Format String Vulnerabilities. security bug #47918 + Fix broken/insecure logfile handling bug #48435

author: Ned Ludd <solar@gentoo.org> 2004-04-23 07:03:39 +0000
committer: Ned Ludd <solar@gentoo.org> 2004-04-23 07:03:39 +0000
commit: 58cd7cdd7ab079ee4585a90091f9ebd5d1e8c4ff (patch)
tree: 1255403521dbacea90e4fa06f0a6b4627db74a66 /net-mail
parent: (Manifest recommit) (diff)
download: gentoo-2-58cd7cdd7ab079ee4585a90091f9ebd5d1e8c4ff.tar.gz
gentoo-2-58cd7cdd7ab079ee4585a90091f9ebd5d1e8c4ff.tar.bz2
gentoo-2-58cd7cdd7ab079ee4585a90091f9ebd5d1e8c4ff.zip
5 files changed, 148 insertions, 8 deletions
diff --git a/net-mail/ssmtp/ChangeLog b/net-mail/ssmtp/ChangeLog
index ad590df21ef3..cbb25b5fd398 100644
--- a/net-mail/ssmtp/ChangeLog
+++ b/net-mail/ssmtp/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-mail/ssmtp
 # Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-mail/ssmtp/ChangeLog,v 1.25 2004/04/13 18:10:07 g2boojum Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/ssmtp/ChangeLog,v 1.26 2004/04/23 07:03:39 solar Exp $
+
+*ssmtp-2.60.7 (23 Apr 2004)
+
+  23 Apr 2004; <solar@gentoo.org> ssmtp-2.60.7.ebuild:
+  Format String Vulnerabilities. security bug #47918 + Fix broken/insecure
+  logfile handling bug #48435
 
 *ssmtp-2.60.4-r2 (13 Apr 2004)
 
diff --git a/net-mail/ssmtp/Manifest b/net-mail/ssmtp/Manifest
index 0b6b395811c4..b7afcad98c45 100644
--- a/net-mail/ssmtp/Manifest
+++ b/net-mail/ssmtp/Manifest
@@ -1,13 +1,16 @@
+MD5 2fdb3ba0b8464e9785b4cdedffa74505 ChangeLog 3926
+MD5 5721b86fd871bdfab77231abc6e02f68 metadata.xml 161
+MD5 70c2b6d79e32213a5cffa638a06189ce ssmtp-2.38.14-r1.ebuild 1468
+MD5 14099b3d6bb3dcef8d93d2ceadafbe32 ssmtp-2.48.ebuild 1545
+MD5 4c5982cbe212fabdde24f8843bf6a2ea ssmtp-2.60.4.ebuild 2244
+MD5 10c62e050bf226c8f084363a3b07d4ee ssmtp-2.60.4-r2.ebuild 2455
+MD5 0b70356123a10338f871ca61f121e63a ssmtp-2.60.7.ebuild 2505
 MD5 0c220581f9fe43f95d74864b63cf5121 files/digest-ssmtp-2.38.14-r1 64
 MD5 7acea6571783e2e8d40bb7aafad39d21 files/digest-ssmtp-2.48 62
+MD5 c833680953ba9941d33fc14dda62532b files/digest-ssmtp-2.60.7 63
+MD5 93225fbc5fd7b8e5500c7b1c85b63fdf files/starttls.diff 4277
 MD5 a57abd57dc7b801340b6db41c80fab11 files/digest-ssmtp-2.60.4 64
 MD5 f466deeaec0316507961656f37af7000 files/ssmtp-2.60.4-md5.patch 1509
-MD5 93225fbc5fd7b8e5500c7b1c85b63fdf files/starttls.diff 4277
 MD5 a57abd57dc7b801340b6db41c80fab11 files/digest-ssmtp-2.60.4-r2 64
 MD5 0ed5447f4d8fd89fa31f23b361c37f59 files/mailer.conf 1026
-MD5 bd647c82b184b55968bfba96ffb7597e ChangeLog 3736
-MD5 5721b86fd871bdfab77231abc6e02f68 metadata.xml 161
-MD5 70c2b6d79e32213a5cffa638a06189ce ssmtp-2.38.14-r1.ebuild 1468
-MD5 14099b3d6bb3dcef8d93d2ceadafbe32 ssmtp-2.48.ebuild 1545
-MD5 4c5982cbe212fabdde24f8843bf6a2ea ssmtp-2.60.4.ebuild 2244
-MD5 10c62e050bf226c8f084363a3b07d4ee ssmtp-2.60.4-r2.ebuild 2455
+MD5 5208fda9912caf3afd94108e6276167e files/ssmtp-2.60.7-logfile.patch 1256
diff --git a/net-mail/ssmtp/files/digest-ssmtp-2.60.7 b/net-mail/ssmtp/files/digest-ssmtp-2.60.7
new file mode 100644
index 000000000000..6130713dbd95
--- /dev/null
+++ b/net-mail/ssmtp/files/digest-ssmtp-2.60.7
@@ -0,0 +1 @@
+MD5 2e3b3f1403d4ae1a7373f80db2f3923e ssmtp_2.60.7.tar.gz 60727
diff --git a/net-mail/ssmtp/files/ssmtp-2.60.7-logfile.patch b/net-mail/ssmtp/files/ssmtp-2.60.7-logfile.patch
new file mode 100644
index 000000000000..6c261860942e
--- /dev/null
+++ b/net-mail/ssmtp/files/ssmtp-2.60.7-logfile.patch
@@ -0,0 +1,42 @@
+diff -Nrup ssmtp-2.60/ssmtp.c ssmtp-2.60-solar/ssmtp.c
+--- ssmtp-2.60/ssmtp.c	2004-04-15 17:03:24.000000000 -0400
++++ ssmtp-2.60-solar/ssmtp.c	2004-04-23 02:55:27.000000000 -0400
+@@ -100,18 +100,20 @@ void log_event(int priority, char *forma
+ {
+ 	char buf[(BUF_SZ + 1)];
+ 	va_list ap;
+-
++#if (defined (LOGFILE) && defined(LOGFILE_FILENAME))
++	FILE *fp;
++#endif
+ 	va_start(ap, format);
+ 	(void)vsnprintf(buf, BUF_SZ, format, ap);
+ 	va_end(ap);
+ 
+-#ifdef LOGFILE
+-	if((fp = fopen("/tmp/ssmtp.log", "a")) != (FILE *)NULL) {
++#if (defined (LOGFILE) && defined(LOGFILE_FILENAME))      
++	if((fp = fopen(LOGFILE_FILENAME, "a")) != (FILE *)NULL) {
+ 		(void)fprintf(fp, "%s\n", buf);
+ 		(void)fclose(fp);
+ 	}
+ 	else {
+-		(void)fprintf(stderr, "Can't write to /tmp/ssmtp.log\n");
++		(void)fprintf(stderr, "Can't write to "LOGFILE_FILENAME"\n");
+ 	}
+ #endif
+ 
+diff -Nrup ssmtp-2.60/ssmtp.h ssmtp-2.60-solar/ssmtp.h
+--- ssmtp-2.60/ssmtp.h	2002-09-27 09:18:24.000000000 -0400
++++ ssmtp-2.60-solar/ssmtp.h	2004-04-23 02:55:59.000000000 -0400
+@@ -22,6 +22,10 @@
+ #define MAXARGS  _POSIX_ARG_MAX
+ #endif
+ 
++#if (defined (LOGFILE) && !defined(LOGFILE_FILENAME))
++#define LOGFILE_FILENAME "/dev/stdout"
++#endif
++
+ typedef enum {False, True} bool_t;
+ 
+ struct string_list {
diff --git a/net-mail/ssmtp/ssmtp-2.60.7.ebuild b/net-mail/ssmtp/ssmtp-2.60.7.ebuild
new file mode 100644
index 000000000000..ed97b6240518
--- /dev/null
+++ b/net-mail/ssmtp/ssmtp-2.60.7.ebuild
@@ -0,0 +1,88 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-mail/ssmtp/ssmtp-2.60.7.ebuild,v 1.1 2004/04/23 07:03:39 solar Exp $
+
+inherit eutils
+
+DESCRIPTION="Extremely simple MTA to get mail off the system to a Mailhub"
+HOMEPAGE="ftp://ftp.debian.org/debian/pool/main/s/ssmtp/"
