From dean@odyssey.apana.org.au  Sat Mar  4 04:42:07 2006
Return-Path: <dean@odyssey.apana.org.au>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 70E2D16A420
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  4 Mar 2006 04:42:07 +0000 (GMT)
	(envelope-from dean@odyssey.apana.org.au)
Received: from odyssey.apana.org.au (odyssey.apana.org.au [203.11.114.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5B77A43D45
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  4 Mar 2006 04:42:06 +0000 (GMT)
	(envelope-from dean@odyssey.apana.org.au)
Received: (from dean@localhost)
	by odyssey.apana.org.au (8.9.3/8.9.3) id MAA26284;
	Sat, 4 Mar 2006 12:42:04 +0800 (WST)
Message-Id: <200603040442.MAA26284@odyssey.apana.org.au>
Date: Sat, 4 Mar 2006 12:42:04 +0800 (WST)
From: Dean Hollister <dean@odyssey.apana.org.au>
Reply-To: Dean Hollister <dean@odyssey.apana.org.au>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Upgraded Port: mail/dcc-dccd to 1.3.30
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         94057
>Category:       ports
>Synopsis:       Upgraded Port: mail/dcc-dccd to 1.3.30
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    ehaupt
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 04 04:50:03 GMT 2006
>Closed-Date:    Wed Mar 15 13:16:47 CET 2006
>Last-Modified:  Wed Mar 15 13:16:47 CET 2006
>Originator:     Dean Hollister
>Release:        FreeBSD 4.11-STABLE i386
>Organization:
Australian Public Access Network Association Inc
>Environment:
System: FreeBSD odyssey.apana.org.au 4.11-STABLE FreeBSD 4.11-STABLE #0: Wed Sep 21 06:20:10 WST 2005 root@odyssey.apana.org.au:/usr/obj/usr/src/sys/ODYSSEY i386
>Description:
Upgraded Port: mail/dcc-dccd to 1.3.30

		Changes in this release:

			o Fix leak in dccd blacklist.

			o Change client-server protocol so that `cdcc clients` 
			  gets more than 16 bits of NOP counts.

			o updatedcc and fetchblack try two FTP and HTTP servers.

			o do not use stdio to parse whiteclnt files to deal with
			  Solaris' 255 limit on stdio file descriptors.

			o add /var/dcc/libexec/uninstalldcc

>How-To-Repeat:
>Fix:
diff -ruN dcc-dccd.orig/Makefile dcc-dccd/Makefile
--- dcc-dccd.orig/Makefile	Sat Mar  4 12:11:53 2006
+++ dcc-dccd/Makefile	Sat Mar  4 12:14:13 2006
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	dcc-dccd
-PORTVERSION=	1.3.29
+PORTVERSION=	1.3.30
 CATEGORIES=	mail
 MASTER_SITES=	http://www.rhyolite.com/anti-spam/dcc/source/ \
 		http://www.wa.apana.org.au/~dean/sources/ \
diff -ruN dcc-dccd.orig/distinfo dcc-dccd/distinfo
--- dcc-dccd.orig/distinfo	Sat Mar  4 12:11:53 2006
+++ dcc-dccd/distinfo	Sat Mar  4 12:15:52 2006
@@ -1,3 +1,3 @@
-MD5 (dcc-dccd-1.3.29.tar.Z) = 5d52f9a6173a8755355c745f67a21856
-SHA256 (dcc-dccd-1.3.29.tar.Z) = bbaa3b864221a31ec3aebe72910578a6544d37248744e7e5373c35681ea141d9
-SIZE (dcc-dccd-1.3.29.tar.Z) = 1399517
+MD5 (dcc-dccd-1.3.30.tar.Z) = f4fefea1ee7f5dc99a22fbfa83edccbc
+SHA256 (dcc-dccd-1.3.30.tar.Z) = 30b8ffab421306f36d27b59dfe05a2f3030ab7b8e38da224f56eda6a1ea017ab
+SIZE (dcc-dccd-1.3.30.tar.Z) = 1403647
diff -ruN dcc-dccd.orig/pkg-plist dcc-dccd/pkg-plist
--- dcc-dccd.orig/pkg-plist	Sat Mar  4 12:11:54 2006
+++ dcc-dccd/pkg-plist	Sat Mar  4 12:34:43 2006
@@ -63,6 +63,7 @@
 dcc/libexec/stats-get
 dcc/libexec/stop-dccd
 dcc/libexec/updatedcc
+dcc/libexec/uninstalldcc
 dcc/libexec/wlist
 @dirrm dcc/log
 @dirrm dcc/libexec
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->ehaupt 
Responsible-Changed-By: ehaupt 
Responsible-Changed-When: Sun Mar 5 10:21:47 CET 2006 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94057 

From: Emanuel Haupt <ehaupt@FreeBSD.org>
To: bug-followup@FreeBSD.org,dean@odyssey.apana.org.au
Cc:  
Subject: Re: ports/94057: Upgraded Port: mail/dcc-dccd to 1.3.30
Date: Sun, 5 Mar 2006 22:32:31 +0100

 For the record:
 
 --- forwarded mail begins here ---
 From: Vernon Schryver <vjs@calcite.rhyolite.com>
 To: dcc@calcite.rhyolite.com
 Subject: Re: leak in dccd blacklist
 Date: Sun, 5 Mar 2006 07:42:10 -0700 (MST)
 
 (I'm sending this to the DCC mailing list with a bcc: to the person who asked)
 
 > >     Fix leak in dccd blacklist.
 >
 > Is there maybe a detailed advisory available? I am trying to figure out
 > how severe this leak is and whether we should advise FreeBSD users with
 > an VuXML advisory.
 
 Before 1.3.30, loading the blacklist was delayed until about 30 seconds
 after dccd started.  If a hyper-active clients whose IP address is in
 the blacklist made a request during those first 30 seconds, not only
 would the request be answered, but future requests would also be answered
 until the blacklist changed and dccd noticed and loaded the new version.
 
 Only the public DCC servers use the blacklist of bad DCC clients.  Only
 the largest blacklisted clients of the public DCC servers such as utk.edu
 were leaked.
 
 
 Vernon Schryver    vjs@rhyolite.com
 
 --- forwarded mail ends here ---
 
 -- 
 GnuPG key id: 0x55E67774         Download: http://pgp.mit.edu:11371
 Key fingerprint: 17B3 FD8F BA68 4AB4 10FD  A9D1 AD52 6588 55E6 7774

From: Emanuel Haupt <ehaupt@FreeBSD.org>
To: bug-followup@FreeBSD.org,dean@odyssey.apana.org.au
Cc:  
Subject: Re: ports/94057: Upgraded Port: mail/dcc-dccd to 1.3.30
Date: Wed, 15 Mar 2006 11:52:59 +0100

 is dcc/libexec/uninstalldcc really relevant for the FreeBSD user?
State-Changed-From-To: open->closed 
State-Changed-By: ehaupt 
State-Changed-When: Wed Mar 15 13:16:46 CET 2006 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94057 
>Unformatted:
