Date: Tue, 5 Mar 2002 22:07:09 -0800 (PST) From: John Merryweather Cooper <john_m_cooper@yahoo.com> To: FreeBSD-gnats-submit@freebsd.org Cc: tobez@freebsd.org Subject: ports/35582: [MAINTAINER UPDATE] update mail/libesmtp to 0.8.11 Message-ID: <200203060607.g26679Q77305@johncoop.MSHOME>
next in thread | raw e-mail | index | archive | help
>Number: 35582 >Category: ports >Synopsis: [MAINTAINER UPDATE] update mail/libesmtp to 0.8.11 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Mar 05 22:10:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: John Merryweather Cooper >Release: FreeBSD 4.5-STABLE i386 >Organization: >Environment: System: FreeBSD johncoop.MSHOME 4.5-STABLE FreeBSD 4.5-STABLE #7: Mon Mar 4 22:35:19 PST 2002 jmcoopr@johncoop.MSHOME:/usr/obj/usr/src/sys/JOHNCOOP i386 >Description: Updates libesmtp to version 0.8.11 * fixes a buffer-overflow security hole--from the author: A potential buffer overflow in libESMTP exists which could allow a malicious SMTP server to overrun the stack and attack the client application. Basically a multiline SMTP response where the accumulated text exceeds 4Kb will overrun the stack. AFAIK, the attack is not possible unless each line of the response is less than 1024 bytes long. * incorporates NTLM header patch >How-To-Repeat: N/A >Fix: --- update-libesmtp-0.8.11 begins here --- # This is a patch for libesmtp to update it to libesmtp.0.8.11 # # To apply this patch: # STEP 1: Chdir to the source directory. # STEP 2: Run the 'applypatch' program with this patch file as input. # # If you do not have 'applypatch', it is part of the 'makepatch' package # that you can fetch from the Comprehensive Perl Archive Network: # http://www.perl.com/CPAN/authors/Johan_Vromans/makepatch-x.y.tar.gz # In the above URL, 'x' should be 2 or higher. # # To apply this patch without the use of 'applypatch': # STEP 1: Chdir to the source directory. # If you have a decent Bourne-type shell: # STEP 2: Run the shell with this file as input. # If you don't have such a shell, you may need to manually delete # the files as shown below. # STEP 3: Run the 'patch' program with this file as input. # # These are the commands needed to create/delete files/directories: # rm -f 'files/patch-ntlm::ntlmstruct.c' # # This command terminates the shell and need not be executed manually. exit # #### End of Preamble #### #### Patch data follows #### diff -u 'libesmtp/Makefile' 'libesmtp.0.8.11/Makefile' Index: ./Makefile --- ./Makefile Sun Feb 24 11:22:58 2002 +++ ./Makefile Tue Mar 5 21:52:19 2002 @@ -2,10 +2,10 @@ # Date created: Sun Feb 21 2001 # Whom: tobez@tobez.org # -# $FreeBSD: ports/mail/libesmtp/Makefile,v 1.15 2002/02/13 04:44:19 ade Exp $ +# $FreeBSD$ PORTNAME= libesmtp -PORTVERSION= 0.8.10p1 +PORTVERSION= 0.8.11 CATEGORIES= mail MASTER_SITES= http://www.stafford.uklinux.net/libesmtp/ \ http://www.tobez.org/download/port-mirrors/mail/libesmtp/ \ diff -u 'libesmtp/distinfo' 'libesmtp.0.8.11/distinfo' Index: ./distinfo --- ./distinfo Sun Feb 24 11:22:58 2002 +++ ./distinfo Tue Mar 5 21:52:34 2002 @@ -1 +1 @@ -MD5 (libesmtp-0.8.10p1.tar.bz2) = d3958b7cc564df094d204fcced2f74cd +MD5 (libesmtp-0.8.11.tar.bz2) = 212aa496d62d030f919e6506f14a0d72 #### End of Patch data #### #### ApplyPatch data follows #### # Data version : 1.0 # Date generated : Tue Mar 5 21:54:27 2002 # Generated by : makepatch 2.00 # Recurse directories : Yes # r 'files/patch-ntlm::ntlmstruct.c' 291 0 # p 'Makefile' 1244 1015393939 0100644 # p 'distinfo' 67 1015393954 0100644 #### End of ApplyPatch data #### #### End of Patch kit [created: Tue Mar 5 21:54:27 2002] #### #### Checksum: 66 2323 49098 #### --- update-libesmtp-0.8.11 ends here --- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203060607.g26679Q77305>