Date: Fri, 31 Jan 2020 09:37:27 +0000 (UTC) From: Dima Panov <fluffy@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r524685 - branches/2020Q1/mail/opensmtpd Message-ID: <202001310937.00V9bRmN093577@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: fluffy Date: Fri Jan 31 09:37:27 2020 New Revision: 524685 URL: https://svnweb.freebsd.org/changeset/ports/524685 Log: MFH: r524529 mail/opensmtpd: update to 6.6.2p1 relase This update addressed LPE and RCE vulnerabilities in OpenSMTPD (CVE-2020-7247) https://www.openwall.com/lists/oss-security/2020/01/28/3 This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root: - either locally, in OpenSMTPD's default configuration (which listens on the loopback interface and only accepts mail from localhost); - or locally and remotely, in OpenSMTPD's "uncommented" default configuration (which listens on all interfaces and accepts external mail). PR: 243686 Reported by: authors via irc Relnotes: https://www.mail-archive.com/misc@opensmtpd.org/msg04850.html Security: CVE-2020-7247 Security: 08f5c27d-4326-11ea-af8b-00155d0a0200 Approved by: ports-secteam (blanket, security issue) Modified: branches/2020Q1/mail/opensmtpd/Makefile branches/2020Q1/mail/opensmtpd/distinfo Directory Properties: branches/2020Q1/ (props changed) Modified: branches/2020Q1/mail/opensmtpd/Makefile ============================================================================== --- branches/2020Q1/mail/opensmtpd/Makefile Fri Jan 31 09:31:02 2020 (r524684) +++ branches/2020Q1/mail/opensmtpd/Makefile Fri Jan 31 09:37:27 2020 (r524685) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= opensmtpd -PORTVERSION= 6.6.1 +PORTVERSION= 6.6.2 DISTVERSIONSUFFIX= p1 PORTEPOCH= 1 PORTREVISION= 0 Modified: branches/2020Q1/mail/opensmtpd/distinfo ============================================================================== --- branches/2020Q1/mail/opensmtpd/distinfo Fri Jan 31 09:31:02 2020 (r524684) +++ branches/2020Q1/mail/opensmtpd/distinfo Fri Jan 31 09:37:27 2020 (r524685) @@ -1,3 +1,3 @@ -TIMESTAMP = 1573040217 -SHA256 (opensmtpd-6.6.1p1.tar.gz) = eb1bedbfb23d9f08f509d92d8efcaf51d56fb2f44492f40ec059d41124a2f1d9 -SIZE (opensmtpd-6.6.1p1.tar.gz) = 776538 +TIMESTAMP = 1580264944 +SHA256 (opensmtpd-6.6.2p1.tar.gz) = 63b811aca56861108bb72f16fcbbf32f1af71e77b8996a9a5654b6a18915df9a +SIZE (opensmtpd-6.6.2p1.tar.gz) = 777422
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202001310937.00V9bRmN093577>