20200307.1 global branch merge.current-20200307.1

Signed-off-by: Matteo Bernardini <ponce@slackbuilds.org>
author: Matteo Bernardini 2020-03-07 10:13:09 +0100
committer: Matteo Bernardini 2020-03-07 10:13:09 +0100
commit: 5a5dc1dabed18903b66c8a315dad1f8b753047a7 (patch)
tree: 70960ec22120e2b2947c2f7faba00ccf24069880 /network/opensmtpd/openbsd65-029-smptd-tls.patch
parent: 1cd68324729b0dc6aceaa8a9a64c3f1afc36d9fd (diff)
download: slackbuilds-current-20200307.1.tar.gz
1 files changed, 0 insertions, 52 deletions
diff --git a/network/opensmtpd/openbsd65-029-smptd-tls.patch b/network/opensmtpd/openbsd65-029-smptd-tls.patch
deleted file mode 100644
index a2727decf8..0000000000
--- a/network/opensmtpd/openbsd65-029-smptd-tls.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-OpenBSD 6.5 errata 029, January 30, 2020:
-
-smtpd can crash on opportunistic TLS downgrade, causing a denial of service.
-
---- usr.sbin/smtpd/mta_session.c	23 Dec 2018 16:37:53 -0000	1.115
-+++ usr.sbin/smtpd/mta_session.c	20 Jan 2020 10:36:58 -0000
-@@ -1292,40 +1292,20 @@ mta_io(struct io *io, int evt, void *arg
- 		break;
- 
- 	case IO_ERROR:
-+	case IO_TLSERROR:
- 		log_debug("debug: mta: %p: IO error: %s", s, io_error(io));
--		if (!s->ready) {
--			mta_error(s, "IO Error: %s", io_error(io));
--			mta_connect(s);
--			break;
--		}
--		else if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) {
--			/* error in non-strict SSL negotiation, downgrade to plain */
--			if (s->flags & MTA_TLS) {
--				log_info("smtp-out: Error on session %016"PRIx64
--				    ": opportunistic TLS failed, "
--				    "downgrading to plain", s->id);
--				s->flags &= ~MTA_TLS;
--				s->flags |= MTA_DOWNGRADE_PLAIN;
--				mta_connect(s);
--				break;
--			}
--		}
--		mta_error(s, "IO Error: %s", io_error(io));
--		mta_free(s);
--		break;
- 
--	case IO_TLSERROR:
--		log_debug("debug: mta: %p: TLS IO error: %s", s, io_error(io));
--		if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) {
-+		if (s->state == MTA_STARTTLS && s->use_smtp_tls) {
- 			/* error in non-strict SSL negotiation, downgrade to plain */
--			log_info("smtp-out: TLS Error on session %016"PRIx64
--			    ": TLS failed, "
-+			log_info("smtp-out: Error on session %016"PRIx64
-+			    ": opportunistic TLS failed, "
- 			    "downgrading to plain", s->id);
- 			s->flags &= ~MTA_TLS;
- 			s->flags |= MTA_DOWNGRADE_PLAIN;
- 			mta_connect(s);
- 			break;
- 		}
-+
- 		mta_error(s, "IO Error: %s", io_error(io));
- 		mta_free(s);
- 		break;
author	Matteo Bernardini	2020-03-07 10:13:09 +0100
committer	Matteo Bernardini	2020-03-07 10:13:09 +0100
commit	5a5dc1dabed18903b66c8a315dad1f8b753047a7 (patch)
tree	70960ec22120e2b2947c2f7faba00ccf24069880 /network/opensmtpd/openbsd65-029-smptd-tls.patch
parent	1cd68324729b0dc6aceaa8a9a64c3f1afc36d9fd (diff)
download	slackbuilds-current-20200307.1.tar.gz