FreeBSD Mail Archives

Date:      Tue,  5 Jun 2007 21:04:46 -0400 (EDT)
From:      Michael Scheidell <scheidell@secnap.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        Mark.Martinec@ijs.si, gabor@FreeBSD.org
Subject:   ports/113396: Update Amavisd to 2.5.1
Message-ID:  <20070606010446.8A3011CD45@scanner.secnap.net>
Resent-Message-ID: <200706060110.l561A4t1040359@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help


>Number:         113396
>Category:       ports
>Synopsis:       Update Amavisd to 2.5.1
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 06 01:10:04 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Michael Scheidell
>Release:        FreeBSD 5.5-RELEASE-p8 i386
>Organization:
SECNAP Network Security
>Environment:
System: FreeBSD scanner.secnap.net 5.5-RELEASE-p8 FreeBSD 5.5-RELEASE-p8 #2: Fri Dec 29 22:23:34 EST 2006 scheidell@scanner.secnap.net:/usr/obj/usr/src/sys/HACKERTRAP_750 i386


>Description:
#1 Update Amavisd-new from 2.50 to 2.5.1
Several enhancements and bugfixes
full Release notes: http://www.ijs.si/software/amavisd/release-notes.txt

#2, several changes to ports Makefile suggested by amavisd-new author
a) remove the sed/replacecmd for zoo/unzoo, not needed
b)  add in copy of amavisd-release to amavisd-requeue (add 
functionality, see release notes)

#3, required minimum p5-Compress-Zlib>=2.04 (functionality)
#4, security fixed: disable zoo and unzoo by default (DOS attack)
a) mark UNZOO IGNORE (no patches available)
b) make zoo RUN_DEPENDS+=  zoo>=2.10.1_3 (needs anti-dos patches)
c) make file RUN_DEPENDS+=  file>=4.2.1 (DOS attack)

#5: and patch from p5-Mail-SpamAssassin maintainer: scheidell@secnap.net 
to add ram disk for /var/amavis/tmp.  activated with 'amavisd_ram='
setting in rc.conf.  Tests on systems with extra ram, full load show
up to 10% increase in performance, even over fbsd ufs2 with softupdates.
>How-To-Repeat:
na
>Fix:
Patches:

diff -bBru /var/tmp/amavisd-new250/Makefile ./Makefile
--- /var/tmp/amavisd-new250/Makefile    Mon May 21 18:52:40 2007
+++ ./Makefile  Tue Jun  5 20:25:46 2007
@@ -7,7 +7,7 @@
 # Based on amavisd ports makefile.
 
 PORTNAME=      amavisd-new
-PORTVERSION=   2.5.0
+PORTVERSION=   2.5.1
 PORTEPOCH=     1
 CATEGORIES=    security
 MASTER_SITES=  http://www.ijs.si/software/amavisd/ \
@@ -22,7 +22,7 @@
                ${SITE_PERL}/${PERL_ARCH}/MIME/Base64.pm:${PORTSDIR}/converters/p5-MIME-Base64 \
                ${SITE_PERL}/Convert/TNEF.pm:${PORTSDIR}/converters/p5-Convert-TNEF \
                p5-Convert-UUlib>=1.08,1:${PORTSDIR}/converters/p5-Convert-UUlib \
-               p5-Compress-Zlib>=1.04:${PORTSDIR}/archivers/p5-Compress-Zlib \
+               p5-Compress-Zlib>=2.04:${PORTSDIR}/archivers/p5-Compress-Zlib \
                ${SITE_PERL}/Archive/Zip.pm:${PORTSDIR}/archivers/p5-Archive-Zip \
                ${SITE_PERL}/${PERL_ARCH}/Digest/MD5.pm:${PORTSDIR}/security/p5-Digest-MD5 \
                ${SITE_PERL}/${PERL_ARCH}/Time/HiRes.pm:${PORTSDIR}/devel/p5-Time-HiRes \
@@ -67,7 +67,7 @@
                NOMARCH "ARC support with archivers/nomarch"    off \
                CAB     "CAB support with archivers/cabextract" on \
                RPM     "RPM support with archivers/rpm2cpio"   on \
-               ZOO     "ZOO support with archivers/zoo"        on \
+               ZOO     "ZOO support with archivers/zoo"        off \
                UNZOO   "ZOO support with archivers/unzoo"      off \
                LZOP    "LZOP support with archivers/lzop"      on \
                FREEZE  "FREEZE support with archivers/freeze"  on \
@@ -140,7 +140,8 @@
 .endif
 
 .if defined(WITH_FILE)
-RUN_DEPENDS+=  ${LOCALBASE}/bin/file:${PORTSDIR}/sysutils/file
+# security fix, file > 4.2.1 needed
+RUN_DEPENDS+=  file>=4.2.1:${PORTSDIR}/sysutils/file
 .endif
 
 .if defined(WITH_RAR)
@@ -180,10 +181,12 @@
 .endif
 
 .if defined(WITH_ZOO)
-RUN_DEPENDS+=  ${LOCALBASE}/bin/zoo:${PORTSDIR}/archivers/zoo
+# DOS condition in 2.10.1_2
+RUN_DEPENDS+=  zoo>=2.10.1_3:${PORTSDIR}/archivers/zoo
 .endif
 
