Date: Thu, 8 May 2014 16:38:51 +0000 (UTC) From: Paul J Murphy <paul@inetstat.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: gabor@FreeBSD.org Subject: ports/189479: [PATCH] security/amavisd-new: update to 2.8.1,1 Message-ID: <20140508163851.85D03D78A0@srv00.inetstat.net> Resent-Message-ID: <201405081640.s48Ge0U0037689@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 189479 >Category: ports >Synopsis: [PATCH] security/amavisd-new: update to 2.8.1,1 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu May 08 16:40:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Paul J Murphy >Release: FreeBSD 10.0-RELEASE-p2 amd64 >Organization: iNetStat.net >Environment: System: FreeBSD srv00.inetstat.net 10.0-RELEASE-p2 FreeBSD 10.0-RELEASE-p2 #0 r265140: Wed Apr 30 12:18:59 UTC >Description: - Update to 2.8.1,1 (v2.8.1 was released on June 28, 2013) - 2.8.0 has a nasty sounding bug which can cause silent loss of messages http://www.amavis.org/release-notes.txt says for 2.8.1: ... - fixed a bug in the SMTP client code, where the final SMTP status did not reflect a failure status of a DATA command from a back-end MTA. This caused a reception of a mail message to be confirmed but a message was then lost, as it could not be passed to a back-end MTA. The bug went unnoticed for years, as the commonly used MTAs normally reject either at the MAIL FROM, at RCPT TO, or at the data-dot stage, but not at the DATA command. Reported by Deniska-rediska; ... Depends versions updated according to the obvious changes in the docs, but it's possible that I may not have caught them all. The original docs are also vague in places over minimum versions, lots of refs to "latest" or similar. It seems to work nicely enough on 10.0 with all relevant ports up to date with their stable branches/releases. Depends version for "file" checked for the inconsistency between the comment and the rule (> vs. >=). According to info on the web, 4.21 should be the fix for the security hole in 4.20 and earlier - i.e. the rule was correct, but the comment was wrong. Port maintainer (gabor@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 1.02 (mode: update, diff: SVN) >How-To-Repeat: >Fix: --- amavisd-new-2.8.1.patch begins here --- Index: Makefile =================================================================== --- Makefile (revision 353329) +++ Makefile (working copy) @@ -1,8 +1,8 @@ # $FreeBSD$ PORTNAME= amavisd-new -PORTVERSION= 2.8.0 -PORTREVISION= 2 +PORTVERSION= 2.8.1 +PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= http://www.ijs.si/software/amavisd/ \ @@ -18,11 +18,11 @@ p5-MIME-Tools>=0:${PORTSDIR}/mail/p5-MIME-Tools \ p5-Convert-TNEF>=0:${PORTSDIR}/converters/p5-Convert-TNEF \ p5-Convert-UUlib>=1.08,1:${PORTSDIR}/converters/p5-Convert-UUlib \ - p5-Archive-Zip>=0:${PORTSDIR}/archivers/p5-Archive-Zip \ - p5-Net-Server>=0.93:${PORTSDIR}/net/p5-Net-Server \ + p5-Archive-Zip>=1.14:${PORTSDIR}/archivers/p5-Archive-Zip \ + p5-Net-Server>=2.0:${PORTSDIR}/net/p5-Net-Server \ p5-Mail-DKIM>=0.33:${PORTSDIR}/mail/p5-Mail-DKIM -USES= perl5 +USES= perl5 tar:xz USE_PERL5= run NO_BUILD= yes @@ -135,7 +135,7 @@ .endif .if ${PORT_OPTIONS:MFILE} -# security fix, file > 4.21 needed +# security fix, file >= 4.21 needed RUN_DEPENDS+= file>=4.21:${PORTSDIR}/sysutils/file .endif Index: distinfo =================================================================== --- distinfo (revision 353329) +++ distinfo (working copy) @@ -1,2 +1,2 @@ -SHA256 (amavisd-new-2.8.0.tar.gz) = 342b805f58db667b099a85863328b3fdfe9c575a22ace119d541e5f12bee63ac -SIZE (amavisd-new-2.8.0.tar.gz) = 1007952 +SHA256 (amavisd-new-2.8.1.tar.xz) = 6e333a70adbd24ec52202700059fbf133e20b3c3bf5ec6f4bb10f9a2f25ea82e +SIZE (amavisd-new-2.8.1.tar.xz) = 731816 --- amavisd-new-2.8.1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140508163851.85D03D78A0>