kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/mail/sendmail812
History
tv 0ce2b03348 Update sendmail (with vendor patch) to address the current security issue: 
http://www.kb.cert.org/vuls/id/834865

Bump to nb2.
This will change the internal version of sendmail to 8.12.11.20060308.

>       SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
>               and client side of sendmail with timeouts in the libsm I/O
>               layer and fix problems in that code.  Also fix handling of
>               a buffer in sm_syslog() which could have been used as an
>               attack vector to exploit the unsafe handling of
>               setjmp(3)/longjmp(3) in combination with signals.
>               Problem detected by Mark Dowd of ISS X-Force.
>       Handle theoretical integer overflows that could triggered if
>               the server accepted headers larger than the maximum
>               (signed) integer value.  This is prevented in the default
>               configuration by restricting the size of a header, and on
>               most machines memory allocations would fail before reaching
>               those values.  Problems found by Phil Brass of ISS.
2006-03-22 21:19:06 +00:00
..
files - Finish off jlam@'s work removing SASL v1 from pkgsrc 2005-03-30 21:54:19 +00:00
patches Convert another rogue statvfs() __NetBSD_Version__ check to 299000900 2005-09-08 22:32:39 +00:00
DESCR
distinfo Update sendmail (with vendor patch) to address the current security issue: 2006-03-22 21:19:06 +00:00
Makefile Update sendmail (with vendor patch) to address the current security issue: 2006-03-22 21:19:06 +00:00
Makefile.common Update sendmail (with vendor patch) to address the current security issue: 2006-03-22 21:19:06 +00:00
MESSAGE
options.mk Remove some more *LEGACY* settings that are over a month old and 2005-10-05 13:29:49 +00:00
PLIST