pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q1]: pkgsrc/mail/gld Pullup ticket 440 - requested by Lubo...
details: https://anonhg.NetBSD.org/pkgsrc/rev/caddcec0311c
branches: pkgsrc-2005Q1
changeset: 490941:caddcec0311c
user: snj <snj%pkgsrc.org@localhost>
date: Thu Apr 14 04:42:23 2005 +0000
description:
Pullup ticket 440 - requested by Lubomir Sedlacik
security fix for gld
Revisions pulled up:
- pkgsrc/mail/gld/Makefile 1.5, 1.6
- pkgsrc/mail/gld/MESSAGE 1.4
- pkgsrc/mail/gld/PLIST 1.2
- pkgsrc/mail/gld/distinfo 1.3, 1.4, 1.5, 1.6, 1.7, 1.8
- pkgsrc/mail/gld/patches/patch-aa 1.2, 1.3, 1.4, 1.5
- pkgsrc/mail/gld/patches/patch-ab 1.1, 1.2, 1.3
- pkgsrc/mail/gld/patches/patch-ac 1.1
- pkgsrc/mail/gld/patches/patch-ad 1.1
- pkgsrc/mail/gld/patches/patch-ae 1.1
- pkgsrc/mail/gld/patches/patch-af 1.1
Module Name: pkgsrc
Committed By: christos
Date: Wed Apr 13 16:19:59 UTC 2005
Modified Files:
pkgsrc/mail/gld: Makefile distinfo
pkgsrc/mail/gld/patches: patch-aa
Added Files:
pkgsrc/mail/gld/patches: patch-ab
Log Message:
Update to 1.5 to fix security vulnerability issues.
- Add more patches to totally eliminate strcpy(); this code is horrible.
----
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 13 16:36:07 UTC 2005
Modified Files:
pkgsrc/mail/gld: distinfo
pkgsrc/mail/gld/patches: patch-ab
Added Files:
pkgsrc/mail/gld/patches: patch-ac patch-ad patch-ae patch-af
Log Message:
Split patch-ab to one patch per file.
----
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 13 16:42:43 UTC 2005
Modified Files:
pkgsrc/mail/gld: Makefile
Log Message:
Remove PKGREVISION.
----
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 13 17:00:14 UTC 2005
Modified Files:
pkgsrc/mail/gld: distinfo
pkgsrc/mail/gld/patches: patch-ab
Log Message:
Put the correct content into patch-ab.. *sigh*
----
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 13 17:07:49 UTC 2005
Modified Files:
pkgsrc/mail/gld: PLIST distinfo
pkgsrc/mail/gld/patches: patch-aa
Log Message:
Fix installation of sql scripts.
This package needs more work.. (e.g., pgsql support)
----
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 13 17:12:08 UTC 2005
Modified Files:
pkgsrc/mail/gld: distinfo
pkgsrc/mail/gld/patches: patch-aa
Log Message:
Install all the correct files..
----
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 13 17:14:01 UTC 2005
Modified Files:
pkgsrc/mail/gld: distinfo
pkgsrc/mail/gld/patches: patch-aa
Log Message:
Add rcsid.
----
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 13 17:30:28 UTC 2005
Modified Files:
pkgsrc/mail/gld: MESSAGE
Log Message:
Point to the correct sql script.
XXX: this should be reworked when pgsql support is added
Style.
