spamass-milter-0.3.1_9 leaving open zombie processes.
in [Ports]
|
Prev: xset/xterm: since update from 1.4 -> 1.5 not able to disablebeeping via 'xset -b' or 'xset b off'
Next: ccache 3.0 port
From: Robert Huff on 10 May 2010 16:07 Ted Hatfield writes: > spamass-milter-0.3.0_9 appears to be an update to fix the > security vulnerability referenced by CVE-2010-1132. The current ported version appears to be 0.3.1_9? Robert Huff _______________________________________________ freebsd-ports(a)freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"
From: Niels Heinen on 10 May 2010 16:05 Hi Ted, Thanks for pointing this out! Can you perhaps send me a port diff? (will shorten the ETA) Thanks, Niels On 05/10/10 21:07, Ted Hatfield wrote: > > spamass-milter-0.3.0_9 appears to be an update to fix the security > vulnerability referenced by CVE-2010-1132. > > However the patch installed for this vulnerability fails to close > processes properly and spamass-milter leaves a large number of zombie > processes open until the milter is restarted. > > Rather than wait for the port maintainer to update this port we > installed the patches found at http://savannah.nongnu.org/bugs/?29326 > > Specifically > file #20020: spamass-milter-0.3.1-syntax.patch > file #20284: spamass-milter-0.3.1-popen.patch > > If anyone wants to see tham I have included the patches I used. > > Does anyone have an ETA for an official update. > > Thank, > > Ted Hatfield > PrismNet Ltd. > IO.COM. > > > > _______________________________________________ > freebsd-ports(a)freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org" -- Niels Heinen FreeBSD committer | www.freebsd.org PGP: 0x5FE39B80 _______________________________________________ freebsd-ports(a)freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"
From: Ted Hatfield on 10 May 2010 17:33 On Mon, 10 May 2010, Robert Huff wrote: > > Ted Hatfield writes: > >> spamass-milter-0.3.0_9 appears to be an update to fix the >> security vulnerability referenced by CVE-2010-1132. > > The current ported version appears to be 0.3.1_9? > > > Robert Huff > _______________________________________________ > freebsd-ports(a)freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org" > Oops, My bad. typo on my part. I meant 0.3.1_9 as listed in the subject line. Ted Hatfield _______________________________________________ freebsd-ports(a)freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org"
From: Ted Hatfield on 10 May 2010 18:18
Forgive my ignorance and the long rambling email below. I have limited knowledge of the intricacies of diff and the patching process so I'm not sure exactly what you are asking for when you say "Can you perhaps send me a port diff?". Here is a full description of the process I went through to get the milter running on my servers. Because I did not know which patches you had already applied to the port nor where you had obtained them, I determined that I would need to patch a copy of the original source by hand with the patches I found at the savannah.nongnu.org website. I downloaded the original source from the savannah.nongnu.org mirror site. I then applied the two patches I listed below to the original source and verified that it would "configure" and "make" properly. These patches can be obtained from http://savannah.nongnu.org/bugs/?29326 file #20020 and file #20284. Once I know that this was working properly I then verified that the distfile the port was downloading was the same as the source I downloaded from the savannah.nongnu.org repository. This convinced me that I could modify the patch files in the /usr/ports/mail/spamass-milter/files folder. Each of the patch files I downloaded from savannah.nongnu.org consisted of a combined diff for the files spamass-milter.cpp and spamass-milter.h. I then separated each individual patch file into separate pieces. I combined those separate pieces together into two new patch files that I used to replace: (note that I said REPLACED) /usr/ports/mail/spamass-milter/files/patch-spamass-milter.cpp /usr/ports/mail/spamass-milter/files/patch-spamass-milter.h Although this "new" port is running on my servers and it appears to have fixed both the security flaw and the zombie process bug, I'm uncertain if I have opened up any other security hole or bug in the process, because I don't know what other patches you had in place that I removed nor what their purpose was. I sent my original email both as a way of informing the port maintainer of the problem as well as a link to the code that purported to fix the problem, hoping that you would have a better idea of what else I might have broken when I "fixed" the problem. If you require something from me that I can provide please let me know and I'll do my best to get it to you. Thanks, Ted Hatfield On Mon, 10 May 2010, Niels Heinen wrote: > Hi Ted, > > Thanks for pointing this out! > Can you perhaps send me a port diff? (will shorten the ETA) > > Thanks, > Niels > > On 05/10/10 21:07, Ted Hatfield wrote: >> >> spamass-milter-0.3.0_9 appears to be an update to fix the security >> vulnerability referenced by CVE-2010-1132. >> >> However the patch installed for this vulnerability fails to close >> processes properly and spamass-milter leaves a large number of zombie >> processes open until the milter is restarted. >> >> Rather than wait for the port maintainer to update this port we >> installed the patches found at http://savannah.nongnu.org/bugs/?29326 >> >> Specifically >> file #20020: spamass-milter-0.3.1-syntax.patch >> file #20284: spamass-milter-0.3.1-popen.patch >> >> If anyone wants to see tham I have included the patches I used. >> >> Does anyone have an ETA for an official update. >> >> Thank, >> >> Ted Hatfield >> PrismNet Ltd. >> IO.COM. >> >> >> >> _______________________________________________ >> freebsd-ports(a)freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ports >> To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org" > > -- > Niels Heinen > FreeBSD committer | www.freebsd.org > PGP: 0x5FE39B80 > > _______________________________________________ > freebsd-ports(a)freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org" > _______________________________________________ freebsd-ports(a)freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscribe(a)freebsd.org" |