/ssl.c
+index b88360eb..0c93d87e 100644
+--- a/smtpd/ssl.c
++++ b/smtpd/ssl.c
+@@ -425,7 +425,7 @@ ssl_ctx_fake_private_key(SSL_CTX *ctx, const void *data, size_t datalen,
+ 	 */
+ 	ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+ 	if (!ret)
+-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_SSL_LIB);
++		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_SYS_LIB);
+ 
+ 	if (pkeyptr != NULL)
+ 		*pkeyptr = pkey;
+diff --git a/smtpd/ssl.h b/smtpd/ssl.h
+index 90f018d0..553120d4 100644
+--- a/smtpd/ssl.h
++++ b/smtpd/ssl.h
+@@ -73,3 +73,17 @@ void	SSL_CTX_set_ecdh_auto(SSL_CTX *, int);
+ void	SSL_CTX_set_dh_auto(SSL_CTX *, int);
+ #endif
+ int SSL_CTX_use_certificate_chain_mem(SSL_CTX *, void *, int);
++
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
++
++static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
++{
++	return ctx->default_passwd_callback;
++}
++
++static inline void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
++{
++	return ctx->default_passwd_callback_userdata;
++}
++
++#endif
diff --git a/mail-mta/opensmtpd/opensmtpd-6.0.3_p1.ebuild b/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r1.ebuild
index b8e388fa4fe1..48e538cad47e 100644
--- a/mail-mta/opensmtpd/opensmtpd-6.0.3_p1.ebuild
+++ b/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -39,6 +39,10 @@ DEPEND="!libressl? ( dev-libs/openssl:0 )
 RDEPEND="${DEPEND}"
 
 S=${WORKDIR}/${P/_}
+PATCHES=(
+	"${FILESDIR}/${P}-fix-crash-on-auth.patch"
+	"${FILESDIR}/${P}-openssl_1.1.patch"
+)
 
 src_configure() {
 	tc-export AR
author	V3n3RiX <venerix@redcorelinux.org>	2019-01-12 16:58:08 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2019-01-12 16:58:08 +0000
commit	c8a77dfe4d3d307c1d5dd2650b7297447d8b609d (patch)
tree	9ea78393bc3ecd6ab4de449383d4e97e5f3648ae /mail-mta/opensmtpd
parent	2891d29af8907ce881662f4a02844926d7a293c7 (diff)