ports/119496: [patch] mail/prayer is out of date
Mike Bristow
mike at urgle.com
Wed Jan 9 18:00:08 UTC 2008
>Number: 119496
>Category: ports
>Synopsis: [patch] mail/prayer is out of date
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Jan 09 18:00:07 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Mike Bristow
>Release: FreeBSD 7.0-RC1 amd64
>Organization:
>Environment:
System: FreeBSD cheddar.urgle.com 7.0-RC1 FreeBSD 7.0-RC1 #24: Sun Jan 6 18:57:21 GMT 2008 root at cheddar.urgle.com:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
mail/prayer is out of date. I have diff -Nur output; note that
prayer/files/patch-prayer_chroot.c is a new file.
The Changelog (docs/DONE) says this about the releases since 1.0.16:
04/09/2006
==========
Release: Prayer 1.0.18
Important Security fix:
os_connect_unix() had a strcpy() which should have been strncpy() to
prevent buffer overrun. Prayer 1.0.17 was mostly safe.
By 28/06/2006
=============
Release: Prayer 1.0.17
Fix small foulup wuth gethostbyname() calculations when binding Prayer
to specific interfaces.
Cleanups to stop char vs unsigned char warnings with latest c-client.
Make sure that all internal draft messages consistently use CRLF.
Security audit for Prayer frontend following attack:
Optional Chroot environment (See chroot options in config file).
Stripped out debugging code.
>How-To-Repeat:
>Fix:
diff -urN prayer.orig/Makefile prayer/Makefile
--- prayer.orig/Makefile 2008-01-09 17:21:02.000000000 +0000
+++ prayer/Makefile 2008-01-09 16:14:47.000000000 +0000
@@ -6,7 +6,7 @@
#
PORTNAME= prayer
-PORTVERSION= 1.0.16
+PORTVERSION= 1.0.18
PORTREVISION= 2
CATEGORIES= mail www
MASTER_SITES= ftp://ftp.csx.cam.ac.uk/pub/software/email/prayer/
diff -urN prayer.orig/distinfo prayer/distinfo
--- prayer.orig/distinfo 2008-01-09 17:21:02.000000000 +0000
+++ prayer/distinfo 2008-01-09 17:02:32.000000000 +0000
@@ -1,3 +1,3 @@
-MD5 (prayer-1.0.16.tar.gz) = bede9f6cb3502d6180581bc4ff1f1961
-SHA256 (prayer-1.0.16.tar.gz) = 227fc7130b1ca2cc07cfe32aabc1b47ea5edfe9c8960dd46502f748a92cfd69b
-SIZE (prayer-1.0.16.tar.gz) = 575980
+MD5 (prayer-1.0.18.tar.gz) = 405177f14ced9ef11969f4db2dd96c13
+SHA256 (prayer-1.0.18.tar.gz) = 0c0f6a8d388ab95669566cc1bbe271992917f01d55e1caf695103e1f098d5f4a
+SIZE (prayer-1.0.18.tar.gz) = 566168
diff -urN prayer.orig/files/patch-Config prayer/files/patch-Config
--- prayer.orig/files/patch-Config 2008-01-09 17:21:02.000000000 +0000
+++ prayer/files/patch-Config 2008-01-09 16:26:07.000000000 +0000
@@ -1,5 +1,5 @@
---- Config.orig Tue Feb 7 12:38:13 2006
-+++ Config Tue Feb 7 12:38:46 2006
+--- Config.orig 2006-04-05 13:35:35.000000000 +0100
++++ Config 2008-01-09 16:25:14.000000000 +0000
@@ -28,7 +28,7 @@
############################################################################
@@ -25,10 +25,10 @@
#
-CCLIENT_DIR=./c-client
-CCLIENT_INCLUDE=-I $(CCLIENT_DIR)
--CCLIENT_LIB=./$(CCLIENT_DIR)/c-client.a
+-CCLIENT_LIBS=./$(CCLIENT_DIR)/c-client.a
+#CCLIENT_DIR=./c-client
+#CCLIENT_INCLUDE=-I $(CCLIENT_DIR)
-+#CCLIENT_LIB=./$(CCLIENT_DIR)/c-client.a
++#CCLIENT_LIBS=./$(CCLIENT_DIR)/c-client.a
CCLIENT_SSL_ENABLE = true
#
@@ -37,8 +37,8 @@
#
#CCLIENT_INCLUDE = -I/usr/local/include/c-client
+CCLIENT_INCLUDE = -I${LOCALBASE}/include/c-client
- #CCLIENT_LIB = -L/usr/local/lib -lc-client4
-+CCLIENT_LIB = -L${LOCALBASE}/lib -lc-client4
+ #CCLIENT_LIBS = -L/usr/local/lib -lc-client4
++CCLIENT_LIBS = -L${LOCALBASE}/lib -lc-client4
#
# Complication:
# The FreeBSD port uses PAM and optionally SSL if built WITH_SSL=yes.
@@ -49,12 +49,12 @@
############################################################################
@@ -99,7 +102,7 @@
- Z_LIB = -lz
+ Z_LIBS = -lz
# LDAP (required if LDAP_ENABLE set)
-LDAP_INCLUDE =
+LDAP_INCLUDE = -I${LOCALBASE}/include
- LDAP_LIB = -lldap
+ LDAP_LIBS = -lldap
# Pam (required if CCLIENT_PAM_ENABLE set)
@@ -128,12 +131,12 @@
diff -urN prayer.orig/files/patch-prayer_chroot.c prayer/files/patch-prayer_chroot.c
--- prayer.orig/files/patch-prayer_chroot.c 1970-01-01 01:00:00.000000000 +0100
+++ prayer/files/patch-prayer_chroot.c 2008-01-09 16:29:02.000000000 +0000
@@ -0,0 +1,19 @@
+--- prayer/prayer_chroot.c.orig 2006-04-11 15:29:26.000000000 +0100
++++ prayer/prayer_chroot.c 2008-01-09 16:26:45.000000000 +0000
+@@ -10,8 +10,6 @@
+ #include "prayer.h"
+ #include "prayer_server.h"
+
+-#include <sys/prctl.h>
+-
+ BOOL prayer_main_use_existing(struct prayer *prayer, char *ports)
+ {
+ char *use_ssl, *fd, *next;
+@@ -305,7 +303,6 @@
+ if (getuid() == 0)
+ log_fatal("Failed to lose root priveledges"); /* Stop impossible loop */
+
+- prctl(PR_SET_DUMPABLE, 1);
+ }
+
+ if (getuid() == 0)
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list