Date: Fri, 2 May 2014 15:32:50 GMT From: Lukasz Wasikowski <lukasz@wasikowski.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/189248: [security fix] mail/postfixadmin update to 2.3.7 Message-ID: <201405021532.s42FWoiI014943@cgiserv.freebsd.org> Resent-Message-ID: <201405021540.s42Fe0V3052775@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 189248 >Category: ports >Synopsis: [security fix] mail/postfixadmin update to 2.3.7 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri May 02 15:40:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Lukasz Wasikowski >Release: 9.2-RELEASE-p3 >Organization: >Environment: FreeBSD jinx.wasikowski.net 9.2-RELEASE-p3 FreeBSD 9.2-RELEASE-p3 #6 r263415: Thu Mar 20 06:06:15 CET 2014 root@jinx.wasikowski.net:/usr/obj/usr/src/sys/GENERIC amd64 >Description: This is update mail/postfixadmin to 2.3.7 version. ChangeLog: Version 2.3.7 - 2014/02/20 - SVN r1651 (postfixadmin-2.3 branch) ---------------------------------------------------------------- - SECURITY: fix SQL injection in show_gen_status() - lt.lang, da.lang translation update - when enabling/disabling a mailbox, also update the corresponding alias - fix creating superadmin in setup.php with MariaDB (more strict SQL) - don't trim() mail address to avoid that aliases starting with a space are allowed. This fixes http://sourceforge.net/p/postfixadmin/bugs/210/ and https://sourceforge.net/p/postfixadmin/feature-requests/113/ - update regex in check_domain() to support new, longer TLDs like .international - mark vacation_notification.notified field as latin1 to avoid overlong index - vacation.pl: encode subject - vacation.pl: disable use of TLS by default due to a bug in Mail::Sender 0.8.22 (you can re-enable it with $smtp_tls_allowed) It also adds staging support. >How-To-Repeat: >Fix: Patch attached with submission follows: diff -ruN postfixadmin.old/Makefile postfixadmin/Makefile --- postfixadmin.old/Makefile 2014-02-21 14:37:56.000000000 +0100 +++ postfixadmin/Makefile 2014-05-02 16:26:27.109433440 +0200 @@ -2,7 +2,7 @@ # $FreeBSD: head/mail/postfixadmin/Makefile 345418 2014-02-21 13:37:56Z ehaupt $ PORTNAME= postfixadmin -PORTVERSION= 2.3.6 +PORTVERSION= 2.3.7 CATEGORIES= mail www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION} @@ -17,6 +17,7 @@ NO_BUILD= yes SUB_FILES+= pkg-message +SUB_LIST= WWWOWN=${WWWOWN} WWWGRP=${WWWGRP} OPTIONS_SINGLE= DB OPTIONS_SINGLE_DB= MYSQL MYSQLI PGSQL @@ -24,8 +25,6 @@ OPTIONS_DEFAULT= MYSQL -NO_STAGE= yes - OPTIONS_DEFINE= DOCS .include <bsd.port.options.mk> @@ -44,6 +43,8 @@ USE_PHP+= pgsql .endif +WANT_PHP_WEB= yes + post-patch: @${FIND} ${WRKSRC} -name '*.orig' -delete @@ -51,46 +52,38 @@ @${RM} -rf ${WRKSRC}/ADDITIONS/squirrelmail-plugin do-install: - @${MKDIR} ${PREFIX}/www/postfixadmin/VIRTUAL_VACATION - @${MKDIR} ${PREFIX}/www/postfixadmin/ADDITIONS - @${MKDIR} ${PREFIX}/www/postfixadmin/ADDITIONS/cyrus - @${MKDIR} ${PREFIX}/www/postfixadmin/css - @${MKDIR} ${PREFIX}/www/postfixadmin/admin - @${MKDIR} ${PREFIX}/www/postfixadmin/images - @${MKDIR} ${PREFIX}/www/postfixadmin/languages - @${MKDIR} ${PREFIX}/www/postfixadmin/model - @${MKDIR} ${PREFIX}/www/postfixadmin/templates - @${MKDIR} ${PREFIX}/www/postfixadmin/users + @${MKDIR} ${STAGEDIR}${WWWDIR}/VIRTUAL_VACATION + @${MKDIR} ${STAGEDIR}${WWWDIR}/ADDITIONS + @${MKDIR} ${STAGEDIR}${WWWDIR}/ADDITIONS/cyrus + @${MKDIR} ${STAGEDIR}${WWWDIR}/css + @${MKDIR} ${STAGEDIR}${WWWDIR}/admin + @${MKDIR} ${STAGEDIR}${WWWDIR}/images + @${MKDIR} ${STAGEDIR}${WWWDIR}/languages + @${MKDIR} ${STAGEDIR}${WWWDIR}/model + @${MKDIR} ${STAGEDIR}${WWWDIR}/templates + @${MKDIR} ${STAGEDIR}${WWWDIR}/users (cd ${WRKSRC}/ && \ - ${COPYTREE_SHARE} \*.php ${PREFIX}/www/postfixadmin "! -name config.inc.php") - @${CP} ${WRKSRC}/config.inc.php ${PREFIX}/www/postfixadmin/config.inc.php.sample - @${CP} -n ${WRKSRC}/config.inc.php ${PREFIX}/www/postfixadmin/config.inc.php || ${TRUE} - @${INSTALL_DATA} ${WRKSRC}/*.txt ${PREFIX}/www/postfixadmin - @${INSTALL_DATA} ${WRKSRC}/*.TXT ${PREFIX}/www/postfixadmin - @${INSTALL_DATA} ${WRKSRC}/css/* ${PREFIX}/www/postfixadmin/css - @${INSTALL_DATA} ${WRKSRC}/admin/* ${PREFIX}/www/postfixadmin/admin - @${INSTALL_DATA} ${WRKSRC}/images/* ${PREFIX}/www/postfixadmin/images - @${INSTALL_DATA} ${WRKSRC}/languages/* ${PREFIX}/www/postfixadmin/languages - @${INSTALL_DATA} ${WRKSRC}/model/* ${PREFIX}/www/postfixadmin/model - @${INSTALL_DATA} ${WRKSRC}/templates/* ${PREFIX}/www/postfixadmin/templates - @${INSTALL_DATA} ${WRKSRC}/users/* ${PREFIX}/www/postfixadmin/users - @${CP} -R ${WRKSRC}/VIRTUAL_VACATION/* ${PREFIX}/www/postfixadmin/VIRTUAL_VACATION + ${COPYTREE_SHARE} \*.php ${STAGEDIR}${WWWDIR} "! -name config.inc.php") + @${CP} ${WRKSRC}/config.inc.php ${STAGEDIR}${WWWDIR}/config.inc.php.sample + @${INSTALL_DATA} ${WRKSRC}/*.txt ${STAGEDIR}${WWWDIR} + @${INSTALL_DATA} ${WRKSRC}/*.TXT ${STAGEDIR}${WWWDIR} + @${INSTALL_DATA} ${WRKSRC}/css/* ${STAGEDIR}${WWWDIR}/css + @${INSTALL_DATA} ${WRKSRC}/admin/* ${STAGEDIR}${WWWDIR}/admin + @${INSTALL_DATA} ${WRKSRC}/images/* ${STAGEDIR}${WWWDIR}/images + @${INSTALL_DATA} ${WRKSRC}/languages/* ${STAGEDIR}${WWWDIR}/languages + @${INSTALL_DATA} ${WRKSRC}/model/* ${STAGEDIR}${WWWDIR}/model + @${INSTALL_DATA} ${WRKSRC}/templates/* ${STAGEDIR}${WWWDIR}/templates + @${INSTALL_DATA} ${WRKSRC}/users/* ${STAGEDIR}${WWWDIR}/users + @${CP} -R ${WRKSRC}/VIRTUAL_VACATION/* ${STAGEDIR}${WWWDIR}/VIRTUAL_VACATION (cd ${WRKSRC}/ADDITIONS/ && \ - ${COPYTREE_SHARE} \* ${PREFIX}/www/postfixadmin/ADDITIONS/ "! -name squirrelmail-plugin") + ${COPYTREE_SHARE} \* ${STAGEDIR}${WWWDIR}/ADDITIONS/ "! -name squirrelmail-plugin") + @${CHMOD} 640 ${STAGEDIR}${WWWDIR}/*.php ${STAGEDIR}${WWWDIR}/css/*.css + @${CHMOD} 640 ${STAGEDIR}${WWWDIR}/admin/*.php + @${CHMOD} 640 ${STAGEDIR}${WWWDIR}/users/*.php .if ${PORT_OPTIONS:MDOCS} ${MKDIR} ${DOCSDIR} (cd ${WRKSRC}/DOCUMENTS && ${COPYTREE_SHARE} \* ${DOCSDIR}) .endif -post-install: - @if [ ! -f ${PREFIX}/www/postfixadmin/config.inc.php ]; then \ - ${CP} -p ${PREFIX}/www/postfixadmin/config.inc.php.sample ${PREFIX}/www/postfixadmin/config.inc.php ; \ - fi - @${CHOWN} -R ${WWWOWN}:${WWWGRP} ${PREFIX}/www/postfixadmin - @${CHMOD} 640 ${PREFIX}/www/postfixadmin/*.php ${PREFIX}/www/postfixadmin/css/*.css - @${CHMOD} 640 ${PREFIX}/www/postfixadmin/admin/*.php - @${CHMOD} 640 ${PREFIX}/www/postfixadmin/users/*.php - @${CAT} ${PKGMESSAGE} - .include <bsd.port.mk> diff -ruN postfixadmin.old/distinfo postfixadmin/distinfo --- postfixadmin.old/distinfo 2013-02-23 22:04:09.000000000 +0100 +++ postfixadmin/distinfo 