Date: Mon, 18 Aug 2003 01:52:08 +0900 (JST) From: KIMURA Yasuhiro <yasu@utahime.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/55676: mail/youbin: new version 3.5 exists Message-ID: <20030817165208.BCEB954AC@eastasia.home.utahime.org> Resent-Message-ID: <200308171700.h7HH0Uk8085404@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 55676 >Category: ports >Synopsis: mail/youbin: new version 3.5 exists >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Aug 17 10:00:30 PDT 2003 >Closed-Date: >Last-Modified: >Originator: KIMURA Yasuhiro >Release: FreeBSD 4.8-RELEASE-p3 i386 >Organization: >Environment: System: FreeBSD eastasia.home.utahime.org 4.8-RELEASE-p3 FreeBSD 4.8-RELEASE-p3 #2: Thu Aug 14 22:22:48 JST 2003 yasu@eastasia.home.utahime.org:/usr/obj/usr1/cvsup/releng_4_8/src/sys/EASTASIA i386 >Description: New version 3.5 exists which fixes locally exploitable buffer overflow probrem. >How-To-Repeat: >Fix: --- youbin.port.patch begins here --- diff -Nru mail/youbin.old/Makefile mail/youbin/Makefile --- mail/youbin.old/Makefile Fri Aug 8 18:21:51 2003 +++ mail/youbin/Makefile Mon Aug 18 01:12:34 2003 @@ -6,15 +6,13 @@ # PORTNAME= youbin -PORTVERSION= 3.4 +PORTVERSION= 3.5 CATEGORIES= mail MASTER_SITES= http://www.agusa.nuie.nagoya-u.ac.jp/software/agusalab/youbin/archive/ DISTNAME= ${PORTNAME}${PORTVERSION}-unix MAINTAINER= max@FreeBSD.org COMMENT= Mail arrival notification service package - -FORBIDDEN= Locally exploitable buffer overflow in set-user-ID executable USE_IMAKE= yes USE_X_PREFIX= no diff -Nru mail/youbin.old/distinfo mail/youbin/distinfo --- mail/youbin.old/distinfo Sun Nov 4 22:43:29 2001 +++ mail/youbin/distinfo Mon Aug 18 01:10:02 2003 @@ -1 +1 @@ -MD5 (youbin3.4-unix.tar.gz) = 234223775792e003c12e4f52efa97e75 +MD5 (youbin3.5-unix.tar.gz) = 1908de828ce5023a7d045babb9bef2e9 diff -Nru mail/youbin.old/files/patch-ae mail/youbin/files/patch-ae --- mail/youbin.old/files/patch-ae Sun Nov 4 22:43:29 2001 +++ mail/youbin/files/patch-ae Mon Aug 18 01:22:27 2003 @@ -1,6 +1,6 @@ ---- server.c.orig Sun Apr 15 23:17:13 2001 -+++ server.c Tue May 15 12:26:12 2001 -@@ -48,6 +48,9 @@ +--- server.c.orig Thu May 8 12:34:45 2003 ++++ server.c Mon Aug 18 01:20:24 2003 +@@ -49,6 +49,9 @@ #include <pwd.h> /* For getpwuid(). */ #include <signal.h> #include <stdio.h> @@ -10,11 +10,10 @@ #include "youbin.h" #include "server.h" -@@ -148,6 +151,15 @@ - signal(SIGTERM, sig_quit); +@@ -151,6 +154,15 @@ signal(SIGHUP, sig_hup); signal(SIGALRM, sig_alarm); -+ + + /*Go to background. This part was modified locally by Masafumi NAKANE + <max@FreeBSD.org>, and is used only on FreeBSD.*/ +#ifdef __FreeBSD__ @@ -23,6 +22,16 @@ + kill(getpid(), SIGTERM); + } +#endif - ++ /* Dive into main loop. Don't use setjmp() and longjmp(), because list maintenance routines are in critical section. */ + alarm(UNIT_TIME); +@@ -359,7 +371,7 @@ + #endif + if( !(sp->mode.head_list) ) { + send_packet(buff, sp); /* Send header and so on. */ +- retrun; ++ return; + } + + line = buff + strlen(buff); diff -Nru mail/youbin.old/files/patch-client.c mail/youbin/files/patch-client.c --- mail/youbin.old/files/patch-client.c Thu Jan 1 09:00:00 1970 +++ mail/youbin/files/patch-client.c Mon Aug 18 01:31:23 2003 @@ -0,0 +1,11 @@ +--- client.c.orig Thu May 8 12:34:44 2003 ++++ client.c Mon Aug 18 01:30:31 2003 +@@ -400,7 +400,7 @@ + + if( *config_file == '\0' ){ + if (env) +- strncpy ( rcfile, env, sizeof(rcsfile) - strlen(youbinrc) - 1); ++ strncpy ( rcfile, env, sizeof(rcfile) - strlen(youbinrc) - 1); + else if ((pwent = (struct passwd *) getpwuid (getuid ())) + && pwent->pw_dir) + strcpy ( rcfile, pwent->pw_dir); --- youbin.port.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030817165208.BCEB954AC>