Version bump, security bug #234391

Package-Manager: portage-2.2_rc8/cvs/Linux 2.6.25-gentoo-r7 x86_64

5 files changed, 29 insertions, 99 deletions

diff --git a/mail-mta/ssmtp/ChangeLog b/mail-mta/ssmtp/ChangeLog
index cf3f226f4322..89aec3ec7f40 100644
--- a/mail-mta/ssmtp/ChangeLog
+++ b/mail-mta/ssmtp/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for mail-mta/ssmtp
 # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-mta/ssmtp/ChangeLog,v 1.59 2008/09/09 12:22:55 rbu Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-mta/ssmtp/ChangeLog,v 1.60 2008/09/09 19:30:25 dertobi123 Exp $
+
+*ssmtp-2.62-r3 (09 Sep 2008)
+
+  09 Sep 2008; Tobias Scherbaum <dertobi123@gentoo.org>
+  +files/CVE-2008-3962.patch, -ssmtp-2.62-r1.ebuild, -ssmtp-2.62-r2.ebuild,
+  +ssmtp-2.62-r3.ebuild:
+  Version bump, security bug #234391
 
   09 Sep 2008; Robert Buchholz <rbu@gentoo.org> ssmtp-2.62-r1.ebuild:
   reverting stables
diff --git a/mail-mta/ssmtp/Manifest b/mail-mta/ssmtp/Manifest
index 321a607e149b..95e12bcfb13f 100644
--- a/mail-mta/ssmtp/Manifest
+++ b/mail-mta/ssmtp/Manifest
@@ -1,3 +1,4 @@
+AUX CVE-2008-3962.patch 293 RMD160 5e61ae056d707337d8f3d4a5e18e35ca1fd2217e SHA1 ebab9f9636b83b4b151d852baa7a1b90b2871871 SHA256 48367c82bdb77d26b144954eb908de56494999154ed6399b0cd148be340fb231
 AUX mailer.conf 349 RMD160 1cad356faa6ee30e7bed9d70754487cac8f088e5 SHA1 4ab7aeef9fcaa021cff2845ffdac1ccb65dddfa4 SHA256 7b04fc27f8ca41b586ae68cbeffb509c2408afcc592462b617fba78b5d7aa88a
 AUX ssmtp-2.61-bug127592.patch 385 RMD160 61f877e742bbf23e13056884bccae5a22a17fe75 SHA1 27a4aafc3cbffd11c6427e5ac02c3484396091ef SHA256 256a783b5e73b9914cb49854b367ce9f5781d8664cd640e6b0b9d0b5f6948edc
 AUX ssmtp-2.62-maxsysuid-conf.patch 667 RMD160 9a515e40aedc8eb8784cc7bb9b75b55536877f42 SHA1 af175c8fd039fcd7a125b2c3f3eba80bd69006dd SHA256 634d8e1e66d9a1c13aa4b75de37194899d12ed069b7cd651c3f49e361745b99e
@@ -6,7 +7,6 @@ AUX ssmtp-2.62-strndup.patch 682 RMD160 d56434a83ec6bb49cafb67846e0082551d1a3be3
 DIST ssmtp_2.61.orig.tar.gz 53341 RMD160 da76ee6dd86fc663e6fd69fcb2fb5f550f716de7 SHA1 bc4b6c20bf8c2c9e66b359e3c24545a2615a1988 SHA256 2151ad18cb73f9a254f796dde2b48be7318b45410b59fedbb258db5a41044fb5
 DIST ssmtp_2.62.orig.tar.gz 57127 RMD160 1c16b2d50224f4d29813a34f87a3480e66892b36 SHA1 5c15aafb252f6cb11e4b93140a1457b6cb0d0fb8 SHA256 e2a0a5379cd0bbb0b4b0304abeba7a8f60aa85275982c5d7930c319e7f284ed1
 EBUILD ssmtp-2.61-r2.ebuild 3427 RMD160 a675e5b8374d158cea313535386fb4d4e82169b6 SHA1 d833114b89c59bd48c44bef8e192f1f6b2759519 SHA256 1e00a67f270d423f140dac1a49c6e02af4acce82130825f854c6632bbec2348b
