author: Gabor Kovesdan <gabor@FreeBSD.org> 2009-02-23 11:53:09 +0000
committer: Gabor Kovesdan <gabor@FreeBSD.org> 2009-02-23 11:53:09 +0000
commit: 54139a71e7b6ecd2ef5dcf533ee6f324dbba2b9f (patch)
tree: e3867a6eec1c88f31c7bdcdf84420db36700fbad /security/amavisd-new
parent: a4ec736db601537cdddf017a9564b1077f84892a (diff)
download: ports-54139a71e7b6ecd2ef5dcf533ee6f324dbba2b9f.tar.gz
ports-54139a71e7b6ecd2ef5dcf533ee6f324dbba2b9f.zip
3 files changed, 140 insertions, 1 deletions
diff --git a/security/amavisd-new/Makefile b/security/amavisd-new/Makefile
index 3008a6185cd2..7801139fc3d2 100644
--- a/security/amavisd-new/Makefile
+++ b/security/amavisd-new/Makefile
@@ -9,6 +9,7 @@
 PORTNAME=	amavisd-new
 PORTVERSION=	2.6.2
 PORTEPOCH=	1
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	http://www.ijs.si/software/amavisd/ \
 		http://mirrors.catpipe.net/amavisd-new/ \
@@ -26,7 +27,6 @@ RUN_DEPENDS=	${SITE_PERL}/${PERL_ARCH}/Unix/Syslog.pm:${PORTSDIR}/sysutils/p5-Un
 		${SITE_PERL}/Archive/Zip.pm:${PORTSDIR}/archivers/p5-Archive-Zip \
 		${SITE_PERL}/${PERL_ARCH}/Digest/MD5.pm:${PORTSDIR}/security/p5-Digest-MD5 \
 		${SITE_PERL}/${PERL_ARCH}/Time/HiRes.pm:${PORTSDIR}/devel/p5-Time-HiRes \
-		${SITE_PERL}/IO/Wrap.pm:${PORTSDIR}/devel/p5-IO-stringy \
 		${SITE_PERL}/IO/Socket/INET6.pm:${PORTSDIR}/net/p5-IO-INET6 \
 		p5-Net-Server>=0.93:${PORTSDIR}/net/p5-Net-Server \
 		p5-Mail-DKIM>=0.31:${PORTSDIR}/mail/p5-Mail-DKIM
diff --git a/security/amavisd-new/files/amavisd.sh.in b/security/amavisd-new/files/amavisd.sh.in
index 3a34ef3d40f6..1a49fa688400 100644
--- a/security/amavisd-new/files/amavisd.sh.in
+++ b/security/amavisd-new/files/amavisd.sh.in
@@ -22,6 +22,7 @@ rcvar=`set_rcvar`
 command=%%PREFIX%%/sbin/amavisd > /dev/null 2>&1
 pidfile=%%AMAVISDIR%%/amavisd.pid
 required_files=%%PREFIX%%/etc/amavisd.conf
+extra_commands="reload"
 
 start_precmd=start_precmd
 
@@ -31,6 +32,10 @@ start_precmd()
 {
 rm -rf %%AMAVISDIR%%/tmp/* %%AMAVISDIR%%/tmp/.* 2>/dev/null || true
 if [ ${amavisd_ram} ];then
+  echo "========================================================"
+  echo "WARNING: using ramdisk is reported to be unstable and"
+  echo "thus it is highly recommended to be turned off."
+  echo "========================================================"
   df %%AMAVISDIR%%/tmp |  grep '^/dev/md' > /dev/null
   if [ $? -eq 1 ];then
     mdmfs -M -s ${amavisd_ram} -p 750 -w %%AMAVISUSER%%:%%AMAVISGROUP%% md %%AMAVISDIR%%/tmp || true
diff --git a/security/amavisd-new/files/patch-amavisd b/security/amavisd-new/files/patch-amavisd
new file mode 100644
index 000000000000..efb4e33a2b45
--- /dev/null
+++ b/security/amavisd-new/files/patch-amavisd
@@ -0,0 +1,134 @@
+--- amavisd.orig	2008-12-15 01:50:09.000000000 +0100
++++ amavisd	2009-02-21 20:23:55.000000000 +0100
+@@ -1,4 +1,4 @@
+-#!/usr/bin/perl -T
++#!/usr/local/bin/perl -T
+ 
+ #------------------------------------------------------------------------------
+ # This is amavisd-new.
