Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 31 Jan 2020 09:37:27 +0000 (UTC)
From:      Dima Panov <fluffy@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r524685 - branches/2020Q1/mail/opensmtpd
Message-ID:  <202001310937.00V9bRmN093577@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: fluffy
Date: Fri Jan 31 09:37:27 2020
New Revision: 524685
URL: https://svnweb.freebsd.org/changeset/ports/524685

Log:
  MFH: r524529
  
  mail/opensmtpd: update to 6.6.2p1 relase
  
  This update addressed LPE and RCE vulnerabilities in OpenSMTPD (CVE-2020-7247)
  https://www.openwall.com/lists/oss-security/2020/01/28/3
  
  This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch
  smtpd to new grammar") and allows an attacker to execute arbitrary shell
  commands, as root:
  
  - either locally, in OpenSMTPD's default configuration (which listens on
    the loopback interface and only accepts mail from localhost);
  
  - or locally and remotely, in OpenSMTPD's "uncommented" default
    configuration (which listens on all interfaces and accepts external
    mail).
  
  PR:		243686
  Reported by:	authors via irc
  Relnotes:	https://www.mail-archive.com/misc@opensmtpd.org/msg04850.html
  Security:	CVE-2020-7247
  Security:	08f5c27d-4326-11ea-af8b-00155d0a0200
  
  Approved by:	ports-secteam (blanket, security issue)

Modified:
  branches/2020Q1/mail/opensmtpd/Makefile
  branches/2020Q1/mail/opensmtpd/distinfo
Directory Properties:
  branches/2020Q1/   (props changed)

Modified: branches/2020Q1/mail/opensmtpd/Makefile
==============================================================================
--- branches/2020Q1/mail/opensmtpd/Makefile	Fri Jan 31 09:31:02 2020	(r524684)
+++ branches/2020Q1/mail/opensmtpd/Makefile	Fri Jan 31 09:37:27 2020	(r524685)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	opensmtpd
-PORTVERSION=	6.6.1
+PORTVERSION=	6.6.2
 DISTVERSIONSUFFIX=	p1
 PORTEPOCH=	1
 PORTREVISION=	0

Modified: branches/2020Q1/mail/opensmtpd/distinfo
==============================================================================
--- branches/2020Q1/mail/opensmtpd/distinfo	Fri Jan 31 09:31:02 2020	(r524684)
+++ branches/2020Q1/mail/opensmtpd/distinfo	Fri Jan 31 09:37:27 2020	(r524685)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1573040217
-SHA256 (opensmtpd-6.6.1p1.tar.gz) = eb1bedbfb23d9f08f509d92d8efcaf51d56fb2f44492f40ec059d41124a2f1d9
-SIZE (opensmtpd-6.6.1p1.tar.gz) = 776538
+TIMESTAMP = 1580264944
+SHA256 (opensmtpd-6.6.2p1.tar.gz) = 63b811aca56861108bb72f16fcbbf32f1af71e77b8996a9a5654b6a18915df9a
+SIZE (opensmtpd-6.6.2p1.tar.gz) = 777422



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202001310937.00V9bRmN093577>