OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 19-Sep-2003 09:42:59
Branch: OPENPKG_1_3_SOLID HEAD Handle: 2003091908425801
Modified files:
openpkg-web news.txt
Modified files: (Branch: OPENPKG_1_3_SOLID)
openpkg-src/sendmail sendmail.patch sendmail.spec
Log:
apply security bugfixes (CAN-2003-0694 & CAN-2003-0681) plus the
sed(1) portability fix from CURRENT
Summary:
Revision Changes Path
1.1.2.1.2.1 +106 -4 openpkg-src/sendmail/sendmail.patch
1.51.2.5.2.3+9 -4 openpkg-src/sendmail/sendmail.spec
1.6637 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/sendmail/sendmail.patch
============================================================================
$ cvs diff -u -r1.1.2.1 -r1.1.2.1.2.1 sendmail.patch
--- openpkg-src/sendmail/sendmail.patch 24 Jul 2003 20:50:36 -0000 1.1.2.1
+++ openpkg-src/sendmail/sendmail.patch 19 Sep 2003 07:42:59 -0000
1.1.2.1.2.1
@@ -1,5 +1,5 @@
---- sendmail-8.12.0/sendmail/conf.c.orig Tue Oct 16 11:24:13 2001
-+++ sendmail-8.12.0/sendmail/conf.c Wed Oct 17 18:49:33 2001
+--- sendmail/conf.c.orig Tue Oct 16 11:24:13 2001
++++ sendmail/conf.c Wed Oct 17 18:49:33 2001
@@ -470,6 +470,12 @@
ndbm_map_lookup, ndbm_map_store);
#endif /* NDBM */
@@ -23,8 +23,8 @@
#if NETINET
"NETINET",
#endif /* NETINET */
---- sendmail-8.12.0/sendmail/map.c.orig Tue Oct 16 11:22:26 2001
-+++ sendmail-8.12.0/sendmail/map.c Thu Oct 18 09:34:53 2001
+--- sendmail/map.c.orig Tue Oct 16 11:22:26 2001
++++ sendmail/map.c Thu Oct 18 09:34:53 2001
@@ -1822,12 +1822,443 @@
}
@@ -472,3 +472,105 @@
/*
** BT_MAP_OPEN, HASH_MAP_OPEN -- database open primitives.
**
+
+==============================================================================
+
+Security bugfixes:
+http://www.sendmail.org/8.12.10.html
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0681
+
+Index: sendmail/parseaddr.c
+--- sendmail/parseaddr.c.orig 2003-03-27 03:39:53.000000000 +0100
++++ sendmail/parseaddr.c 2003-09-19 09:11:01.000000000 +0200
+@@ -700,7 +700,11 @@
+ addr[MAXNAME] = '\0';
+ returnnull:
+ if (delimptr != NULL)
++ {
++ if (p > addr)
++ p--;
+ *delimptr = p;
++ }
+ CurEnv->e_to = saveto;
+ return NULL;
+ }
+@@ -1000,6 +1004,8 @@
+ }
+ if (pvp == NULL)
+ return EX_USAGE;
++ if (maxatom <= 0)
++ return EX_USAGE;
+
+ /*
+ ** Run through the list of rewrite rules, applying
+@@ -1866,6 +1872,7 @@
+ register ENVELOPE *e;
+ {
+ bool tempfail = false;
++ int maxatom;
+ struct mailer **mp;
+ register struct mailer *m;
+ register char *p;
+@@ -1880,6 +1887,7 @@
+ printav(tv);
+ }
+
++ maxatom = MAXATOM;
+ if (a == NULL)
+ a = (ADDRESS *) sm_rpool_malloc_x(e->e_rpool, sizeof *a);
+ memset((char *) a, '\0', sizeof *a);
+@@ -1919,14 +1927,22 @@
+ return a;
+ }
+ mname = *++tv;
++ --maxatom;
+
+ /* extract host and user portions */
+ if (*++tv != NULL && (**tv & 0377) == CANONHOST)
++ {
+ hostp = ++tv;
++ --maxatom;
++ }
+ else
+ hostp = NULL;
++ --maxatom;