+SRC_URI="ftp://ftp.debian.org/debian/pool/main/s/ssmtp/${P/-/_}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~sparc ~alpha ~hppa ~mips ~amd64 ~ia64 ~ppc64 ~s390"
+IUSE="ssl ipv6 md5sum"
+
+DEPEND="virtual/glibc
+	ssl? ( dev-libs/openssl )"
+RDEPEND="net-mail/mailwrapper
+	net-mail/mailbase
+	ssl? ( dev-libs/openssl )"
+PROVIDE="virtual/mta"
+
+S=${WORKDIR}/ssmtp-2.60
+
+src_unpack() {
+	unpack ${A} ; cd ${S}
+
+	epatch ${FILESDIR}/ssmtp-2.60.7-logfile.patch
+	use ssl && epatch ${FILESDIR}/starttls.diff
+	use md5sum && epatch ${FILESDIR}/ssmtp-2.60.4-md5.patch
+}
+
+src_compile() {
+	local myconf
+
+	myconf="$( use_enable ssl ) \
+		$( use_enable ipv6 inet6 ) \
+		$( use_enable md5sum md5suth )"
+
+	econf \
+		--sysconfdir=/etc/ssmtp \
+		${myconf} || die
+
+	make clean || die
+	make etcdir=/etc || die
+}
+
+src_install() {
+	dodir /usr/bin /usr/sbin /usr/lib
+	dosbin ssmtp
+	chmod 755 ${D}/usr/sbin/ssmtp
+	dosym /usr/sbin/sendmail /usr/bin/mailq
+	dosym /usr/sbin/sendmail /usr/bin/newaliases
+	# Removed symlink due to conflict with mailx
+	# See bug #7448
+	#dosym /usr/sbin/ssmtp /usr/bin/mail
+	#The sendmail symlink is now handled by mailwrapper
+	#dosym /usr/sbin/ssmtp /usr/sbin/sendmail
+	dosym /usr/sbin/sendmail /usr/lib/sendmail
+	doman ssmtp.8
+	#removing the sendmail.8 symlink to support multiple installed mtas.
+	#dosym /usr/share/man/man8/ssmtp.8 /usr/share/man/man8/sendmail.8
+	dodoc INSTALL README TLS
+	newdoc ssmtp-2.60.lsm
+	insinto /etc/ssmtp
+	doins ssmtp.conf revaliases
+	insinto /etc
+	doins ${FILESDIR}/mailer.conf
+
+	# Set up config file
+	# See bug #22658
+	#local conffile="/etc/ssmtp/ssmtp.conf"
+	#local hostname=`hostname -f`
+	#local domainname=`hostname -d`
+	#mv ${conffile} ${conffile}.orig
+	#sed -e "s:rewriteDomain=:rewriteDomain=${domainname}:g" \
+	#        -e "s:_HOSTNAME_:${hostname}:" \
+	#        -e "s:^mailhub=mail:mailhub=mail.${domainname}:g" \
+	#        ${conffile}.orig > ${conffile}.pre
+	#if [ `use ssl` ];
+	#then
+	#        sed -e "s:^#UseTLS=YES:UseTLS=YES:g" \
+	#                ${conffile}.pre > ${conffile}
+	#        mv ${conffile}.pre ${conffile}.orig
+	#else
+	#        mv ${conffile}.pre ${conffile}
+	#fi
+}
author	Ned Ludd <solar@gentoo.org>	2004-04-23 07:03:39 +0000
committer	Ned Ludd <solar@gentoo.org>	2004-04-23 07:03:39 +0000
commit	58cd7cdd7ab079ee4585a90091f9ebd5d1e8c4ff (patch)
tree	1255403521dbacea90e4fa06f0a6b4627db74a66 /net-mail
parent	(Manifest recommit) (diff)
download	gentoo-2-58cd7cdd7ab079ee4585a90091f9ebd5d1e8c4ff.tar.gz gentoo-2-58cd7cdd7ab079ee4585a90091f9ebd5d1e8c4ff.tar.bz2 gentoo-2-58cd7cdd7ab079ee4585a90091f9ebd5d1e8c4ff.zip