Date: Mon, 23 Feb 2004 17:56:03 +0100 (CET) From: Jan-Peter Koopmann <j.koopmann@seceidos.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: sergei@FreeBSD.org Subject: ports/63274: [MAINTAINER] mail/MailScanner: Security bugfix Message-ID: <200402231656.i1NGu3XC098012@services.intern.seceidos.de> Resent-Message-ID: <200402231700.i1NH0cZC014023@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 63274 >Category: ports >Synopsis: [MAINTAINER] mail/MailScanner: Security bugfix >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Feb 23 09:00:38 PST 2004 >Closed-Date: >Last-Modified: >Originator: Jan-Peter Koopmann >Release: FreeBSD 4.9-STABLE i386 >Organization: >Environment: System: FreeBSD services.intern.seceidos.de 4.9-STABLE FreeBSD 4.9-STABLE #0: Mon Jan 5 10:56:46 CET >Description: The author of MailScanner identified a possibility for some viruses to pass MailScanner undetected due to damaged MIME structures. He released a patch which is now included in the port as well. Generated with FreeBSD Port Tools 0.50 >How-To-Repeat: >Fix: --- MailScanner-4.26.8_2.patch begins here --- diff -ruN --exclude=CVS /server-root/ports/mail/mailscanner.orig/Makefile /server-root/ports/mail/mailscanner/Makefile --- /server-root/ports/mail/mailscanner.orig/Makefile Mon Feb 23 05:41:03 2004 +++ /server-root/ports/mail/mailscanner/Makefile Mon Feb 23 17:33:26 2004 @@ -7,6 +7,7 @@ PORTNAME= MailScanner PORTVERSION= 4.26.8 +PORTREVISION= 2 CATEGORIES= mail MASTER_SITES= http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/ DISTNAME= MailScanner-${PORTVERSION}-${PATCHLEVEL} diff -ruN --exclude=CVS /server-root/ports/mail/mailscanner.orig/files/patch-lib:MailScanner:Message.pm /server-root/ports/mail/mailscanner/files/patch-lib:MailScanner:Message.pm --- /server-root/ports/mail/mailscanner.orig/files/patch-lib:MailScanner:Message.pm Tue Feb 17 16:53:42 2004 +++ /server-root/ports/mail/mailscanner/files/patch-lib:MailScanner:Message.pm Mon Feb 23 17:39:17 2004 @@ -1,5 +1,5 @@ ---- ../MailScanner-4.26.8.orig/lib/MailScanner/Message.pm Fri Feb 13 09:31:30 2004 -+++ lib/MailScanner/Message.pm Fri Feb 13 09:38:35 2004 +--- ../MailScanner-4.26.8.orig/lib/MailScanner/Message.pm Mon Feb 23 17:37:26 2004 ++++ lib/MailScanner/Message.pm Mon Feb 23 17:38:33 2004 @@ -2,7 +2,7 @@ # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2002 Julian Field @@ -170,7 +170,7 @@ #print STDERR "Adding file $file type $text\n"; $this->{alltypes}{$file} .= $text; + $types{$file} .= $text; - } ++ } + + # Now look for the reports we can't match anywhere and make them + # map to the entire message. @@ -182,8 +182,59 @@ + $this->{allreports}{""} .= $value; + $this->{alltypes}{""} .= $types{$key}; + } -+ } + } + #print STDERR "Finished combining reports\n"; } + +@@ -3309,6 +3405,50 @@ + $index = $#{$self->{ME_Parts}} + 2 + $index if ($index < 0); + splice(@{$self->{ME_Parts}}, $index, 0, $part); + $part; ++} ++ ++ ++# ++# Over-ride a function in Mail::Header that parses the block of headers ++# at the top of each MIME section. My improvement allows the first line ++# of the header block to be missing, which breaks the original parser ++# though the filename is still there. ++# ++ ++package Mail::Header; ++ ++sub extract ++{ ++ my $me = shift; ++ my $arr = shift; ++ my $line; ++ ++ $me->empty; ++ ++ # JKF Make this more robust by allowing first line of header to be missing ++ shift @{$arr} while scalar(@{$arr}) && ++ $arr->[0] =~ /\A[ \t]+/o && ++ $arr->[1] =~ /\A$FIELD_NAME/o; ++ # JKF End mod here ++ ++ while(scalar(@{$arr}) && $arr->[0] =~ /\A($FIELD_NAME|From )/o) ++ { ++ my $tag = $1; ++ ++ $line = shift @{$arr}; ++ $line .= shift @{$arr} ++ while(scalar(@{$arr}) && $arr->[0] =~ /\A[ \t]+/o); ++ ++ ($tag,$line) = _fmt_line($me,$tag,$line); ++ ++ _insert($me,$tag,$line,-1) ++ if defined $line; ++ } ++ ++ shift @{$arr} ++ if(scalar(@{$arr}) && $arr->[0] =~ /\A\s*\Z/o); ++ ++ $me; + } + --- MailScanner-4.26.8_2.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402231656.i1NGu3XC098012>