Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 Oct 2003 15:41:40 +0200 (CEST)
From:      Xavier Beaudouin <kiwi@oav.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/58332: [MAINTAINER][SECURITY] mail/lmtpd: update to 0.9.9
Message-ID:  <20031021134140.AF8F22A43C@akira.oav.net>
Resent-Message-ID: <200310211350.h9LDoFJZ096657@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         58332
>Category:       ports
>Synopsis:       [MAINTAINER][SECURITY] mail/lmtpd: update to 0.9.9
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 21 06:50:15 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Xavier Beaudouin
>Release:        FreeBSD 4.8-RELEASE-p13 i386
>Organization:
The Caudium Group / Association Kazar
>Environment:
System: FreeBSD akira.oav.net 4.8-RELEASE-p13 FreeBSD 4.8-RELEASE-p13 #0: Sun Oct 19 15:32:47 CEST 2003
>Description:
- Update to 0.9.9

 Change log for lmtp 0.9.9 :

  * add av.clamd.mbox_format configuration variable
    to check if mail for clamav shall be send in mbox format
    (for clamav 0.60)

  * add av.action configuration command to define an action
    to do when a command is found. Action can be 'drop', don't check
    for virus (default) of send a notification. Notification are
    formated according a file (see txt/virus.fr.txt for a french
    example)

  * when a virus is detected, set default user bounce message
    according the virus name.

  * add av.virus.keeper configuration variable. It set an mailbox
    who will catch all detected virus.

  * add lmtpsend.sh, a dummy LMTP client for tesing purpose only.

  * add sample mail with eicar virus in attachement in samples/

  * when a virus is found, antivirus log line print the time spend for
    scanning with the virus name.

  * fix: use spamassassin.acl even with 'a' scalar variable

  * fix: rfc2047 decoding skip illegal characters instead of looping
    and doen't crash on illegal charset (potential deny of service)

  * av.check.all doesn't check for virus when the mail will be delayed.

- Fix a security problem introduced by lmtpd 0.9.8 :

  RFC 2047 header decoding has 2 flaws on lmtpd 0.9.8

  o when illegal character is in the decoded sequence, it doesn't
   notice and loop. It could take a big amount of CPU usage before
   timeout.

  o on unrecognized character set, lmtpd crash.

  On both cases, the LMTP client should delay the mail and send it again
  later.

  It appear only for users who has set filter on decoded headers
  (like ~Subject: /foobar/)


NOTE: this ports depends of libhome 0.7.1 so please add pr ports/58331 before this one.

Generated with FreeBSD Port Tools 0.26
>How-To-Repeat:
>Fix:

begin 644 lmtpd-0.9.9.patch
M9&EF9B`M<G5.("TM97AC;'5D93U#5E,@+W5S<B]P;W)T<R]M86EL+VQM='!D
M+F]L9"]-86ME9FEL92`O=7-R+W!O<G1S+VUA:6PO;&UT<&0O36%K969I;&4*
M+2TM("]U<W(O<&]R=',O;6%I;"]L;71P9"YO;&0O36%K969I;&4)5'5E($]C
M="`R,2`Q-3HQ,3HU."`R,#`S"BLK*R`O=7-R+W!O<G1S+VUA:6PO;&UT<&0O
M36%K969I;&4)5'5E($]C="`R,2`Q-3HS-SHR.2`R,#`S"D!`("TV+#<@*S8L
M-R!`0`H@(PH@"B!03U)43D%-13T);&UT<&0*+5!/4E1615)324]./0DP+CDN
M.`HK4$]25%9%4E-)3TX]"3`N.2XY"B!#051%1T]22453/0EM86EL"B!-05-4
M15)?4TE415,]"21[34%35$527U-)5$5?4T]54D-%1D]21T5]"B!-05-415)?
M4TE415]354)$25(]"7!L;`I`0"`M,38L,3,@*S$V+#$Y($!`"B`*($Q)0E]$
M15!%3D13/0EM>7-Q;&-L:65N=#HD>U!/4E131$E2?2]D871A8F%S97,O;7ES
M<6PS,C,M8VQI96YT(%P*(`D)<&-R93HD>U!/4E131$E2?2]D979E;"]P8W)E
M(%P*+0D):6-O;G8Z)'M03U)44T1)4GTO8V]N=F5R=&5R<R]L:6)I8V]N=@HK
M"0EI8V]N=CHD>U!/4E131$E2?2]C;VYV97)T97)S+VQI8FEC;VYV(%P**PD)
M9&(S+C,Z)'M03U)44T1)4GTO9&%T86)A<V5S+V1B,PH@0E5)3$1?1$5014Y$
M4ST))'M,3T-!3$)!4T5]+VQI8B]L:6)H;VUE+F$Z)'M03U)44T1)4GTO;6ES
M8R]L:6)H;VUE"B`*($=.55]#3TY&24=54D4]"5E%4PH@"BU#3TY&24=54D5?
M05)'4RL]"2TM=VET:"UM>7-Q;&QO9R`M+7=I=&AO=70M9&(S("TM=VET:&]U
M="UD8C0@+2UW:71H+7!C<F4@+2UW:71H;W5T+7!E<FP**T-/3D9)1U5215]!
M4D=3*ST)+2UW:71H+6UY<W%L;&]G("TM=VET:"UD8C,@+7=I=&AO=70M9&(T
M("TM=VET:"UP8W)E("TM=VET:&]U="UP97)L"B`*($U!3C@]"0EL;71P9"XX
M"B`*+2YI;F-L=61E(#QB<V0N<&]R="YM:SX**RYI;F-L=61E(#QB<V0N<&]R
M="YP<F4N;6L^"BL**W!O<W0M:6YS=&%L;#H**PDD>TE.4U1!3$Q?1$%407T@
M)'M74DM34D-]+VQM='!D+F-O;F8M<V%M<&QE("1[4%)%1DE8?2]E=&,O;&UT
M<&0N8V]N9BYD:7-T"BL**RYI;F-L=61E(#QB<V0N<&]R="YP;W-T+FUK/@ID
M:69F("UR=4X@+2UE>&-L=61E/4-64R`O=7-R+W!O<G1S+VUA:6PO;&UT<&0N
M;VQD+V1I<W1I;F9O("]U<W(O<&]R=',O;6%I;"]L;71P9"]D:7-T:6YF;PHM
M+2T@+W5S<B]P;W)T<R]M86EL+VQM='!D+F]L9"]D:7-T:6YF;PE4=64@3V-T
M(#(Q(#$U.C$Q.C4X(#(P,#,**RLK("]U<W(O<&]R=',O;6%I;"]L;71P9"]D
M:7-T:6YF;PE4=64@3V-T(#(Q(#$U.C$R.C(P(#(P,#,*0$`@+3$@*S$@0$`*
M+4U$-2`H;&UT<&0M,"XY+C@N=&%R+F=Z*2`](#5A-3=D.3DP8SDS83!F9&9E
M.39B-S5A8F)F,#8Q,V)D"BM-1#4@*&QM='!D+3`N.2XY+G1A<BYG>BD@/2!C
M,C8T,V0Q-3)E.6-D8F0U-6,W934X-#`T,CDP8C1A.0ID:69F("UR=4X@+2UE
M>&-L=61E/4-64R`O=7-R+W!O<G1S+VUA:6PO;&UT<&0N;VQD+W!K9RUP;&ES
M="`O=7-R+W!O<G1S+VUA:6PO;&UT<&0O<&MG+7!L:7-T"BTM+2`O=7-R+W!O
M<G1S+VUA:6PO;&UT<&0N;VQD+W!K9RUP;&ES=`E4=64@3V-T(#(Q(#$U.C$Q
M.C4X(#(P,#,**RLK("]U<W(O<&]R=',O;6%I;"]L;71P9"]P:V<M<&QI<W0)
M5'5E($]C="`R,2`Q-3HS,SHR-2`R,#`S"D!`("TQ+#(@*S$L,C<@0$`*(&QI
M8F5X96,O;&UT<&0*(&)I;B]F:6QT97)C:&5C:PHK971C+VQM='!D+F-O;F8N
M9&ES=`HK<VAA<F4O;FQS+T,O9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O
M96Y?054N25-/.#@U.2TQ+V9I;'1E<F-H96-K+F-A=`HK<VAA<F4O;FQS+V5N
M7T%5+DE33S@X-3DM,34O9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?
M054N55,M05-#24DO9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?0T$N
M25-/.#@U.2TQ+V9I;'1E<F-H96-K+F-A=`HK<VAA<F4O;FQS+V5N7T-!+DE3
M3S@X-3DM,34O9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?0T$N55,M
M05-#24DO9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?1T(N25-/.#@U
M.2TQ+V9I;'1E<F-H96-K+F-A=`HK<VAA<F4O;FQS+V5N7T="+DE33S@X-3DM
M,34O9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?1T(N55,M05-#24DO
M9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?3EHN25-/.#@U.2TQ+V9I
M;'1E<F-H96-K+F-A=`HK<VAA<F4O;FQS+V5N7TY:+DE33S@X-3DM,34O9FEL
M=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?3EHN55,M05-#24DO9FEL=&5R
M8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?55,N25-/.#@U.2TQ+V9I;'1E<F-H
M96-K+F-A=`HK<VAA<F4O;FQS+V5N7U53+DE33S@X-3DM,34O9FEL=&5R8VAE
M8VLN8V%T"BMS:&%R92]N;',O9G)?0D4N25-/.#@U.2TQ+V9I;'1E<F-H96-K
M+F-A=`HK<VAA<F4O;FQS+V9R7T)%+DE33S@X-3DM,34O9FEL=&5R8VAE8VLN
M8V%T"BMS:&%R92]N;',O9G)?0T$N25-/.#@U.2TQ+V9I;'1E<F-H96-K+F-A
M=`HK<VAA<F4O;FQS+V9R7T-!+DE33S@X-3DM,34O9FEL=&5R8VAE8VLN8V%T
M"BMS:&%R92]N;',O9G)?0T@N25-/.#@U.2TQ+V9I;'1E<F-H96-K+F-A=`HK
M<VAA<F4O;FQS+V9R7T92+DE33S@X-3DM,2]F:6QT97)C:&5C:RYC870**W-H
M87)E+VYL<R]F<E]#2"Y)4T\X.#4Y+3$U+V9I;'1E<F-H96-K+F-A=`HK<VAA
M<F4O;FQS+V9R7T92+DE33S@X-3DM,34O9FEL=&5R8VAE8VLN8V%T"BMS:&%R
G92]N;',O9G)?1E(N25-/7S@X-3DM,2]F:6QT97)C:&5C:RYC870*
`
end

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031021134140.AF8F22A43C>