ports/55676: mail/youbin: new version 3.5 exists
KIMURA Yasuhiro
yasu at utahime.org
Sun Aug 17 17:00:32 UTC 2003
>Number: 55676
>Category: ports
>Synopsis: mail/youbin: new version 3.5 exists
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Aug 17 10:00:30 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: KIMURA Yasuhiro
>Release: FreeBSD 4.8-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD eastasia.home.utahime.org 4.8-RELEASE-p3 FreeBSD 4.8-RELEASE-p3 #2: Thu Aug 14 22:22:48 JST 2003 yasu at eastasia.home.utahime.org:/usr/obj/usr1/cvsup/releng_4_8/src/sys/EASTASIA i386
>Description:
New version 3.5 exists which fixes locally exploitable buffer
overflow probrem.
>How-To-Repeat:
>Fix:
--- youbin.port.patch begins here ---
diff -Nru mail/youbin.old/Makefile mail/youbin/Makefile
--- mail/youbin.old/Makefile Fri Aug 8 18:21:51 2003
+++ mail/youbin/Makefile Mon Aug 18 01:12:34 2003
@@ -6,15 +6,13 @@
#
PORTNAME= youbin
-PORTVERSION= 3.4
+PORTVERSION= 3.5
CATEGORIES= mail
MASTER_SITES= http://www.agusa.nuie.nagoya-u.ac.jp/software/agusalab/youbin/archive/
DISTNAME= ${PORTNAME}${PORTVERSION}-unix
MAINTAINER= max at FreeBSD.org
COMMENT= Mail arrival notification service package
-
-FORBIDDEN= Locally exploitable buffer overflow in set-user-ID executable
USE_IMAKE= yes
USE_X_PREFIX= no
diff -Nru mail/youbin.old/distinfo mail/youbin/distinfo
--- mail/youbin.old/distinfo Sun Nov 4 22:43:29 2001
+++ mail/youbin/distinfo Mon Aug 18 01:10:02 2003
@@ -1 +1 @@
-MD5 (youbin3.4-unix.tar.gz) = 234223775792e003c12e4f52efa97e75
+MD5 (youbin3.5-unix.tar.gz) = 1908de828ce5023a7d045babb9bef2e9
diff -Nru mail/youbin.old/files/patch-ae mail/youbin/files/patch-ae
--- mail/youbin.old/files/patch-ae Sun Nov 4 22:43:29 2001
+++ mail/youbin/files/patch-ae Mon Aug 18 01:22:27 2003
@@ -1,6 +1,6 @@
---- server.c.orig Sun Apr 15 23:17:13 2001
-+++ server.c Tue May 15 12:26:12 2001
-@@ -48,6 +48,9 @@
+--- server.c.orig Thu May 8 12:34:45 2003
++++ server.c Mon Aug 18 01:20:24 2003
+@@ -49,6 +49,9 @@
#include <pwd.h> /* For getpwuid(). */
#include <signal.h>
#include <stdio.h>
@@ -10,11 +10,10 @@
#include "youbin.h"
#include "server.h"
-@@ -148,6 +151,15 @@
- signal(SIGTERM, sig_quit);
+@@ -151,6 +154,15 @@
signal(SIGHUP, sig_hup);
signal(SIGALRM, sig_alarm);
-+
+
+ /*Go to background. This part was modified locally by Masafumi NAKANE
+ <max at FreeBSD.org>, and is used only on FreeBSD.*/
+#ifdef __FreeBSD__
@@ -23,6 +22,16 @@
+ kill(getpid(), SIGTERM);
+ }
+#endif
-
++
/* Dive into main loop. Don't use setjmp() and longjmp(),
because list maintenance routines are in critical section. */
+ alarm(UNIT_TIME);
+@@ -359,7 +371,7 @@
+ #endif
+ if( !(sp->mode.head_list) ) {
+ send_packet(buff, sp); /* Send header and so on. */
+- retrun;
++ return;
+ }
+
+ line = buff + strlen(buff);
diff -Nru mail/youbin.old/files/patch-client.c mail/youbin/files/patch-client.c
--- mail/youbin.old/files/patch-client.c Thu Jan 1 09:00:00 1970
+++ mail/youbin/files/patch-client.c Mon Aug 18 01:31:23 2003
@@ -0,0 +1,11 @@
+--- client.c.orig Thu May 8 12:34:44 2003
++++ client.c Mon Aug 18 01:30:31 2003
+@@ -400,7 +400,7 @@
+
+ if( *config_file == '\0' ){
+ if (env)
+- strncpy ( rcfile, env, sizeof(rcsfile) - strlen(youbinrc) - 1);
++ strncpy ( rcfile, env, sizeof(rcfile) - strlen(youbinrc) - 1);
+ else if ((pwent = (struct passwd *) getpwuid (getuid ()))
+ && pwent->pw_dir)
+ strcpy ( rcfile, pwent->pw_dir);
--- youbin.port.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list