spamass-milter-0.3.1_9 leaving open zombie processes.
ted at pat.io.com
Mon May 10 22:46:20 UTC 2010
Forgive my ignorance and the long rambling email below.
I have limited knowledge of the intricacies of diff and the patching
process so I'm not sure exactly what you are asking for when you say
"Can you perhaps send me a port diff?".
Here is a full description of the process I went through to get the milter
running on my servers.
Because I did not know which patches you had already applied to the port
nor where you had obtained them, I determined that I would need to patch a
copy of the original source by hand with the patches I found at the
I downloaded the original source from the savannah.nongnu.org
I then applied the two patches I listed below to the original source and
verified that it would "configure" and "make" properly.
These patches can be obtained from http://savannah.nongnu.org/bugs/?29326
file #20020 and file #20284.
Once I know that this was working properly I then verified that the
distfile the port was downloading was the same as the source I downloaded
from the savannah.nongnu.org repository. This convinced me that I could
modify the patch files in the /usr/ports/mail/spamass-milter/files folder.
Each of the patch files I downloaded from savannah.nongnu.org consisted of
a combined diff for the files spamass-milter.cpp and spamass-milter.h.
I then separated each individual patch file into separate pieces.
I combined those separate pieces together into two new patch files that I
used to replace: (note that I said REPLACED)
Although this "new" port is running on my servers and it appears to have
fixed both the security flaw and the zombie process bug, I'm uncertain if
I have opened up any other security hole or bug in the process, because I
don't know what other patches you had in place that I removed nor what
their purpose was.
I sent my original email both as a way of informing the port maintainer of
the problem as well as a link to the code that purported to fix the
problem, hoping that you would have a better idea of what else I might
have broken when I "fixed" the problem.
If you require something from me that I can provide please let me know and
I'll do my best to get it to you.
On Mon, 10 May 2010, Niels Heinen wrote:
> Hi Ted,
> Thanks for pointing this out!
> Can you perhaps send me a port diff? (will shorten the ETA)
> On 05/10/10 21:07, Ted Hatfield wrote:
>> spamass-milter-0.3.0_9 appears to be an update to fix the security
>> vulnerability referenced by CVE-2010-1132.
>> However the patch installed for this vulnerability fails to close
>> processes properly and spamass-milter leaves a large number of zombie
>> processes open until the milter is restarted.
>> Rather than wait for the port maintainer to update this port we
>> installed the patches found at http://savannah.nongnu.org/bugs/?29326
>> file #20020: spamass-milter-0.3.1-syntax.patch
>> file #20284: spamass-milter-0.3.1-popen.patch
>> If anyone wants to see tham I have included the patches I used.
>> Does anyone have an ETA for an official update.
>> Ted Hatfield
>> PrismNet Ltd.
>> freebsd-ports at freebsd.org mailing list
>> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
> Niels Heinen
> FreeBSD committer | www.freebsd.org
> PGP: 0x5FE39B80
> freebsd-ports at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
More information about the freebsd-ports