svn commit: r524685 - branches/2020Q1/mail/opensmtpd
Dima Panov
fluffy at FreeBSD.org
Fri Jan 31 09:37:28 UTC 2020
Author: fluffy
Date: Fri Jan 31 09:37:27 2020
New Revision: 524685
URL: https://svnweb.freebsd.org/changeset/ports/524685
Log:
MFH: r524529
mail/opensmtpd: update to 6.6.2p1 relase
This update addressed LPE and RCE vulnerabilities in OpenSMTPD (CVE-2020-7247)
https://www.openwall.com/lists/oss-security/2020/01/28/3
This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch
smtpd to new grammar") and allows an attacker to execute arbitrary shell
commands, as root:
- either locally, in OpenSMTPD's default configuration (which listens on
the loopback interface and only accepts mail from localhost);
- or locally and remotely, in OpenSMTPD's "uncommented" default
configuration (which listens on all interfaces and accepts external
mail).
PR: 243686
Reported by: authors via irc
Relnotes: https://www.mail-archive.com/misc@opensmtpd.org/msg04850.html
Security: CVE-2020-7247
Security: 08f5c27d-4326-11ea-af8b-00155d0a0200
Approved by: ports-secteam (blanket, security issue)
Modified:
branches/2020Q1/mail/opensmtpd/Makefile
branches/2020Q1/mail/opensmtpd/distinfo
Directory Properties:
branches/2020Q1/ (props changed)
Modified: branches/2020Q1/mail/opensmtpd/Makefile
==============================================================================
--- branches/2020Q1/mail/opensmtpd/Makefile Fri Jan 31 09:31:02 2020 (r524684)
+++ branches/2020Q1/mail/opensmtpd/Makefile Fri Jan 31 09:37:27 2020 (r524685)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= opensmtpd
-PORTVERSION= 6.6.1
+PORTVERSION= 6.6.2
DISTVERSIONSUFFIX= p1
PORTEPOCH= 1
PORTREVISION= 0
Modified: branches/2020Q1/mail/opensmtpd/distinfo
==============================================================================
--- branches/2020Q1/mail/opensmtpd/distinfo Fri Jan 31 09:31:02 2020 (r524684)
+++ branches/2020Q1/mail/opensmtpd/distinfo Fri Jan 31 09:37:27 2020 (r524685)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1573040217
-SHA256 (opensmtpd-6.6.1p1.tar.gz) = eb1bedbfb23d9f08f509d92d8efcaf51d56fb2f44492f40ec059d41124a2f1d9
-SIZE (opensmtpd-6.6.1p1.tar.gz) = 776538
+TIMESTAMP = 1580264944
+SHA256 (opensmtpd-6.6.2p1.tar.gz) = 63b811aca56861108bb72f16fcbbf32f1af71e77b8996a9a5654b6a18915df9a
+SIZE (opensmtpd-6.6.2p1.tar.gz) = 777422
More information about the svn-ports-all
mailing list