ports/58332: [MAINTAINER][SECURITY] mail/lmtpd: update to 0.9.9

Xavier Beaudouin kiwi at oav.net
Tue Oct 21 13:50:18 UTC 2003 

>Number:         58332
>Category:       ports
>Synopsis:       [MAINTAINER][SECURITY] mail/lmtpd: update to 0.9.9
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 21 06:50:15 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Xavier Beaudouin
>Release:        FreeBSD 4.8-RELEASE-p13 i386
>Organization:
The Caudium Group / Association Kazar
>Environment:
System: FreeBSD akira.oav.net 4.8-RELEASE-p13 FreeBSD 4.8-RELEASE-p13 #0: Sun Oct 19 15:32:47 CEST 2003
>Description:
- Update to 0.9.9

 Change log for lmtp 0.9.9 :

  * add av.clamd.mbox_format configuration variable
    to check if mail for clamav shall be send in mbox format
    (for clamav 0.60)

  * add av.action configuration command to define an action
    to do when a command is found. Action can be 'drop', don't check
    for virus (default) of send a notification. Notification are
    formated according a file (see txt/virus.fr.txt for a french
    example)

  * when a virus is detected, set default user bounce message
    according the virus name.

  * add av.virus.keeper configuration variable. It set an mailbox
    who will catch all detected virus.

  * add lmtpsend.sh, a dummy LMTP client for tesing purpose only.

  * add sample mail with eicar virus in attachement in samples/

  * when a virus is found, antivirus log line print the time spend for
    scanning with the virus name.

  * fix: use spamassassin.acl even with 'a' scalar variable

  * fix: rfc2047 decoding skip illegal characters instead of looping
    and doen't crash on illegal charset (potential deny of service)

  * av.check.all doesn't check for virus when the mail will be delayed.

- Fix a security problem introduced by lmtpd 0.9.8 :

  RFC 2047 header decoding has 2 flaws on lmtpd 0.9.8

  o when illegal character is in the decoded sequence, it doesn't
   notice and loop. It could take a big amount of CPU usage before
   timeout.

  o on unrecognized character set, lmtpd crash.

  On both cases, the LMTP client should delay the mail and send it again
  later.

  It appear only for users who has set filter on decoded headers
  (like ~Subject: /foobar/)


NOTE: this ports depends of libhome 0.7.1 so please add pr ports/58331 before this one.

Generated with FreeBSD Port Tools 0.26
>How-To-Repeat:
>Fix:

