ports/117321: [PATCH] Update vpopmail and SA patch, and fix buffer overflow
Alex Dupre
ale at FreeBSD.org
Fri Oct 19 13:10:01 UTC 2007
>Number: 117321
>Category: ports
>Synopsis: [PATCH] Update vpopmail and SA patch, and fix buffer overflow
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 19 13:10:00 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator: Alex Dupre
>Release:
>Organization:
>Environment:
>Description:
- Update vpopmail to 5.4.25 release
- Update Alex Dupre's SpamAssassin patch (new support for Junk folder)
- Fix various buffer overflows and unchecked limits
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
? vpopmail.diff
? work
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/mail/vpopmail/Makefile,v
retrieving revision 1.69
diff -u -r1.69 Makefile
--- Makefile 9 Oct 2007 13:27:23 -0000 1.69
+++ Makefile 19 Oct 2007 10:59:46 -0000
@@ -6,7 +6,7 @@
#
PORTNAME= vpopmail
-PORTVERSION= 5.4.20
+PORTVERSION= 5.4.25
CATEGORIES= mail
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
@@ -73,6 +73,7 @@
#
# RELAYCLEAR - time in minutes before clearing relay hole (requires roaming)
# SPAM_THRESHOLD - minimum score required to delete spam messages (requires spamassassin)
+# WITH_SPAMFOLDER - move spam messages into Junk folder (requires spamassassin)
# DEFAULT_DOMAIN - default domain for non-vhost lookups
# WITH_SINGLE_DOMAIN - optimize for a site with many users in a single domain
# LOGLEVEL - n - no logging, y - log all,
@@ -172,6 +173,9 @@
.if defined(BROKEN_MYSQL_PARAMS)
BROKEN= The MySQL connection parameters are no longer setup at compile time - please edit the ${PREFIX}/vpopmail/etc/vpopmail.mysql file instead
.endif
+PLIST_SUB+= MYSQL=""
+.else
+PLIST_SUB+= MYSQL="@comment "
.endif
.if defined(DEFAULT_DOMAIN)
@@ -317,6 +321,9 @@
CONFIGURE_ARGS+= --enable-spamassassin \
--enable-spamc-prog=${LOCALBASE}/bin/spamc \
--enable-spam-threshold=${SPAM_THRESHOLD}
+.if defined(WITH_SPAMFOLDER)
+CONFIGURE_ARGS+= --enable-spam-junkfolder
+.endif
.endif
DOCS= README README.activedirectory README.filelocking \
Index: distinfo
===================================================================
RCS file: /home/pcvs/ports/mail/vpopmail/distinfo,v
retrieving revision 1.28
diff -u -r1.28 distinfo
--- distinfo 9 Oct 2007 13:27:23 -0000 1.28
+++ distinfo 19 Oct 2007 10:59:46 -0000
@@ -1,3 +1,3 @@
-MD5 (vpopmail-5.4.20.tar.gz) = c56e9c42cdb35860b25586fba088967f
-SHA256 (vpopmail-5.4.20.tar.gz) = fa564a73007acbf81092c030329eac1394e981484c195a51a5c8bfbf7ed3f97e
-SIZE (vpopmail-5.4.20.tar.gz) = 500268
+MD5 (vpopmail-5.4.25.tar.gz) = 273c2c25906aed5206e97b01a2593aa6
+SHA256 (vpopmail-5.4.25.tar.gz) = 41aa61094fd4bb02cca71fa01815b37b470e8e299bb99a64995189e15ff7142b
+SIZE (vpopmail-5.4.25.tar.gz) = 504184
Index: pkg-plist
===================================================================
RCS file: /home/pcvs/ports/mail/vpopmail/pkg-plist,v
retrieving revision 1.14
diff -u -r1.14 pkg-plist
--- pkg-plist 9 Oct 2007 13:27:23 -0000 1.14
+++ pkg-plist 19 Oct 2007 10:59:46 -0000
@@ -71,9 +71,9 @@
%%LDAP%%@unexec if cmp -s %D/vpopmail/etc/vpopmail.ldap %D/vpopmail/etc/vpopmail.ldap-dist; then rm -f %D/vpopmail/etc/vpopmail.ldap; fi
%%LDAP%%vpopmail/etc/vpopmail.ldap-dist
%%LDAP%%@exec if [ ! -f %D/vpopmail/etc/vpopmail.ldap ] ; then cp -p %D/%F %B/vpopmail.ldap; fi
- at unexec if cmp -s %D/vpopmail/etc/vpopmail.mysql %D/vpopmail/etc/vpopmail.mysql-dist; then rm -f %D/vpopmail/etc/vpopmail.mysql; fi
