After upgrading packages on my system the XMail server didn't download pop3link mail any more - in debug mode it would print messages like this: << ErrCode = -40 ErrString = Invalid server address ErrInfo = ***.homelinux.net [PSYNC/MASQ] MasqDomain = "qtea.nl,qtea.nl" - RmtDomain = "***.homelinux.net" - RmtName = "quinox" Failed ! >> After some testing I found out that wget had the same problem in the chrooted directory, and after some googling I found http://blog.gmane.org/gmane.comp.apache.mod-security.user/day=20040711 . Copying those 3 files mentioned in that post: libnss_dns.so.2 libnss_files.so.2 libresolv.so.2 to the /chroot/xmail/lib directory fixed my problem. ATM the init script copies all libs mentioned in ldd XMail - The resolve libs are not listed there. IMO these will have to be copied by the init.d script too before starting XMail PS: XMail 1.22 has been released a few days ago and isn't in portage yet - it has a security update to fix a buffer overflow with the local sendmail prog (CAN-2005-2943): http://www.xmailserver.org/ChangeLog.html#oct_12__2005_v_1_22 http://www.idefense.com/application/poi/display?id=321&type=vulnerabilities Reproducible: Always Steps to Reproduce: 1. 2. 3.
Noone ? It is kind of bad if we leave an exploitable version of a mail server in portage for this long :/
1.22 is masked in the tree (wait a few minutes for mirrors to pick it up), could you please test it and see if it works for you so that I can remove the vuln package and have the sec team issuing a GLSA? (Moving to Security)
It compiles without any problems and it runs fine :)
x86 or maintainer can go ahead and mark stable
CVE-2005-2943 Local exploitation of a buffer overflow vulnerability in XMail, as distributed with multiple vendors' operating systems, allows local attackers to execute arbitrary code with elevated privileges.
GLSA 200512-05
