Date: Wed, 09 Jan 2008 17:46:09 +0000 From: Mike Bristow <mike@urgle.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/119496: [patch] mail/prayer is out of date Message-ID: <E1JCf0D-000Ody-Bg@cheddar.urgle.com> Resent-Message-ID: <200801091800.m09I08np053043@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 119496 >Category: ports >Synopsis: [patch] mail/prayer is out of date >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Jan 09 18:00:07 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Mike Bristow >Release: FreeBSD 7.0-RC1 amd64 >Organization: >Environment: System: FreeBSD cheddar.urgle.com 7.0-RC1 FreeBSD 7.0-RC1 #24: Sun Jan 6 18:57:21 GMT 2008 root@cheddar.urgle.com:/usr/obj/usr/src/sys/GENERIC amd64 >Description: mail/prayer is out of date. I have diff -Nur output; note that prayer/files/patch-prayer_chroot.c is a new file. The Changelog (docs/DONE) says this about the releases since 1.0.16: 04/09/2006 ========== Release: Prayer 1.0.18 Important Security fix: os_connect_unix() had a strcpy() which should have been strncpy() to prevent buffer overrun. Prayer 1.0.17 was mostly safe. By 28/06/2006 ============= Release: Prayer 1.0.17 Fix small foulup wuth gethostbyname() calculations when binding Prayer to specific interfaces. Cleanups to stop char vs unsigned char warnings with latest c-client. Make sure that all internal draft messages consistently use CRLF. Security audit for Prayer frontend following attack: Optional Chroot environment (See chroot options in config file). Stripped out debugging code. >How-To-Repeat: >Fix: diff -urN prayer.orig/Makefile prayer/Makefile --- prayer.orig/Makefile 2008-01-09 17:21:02.000000000 +0000 +++ prayer/Makefile 2008-01-09 16:14:47.000000000 +0000 @@ -6,7 +6,7 @@ # PORTNAME= prayer -PORTVERSION= 1.0.16 +PORTVERSION= 1.0.18 PORTREVISION= 2 CATEGORIES= mail www MASTER_SITES= ftp://ftp.csx.cam.ac.uk/pub/software/email/prayer/ diff -urN prayer.orig/distinfo prayer/distinfo --- prayer.orig/distinfo 2008-01-09 17:21:02.000000000 +0000 +++ prayer/distinfo 2008-01-09 17:02:32.000000000 +0000 @@ -1,3 +1,3 @@ -MD5 (prayer-1.0.16.tar.gz) = bede9f6cb3502d6180581bc4ff1f1961 -SHA256 (prayer-1.0.16.tar.gz) = 227fc7130b1ca2cc07cfe32aabc1b47ea5edfe9c8960dd46502f748a92cfd69b -SIZE (prayer-1.0.16.tar.gz) = 575980 +MD5 (prayer-1.0.18.tar.gz) = 405177f14ced9ef11969f4db2dd96c13 +SHA256 (prayer-1.0.18.tar.gz) = 0c0f6a8d388ab95669566cc1bbe271992917f01d55e1caf695103e1f098d5f4a +SIZE (prayer-1.0.18.tar.gz) = 566168 diff -urN prayer.orig/files/patch-Config prayer/files/patch-Config --- prayer.orig/files/patch-Config 2008-01-09 17:21:02.000000000 +0000 +++ prayer/files/patch-Config 2008-01-09 16:26:07.000000000 +0000 @@ -1,5 +1,5 @@ ---- Config.orig Tue Feb 7 12:38:13 2006 -+++ Config Tue Feb 7 12:38:46 2006 +--- Config.orig 2006-04-05 13:35:35.000000000 +0100 ++++ Config 2008-01-09 16:25:14.000000000 +0000 @@ -28,7 +28,7 @@ ############################################################################ @@ -25,10 +25,10 @@ # -CCLIENT_DIR=./c-client -CCLIENT_INCLUDE=-I $(CCLIENT_DIR) --CCLIENT_LIB=./$(CCLIENT_DIR)/c-client.a +-CCLIENT_LIBS=./$(CCLIENT_DIR)/c-client.a +#CCLIENT_DIR=./c-client +#CCLIENT_INCLUDE=-I $(CCLIENT_DIR) -+#CCLIENT_LIB=./$(CCLIENT_DIR)/c-client.a ++#CCLIENT_LIBS=./$(CCLIENT_DIR)/c-client.a CCLIENT_SSL_ENABLE = true # @@ -37,8 +37,8 @@ # #CCLIENT_INCLUDE = -I/usr/local/include/c-client +CCLIENT_INCLUDE = -I${LOCALBASE}/include/c-client - #CCLIENT_LIB = -L/usr/local/lib -lc-client4 -+CCLIENT_LIB = -L${LOCALBASE}/lib -lc-client4 + #CCLIENT_LIBS = -L/usr/local/lib -lc-client4 ++CCLIENT_LIBS = -L${LOCALBASE}/lib -lc-client4 # # Complication: # The FreeBSD port uses PAM and optionally SSL if built WITH_SSL=yes. @@ -49,12 +49,12 @@ ############################################################################ @@ -99,7 +102,7 @@ - Z_LIB = -lz + Z_LIBS = -lz # LDAP (required if LDAP_ENABLE set) -LDAP_INCLUDE = +LDAP_INCLUDE = -I${LOCALBASE}/include - LDAP_LIB = -lldap + LDAP_LIBS = -lldap # Pam (required if CCLIENT_PAM_ENABLE set) @@ -128,12 +131,12 @@ diff -urN prayer.orig/files/patch-prayer_chroot.c prayer/files/patch-prayer_chroot.c --- prayer.orig/files/patch-prayer_chroot.c 1970-01-01 01:00:00.000000000 +0100 +++ prayer/files/patch-prayer_chroot.c 2008-01-09 16:29:02.000000000 +0000 @@ -0,0 +1,19 @@ +--- prayer/prayer_chroot.c.orig 2006-04-11 15:29:26.000000000 +0100 ++++ prayer/prayer_chroot.c 2008-01-09 16:26:45.000000000 +0000 +@@ -10,8 +10,6 @@ + #include "prayer.h" + #include "prayer_server.h" + +-#include <sys/prctl.h> +- + BOOL prayer_main_use_existing(struct prayer *prayer, char *ports) + { + char *use_ssl, *fd, *next; +@@ -305,7 +303,6 @@ + if (getuid() == 0) + log_fatal("Failed to lose root priveledges"); /* Stop impossible loop */ + +- prctl(PR_SET_DUMPABLE, 1); + } + + if (getuid() == 0) >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1JCf0D-000Ody-Bg>