OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 19-Sep-2003 09:46:44
Branch: OPENPKG_1_2_SOLID HEAD Handle: 2003091908464201
Added files: (Branch: OPENPKG_1_2_SOLID)
openpkg-src/sendmail sendmail.patch
Modified files:
openpkg-web news.txt
Modified files: (Branch: OPENPKG_1_2_SOLID)
openpkg-src/sendmail sendmail.spec
Log:
apply security bugfixes (CAN-2003-0694 & CAN-2003-0681)
Summary:
Revision Changes Path
1.1.4.1 +99 -0 openpkg-src/sendmail/sendmail.patch
1.51.2.1.2.6+8 -4 openpkg-src/sendmail/sendmail.spec
1.6638 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/sendmail/sendmail.patch
============================================================================
$ cvs diff -u -r0 -r1.1.4.1 sendmail.patch
--- /dev/null 2003-09-19 09:46:43.000000000 +0200
+++ sendmail.patch 2003-09-19 09:46:43.000000000 +0200
@@ -0,0 +1,99 @@
+Security bugfixes:
+http://www.sendmail.org/8.12.10.html
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0681
+
+Index: sendmail/parseaddr.c
+--- sendmail/parseaddr.c.orig 2003-03-27 03:39:53.000000000 +0100
++++ sendmail/parseaddr.c 2003-09-19 09:11:01.000000000 +0200
+@@ -700,7 +700,11 @@
+ addr[MAXNAME] = '\0';
+ returnnull:
+ if (delimptr != NULL)
++ {
++ if (p > addr)
++ p--;
+ *delimptr = p;
++ }
+ CurEnv->e_to = saveto;
+ return NULL;
+ }
+@@ -1000,6 +1004,8 @@
+ }
+ if (pvp == NULL)
+ return EX_USAGE;
++ if (maxatom <= 0)
++ return EX_USAGE;
+
+ /*
+ ** Run through the list of rewrite rules, applying
+@@ -1866,6 +1872,7 @@
+ register ENVELOPE *e;
+ {
+ bool tempfail = false;
++ int maxatom;
+ struct mailer **mp;
+ register struct mailer *m;
+ register char *p;
+@@ -1880,6 +1887,7 @@
+ printav(tv);
+ }
+
++ maxatom = MAXATOM;
+ if (a == NULL)
+ a = (ADDRESS *) sm_rpool_malloc_x(e->e_rpool, sizeof *a);
+ memset((char *) a, '\0', sizeof *a);
+@@ -1919,14 +1927,22 @@
+ return a;
+ }
+ mname = *++tv;
++ --maxatom;
+
+ /* extract host and user portions */
+ if (*++tv != NULL && (**tv & 0377) == CANONHOST)
++ {
+ hostp = ++tv;
++ --maxatom;
++ }
+ else
+ hostp = NULL;
++ --maxatom;
+ while (*tv != NULL && (**tv & 0377) != CANONUSER)
++ {
+ tv++;
++ --maxatom;
++ }
+ if (*tv == NULL)
+ {
+ syserr("554 5.3.5 buildaddr: no user");
+@@ -1937,6 +1953,7 @@
+ else if (hostp != NULL)
+ cataddr(hostp, tv - 1, hbuf, sizeof hbuf, '\0');
+ cataddr(++tv, NULL, ubuf, sizeof ubuf, ' ');
++ --maxatom;
+
+ /* save away the host name */
+ if (sm_strcasecmp(mname, "error") == 0)
+@@ -2041,6 +2058,7 @@
+ {
+ p++;
+ tv++;
++ --maxatom;
+ a->q_flags |= QNOTREMOTE;
+ }
+
+@@ -2071,11 +2089,11 @@
+ !bitset(RF_SENDERADDR|RF_HEADERADDR, flags))
+ {
+ /* sender addresses done later */
+- (void) REWRITE(tv, 2, e);
++ (void) rewrite(tv, 2, 0, e, maxatom);
+ if (m->m_re_rwset > 0)
+- (void) REWRITE(tv, m->m_re_rwset, e);
++ (void) rewrite(tv, m->m_re_rwset, 0, e, maxatom);
+ }
+- (void) REWRITE(tv, 4, e);
++ (void) rewrite(tv, 4, 0, e, maxatom);
+
+ /* save the result for the command line/RCPT argument */
+ cataddr(tv, NULL, ubuf, sizeof ubuf, '\0');
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/sendmail/sendmail.spec
============================================================================
$ cvs diff -u -r1.51.2.1.2.5 -r1.51.2.1.2.6 sendmail.spec
--- openpkg-src/sendmail/sendmail.spec 26 Aug 2003 10:23:40 -0000
1.51.2.1.2.5
+++ openpkg-src/sendmail/sendmail.spec 19 Sep 2003 07:46:43 -0000
1.51.2.1.2.6
@@ -33,7 +33,7 @@
Group: Mail
License: BSD
Version: 8.12.7
-Release: 1.2.3
+Release: 1.2.4
# package options
%option with_tls no
@@ -50,6 +50,7 @@
Patch0: ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.security.cr.patch
Patch1: ftp://ftp.sendmail.org/pub/sendmail/prescan.tar.gz.uu
Patch2: http://www.sendmail.org/sm_resolve.c.p1
+Patch3: sendmail.patch
# build information
Prefix: %{l_prefix}
@@ -89,14 +90,17 @@
uudecode <%{PATCH prescan.tar.gz.uu}
%{l_gzip} -d -c prescan.tar.gz | %{l_tar} xf -
cd sendmail
- %{l_patch} <../prescan.8.12.patch
+ %{l_patch} -p0 <../prescan.8.12.patch
)
# yet another security patch
( cd sendmail-%{version}
cd sendmail
- %{l_patch} <%{PATCH sm_resolve.c.p1}
+ %{l_patch} -p0 <%{PATCH sm_resolve.c.p1}
+ )
+ # yet another security patch
+ ( cd sendmail-%{version}
+ %{l_patch} -p0 <%{PATCH sendmail.patch}
)
-
# add own M4 stuff to Sendmail configuration set
( cd sendmail-%{version}
%{l_tar} xf %{SOURCE cf.tar}
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.6637 -r1.6638 news.txt
--- openpkg-web/news.txt 19 Sep 2003 07:42:58 -0000 1.6637
+++ openpkg-web/news.txt 19 Sep 2003 07:46:42 -0000 1.6638
@@ -1,3 +1,4 @@
+19-Sep-2003: Upgraded package: P<sendmail-8.12.7-1.2.4>
19-Sep-2003: Upgraded package: P<sendmail-8.12.9-1.3.1>
19-Sep-2003: Upgraded package: P<sendmail-8.12.10-20030919>
18-Sep-2003: Upgraded package: P<kde-libs-3.1.4-20030918>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