diffstat:
mail/gld/MESSAGE | 11 ++--
mail/gld/Makefile | 5 +-
mail/gld/PLIST | 6 +-
mail/gld/distinfo | 15 ++++--
mail/gld/patches/patch-aa | 15 +++---
mail/gld/patches/patch-ab | 54 ++++++++++++++++++++++++++
mail/gld/patches/patch-ac | 81 ++++++++++++++++++++++++++++++++++++++++
mail/gld/patches/patch-ad | 65 ++++++++++++++++++++++++++++++++
mail/gld/patches/patch-ae | 95 +++++++++++++++++++++++++++++++++++++++++++++++
mail/gld/patches/patch-af | 19 +++++++++
10 files changed, 343 insertions(+), 23 deletions(-)
diffs (truncated from 451 to 300 lines):
diff -r 18af1de66a4b -r caddcec0311c mail/gld/MESSAGE
--- a/mail/gld/MESSAGE Thu Apr 14 04:22:39 2005 +0000
+++ b/mail/gld/MESSAGE Thu Apr 14 04:42:23 2005 +0000
@@ -1,11 +1,11 @@
===========================================================================
-$NetBSD: MESSAGE,v 1.3 2004/11/25 17:22:31 xtraeme Exp $
+$NetBSD: MESSAGE,v 1.3.4.1 2005/04/14 04:42:23 snj Exp $
To configure gld, the following steps should be completed:
-$ mysql -e "create database gld"
-$ mysql -e "grant all on gld.* to gld@localhost identified by 'PASSWORD'"
-$ mysql gld < ${PREFIX}/share/gld/tables.sql
+ $ mysql -e "create database gld"
+ $ mysql -e "grant all on gld.* to gld@localhost identified by 'PASSWORD'"
+ $ mysql gld < ${PREFIX}/share/gld/tables.mysql
Modify "PASSWORD" with your desired password.
@@ -19,6 +19,5 @@
Start gld via ${RCD_SCRIPTS_DIR}/gld start
-it should be running fine now; good luck!
-
+It should be running fine now; good luck!
===========================================================================
diff -r 18af1de66a4b -r caddcec0311c mail/gld/Makefile
--- a/mail/gld/Makefile Thu Apr 14 04:22:39 2005 +0000
+++ b/mail/gld/Makefile Thu Apr 14 04:42:23 2005 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.3 2004/12/28 02:47:44 reed Exp $
+# $NetBSD: Makefile,v 1.3.2.1 2005/04/14 04:42:23 snj Exp $
#
-DISTNAME= gld-1.4
-PKGREVISION= 1
+DISTNAME= gld-1.5
CATEGORIES= mail
MASTER_SITES= http://www.gasmi.net/down/
EXTRACT_SUFX= .tgz
diff -r 18af1de66a4b -r caddcec0311c mail/gld/PLIST
--- a/mail/gld/PLIST Thu Apr 14 04:22:39 2005 +0000
+++ b/mail/gld/PLIST Thu Apr 14 04:42:23 2005 +0000
@@ -1,9 +1,11 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2004/11/25 05:42:40 xtraeme Exp $
+@comment $NetBSD: PLIST,v 1.1.1.1.4.1 2005/04/14 04:42:23 snj Exp $
bin/gld
share/doc/gld/LICENCE
share/doc/gld/README
share/examples/gld/gld.conf
-share/gld/tables.sql
+share/gld/table-whitelist.sql
+share/gld/tables.mysql
+share/gld/tables.pgsql
@dirrm share/gld
@dirrm share/examples/gld
@dirrm share/doc/gld
diff -r 18af1de66a4b -r caddcec0311c mail/gld/distinfo
--- a/mail/gld/distinfo Thu Apr 14 04:22:39 2005 +0000
+++ b/mail/gld/distinfo Thu Apr 14 04:42:23 2005 +0000
@@ -1,6 +1,11 @@
-$NetBSD: distinfo,v 1.2 2005/02/24 09:59:22 agc Exp $
+$NetBSD: distinfo,v 1.2.2.1 2005/04/14 04:42:23 snj Exp $
-SHA1 (gld-1.4.tgz) = c5844b1537407dad658fd4e47fe6104047af9346
-RMD160 (gld-1.4.tgz) = f0f088384d896b9ce156c07afa172740ff621f9b
-Size (gld-1.4.tgz) = 35714 bytes
-SHA1 (patch-aa) = 90310c9e831372c7a94048cff47c72a17b65f605
+SHA1 (gld-1.5.tgz) = febc398be2e68bf7b4bc6e3015da2f225760204d
+RMD160 (gld-1.5.tgz) = dab09c1776fb014effdd3d87d4a6808274bbfdd9
+Size (gld-1.4.tgz) = 39030 bytes
