From owner-freebsd-ports@freebsd.org  Sat Nov 25 16:59:32 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B20B4DEAE4E
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Sat, 25 Nov 2017 16:59:32 +0000 (UTC)
 (envelope-from marquis@roble.com)
Received: from mx5.roble.com (mx5.roble.com [209.237.23.5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id A727F663A1
 for <freebsd-ports@freebsd.org>; Sat, 25 Nov 2017 16:59:32 +0000 (UTC)
 (envelope-from marquis@roble.com)
Received: from roble.com (roble.com [209.237.23.50])
 by mx5.roble.com (Postfix) with ESMTP id E2DA44820F
 for <freebsd-ports@freebsd.org>; Sat, 25 Nov 2017 08:59:30 -0800 (PST)
Date: Sat, 25 Nov 2017 08:59:30 -0800 (PST)
From: Roger Marquis <marquis@roble.com>
To: freebsd-ports@freebsd.org
Subject: Re: Procmail Vulnerabilities check
Message-ID: <nycvar.OFS.7.76.1711250853410.73766@eboyr.pbz>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Nov 2017 16:59:32 -0000

Jos Chrispijn wrote:
> Dear sunpoet,
> Noticed this week following issue on procmail.
> ...
> procmail -- Heap-based buffer overflow
> https://vuxml.FreeBSD.org/freebsd/288f7cee-ced6-11e7-8ae9-0050569f0b83.html

Whether mail/procmail is patched or deprecated standard practice has
been to upgrade to mailmaildrop for some years now.  Procmail source is
difficult to read at best, has been unmaintained for a long time and
mailmaildrop is a better tool for this job in almost every way (except
perhaps for macros like TO).

Roger