begin 644 lmtpd-0.9.9.patch
M9&EF9B`M<G5.("TM97AC;'5D93U#5E, at +W5S<B]P;W)T<R]M86EL+VQM='!D
M+F]L9"]-86ME9FEL92`O=7-R+W!O<G1S+VUA:6PO;&UT<&0O36%K969I;&4*
M+2TM("]U<W(O<&]R=',O;6%I;"]L;71P9"YO;&0O36%K969I;&4)5'5E($]C
M="`R,2`Q-3HQ,3HU."`R,#`S"BLK*R`O=7-R+W!O<G1S+VUA:6PO;&UT<&0O
M36%K969I;&4)5'5E($]C="`R,2`Q-3HS-SHR.2`R,#`S"D!`("TV+#<@*S8L
M-R!`0`H@(PH@"B!03U)43D%-13T);&UT<&0*+5!/4E1615)324]./0DP+CDN
M.`HK4$]25%9%4E-)3TX]"3`N.2XY"B!#051%1T]22453/0EM86EL"B!-05-4
M15)?4TE415,]"21[34%35$527U-)5$5?4T]54D-%1D]21T5]"B!-05-415)?
M4TE415]354)$25(]"7!L;`I`0"`M,38L,3,@*S$V+#$Y($!`"B`*($Q)0E]$
M15!%3D13/0EM>7-Q;&-L:65N=#HD>U!/4E131$E2?2]D871A8F%S97,O;7ES
M<6PS,C,M8VQI96YT(%P*(`D)<&-R93HD>U!/4E131$E2?2]D979E;"]P8W)E
M(%P*+0D):6-O;G8Z)'M03U)44T1)4GTO8V]N=F5R=&5R<R]L:6)I8V]N=@HK
M"0EI8V]N=CHD>U!/4E131$E2?2]C;VYV97)T97)S+VQI8FEC;VYV(%P**PD)
M9&(S+C,Z)'M03U)44T1)4GTO9&%T86)A<V5S+V1B,PH at 0E5)3$1?1$5014Y$
M4ST))'M,3T-!3$)!4T5]+VQI8B]L:6)H;VUE+F$Z)'M03U)44T1)4GTO;6ES
M8R]L:6)H;VUE"B`*($=.55]#3TY&24=54D4]"5E%4PH@"BU#3TY&24=54D5?
M05)'4RL]"2TM=VET:"UM>7-Q;&QO9R`M+7=I=&AO=70M9&(S("TM=VET:&]U
M="UD8C0 at +2UW:71H+7!C<F4 at +2UW:71H;W5T+7!E<FP**T-/3D9)1U5215]!
M4D=3*ST)+2UW:71H+6UY<W%L;&]G("TM=VET:"UD8C, at +7=I=&AO=70M9&(T
M("TM=VET:"UP8W)E("TM=VET:&]U="UP97)L"B`*($U!3C@]"0EL;71P9"XX
M"B`*+2YI;F-L=61E(#QB<V0N<&]R="YM:SX**RYI;F-L=61E(#QB<V0N<&]R
M="YP<F4N;6L^"BL**W!O<W0M:6YS=&%L;#H**PDD>TE.4U1!3$Q?1$%407T@
M)'M74DM34D-]+VQM='!D+F-O;F8M<V%M<&QE("1[4%)%1DE8?2]E=&,O;&UT
M<&0N8V]N9BYD:7-T"BL**RYI;F-L=61E(#QB<V0N<&]R="YP;W-T+FUK/@ID
M:69F("UR=4X at +2UE>&-L=61E/4-64R`O=7-R+W!O<G1S+VUA:6PO;&UT<&0N
M;VQD+V1I<W1I;F9O("]U<W(O<&]R=',O;6%I;"]L;71P9"]D:7-T:6YF;PHM
M+2T at +W5S<B]P;W)T<R]M86EL+VQM='!D+F]L9"]D:7-T:6YF;PE4=64 at 3V-T
M(#(Q(#$U.C$Q.C4X(#(P,#,**RLK("]U<W(O<&]R=',O;6%I;"]L;71P9"]D
M:7-T:6YF;PE4=64 at 3V-T(#(Q(#$U.C$R.C(P(#(P,#,*0$`@+3$@*S$@0$`*
M+4U$-2`H;&UT<&0M,"XY+C at N=&%R+F=Z*2`](#5A-3=D.3DP8SDS83!F9&9E
M.39B-S5A8F)F,#8Q,V)D"BM-1#4@*&QM='!D+3`N.2XY+G1A<BYG>BD@/2!C
M,C8T,V0Q-3)E.6-D8F0U-6,W934X-#`T,CDP8C1A.0ID:69F("UR=4X at +2UE
M>&-L=61E/4-64R`O=7-R+W!O<G1S+VUA:6PO;&UT<&0N;VQD+W!K9RUP;&ES
M="`O=7-R+W!O<G1S+VUA:6PO;&UT<&0O<&MG+7!L:7-T"BTM+2`O=7-R+W!O
M<G1S+VUA:6PO;&UT<&0N;VQD+W!K9RUP;&ES=`E4=64 at 3V-T(#(Q(#$U.C$Q
M.C4X(#(P,#,**RLK("]U<W(O<&]R=',O;6%I;"]L;71P9"]P:V<M<&QI<W0)
M5'5E($]C="`R,2`Q-3HS,SHR-2`R,#`S"D!`("TQ+#(@*S$L,C<@0$`*(&QI
M8F5X96,O;&UT<&0*(&)I;B]F:6QT97)C:&5C:PHK971C+VQM='!D+F-O;F8N
M9&ES=`HK<VAA<F4O;FQS+T,O9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O
M96Y?054N25-/.#@U.2TQ+V9I;'1E<F-H96-K+F-A=`HK<VAA<F4O;FQS+V5N
M7T%5+DE33S at X-3DM,34O9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?
M054N55,M05-#24DO9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?0T$N
M25-/.#@U.2TQ+V9I;'1E<F-H96-K+F-A=`HK<VAA<F4O;FQS+V5N7T-!+DE3
M3S at X-3DM,34O9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?0T$N55,M
M05-#24DO9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?1T(N25-/.#@U
M.2TQ+V9I;'1E<F-H96-K+F-A=`HK<VAA<F4O;FQS+V5N7T="+DE33S at X-3DM
M,34O9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?1T(N55,M05-#24DO
M9FEL=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?3EHN25-/.#@U.2TQ+V9I
M;'1E<F-H96-K+F-A=`HK<VAA<F4O;FQS+V5N7TY:+DE33S at X-3DM,34O9FEL
M=&5R8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?3EHN55,M05-#24DO9FEL=&5R
M8VAE8VLN8V%T"BMS:&%R92]N;',O96Y?55,N25-/.#@U.2TQ+V9I;'1E<F-H
M96-K+F-A=`HK<VAA<F4O;FQS+V5N7U53+DE33S at X-3DM,34O9FEL=&5R8VAE
M8VLN8V%T"BMS:&%R92]N;',O9G)?0D4N25-/.#@U.2TQ+V9I;'1E<F-H96-K
M+F-A=`HK<VAA<F4O;FQS+V9R7T)%+DE33S at X-3DM,34O9FEL=&5R8VAE8VLN
M8V%T"BMS:&%R92]N;',O9G)?0T$N25-/.#@U.2TQ+V9I;'1E<F-H96-K+F-A
M=`HK<VAA<F4O;FQS+V9R7T-!+DE33S at X-3DM,34O9FEL=&5R8VAE8VLN8V%T
M"BMS:&%R92]N;',O9G)?0T at N25-/.#@U.2TQ+V9I;'1E<F-H96-K+F-A=`HK
M<VAA<F4O;FQS+V9R7T92+DE33S at X-3DM,2]F:6QT97)C:&5C:RYC870**W-H
M87)E+VYL<R]F<E]#2"Y)4T\X.#4Y+3$U+V9I;'1E<F-H96-K+F-A=`HK<VAA
M<F4O;FQS+V9R7T92+DE33S at X-3DM,34O9FEL=&5R8VAE8VLN8V%T"BMS:&%R
G92]N;',O9G)?1E(N25-/7S at X-3DM,2]F:6QT97)C:&5C:RYC870*
`
end

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list