ports/85225: [maintainer update][security] Update port mail/elm to remove remote exploit

Mon Aug 22 17:30:27 UTC 2005

>Number:         85225
>Category:       ports
>Synopsis:       [maintainer update][security] Update port mail/elm to remove remote exploit
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 22 17:30:25 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Kevin Day
>Release:        FreeBSD 5.2.1-RELEASE-p1 i386
>Organization:
Dragondata
>Environment:


>Description:

Port mail/elm has a remotely exploitable buffer overflow while parsing carefully crafted invalid headers in email messages.


>How-To-Repeat:

>Fix:

diff -ruN elmold/Makefile elm/Makefile

--- elmold/Makefile	Sun Mar  7 04:59:53 2004
+++ elm/Makefile	Mon Aug 22 12:14:29 2005
@@ -6,8 +6,8 @@
 #
 
 PORTNAME=	elm
-PORTVERSION=	2.5.6
-PORTREVISION=	2
+PORTVERSION=	2.5.8
+PORTREVISION=	0
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.virginia.edu/pub/elm/ \
 		http://www.dragondata.com/software/
@@ -17,6 +17,8 @@
 COMMENT=	A once-popular mail user agent, version 2.5.x
 
 BUILD_DEPENDS=	ispell:${PORTSDIR}/textproc/ispell
+
+CFLAGS+= -D_SIZE_T
 
 WRKSRC=			${WRKDIR}/elm${PORTVERSION}
 NO_LATEST_LINK=		yes
diff -ruN elmold/distinfo elm/distinfo
--- elmold/distinfo	Wed Jul 14 13:31:47 2004
+++ elm/distinfo	Mon Aug 22 12:04:57 2005
@@ -1,2 +1,2 @@
-MD5 (elm2.5.6.tar.gz) = 5ce17b50cb90f99ffc09e4df52f52648
-SIZE (elm2.5.6.tar.gz) = 606228
+MD5 (elm2.5.8.tar.gz) = f7a721c1cddbc8632ffe0cf65b045395
+SIZE (elm2.5.8.tar.gz) = 607078
diff -ruN elmold/files/patch-aa elm/files/patch-aa
--- elmold/files/patch-aa	Thu Oct  9 14:19:19 2003
+++ elm/files/patch-aa	Mon Aug 22 12:06:31 2005
@@ -24,8 +24,8 @@
  set `echo $libc $libnames | tr ' ' '\012' | sort | uniq`
  $echo $n "Extracting names from $* for later perusal...$c"
  nm $nm_opts $* 2>/dev/null >libc.tmp
--$sed -n -e 's/^.* [ATDS]  *[_.]*//p' -e 's/^.* [ATDS] //p' <libc.tmp >libc.list
-+$sed -n -e 's/^.* [ATDSW]  *[_.]*//p' -e 's/^.* [ATDSW] //p' <libc.tmp >libc.list
+-$sed -n -e 's/^.* [ATDSU]  *[_.]*//p' -e 's/^.* [ATDSU] //p' <libc.tmp >libc.list
++$sed -n -e 's/^.* [ATDSUW]  *[_.]*//p' -e 's/^.* [ATDSUW] //p' <libc.tmp >libc.list
  if $contains '^printf$' libc.list >/dev/null 2>&1; then
      echo done
  elif $sed -n -e 's/^__*//' -e 's/^\([a-zA-Z_0-9$]*\).*xtern.*/\1/p' \
>Release-Note:
>Audit-Trail:
>Unformatted:

