Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 29 Jan 2020 02:55:05 +0000 (UTC)
From:      Dima Panov <fluffy@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r524529 - head/mail/opensmtpd
Message-ID:  <202001290255.00T2t5pF026501@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: fluffy
Date: Wed Jan 29 02:55:05 2020
New Revision: 524529
URL: https://svnweb.freebsd.org/changeset/ports/524529

Log:
  mil/opensmtpd: update to 6.6.2p1 relase
  
  This update addressed LPE and RCE vulnerabilities in OpenSMTPD (CVE-2020-7247)
  https://www.openwall.com/lists/oss-security/2020/01/28/3
  
  This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch
  smtpd to new grammar") and allows an attacker to execute arbitrary shell
  commands, as root:
  
  - either locally, in OpenSMTPD's default configuration (which listens on
    the loopback interface and only accepts mail from localhost);
  
  - or locally and remotely, in OpenSMTPD's "uncommented" default
    configuration (which listens on all interfaces and accepts external
    mail).
  
  PR:		243686
  Reported by:	authors via irc
  MFH:		2020Q1
  Relnotes:	https://www.mail-archive.com/misc@opensmtpd.org/msg04850.html

Modified:
  head/mail/opensmtpd/Makefile
  head/mail/opensmtpd/distinfo

Modified: head/mail/opensmtpd/Makefile
==============================================================================
--- head/mail/opensmtpd/Makefile	Wed Jan 29 02:51:59 2020	(r524528)
+++ head/mail/opensmtpd/Makefile	Wed Jan 29 02:55:05 2020	(r524529)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	opensmtpd
-PORTVERSION=	6.6.1
+PORTVERSION=	6.6.2
 DISTVERSIONSUFFIX=	p1
 PORTEPOCH=	1
 PORTREVISION=	0

Modified: head/mail/opensmtpd/distinfo
==============================================================================
--- head/mail/opensmtpd/distinfo	Wed Jan 29 02:51:59 2020	(r524528)
+++ head/mail/opensmtpd/distinfo	Wed Jan 29 02:55:05 2020	(r524529)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1573040217
-SHA256 (opensmtpd-6.6.1p1.tar.gz) = eb1bedbfb23d9f08f509d92d8efcaf51d56fb2f44492f40ec059d41124a2f1d9
-SIZE (opensmtpd-6.6.1p1.tar.gz) = 776538
+TIMESTAMP = 1580264944
+SHA256 (opensmtpd-6.6.2p1.tar.gz) = 63b811aca56861108bb72f16fcbbf32f1af71e77b8996a9a5654b6a18915df9a
+SIZE (opensmtpd-6.6.2p1.tar.gz) = 777422

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202001290255.00T2t5pF026501>