+@@ -7082,7 +7082,7 @@
+   @EXPORT_OK = qw(&mime_decode);
+   import Amavis::Conf qw(:platform c cr ca $MAXFILES);
+   import Amavis::Timing qw(section_time);
+-  import Amavis::Util qw(snmp_count ll do_log);
++  import Amavis::Util qw(snmp_count untaint ll do_log);
+   import Amavis::Unpackers::NewFilename qw(consumed_bytes);
+ }
+ use subs @EXPORT_OK;
+@@ -7104,7 +7104,8 @@
+       $newpart_obj->name_declared($pe_name);
+       my($newpart) = $newpart_obj->full_name;
+       my($outpart) = IO::File->new;
+-      $outpart->open($newpart, O_CREAT|O_EXCL|O_WRONLY, 0640)
++      # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
++      $outpart->open($newpart, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
+         or die "Can't create $pe_name file $newpart: $!";
+       binmode($outpart, ":bytes") or die "Can't cancel :utf8 mode: $!"
+         if $unicode_aware;
+@@ -13181,7 +13182,7 @@
+   Amavis::Lookup::RE->new(@$Amavis::Conf::map_full_type_to_short_type_re);
+ 
+ # default location of the config file if none specified
+-push(@config_files, '/etc/amavisd.conf')  if !@config_files;
++push(@config_files, '/usr/local/etc/amavisd.conf')  if !@config_files;
+ # Read and evaluate config files, which may override default settings
+ Amavis::Conf::include_config_files(@config_files);
+ Amavis::Conf::supply_after_defaults();
+@@ -18061,7 +18062,8 @@
+     else
+       { die "File $bsmtp_file_tmp exists??? Refuse to overwrite it, $!" }
+     $mp = IO::File->new;
+-    $mp->open($bsmtp_file_tmp, O_CREAT|O_EXCL|O_WRONLY, 0640)
++    # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
++    $mp->open($bsmtp_file_tmp, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
+       or die "Can't create BSMTP file $bsmtp_file_tmp: $!";
+     binmode($mp, ":bytes") or die "Can't set :bytes, $!"  if $unicode_aware;
+ 
+@@ -18177,7 +18179,7 @@
+   @ISA = qw(Exporter);
+   @EXPORT_OK = qw(&mail_to_local_mailbox);
+   import Amavis::Conf qw(:platform $quarantine_subdir_levels c cr ca);
+-  import Amavis::Util qw(ll do_log unique_list);
++  import Amavis::Util qw(ll do_log untaint unique_list);
+   import Amavis::Timing qw(section_time);
+   import Amavis::rfc2821_2822_Tools;
+   import Amavis::Out::EditHeader;
+@@ -18334,7 +18336,8 @@
+               or die "Can't create gzip file $mbxname: $!";
+           } else {
+             $mp = IO::File->new;
+-            $mp->open($mbxname, O_CREAT|O_EXCL|O_WRONLY, 0640)
++            # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
++            $mp->open($mbxname, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
+               or die "Can't create file $mbxname: $!";
+             binmode($mp, ":bytes") or die "Can't cancel :utf8 mode: $!"
+               if $unicode_aware;
+@@ -18346,7 +18349,8 @@
+             # file at the same time, one will tempfail at this point, with
+             # its mail delivery to be retried later by MTA
+             $mp = IO::File->new;
+-            $mp->open($mbxname, O_CREAT|O_EXCL|O_WRONLY, 0640)
++            # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
++            $mp->open($mbxname, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
+               or die "Can't create file $mbxname: $!";
+           } elsif ($errn==0 && !-f _) {
+             die "Mailbox $mbxname is not a regular file, refuse to deliver";
+@@ -18354,7 +18358,8 @@
+             die "Mailbox file $mbxname is executable, refuse to deliver";
+           } else {
+             $mp = IO::File->new;
+-            $mp->open($mbxname, O_APPEND|O_WRONLY, 0640)
++            # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
++            $mp->open($mbxname, untaint(O_APPEND|O_WRONLY), 0640)
+               or die "Can't append to $mbxname: $!";
+           }
+           binmode($mp, ":bytes") or die "Can't cancel :utf8 mode: $!"
