rpms/ssmtp/F-9 ssmtp-md5auth-non-rsa, 1.1, 1.2 ssmtp-password-leak.patch, 1.1, 1.2 ssmtp.spec, 1.15, 1.16
Manuel Wolfshant
wolfy at fedoraproject.org
Fri Sep 12 19:22:46 UTC 2008
- Previous message (by thread): rpms/pydot/devel .cvsignore, 1.2, 1.3 pydot.spec, 1.4, 1.5 sources, 1.2, 1.3
- Next message (by thread): rpms/ssmtp/F-8 ssmtp-md5auth-non-rsa, 1.1, 1.2 ssmtp-password-leak.patch, 1.1, 1.2 ssmtp.spec, 1.11, 1.12
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: wolfy
Update of /cvs/pkgs/rpms/ssmtp/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2425
Modified Files:
ssmtp-md5auth-non-rsa ssmtp-password-leak.patch ssmtp.spec
Log Message:
* Fri Sep 12 2008 Manuel "lonely wolf" Wolfshant <wolfy at nobugconsulting.ro> 2.61-11.6.1
- use conditionals to consolidate specs for Fedora and EPEL
Index: ssmtp-md5auth-non-rsa
===================================================================
RCS file: /cvs/pkgs/rpms/ssmtp/F-9/ssmtp-md5auth-non-rsa,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ssmtp-md5auth-non-rsa 17 Oct 2007 00:09:53 -0000 1.1
+++ ssmtp-md5auth-non-rsa 12 Sep 2008 19:22:16 -0000 1.2
@@ -7391,38 +7391,3 @@
for (i = 0; i < MD5_DIGEST_LEN; i++) {
digascii[2 * i] = hextab[digest[i] >> 4];
-diff -Nupr ssmtp-2.61.orig/ssmtp.c.orig ssmtp-2.61/ssmtp.c.orig
---- ssmtp-2.61.orig/ssmtp.c.orig 2007-10-17 02:20:25.000000000 +0300
-+++ ssmtp-2.61/ssmtp.c.orig 2007-10-17 02:29:11.000000000 +0300
-@@ -708,6 +708,10 @@ void header_save(char *str)
- else if(strncasecmp(ht->string, "Bcc:", 4) == 0) {
- p = (ht->string + 4);
- rcpt_parse(p);
-+ /* Undo adding the header to the list: */
-+ free(ht->string);
-+ ht->string = NULL;
-+ return;
- }
- else if(strncasecmp(ht->string, "CC:", 3) == 0) {
- p = (ht->string + 3);
-@@ -1406,6 +1410,7 @@ int ssmtp(char *argv[])
- struct passwd *pw;
- int i, sock;
- uid_t uid;
-+ bool_t minus_v_save;
- int timeout = 0;
-
- outbytes = 0;
-@@ -1522,7 +1527,12 @@ int ssmtp(char *argv[])
- #ifdef MD5AUTH
- }
- #endif
-+ /* We do NOT want the password output to STDERR
-+ * even base64 encoded.*/
-+ minus_v_save = minus_v;
-+ minus_v = False;
- outbytes += smtp_write(sock, "%s", buf);
-+ minus_v = minus_v_save;
- (void)alarm((unsigned) MEDWAIT);
-
- if(smtp_okay(sock, buf) == False) {
ssmtp-password-leak.patch:
Index: ssmtp-password-leak.patch
===================================================================
RCS file: /cvs/pkgs/rpms/ssmtp/F-9/ssmtp-password-leak.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ssmtp-password-leak.patch 8 Dec 2006 00:09:53 -0000 1.1
+++ ssmtp-password-leak.patch 12 Sep 2008 19:22:16 -0000 1.2
@@ -1,6 +1,6 @@
--- ssmtp-2.61.redhat/ssmtp.c 2006-12-08 01:25:35.000000000 +0200
+++ ssmtp-2.61.debian/ssmtp.c 2006-12-08 01:24:25.000000000 +0200
-@@ -1404,6 +1406,7 @@
+@@ -1406,6 +1404,7 @@
struct passwd *pw;
int i, sock;
uid_t uid;
@@ -8,7 +8,7 @@
int timeout = 0;
outbytes = 0;
-@@ -1520,7 +1523,12 @@
+@@ -1522,7 +1521,12 @@
#ifdef MD5AUTH
}
#endif
Index: ssmtp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ssmtp/F-9/ssmtp.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- ssmtp.spec 11 Feb 2008 22:58:03 -0000 1.15
+++ ssmtp.spec 12 Sep 2008 19:22:16 -0000 1.16
@@ -1,6 +1,6 @@
Name: ssmtp
Version: 2.61
-Release: 11.5%{?dist}.3
+Release: 11.6%{?dist}.1
Summary: Extremely simple MTA to get mail off the system to a Mailhub
Group: Applications/Internet
License: GPLv2+
@@ -16,8 +16,13 @@
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340803
# replaces RSA's md5 with a GPL compatible implementation
Patch6: %{name}-md5auth-non-rsa
+Patch7: %{name}-unitialized-strdup.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Provides: %{_sbindir}/sendmail
+#hack around wrong requires for mutt and mdadm
+%if 0%{?rhel}
+Provides: MTA smtpdaemon
+%endif
+Provides: %{_sbindir}/sendmail
Requires(post): %{_sbindir}/alternatives
Requires(preun): %{_sbindir}/alternatives
BuildRequires: openssl-devel
@@ -35,13 +40,14 @@
%prep
%setup -q
-%patch -p1
+%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
%build
@@ -115,6 +121,16 @@
%changelog
+* Fri Sep 12 2008 Manuel "lonely wolf" Wolfshant <wolfy at nobugconsulting.ro> 2.61-11.6.1
+- use conditionals to consolidate specs for Fedora and EPEL
+
+* Thu Sep 11 2008 Manuel "lonely wolf" Wolfshant <wolfy at nobugconsulting.ro> 2.61-11.6
+- patch to fix CVE-2008-3962 (courtesy https://bugs.gentoo.org/127592)
+- cleanup of other patches, make build with fuzz=0
+
+* Sat Aug 02 2008 Manuel "lonely wolf" Wolfshant <wolfy at nobugconsulting.ro> 2.61-11.5.4
+- work around rpmbuild more strict syntax checker
+
* Tue Feb 12 2008 Manuel "lonely wolf" Wolfshant <wolfy at nobugconsulting.ro> 2.61-11.5.3
- rebuilt for gcc 4.3.0
- Previous message (by thread): rpms/pydot/devel .cvsignore, 1.2, 1.3 pydot.spec, 1.4, 1.5 sources, 1.2, 1.3
- Next message (by thread): rpms/ssmtp/F-8 ssmtp-md5auth-non-rsa, 1.1, 1.2 ssmtp-password-leak.patch, 1.1, 1.2 ssmtp.spec, 1.11, 1.12
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list