Hi, We have been able to trigger a "croak" assertion in the code of Net::DNS by responding to the package with a malformed DNS response. The croak itself doesn't allow you to overflow or execute arbitrary code, but as it cannot be captured using normal Perl code - as with an eval() function for example - a user of the Net::DNS package can be caused to "crash", his program to forcefully terminate if it encounters this DNS response. The problem steams from the fact that: if ($self->{"rdlength"} > 0) { $self->{"address"} = inet_ntoa(substr($$data, $offset, 4)); } found in Net/DNS/RR/A.pm updated in 0.63. FreeBsd ports for p5-Net-DNS has been at 0.63 for 10 days. Patch just adjusts the dependency and bumps portrevision to trigger a rebuild based on dependencies (portupgrade -R p5-Mail-SpamAssassin) Fix: Fix bumps portrevision and dependency on p5-Net-DNS from 0.60 to 0.63 I would attach a patch, but for some reason, even if I do 'magic things' to the file, you don't like it: There is an error with your problem report submission. The problem was: Patch file has wrong content type: got application/x-download but was expecting one matching text/.* or application/shar. Try renaming the file to have a .txt extension to convince your browser to do the right thing. How-To-Repeat: 'croak' the DNS.
Responsible Changed From-To: freebsd-ports-bugs->beech I'll take it
beech 2008-03-28 19:03:13 UTC FreeBSD ports repository Modified files: mail/p5-Mail-SpamAssassin Makefile Log: - Fix bumps portrevision and dependency on p5-Net-DNS from 0.60 to 0.63 PR: ports/122162 Submitted by: Michael Scheidell <scheidell@secnap.net> (maintainer) Revision Changes Path 1.115 +2 -2 ports/mail/p5-Mail-SpamAssassin/Makefile _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed, Thanks!