-vpopmail/etc/vpopmail.mysql-dist
- at exec if [ ! -f %D/vpopmail/etc/vpopmail.mysql ] ; then cp -p %D/%F %B/vpopmail.mysql; fi
+%%MYSQL%%@unexec if cmp -s %D/vpopmail/etc/vpopmail.mysql %D/vpopmail/etc/vpopmail.mysql-dist; then rm -f %D/vpopmail/etc/vpopmail.mysql; fi
+%%MYSQL%%vpopmail/etc/vpopmail.mysql-dist
+%%MYSQL%%@exec if [ ! -f %D/vpopmail/etc/vpopmail.mysql ] ; then cp -p %D/%F %B/vpopmail.mysql; fi
vpopmail/include/config.h
vpopmail/include/vauth.h
vpopmail/include/vlimits.h
Index: files/patch-config.h.in
===================================================================
RCS file: /home/pcvs/ports/mail/vpopmail/files/patch-config.h.in,v
retrieving revision 1.4
diff -u -r1.4 patch-config.h.in
--- files/patch-config.h.in 9 Oct 2007 13:27:24 -0000 1.4
+++ files/patch-config.h.in 19 Oct 2007 10:59:46 -0000
@@ -1,12 +1,15 @@
---- ../../vendor/vpopmail/config.h.in 2007-10-07 19:56:55.000000000 +0300
-+++ config.h.in 2007-10-07 22:24:54.000000000 +0300
-@@ -277,6 +277,9 @@
+--- config.h.in.orig 2007-10-14 09:54:26.000000000 +0200
++++ config.h.in 2007-10-14 09:54:46.000000000 +0200
+@@ -277,6 +277,12 @@
#undef SPAMC_PROG
/* "" */
+#undef SPAM_THRESHOLD
+
+/* "" */
++#undef SPAM_JUNKFOLDER
++
++/* "" */
#undef SQWEBMAIL_PASS
/* Define to 1 if you have the ANSI C header files. */
Index: files/patch-configure
===================================================================
RCS file: /home/pcvs/ports/mail/vpopmail/files/patch-configure,v
retrieving revision 1.13
diff -u -r1.13 patch-configure
--- files/patch-configure 9 Oct 2007 13:27:24 -0000 1.13
+++ files/patch-configure 19 Oct 2007 10:59:46 -0000
@@ -1,15 +1,15 @@
-diff -urN -x .svn ../../../branches/vendor/vpopmail/configure ./configure
---- ../../../branches/vendor/vpopmail/configure 2007-10-07 19:56:56.000000000 +0300
-+++ ./configure 2007-10-07 21:55:00.298247000 +0300
-@@ -877,6 +877,7 @@
+--- configure.orig 2007-09-30 04:11:14.000000000 +0200
++++ configure 2007-10-14 10:08:02.000000000 +0200
+@@ -1308,6 +1308,8 @@
--enable-onchange-script Enable onchange script. See README.onchange for more info.
--enable-spamassassin Enable spamassassin. See README.spamassassin for more info.
--enable-spamc-prog=PATH Full path to spamc program /usr/{local/}bin/spamc.
+ --enable-spam-threshold=# or n Automatically delete messages that score more than # spam hits
++ --enable-spam-junkfolder Automatically move (not deleted) spam messages into Junk folder
--enable-maildrop Enable maildrop. See README.maildrop for more info.
--enable-maildrop-prog=PATH Full path to maildrop program /usr/{local/}bin/maildrop.
--enable-domains-dir=TEXT Directory in ~vpopmail to store domains (default=domains).
-@@ -5844,27 +5845,6 @@
+@@ -6729,27 +6731,6 @@
#----------------------------------------------------------------------
@@ -34,13 +34,13 @@
-
-#----------------------------------------------------------------------
-
- echo "$as_me:$LINENO: checking whether roaming-users has been enabled" >&5
- echo $ECHO_N "checking whether roaming-users has been enabled... $ECHO_C" >&6
- # Check whether --enable-roaming-users or --disable-roaming-users was given.
-@@ -5952,29 +5932,9 @@
+ { echo "$as_me:$LINENO: checking whether roaming-users has been enabled" >&5
+ echo $ECHO_N "checking whether roaming-users has been enabled... $ECHO_C" >&6; }
+ # Check whether --enable-roaming-users was given.
