pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/mail/squirrelmail
Module Name: pkgsrc
Committed By: maya
Date: Wed Apr 19 17:10:18 UTC 2017
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo
Added Files:
pkgsrc/mail/squirrelmail/patches:
patch-class_deliver_Deliver__SendMail.class.php
Log Message:
squirrelmail: patch remote code execution (CVE-2017-7692)
separately escape tainted input before feeding it into popen.
https://www.wearesegment.com/research/Squirrelmail-Remote-Code-Execution.html
patch from Filipo Cavallarin@wearesegment, who also found the vulnerability.
bump PKGREVISION
To generate a diff of this commit:
cvs rdiff -u -r1.131 -r1.132 pkgsrc/mail/squirrelmail/Makefile
cvs rdiff -u -r1.67 -r1.68 pkgsrc/mail/squirrelmail/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/mail/squirrelmail/Makefile
diff -u pkgsrc/mail/squirrelmail/Makefile:1.131 pkgsrc/mail/squirrelmail/Makefile:1.132
--- pkgsrc/mail/squirrelmail/Makefile:1.131 Thu Nov 17 15:10:07 2016
+++ pkgsrc/mail/squirrelmail/Makefile Wed Apr 19 17:10:18 2017
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.131 2016/11/17 15:10:07 taca Exp $
+# $NetBSD: Makefile,v 1.132 2017/04/19 17:10:18 maya Exp $
DISTNAME= squirrelmail-webmail-1.4.23pre14605
+PKGREVISION= 1
PKGNAME= ${DISTNAME:S/-webmail//}
CATEGORIES= mail www
MASTER_SITES= ${MASTER_SITE_LOCAL}
Index: pkgsrc/mail/squirrelmail/distinfo
diff -u pkgsrc/mail/squirrelmail/distinfo:1.67 pkgsrc/mail/squirrelmail/distinfo:1.68
--- pkgsrc/mail/squirrelmail/distinfo:1.67 Thu Nov 17 15:10:07 2016
+++ pkgsrc/mail/squirrelmail/distinfo Wed Apr 19 17:10:18 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.67 2016/11/17 15:10:07 taca Exp $
+$NetBSD: distinfo,v 1.68 2017/04/19 17:10:18 maya Exp $
SHA1 (squirrelmail-webmail-1.4.23pre14605.tar.bz2) = b0301f777ac5e71b08cd8d718358ce0f3417a21d
RMD160 (squirrelmail-webmail-1.4.23pre14605.tar.bz2) = ee9c4d6bd6975f0134797cfc383821368a140542
@@ -8,3 +8,4 @@ SHA1 (patch-aa) = 4ba7ea0a85308816b9dc77
SHA1 (patch-ab) = 30bf68c730f20e817fbe81d18bc2a95899ee3fd0
SHA1 (patch-ai) = 1c08904ecf074ff3ba7e6042becc0f0771388b9f
SHA1 (patch-ca) = d2e41316b8ecd97b49842eff548219e40e9b163a
+SHA1 (patch-class_deliver_Deliver__SendMail.class.php) = 0358ce2445fee73261075226e794054d6ada0150
Added files:
Index: pkgsrc/mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php
diff -u /dev/null pkgsrc/mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php:1.1
--- /dev/null Wed Apr 19 17:10:18 2017
+++ pkgsrc/mail/squirrelmail/patches/patch-class_deliver_Deliver__SendMail.class.php Wed Apr 19 17:10:18 2017
@@ -0,0 +1,23 @@
+$NetBSD: patch-class_deliver_Deliver__SendMail.class.php,v 1.1 2017/04/19 17:10:18 maya Exp $
+
+Patch CVE-2017-7692 by separately escaping $envelopefrom
+concatenating it with a space before escaping allows for injecting command
+parameters.
+
+From Filippo Cavallarin
+https://www.wearesegment.com/research/Squirrelmail-Remote-Code-Execution.html
+
+--- class/deliver/Deliver_SendMail.class.php.orig 2016-01-01 20:04:30.000000000 +0000
++++ class/deliver/Deliver_SendMail.class.php
+@@ -95,9 +95,9 @@ class Deliver_SendMail extends Deliver {
+ $envelopefrom = trim($from->mailbox.'@'.$from->host);
+ $envelopefrom = str_replace(array("\0","\n"),array('',''),$envelopefrom);
+ // save executed command for future reference
+- $this->sendmail_command = "$sendmail_path $this->sendmail_args -f$envelopefrom";
++ $this->sendmail_command = escapeshellcmd("$sendmail_path $this->sendmail_args -f") . escapeshellarg($envelopefrom);
+ // open process handle for writing
+- $stream = popen(escapeshellcmd($this->sendmail_command), "w");
++ $stream = popen($this->sendmail_command, "w");
+ return $stream;
+ }
+
Home |
Main Index |
Thread Index |
Old Index