Date: Mon, 24 Feb 2020 18:36:49 +0000 (UTC) From: Dima Panov <fluffy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r527012 - head/mail/opensmtpd Message-ID: <202002241836.01OIannw004106@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: fluffy Date: Mon Feb 24 18:36:49 2020 New Revision: 527012 URL: https://svnweb.freebsd.org/changeset/ports/527012 Log: mail/opensmtpd: update to 6.6.4p1 security releaase SECURITY RELEASE An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. MFH: 2020Q1 Modified: head/mail/opensmtpd/Makefile head/mail/opensmtpd/distinfo head/mail/opensmtpd/pkg-plist Modified: head/mail/opensmtpd/Makefile ============================================================================== --- head/mail/opensmtpd/Makefile Mon Feb 24 18:19:12 2020 (r527011) +++ head/mail/opensmtpd/Makefile Mon Feb 24 18:36:49 2020 (r527012) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= opensmtpd -PORTVERSION= 6.6.3 +PORTVERSION= 6.6.4 DISTVERSIONSUFFIX= p1 PORTEPOCH= 1 PORTREVISION= 0 @@ -52,7 +52,10 @@ TABLE_DB_CONFIGURE_WITH= table-db CONFIGURE_ARGS+= --with-libasr=${LOCALBASE} \ --with-libevent=${LOCALBASE} \ - --sysconfdir=${PREFIX}/etc/mail/ + --sysconfdir=${PREFIX}/etc/mail/ \ + --with-user-smtpd=_smtpd \ + --with-user-queue=_smtpq \ + --with-group-queue=_smtpq .include <bsd.port.pre.mk> Modified: head/mail/opensmtpd/distinfo ============================================================================== --- head/mail/opensmtpd/distinfo Mon Feb 24 18:19:12 2020 (r527011) +++ head/mail/opensmtpd/distinfo Mon Feb 24 18:36:49 2020 (r527012) @@ -1,3 +1,3 @@ -TIMESTAMP = 1581434283 -SHA256 (opensmtpd-6.6.3p1.tar.gz) = 9ef7c0eb7ffc5c84dca7651cec69bd7b180014cd5227f6dbc7a303eaa9d41eb7 -SIZE (opensmtpd-6.6.3p1.tar.gz) = 787196 +TIMESTAMP = 1582566329 +SHA256 (opensmtpd-6.6.4p1.tar.gz) = e2f9962a6b99b3cc1572b63a10db648fdca4ad2b58079b680b4202cc7c82d7cf +SIZE (opensmtpd-6.6.4p1.tar.gz) = 790754 Modified: head/mail/opensmtpd/pkg-plist ============================================================================== --- head/mail/opensmtpd/pkg-plist Mon Feb 24 18:19:12 2020 (r527011) +++ head/mail/opensmtpd/pkg-plist Mon Feb 24 18:36:49 2020 (r527012) @@ -8,7 +8,7 @@ libexec/opensmtpd/mail.maildir libexec/opensmtpd/mail.mboxfile libexec/opensmtpd/mail.mda %%TABLE_DB%%libexec/opensmtpd/makemap -@(,,2555) sbin/smtpctl +@(,_smtpq,2555) sbin/smtpctl sbin/smtpd man/man1/smtp.1.gz man/man5/aliases.5.gz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002241836.01OIannw004106>