Bug 42562

Summary: mail/zmailer
Product: Ports & Packages Reporter: Tilman Linneweh <tilman>
Component: Individual Port(s)Assignee: freebsd-ports (Nobody) <ports>
Status: Closed FIXED    
Severity: Affects Only Me CC: nectar
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Tilman Linneweh 2002-09-08 22:10:04 UTC 
	Two weeks ago nectar commited patch-smtpserver::smtpcmds.c to this port.
	Commitlog says it should fix a potential remote buffer overflow.

	nectar probably grabbed this patch from Bugtraq and committed it 
	without testing.

	Problem: The Patch is against  2.99.55. The FreeBSD port is at version
	2.99.51. So the patch did not apply.

	Version 2.99.51 doesn't contain the piece of buggy code, the patch wants	fix.

Fix: 

Easy fix:
	Remove patch-smtpserver::smtpcmds.c from Repository

	Difficult Fix:
	Update the port to the latest version, so that the patch applies.
How-To-Repeat: 	take a look at bento's errorlog
Comment 1 Jacques Vidrine freebsd_committer freebsd_triage 2002-09-09 01:04:53 UTC 
On Sun, Sep 08, 2002 at 11:09:35PM +0200, Tilman Linneweh wrote:
> >Description:
>
>       Two weeks ago nectar commited patch-smtpserver::smtpcmds.c to
>       this port.  Commitlog says it should fix a potential remote
>       buffer overflow.
>
>       nectar probably grabbed this patch from Bugtraq and committed
>       it without testing.

No, I derived the (trivial) fix myself and tested it.  The problem is
simply that I generated the patch reversed ... thanks for catching!
I've fixed it now.

>       Problem: The Patch is against 2.99.55. The FreeBSD port is at
>       version 2.99.51. So the patch did not apply.
>
>       Version 2.99.51 doesn't contain the piece of buggy code, the
>       patch wants fix.

Maybe you are thinking of some other issue?  The issue I fixed was
found in 2.99.51 by 3APA3A and was not reported to bugtraq at the time
that I was notified.

Cheers,
-- 
Jacques A. Vidrine <nectar@celabo.org>          http://www.celabo.org/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se
Comment 2 Tilman Linneweh 2002-09-09 01:11:14 UTC 
* "Jacques A. Vidrine" <nectar@FreeBSD.org> [Sun, 8 Sep 2002 19:04:53 -0500]:
> >       Two weeks ago nectar commited patch-smtpserver::smtpcmds.c to
> >       this port.  Commitlog says it should fix a potential remote
> >       buffer overflow.
> >
> >       nectar probably grabbed this patch from Bugtraq and committed
> >       it without testing.
> 
> No, I derived the (trivial) fix myself and tested it.  The problem is
> simply that I generated the patch reversed ... thanks for catching!
> I've fixed it now.

Thanks.

> >       Problem: The Patch is against 2.99.55. The FreeBSD port is at
> >       version 2.99.51. So the patch did not apply.
> >
> >       Version 2.99.51 doesn't contain the piece of buggy code, the
> >       patch wants fix.
>
> Maybe you are thinking of some other issue?  The issue I fixed was
> found in 2.99.51 by 3APA3A and was not reported to bugtraq at the time
> that I was notified.

No, i was just guessing too much, I don't have two weeks archive of Bugtraq in
my brain :)

regards
arved
Comment 3 Jacques Vidrine freebsd_committer freebsd_triage 2002-09-09 14:14:55 UTC 
State Changed
From-To: open->closed

patch was reversed.  this has been fixed.