From owner-freebsd-ports@FreeBSD.ORG Mon May 10 22:46:19 2010 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CC54B106564A; Mon, 10 May 2010 22:46:19 +0000 (UTC) (envelope-from ted@pat.io.com) Received: from pat.io.com (pat.io.com [209.198.147.18]) by mx1.freebsd.org (Postfix) with ESMTP id 95A238FC12; Mon, 10 May 2010 22:46:19 +0000 (UTC) Received: from pat.io.com (pat.io.com [209.198.147.18]) (authenticated bits=0) by pat.io.com (8.14.4/8.14.4) with ESMTP id o4AMIAgM007671 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 10 May 2010 17:18:10 -0500 (CDT) (envelope-from ted@pat.io.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pat.io.com; s=pat2; t=1273529890; bh=9nqxCtTkxTEhtqX+TanBDd7pBbl403iNJyPXv6y+KKk=; l=1; h=Date:From:To:cc:Subject:In-Reply-To:Message-ID:References: MIME-Version:Content-Type; b=YVXiWOXlA26myLFY9wpP/fj8L6O3pAOCaL9l7rlTEQNm7EsaztklRhYAr/TXaS7Tr m3I622oj0IC5HDftT/s2hVWkN8v7z+3YVuH+hArHyQPnpcMxJf9XNKx5pyNHkA4Hnj zvyEvdLRppJQKGwjFJmh4t7xl5lwaBHGw1G2SEtE= Date: Mon, 10 May 2010 17:18:10 -0500 (CDT) From: Ted Hatfield To: Niels Heinen In-Reply-To: <4BE86726.4080601@FreeBSD.org> Message-ID: References: <4BE86726.4080601@FreeBSD.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Virus-Scanned: clamav-milter 0.96 at pat.io.com X-Virus-Status: Clean Cc: freebsd-ports@freebsd.org Subject: Re: spamass-milter-0.3.1_9 leaving open zombie processes. X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2010 22:46:20 -0000 Forgive my ignorance and the long rambling email below. I have limited knowledge of the intricacies of diff and the patching process so I'm not sure exactly what you are asking for when you say "Can you perhaps send me a port diff?". Here is a full description of the process I went through to get the milter running on my servers. Because I did not know which patches you had already applied to the port nor where you had obtained them, I determined that I would need to patch a copy of the original source by hand with the patches I found at the savannah.nongnu.org website. I downloaded the original source from the savannah.nongnu.org mirror site. I then applied the two patches I listed below to the original source and verified that it would "configure" and "make" properly. These patches can be obtained from http://savannah.nongnu.org/bugs/?29326 file #20020 and file #20284. Once I know that this was working properly I then verified that the distfile the port was downloading was the same as the source I downloaded from the savannah.nongnu.org repository. This convinced me that I could modify the patch files in the /usr/ports/mail/spamass-milter/files folder. Each of the patch files I downloaded from savannah.nongnu.org consisted of a combined diff for the files spamass-milter.cpp and spamass-milter.h. I then separated each individual patch file into separate pieces. I combined those separate pieces together into two new patch files that I used to replace: (note that I said REPLACED) /usr/ports/mail/spamass-milter/files/patch-spamass-milter.cpp /usr/ports/mail/spamass-milter/files/patch-spamass-milter.h Although this "new" port is running on my servers and it appears to have fixed both the security flaw and the zombie process bug, I'm uncertain if I have opened up any other security hole or bug in the process, because I don't know what other patches you had in place that I removed nor what their purpose was. I sent my original email both as a way of informing the port maintainer of the problem as well as a link to the code that purported to fix the problem, hoping that you would have a better idea of what else I might have broken when I "fixed" the problem. If you require something from me that I can provide please let me know and I'll do my best to get it to you. Thanks, Ted Hatfield On Mon, 10 May 2010, Niels Heinen wrote: > Hi Ted, > > Thanks for pointing this out! > Can you perhaps send me a port diff? (will shorten the ETA) > > Thanks, > Niels > > On 05/10/10 21:07, Ted Hatfield wrote: >> >> spamass-milter-0.3.0_9 appears to be an update to fix the security >> vulnerability referenced by CVE-2010-1132. >> >> However the patch installed for this vulnerability fails to close >> processes properly and spamass-milter leaves a large number of zombie >> processes open until the milter is restarted. >> >> Rather than wait for the port maintainer to update this port we >> installed the patches found at http://savannah.nongnu.org/bugs/?29326 >> >> Specifically >> file #20020: spamass-milter-0.3.1-syntax.patch >> file #20284: spamass-milter-0.3.1-popen.patch >> >> If anyone wants to see tham I have included the patches I used. >> >> Does anyone have an ETA for an official update. >> >> Thank, >> >> Ted Hatfield >> PrismNet Ltd. >> IO.COM. >> >> >> >> _______________________________________________ >> freebsd-ports@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ports >> To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" > > -- > Niels Heinen > FreeBSD committer | www.freebsd.org > PGP: 0x5FE39B80 > > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" >