2014-05-02 00:25:39.925147192 +0200 @@ -1,2 +1,2 @@ -SHA256 (postfixadmin-2.3.6.tar.gz) = ea505281b6c04bda887eb4e6aa6c023b354c4ef4864aa60dcb1425942bf2af63 -SIZE (postfixadmin-2.3.6.tar.gz) = 1597001 +SHA256 (postfixadmin-2.3.7.tar.gz) = 761074e711ab618deda425dc013133b9d5968e0859bb883f10164061fd87006e +SIZE (postfixadmin-2.3.7.tar.gz) = 1600662 diff -ruN postfixadmin.old/files/pkg-message.in postfixadmin/files/pkg-message.in --- postfixadmin.old/files/pkg-message.in 2014-01-22 16:52:06.000000000 +0100 +++ postfixadmin/files/pkg-message.in 2014-05-02 00:28:27.908074681 +0200 @@ -9,7 +9,7 @@ ---------- - You are using Postfix 2.0 or higher. - You are using Apache 1.3.27 / Lighttpd 1.3.15 or higher. -- You are using PHP 4.1 or higher (5.X recommended) +- You are using PHP 5.1.2 or higher. - You are using MySQL 3.23 or higher (5.x recommended) OR PostgreSQL 7.4 (or higher) INSTALL / UPGRADE diff -ruN postfixadmin.old/pkg-descr postfixadmin/pkg-descr --- postfixadmin.old/pkg-descr 2014-01-22 16:44:51.000000000 +0100 +++ postfixadmin/pkg-descr 2014-05-02 17:18:40.666426166 +0200 @@ -13,4 +13,4 @@ - Backup MX; - Packaged with over 25 languages. -WWW: http://www.postfixadmin.org +WWW: http://www.postfixadmin.org diff -ruN postfixadmin.old/pkg-plist postfixadmin/pkg-plist --- postfixadmin.old/pkg-plist 2014-01-22 16:16:56.000000000 +0100 +++ postfixadmin/pkg-plist 2014-05-02 16:09:26.586191968 +0200 @@ -162,30 +162,7 @@ www/postfixadmin/xmlrpc.php @unexec if cmp -s %D/www/postfixadmin/config.inc.php.sample %D/www/postfixadmin/config.inc.php; then rm -f %D/www/postfixadmin/config.inc.php; fi www/postfixadmin/config.inc.php.sample -@exec if [ ! -f %D/www/postfixadmin/config.inc.php ] ; then cp -p %D/%F %B/config.inc.php; fi -%%PORTDOCS%%%%DOCSDIR%%/BACKUP_MX.txt -%%PORTDOCS%%%%DOCSDIR%%/DOVECOT.txt -%%PORTDOCS%%%%DOCSDIR%%/FAQ.txt -%%PORTDOCS%%%%DOCSDIR%%/HORDE.txt -%%PORTDOCS%%%%DOCSDIR%%/LANGUAGE.txt -%%PORTDOCS%%%%DOCSDIR%%/POSTFIXADMIN.txt -%%PORTDOCS%%%%DOCSDIR%%/POSTFIX_CONF.txt -%%PORTDOCS%%%%DOCSDIR%%/SECURITY.txt -%%PORTDOCS%%%%DOCSDIR%%/SUPERADMIN.txt -%%PORTDOCS%%%%DOCSDIR%%/UPGRADE.txt -%%PORTDOCS%%%%DOCSDIR%%/screenshots/README.txt -%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-admin-create-alias.jpg -%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-admin-create-domain.jpg -%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-admin-create-mailbox.jpg -%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-admin-domain-list.jpg -%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-admin-virtual-list.jpg -%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-inital-welcome.jpg -%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-mail-admin-login.jpg -%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-user-change-forward.jpg -%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-user-overview.jpg -%%PORTDOCS%%%%DOCSDIR%%/screenshots/postfixadmin-user-vacation.jpg -%%PORTDOCS%%@dirrm %%DOCSDIR%%/screenshots -%%PORTDOCS%%@dirrm %%DOCSDIR%% +@exec [ -f %B/config.inc.php ] || cp %B/%f %B/config.inc.php @dirrm www/postfixadmin/ADDITIONS/cyrus @dirrm www/postfixadmin/ADDITIONS @dirrm www/postfixadmin/VIRTUAL_VACATION/tests >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405021532.s42FWoiI014943>