 .if defined(WITH_UNZOO)
+IGNORE= UNZOO Broken with DOS attack conditions.  Not maintained. No patches
 RUN_DEPENDS+=  ${LOCALBASE}/bin/unzoo:${PORTSDIR}/archivers/unzoo
 .endif
 
@@ -204,9 +207,6 @@
 .endif
 
 post-patch:
-.for f in amavisd.conf amavisd.conf-sample amavisd amavisd-agent amavisd-nanny amavisd-release
-       @${REINPLACE_CMD} "s@'zoo'\]@['zoo','unzoo'] ]@" ${WRKSRC}/${f}
-.endfor
 .for i in amavisd.conf amavisd.conf-sample
        @${REINPLACE_CMD} -e "s|$daemon_user  = \'vscan\';|$daemon_user  = \'${AMAVISUSER}\';|" \
                        -e "s|$daemon_group = \'vscan\';|$daemon_group = \'${AMAVISGROUP}\';|" \
@@ -245,6 +245,7 @@
 .for i in amavisd amavisd-agent amavisd-nanny amavisd-release
        ${INSTALL_SCRIPT} ${WRKSRC}/${i} ${PREFIX}/sbin
 .endfor
+       ${INSTALL_SCRIPT} ${WRKSRC}/amavisd-release ${PREFIX}/sbin/amavisd-requeue
        ${INSTALL_SCRIPT} ${WRKSRC}/amavisd.conf ${PREFIX}/etc/amavisd.conf-dist
        ${INSTALL_SCRIPT} ${WRKSRC}/amavisd.conf-sample ${PREFIX}/etc/amavisd.conf-sample
        ${INSTALL_SCRIPT} ${WRKSRC}/amavisd.conf-default ${PREFIX}/etc/amavisd.conf-default
diff -bBru /var/tmp/amavisd-new250/distinfo ./distinfo
--- /var/tmp/amavisd-new250/distinfo    Tue May  1 14:31:56 2007
+++ ./distinfo  Tue Jun  5 20:06:12 2007
@@ -1,3 +1,3 @@
-MD5 (amavisd-new-2.5.0.tar.gz) = 990a8c78911e208afca8c43a1f7c018d
-SHA256 (amavisd-new-2.5.0.tar.gz) = d5f5238a565868b5150c2591cd06780556d2aa093355475874e6b539e7eb1116
-SIZE (amavisd-new-2.5.0.tar.gz) = 780990
+MD5 (amavisd-new-2.5.1.tar.gz) = c0bed5db53dfce6e70047597989523e2
+SHA256 (amavisd-new-2.5.1.tar.gz) = 2ac5a933d62072b3ed9986252003fd3942179618c7ba76d3390570547fc981de
+SIZE (amavisd-new-2.5.1.tar.gz) = 786898
diff -bBru /var/tmp/amavisd-new250/files/amavisd.sh.in ./files/amavisd.sh.in
--- /var/tmp/amavisd-new250/files/amavisd.sh.in Mon Feb 20 15:47:36 2006
+++ ./files/amavisd.sh.in       Tue Jun  5 20:44:09 2007
@@ -23,6 +23,20 @@
 pidfile=%%AMAVISDIR%%/amavisd.pid
 required_files=%%PREFIX%%/etc/amavisd.conf
 
+start_precmd=start_precmd
+
+# possible values include: amavisd_ram="512m"
+# adds ram disk for amavisd defanging/decoding, speeds up large systems 10%
+start_precmd()
+{
+rm -rf %%AMAVISDIR%%/tmp/* %%AMAVISDIR%%/tmp/.* 2>/dev/null || true
+if [ ${amavisd_ram} ];then
+  df %%AMAVISDIR%%/tmp |  grep '^/dev/md' > /dev/null
+  if [ $? -eq 1 ];then
+   mdmfs -M -s ${amavisd_ram} -w %%AMAVISUSER%%:%%AMAVISGROUP%% md %%AMAVISDIR%%/tmp || true
+  fi
+fi
+}
 stop_postcmd=stop_postcmd
 
 stop_postcmd()
diff -bBru /var/tmp/amavisd-new250/files/pkg-message.in ./files/pkg-message.in
--- /var/tmp/amavisd-new250/files/pkg-message.in        Tue May  1 14:31:56 2007
+++ ./files/pkg-message.in      Tue Jun  5 20:40:53 2007
@@ -13,6 +13,10 @@
 
     amavisd_enable="YES"
 
+ Optionally enable amavisd tmp ram disk with: (example 512k)
+
+    amavisd_ram="512m"
+
  If you have installed and want to use the amavis sendmail milter interface,
  you need the following additional line in /etc/rc.conf:
 
diff -bBru /var/tmp/amavisd-new250/pkg-plist ./pkg-plist
--- /var/tmp/amavisd-new250/pkg-plist   Tue May  1 14:31:56 2007
+++ ./pkg-plist Tue Jun  5 20:47:20 2007
@@ -79,3 +79,4 @@
 sbin/amavisd-agent
 sbin/amavisd-nanny
 sbin/amavisd-release
+sbin/amavisd-requeue

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070606010446.8A3011CD45>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation