mirror of
https://git.FreeBSD.org/ports.git
synced 2024-11-27 00:57:50 +00:00
mail/opensmtpd: update to 6.6.4p1 security releaase
SECURITY RELEASE An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. MFH: 2020Q1
This commit is contained in:
parent
8cc580615a
commit
35c76eef93
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=527012
@ -2,7 +2,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= opensmtpd
|
||||
PORTVERSION= 6.6.3
|
||||
PORTVERSION= 6.6.4
|
||||
DISTVERSIONSUFFIX= p1
|
||||
PORTEPOCH= 1
|
||||
PORTREVISION= 0
|
||||
@ -52,7 +52,10 @@ TABLE_DB_CONFIGURE_WITH= table-db
|
||||
|
||||
CONFIGURE_ARGS+= --with-libasr=${LOCALBASE} \
|
||||
--with-libevent=${LOCALBASE} \
|
||||
--sysconfdir=${PREFIX}/etc/mail/
|
||||
--sysconfdir=${PREFIX}/etc/mail/ \
|
||||
--with-user-smtpd=_smtpd \
|
||||
--with-user-queue=_smtpq \
|
||||
--with-group-queue=_smtpq
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
|
@ -1,3 +1,3 @@
|
||||
TIMESTAMP = 1581434283
|
||||
SHA256 (opensmtpd-6.6.3p1.tar.gz) = 9ef7c0eb7ffc5c84dca7651cec69bd7b180014cd5227f6dbc7a303eaa9d41eb7
|
||||
SIZE (opensmtpd-6.6.3p1.tar.gz) = 787196
|
||||
TIMESTAMP = 1582566329
|
||||
SHA256 (opensmtpd-6.6.4p1.tar.gz) = e2f9962a6b99b3cc1572b63a10db648fdca4ad2b58079b680b4202cc7c82d7cf
|
||||
SIZE (opensmtpd-6.6.4p1.tar.gz) = 790754
|
||||
|
@ -8,7 +8,7 @@ libexec/opensmtpd/mail.maildir
|
||||
libexec/opensmtpd/mail.mboxfile
|
||||
libexec/opensmtpd/mail.mda
|
||||
%%TABLE_DB%%libexec/opensmtpd/makemap
|
||||
@(,,2555) sbin/smtpctl
|
||||
@(,_smtpq,2555) sbin/smtpctl
|
||||
sbin/smtpd
|
||||
man/man1/smtp.1.gz
|
||||
man/man5/aliases.5.gz
|
||||
|
Loading…
Reference in New Issue
Block a user