ports/63274: [MAINTAINER] mail/MailScanner: Security bugfix
Jan-Peter Koopmann
j.koopmann at seceidos.de
Mon Feb 23 17:00:41 UTC 2004
>Number: 63274
>Category: ports
>Synopsis: [MAINTAINER] mail/MailScanner: Security bugfix
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Feb 23 09:00:38 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Jan-Peter Koopmann
>Release: FreeBSD 4.9-STABLE i386
>Organization:
>Environment:
System: FreeBSD services.intern.seceidos.de 4.9-STABLE FreeBSD 4.9-STABLE #0: Mon Jan 5 10:56:46 CET
>Description:
The author of MailScanner identified a possibility for some viruses to pass MailScanner undetected due to damaged MIME structures.
He released a patch which is now included in the port as well.
Generated with FreeBSD Port Tools 0.50
>How-To-Repeat:
>Fix:
--- MailScanner-4.26.8_2.patch begins here ---
diff -ruN --exclude=CVS /server-root/ports/mail/mailscanner.orig/Makefile /server-root/ports/mail/mailscanner/Makefile
--- /server-root/ports/mail/mailscanner.orig/Makefile Mon Feb 23 05:41:03 2004
+++ /server-root/ports/mail/mailscanner/Makefile Mon Feb 23 17:33:26 2004
@@ -7,6 +7,7 @@
PORTNAME= MailScanner
PORTVERSION= 4.26.8
+PORTREVISION= 2
CATEGORIES= mail
MASTER_SITES= http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/tar/
DISTNAME= MailScanner-${PORTVERSION}-${PATCHLEVEL}
diff -ruN --exclude=CVS /server-root/ports/mail/mailscanner.orig/files/patch-lib:MailScanner:Message.pm /server-root/ports/mail/mailscanner/files/patch-lib:MailScanner:Message.pm
--- /server-root/ports/mail/mailscanner.orig/files/patch-lib:MailScanner:Message.pm Tue Feb 17 16:53:42 2004
+++ /server-root/ports/mail/mailscanner/files/patch-lib:MailScanner:Message.pm Mon Feb 23 17:39:17 2004
@@ -1,5 +1,5 @@
---- ../MailScanner-4.26.8.orig/lib/MailScanner/Message.pm Fri Feb 13 09:31:30 2004
-+++ lib/MailScanner/Message.pm Fri Feb 13 09:38:35 2004
+--- ../MailScanner-4.26.8.orig/lib/MailScanner/Message.pm Mon Feb 23 17:37:26 2004
++++ lib/MailScanner/Message.pm Mon Feb 23 17:38:33 2004
@@ -2,7 +2,7 @@
# MailScanner - SMTP E-Mail Virus Scanner
# Copyright (C) 2002 Julian Field
@@ -170,7 +170,7 @@
#print STDERR "Adding file $file type $text\n";
$this->{alltypes}{$file} .= $text;
+ $types{$file} .= $text;
- }
++ }
+
+ # Now look for the reports we can't match anywhere and make them
+ # map to the entire message.
@@ -182,8 +182,59 @@
+ $this->{allreports}{""} .= $value;
+ $this->{alltypes}{""} .= $types{$key};
+ }
-+ }
+ }
+
#print STDERR "Finished combining reports\n";
}
+
+@@ -3309,6 +3405,50 @@
+ $index = $#{$self->{ME_Parts}} + 2 + $index if ($index < 0);
+ splice(@{$self->{ME_Parts}}, $index, 0, $part);
+ $part;
++}
++
++
++#
++# Over-ride a function in Mail::Header that parses the block of headers
++# at the top of each MIME section. My improvement allows the first line
++# of the header block to be missing, which breaks the original parser
++# though the filename is still there.
++#
++
++package Mail::Header;
++
++sub extract
++{
++ my $me = shift;
++ my $arr = shift;
++ my $line;
++
++ $me->empty;
++
++ # JKF Make this more robust by allowing first line of header to be missing
++ shift @{$arr} while scalar(@{$arr}) &&
++ $arr->[0] =~ /\A[ \t]+/o &&
++ $arr->[1] =~ /\A$FIELD_NAME/o;
++ # JKF End mod here
++
++ while(scalar(@{$arr}) && $arr->[0] =~ /\A($FIELD_NAME|From )/o)
++ {
++ my $tag = $1;
++
++ $line = shift @{$arr};
++ $line .= shift @{$arr}
++ while(scalar(@{$arr}) && $arr->[0] =~ /\A[ \t]+/o);
++
++ ($tag,$line) = _fmt_line($me,$tag,$line);
++
++ _insert($me,$tag,$line,-1)
++ if defined $line;
++ }
++
++ shift @{$arr}
++ if(scalar(@{$arr}) && $arr->[0] =~ /\A\s*\Z/o);
++
++ $me;
+ }
+
--- MailScanner-4.26.8_2.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list