I'm now running on this updated version (plus I have added pledge/unveil into lib/Amavis.pm).
On Thu, Jun 25, 2026 at 08:39:47AM +0100, Stuart Henderson wrote: > On 2026/06/25 08:36, Stuart Henderson wrote: > > On 2026/06/22 08:04, James J. Lippard wrote: > > > The mail/amavisd-new port is broken in OpenBSD 7.9 and also contains > > > the vulnerability CVE-2024-28054 (MIME boundary confusion which allows > > > bypassing scanners for attachments). The vuln is fixed in 2.13.1 and > > > current stable release is 2.14.0. Attached is a unified diff that > > > modifies Makefile and the existing patches to work on 2.14.0. (It's > > > also possible to add a few lines to do some pledge and unveil > > > restrictions in Amavis.pm which I'm running on my systems, but I've > > > left that out of this minimal set of changes to make it work.) > > > > > > Sent at giovanni's request since he no longer uses amavisd. > > > > Updated diff below. > > actually, I've just committed Johan's small fix, so we've got something > working before the bigger change goes in. here's an updated diff taking > that into account. -- Jim Lippard [email protected] http://www.discord.org/ GPG Key ID: 0x99FD5CD6