+@@ -6836,20 +6817,7 @@
+ # Check whether --enable-tcpserver_file was given.
if test "${enable_tcpserver_file+set}" = set; then
- enableval="$enable_tcpserver_file"
- tcpserver_file="$enableval"
+ enableval=$enable_tcpserver_file; tcpserver_file="$enableval"
-else
-
- if test "$tcpserver_file" = ""
@@ -55,20 +55,11 @@
- fi
-
-
-+ echo "127.:allow,RELAYCLIENT=\"\"" > ${VCFGDIR}/tcp.smtp
- fi;
++ echo "127.:allow,RELAYCLIENT=\"\"" > ${VCFGDIR}/tcp.smtp
+ fi
-- if test ! -f "$tcpserver_file"
-- then
-- { { echo "$as_me:$LINENO: error: Unable to find your tcp.smtp file, specify --enable-tcpserver-path=/full/path/to/tcp.smtp" >&5
--echo "$as_me: error: Unable to find your tcp.smtp file, specify --enable-tcpserver-path=/full/path/to/tcp.smtp" >&2;}
-- { (exit 1); exit 1; }; }
-- fi
--
- echo "$as_me:$LINENO: result: yes" >&5
- echo "${ECHO_T}yes" >&6
-@@ -6483,6 +6443,24 @@
+@@ -7368,6 +7336,43 @@
#define SPAMC_PROG "$spamc_prog"
_ACEOF
@@ -90,10 +81,29 @@
+
+ ;;
+esac
++
++# Check whether --enable-spam-junkfolder or --disable-spam-junkfolder was given.
++if test "${enable_spam_junkfolder+set}" = set; then
++ enableval="$enable_spam_junkfolder"
++ ENABLE_SPAM_JUNKFOLDER=$enableval
++else
++ ENABLE_SPAM_JUNKFOLDER=0
++fi
++
++case $ENABLE_SPAM_JUNKFOLDER in
++0*|n*|N*)
++ ;;
++*)
++ cat >> confdefs.h <<EOF
++#define SPAM_JUNKFOLDER 1
++EOF
++
++ ;;
++esac
;;
esac
-@@ -6803,7 +6781,7 @@
+@@ -7688,7 +7693,7 @@
#define USE_LDAP $USE_LDAP
_ACEOF
@@ -102,7 +112,7 @@
auth_inc="-I/usr/local/include"
-@@ -9389,8 +9367,8 @@
+@@ -10204,8 +10209,8 @@
;;
esac
Index: files/patch-vdelivermail.c
===================================================================
RCS file: /home/pcvs/ports/mail/vpopmail/files/patch-vdelivermail.c,v
retrieving revision 1.8
diff -u -r1.8 patch-vdelivermail.c
--- files/patch-vdelivermail.c 9 Oct 2007 13:27:24 -0000 1.8
+++ files/patch-vdelivermail.c 19 Oct 2007 10:59:46 -0000
@@ -1,21 +1,150 @@
-diff -urN -x .svn ../../../branches/vendor/vpopmail/vdelivermail.c ./vdelivermail.c
---- ../../../branches/vendor/vpopmail/vdelivermail.c 2007-10-07 19:56:56.000000000 +0300
-+++ ./vdelivermail.c 2007-10-07 21:18:56.000000000 +0300
-@@ -1246,7 +1246,17 @@
+--- vdelivermail.c.orig 2007-05-22 05:59:00.000000000 +0200
++++ vdelivermail.c 2007-10-19 12:50:00.000000000 +0200
+@@ -74,6 +74,7 @@
+ int is_spam();
+ #endif
+ int DeleteMail = 0;
++int MoveMail = 0;
+ int local = 1;
+
+ #define MSG_BUF_SIZE 5000
+@@ -353,7 +354,6 @@
+
+ int fdcopy (int write_fd, int read_fd, const char *extra_headers, size_t headerlen, char *address)
+ {
+- char msgbuf[4096];
+ ssize_t file_count;
+ struct vlimits limits;
+ #ifdef SPAMASSASSIN
+@@ -393,7 +393,7 @@
+ close(pim[1]);
+ if (execl(SPAMC_PROG, SPAMC_PROG, "-f", "-u",
+ address, 0) == -1) {
+- while ((file_count = read(0, msgbuf, MSG_BUF_SIZE)) > 0) {
++ while ((file_count = read(0, msgbuf, sizeof(msgbuf))) > 0) {
+ write(1, msgbuf, file_count);
+ }
+ _exit(0);
+@@ -421,17 +421,35 @@
