spamass-milter-0.3.1_9 leaving open zombie processes.

Ted Hatfield ted at
Mon May 10 22:46:20 UTC 2010

Forgive my ignorance and the long rambling email below.

I have limited knowledge of the intricacies of diff and the patching
process so I'm not sure exactly what you are asking for when you say
"Can you perhaps send me a port diff?".

Here is a full description of the process I went through to get the milter
running on my servers.

Because I did not know which patches you had already applied to the port
nor where you had obtained them, I determined that I would need to patch a
copy of the original source by hand with the patches I found at the website.

I downloaded the original source from the
mirror site.

I then applied the two patches I listed below to the original source and
verified that it would "configure" and "make" properly.

These patches can be obtained from
file #20020 and file #20284.

Once I know that this was working properly I then verified that the
distfile the port was downloading was the same as the source I downloaded
from the repository.  This convinced me that I could
modify the patch files in the /usr/ports/mail/spamass-milter/files folder.

Each of the patch files I downloaded from consisted of
a combined diff for the files spamass-milter.cpp and spamass-milter.h.

I then separated each individual patch file into separate pieces.

I combined those separate pieces together into two new patch files that I
used to replace:  (note that I said REPLACED)


Although this "new" port is running on my servers and it appears to have
fixed both the security flaw and the zombie process bug,  I'm uncertain if
I have opened up any other security hole or bug in the process, because I
don't know what other patches you had in place that I removed nor what
their purpose was.

I sent my original email both as a way of informing the port maintainer of
the problem as well as a link to the code that purported to fix the
problem, hoping that you would have a better idea of what else I might
have broken when I "fixed" the problem.

If you require something from me that I can provide please let me know and
I'll do my best to get it to you.


Ted Hatfield

On Mon, 10 May 2010, Niels Heinen wrote:
> Hi Ted,
> Thanks for pointing this out!
> Can you perhaps send me a port diff? (will shorten the ETA)
> Thanks,
> Niels
> On 05/10/10 21:07, Ted Hatfield wrote:
>> spamass-milter-0.3.0_9 appears to be an update to fix the security
>> vulnerability referenced by CVE-2010-1132.
>> However the patch installed for this vulnerability fails to close
>> processes properly and spamass-milter leaves a large number of zombie
>> processes open until the milter is restarted.
>> Rather than wait for the port maintainer to update this port we
>> installed the patches found at
>> Specifically
>> file #20020:  spamass-milter-0.3.1-syntax.patch
>> file #20284:  spamass-milter-0.3.1-popen.patch
>> If anyone wants to see tham I have included the patches I used.
>> Does anyone have an ETA for an official update.
>> Thank,
>> Ted Hatfield
>> PrismNet Ltd.
>> IO.COM.
>> _______________________________________________
>> freebsd-ports at mailing list
>> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at"
> -- 
> Niels Heinen
> FreeBSD committer |
> PGP: 0x5FE39B80
> _______________________________________________
> freebsd-ports at mailing list
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at"

More information about the freebsd-ports mailing list