+SHA1 (patch-aa) = 71bc915a5096a3d93cd7b5313f135b68312ec19a
+SHA1 (patch-ab) = 629b99be25d536ceb646d47f079455a4b092fe24
+SHA1 (patch-ac) = 8d484c0d6a5cbc88f2c4c66143e6aa9a91131bf1
+SHA1 (patch-ad) = 1083bdc0040696a5ac014204c1a4a8e35fdeda53
+SHA1 (patch-ae) = d27cefd2784223792942bd0b5b95fb810972d308
+SHA1 (patch-af) = bde3756d6d8180f13c87a36b69264de5ff385c7c
diff -r 18af1de66a4b -r caddcec0311c mail/gld/patches/patch-aa
--- a/mail/gld/patches/patch-aa Thu Apr 14 04:22:39 2005 +0000
+++ b/mail/gld/patches/patch-aa Thu Apr 14 04:42:23 2005 +0000
@@ -1,19 +1,19 @@
-$NetBSD: patch-aa,v 1.1.1.1 2004/11/25 05:42:40 xtraeme Exp $
+$NetBSD: patch-aa,v 1.1.1.1.4.1 2005/04/14 04:42:23 snj Exp $
---- Makefile.in.orig 2004-07-14 22:52:53.000000000 +0200
-+++ Makefile.in 2004-11-25 05:53:05.000000000 +0100
+--- Makefile.in.orig 2004-10-12 14:41:49.000000000 +0200
++++ Makefile.in 2005-04-13 19:10:29.000000000 +0200
@@ -1,8 +1,8 @@
all: gld
gld: cnf.o server.o sql.o sockets.o greylist.o gld.h
-- @CC@ -O2 @DEFS@ -Wall server.o sql.o sockets.o cnf.o greylist.o @MYSQL_LIBS@ -o gld
+- @CC@ -O2 @DEFS@ -Wall server.o sql.o sockets.o cnf.o greylist.o @LIBS@ @SQL_LIBS@ -o gld
- strip gld
+ @CC@ -O2 @DEFS@ -Wall server.o sql.o sockets.o cnf.o greylist.o \
-+ $(LDFLAGS) -lmysqlclient -o gld
++ $(LDFLAGS) -lmysqlclient -o gld
sockets.o: sockets.c sockets.h
@CC@ -O2 @DEFS@ -Wall -c sockets.c
-@@ -23,11 +23,14 @@
+@@ -23,11 +23,15 @@
rm -f gld *.o
install: gld gld.conf
@@ -28,7 +28,8 @@
+ $(BSD_INSTALL_DATA_DIR) $(PREFIX)/share/gld
+ $(BSD_INSTALL_DATA_DIR) $(PREFIX)/share/doc/gld
+ $(BSD_INSTALL_DATA) gld.conf $(PREFIX)/share/examples/gld
-+ $(BSD_INSTALL_DATA) tables.sql $(PREFIX)/share/gld
++ $(BSD_INSTALL_DATA) table-whitelist.sql $(PREFIX)/share/gld
++ $(BSD_INSTALL_DATA) tables.* $(PREFIX)/share/gld
+ $(BSD_INSTALL_DATA) README LICENCE $(PREFIX)/share/doc/gld
distclean: clean
diff -r 18af1de66a4b -r caddcec0311c mail/gld/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/gld/patches/patch-ab Thu Apr 14 04:42:23 2005 +0000
@@ -0,0 +1,54 @@
+$NetBSD: patch-ab,v 1.3.2.2 2005/04/14 04:42:23 snj Exp $
+
+--- greylist.c.orig 2005-04-13 05:26:10.000000000 -0400
++++ greylist.c 2005-04-13 12:03:39.000000000 -0400
+@@ -21,8 +21,11 @@
+
+ ts=time(0);
+ strncpy(oip,ip,sizeof(oip)-1);
++oip[sizeof(oip)-1] = '\0';
+ strncpy(osender,sender,sizeof(osender)-1);
++osender[sizeof(osender)-1] = '\0';
+ strncpy(orecipient,recipient,sizeof(orecipient)-1);
++orecipient[sizeof(orecipient)-1] = '\0';
+
+ if(conf->debug==1) printf("%d: Starting the greylist algo\n",pid);
+
+@@ -68,10 +71,18 @@
+ if(conf->debug==1) printf("%d: lightgrey on domain is on, let's keep the domain only on recipient and sender\n",pid);
+
+ domain=(char *)strstr(osender,"@");
+- if(domain!=NULL) strncpy(sender,domain,BLEN-1);
++ if(domain!=NULL)
++ {
++ strncpy(sender,domain,BLEN-1);
++ sender[BLEN-1] = '\0';
++ }
+
+ domain=(char *)strstr(orecipient,"@");
+- if(domain!=NULL) strncpy(recipient,domain,BLEN-1);
++ if(domain!=NULL)
++ {
++ strncpy(recipient,domain,BLEN-1);
++ recipient[BLEN-1] = '\0';
++ }
+ }
+
+ //
+@@ -119,6 +130,7 @@
+ if(domain==NULL) domain=osender;
+
+ strncpy(netw,oip,sizeof(netw)-1);
++ netw[sizeof(netw)-1] = '\0';
+ l=strlen(netw);
+ for(i=l-1;i>=0;i--)
+ if(netw[i]=='.')