+ /* read it in chunks and write it to the new file */
+ while ((file_count = read(read_fd, msgbuf, sizeof(msgbuf))) > 0) {
+ #ifdef SPAMASSASSIN
+- if ( local==1 && InHeaders==1 &&
+- (limits.delete_spam==1 || vpw->pw_gid & DELETE_SPAM) ) {
+- printf("check is_spam\n");
+- if (is_spam(msgbuf) == 1) {
++ if ( local==1 && InHeaders==1
++#if defined(SPAM_THRESHOLD) || defined(SPAM_JUNKFOLDER)
++ ) {
++#else
++ && (limits.delete_spam==1 || vpw->pw_gid & DELETE_SPAM) ) {
++#endif
++ switch (is_spam(msgbuf, file_count)) {
++ case 2:
++#ifdef SPAM_THRESHOLD
+ DeleteMail = 1;
+ return(0);
++#endif
++ case 1:
++ if (limits.delete_spam==1 || vpw->pw_gid & DELETE_SPAM) {
++ DeleteMail = 1;
++ return(0);
++ }
++#ifdef SPAM_JUNKFOLDER
++ MoveMail = 1;
++#endif
+ }
+ }
+ #endif
+ if ( write(write_fd, msgbuf, file_count) == -1 ) return -1;
+ }
++#ifdef SPAMASSASSIN
++ /* No body */
++ if (InHeaders==1) DeleteMail = 1;
++#endif
+
+ return 0;
+ }
+@@ -495,6 +513,11 @@
+ size_t headerlen;
+ int write_fd;
+ char quota[80];
++#ifdef SPAM_JUNKFOLDER
++ struct stat mystatbuf;
++ char dir[MAX_BUFF];
++ char calling_dir[MAX_BUFF];
++#endif
+
+ headerlen = strlen (extra_headers);
+ msgsize += headerlen;
+@@ -557,6 +580,24 @@
+ }
+
+ /* if this succeeds link the file to the new directory */
++#ifdef SPAM_JUNKFOLDER
++ if (MoveMail == 1) {
++ snprintf(dir, sizeof(local_file_new), "%s/.Junk", maildir);
++ if (stat(dir, &mystatbuf) == -1) {
++ /* record the dir where the vdelivermail command was run from */
++ getcwd(calling_dir, sizeof(calling_dir));
++ if (mkdir(dir,VPOPMAIL_DIR_MODE) == -1) { chdir(calling_dir); unlink(local_file_tmp); return(-2); }
++ if (chdir(dir) == -1) { chdir(calling_dir); unlink(local_file_tmp); return(-2); }
++ if (mkdir("cur",VPOPMAIL_DIR_MODE) == -1) { chdir(calling_dir); unlink(local_file_tmp); return(-2); }
++ if (mkdir("new",VPOPMAIL_DIR_MODE) == -1) { chdir(calling_dir); unlink(local_file_tmp); return(-2); }
++ if (mkdir("tmp",VPOPMAIL_DIR_MODE) == -1) { chdir(calling_dir); unlink(local_file_tmp); return(-2); }
++ /* change back to the original dir */
++ chdir(calling_dir);
++ }
++ snprintf(local_file_new, sizeof(local_file_new), "%s/.Junk/new/%lu.%lu.%.32s,S=%lu",
++ maildir, tm, pid, hostname, (long unsigned) msgsize);
++ }
++#endif
+ if ( link( local_file_tmp, local_file_new ) == 0 ) {
+ /* file was successfully delivered, remove temp file */
+ if ( unlink(local_file_tmp) != 0 ) {
+@@ -1207,16 +1248,19 @@
+ * * in the email headers for X-Spam-Level: which
+ * * we put in each spam email
+ * *
+- * * Return 1 if spam
++ * * Return 2 if heavy spam
++ * * Return 1 if light spam
+ * * Return 0 if not spam
+ * * Return -1 on error
+ * */
+-int is_spam(char *spambuf)
++int is_spam(char *spambuf, int len)
+ {
+ int i,j,k;
+ int found;
++ int spam = 0;
++ int rowlen;
+
+- for(i=0,j=0;spambuf[i]!=0;++i) {
++ for(i=0,j=0;i<len;++i) {
+
+ /* found a line */
+ if (spambuf[i]=='\n' || spambuf[i]=='\r' ) {
