Date: Mon, 10 May 2010 17:18:10 -0500 (CDT) From: Ted Hatfield <ted@pat.io.com> To: Niels Heinen <niels@freebsd.org> Cc: freebsd-ports@freebsd.org Subject: Re: spamass-milter-0.3.1_9 leaving open zombie processes. Message-ID: <alpine.BSF.2.00.1005101639300.7249@pat.io.com> In-Reply-To: <4BE86726.4080601@FreeBSD.org> References: <alpine.BSF.2.00.1005101124390.1382@pat.io.com> <4BE86726.4080601@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Forgive my ignorance and the long rambling email below. I have limited knowledge of the intricacies of diff and the patching process so I'm not sure exactly what you are asking for when you say "Can you perhaps send me a port diff?". Here is a full description of the process I went through to get the milter running on my servers. Because I did not know which patches you had already applied to the port nor where you had obtained them, I determined that I would need to patch a copy of the original source by hand with the patches I found at the savannah.nongnu.org website. I downloaded the original source from the savannah.nongnu.org mirror site. I then applied the two patches I listed below to the original source and verified that it would "configure" and "make" properly. These patches can be obtained from http://savannah.nongnu.org/bugs/?29326 file #20020 and file #20284. Once I know that this was working properly I then verified that the distfile the port was downloading was the same as the source I downloaded from the savannah.nongnu.org repository. This convinced me that I could modify the patch files in the /usr/ports/mail/spamass-milter/files folder. Each of the patch files I downloaded from savannah.nongnu.org consisted of a combined diff for the files spamass-milter.cpp and spamass-milter.h. I then separated each individual patch file into separate pieces. I combined those separate pieces together into two new patch files that I used to replace: (note that I said REPLACED) /usr/ports/mail/spamass-milter/files/patch-spamass-milter.cpp /usr/ports/mail/spamass-milter/files/patch-spamass-milter.h Although this "new" port is running on my servers and it appears to have fixed both the security flaw and the zombie process bug, I'm uncertain if I have opened up any other security hole or bug in the process, because I don't know what other patches you had in place that I removed nor what their purpose was. I sent my original email both as a way of informing the port maintainer of the problem as well as a link to the code that purported to fix the problem, hoping that you would have a better idea of what else I might have broken when I "fixed" the problem. If you require something from me that I can provide please let me know and I'll do my best to get it to you. Thanks, Ted Hatfield On Mon, 10 May 2010, Niels Heinen wrote: > Hi Ted, > > Thanks for pointing this out! > Can you perhaps send me a port diff? (will shorten the ETA) > > Thanks, > Niels > > On 05/10/10 21:07, Ted Hatfield wrote: >> >> spamass-milter-0.3.0_9 appears to be an update to fix the security >> vulnerability referenced by CVE-2010-1132. >> >> However the patch installed for this vulnerability fails to close >> processes properly and spamass-milter leaves a large number of zombie >> processes open until the milter is restarted. >> >> Rather than wait for the port maintainer to update this port we >> installed the patches found at http://savannah.nongnu.org/bugs/?29326 >> >> Specifically >> file #20020: spamass-milter-0.3.1-syntax.patch >> file #20284: spamass-milter-0.3.1-popen.patch >> >> If anyone wants to see tham I have included the patches I used. >> >> Does anyone have an ETA for an official update. >> >> Thank, >> >> Ted Hatfield >> PrismNet Ltd. >> IO.COM. >> >> >> >> _______________________________________________ >> freebsd-ports@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ports >> To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" > > -- > Niels Heinen > FreeBSD committer | www.freebsd.org > PGP: 0x5FE39B80 > > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1005101639300.7249>