-EBUILD ssmtp-2.62-r1.ebuild 2538 RMD160 8ae93141c8fb9ec52c0792f6c6713eac5f68221e SHA1 bb3ad2ae13a8a6025c7f9cbbb442281ea371879d SHA256 dfb4a90eb9c2173754067d5486c5ba38fb3866d5b10c3c76b173049bb653ee98
-EBUILD ssmtp-2.62-r2.ebuild 2738 RMD160 8a9a4d4ea132a24ef5cceafeedfd401ce462bdda SHA1 3bc1ecf604b924f21f5bef9145e10ce6a93bde09 SHA256 7a79382e11c06d0076e462740096a5894a3647dd4e7a0ad19b0c0c1839294f9d
-MISC ChangeLog 12894 RMD160 a03c80e114614cc8c3d7d72ede3cedef055190ef SHA1 41c3c22d5968b9afb844b90462ea0a56062fe84b SHA256 ddd35bce0e14b9524f16171b9228a7e0279c776a470047b76c905f3e6283a1bf
+EBUILD ssmtp-2.62-r3.ebuild 2799 RMD160 31f3cfe151ad1309eaa0fb2a7575ac7d3d15b0d5 SHA1 b9e91c8cc5eca4a6a7778bfb055c17e9b689ec11 SHA256 0032cff1c9b10ba899f846345c9f396d218c40a664570fc20344aad49943b343
+MISC ChangeLog 13126 RMD160 313031b5655ec09300bf0fa86c6c3fe3893eae7b SHA1 4615de5282d73900a7c3d363211de27bb913b301 SHA256 1b374ecfe10c85dc974e710ac04b23ceb86be1ae07c30c1c60c3eda9dfb0ca28
 MISC metadata.xml 291 RMD160 2e697d312e59fe9a8a198f5d79f0b20c29abb633 SHA1 b6498cb6d5b33475440898598dfc05f3a7c554a7 SHA256 547e579723c831c40d6184225f181e11e949cf8310a3433d6ece7ee61fc23887
diff --git a/mail-mta/ssmtp/files/CVE-2008-3962.patch b/mail-mta/ssmtp/files/CVE-2008-3962.patch
new file mode 100644
index 000000000000..fca144fa6807
--- /dev/null
+++ b/mail-mta/ssmtp/files/CVE-2008-3962.patch
@@ -0,0 +1,14 @@
+--- ssmtp.orig/ssmtp.c
++++ ssmtp/ssmtp.c
+@@ -485,6 +485,11 @@ char *from_format(char *str, bool_t over
+ 				die("from_format() -- snprintf() failed");
+ 			}
+ 		}
++		else {
++			if(snprintf(buf, BUF_SZ, "%s", str) == -1) {
++				die("from_format() -- snprintf() failed");
++			}
++		}
+ 	}
+ 
+ #if 0
diff --git a/mail-mta/ssmtp/ssmtp-2.62-r1.ebuild b/mail-mta/ssmtp/ssmtp-2.62-r1.ebuild
deleted file mode 100644
index 4aa0a89508e6..000000000000
--- a/mail-mta/ssmtp/ssmtp-2.62-r1.ebuild
+++ /dev/null
@@ -1,94 +0,0 @@
-# Copyright 1999-2008 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/mail-mta/ssmtp/ssmtp-2.62-r1.ebuild,v 1.4 2008/09/09 12:22:55 rbu Exp $
-
-inherit eutils toolchain-funcs autotools
-
-DESCRIPTION="Extremely simple MTA to get mail off the system to a Mailhub"
-HOMEPAGE="ftp://ftp.debian.org/debian/pool/main/s/ssmtp/"
-SRC_URI="mirror://debian/pool/main/s/ssmtp/${P/-/_}.orig.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
-IUSE="ssl ipv6 md5sum"
-
-DEPEND="ssl? ( dev-libs/openssl )"
-RDEPEND="${DEPEND}
-	!net-mail/mailwrapper
-	!virtual/mta"
-PROVIDE="virtual/mta"
-
-S="${WORKDIR}/${PN}"
-
