diff options
author | Dima Panov <fluffy@FreeBSD.org> | 2020-02-25 03:22:59 +0000 |
---|---|---|
committer | Dima Panov <fluffy@FreeBSD.org> | 2020-02-25 03:22:59 +0000 |
commit | 8dfa9bdf81a5be1335ff9f6e3b30d1e4d23e43dc (patch) | |
tree | 3a7a0e8527723195fe4236f48d01aabb39944506 | |
parent | 5a3400175f5d84bd99c924bf2b87cdc455f6248e (diff) | |
download | ports-8dfa9bdf81a5be1335ff9f6e3b30d1e4d23e43dc.tar.gz ports-8dfa9bdf81a5be1335ff9f6e3b30d1e4d23e43dc.zip |
MFH: r527012
mail/opensmtpd: update to 6.6.4p1 security releaase
SECURITY RELEASE
An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.
Approved by: ports-secteam (joneum)
Security: CVE-2020-8793, CVE-2020-8794
Notes
Notes:
svn path=/branches/2020Q1/; revision=527062
-rw-r--r-- | mail/opensmtpd/Makefile | 7 | ||||
-rw-r--r-- | mail/opensmtpd/distinfo | 6 | ||||
-rw-r--r-- | mail/opensmtpd/pkg-plist | 2 |
3 files changed, 9 insertions, 6 deletions
diff --git a/mail/opensmtpd/Makefile b/mail/opensmtpd/Makefile index eaa992b11e8b..af5fc866ed74 100644 --- a/mail/opensmtpd/Makefile +++ b/mail/opensmtpd/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= opensmtpd -PORTVERSION= 6.6.3 +PORTVERSION= 6.6.4 DISTVERSIONSUFFIX= p1 PORTEPOCH= 1 PORTREVISION= 0 @@ -55,7 +55,10 @@ TABLE_DB_CONFIGURE_WITH= table-db CONFIGURE_ARGS+= --with-libasr=${LOCALBASE} \ --with-libevent=${LOCALBASE} \ - --sysconfdir=${PREFIX}/etc/mail/ + --sysconfdir=${PREFIX}/etc/mail/ \ + --with-user-smtpd=_smtpd \ + --with-user-queue=_smtpq \ + --with-group-queue=_smtpq .include <bsd.port.pre.mk> diff --git a/mail/opensmtpd/distinfo b/mail/opensmtpd/distinfo index b73b1d54e9d8..3dce126e5263 100644 --- a/mail/opensmtpd/distinfo +++ b/mail/opensmtpd/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1581434283 -SHA256 (opensmtpd-6.6.3p1.tar.gz) = 9ef7c0eb7ffc5c84dca7651cec69bd7b180014cd5227f6dbc7a303eaa9d41eb7 -SIZE (opensmtpd-6.6.3p1.tar.gz) = 787196 +TIMESTAMP = 1582566329 +SHA256 (opensmtpd-6.6.4p1.tar.gz) = e2f9962a6b99b3cc1572b63a10db648fdca4ad2b58079b680b4202cc7c82d7cf +SIZE (opensmtpd-6.6.4p1.tar.gz) = 790754 diff --git a/mail/opensmtpd/pkg-plist b/mail/opensmtpd/pkg-plist index 001970f94371..7ddf01b07681 100644 --- a/mail/opensmtpd/pkg-plist +++ b/mail/opensmtpd/pkg-plist @@ -8,7 +8,7 @@ libexec/opensmtpd/mail.maildir libexec/opensmtpd/mail.mboxfile libexec/opensmtpd/mail.mda %%TABLE_DB%%libexec/opensmtpd/makemap -@(,,2555) sbin/smtpctl +@(,_smtpq,2555) sbin/smtpctl sbin/smtpd man/man1/smtp.1.gz man/man5/aliases.5.gz |