Bug 260594
| Summary: | mail/opendmarc: update to 1.4.2 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Dan Mahoney <freebsd> | ||||||
| Component: | Individual Port(s) | Assignee: | Mikael Urankar <mikael> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Many People | CC: | freebsd, mikael, philip, pi, ports-secteam | ||||||
| Priority: | Normal | Keywords: | needs-qa, security | ||||||
| Version: | Latest | Flags: | koobs:
merge-quarterly?
|
||||||
| Hardware: | amd64 | ||||||||
| OS: | Any | ||||||||
| See Also: |
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257582 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240505 |
||||||||
| Attachments: |
|
||||||||
Your patch doesn't apply, can you regen it? Created attachment 230361 [details]
New patch
Okay, I've attempted to regenerate this. Old opendmarc was renamed opendmarc.bak, new was just opendmarc, and ran diff -ruN opendmarc.bak opendmarc (as requested in the porter's handbook)
If it still won't apply, can you give me the output? This is my first attempt at this.
this deletes the files patch-opendmarc_opendmarc.c and patch-libopendmarc_tests_test__finddomain.c
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=9d3c1f8ac5801fa8c9d1bc2d79e15d68e0fbe46a commit 9d3c1f8ac5801fa8c9d1bc2d79e15d68e0fbe46a Author: Dan Mahoney <freebsd@gushi.org> AuthorDate: 2021-12-24 17:29:44 +0000 Commit: Mikael Urankar <mikael@FreeBSD.org> CommitDate: 2021-12-24 17:39:45 +0000 mail/opendmarc: Update to 1.4.2 - Update to 1.4.2 - Change master site to github - Resolve CVE-2021-34555 and many other CVEs PR: 260594 mail/opendmarc/Makefile | 12 +++++++----- mail/opendmarc/distinfo | 6 +++--- .../files/patch-libopendmarc_tests_test__finddomain.c (gone) | 10 ---------- mail/opendmarc/files/patch-opendmarc_opendmarc.c (gone) | 11 ----------- mail/opendmarc/pkg-plist | 2 +- 5 files changed, 11 insertions(+), 30 deletions(-) @Maintainer Given 240505 was committed end of 2019 and still remains without a vuxml entry, 1.4.1* resolves CVE's but bug 257582 was not resolved, and 1.4.2 resolves further security issues, can you please list here: Each/all versions from 1.3.2 onward, with a list of CVE's that apply/applied to each. This will assist us to get all vuxml entries for them addressed correctly. 1.4.0 contained the following CVEs: CVE-2019-16378 CVE-2019-20790 CVE-2020-12272 CVE-2020-12460 1.4.1 was released, and 1.4.1.1 was released shortly after because of a broken merge. (https://github.com/trusteddomainproject/OpenDMARC/releases/tag/rel-opendmarc-1-4-1-1) However, a use-after-free bug in 1.4.1.1 introduced CVE-2021-34555, which was fixed in 1.4.2. As far as I know, 1.4.0, 1.4.1, and 1.4.1.1 were never added to the ports tree. -Dan A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=06c4c6be864e07683365d9b1ecdb5de9e1f98ef2 commit 06c4c6be864e07683365d9b1ecdb5de9e1f98ef2 Author: Dan Mahoney <freebsd@gushi.org> AuthorDate: 2021-12-29 04:41:37 +0000 Commit: Philip Paeps <philip@FreeBSD.org> CommitDate: 2021-12-30 03:24:47 +0000 security/vuxml: OpenDMARC 1.4.1 vulnerability PR: 260594 security/vuxml/vuln-2021.xml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) |
Created attachment 230293 [details] recursive update patch I am the maintainer. Enclosed patch removes required patch files, updates base version to main, changes master site to github (which is the new site), as well as resolving CVE-2021-34555 and any other CVEs. Ran portlint and poudriere testport under i386 and amd64, runs clean. Logs are available at ISC's poudriere if need be.