ports/156738: [mainteiner] [PATCH] mail/spamass-milter update to latest version
Mikhail T.
m.tsatsenko at gmail.com
Sat Apr 30 16:30:11 UTC 2011
>Number: 156738
>Category: ports
>Synopsis: [mainteiner] [PATCH] mail/spamass-milter update to latest version
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sat Apr 30 16:30:10 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Mikhail T.
>Release: 8.2
>Organization:
>Environment:
FreeBSD red 8.2-RELEASE FreeBSD 8.2-RELEASE #1 r218780: Thu Mar 10 21:36:01 MSK 2011 root at red:/usr/obj/usr/src/sys/XGATE amd64
>Description:
- Update port to 0.3.2 (Fix security vulnerability with the -x option)
- Remove needless patches
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/mail/spamass-milter/Makefile,v
retrieving revision 1.47
diff -u -r1.47 Makefile
--- Makefile 28 Mar 2011 03:08:45 -0000 1.47
+++ Makefile 30 Apr 2011 15:55:45 -0000
@@ -6,8 +6,7 @@
#
PORTNAME= spamass-milter
-PORTVERSION= 0.3.1
-PORTREVISION= 11
+PORTVERSION= 0.3.2
CATEGORIES= mail
MASTER_SITES= ${MASTER_SITE_SAVANNAH}
MASTER_SITE_SUBDIR= spamass-milt
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/mail/spamass-milter/distinfo,v
retrieving revision 1.9
diff -u -r1.9 distinfo
--- distinfo 31 Jan 2011 00:19:26 -0000 1.9
+++ distinfo 30 Apr 2011 15:55:45 -0000
@@ -1,2 +1,2 @@
-SHA256 (spamass-milter-0.3.1.tar.gz) = 4222b21d098f292b4899a84caf56458c876c6774fd14132fbd4c31f6190b27e5
-SIZE (spamass-milter-0.3.1.tar.gz) = 141144
+SHA256 (spamass-milter-0.3.2.tar.gz) = c14b9021092f8c5408df1db25e5645db4cba5bac5ba487175230696a99d269cc
+SIZE (spamass-milter-0.3.2.tar.gz) = 154579
Index: files/patch-spamass-milter.cpp
===================================================================
RCS file: files/patch-spamass-milter.cpp
diff -N files/patch-spamass-milter.cpp
--- files/patch-spamass-milter.cpp 12 May 2010 14:11:41 -0000 1.12
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,193 +0,0 @@
---- spamass-milter.cpp.orig 2006-03-23 22:41:36.000000000 +0100
-+++ spamass-milter.cpp 2010-05-12 12:05:02.000000000 +0200
-@@ -465,26 +465,11 @@
- int rv;
- #endif
-
--#if defined(HAVE_ASPRINTF)
-- char *buf;
--#else
-- char buf[1024];
--#endif
-- char *fmt="%s \"%s\"";
- FILE *p;
-+ char sendmail_prog[] = SENDMAIL;
-+ char *const popen_argv[] = { sendmail_prog, spambucket, NULL };
-+ pid_t pid;
-
--#if defined(HAVE_ASPRINTF)
-- asprintf(&buf, fmt, SENDMAIL, spambucket);
--#else
--#if defined(HAVE_SNPRINTF)
-- snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, spambucket);
--#else
-- /* XXX possible buffer overflow here */
-- sprintf(buf, fmt, SENDMAIL, spambucket);
--#endif
--#endif
--
-- debug(D_COPY, "calling %s", buf);
- #if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
- rv = pthread_mutex_lock(&popen_mutex);
- if (rv)
-@@ -493,15 +478,17 @@
- abort();
- }
- #endif
-- p = popen(buf, "w");
-+ debug(D_COPY, "calling %s %s", SENDMAIL, spambucket);
-+ p = popenv(popen_argv, "w", &pid);
- if (!p)
- {
-- debug(D_COPY, "popen failed(%s). Will not send a copy to spambucket", strerror(errno));
-+ debug(D_COPY, "popenv failed(%s). Will not send a copy to spambucket", strerror(errno));
- } else
- {
- // Send message provided by SpamAssassin
- fwrite(assassin->d().c_str(), assassin->d().size(), 1, p);
-- pclose(p); p = NULL;
-+ fclose(p); p = NULL;
-+ waitpid(pid, NULL, 0);
- }
- #if defined(__FreeBSD__)
- rv = pthread_mutex_unlock(&popen_mutex);
-@@ -511,9 +498,6 @@
- abort();
- }
- #endif
--#if defined(HAVE_ASPRINTF)
-- free(buf);
--#endif
- }
- return SMFIS_REJECT;
- }
-@@ -842,16 +826,12 @@
- /* open a pipe to sendmail so we can do address expansion */
-
- char buf[1024];
-- char *fmt="%s -bv \"%s\" 2>&1";
-+ char sendmail_prog[] = SENDMAIL;
-+ char sendmail_mode[] = "-bv";
-+ char * const popen_argv[] = { sendmail_prog, sendmail_mode, envrcpt[0], NULL };
-+ pid_t pid;