+@@ -148,7 +160,7 @@
+ if(x==4)
+ {
+ snprintf(query,sizeof(query)-1,"%d.%d.%d.%d.%s",d,c,b,a,conf->dnswl);
+- n=DnsIp(query,NULL);
++ n=DnsIp(query,NULL, 0);
+ if(conf->debug==1) printf("%d: DNSQuery=(%s) result=%ld\n",pid,query,n);
+ if(n==0)
+ {
diff -r 18af1de66a4b -r caddcec0311c mail/gld/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/gld/patches/patch-ac Thu Apr 14 04:42:23 2005 +0000
@@ -0,0 +1,81 @@
+$NetBSD: patch-ac,v 1.1.2.2 2005/04/14 04:42:23 snj Exp $
+
+--- cnf.c.orig 2005-04-13 12:06:54.000000000 -0400
++++ cnf.c 2005-04-13 12:11:51.000000000 -0400
+@@ -36,11 +36,16 @@
+
+ // We set the default values
+
+-strcpy(conf->sqlhost,"localhost");
+-strcpy(conf->sqluser,"myuser");
+-strcpy(conf->sqldb,"mydb");
+-strcpy(conf->sqlpasswd,"mypasswd");
+-strcpy(conf->message,"Greylisted");
++strncpy(conf->sqlhost,"localhost",sizeof(conf->sqlhost)-1);
++conf->sqlhost[sizeof(conf->sqlhost)-1] = '\0';
++strncpy(conf->sqluser,"myuser",sizeof(conf->sqluser)-1);
++conf->sqluser[sizeof(conf->sqluser)-1] = '\0';
++strncpy(conf->sqldb,"mydb",sizeof(conf->sqldb)-1);
++conf->sqldb[sizeof(conf->sqldb)-1] = '\0';
++strncpy(conf->sqlpasswd,"mypasswd",sizeof(conf->sqlpasswd)-1);
++conf->sqlpasswd[sizeof(conf->sqlpasswd)-1] = '\0';
++strncpy(conf->message,"Greylisted",sizeof(conf->message)-1);
++conf->message[sizeof(conf->message)-1] = '\0';
+ conf->port=2525;
+ conf->maxcon=100;
+ conf->mini=60;
+@@ -73,14 +78,46 @@
+ buffer[strlen(buffer)-1]=0;
+ *p=0;
+ if(strcmp(buffer,"CLIENTS")==0) ReadClients(conf,p+1);
+- if(strcmp(buffer,"USER")==0) strcpy(conf->user,p+1);
+- if(strcmp(buffer,"GROUP")==0) strcpy(conf->grp,p+1);
+- if(strcmp(buffer,"DNSWL")==0) strcpy(conf->dnswl,p+1);
+- if(strcmp(buffer,"SQLHOST")==0) strcpy(conf->sqlhost,p+1);
+- if(strcmp(buffer,"SQLUSER")==0) strcpy(conf->sqluser,p+1);
+- if(strcmp(buffer,"SQLDB")==0) strcpy(conf->sqldb,p+1);
+- if(strcmp(buffer,"SQLPASSWD")==0) strcpy(conf->sqlpasswd,p+1);
+- if(strcmp(buffer,"MESSAGE")==0) strcpy(conf->message,p+1);
++ if(strcmp(buffer,"USER")==0)
++ {
++ strncpy(conf->user,p+1,sizeof(conf->user)-1);
++ conf->user[sizeof(conf->user)-1] = '\0';
++ }
++ if(strcmp(buffer,"GROUP")==0)
++ {
++ strncpy(conf->grp,p+1,sizeof(conf->grp)-1);
