From owner-svn-ports-all@freebsd.org  Tue Feb 25 03:23:01 2020
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1724424F08F;
 Tue, 25 Feb 2020 03:23:01 +0000 (UTC)
 (envelope-from fluffy@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48RPQD6Y5Kz3NRR;
 Tue, 25 Feb 2020 03:23:00 +0000 (UTC)
 (envelope-from fluffy@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CF93C80AE;
 Tue, 25 Feb 2020 03:23:00 +0000 (UTC)
 (envelope-from fluffy@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 01P3N0Bm026555;
 Tue, 25 Feb 2020 03:23:00 GMT (envelope-from fluffy@FreeBSD.org)
Received: (from fluffy@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 01P3N0Kp026553;
 Tue, 25 Feb 2020 03:23:00 GMT (envelope-from fluffy@FreeBSD.org)
Message-Id: <202002250323.01P3N0Kp026553@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: fluffy set sender to
 fluffy@FreeBSD.org using -f
From: Dima Panov <fluffy@FreeBSD.org>
Date: Tue, 25 Feb 2020 03:23:00 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-branches@freebsd.org
Subject: svn commit: r527062 - branches/2020Q1/mail/opensmtpd
X-SVN-Group: ports-branches
X-SVN-Commit-Author: fluffy
X-SVN-Commit-Paths: branches/2020Q1/mail/opensmtpd
X-SVN-Commit-Revision: 527062
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2020 03:23:01 -0000

Author: fluffy
Date: Tue Feb 25 03:22:59 2020
New Revision: 527062
URL: https://svnweb.freebsd.org/changeset/ports/527062

Log:
  MFH: r527012
  
  mail/opensmtpd: update to 6.6.4p1 security releaase
  
  SECURITY RELEASE
  
  An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.
  
  Approved by:	ports-secteam (joneum)
  Security:	CVE-2020-8793, CVE-2020-8794

Modified:
  branches/2020Q1/mail/opensmtpd/Makefile
  branches/2020Q1/mail/opensmtpd/distinfo
  branches/2020Q1/mail/opensmtpd/pkg-plist
Directory Properties:
  branches/2020Q1/   (props changed)

Modified: branches/2020Q1/mail/opensmtpd/Makefile
==============================================================================
--- branches/2020Q1/mail/opensmtpd/Makefile	Tue Feb 25 03:20:58 2020	(r527061)
+++ branches/2020Q1/mail/opensmtpd/Makefile	Tue Feb 25 03:22:59 2020	(r527062)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	opensmtpd
-PORTVERSION=	6.6.3
+PORTVERSION=	6.6.4
 DISTVERSIONSUFFIX=	p1
 PORTEPOCH=	1
 PORTREVISION=	0
@@ -55,7 +55,10 @@ TABLE_DB_CONFIGURE_WITH=	table-db
 
 CONFIGURE_ARGS+=	--with-libasr=${LOCALBASE} \
 			--with-libevent=${LOCALBASE} \
-			--sysconfdir=${PREFIX}/etc/mail/
+			--sysconfdir=${PREFIX}/etc/mail/ \
+			--with-user-smtpd=_smtpd \
+			--with-user-queue=_smtpq \
+			--with-group-queue=_smtpq
 
 .include <bsd.port.pre.mk>
 

Modified: branches/2020Q1/mail/opensmtpd/distinfo
==============================================================================
--- branches/2020Q1/mail/opensmtpd/distinfo	Tue Feb 25 03:20:58 2020	(r527061)
+++ branches/2020Q1/mail/opensmtpd/distinfo	Tue Feb 25 03:22:59 2020	(r527062)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1581434283
-SHA256 (opensmtpd-6.6.3p1.tar.gz) = 9ef7c0eb7ffc5c84dca7651cec69bd7b180014cd5227f6dbc7a303eaa9d41eb7
-SIZE (opensmtpd-6.6.3p1.tar.gz) = 787196
+TIMESTAMP = 1582566329
+SHA256 (opensmtpd-6.6.4p1.tar.gz) = e2f9962a6b99b3cc1572b63a10db648fdca4ad2b58079b680b4202cc7c82d7cf
+SIZE (opensmtpd-6.6.4p1.tar.gz) = 790754

Modified: branches/2020Q1/mail/opensmtpd/pkg-plist
==============================================================================
--- branches/2020Q1/mail/opensmtpd/pkg-plist	Tue Feb 25 03:20:58 2020	(r527061)
+++ branches/2020Q1/mail/opensmtpd/pkg-plist	Tue Feb 25 03:22:59 2020	(r527062)
@@ -8,7 +8,7 @@ libexec/opensmtpd/mail.maildir
 libexec/opensmtpd/mail.mboxfile
 libexec/opensmtpd/mail.mda
 %%TABLE_DB%%libexec/opensmtpd/makemap
-@(,,2555) sbin/smtpctl
+@(,_smtpq,2555) sbin/smtpctl
 sbin/smtpd
 man/man1/smtp.1.gz
 man/man5/aliases.5.gz