Date: Tue, 26 May 2009 14:58:03 GMT From: Michael Scheidell <scheidell@secnap.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/134964: update mail/p5-Mail-DKIM to 0.35. Fixes DOS condition in .033 Message-ID: <200905261458.n4QEw3Gb004902@www.freebsd.org> Resent-Message-ID: <200905261500.n4QF02pu060602@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 134964
>Category: ports
>Synopsis: update mail/p5-Mail-DKIM to 0.35. Fixes DOS condition in .033
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue May 26 15:00:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Michael Scheidell
>Release: 6.4/7.1
>Organization:
SECNAP Network Security
>Environment:
na
>Description:
Version 0.35 fixes a DOS (runaway memory usage) condition reported on amavisd-new users list, with patch provide by Mark Martinec, author of amavisd-new
>From ChangeLog
2009-05-22: Jason Long <jlong@messiah.edu>
* t/signer.t: add a test-case of a message with 10000's of blank
lines; this seems to DoS the canonicalization routines
* lib/Mail/DKIM/Canonicalization/{simple,relaxed,dk_simple}.pm:
fix for bug reported on amavis-user list, patch provided by
Mark Martinec. Thanks!
I am the port maintainer for p5-Mail-SpamAssassin and am going to make 0.35 a minimum dependency for that package as soon as this gets posted.
>How-To-Repeat:
see amavisd-new users list for sample.
from mailing list:
> So the process which tries to sign this message crashes after
> 11 minutes, running out of memory. It happens while Perl is
> evaluating the following regexp:
>
> s/((?:\015\012){2,})\z/\015\012/
Ugh!
>Fix:
upgrade to Mail-DKIM 0.35.
simple patches to Makefile and distfile.
no new dependencies or patches
diff -bBru /var/tmp/DKIM/ ./
diff -bBru /var/tmp/DKIM/Makefile ./Makefile
--- /var/tmp/DKIM/Makefile 2009-03-15 13:26:55.000000000 -0400
+++ ./Makefile 2009-05-26 10:43:39.000000000 -0400
@@ -6,7 +6,7 @@
#
PORTNAME= Mail-DKIM
-PORTVERSION= 0.33
+PORTVERSION= 0.35
CATEGORIES= mail perl5
MASTER_SITES= CPAN
PKGNAMEPREFIX= p5-
diff -bBru /var/tmp/DKIM/distinfo ./distinfo
--- /var/tmp/DKIM/distinfo 2009-03-15 13:26:55.000000000 -0400
+++ ./distinfo 2009-05-26 10:45:35.000000000 -0400
@@ -1,3 +1,3 @@
-MD5 (Mail-DKIM-0.33.tar.gz) = 09216a6544439c212efdd70e4bd106ca
-SHA256 (Mail-DKIM-0.33.tar.gz) = 3839a6aa5f665b551cbd3d1828645f43f38623a59baed68075b0cc1373a45b69
-SIZE (Mail-DKIM-0.33.tar.gz) = 75382
+MD5 (Mail-DKIM-0.35.tar.gz) = 7eca49dc2a3f6b1abd31c5d9f19beffe
+SHA256 (Mail-DKIM-0.35.tar.gz) = 1ee52a71ea2e735c4fc5a61a9af12f9cc1da0f3d76014fb7b9a5ff12aa3894c8
+SIZE (Mail-DKIM-0.35.tar.gz) = 81039
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905261458.n4QEw3Gb004902>