Majordomo 1.94.5 is a security/bugfix release which has been available for a few months now, yet the FreeBSD majordomo port is still using 1.94.4.
Responsible Changed From-To: freebsd-ports->jfitz Over to MAINTAINER
klaus@winf.htu.at wrote: > > >Number: 17820 > >Description: > > Majordomo 1.94.5 is a security/bugfix release which has been > available for a few months now, yet the FreeBSD majordomo port > is still using 1.94.4. Mail to -ports and MAINTAINER on this topic went unanswered on 6 April. The attached patch upgrades the port. Oddly enough, the md5 checksum in cvs is for 1.94.5, so it doesn't need to be updated. I verified the PLIST for the update. I regenerated the patches that had fuzz or offsets. I also combined the patches from patch-sec1 that had individual patch files already if they had fuzz. That list is: patch-ac digest patch-ba archive2.pl patch-bh request_answer patch-bi resend Also, the following comment from my previous post applies: The one patch that needs to be changed is patch-sec1. In resend there is the following: @@ -56,7 +56,7 @@ if ($ARGV[0] =~ /^\@/) { $fn = shift(@ARGV); $fn =~ s/^@//; - open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped"); + sysopen(AV, $fn, O_RDONLY) || die("sysopen(AV, \"$fn\", O_RDONLY): $!\nStopped"); undef($/); # set input field separator $av = <AV>; # read whole file into string close(AV); This security concern seems to be adequately addressed in the new code: open(AV, "< $fn" ) || die("open(AV, \"< $fn\"): $!\nStopped");
State Changed From-To: open->closed Update committed, thanks!