++ conf->grp[sizeof(conf->grp)-1] = '\0';
++ }
++ if(strcmp(buffer,"DNSWL")==0)
++ {
++ strncpy(conf->dnswl,p+1,sizeof(conf->dnswl)-1);
++ conf->dnswl[sizeof(conf->dnswl)-1] = '\0';
++ }
++ if(strcmp(buffer,"SQLHOST")==0)
++ {
++ strncpy(conf->sqlhost,p+1,sizeof(conf->sqlhost)-1);
++ conf->sqlhost[sizeof(conf->sqlhost)-1] = '\0';
++ }
++ if(strcmp(buffer,"SQLUSER")==0)
++ {
++ strncpy(conf->sqluser,p+1,sizeof(conf->sqluser)-1);
++ conf->sqluser[sizeof(conf->sqluser)-1] = '\0';
++ }
++ if(strcmp(buffer,"SQLDB")==0)
++ {
++ strncpy(conf->sqldb,p+1,sizeof(conf->sqldb)-1);
++ conf->sqldb[sizeof(conf->sqldb)-1] = '\0';
++ }
++ if(strcmp(buffer,"SQLPASSWD")==0)
++ {
++ strncpy(conf->sqlpasswd,p+1,sizeof(conf->sqlpasswd)-1);
++ conf->sqlpasswd[sizeof(conf->sqlpasswd)-1] = '\0';
++ }
++ if(strcmp(buffer,"MESSAGE")==0)
++ {
++ strncpy(conf->message,p+1,sizeof(conf->message)-1);
++ conf->message[sizeof(conf->message)-1] = '\0';
++ }
+ if(strcmp(buffer,"PORT")==0) conf->port=atoi(p+1);
+ if(strcmp(buffer,"MAXCON")==0) conf->maxcon=atoi(p+1);
+ if(strcmp(buffer,"MINTIME")==0) conf->mini=atol(p+1);
diff -r 18af1de66a4b -r caddcec0311c mail/gld/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/gld/patches/patch-ad Thu Apr 14 04:42:23 2005 +0000
@@ -0,0 +1,65 @@
+$NetBSD: patch-ad,v 1.1.2.2 2005/04/14 04:42:23 snj Exp $
+
+--- server.c.orig 2005-04-13 03:28:29.000000000 -0400
++++ server.c 2005-04-13 12:15:36.000000000 -0400
+@@ -208,7 +208,7 @@
+ int pid;
+
+ pid=getpid();
+-GetPeerIp(s,ip,buff);
++GetPeerIp(s,ip,BLEN,buff,BLEN);
+
+ //
+ // We check if this IP is authorized to connect to us
+@@ -261,21 +261,34 @@
+ // Now, we are sure our buffer string length is no more than BLEN
+ // as all parameters are defined also as buffers with a BLEN size
+ // no buffer overflow is possible using strcpy .
++ // But what's the point. Protect it anyway.
+ //
+
+ if(strcmp(buff,"")==0) break;
+
+ if(strncmp(buff,"request=",8)==0)
+- strcpy(request,buff+8);
++ {
++ strncpy(request,buff+8, sizeof(request)-1);
++ request[sizeof(request)-1] = '\0';
++ }
+
+ if(strncmp(buff,"sender=",7)==0)
+- strcpy(sender,buff+7);
++ {
++ strncpy(sender,buff+7, sizeof(sender)-1);
++ sender[sizeof(sender)-1] = '\0';
++ }
+
Home |
Main Index |
Thread Index |
Old Index