+@@ -19178,7 +19183,7 @@
+         $q_to =~ s{^\Q$QUARANTINEDIR\E/}{};  # strip directory name
+       }
+       my($m_id) = $msginfo->get_header_field_body('message-id');
+-      $m_id = parse_message_id($m_id) if $m_id ne ''; # strip CFWS, take #1
++      $m_id = join(' ',parse_message_id($m_id))  if $m_id ne '';  # strip CFWS
+       my($subj) = $msginfo->get_header_field_body('subject');
+       my($from) = $msginfo->get_header_field_body('from');  # raw full field
+       my($rfc2822_from)   = $msginfo->rfc2822_from;  # undef, scalar or listref
+@@ -21931,7 +21936,8 @@
+                                      $part->base_name, $err_nm[$sts], $sts);
+         my($newpart) = $newpart_obj->full_name;
+         my($outpart) = IO::File->new;
+-        $outpart->open($newpart, O_CREAT|O_EXCL|O_WRONLY, 0640)
++        # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
++        $outpart->open($newpart, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
+           or die "Can't create file $newpart: $!";
+         binmode($outpart) or die "Can't set file $newpart to binmode: $!";
+         my($size) = 0;
+@@ -22047,7 +22053,8 @@
+   $newpart_obj->mime_placement($part->mime_placement."/1");
+   my($newpart) = $newpart_obj->full_name;
+   my($outpart) = IO::File->new;
+-  $outpart->open($newpart, O_CREAT|O_EXCL|O_WRONLY, 0640)
++  # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
++  $outpart->open($newpart, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
+     or die "Can't create file $newpart: $!";
+   binmode($outpart) or die "Can't set file $newpart to binmode: $!";
+   my($nbytes,$buff); my($size) = 0;
+@@ -22680,7 +22687,8 @@
+         $newpart_obj->name_declared([$a->name, $a->longname]);
+         my($newpart) = $newpart_obj->full_name;
+         my($outpart) = IO::File->new;
+-        $outpart->open($newpart, O_CREAT|O_EXCL|O_WRONLY, 0640)
++        # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
++        $outpart->open($newpart, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)
+           or die "Can't create file $newpart: $!";
+         binmode($outpart) or die "Can't set file $newpart to binmode: $!";
+         my($filepath) = $dh->path; my($size) = 0;
+@@ -22963,7 +22971,8 @@
+ sub run_command_copy($$$) {
+   my($outfile, $ifh, $pid) = @_;
+   my($ofh) = IO::File->new;
+-  $ofh->open($outfile, O_CREAT|O_EXCL|O_WRONLY, 0640)  # calls sysopen
++  # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502]
++  $ofh->open($outfile, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640)  # calls sysopen
+     or die "Can't create file $outfile: $!";
+   binmode($ofh) or die "Can't set file $outfile to binmode: $!";
+   binmode($ifh) or die "Can't set binmode on pipe: $!";
author	Gabor Kovesdan <gabor@FreeBSD.org>	2009-02-23 11:53:09 +0000
committer	Gabor Kovesdan <gabor@FreeBSD.org>	2009-02-23 11:53:09 +0000
commit	54139a71e7b6ecd2ef5dcf533ee6f324dbba2b9f (patch)
tree	e3867a6eec1c88f31c7bdcdf84420db36700fbad /security/amavisd-new
parent	a4ec736db601537cdddf017a9564b1077f84892a (diff)
download	ports-54139a71e7b6ecd2ef5dcf533ee6f324dbba2b9f.tar.gz ports-54139a71e7b6ecd2ef5dcf533ee6f324dbba2b9f.zip