+ while (*tv != NULL && (**tv & 0377) != CANONUSER)
++ {
+ tv++;
++ --maxatom;
++ }
+ if (*tv == NULL)
+ {
+ syserr("554 5.3.5 buildaddr: no user");
+@@ -1937,6 +1953,7 @@
+ else if (hostp != NULL)
+ cataddr(hostp, tv - 1, hbuf, sizeof hbuf, '\0');
+ cataddr(++tv, NULL, ubuf, sizeof ubuf, ' ');
++ --maxatom;
+
+ /* save away the host name */
+ if (sm_strcasecmp(mname, "error") == 0)
+@@ -2041,6 +2058,7 @@
+ {
+ p++;
+ tv++;
++ --maxatom;
+ a->q_flags |= QNOTREMOTE;
+ }
+
+@@ -2071,11 +2089,11 @@
+ !bitset(RF_SENDERADDR|RF_HEADERADDR, flags))
+ {
+ /* sender addresses done later */
+- (void) REWRITE(tv, 2, e);
++ (void) rewrite(tv, 2, 0, e, maxatom);
+ if (m->m_re_rwset > 0)
+- (void) REWRITE(tv, m->m_re_rwset, e);
++ (void) rewrite(tv, m->m_re_rwset, 0, e, maxatom);
+ }
+- (void) REWRITE(tv, 4, e);
++ (void) rewrite(tv, 4, 0, e, maxatom);
+
+ /* save the result for the command line/RCPT argument */
+ cataddr(tv, NULL, ubuf, sizeof ubuf, '\0');
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/sendmail/sendmail.spec
============================================================================
$ cvs diff -u -r1.51.2.5.2.2 -r1.51.2.5.2.3 sendmail.spec
--- openpkg-src/sendmail/sendmail.spec 1 Aug 2003 11:01:43 -0000
1.51.2.5.2.2
+++ openpkg-src/sendmail/sendmail.spec 19 Sep 2003 07:42:59 -0000
1.51.2.5.2.3
@@ -33,7 +33,7 @@
Group: Mail
License: BSD
Version: 8.12.9
-Release: 1.3.0
+Release: 1.3.1
# package options
%option with_fsl yes
@@ -94,9 +94,9 @@
%setup0 -q -c
%setup1 -q -T -D -a 1
- # apply patches for MySQL map support
+ # apply patches for MySQL map support and Security Bugfixes
( cd sendmail-%{version}
- %{l_patch} -p1 <%{PATCH sendmail.patch}
+ %{l_patch} -p0 <%{PATCH sendmail.patch}
) || exit $?
# make install process unprivileged
@@ -120,12 +120,17 @@
# override platform-specific definitions
( cd sendmail-%{version}
+ ( echo "#ifdef _PATH_SENDMAIL"
+ echo "#undef _PATH_SENDMAIL"
+ echo "#endif"
+ ) >sed.include
%{l_shtool} subst \
-e 's;\(define *SMRSH_CMDDIR *\).*;\1 "%{l_prefix}/var/sendmail/sm.bin";g' \
-e 's;\(define *_PATH_SENDMAIL *\).*;\1 "%{l_prefix}/sbin/sendmail";g' \
- -e 's;\(include *<paths.h>.*\);\1\n#ifdef _PATH_SENDMAIL\n#undef
_PATH_SENDMAIL\n#endif;g' \
+ -e '/# *include *<paths.h>.*/r sed.include' \
-e '/undef *_PATH_SENDMAILPID/d' \
include/sendmail/pathnames.h include/sm/conf.h
+ rm -f sed.include
) || exit $?
%build
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.6636 -r1.6637 news.txt
--- openpkg-web/news.txt 19 Sep 2003 07:38:15 -0000 1.6636
+++ openpkg-web/news.txt 19 Sep 2003 07:42:58 -0000 1.6637
@@ -1,3 +1,4 @@
+19-Sep-2003: Upgraded package: P<sendmail-8.12.9-1.3.1>
19-Sep-2003: Upgraded package: P<sendmail-8.12.10-20030919>
18-Sep-2003: Upgraded package: P<kde-libs-3.1.4-20030918>
18-Sep-2003: Upgraded package: P<qpopper-4.0.5-20030918>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
