diff options
author | gabor <gabor@FreeBSD.org> | 2009-02-23 19:53:09 +0800 |
---|---|---|
committer | gabor <gabor@FreeBSD.org> | 2009-02-23 19:53:09 +0800 |
commit | 92b66f0467dc7eb8d1a78d91cabf7101640116e0 (patch) | |
tree | 743c6a33608384b72932362c4899ff971aa0d758 /security | |
parent | f7768c2d86bf743c5ddf371064958aaa102afaa3 (diff) | |
download | freebsd-ports-gnome-92b66f0467dc7eb8d1a78d91cabf7101640116e0.tar.gz freebsd-ports-gnome-92b66f0467dc7eb8d1a78d91cabf7101640116e0.tar.zst freebsd-ports-gnome-92b66f0467dc7eb8d1a78d91cabf7101640116e0.zip |
- Fix SQL logging problem [1]
- Remove old dependency [1]
- Add a warning when memdisk is used, because it is unsafe [2]
- Fix on Perl 5.8.9 [3]
- Bump PORTREVISION
PR: ports/130835 [1], ports/131633 [2]
Submitted by: Michael Scheidell <scheidell@secnap.net> [1][2]
Diffstat (limited to 'security')
-rw-r--r-- | security/amavisd-new/Makefile | 2 | ||||
-rw-r--r-- | security/amavisd-new/files/amavisd.sh.in | 5 | ||||
-rw-r--r-- | security/amavisd-new/files/patch-amavisd | 134 |
3 files changed, 140 insertions, 1 deletions
diff --git a/security/amavisd-new/Makefile b/security/amavisd-new/Makefile index 3008a6185cd2..7801139fc3d2 100644 --- a/security/amavisd-new/Makefile +++ b/security/amavisd-new/Makefile @@ -9,6 +9,7 @@ PORTNAME= amavisd-new PORTVERSION= 2.6.2 PORTEPOCH= 1 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://www.ijs.si/software/amavisd/ \ http://mirrors.catpipe.net/amavisd-new/ \ @@ -26,7 +27,6 @@ RUN_DEPENDS= ${SITE_PERL}/${PERL_ARCH}/Unix/Syslog.pm:${PORTSDIR}/sysutils/p5-Un ${SITE_PERL}/Archive/Zip.pm:${PORTSDIR}/archivers/p5-Archive-Zip \ ${SITE_PERL}/${PERL_ARCH}/Digest/MD5.pm:${PORTSDIR}/security/p5-Digest-MD5 \ ${SITE_PERL}/${PERL_ARCH}/Time/HiRes.pm:${PORTSDIR}/devel/p5-Time-HiRes \ - ${SITE_PERL}/IO/Wrap.pm:${PORTSDIR}/devel/p5-IO-stringy \ ${SITE_PERL}/IO/Socket/INET6.pm:${PORTSDIR}/net/p5-IO-INET6 \ p5-Net-Server>=0.93:${PORTSDIR}/net/p5-Net-Server \ p5-Mail-DKIM>=0.31:${PORTSDIR}/mail/p5-Mail-DKIM diff --git a/security/amavisd-new/files/amavisd.sh.in b/security/amavisd-new/files/amavisd.sh.in index 3a34ef3d40f6..1a49fa688400 100644 --- a/security/amavisd-new/files/amavisd.sh.in +++ b/security/amavisd-new/files/amavisd.sh.in @@ -22,6 +22,7 @@ rcvar=`set_rcvar` command=%%PREFIX%%/sbin/amavisd > /dev/null 2>&1 pidfile=%%AMAVISDIR%%/amavisd.pid required_files=%%PREFIX%%/etc/amavisd.conf +extra_commands="reload" start_precmd=start_precmd @@ -31,6 +32,10 @@ start_precmd() { rm -rf %%AMAVISDIR%%/tmp/* %%AMAVISDIR%%/tmp/.* 2>/dev/null || true if [ ${amavisd_ram} ];then + echo "========================================================" + echo "WARNING: using ramdisk is reported to be unstable and" + echo "thus it is highly recommended to be turned off." + echo "========================================================" df %%AMAVISDIR%%/tmp | grep '^/dev/md' > /dev/null if [ $? -eq 1 ];then mdmfs -M -s ${amavisd_ram} -p 750 -w %%AMAVISUSER%%:%%AMAVISGROUP%% md %%AMAVISDIR%%/tmp || true diff --git a/security/amavisd-new/files/patch-amavisd b/security/amavisd-new/files/patch-amavisd new file mode 100644 index 000000000000..efb4e33a2b45 --- /dev/null +++ b/security/amavisd-new/files/patch-amavisd @@ -0,0 +1,134 @@ +--- amavisd.orig 2008-12-15 01:50:09.000000000 +0100 ++++ amavisd 2009-02-21 20:23:55.000000000 +0100 +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl -T ++#!