From owner-svn-ports-all@freebsd.org  Mon Feb 24 18:36:51 2020
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 263E823E645;
 Mon, 24 Feb 2020 18:36:51 +0000 (UTC)
 (envelope-from fluffy@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48R9l62yDWz4TXD;
 Mon, 24 Feb 2020 18:36:50 +0000 (UTC)
 (envelope-from fluffy@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3E70F193F;
 Mon, 24 Feb 2020 18:36:50 +0000 (UTC)
 (envelope-from fluffy@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 01OIaoQw004109;
 Mon, 24 Feb 2020 18:36:50 GMT (envelope-from fluffy@FreeBSD.org)
Received: (from fluffy@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 01OIannw004106;
 Mon, 24 Feb 2020 18:36:49 GMT (envelope-from fluffy@FreeBSD.org)
Message-Id: <202002241836.01OIannw004106@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: fluffy set sender to
 fluffy@FreeBSD.org using -f
From: Dima Panov <fluffy@FreeBSD.org>
Date: Mon, 24 Feb 2020 18:36:49 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r527012 - head/mail/opensmtpd
X-SVN-Group: ports-head
X-SVN-Commit-Author: fluffy
X-SVN-Commit-Paths: head/mail/opensmtpd
X-SVN-Commit-Revision: 527012
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2020 18:36:51 -0000

Author: fluffy
Date: Mon Feb 24 18:36:49 2020
New Revision: 527012
URL: https://svnweb.freebsd.org/changeset/ports/527012

Log:
  mail/opensmtpd: update to 6.6.4p1 security releaase
  
  SECURITY RELEASE
  
  An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.
  
  MFH:		2020Q1

Modified:
  head/mail/opensmtpd/Makefile
  head/mail/opensmtpd/distinfo
  head/mail/opensmtpd/pkg-plist

Modified: head/mail/opensmtpd/Makefile
==============================================================================
--- head/mail/opensmtpd/Makefile	Mon Feb 24 18:19:12 2020	(r527011)
+++ head/mail/opensmtpd/Makefile	Mon Feb 24 18:36:49 2020	(r527012)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	opensmtpd
-PORTVERSION=	6.6.3
+PORTVERSION=	6.6.4
 DISTVERSIONSUFFIX=	p1
 PORTEPOCH=	1
 PORTREVISION=	0
@@ -52,7 +52,10 @@ TABLE_DB_CONFIGURE_WITH=	table-db
 
 CONFIGURE_ARGS+=	--with-libasr=${LOCALBASE} \
 			--with-libevent=${LOCALBASE} \
-			--sysconfdir=${PREFIX}/etc/mail/
+			--sysconfdir=${PREFIX}/etc/mail/ \
+			--with-user-smtpd=_smtpd \
+			--with-user-queue=_smtpq \
+			--with-group-queue=_smtpq
 
 .include <bsd.port.pre.mk>
 

Modified: head/mail/opensmtpd/distinfo
==============================================================================
--- head/mail/opensmtpd/distinfo	Mon Feb 24 18:19:12 2020	(r527011)
+++ head/mail/opensmtpd/distinfo	Mon Feb 24 18:36:49 2020	(r527012)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1581434283
-SHA256 (opensmtpd-6.6.3p1.tar.gz) = 9ef7c0eb7ffc5c84dca7651cec69bd7b180014cd5227f6dbc7a303eaa9d41eb7
-SIZE (opensmtpd-6.6.3p1.tar.gz) = 787196
+TIMESTAMP = 1582566329
+SHA256 (opensmtpd-6.6.4p1.tar.gz) = e2f9962a6b99b3cc1572b63a10db648fdca4ad2b58079b680b4202cc7c82d7cf
+SIZE (opensmtpd-6.6.4p1.tar.gz) = 790754

Modified: head/mail/opensmtpd/pkg-plist
==============================================================================
--- head/mail/opensmtpd/pkg-plist	Mon Feb 24 18:19:12 2020	(r527011)
+++ head/mail/opensmtpd/pkg-plist	Mon Feb 24 18:36:49 2020	(r527012)
@@ -8,7 +8,7 @@ libexec/opensmtpd/mail.maildir
 libexec/opensmtpd/mail.mboxfile
 libexec/opensmtpd/mail.mda
 %%TABLE_DB%%libexec/opensmtpd/makemap
-@(,,2555) sbin/smtpctl
+@(,_smtpq,2555) sbin/smtpctl
 sbin/smtpd
 man/man1/smtp.1.gz
 man/man5/aliases.5.gz