diff options
author | salo <salo@pkgsrc.org> | 2006-03-24 16:12:18 +0000 |
---|---|---|
committer | salo <salo@pkgsrc.org> | 2006-03-24 16:12:18 +0000 |
commit | 5b376471b4e1342c35981fce4ea8c8ade1d666e1 (patch) | |
tree | 474e77667cf222bd3eb9ee7809970c5ca3a3234c | |
parent | 9be1823441cc59de35f018796bdad13e112e943c (diff) | |
download | pkgsrc-5b376471b4e1342c35981fce4ea8c8ade1d666e1.tar.gz |
Pullup ticket 1255 - requested by Todd Vierling
security fix for sendmail
Revisions pulled up:
- pkgsrc/mail/sendmail/Makefile 1.84
- pkgsrc/mail/sendmail/Makefile.common 1.32
- pkgsrc/mail/sendmail/distinfo 1.27
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Mar 22 19:56:37 UTC 2006
Modified Files:
pkgsrc/mail/sendmail: Makefile Makefile.common distinfo
Log Message:
Update sendmail to address the current security issue
Bump to nb2
This will change the internal version of sendmail to 8.13.5.20060308
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
-rw-r--r-- | mail/sendmail/Makefile | 3 | ||||
-rw-r--r-- | mail/sendmail/Makefile.common | 5 | ||||
-rw-r--r-- | mail/sendmail/distinfo | 5 |
3 files changed, 10 insertions, 3 deletions
diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile index eaf992449ec..22112d15d66 100644 --- a/mail/sendmail/Makefile +++ b/mail/sendmail/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.80 2005/12/05 20:50:35 rillig Exp $ +# $NetBSD: Makefile,v 1.80.2.1 2006/03/24 16:12:18 salo Exp $ .include "../../mail/sendmail/Makefile.common" PKGNAME= sendmail-${DIST_VERS} +PKGREVISION= 2 COMMENT= The well known Mail Transport Agent CONFLICTS+= postfix-[0-9]* fastforward>=0.51nb2 diff --git a/mail/sendmail/Makefile.common b/mail/sendmail/Makefile.common index 73fea46e4dc..8d561278b63 100644 --- a/mail/sendmail/Makefile.common +++ b/mail/sendmail/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.30 2005/12/05 20:50:35 rillig Exp $ +# $NetBSD: Makefile.common,v 1.30.2.1 2006/03/24 16:12:18 salo Exp $ # # Makefile fragment shared with libmilter # @@ -9,6 +9,9 @@ MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/ \ ftp://ftp.fu-berlin.de/pub/unix/mail/sendmail/ \ ftp://ftp.ayamura.org/pub/sendmail/ +PATCH_SITES= ${MASTER_SITES} +PATCHFILES= 8.13.5.p0 + MAINTAINER= adrianp@NetBSD.org HOMEPAGE= http://www.sendmail.org/ diff --git a/mail/sendmail/distinfo b/mail/sendmail/distinfo index df534eab5b0..82e47318566 100644 --- a/mail/sendmail/distinfo +++ b/mail/sendmail/distinfo @@ -1,8 +1,11 @@ -$NetBSD: distinfo,v 1.25 2005/11/29 15:27:03 adrianp Exp $ +$NetBSD: distinfo,v 1.25.2.1 2006/03/24 16:12:18 salo Exp $ SHA1 (sendmail.8.13.5.tar.gz) = 3c6a6caf1deaf960b340b03128df63e4cd553cde RMD160 (sendmail.8.13.5.tar.gz) = 976af4c8c02adb7dd4a2610f905e91027c84d92d Size (sendmail.8.13.5.tar.gz) = 1978185 bytes +SHA1 (8.13.5.p0) = 34dfcf80717cb5c48687779ab96fda71e5d7771b +RMD160 (8.13.5.p0) = 639931160ecb4a0aec3279c3d22353982ecfcf38 +Size (8.13.5.p0) = 72693 bytes SHA1 (patch-aa) = b7ceece7760e3d637016da039f8429c1fb89f2cf SHA1 (patch-ab) = a2abf6e78772e257e2a1973e7730159ff24a91aa SHA1 (patch-ac) = 96c19300b4188dbcbd202768eea912f675dadc27 |