kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/mail/sendmail
History
adrianp 52c0a606d9 Update sendmail to address the current security issue 
Bump to nb2
This will change the internal version of sendmail to 8.13.5.20060308
> 	SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> 		and client side of sendmail with timeouts in the libsm I/O
> 		layer and fix problems in that code.  Also fix handling of
> 		a buffer in sm_syslog() which could have been used as an
> 		attack vector to exploit the unsafe handling of
> 		setjmp(3)/longjmp(3) in combination with signals.
> 		Problem detected by Mark Dowd of ISS X-Force.
> 	Handle theoretical integer overflows that could triggered if
> 		the server accepted headers larger than the maximum
> 		(signed) integer value.  This is prevented in the default
> 		configuration by restricting the size of a header, and on
> 		most machines memory allocations would fail before reaching
> 		those values.  Problems found by Phil Brass of ISS.
2006-03-22 19:56:36 +00:00
..
files - Fix builds with SASLv2 following removal of SASLv1 support 2005-04-01 18:42:08 +00:00
patches Fix build on -HEAD 2006-01-18 21:00:48 +00:00
DESCR
distinfo Update sendmail to address the current security issue 2006-03-22 19:56:36 +00:00
Makefile Update sendmail to address the current security issue 2006-03-22 19:56:36 +00:00
Makefile.common Update sendmail to address the current security issue 2006-03-22 19:56:36 +00:00
MESSAGE - Update sendmail to 8.13.3 2005-02-10 22:17:24 +00:00
options.mk While I'm here add back the PKG_OPTIONS_LEGACY_OPTS for socketmap 2005-10-20 15:10:01 +00:00
PLIST Update sendmail to 8.13.5 2005-10-14 08:36:02 +00:00
PLIST.socketmap