-pkg_setup() {
-	enewgroup ssmtp
-}
-
-src_unpack() {
-	unpack ${A}
-	cd "${S}"
-
-	epatch "${FILESDIR}/${P}-strndup.patch"
-	eautoreconf
-
-	# Respect LDFLAGS (bug #152197)
-	sed -i -e 's:$(CC) -o:$(CC) @LDFLAGS@ -o:' Makefile.in
-}
-
-src_compile() {
-	tc-export CC LD
-
-	econf \
-		--sysconfdir=/etc/ssmtp \
-		$(use_enable ssl) \
-		$(use_enable ipv6 inet6) \
-		$(use_enable md5sum md5auth) \
-		|| die
-	make clean || die
-	make etcdir=/etc || die
-}
-
-src_install() {
-	dodir /usr/bin /usr/sbin /usr/lib
-	dosbin ssmtp || die
-	fperms 755 /usr/sbin/ssmtp
-
-	doman ssmtp.8
-	dodoc INSTALL README TLS CHANGELOG_OLD
-	newdoc ssmtp.lsm DESC
-
-	insinto /etc/ssmtp
-	doins ssmtp.conf revaliases
-
-	local conffile="${D}etc/ssmtp/ssmtp.conf"
-
-	mv "${conffile}" "${conffile}.orig"
-
-	# Sorry about the weird indentation, I couldn't figure out a cleverer way
-	# to do this without having horribly >80 char lines.
-	sed -e "s:^hostname=:\n# Gentoo bug #47562\\
-# Commenting the following line will force ssmtp to figure\\
-# out the hostname itself.\n\\
-# hostname=:" \
-		"${conffile}.orig" > "${conffile}" \
-		|| die "sed failed"
-
-	rm "${conffile}.orig" || die "Failed to remove temporary created copy of ssmtp.conf"
-
-	# Set restrictive perms on ssmtp.conf as per #187841
-	# Protect the ssmtp configfile from being readable by regular users as it
-	# may contain login/password data to auth against a the mailhub used, add
-	# users to the ssmtp group to enable them to use ssmtp.
-	fowners root:ssmtp /etc/ssmtp/ssmtp.conf
-	fperms 640 /etc/ssmtp/ssmtp.conf
-
-	fowners root:ssmtp /usr/sbin/ssmtp
-	fperms 750 /usr/sbin/ssmtp
-
-	dosym /usr/sbin/ssmtp /usr/lib/sendmail
-	dosym /usr/sbin/ssmtp /usr/bin/sendmail
-	dosym /usr/sbin/ssmtp /usr/sbin/sendmail
-	dosym /usr/sbin/ssmtp /usr/bin/mailq
-	dosym /usr/sbin/ssmtp /usr/bin/newaliases
-}
diff --git a/mail-mta/ssmtp/ssmtp-2.62-r2.ebuild b/mail-mta/ssmtp/ssmtp-2.62-r3.ebuild
index ffbfe8082641..7413f6fa7b01 100644
--- a/mail-mta/ssmtp/ssmtp-2.62-r2.ebuild
+++ b/mail-mta/ssmtp/ssmtp-2.62-r3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/mail-mta/ssmtp/ssmtp-2.62-r2.ebuild,v 1.2 2008/09/06 16:52:57 mr_bones_ Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-mta/ssmtp/ssmtp-2.62-r3.ebuild,v 1.1 2008/09/09 19:30:25 dertobi123 Exp $
 
 inherit eutils toolchain-funcs autotools
 
@@ -35,6 +35,9 @@ src_unpack() {
 		epatch "${FILESDIR}"/${P}-maxsysuid-conf.patch
 	fi
 
+	# CVE-2008-3962
+	epatch "${FILESDIR}/CVE-2008-3962.patch"
+
 	epatch "${FILESDIR}/${P}-strndup.patch"
 	eautoreconf