ports/85225: [maintainer update][security] Update port mail/elm to remove remote exploit
toasty at dragondata.com
toasty at dragondata.com
Mon Aug 22 17:30:27 UTC 2005
>Number: 85225
>Category: ports
>Synopsis: [maintainer update][security] Update port mail/elm to remove remote exploit
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Aug 22 17:30:25 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Kevin Day
>Release: FreeBSD 5.2.1-RELEASE-p1 i386
>Organization:
Dragondata
>Environment:
>Description:
Port mail/elm has a remotely exploitable buffer overflow while parsing carefully crafted invalid headers in email messages.
>How-To-Repeat:
>Fix:
diff -ruN elmold/Makefile elm/Makefile
--- elmold/Makefile Sun Mar 7 04:59:53 2004
+++ elm/Makefile Mon Aug 22 12:14:29 2005
@@ -6,8 +6,8 @@
#
PORTNAME= elm
-PORTVERSION= 2.5.6
-PORTREVISION= 2
+PORTVERSION= 2.5.8
+PORTREVISION= 0
CATEGORIES= mail
MASTER_SITES= ftp://ftp.virginia.edu/pub/elm/ \
http://www.dragondata.com/software/
@@ -17,6 +17,8 @@
COMMENT= A once-popular mail user agent, version 2.5.x
BUILD_DEPENDS= ispell:${PORTSDIR}/textproc/ispell
+
+CFLAGS+= -D_SIZE_T
WRKSRC= ${WRKDIR}/elm${PORTVERSION}
NO_LATEST_LINK= yes
diff -ruN elmold/distinfo elm/distinfo
--- elmold/distinfo Wed Jul 14 13:31:47 2004
+++ elm/distinfo Mon Aug 22 12:04:57 2005
@@ -1,2 +1,2 @@
-MD5 (elm2.5.6.tar.gz) = 5ce17b50cb90f99ffc09e4df52f52648
-SIZE (elm2.5.6.tar.gz) = 606228
+MD5 (elm2.5.8.tar.gz) = f7a721c1cddbc8632ffe0cf65b045395
+SIZE (elm2.5.8.tar.gz) = 607078
diff -ruN elmold/files/patch-aa elm/files/patch-aa
--- elmold/files/patch-aa Thu Oct 9 14:19:19 2003
+++ elm/files/patch-aa Mon Aug 22 12:06:31 2005
@@ -24,8 +24,8 @@
set `echo $libc $libnames | tr ' ' '\012' | sort | uniq`
$echo $n "Extracting names from $* for later perusal...$c"
nm $nm_opts $* 2>/dev/null >libc.tmp
--$sed -n -e 's/^.* [ATDS] *[_.]*//p' -e 's/^.* [ATDS] //p' <libc.tmp >libc.list
-+$sed -n -e 's/^.* [ATDSW] *[_.]*//p' -e 's/^.* [ATDSW] //p' <libc.tmp >libc.list
+-$sed -n -e 's/^.* [ATDSU] *[_.]*//p' -e 's/^.* [ATDSU] //p' <libc.tmp >libc.list
++$sed -n -e 's/^.* [ATDSUW] *[_.]*//p' -e 's/^.* [ATDSUW] //p' <libc.tmp >libc.list
if $contains '^printf$' libc.list >/dev/null 2>&1; then
echo done
elif $sed -n -e 's/^__*//' -e 's/^\([a-zA-Z_0-9$]*\).*xtern.*/\1/p' \
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list