Subject: CVS commit: [pkgsrc-2005Q4] pkgsrc/mail/sendmail
To: None <>
From: Lubomir Sedlacik <>
List: pkgsrc-changes
Date: 03/24/2006 16:12:19
Module Name:	pkgsrc
Committed By:	salo
Date:		Fri Mar 24 16:12:19 UTC 2006

Modified Files:
	pkgsrc/mail/sendmail [pkgsrc-2005Q4]: Makefile Makefile.common distinfo

Log Message:
Pullup ticket 1255 - requested by Todd Vierling
security fix for sendmail

Revisions pulled up:
- pkgsrc/mail/sendmail/Makefile			1.84
- pkgsrc/mail/sendmail/Makefile.common		1.32
- pkgsrc/mail/sendmail/distinfo			1.27

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Wed Mar 22 19:56:37 UTC 2006

   Modified Files:
   	pkgsrc/mail/sendmail: Makefile Makefile.common distinfo

   Log Message:
   Update sendmail to address the current security issue
   Bump to nb2
   This will change the internal version of sendmail to
   > 	SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
   > 		and client side of sendmail with timeouts in the libsm I/O
   > 		layer and fix problems in that code.  Also fix handling of
   > 		a buffer in sm_syslog() which could have been used as an
   > 		attack vector to exploit the unsafe handling of
   > 		setjmp(3)/longjmp(3) in combination with signals.
   > 		Problem detected by Mark Dowd of ISS X-Force.
   > 	Handle theoretical integer overflows that could triggered if
   > 		the server accepted headers larger than the maximum
   > 		(signed) integer value.  This is prevented in the default
   > 		configuration by restricting the size of a header, and on
   > 		most machines memory allocations would fail before reaching
   > 		those values.  Problems found by Phil Brass of ISS.

To generate a diff of this commit:
cvs rdiff -r1.80 -r1.80.2.1 pkgsrc/mail/sendmail/Makefile
cvs rdiff -r1.30 -r1.30.2.1 pkgsrc/mail/sendmail/Makefile.common
cvs rdiff -r1.25 -r1.25.2.1 pkgsrc/mail/sendmail/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.