-
--#if defined(HAVE_SNPRINTF)
-- snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL, envrcpt[0]);
--#else
-- /* XXX possible buffer overflow here */
-- sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
--#endif
--
-- debug(D_RCPT, "calling %s", buf);
-+ debug(D_RCPT, "calling %s -bv %s", SENDMAIL, envrcpt[0]);
-
- #if defined(__FreeBSD__) /* popen bug - see PR bin/50770 */
- rv = pthread_mutex_lock(&popen_mutex);
-@@ -862,10 +842,10 @@
- }
- #endif
-
-- p = popen(buf, "r");
-+ p = popenv(popen_argv, "r", &pid);
- if (!p)
- {
-- debug(D_RCPT, "popen failed(%s). Will not expand aliases", strerror(errno));
-+ debug(D_RCPT, "popenv failed(%s). Will not expand aliases", strerror(errno));
- assassin->expandedrcpt.push_back(envrcpt[0]);
- } else
- {
-@@ -890,7 +870,8 @@
- assassin->expandedrcpt.push_back(p+7);
- }
- }
-- pclose(p); p = NULL;
-+ fclose(p); p = NULL;
-+ waitpid(pid, NULL, 0);
- }
- #if defined(__FreeBSD__)
- rv = pthread_mutex_unlock(&popen_mutex);
-@@ -1002,9 +983,9 @@
-
- assassin->output((string)
- "Received: from "+macro_s+" ("+macro__+")\r\n\t"+
-- "by "+macro_j+"("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+"\r\n\t"+
-+ "by "+macro_j+" ("+macro_v+"/"+macro_Z+") with "+macro_r+" id "+macro_i+";\r\n\t"+
- macro_b+"\r\n\t"+
-- "(envelope-from "+assassin->from()+"\r\n");
-+ "(envelope-from "+assassin->from()+")\r\n");
-
- } else
- assassin->output((string)"X-Envelope-To: "+envrcpt[0]+"\r\n");
-@@ -2157,5 +2138,72 @@
- warnedmacro = true;
- }
-
-+/*
-+ untrusted-argument-safe popen function - only supports "r" and "w" modes
-+ for simplicity, and always reads stdout and stderr in "r" mode. Call
-+ fclose to close the FILE, and waitpid to reap the child process (pid).
-+*/
-+FILE *popenv(char *const argv[], const char *type, pid_t *pid)
-+{
-+ FILE *iop;
-+ int pdes[2];
-+ int save_errno;
-+
-+ if ((*type != 'r' && *type != 'w') || type[1])
-+ {
-+ errno = EINVAL;
-+ return (NULL);
-+ }
-+ if (pipe(pdes) < 0)
-+ return (NULL);
-+ switch (*pid = fork()) {
-+
-+ case -1: /* Error. */
-+ save_errno = errno;
-+ (void)close(pdes[0]);
-+ (void)close(pdes[1]);
-+ errno = save_errno;
-+ return (NULL);
-+ /* NOTREACHED */
-+ case 0: /* Child. */
-+ if (*type == 'r') {
-+ /*
-+ * The dup2() to STDIN_FILENO is repeated to avoid
-+ * writing to pdes[1], which might corrupt the
-+ * parent's copy. This isn't good enough in
-+ * general, since the exit() is no return, so
-+ * the compiler is free to corrupt all the local
-+ * variables.
-+ */
-+ (void)close(pdes[0]);
-+ (void)dup2(pdes[1], STDOUT_FILENO);
-+ (void)dup2(pdes[1], STDERR_FILENO);
-+ if (pdes[1] != STDOUT_FILENO && pdes[1] != STDERR_FILENO) {
-+ (void)close(pdes[1]);
-+ }
-+ } else {
-+ if (pdes[0] != STDIN_FILENO) {
-+ (void)dup2(pdes[0], STDIN_FILENO);
-+ (void)close(pdes[0]);
-+ }
-+ (void)close(pdes[1]);
-+ }
-+ execv(argv[0], argv);
-+ exit(127);
-+ /* NOTREACHED */
-+ }
-+
-+ /* Parent; assume fdopen can't fail. */
-+ if (*type == 'r') {
-+ iop = fdopen(pdes[0], type);
-+ (void)close(pdes[1]);
-+ } else {
-+ iop = fdopen(pdes[1], type);
-+ (void)close(pdes[0]);
-+ }
-+
-+ return (iop);
-+}
-+
- // }}}
- // vim6:ai:noexpandtab
Index: files/patch-spamass-milter.h
===================================================================
RCS file: files/patch-spamass-milter.h
diff -N files/patch-spamass-milter.h
--- files/patch-spamass-milter.h 12 May 2010 14:11:41 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,9 +0,0 @@
---- spamass-milter.h.orig 2010-05-12 11:58:14.000000000 +0200
-+++ spamass-milter.h 2010-05-12 12:05:27.000000000 +0200
-@@ -186,5 +186,6 @@
- void parse_debuglevel(char* string);
- char *strlwr(char *str);
- void warnmacro(char *macro, char *scope);
-+FILE *popenv(char *const argv[], const char *type, pid_t *pid);
-
- #endif
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list