Index: head/mail/cyrus-imapd24/Makefile =================================================================== --- head/mail/cyrus-imapd24/Makefile (revision 402744) +++ head/mail/cyrus-imapd24/Makefile (revision 402745) @@ -1,210 +1,210 @@ # $FreeBSD$ PORTNAME= cyrus-imapd PORTVERSION= 2.4.18 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= mail ipv6 MASTER_SITES= ftp://ftp.cyrusimap.org/cyrus-imapd/ \ http://cyrusimap.org/releases/ PKGNAMESUFFIX= 24 MAINTAINER= ume@FreeBSD.org COMMENT= The cyrus mail server, supporting POP3 and IMAP4 protocols LICENSE= BSD4CLAUSE LICENSE_FILE= ${WRKSRC}/COPYRIGHT LIB_DEPENDS= libsasl2.so:${PORTSDIR}/security/cyrus-sasl2 \ libpcre.so:${PORTSDIR}/devel/pcre CONFLICTS= cyrus-1.* cyrus-imapd-2.[^4].* cyrus-imapd2[^4]-2.[^4].* USE_RC_SUBR= imapd USES= cpe perl5 USE_OPENSSL= yes GNU_CONFIGURE= yes CYRUS_PREFIX= ${PREFIX}/cyrus CONFIGURE_ARGS= --sysconfdir=${PREFIX}/etc \ --with-cyrus-prefix=${CYRUS_PREFIX} \ --with-cyrus-user=${CYRUS_USER} \ --with-cyrus-group=${CYRUS_GROUP} \ --with-sasl=${LOCALBASE} \ --with-bdb=${BDB_LIB_NAME} \ --with-com_err \ --with-openssl=${OPENSSLBASE} \ --with-perl=${PERL5} CPPFLAGS+= -I${LOCALBASE}/include LIBS+= -L${LOCALBASE}/lib MAKE_JOBS_UNSAFE= yes CPE_VENDOR= cmu CPE_PRODUCT= cyrus_imap_server OPTIONS_DEFINE= AUTOCREATE AUTOSIEVE BDB DRAC IDLED LDAP \ MURDER MYSQL NETSCAPEHACK NNTP PGSQL \ REPLICATION SNMP SQLITE DOCS EXAMPLES OPTIONS_DEFAULT= BDB IDLED OPTIONS_SUB= yes AUTOCREATE_DESC= Use autocreate INBOX patch (UoA) AUTOSIEVE_DESC= Use autosievefolder patch (UoA) BDB_USE= BDB=yes BDB_CONFIGURE_ON= --with-bdb-incdir=${BDB_INCLUDE_DIR} \ --with-bdb-libdir=${LOCALBASE}/lib DRAC_DESC= Enable DRAC support DRAC_CONFIGURE_ON= --with-drac=${LOCALBASE} DRAC_BUILD_DEPENDS= ${LOCALBASE}/lib/libdrac.a:${PORTSDIR}/mail/drac IDLED_DESC= Enable IMAP idled support IDLED_CONFIGURE_ENABLE= idled LDAP_DESC= Enable LDAP support (experimental) LDAP_USE= OPENLDAP=yes LDAP_CONFIGURE_ON= --with-ldap=${LOCALBASE} MURDER_DESC= Enable IMAP Murder support MURDER_CONFIGURE_ENABLE=murder MURDER_CFLAGS= MURDER_MAKE_ENV= PTHREAD_LIBS="-lpthread" MYSQL_USE= MYSQL=yes MYSQL_CONFIGURE_ON= --with-mysql=yes \ --with-mysql-libdir=${LOCALBASE}/lib/mysql \ --with-mysql-incdir=${LOCALBASE}/include/mysql NETSCAPEHACK_DESC= Enable X-NETSCAPE extensions NETSCAPEHACK_CONFIGURE_ENABLE=netscapehack NNTP_DESC= Enable NNTP support NNTP_CONFIGURE_ENABLE= nntp PGSQL_USES= pgsql PGSQL_CONFIGURE_ON= --with-pgsql=${LOCALBASE} REPLICATION_DESC= Enable replication (experimental) REPLICATION_CONFIGURE_ENABLE=replication SNMP_LIB_DEPENDS= libnetsnmp.so:${PORTSDIR}/net-mgmt/net-snmp SNMP_CONFIGURE_ON= --with-snmp=${LOCALBASE} SNMP_CONFIGURE_OFF= --with-snmp=no SQLITE_USE= SQLITE=yes SQLITE_CONFIGURE_ON= --with-sqlite=${LOCALBASE} OPTIONS_RADIO= GSSAPI OPTIONS_RADIO_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT .if exists(/usr/lib/libkrb5.a) OPTIONS_RADIO_GSSAPI+= GSSAPI_BASE OPTIONS_DEFAULT+= GSSAPI_BASE .endif GSSAPI_BASE_DESC= Use Heimdal in base GSSAPI_BASE_USES= gssapi GSSAPI_BASE_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ --with-gss_impl=heimdal GSSAPI_HEIMDAL_DESC= Use Heimdal from ports GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags GSSAPI_HEIMDAL_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ --with-gss_impl=heimdal GSSAPI_MIT_DESC= Use MIT Kerberos V5 GSSAPI_MIT_USES= gssapi:mit GSSAPI_MIT_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ --with-gss_impl=mit # Autocreate Inbox and Autosieve patches from UoA # http://email.uoa.gr/projects/cyrus/ # http://blog.vx.sk/archives/13-Cyrus-IMAP-UoA.html AUTOCREATE_VERSION= 0.10-0 AUTOCREATE_PATCH_SITES= LOCAL/mm:autocreate AUTOCREATE_PATCHFILES= ${PORTNAME}-2.4.4-autocreate-${AUTOCREATE_VERSION}.patch:-p1:autocreate AUTOSIEVE_VERSION= 0.6.0 AUTOSIEVE_PATCH_SITES= LOCAL/mm:autosieve AUTOSIEVE_PATCHFILES= ${PORTNAME}-2.4.12-autosieve-${AUTOSIEVE_VERSION}.patch:-p1:autosieve AUTOSIEVE_EXTRA_PATCHES=${FILESDIR}/extra-patch-imap__lmtp_sieve.c DRAC_EXTRA_PATCHES= ${FILESDIR}/extra-patch-cmulocal::sasl2.m4 DRAC_USE= AUTOTOOLS=autoconf,autoheader MANDIRS= ${CYRUS_PREFIX}/man PORTDOCS= * PORTEXAMPLES= * SUB_FILES= pkg-message pkg-install pkg-deinstall cyrus-imapd-man.conf SUB_LIST= CYRUS_USER=${CYRUS_USER} CYRUS_GROUP=${CYRUS_GROUP} CYRUS_USER?= cyrus CYRUS_GROUP?= cyrus MAN_MAN1= imtest installsieve lmtptest mupdatetest nntptest pop3test \ sieveshell sivtest smtptest MAN_MAN3= imclient MAN_MAN5= cyrus.conf imapd.conf krb.equiv CYRUS_MAN8= arbitron chk_cyrus ctl_cyrusdb ctl_deliver ctl_mboxlist \ cvt_cyrusdb cyr_dbtool cyr_df cyr_expire cyr_synclog deliver \ fetchnews fud idled imapd ipurge lmtpd master mbexamine \ mbpath nntpd notifyd pop3d quota reconstruct rmnews smmapd \ squatter sync_client sync_reset sync_server syncnews \ timsieved tls_prune unexpunge CYRUS_PERL_MAN1=cyradm CYRUS_PERL_MAN3=Cyrus::IMAP Cyrus::IMAP::Admin Cyrus::IMAP::IMSP \ Cyrus::IMAP::Shell Cyrus::SIEVE::managesieve .include .if ${PORT_OPTIONS:MBDB} INVALID_BDB_VER=2 .else BDB_LIB_NAME= no .endif .if !${PORT_OPTIONS:MGSSAPI_BASE} && !${PORT_OPTIONS:MGSSAPI_HEIMDAL} && \ !${PORT_OPTIONS:MGSSAPI_MIT} CONFIGURE_ARGS+=--disable-gssapi .endif pre-patch-DRAC-on: ${PATCH} -d ${PATCH_WRKSRC} --forward --quiet -E -p1 \ < ${WRKSRC}/contrib/drac_auth.patch post-patch: @${REINPLACE_CMD} -e "s|/etc/|${PREFIX}/etc/|" \ -e "s|%%CYRUS_USER%%|${CYRUS_USER}|g" \ -e "s|%%CYRUS_GROUP%%|${CYRUS_GROUP}|g" \ ${WRKSRC}/tools/mkimap @${REINPLACE_CMD} -e "s|/etc/|${PREFIX}/etc/|g" \ -e "s|/usr/sieve|/var/imap/sieve|g" \ ${WRKSRC}/tools/masssievec post-patch-DRAC-on: @${RM} -rf ${WRKSRC}/autom4te.cache post-install: ${INSTALL_DATA} ${FILESDIR}/imapd.conf \ ${STAGEDIR}${EXAMPLESDIR} ${INSTALL_SCRIPT} ${WRKSRC}/tools/mkimap \ ${STAGEDIR}${CYRUS_PREFIX}/bin/mkimap ${INSTALL_SCRIPT} ${WRKSRC}/tools/masssievec \ ${STAGEDIR}${CYRUS_PREFIX}/bin/masssievec ${INSTALL_DATA} ${WRKDIR}/cyrus-imapd-man.conf \ ${STAGEDIR}${PREFIX}/etc/man.d/cyrus-imapd.conf .for s in 1 3 5 . for m in ${MAN_MAN${s}} @${ECHO_CMD} man/man${s}/${m}.${s}.gz >> ${TMPPLIST} . endfor .endfor .for s in 1 3 . for m in ${CYRUS_PERL_MAN${s}} @${ECHO_CMD} ${SITE_MAN${s}}/${m}.