/usr/local/bin/perl -T + + #------------------------------------------------------------------------------ + # This is amavisd-new. +@@ -7082,7 +7082,7 @@ + @EXPORT_OK = qw(&mime_decode); + import Amavis::Conf qw(:platform c cr ca $MAXFILES); + import Amavis::Timing qw(section_time); +- import Amavis::Util qw(snmp_count ll do_log); ++ import Amavis::Util qw(snmp_count untaint ll do_log); + import Amavis::Unpackers::NewFilename qw(consumed_bytes); + } + use subs @EXPORT_OK; +@@ -7104,7 +7104,8 @@ + $newpart_obj->name_declared($pe_name); + my($newpart) = $newpart_obj->full_name; + my($outpart) = IO::File->new; +- $outpart->open($newpart, O_CREAT|O_EXCL|O_WRONLY, 0640) ++ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502] ++ $outpart->open($newpart, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640) + or die "Can't create $pe_name file $newpart: $!"; + binmode($outpart, ":bytes") or die "Can't cancel :utf8 mode: $!" + if $unicode_aware; +@@ -13181,7 +13182,7 @@ + Amavis::Lookup::RE->new(@$Amavis::Conf::map_full_type_to_short_type_re); + + # default location of the config file if none specified +-push(@config_files, '/etc/amavisd.conf') if !@config_files; ++push(@config_files, '/usr/local/etc/amavisd.conf') if !@config_files; + # Read and evaluate config files, which may override default settings + Amavis::Conf::include_config_files(@config_files); + Amavis::Conf::supply_after_defaults(); +@@ -18061,7 +18062,8 @@ + else + { die "File $bsmtp_file_tmp exists??? Refuse to overwrite it, $!" } + $mp = IO::File->new; +- $mp->open($bsmtp_file_tmp, O_CREAT|O_EXCL|O_WRONLY, 0640) ++ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502] ++ $mp->open($bsmtp_file_tmp, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640) + or die "Can't create BSMTP file $bsmtp_file_tmp: $!"; + binmode($mp, ":bytes") or die "Can't set :bytes, $!" if $unicode_aware; + +@@ -18177,7 +18179,7 @@ + @ISA = qw(Exporter); + @EXPORT_OK = qw(&mail_to_local_mailbox); + import Amavis::Conf qw(:platform $quarantine_subdir_levels c cr ca); +- import Amavis::Util qw(ll do_log unique_list); ++ import Amavis::Util qw(ll do_log untaint unique_list); + import Amavis::Timing qw(section_time); + import Amavis::rfc2821_2822_Tools; + import Amavis::Out::EditHeader; +@@ -18334,7 +18336,8 @@ + or die "Can't create gzip file $mbxname: $!"; + } else { + $mp = IO::File->new; +- $mp->open($mbxname, O_CREAT|O_EXCL|O_WRONLY, 0640) ++ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502] ++ $mp->open($mbxname, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640) + or die "Can't create file $mbxname: $!"; + binmode($mp, ":bytes") or die "Can't cancel :utf8 mode: $!" + if $unicode_aware; +@@ -18346,7 +18349,8 @@ + # file at the same time, one will tempfail at this point, with + # its mail delivery to be retried later by MTA + $mp = IO::File->new; +- $mp->open($mbxname, O_CREAT|O_EXCL|O_WRONLY, 0640) ++ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502] ++ $mp->open($mbxname, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640) + or die "Can't create file $mbxname: $!"; + } elsif ($errn==0 && !