ports/189479: [PATCH] security/amavisd-new: update to 2.8.1,1

Paul J Murphy paul at inetstat.net
Thu May 8 16:40:00 UTC 2014 

>Number:         189479
>Category:       ports
>Synopsis:       [PATCH] security/amavisd-new: update to 2.8.1,1
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 08 16:40:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Paul J Murphy
>Release:        FreeBSD 10.0-RELEASE-p2 amd64
>Organization:
iNetStat.net
>Environment:
System: FreeBSD srv00.inetstat.net 10.0-RELEASE-p2 FreeBSD 10.0-RELEASE-p2 #0 r265140: Wed Apr 30 12:18:59 UTC
>Description:
- Update to 2.8.1,1 (v2.8.1 was released on June 28, 2013)
- 2.8.0 has a nasty sounding bug which can cause silent loss of messages

http://www.amavis.org/release-notes.txt says for 2.8.1:
...
- fixed a bug in the SMTP client code, where the final SMTP status did
  not reflect a failure status of a DATA command from a back-end MTA.
  This caused a reception of a mail message to be confirmed but a message
  was then lost, as it could not be passed to a back-end MTA. The bug
  went unnoticed for years, as the commonly used MTAs normally reject
  either at the MAIL FROM, at RCPT TO, or at the data-dot stage, but not
  at the DATA command. Reported by Deniska-rediska;
...

Depends versions updated according to the obvious changes in the docs,
but it's possible that I may not have caught them all.  The original
docs are also vague in places over minimum versions, lots of refs to
"latest" or similar.  It seems to work nicely enough on 10.0 with all
relevant ports up to date with their stable branches/releases.

Depends version for "file" checked for the inconsistency between the
comment and the rule (> vs. >=).  According to info on the web, 4.21
should be the fix for the security hole in 4.20 and earlier - i.e. the
rule was correct, but the comment was wrong.

Port maintainer (gabor at FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 1.02 (mode: update, diff: SVN)
>How-To-Repeat:
>Fix:

--- amavisd-new-2.8.1.patch begins here ---
Index: Makefile
===================================================================
--- Makefile	(revision 353329)
+++ Makefile	(working copy)
@@ -1,8 +1,8 @@
 # $FreeBSD$
 
 PORTNAME=	amavisd-new
-PORTVERSION=	2.8.0
-PORTREVISION=	2
+PORTVERSION=	2.8.1
+PORTREVISION=	0
 PORTEPOCH=	1
 CATEGORIES=	security
 MASTER_SITES=	http://www.ijs.si/software/amavisd/ \
@@ -18,11 +18,11 @@
 		p5-MIME-Tools>=0:${PORTSDIR}/mail/p5-MIME-Tools \
 		p5-Convert-TNEF>=0:${PORTSDIR}/converters/p5-Convert-TNEF \
 		p5-Convert-UUlib>=1.08,1:${PORTSDIR}/converters/p5-Convert-UUlib \
-		p5-Archive-Zip>=0:${PORTSDIR}/archivers/p5-Archive-Zip \
-		p5-Net-Server>=0.93:${PORTSDIR}/net/p5-Net-Server \
+		p5-Archive-Zip>=1.14:${PORTSDIR}/archivers/p5-Archive-Zip \
+		p5-Net-Server>=2.0:${PORTSDIR}/net/p5-Net-Server \
 		p5-Mail-DKIM>=0.33:${PORTSDIR}/mail/p5-Mail-DKIM
 
-USES=		perl5
+USES=		perl5 tar:xz
 USE_PERL5=	run
 
 NO_BUILD=	yes
@@ -135,7 +135,7 @@
 .endif
 
 .if ${PORT_OPTIONS:MFILE}
-# security fix, file > 4.21 needed
+# security fix, file >= 4.21 needed
 RUN_DEPENDS+=	file>=4.21:${PORTSDIR}/sysutils/file
 .endif
 
Index: distinfo
===================================================================
--- distinfo	(revision 353329)
+++ distinfo	(working copy)
@@ -1,2 +1,2 @@
-SHA256 (amavisd-new-2.8.0.tar.gz) = 342b805f58db667b099a85863328b3fdfe9c575a22ace119d541e5f12bee63ac
-SIZE (amavisd-new-2.8.0.tar.gz) = 1007952
+SHA256 (amavisd-new-2.8.1.tar.xz) = 6e333a70adbd24ec52202700059fbf133e20b3c3bf5ec6f4bb10f9a2f25ea82e
+SIZE (amavisd-new-2.8.1.tar.xz) = 731816
--- amavisd-new-2.8.1.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list