Date: Tue, 25 Feb 2020 03:23:00 +0000 (UTC) From: Dima Panov <fluffy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r527062 - branches/2020Q1/mail/opensmtpd Message-ID: <202002250323.01P3N0Kp026553@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: fluffy Date: Tue Feb 25 03:22:59 2020 New Revision: 527062 URL: https://svnweb.freebsd.org/changeset/ports/527062 Log: MFH: r527012 mail/opensmtpd: update to 6.6.4p1 security releaase SECURITY RELEASE An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. Approved by: ports-secteam (joneum) Security: CVE-2020-8793, CVE-2020-8794 Modified: branches/2020Q1/mail/opensmtpd/Makefile branches/2020Q1/mail/opensmtpd/distinfo branches/2020Q1/mail/opensmtpd/pkg-plist Directory Properties: branches/2020Q1/ (props changed) Modified: branches/2020Q1/mail/opensmtpd/Makefile ============================================================================== --- branches/2020Q1/mail/opensmtpd/Makefile Tue Feb 25 03:20:58 2020 (r527061) +++ branches/2020Q1/mail/opensmtpd/Makefile Tue Feb 25 03:22:59 2020 (r527062) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= opensmtpd -PORTVERSION= 6.6.3 +PORTVERSION= 6.6.4 DISTVERSIONSUFFIX= p1 PORTEPOCH= 1 PORTREVISION= 0 @@ -55,7 +55,10 @@ TABLE_DB_CONFIGURE_WITH= table-db CONFIGURE_ARGS+= --with-libasr=${LOCALBASE} \ --with-libevent=${LOCALBASE} \ - --sysconfdir=${PREFIX}/etc/mail/ + --sysconfdir=${PREFIX}/etc/mail/ \ + --with-user-smtpd=_smtpd \ + --with-user-queue=_smtpq \ + --with-group-queue=_smtpq .include <bsd.port.pre.mk> Modified: branches/2020Q1/mail/opensmtpd/distinfo ============================================================================== --- branches/2020Q1/mail/opensmtpd/distinfo Tue Feb 25 03:20:58 2020 (r527061) +++ branches/2020Q1/mail/opensmtpd/distinfo Tue Feb 25 03:22:59 2020 (r527062) @@ -1,3 +1,3 @@ -TIMESTAMP = 1581434283 -SHA256 (opensmtpd-6.6.3p1.tar.gz) = 9ef7c0eb7ffc5c84dca7651cec69bd7b180014cd5227f6dbc7a303eaa9d41eb7 -SIZE (opensmtpd-6.6.3p1.tar.gz) = 787196 +TIMESTAMP = 1582566329 +SHA256 (opensmtpd-6.6.4p1.tar.gz) = e2f9962a6b99b3cc1572b63a10db648fdca4ad2b58079b680b4202cc7c82d7cf +SIZE (opensmtpd-6.6.4p1.tar.gz) = 790754 Modified: branches/2020Q1/mail/opensmtpd/pkg-plist ============================================================================== --- branches/2020Q1/mail/opensmtpd/pkg-plist Tue Feb 25 03:20:58 2020 (r527061) +++ branches/2020Q1/mail/opensmtpd/pkg-plist Tue Feb 25 03:22:59 2020 (r527062) @@ -8,7 +8,7 @@ libexec/opensmtpd/mail.maildir libexec/opensmtpd/mail.mboxfile libexec/opensmtpd/mail.mda %%TABLE_DB%%libexec/opensmtpd/makemap -@(,,2555) sbin/smtpctl +@(,_smtpq,2555) sbin/smtpctl sbin/smtpd man/man1/smtp.1.gz man/man5/aliases.5.gz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002250323.01P3N0Kp026553>