-f _) { + die "Mailbox $mbxname is not a regular file, refuse to deliver"; +@@ -18354,7 +18358,8 @@ + die "Mailbox file $mbxname is executable, refuse to deliver"; + } else { + $mp = IO::File->new; +- $mp->open($mbxname, O_APPEND|O_WRONLY, 0640) ++ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502] ++ $mp->open($mbxname, untaint(O_APPEND|O_WRONLY), 0640) + or die "Can't append to $mbxname: $!"; + } + binmode($mp, ":bytes") or die "Can't cancel :utf8 mode: $!" +@@ -19178,7 +19183,7 @@ + $q_to =~ s{^\Q$QUARANTINEDIR\E/}{}; # strip directory name + } + my($m_id) = $msginfo->get_header_field_body('message-id'); +- $m_id = parse_message_id($m_id) if $m_id ne ''; # strip CFWS, take #1 ++ $m_id = join(' ',parse_message_id($m_id)) if $m_id ne ''; # strip CFWS + my($subj) = $msginfo->get_header_field_body('subject'); + my($from) = $msginfo->get_header_field_body('from'); # raw full field + my($rfc2822_from) = $msginfo->rfc2822_from; # undef, scalar or listref +@@ -21931,7 +21936,8 @@ + $part->base_name, $err_nm[$sts], $sts); + my($newpart) = $newpart_obj->full_name; + my($outpart) = IO::File->new; +- $outpart->open($newpart, O_CREAT|O_EXCL|O_WRONLY, 0640) ++ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502] ++ $outpart->open($newpart, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640) + or die "Can't create file $newpart: $!"; + binmode($outpart) or die "Can't set file $newpart to binmode: $!"; + my($size) = 0; +@@ -22047,7 +22053,8 @@ + $newpart_obj->mime_placement($part->mime_placement."/1"); + my($newpart) = $newpart_obj->full_name; + my($outpart) = IO::File->new; +- $outpart->open($newpart, O_CREAT|O_EXCL|O_WRONLY, 0640) ++ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502] ++ $outpart->open($newpart, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640) + or die "Can't create file $newpart: $!"; + binmode($outpart) or die "Can't set file $newpart to binmode: $!"; + my($nbytes,$buff); my($size) = 0; +@@ -22680,7 +22687,8 @@ + $newpart_obj->name_declared([$a->name, $a->longname]); + my($newpart) = $newpart_obj->full_name; + my($outpart) = IO::File->new; +- $outpart->open($newpart, O_CREAT|O_EXCL|O_WRONLY, 0640) ++ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502] ++ $outpart->open($newpart, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640) + or die "Can't create file $newpart: $!"; + binmode($outpart) or die "Can't set file $newpart to binmode: $!"; + my($filepath) = $dh->path; my($size) = 0; +@@ -22963,7 +22971,8 @@ + sub run_command_copy($$$) { + my($outfile, $ifh, $pid) = @_; + my($ofh) = IO::File->new; +- $ofh->open($outfile, O_CREAT|O_EXCL|O_WRONLY, 0640) # calls sysopen ++ # O_WRONLY etc. can become tainted in Perl5.8.9 [perlbug #62502] ++ $ofh->open($outfile, untaint(O_CREAT|O_EXCL|O_WRONLY), 0640) # calls sysopen + or die "Can't create file $outfile: $!"; + binmode($ofh) or die "Can't set file $outfile to binmode: $!"; + binmode($ifh) or die "Can't set binmode on pipe: $!"; |