Date: Fri, 2 Mar 2007 20:57:12 +0100 (CET) From: Martin Matuska <martin@matuska.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/109766: [PATCH] security/amavisd-new bugfix Message-ID: <20070302195712.756563F431@mail.vx.sk> Resent-Message-ID: <200703022000.l22K0CLR059815@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 109766
>Category: ports
>Synopsis: [PATCH] security/amavisd-new bugfix
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Mar 02 20:00:12 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Martin Matuska
>Release: FreeBSD 6.2-RELEASE
>Organization:
>Environment:
System: FreeBSD 6.2-RELEASE i386 and amd64
>Description:
sbin/amavisd uses the 'file' utility.
Path to this utility is specified in sbin/amavisd as 'file'.
This can be dangerous as it is searched in all of PATH.
The patch fixes this by replacing 'file' with
contents of ${FILE} from bsd.port.mk.
>How-To-Repeat:
>Fix:
diff -Nbur security/amavisd-new.orig/Makefile security/amavisd-new/Makefile
--- security/amavisd-new.orig/Makefile Fri Mar 2 20:38:46 2007
+++ security/amavisd-new/Makefile Fri Mar 2 20:43:08 2007
@@ -210,7 +210,8 @@
@${REINPLACE_CMD} "s|/var/amavis/db|${AMAVISDIR}/db|" ${WRKSRC}/amavisd-nanny
@${REINPLACE_CMD} "s|#define HAVE_MKTEMP|#undef HAVE_MKTEMP|" \
${WRKSRC}/helper-progs/config.h.in
- @${REINPLACE_CMD} "s|/etc/amavisd.conf|${PREFIX}/etc/amavisd.conf|" \
+ @${REINPLACE_CMD} -e "s|/etc/amavisd.conf|${PREFIX}/etc/amavisd.conf|" \
+ -e "s|\$$file = 'file'|\$$file = '${FILE}'|" \
${WRKSRC}/amavisd
.if defined(AMAVIS_NOAMAVIS)
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070302195712.756563F431>