svn commit: r524529 - head/mail/opensmtpd

Dima Panov fluffy at FreeBSD.org
Wed Jan 29 02:55:06 UTC 2020 

Author: fluffy
Date: Wed Jan 29 02:55:05 2020
New Revision: 524529
URL: https://svnweb.freebsd.org/changeset/ports/524529

Log:
  mil/opensmtpd: update to 6.6.2p1 relase
  
  This update addressed LPE and RCE vulnerabilities in OpenSMTPD (CVE-2020-7247)
  https://www.openwall.com/lists/oss-security/2020/01/28/3
  
  This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch
  smtpd to new grammar") and allows an attacker to execute arbitrary shell
  commands, as root:
  
  - either locally, in OpenSMTPD's default configuration (which listens on
    the loopback interface and only accepts mail from localhost);
  
  - or locally and remotely, in OpenSMTPD's "uncommented" default
    configuration (which listens on all interfaces and accepts external
    mail).
  
  PR:		243686
  Reported by:	authors via irc
  MFH:		2020Q1
  Relnotes:	https://www.mail-archive.com/misc@opensmtpd.org/msg04850.html

Modified:
  head/mail/opensmtpd/Makefile
  head/mail/opensmtpd/distinfo

Modified: head/mail/opensmtpd/Makefile
==============================================================================
--- head/mail/opensmtpd/Makefile	Wed Jan 29 02:51:59 2020	(r524528)
+++ head/mail/opensmtpd/Makefile	Wed Jan 29 02:55:05 2020	(r524529)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	opensmtpd
-PORTVERSION=	6.6.1
+PORTVERSION=	6.6.2
 DISTVERSIONSUFFIX=	p1
 PORTEPOCH=	1
 PORTREVISION=	0

Modified: head/mail/opensmtpd/distinfo
==============================================================================
--- head/mail/opensmtpd/distinfo	Wed Jan 29 02:51:59 2020	(r524528)
+++ head/mail/opensmtpd/distinfo	Wed Jan 29 02:55:05 2020	(r524529)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1573040217
-SHA256 (opensmtpd-6.6.1p1.tar.gz) = eb1bedbfb23d9f08f509d92d8efcaf51d56fb2f44492f40ec059d41124a2f1d9
-SIZE (opensmtpd-6.6.1p1.tar.gz) = 776538
+TIMESTAMP = 1580264944
+SHA256 (opensmtpd-6.6.2p1.tar.gz) = 63b811aca56861108bb72f16fcbbf32f1af71e77b8996a9a5654b6a18915df9a
+SIZE (opensmtpd-6.6.2p1.tar.gz) = 777422

More information about the svn-ports-all mailing list