Warning: recent vendor perl patch may harm MailScanner
BB
brent.bolin at GMAIL.COM
Wed Dec 21 21:56:09 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
I would be interested if anyone has upgraded to the latest ports with
FreeBSD.
Just started an upgrade but aborted when I could see perl being upgraded.
# portupgrade -rRa
===> Extracting for perl-5.8.7_1
=> MD5 Checksum OK for perl-5.8.7.tar.bz2.
=> MD5 Checksum OK for BSDPAN-5.8.7.tar.bz2.
=> MD5 Checksum OK for defined-or-5.8.7.bz2.
=> MD5 Checksum OK for sprintf-5.8.7.patch.bz2.
On 12/21/05, Kai Schaetzl <maillists at conactive.com> wrote:
SuSE has issued a perl patch on Dec. 19 for all its supported
platforms
which may cause you problems with MailScanner, be careful!
It's the fix
SPRINTF0 - fixes for sprintf formatting issues -
CVE-2005-3962
Other vendors will probably push this important patch as
well.
Problems may only occur if you used CPAN to install some
modules required
by MailScanner.
But I'm not convinced that it only affects those. Reason:
That patch seems
to either overwrite MIME::Base64 with the version current
when the OS
version was released (in this case 2.20) or write this
information to some
housekeeping file belonging to Perl. This clash could occur
with
rpm-installed MIME::Base64 as well.
Symptoms: MailScanner dies with
MIME::Base64 object version 2.20 does not match bootstrap
parameter 3.05
at /usr/lib/perl5/5.8.1/i586-linux-thread-multi/DynaLoader.pm
line 249.
Compilation failed in require at /usr/sbin/MailScanner line
55.
BEGIN failed--compilation aborted at /usr/sbin/MailScanner
line 59.
You get the same error when opening the CPAN shell and just
doing
"i MIME::Base64" (LWP failed with code[500]
message[MIME::Base64 object
version 2.20 does not match bootstrap parameter 3.05]). It
also says
"strange package name" or so. I tried upgrading (via CPAN) to
version 3.07
(current) of MIME::Base64 and when this didn't help
installing all perl
rpms coming with the MailScanner tar.gz. Nothing helped, even
worse this
made MailScanner grab memory ad infinitum. And Spamassassin
make test as
well. Only the abovementioned trick helped. Perl says now
that the version
of MIME::Base64 installed is 2.20 on the machine with a
working (!)
MailScanner and 3.0.5 on a machine where MailScanner doesn't
work and
where I did nothing to fix the problem.
Going back to the last Perl patch version is obviously not
recommended
since the fixed problem is a serious one. This problem may
indeed only
occur under circumstances, but better beware!
Julian, any thoughts on the nature of the problem and how to
solve it and
keep the patch?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services:
http://www.conactive.com
------------------------ MailScanner list
------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (
http://wiki.mailscanner.info/) and
the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the
website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list