6 files changed, 190 insertions, 6 deletions
diff --git a/network/opensmtpd/fix-crash-on-authentication.patch b/network/opensmtpd/fix-crash-on-authentication.patch
new file mode 100644
index 0000000000..c20b5e0a0e
--- /dev/null
+++ b/network/opensmtpd/fix-crash-on-authentication.patch
@@ -0,0 +1,43 @@
+From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001
+From: johannes <johannes.brechtmann@gmail.com>
+Date: Wed, 21 Feb 2018 23:57:11 +0100
+Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL
+ check
+
+---
+ openbsd-compat/crypt_checkpass.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c
+index dafd2dae..d10b3a57 100644
+--- a/openbsd-compat/crypt_checkpass.c
++++ b/openbsd-compat/crypt_checkpass.c
+@@ -1,5 +1,6 @@
+ /* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */
+ 
++#include "includes.h"
+ #include <errno.h>
+ #ifdef HAVE_CRYPT_H
+ #include <crypt.h>
+@@ -10,6 +11,8 @@
+ int
+ crypt_checkpass(const char *pass, const char *goodhash)
+ {
++	char *c;
++
+ 	if (goodhash == NULL)
+ 		goto fail;
+ 
+@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash)
+ 	if (strlen(goodhash) == 0 && strlen(pass) == 0)
+ 		return 0;
+ 
+-	if (strcmp(crypt(pass, goodhash), goodhash) == 0)
++	c = crypt(pass, goodhash);
++	if (c == NULL)
++		goto fail;
++
++	if (strcmp(c, goodhash) == 0)
+ 		return 0;
+ 
+ fail:
diff --git a/network/opensmtpd/openbsd64-020-smtpd.patch b/network/opensmtpd/openbsd64-020-smtpd.patch
new file mode 100644
index 0000000000..8ce7178da8
--- /dev/null
+++ b/network/opensmtpd/openbsd64-020-smtpd.patch
@@ -0,0 +1,31 @@
+OpenBSD 6.4 errata 020, August 2, 2019
+
+smtpd can crash on excessively large input, causing a denial of service.
+
+--- a/smtpd/smtp_session.c	3 Sep 2018 19:01:29 -0000	1.337
++++ b/smtpd/smtp_session.c	1 Aug 2019 21:18:53 -0000
+@@ -1904,15 +1904,21 @@ smtp_reply(struct smtp_session *s, char 
+ {
+ 	va_list	 ap;
+ 	int	 n;
+-	char	 buf[LINE_MAX], tmp[LINE_MAX];
++	char	 buf[LINE_MAX*2], tmp[LINE_MAX*2];
+ 
+ 	va_start(ap, fmt);
+ 	n = vsnprintf(buf, sizeof buf, fmt, ap);
+ 	va_end(ap);
+-	if (n == -1 || n >= LINE_MAX)
+-		fatalx("smtp_reply: line too long");
++	if (n < 0)
++		fatalx("smtp_reply: response format error");
+ 	if (n < 4)
+ 		fatalx("smtp_reply: response too short");
++	if (n >= (int)sizeof buf) {
++		/* only first three bytes are used by SMTP logic,
++		 * so if _our_ reply does not fit entirely in the
++		 * buffer, it's ok to truncate.
++		 */
++	}
+ 
+ 	log_trace(TRACE_SMTP, "smtp: %p: >>> %s", s, buf);
+ 
diff --git a/network/opensmtpd/openbsd65-029-smptd-tls.patch b/network/opensmtpd/openbsd65-029-smptd-tls.patch
new file mode 100644
index 0000000000..a2727decf8
--- /dev/null
+++ b/network/opensmtpd/openbsd65-029-smptd-tls.patch
@@ -0,0 +1,52 @@
+OpenBSD 6.5 errata 029, January 30, 2020:
+
+smtpd can crash on opportunistic TLS downgrade, causing a denial of service.
+
+--- usr.sbin/smtpd/mta_session.c	23 Dec 2018 16:37:53 -0000	1.115
++++ usr.sbin/smtpd/mta_session.c	20 Jan 2020 10:36:58 -0000
+@@ -1292,40 +1292,20 @@ mta_io(struct io *io, int evt, void *arg
+ 		break;
+ 
+ 	case IO_ERROR:
++	case IO_TLSERROR:
+ 		log_debug("debug: mta: %p: IO error: %s", s, io_error(io));
+-		if (!s->ready) {
+-			mta_error(s, "IO Error: %s", io_error(io));
+-			mta_connect(s);
+-			break;
+-		}
+-		else if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) {
+-			/* error in non-strict SSL negotiation, downgrade to plain */
+-			if (s->flags & MTA_TLS) {
+-				log_info("smtp-out: Error on session %016"PRIx64
+-				    ": opportunistic TLS failed, "
+-				    "downgrading to plain", s->id);
+-				s->flags &= ~MTA_TLS;
+-				s->flags |= MTA_DOWNGRADE_PLAIN;
+-				mta_connect(s);
+-				break;
+-			}
+-		}
+-		mta_error(s, "IO Error: %s", io_error(io));
+-		mta_free(s);
+-		break;
+ 
+-	case IO_TLSERROR:
+-		log_debug("debug: mta: %p: TLS IO error: %s", s, io_error(io));
+-		if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) {
++		if (s->state == MTA_STARTTLS && s->use_smtp_tls) {
+ 			/* error in non-strict SSL negotiation, downgrade to plain */
+-			log_info("smtp-out: TLS Error on session %016"PRIx64
+-			    ": TLS failed, "
++			log_info("smtp-out: Error on session %016"PRIx64
++			    ": opportunistic TLS failed, "
+ 			    "downgrading to plain", s->id);
+ 			s->flags &= ~MTA_TLS;
+ 			s->flags |= MTA_DOWNGRADE_PLAIN;
+ 			mta_connect(s);
+ 			break;
+ 		}
++
+ 		mta_error(s, "IO Error: %s", io_error(io));
+ 		mta_free(s);
+ 		break;
diff --git a/network/opensmtpd/openbsd66-019-smtpd-exec.patch b/network/opensmtpd/openbsd66-019-smtpd-exec.patch
new file mode 100644
index 0000000000..93ce19dcb1
--- /dev/null
+++ b/network/opensmtpd/openbsd66-019-smtpd-exec.patch
@@ -0,0 +1,46 @@
+OpenBSD 6.6 errata 019, January 30, 2020:
+
+An incorrect check allows an attacker to trick mbox delivery into executing
+arbitrary commands as root and lmtp delivery into executing arbitrary commands
+as an unprivileged user.
+
+--- usr.sbin/smtpd/smtp_session.c	4 Oct 2019 08:34:29 -0000	1.415
++++ usr.sbin/smtpd/smtp_session.c	26 Jan 2020 05:56:37 -0000
+@@ -2012,24 +2012,22 @@ smtp_mailaddr(struct mailaddr *maddr, ch
+ 		memmove(maddr->user, p, strlen(p) + 1);
+ 	}
+ 
+-	if (!valid_localpart(maddr->user) ||
+-	    !valid_domainpart(maddr->domain)) {
+-		/* accept empty return-path in MAIL FROM, required for bounces */
+-		if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0')
+-			return (1);
++	/* accept empty return-path in MAIL FROM, required for bounces */
++	if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0')
++		return (1);
+ 
+-		/* no user-part, reject */
+-		if (maddr->user[0] == '\0')
+-			return (0);
+-
+-		/* no domain, local user */
+-		if (maddr->domain[0] == '\0') {
+-			(void)strlcpy(maddr->domain, domain,
+-			    sizeof(maddr->domain));
+-			return (1);
+-		}
++	/* no or invalid user-part, reject */
++	if (maddr->user[0] == '\0' || !valid_localpart(maddr->user))
+ 		return (0);
++
++	/* no domain part, local user */
++	if (maddr->domain[0] == '\0') {
++		(void)strlcpy(maddr->domain, domain,
++			sizeof(maddr->domain));
+ 	}
++
++	if (!valid_domainpart(maddr->domain))
++		return (0);
+ 
+ 	return (1);
+ }
diff --git a/network/opensmtpd/opensmtpd.SlackBuild b/network/opensmtpd/opensmtpd.SlackBuild
index c1dfd8d7d6..052a1fcf03 100644
--- a/network/opensmtpd/opensmtpd.SlackBuild
+++ b/network/opensmtpd/opensmtpd.SlackBuild
@@ -24,8 +24,8 @@
 #  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 PRGNAM=opensmtpd
-VERSION=${VERSION:-6.6.2p1}
-BUILD=${BUILD:-1}
+VERSION=${VERSION:-6.0.3p1}
+BUILD=${BUILD:-5}
 TAG=${TAG:-_SBo}
 
