diff options
| author | salo <salo> | 2006-03-24 16:11:16 +0000 |
|---|---|---|
| committer | salo <salo> | 2006-03-24 16:11:16 +0000 |
| commit | 4e26996518be5098791e0570d1a930b30e95c905 (patch) | |
| tree | 0394a0b7520439dea471ea12c45ea8e0a26960cc | |
| parent | 9d093ef34f2ffcd874f120fe4233b3497cf72284 (diff) | |
| download | pkgsrc-4e26996518be5098791e0570d1a930b30e95c905.tar.gz | |
Pullup ticket 1254 - requested by Todd Vierling
security fix for sendmail812
Revisions pulled up:
- pkgsrc/mail/sendmail812/Makefile 1.8
- pkgsrc/mail/sendmail812/Makefile.common 1.10
- pkgsrc/mail/sendmail812/distinfo 1.4
Module Name: pkgsrc
Committed By: tv
Date: Wed Mar 22 21:19:06 UTC 2006
Modified Files:
pkgsrc/mail/sendmail812: Makefile Makefile.common distinfo
Log Message:
Update sendmail (with vendor patch) to address the current security issue:
http://www.kb.cert.org/vuls/id/834865
Bump to nb2.
This will change the internal version of sendmail to 8.12.11.20060308.
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
| -rw-r--r-- | mail/sendmail812/Makefile | 4 | ||||
| -rw-r--r-- | mail/sendmail812/Makefile.common | 5 | ||||
| -rw-r--r-- | mail/sendmail812/distinfo | 5 |
3 files changed, 10 insertions, 4 deletions
diff --git a/mail/sendmail812/Makefile b/mail/sendmail812/Makefile index 3fb4a77777a..dd8c8929a12 100644 --- a/mail/sendmail812/Makefile +++ b/mail/sendmail812/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.6 2005/08/23 11:48:49 rillig Exp $ +# $NetBSD: Makefile,v 1.6.4.1 2006/03/24 16:11:16 salo Exp $ .include "options.mk" .include "../../mail/sendmail812/Makefile.common" PKGNAME= sendmail-${DIST_VERS} -PKGREVISION= 1 +PKGREVISION= 2 COMMENT= The well known Mail Transport Agent CONFLICTS+= postfix-[0-9]* fastforward>=0.51nb2 diff --git a/mail/sendmail812/Makefile.common b/mail/sendmail812/Makefile.common index df353e8a484..30b7df9176f 100644 --- a/mail/sendmail812/Makefile.common +++ b/mail/sendmail812/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.9 2005/12/05 20:50:35 rillig Exp $ +# $NetBSD: Makefile.common,v 1.9.2.1 2006/03/24 16:11:16 salo Exp $ # # Makefile fragment shared with libmilter # @@ -9,6 +9,9 @@ MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/ \ ftp://ftp.fu-berlin.de/pub/unix/mail/sendmail/ \ ftp://ftp.kyoto.wide.ad.jp/pub/mail/sendmail/ +PATCH_SITES= ${MASTER_SITES} +PATCHFILES= 8.12.11.p0 + MAINTAINER= adrianp@NetBSD.org HOMEPAGE= http://www.sendmail.org/ diff --git a/mail/sendmail812/distinfo b/mail/sendmail812/distinfo index 5317650c6e4..a98bf6ce13a 100644 --- a/mail/sendmail812/distinfo +++ b/mail/sendmail812/distinfo @@ -1,8 +1,11 @@ -$NetBSD: distinfo,v 1.3 2005/09/08 22:32:39 abs Exp $ +$NetBSD: distinfo,v 1.3.4.1 2006/03/24 16:11:16 salo Exp $ SHA1 (sendmail.8.12.11.tar.gz) = ce1ba0e50740c548f8555f1a905d8514e6637f95 RMD160 (sendmail.8.12.11.tar.gz) = a80ceccbe3425ea01ce6cb89f2226f83b3562b64 Size (sendmail.8.12.11.tar.gz) = 1899112 bytes +SHA1 (8.12.11.p0) = aeef47bf434c13d91ba1c1e777cf81a2ba283290 +RMD160 (8.12.11.p0) = 267afdf9abc4636d0750bddf3b7bd16fe9b2fd5b +Size (8.12.11.p0) = 71804 bytes SHA1 (patch-aa) = cf9a68f5e6d6fd6e13a806a7d1e6ebab18fc9c6f SHA1 (patch-ab) = a2abf6e78772e257e2a1973e7730159ff24a91aa SHA1 (patch-ac) = 96c19300b4188dbcbd202768eea912f675dadc27 |