1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-27 00:57:50 +00:00

mail/opensmtpd: update to 6.6.4p1 security releaase

SECURITY RELEASE

An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.

MFH:		2020Q1
This commit is contained in:
Dima Panov 2020-02-24 18:36:49 +00:00
parent 8cc580615a
commit 35c76eef93
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=527012
3 changed files with 9 additions and 6 deletions

View File

@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= opensmtpd
PORTVERSION= 6.6.3
PORTVERSION= 6.6.4
DISTVERSIONSUFFIX= p1
PORTEPOCH= 1
PORTREVISION= 0
@ -52,7 +52,10 @@ TABLE_DB_CONFIGURE_WITH= table-db
CONFIGURE_ARGS+= --with-libasr=${LOCALBASE} \
--with-libevent=${LOCALBASE} \
--sysconfdir=${PREFIX}/etc/mail/
--sysconfdir=${PREFIX}/etc/mail/ \
--with-user-smtpd=_smtpd \
--with-user-queue=_smtpq \
--with-group-queue=_smtpq
.include <bsd.port.pre.mk>

View File

@ -1,3 +1,3 @@
TIMESTAMP = 1581434283
SHA256 (opensmtpd-6.6.3p1.tar.gz) = 9ef7c0eb7ffc5c84dca7651cec69bd7b180014cd5227f6dbc7a303eaa9d41eb7
SIZE (opensmtpd-6.6.3p1.tar.gz) = 787196
TIMESTAMP = 1582566329
SHA256 (opensmtpd-6.6.4p1.tar.gz) = e2f9962a6b99b3cc1572b63a10db648fdca4ad2b58079b680b4202cc7c82d7cf
SIZE (opensmtpd-6.6.4p1.tar.gz) = 790754

View File

@ -8,7 +8,7 @@ libexec/opensmtpd/mail.maildir
libexec/opensmtpd/mail.mboxfile
libexec/opensmtpd/mail.mda
%%TABLE_DB%%libexec/opensmtpd/makemap
@(,,2555) sbin/smtpctl
@(,_smtpq,2555) sbin/smtpctl
sbin/smtpd
man/man1/smtp.1.gz
man/man5/aliases.5.gz