+@@ -1242,13 +1286,19 @@
+ }
+ if ( found == 0 ) {
+ InHeaders=0;
+- return(0);
++ return(spam);
}
/* still in the headers check for spam header */
-+#ifndef SPAM_THRESHOLD
- if ( strncmp(&spambuf[j], "X-Spam-Flag: YES", 16 ) == 0 ) return(1);
-+#else
-+ if ( strncmp(&spambuf[j], "X-Spam-Level: ", 14 ) == 0 ) {
-+ for (k = 0; k < SPAM_THRESHOLD; k++) {
-+ if (spambuf[j + 14 + k] != '*')
-+ return (0);
-+ }
-+ return(1);
-+ }
+- if ( strncmp(&spambuf[j], "X-Spam-Flag: YES", 16 ) == 0 ) return(1);
++ rowlen = i - j;
++ if ( spam == 0 && rowlen == 16 && strncmp(&spambuf[j], "X-Spam-Flag: YES", 16 ) == 0 )
++ spam = 1;
++#ifdef SPAM_THRESHOLD
++ else if ( rowlen > 14 + SPAM_THRESHOLD && strncmp(&spambuf[j], "X-Spam-Level: ", 14 ) == 0 )
++ return(2);
+#endif
- if (spambuf[i+1]!=0) j=i+1;
+- if (spambuf[i+1]!=0) j=i+1;
++ j=i+1;
}
+ }
+ return(0);
Index: files/patch-vpopmail.c
===================================================================
RCS file: /home/pcvs/ports/mail/vpopmail/files/patch-vpopmail.c,v
retrieving revision 1.4
diff -u -r1.4 patch-vpopmail.c
--- files/patch-vpopmail.c 9 Oct 2007 13:27:24 -0000 1.4
+++ files/patch-vpopmail.c 19 Oct 2007 10:59:46 -0000
@@ -1,7 +1,6 @@
-diff -urN -x .svn ../../vendor/vpopmail/vpopmail.c ./vpopmail.c
---- ../../vendor/vpopmail/vpopmail.c 2007-10-07 23:44:14.000000000 +0300
-+++ ./vpopmail.c 2007-10-08 11:53:36.000000000 +0300
-@@ -1559,7 +1559,7 @@
+--- vpopmail.c.orig 2007-09-30 01:17:35.000000000 +0200
++++ vpopmail.c 2007-10-15 08:30:33.000000000 +0200
+@@ -1562,7 +1562,7 @@
i++;
}
@@ -10,7 +9,7 @@
if( i>0 ) {
for( j=0; j<k; j++ ) {
-@@ -1571,7 +1571,7 @@
+@@ -1574,7 +1574,7 @@
// trim spaces and tabs from end
i = strlen(s) - 1;
@@ -19,7 +18,35 @@
i--;
}
-@@ -4127,11 +4127,19 @@
+@@ -2345,7 +2345,12 @@
+ char calling_dir[MAX_BUFF];
+ char domain_dir[MAX_BUFF];
+ const char *dirnames[] = {"Maildir", "Maildir/new", "Maildir/cur",
+- "Maildir/tmp"};
++ "Maildir/tmp",
++#ifdef SPAM_JUNKFOLDER
++ "Maildir/.Junk", "Maildir/.Junk/new", "Maildir/.Junk/cur",
++ "Maildir/.Junk/tmp",
++#endif
++ };
+ int i;
+
+ verrori = 0;
+@@ -3107,6 +3112,13 @@
+ if (mkdir("cur",VPOPMAIL_DIR_MODE) == -1) { chdir(calling_dir); return(-1); }
+ if (mkdir("new",VPOPMAIL_DIR_MODE) == -1) { chdir(calling_dir); return(-1); }
+ if (mkdir("tmp",VPOPMAIL_DIR_MODE) == -1) { chdir(calling_dir); return(-1); }
++#ifdef SPAM_JUNKFOLDER
++ if (mkdir(".Junk",VPOPMAIL_DIR_MODE) == -1) { chdir(calling_dir); return(-1); }
++ if (chdir(".Junk") == -1) { chdir(calling_dir); return(-1); }
++ if (mkdir("cur",VPOPMAIL_DIR_MODE) == -1) { chdir(calling_dir); return(-1); }
++ if (mkdir("new",VPOPMAIL_DIR_MODE) == -1) { chdir(calling_dir); return(-1); }
++ if (mkdir("tmp",VPOPMAIL_DIR_MODE) == -1) { chdir(calling_dir); return(-1); }
++#endif
+
+ /* set permissions on the user's dir */
+ chdir(dir);
+@@ -4139,11 +4151,19 @@
}
else if ( pid > 0 )
{
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list