Module Name:	pkgsrc
Committed By:	adrianp
Date:		Wed Mar 22 19:56:37 UTC 2006

Modified Files:
	pkgsrc/mail/sendmail: Makefile Makefile.common distinfo

Log Message:
Update sendmail to address the current security issue
Bump to nb2
This will change the internal version of sendmail to 8.13.5.20060308
> 	SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> 		and client side of sendmail with timeouts in the libsm I/O
> 		layer and fix problems in that code.  Also fix handling of
> 		a buffer in sm_syslog() which could have been used as an
> 		attack vector to exploit the unsafe handling of
> 		setjmp(3)/longjmp(3) in combination with signals.
> 		Problem detected by Mark Dowd of ISS X-Force.
> 	Handle theoretical integer overflows that could triggered if
> 		the server accepted headers larger than the maximum
> 		(signed) integer value.  This is prevented in the default
> 		configuration by restricting the size of a header, and on
> 		most machines memory allocations would fail before reaching
> 		those values.  Problems found by Phil Brass of ISS.


To generate a diff of this commit:
cvs rdiff -r1.83 -r1.84 pkgsrc/mail/sendmail/Makefile
cvs rdiff -r1.31 -r1.32 pkgsrc/mail/sendmail/Makefile.common
cvs rdiff -r1.26 -r1.27 pkgsrc/mail/sendmail/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.