${s}.gz >> ${TMPPLIST} . endfor .endfor .for m in ${CYRUS_MAN8} @${ECHO_CMD} ${CYRUS_PREFIX}/man/man8/${m}.8.gz >> ${TMPPLIST} .endfor post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR} cd ${WRKSRC}/doc && ${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR} \ "! ( -name Makefile.dist -o -name Makefile -o -name .cvsignore )" # there are already files in examplesdir at that point, so no # need to create it. post-install-EXAMPLES-on: cd ${WRKSRC}/master/conf && ${COPYTREE_SHARE} . \ ${STAGEDIR}${EXAMPLESDIR} .include Index: head/mail/cyrus-imapd24/files/patch-CVE-2015-8077 =================================================================== --- head/mail/cyrus-imapd24/files/patch-CVE-2015-8077 (nonexistent) +++ head/mail/cyrus-imapd24/files/patch-CVE-2015-8077 (revision 402745) @@ -0,0 +1,40 @@ +From 745e161c834f1eb6d62fc14477f51dae799e1e08 Mon Sep 17 00:00:00 2001 +From: ellie timoney +Date: Mon, 26 Oct 2015 16:15:40 +1100 +Subject: urlfetch: protect against overflow in range checks + + +--- imap/index.c.orig 2015-07-06 03:38:29 UTC ++++ imap/index.c +@@ -2712,7 +2712,8 @@ int index_urlfetch(struct index_state *s + int fetchmime = 0, domain = DOMAIN_7BIT; + unsigned size; + int32_t skip = 0; +- int n, r = 0; ++ unsigned long n; ++ int r = 0; + char *decbuf = NULL; + struct mailbox *mailbox = state->mailbox; + struct index_map *im = &state->map[msgno-1]; +@@ -2849,7 +2850,7 @@ int index_urlfetch(struct index_state *s + start_octet = size; + n = 0; + } +- else if (start_octet + n > size) { ++ else if (start_octet + n < start_octet || start_octet + n > size) { + n = size - start_octet; + } + +@@ -2861,10 +2862,10 @@ int index_urlfetch(struct index_state *s + + if (domain == DOMAIN_BINARY) { + /* Write size of literal8 */ +- prot_printf(pout, " ~{%u}\r\n", n); ++ prot_printf(pout, " ~{%lu}\r\n", n); + } else { + /* Write size of literal */ +- prot_printf(pout, " {%u}\r\n", n); ++ prot_printf(pout, " {%lu}\r\n", n); + } + } + Property changes on: head/mail/cyrus-imapd24/files/patch-CVE-2015-8077 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/mail/cyrus-imapd24/files/patch-CVE-2015-8078 =================================================================== --- head/mail/cyrus-imapd24/files/patch-CVE-2015-8078 (nonexistent) +++ head/mail/cyrus-imapd24/files/patch-CVE-2015-8078 (revision 402745) @@ -0,0 +1,23 @@ +From 6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2 Mon Sep 17 00:00:00 2001 +From: ellie timoney +Date: Mon, 26 Oct 2015 16:21:01 +1100 +Subject: urlfetch: and the other bit + + +diff --git a/imap/index.c b/imap/index.c +index f5161cd..da8ce3d 100644 +--- imap/index.c ++++ imap/index.c +@@ -4244,7 +4244,8 @@ EXPORTED int index_urlfetch(struct index_state *state, uint32_t msgno, + size_t section_offset = CACHE_ITEM_BIT32(cacheitem); + size_t section_size = CACHE_ITEM_BIT32(cacheitem + CACHE_ITEM_SIZE_SKIP); + +- if (section_offset + section_size > size) { ++ if (section_offset + section_size < section_offset ++ || section_offset + section_size > size) { + r = IMAP_INTERNAL; + goto done; + } +-- +cgit v0.10.2 + Property changes on: head/mail/cyrus-imapd24/files/patch-CVE-2015-8078 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property