FreeBSD Bugzilla – Attachment 214690 Details for
Bug 245010
mail/qmail: Fixes CVE-2005-1513 to CVE-2005-1513, mail/qmail-tls and mail/qmail: Update TLS patch
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Fixes three remotely exploitable CVE
qmail-two-cve+tls.patch (text/plain), 4.24 KB, created by
Dirk Engling
on 2020-05-20 11:11:27 UTC
(
hide
)
Description:
Fixes three remotely exploitable CVE
Filename:
MIME Type:
Creator:
Dirk Engling
Created:
2020-05-20 11:11:27 UTC
Size:
4.24 KB
patch
obsolete
>diff -Nru /usr/ports/mail/qmail/distinfo qmail/distinfo >--- /usr/ports/mail/qmail/distinfo 2018-12-11 14:21:18.000000000 +0100 >+++ qmail/distinfo 2020-05-20 12:01:53.014797000 +0200 >@@ -1,4 +1,4 @@ >-TIMESTAMP = 1485784051 >+TIMESTAMP = 1584978462 > SHA256 (qmail/qmail-1.03.tar.gz) = 21ed6c562cbb55092a66197c35c8222b84115d1acab0854fdb1ad1f301626f88 > SIZE (qmail/qmail-1.03.tar.gz) = 220668 > SHA256 (qmail/netqmail-1.06.tar.gz) = 8e7d98d15211fc9f9c28109e942e2268f42a6672d68df92a42f2afa90ff00532 >@@ -47,8 +47,8 @@ > SIZE (qmail/netqmail-mysql-1.1.15.patch) = 61635 > SHA256 (qmail/spamcontrol-2731.tgz) = 24a9c0af8f405ae6bcc4038fd1fc1ea12d5e5c54642e105fd9f0790593128b71 > SIZE (qmail/spamcontrol-2731.tgz) = 179422 >-SHA256 (qmail/netqmail-1.06-tls-20160918.patch) = f41d4cca8c9603bfcdbd97d46654f49ad736d8d2f43032305096da80cc7e876a >-SIZE (qmail/netqmail-1.06-tls-20160918.patch) = 50082 >+SHA256 (qmail/netqmail-1.06-tls-20200107.patch) = 4230ffe10d58f9ded8f28f0d226e1cb1fa4e21321f7e8584388c52c4dd0f83b3 >+SIZE (qmail/netqmail-1.06-tls-20200107.patch) = 52188 > SHA256 (qmail/qmail-smtpd-auth-0.31.tar.gz) = 1b439fa7e128de13fa80b86883f61a39d17b87b7e8916b6a0eab065bbe49b938 > SIZE (qmail/qmail-smtpd-auth-0.31.tar.gz) = 8798 > SHA256 (qmail/qmail-smtpd-auth-close3.patch) = d933e871261d6740cebe5c21cad81146525cfe06a464e277979f61c1242b5ad4 >diff -Nru /usr/ports/mail/qmail/files/patch-alloc.c qmail/files/patch-alloc.c >--- /usr/ports/mail/qmail/files/patch-alloc.c 1970-01-01 01:00:00.000000000 +0100 >+++ qmail/files/patch-alloc.c 2020-05-20 12:01:11.597378000 +0200 >@@ -0,0 +1,19 @@ >+diff -r -u a/alloc.c b/alloc.c >+--- alloc.c 1998-06-15 03:53:16.000000000 -0700 >++++ alloc.c 2020-05-04 16:43:32.923310325 -0700 >+@@ -1,3 +1,4 @@ >++#include <limits.h> >+ #include "alloc.h" >+ #include "error.h" >+ extern char *malloc(); >+@@ -15,6 +16,10 @@ >+ unsigned int n; >+ { >+ char *x; >++ if (n >= (INT_MAX >> 3)) { >++ errno = error_nomem; >++ return 0; >++ } >+ n = ALIGNMENT + n - (n & (ALIGNMENT - 1)); /* XXX: could overflow */ >+ if (n <= avail) { avail -= n; return space + avail; } >+ x = malloc(n); >diff -Nru /usr/ports/mail/qmail/files/qmailsend.in qmail/files/qmailsend.in >--- /usr/ports/mail/qmail/files/qmailsend.in 2016-06-25 16:44:04.000000000 +0200 >+++ qmail/files/qmailsend.in 2020-05-20 12:04:24.916872000 +0200 >@@ -41,8 +41,8 @@ > > qmailsend_start() { > case ${qmailsend_delivery} in >- maildir) command_args='./Maildir/';; >- mailbox) command_args='./Mailbox';; >+ maildir) command_args=./Maildir/;; >+ mailbox) command_args=./Mailbox;; > proc) command_args='|preline procmail';; > V7) command_args='|preline -f /bin/mail -f "${SENDER:-MAILER-DAEMON}" -d "$USER"';; > SVR4) command_args='|preline -f /bin/mail -r "${SENDER:-MAILER-DAEMON}" -d "$USER"';; >diff -Nru /usr/ports/mail/qmail/Makefile qmail/Makefile >--- /usr/ports/mail/qmail/Makefile 2019-02-11 19:36:20.000000000 +0100 >+++ qmail/Makefile 2020-05-20 12:54:20.500096000 +0200 >@@ -3,7 +3,7 @@ > > PORTNAME= ${QMAIL_PORTNAME} > PORTVERSION?= ${QMAIL_VERSION} >-PORTREVISION?= 4 >+PORTREVISION?= 5 > CATEGORIES= mail > MASTER_SITES+= QMAIL > DISTNAME= ${PORTNAME}-${QMAIL_VERSION} >@@ -384,10 +384,6 @@ > > .include <bsd.port.options.mk> > >-.if defined(SLAVE_TLS) && ${OPSYS} == FreeBSD && ${OSVERSION} >= 1200000 >-EXTRA_PATCHES+= ${FILESDIR}/netqmail-1.06-tls-20160918-freebsd-12.patch >-.endif >- > .if ${ARCH} == "amd64" && !defined(SLAVE_LDAP) \ > && !defined(SLAVE_SPAMCONTROL) > EXTRA_PATCHES+= ${FILESDIR}/extra-patch-amd64 >diff -ru /usr/ports/mail/qmail-tls/Makefile qmail-tls/Makefile >--- /usr/ports/mail/qmail-tls/Makefile 2019-01-31 11:59:22.000000000 +0100 >+++ qmail-tls/Makefile 2020-05-20 12:54:42.157248000 +0200 >@@ -3,7 +3,7 @@ > > PORTNAME= qmail > PORTVERSION= ${QMAIL_VERSION}.${TLS_PATCH_DATE} >-PORTREVISION= 2 >+PORTREVISION= 3 > CATEGORIES= mail > PKGNAMESUFFIX= -tls > >@@ -13,7 +13,7 @@ > > SLAVE_TLS= yes > >-TLS_PATCH_DATE= 20160918 >+TLS_PATCH_DATE= 20200107 > > USES= ssl > >diff -ru /usr/ports/mail/qmail-mysql/Makefile qmail-mysql/Makefile >--- /usr/ports/mail/qmail-mysql/Makefile 2019-11-15 11:12:08.000000000 +0100 >+++ qmail-mysql/Makefile 2020-05-20 13:06:08.750953000 +0200 >@@ -3,7 +3,7 @@ > > PORTNAME= qmail > PORTVERSION= ${QMAIL_VERSION}.${MYSQL_PATCH_VERSION} >-PORTREVISION= 1 >+PORTREVISION= 2 > CATEGORIES= mail > PKGNAMESUFFIX= -mysql >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=214690">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
erdgeist
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 245010
:
212650
|
214688
|
214689
| 214690 |
214822
|
214823