svn commit: r527012 - head/mail/opensmtpd

Dima Panov fluffy at FreeBSD.org
Mon Feb 24 18:36:51 UTC 2020 

Author: fluffy
Date: Mon Feb 24 18:36:49 2020
New Revision: 527012
URL: https://svnweb.freebsd.org/changeset/ports/527012

Log:
  mail/opensmtpd: update to 6.6.4p1 security releaase
  
  SECURITY RELEASE
  
  An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.
  
  MFH:		2020Q1

Modified:
  head/mail/opensmtpd/Makefile
  head/mail/opensmtpd/distinfo
  head/mail/opensmtpd/pkg-plist

Modified: head/mail/opensmtpd/Makefile
==============================================================================
--- head/mail/opensmtpd/Makefile	Mon Feb 24 18:19:12 2020	(r527011)
+++ head/mail/opensmtpd/Makefile	Mon Feb 24 18:36:49 2020	(r527012)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	opensmtpd
-PORTVERSION=	6.6.3
+PORTVERSION=	6.6.4
 DISTVERSIONSUFFIX=	p1
 PORTEPOCH=	1
 PORTREVISION=	0
@@ -52,7 +52,10 @@ TABLE_DB_CONFIGURE_WITH=	table-db
 
 CONFIGURE_ARGS+=	--with-libasr=${LOCALBASE} \
 			--with-libevent=${LOCALBASE} \
-			--sysconfdir=${PREFIX}/etc/mail/
+			--sysconfdir=${PREFIX}/etc/mail/ \
+			--with-user-smtpd=_smtpd \
+			--with-user-queue=_smtpq \
+			--with-group-queue=_smtpq
 
 .include <bsd.port.pre.mk>
 

Modified: head/mail/opensmtpd/distinfo
==============================================================================
--- head/mail/opensmtpd/distinfo	Mon Feb 24 18:19:12 2020	(r527011)
+++ head/mail/opensmtpd/distinfo	Mon Feb 24 18:36:49 2020	(r527012)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1581434283
-SHA256 (opensmtpd-6.6.3p1.tar.gz) = 9ef7c0eb7ffc5c84dca7651cec69bd7b180014cd5227f6dbc7a303eaa9d41eb7
-SIZE (opensmtpd-6.6.3p1.tar.gz) = 787196
+TIMESTAMP = 1582566329
+SHA256 (opensmtpd-6.6.4p1.tar.gz) = e2f9962a6b99b3cc1572b63a10db648fdca4ad2b58079b680b4202cc7c82d7cf
+SIZE (opensmtpd-6.6.4p1.tar.gz) = 790754

Modified: head/mail/opensmtpd/pkg-plist
==============================================================================
--- head/mail/opensmtpd/pkg-plist	Mon Feb 24 18:19:12 2020	(r527011)
+++ head/mail/opensmtpd/pkg-plist	Mon Feb 24 18:36:49 2020	(r527012)
@@ -8,7 +8,7 @@ libexec/opensmtpd/mail.maildir
 libexec/opensmtpd/mail.mboxfile
 libexec/opensmtpd/mail.mda
 %%TABLE_DB%%libexec/opensmtpd/makemap
-@(,,2555) sbin/smtpctl
+@(,_smtpq,2555) sbin/smtpctl
 sbin/smtpd
 man/man1/smtp.1.gz
 man/man5/aliases.5.gz

More information about the svn-ports-all mailing list