From yasu@home.utahime.org  Sun Aug 17 09:52:12 2003
Return-Path: <yasu@home.utahime.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 124A537B401
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 17 Aug 2003 09:52:12 -0700 (PDT)
Received: from utahime.as.wakwak.ne.jp (utahime.as.wakwak.ne.jp [61.205.238.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 03D7143F93
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 17 Aug 2003 09:52:11 -0700 (PDT)
	(envelope-from yasu@home.utahime.org)
Received: from eastasia.home.utahime.org (eastasia.home.utahime.org [192.168.174.1])
	by utahime.as.wakwak.ne.jp (Postfix) with ESMTP id 0A84B7A
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 18 Aug 2003 01:52:09 +0900 (JST)
Received: from 127.0.0.1 (localhost.home.utahime.org [127.0.0.1])
	by localhost-backdoor.home.utahime.org (Postfix) with SMTP
	id D5F3854B4; Mon, 18 Aug 2003 01:52:08 +0900 (JST)
Received: by eastasia.home.utahime.org (Postfix, from userid 1000)
	id BCEB954AC; Mon, 18 Aug 2003 01:52:08 +0900 (JST)
Message-Id: <20030817165208.BCEB954AC@eastasia.home.utahime.org>
Date: Mon, 18 Aug 2003 01:52:08 +0900 (JST)
From: KIMURA Yasuhiro <yasu@utahime.org>
Reply-To: KIMURA Yasuhiro <yasu@utahime.org>
To: FreeBSD-gnats-submit@freebsd.org
Subject: mail/youbin: new version 3.5 exists
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         55676
>Category:       ports
>Synopsis:       mail/youbin: new version 3.5 exists
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    max
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 17 10:00:30 PDT 2003
>Closed-Date:    Sun Aug 17 18:44:54 PDT 2003
>Last-Modified:  Sun Aug 17 18:44:54 PDT 2003
>Originator:     KIMURA Yasuhiro
>Release:        FreeBSD 4.8-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD eastasia.home.utahime.org 4.8-RELEASE-p3 FreeBSD 4.8-RELEASE-p3 #2: Thu Aug 14 22:22:48 JST 2003 yasu@eastasia.home.utahime.org:/usr/obj/usr1/cvsup/releng_4_8/src/sys/EASTASIA i386


	
>Description:
	New version 3.5 exists which fixes locally exploitable buffer
	overflow probrem.

>How-To-Repeat:
	
>Fix:

	

--- youbin.port.patch begins here ---
diff -Nru mail/youbin.old/Makefile mail/youbin/Makefile
--- mail/youbin.old/Makefile	Fri Aug  8 18:21:51 2003
+++ mail/youbin/Makefile	Mon Aug 18 01:12:34 2003
@@ -6,15 +6,13 @@
 #
 
 PORTNAME=	youbin
-PORTVERSION=	3.4
+PORTVERSION=	3.5
 CATEGORIES=	mail
 MASTER_SITES=	http://www.agusa.nuie.nagoya-u.ac.jp/software/agusalab/youbin/archive/
 DISTNAME=	${PORTNAME}${PORTVERSION}-unix
 
 MAINTAINER=	max@FreeBSD.org
 COMMENT=	Mail arrival notification service package
-
-FORBIDDEN=	Locally exploitable buffer overflow in set-user-ID executable
 
 USE_IMAKE=		yes
 USE_X_PREFIX=		no
diff -Nru mail/youbin.old/distinfo mail/youbin/distinfo
--- mail/youbin.old/distinfo	Sun Nov  4 22:43:29 2001
+++ mail/youbin/distinfo	Mon Aug 18 01:10:02 2003
@@ -1 +1 @@
-MD5 (youbin3.4-unix.tar.gz) = 234223775792e003c12e4f52efa97e75
+MD5 (youbin3.5-unix.tar.gz) = 1908de828ce5023a7d045babb9bef2e9
diff -Nru mail/youbin.old/files/patch-ae mail/youbin/files/patch-ae
--- mail/youbin.old/files/patch-ae	Sun Nov  4 22:43:29 2001
+++ mail/youbin/files/patch-ae	Mon Aug 18 01:22:27 2003
@@ -1,6 +1,6 @@
---- server.c.orig	Sun Apr 15 23:17:13 2001
-+++ server.c	Tue May 15 12:26:12 2001
-@@ -48,6 +48,9 @@
+--- server.c.orig	Thu May  8 12:34:45 2003
++++ server.c	Mon Aug 18 01:20:24 2003
+@@ -49,6 +49,9 @@
  #include <pwd.h>                /* For getpwuid(). */
  #include <signal.h>
  #include <stdio.h>
@@ -10,11 +10,10 @@
  
  #include "youbin.h"
  #include "server.h"
-@@ -148,6 +151,15 @@
-     signal(SIGTERM, sig_quit);
+@@ -151,6 +154,15 @@
      signal(SIGHUP, sig_hup);
      signal(SIGALRM, sig_alarm);
-+
+ 
 +    /*Go to background.  This part was modified locally by Masafumi NAKANE
 +        <max@FreeBSD.org>, and is used only on FreeBSD.*/
 +#ifdef __FreeBSD__
@@ -23,6 +22,16 @@
 +	    kill(getpid(), SIGTERM);
 +    }
 +#endif
- 
++
      /* Dive into main loop. Don't use setjmp() and longjmp(),
         because list maintenance routines are in critical section. */
+     alarm(UNIT_TIME);
+@@ -359,7 +371,7 @@
+ #endif  
+     if( !(sp->mode.head_list) ) {
+       send_packet(buff, sp);        /* Send header and so on. */
+-      retrun;
++      return;
+     } 
+ 
+     line = buff + strlen(buff);
diff -Nru mail/youbin.old/files/patch-client.c mail/youbin/files/patch-client.c
--- mail/youbin.old/files/patch-client.c	Thu Jan  1 09:00:00 1970
+++ mail/youbin/files/patch-client.c	Mon Aug 18 01:31:23 2003
@@ -0,0 +1,11 @@
+--- client.c.orig	Thu May  8 12:34:44 2003
++++ client.c	Mon Aug 18 01:30:31 2003
+@@ -400,7 +400,7 @@
+ 
+   if( *config_file == '\0' ){
+     if (env)
+-      strncpy ( rcfile, env, sizeof(rcsfile) - strlen(youbinrc) - 1);
++      strncpy ( rcfile, env, sizeof(rcfile) - strlen(youbinrc) - 1);
+     else if ((pwent = (struct passwd *) getpwuid (getuid ()))
+ 	     && pwent->pw_dir)
+       strcpy ( rcfile, pwent->pw_dir);
--- youbin.port.patch ends here ---



>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->max  
Responsible-Changed-By: krion 
Responsible-Changed-When: Sun Aug 17 11:12:06 PDT 2003 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=55676 
State-Changed-From-To: open->closed 
State-Changed-By: max 
State-Changed-When: Sun Aug 17 18:42:52 PDT 2003 
State-Changed-Why:  
Upgrade committed.  Thanks! 
Please note that I'm keeping this port forbidden until the security team 
approves. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=55676 
>Unformatted:
