summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoradrianp <adrianp>2006-03-22 19:56:36 +0000
committeradrianp <adrianp>2006-03-22 19:56:36 +0000
commit4f013f56b19e745193a57948ec9a7009027e9399 (patch)
treeba578df363c3fc962918bea9643045fabe9c5a14
parent5c14c1e9888e81a7198c4dbfbad6cdd8a72c11ca (diff)
downloadpkgsrc-4f013f56b19e745193a57948ec9a7009027e9399.tar.gz
Update sendmail to address the current security issue
Bump to nb2 This will change the internal version of sendmail to 8.13.5.20060308 > SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server > and client side of sendmail with timeouts in the libsm I/O > layer and fix problems in that code. Also fix handling of > a buffer in sm_syslog() which could have been used as an > attack vector to exploit the unsafe handling of > setjmp(3)/longjmp(3) in combination with signals. > Problem detected by Mark Dowd of ISS X-Force. > Handle theoretical integer overflows that could triggered if > the server accepted headers larger than the maximum > (signed) integer value. This is prevented in the default > configuration by restricting the size of a header, and on > most machines memory allocations would fail before reaching > those values. Problems found by Phil Brass of ISS.
-rw-r--r--mail/sendmail/Makefile4
-rw-r--r--mail/sendmail/Makefile.common5
-rw-r--r--mail/sendmail/distinfo5
3 files changed, 10 insertions, 4 deletions
diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile
index 2b7fb2dfd85..108a61e152b 100644
--- a/mail/sendmail/Makefile
+++ b/mail/sendmail/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.83 2006/01/23 17:28:41 tv Exp $
+# $NetBSD: Makefile,v 1.84 2006/03/22 19:56:36 adrianp Exp $
.include "../../mail/sendmail/Makefile.common"
PKGNAME= sendmail-${DIST_VERS}
-PKGREVISION= 1
+PKGREVISION= 2
COMMENT= The well known Mail Transport Agent
CONFLICTS+= postfix-[0-9]* fastforward>=0.51nb2
diff --git a/mail/sendmail/Makefile.common b/mail/sendmail/Makefile.common
index 40248e94347..211957bbe72 100644
--- a/mail/sendmail/Makefile.common
+++ b/mail/sendmail/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.31 2006/01/08 16:16:00 joerg Exp $
+# $NetBSD: Makefile.common,v 1.32 2006/03/22 19:56:36 adrianp Exp $
#
# Makefile fragment shared with libmilter
#
@@ -9,6 +9,9 @@ MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/ \
ftp://ftp.fu-berlin.de/pub/unix/mail/sendmail/ \
ftp://ftp.ayamura.org/pub/sendmail/
+PATCH_SITES= ${MASTER_SITES}
+PATCHFILES= 8.13.5.p0
+
MAINTAINER= adrianp@NetBSD.org
HOMEPAGE= http://www.sendmail.org/
diff --git a/mail/sendmail/distinfo b/mail/sendmail/distinfo
index c36d52eef43..21e58f3d5d4 100644
--- a/mail/sendmail/distinfo
+++ b/mail/sendmail/distinfo
@@ -1,8 +1,11 @@
-$NetBSD: distinfo,v 1.26 2006/01/18 21:00:48 adrianp Exp $
+$NetBSD: distinfo,v 1.27 2006/03/22 19:56:36 adrianp Exp $
SHA1 (sendmail.8.13.5.tar.gz) = 3c6a6caf1deaf960b340b03128df63e4cd553cde
RMD160 (sendmail.8.13.5.tar.gz) = 976af4c8c02adb7dd4a2610f905e91027c84d92d
Size (sendmail.8.13.5.tar.gz) = 1978185 bytes
+SHA1 (8.13.5.p0) = 34dfcf80717cb5c48687779ab96fda71e5d7771b
+RMD160 (8.13.5.p0) = 639931160ecb4a0aec3279c3d22353982ecfcf38
+Size (8.13.5.p0) = 72693 bytes
SHA1 (patch-aa) = b7ceece7760e3d637016da039f8429c1fb89f2cf
SHA1 (patch-ab) = a2abf6e78772e257e2a1973e7730159ff24a91aa
SHA1 (patch-ac) = 96c19300b4188dbcbd202768eea912f675dadc27