 if [ -z "$ARCH" ]; then
@@ -92,6 +92,18 @@ find -L . \
  \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
   -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
 
+# fix reply buffer overflow
+cat $CWD/openbsd64-020-smtpd.patch | patch -p1
+
+# fix tls downgrade
+cat $CWD/openbsd65-029-smptd-tls.patch | patch -p1
+
+# fix exec
+cat $CWD/openbsd66-019-smtpd-exec.patch | patch -p1
+
+# check null from crypt function
+cat $CWD/fix-crash-on-authentication.patch | patch -p1
+
 CFLAGS="$SLKCFLAGS -D_DEFAULT_SOURCE" \
 CXXFLAGS="$SLKCFLAGS" \
 ./configure \
@@ -161,7 +173,7 @@ find $PKG/usr/man -type f -exec gzip -9 {} \;
 for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
 
 mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
-cp -a INSTALL LICENSE README.md $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a INSTALL LICENSE README.md THANKS $PKG/usr/doc/$PRGNAM-$VERSION
 cat $CWD/README             > $PKG/usr/doc/$PRGNAM-$VERSION/README.slackware
 cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
 
diff --git a/network/opensmtpd/opensmtpd.info b/network/opensmtpd/opensmtpd.info
index 4254ccf736..0930880299 100644
--- a/network/opensmtpd/opensmtpd.info
+++ b/network/opensmtpd/opensmtpd.info
@@ -1,8 +1,8 @@
 PRGNAM="opensmtpd"
-VERSION="6.6.2p1"
+VERSION="6.0.3p1"
 HOMEPAGE="https://www.opensmtpd.org/"
-DOWNLOAD="https://www.opensmtpd.org/archives/opensmtpd-6.6.2p1.tar.gz"
-MD5SUM="bd29619f56c009a4eb4879304771822b"
+DOWNLOAD="https://www.opensmtpd.org/archives/opensmtpd-6.0.3p1.tar.gz"
+MD5SUM="66e496bb0f3303d660744f4fa2178765"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
 REQUIRES="libasr"