cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update p5-Mail-SpamAssassin to 2.44; from MAINTAINER

Browse Source
This commit is contained in:
lebel 2003-02-03 20:28:24 +00:00
parent 5df393e8c0
commit b8665d4e54
4 changed files with 10 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
mail/p5-Mail-SpamAssassin/Makefile
View File

@ -1,9 +1,9 @@
# $OpenBSD: Makefile,v 1.16 2003/01/26 16:43:45 lebel Exp $
# $OpenBSD: Makefile,v 1.17 2003/02/03 20:28:24 lebel Exp $
COMMENT= "mailfilter to identify and mark spam"
DISTNAME= Mail-SpamAssassin-2.43
PKGNAME= p5-${DISTNAME}p1
DISTNAME= Mail-SpamAssassin-2.44
PKGNAME= p5-${DISTNAME}
CATEGORIES= mail perl5
HOMEPAGE= http://spamassassin.org

6
mail/p5-Mail-SpamAssassin/distinfo
View File

@ -1,3 +1,3 @@
MD5 (Mail-SpamAssassin-2.43.tar.gz) = b39d3b597f8e0abd13aa9da46c83f2d2
RMD160 (Mail-SpamAssassin-2.43.tar.gz) = 03ecaf5fbc77875a0281af2c691a1662de4528a3
SHA1 (Mail-SpamAssassin-2.43.tar.gz) = ffe0f4d80ab2367bb3df856ec777bafb6ac7616e
MD5 (Mail-SpamAssassin-2.44.tar.gz) = d4ecf16765c338cebf7554c6d0028a2f
RMD160 (Mail-SpamAssassin-2.44.tar.gz) = ffcb022a513b0f39d6a2c4f4c6024b178d8f71eb
SHA1 (Mail-SpamAssassin-2.44.tar.gz) = f5f1289b2ce29ff656f83c5f90908a6abf486606

33
mail/p5-Mail-SpamAssassin/patches/patch-spamd_libspamc_c
View File

@ -1,33 +0,0 @@
Well, I was going to wait until 2.50 release, but it seems to be taking and
this likely affects only few installations. Besides, it's been in their
public bugzilla for over a month. So:
Attacker may be able to execute arbitrary code by sending a specially
crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode
(-B option). Versions from 2.40 to 2.43 are affected.
Exim users especially should check if they're affected, the -B option is
used in several Exim+SpamAssassin HOWTOs.
The problem is with escaping '.' characters at the beginning of lines.
Off-by-one bounds checking error allows writing '.' character past a
buffer, overwriting the stack frame address. Depending on system this may
be exploitable. Pre-built Debian unstable/x86 package wasn't vulnerable, my
self compiled was.
Patch:
diff -ru spamassassin-2.43-old/spamd/libspamc.c spamassassin-2.43/spamd/libspamc.c
--- spamd/libspamc.c.orig 2002-10-15 18:22:49.000000000 +0300
+++ spamd/libspamc.c 2002-12-27 20:19:36.000000000 +0200
@@ -309,7 +309,7 @@
case MESSAGE_BSMTP:
total=full_write(fd, m->pre, m->pre_len);
for(i=0; i<m->out_len; ){
- for(j=0; i<m->out_len && j<sizeof(buffer)/sizeof(*buffer)-1; ){
+ for(j=0; i<m->out_len && j<sizeof(buffer)/sizeof(*buffer)-2; ){
if(i+1<m->out_len && m->out[i]=='\n' && m->out[i+1]=='.'){
buffer[j++]=m->out[i++];
buffer[j++]=m->out[i++];

6
mail/p5-Mail-SpamAssassin/pkg/PLIST
View File

@ -1,4 +1,4 @@
@comment $OpenBSD: PLIST,v 1.8 2002/12/03 07:10:06 wcobb Exp $
@comment $OpenBSD: PLIST,v 1.9 2003/02/03 20:28:25 lebel Exp $
bin/spamassassin
bin/spamc
bin/spamd
@ -26,11 +26,13 @@ ${P5SITE}/Mail/SpamAssassin/Reporter.pm
${P5SITE}/Mail/SpamAssassin/SHA1.pm
${P5SITE}/Mail/SpamAssassin/TextCat.pm
man/man1/spamc.1
man/man8/spamd.8
man/man3p/Mail::SpamAssassin.3p
man/man3p/Mail::SpamAssassin::AutoWhitelist.3p
man/man3p/Mail::SpamAssassin::Conf.3p
man/man3p/Mail::SpamAssassin::ConfSourceSQL.3p
man/man3p/Mail::SpamAssassin::PerMsgStatus.3p
man/man3p/Mail::SpamAssassin::PersistentAddrList.3p
man/man8/spamd.8
share/doc/SpamAssassin/OpenBSD-SpamAssassin-mini-howto.html
share/doc/SpamAssassin/README
share/doc/SpamAssassin/procmailrc.example