pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2005Q1]: pkgsrc/mail/pine Pullup ticket 443 - requested by Mat...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/c5e966f3401d
branches:  pkgsrc-2005Q1
changeset: 490945:c5e966f3401d
user:      salo <salo%pkgsrc.org@localhost>
date:      Sat Apr 16 13:24:16 2005 +0000

description:
Pullup ticket 443 - requested by Matthias Scheler
security fix for pine

Revisions pulled up:
- pkgsrc/mail/pine/Makefile             1.104
- pkgsrc/mail/pine/PLIST                1.6
- pkgsrc/mail/pine/distinfo             1.28
- pkgsrc/mail/pine/patches/patch-ah     1.5

   Module Name:         pkgsrc
   Committed By:        tron
   Date:                Fri Apr 15 16:36:40 UTC 2005

   Modified Files:
        pkgsrc/mail/pine: Makefile PLIST distinfo
   Added Files:
        pkgsrc/mail/pine/patches: patch-ah

   Log Message:
   - Fix unsafe file operations in "rpdump" utility (CAN-2005-1066).
   - Install manual pages for "rpdump" and "rpload" utilities.
   Bump package revision because of the above changes.

diffstat:

 mail/pine/Makefile         |  14 +++++++-----
 mail/pine/PLIST            |   4 ++-
 mail/pine/distinfo         |   3 +-
 mail/pine/patches/patch-ah |  48 ++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 61 insertions(+), 8 deletions(-)

diffs (116 lines):

diff -r dc681ba320fa -r c5e966f3401d mail/pine/Makefile
--- a/mail/pine/Makefile        Sat Apr 16 12:56:04 2005 +0000
+++ b/mail/pine/Makefile        Sat Apr 16 13:24:16 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.102 2005/03/15 17:03:17 kim Exp $
+# $NetBSD: Makefile,v 1.102.2.1 2005/04/16 13:24:16 salo Exp $
 
 DISTNAME=      pine4.62
 PKGNAME=       pine-4.62
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    mail news
 MASTER_SITES=  ftp://ftp.cac.washington.edu/pine/ \
                ftp://ftp.fu-berlin.de/unix/mail/pine/
@@ -81,11 +81,13 @@
                EXTRALDFLAGS="${LDFLAGS} ${LIBS}"
 
 do-install:
-       ${INSTALL_PROGRAM} ${WRKSRC}/bin/pine ${PREFIX}/bin/
-       ${INSTALL_PROGRAM} ${WRKSRC}/bin/rpdump ${PREFIX}/bin/
-       ${INSTALL_PROGRAM} ${WRKSRC}/bin/rpload ${PREFIX}/bin/
+       ${INSTALL_PROGRAM} ${WRKSRC}/bin/pine ${PREFIX}/bin
+       ${INSTALL_PROGRAM} ${WRKSRC}/bin/rpdump ${PREFIX}/bin
+       ${INSTALL_PROGRAM} ${WRKSRC}/bin/rpload ${PREFIX}/bin
        ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/pine
-       ${INSTALL_MAN} ${WRKSRC}/doc/pine.1 ${PREFIX}/man/man1/pine.1
+       ${INSTALL_MAN} ${WRKSRC}/doc/pine.1 ${PREFIX}/man/man1
+       ${INSTALL_MAN} ${WRKSRC}/doc/rpdump.1 ${PREFIX}/man/man1
+       ${INSTALL_MAN} ${WRKSRC}/doc/rpload.1 ${PREFIX}/man/man1
        ( ${ECHO} '# (This file is not part of the pine distribution! - HF)' ; \
          ${PREFIX}/bin/pine -conf ) | ${SED} \
            -e 's|^\(use-only-domain-name\)=.*$$|\1=No|g' \
diff -r dc681ba320fa -r c5e966f3401d mail/pine/PLIST
--- a/mail/pine/PLIST   Sat Apr 16 12:56:04 2005 +0000
+++ b/mail/pine/PLIST   Sat Apr 16 13:24:16 2005 +0000
@@ -1,8 +1,10 @@
-@comment $NetBSD: PLIST,v 1.5 2004/05/07 20:00:53 reed Exp $
+@comment $NetBSD: PLIST,v 1.5.8.1 2005/04/16 13:24:16 salo Exp $
 bin/pine
 bin/rpdump
 bin/rpload
 man/man1/pine.1
+man/man1/rpdump.1
+man/man1/rpload.1
 share/pine/tech-notes.txt
 share/pine/contrib/krb5-setup
 share/pine/contrib/ldap-setup
diff -r dc681ba320fa -r c5e966f3401d mail/pine/distinfo
--- a/mail/pine/distinfo        Sat Apr 16 12:56:04 2005 +0000
+++ b/mail/pine/distinfo        Sat Apr 16 13:24:16 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.27 2005/03/19 12:52:28 schwarz Exp $
+$NetBSD: distinfo,v 1.27.2.1 2005/04/16 13:24:16 salo Exp $
 
 SHA1 (pine4.62.tar.bz2) = 7011a1030fcf3f78d8fb7d5b7bf2cd46037668f7
 RMD160 (pine4.62.tar.bz2) = f906b4db71aa72a1c4f638d0ea046e352a002c34
@@ -10,6 +10,7 @@
 SHA1 (patch-ae) = 0faf3a4161cba517a559a776d2a3a7fcb5116570
 SHA1 (patch-af) = 1cd12e0b7aea804528730ed7323e7ea1ac385466
 SHA1 (patch-ag) = 74d7e2dc9b986148825335f6f2b52bde963f9a67
+SHA1 (patch-ah) = cb29b1112cb77e96d6a7563dc329bc2e86a725aa
 SHA1 (patch-al) = 0e25dad2c4caf71b4204f137eee3f85d7b9b507c
 SHA1 (patch-ap) = ad1733f86195ecbd2211f3af7671c1d1c35803bc
 SHA1 (patch-aq) = 127023252f8984651c861be23735d50ae85eaa1e
diff -r dc681ba320fa -r c5e966f3401d mail/pine/patches/patch-ah
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/pine/patches/patch-ah        Sat Apr 16 13:24:16 2005 +0000
@@ -0,0 +1,48 @@
+$NetBSD: patch-ah,v 1.4.12.1 2005/04/16 13:24:16 salo Exp $
+
+--- pine/rpdump.c.orig 2004-05-07 23:55:32.000000000 +0100
++++ pine/rpdump.c      2005-04-15 17:31:21.000000000 +0100
+@@ -82,6 +82,7 @@
+     char *argv[];
+ {
+     MAILSTREAM *stream = NULL;
++    int        fd;
+     FILE       *fp;
+     int         usage = 0;
+     char        buf[10000];
+@@ -126,6 +127,7 @@
+       exit(-1);
+     }
+ 
++#ifdef UNSECURE_CODE_WITH_RACE_CONDITION
+     if(access(local, ACCESS_EXISTS) == 0){
+       if(access(local, WRITE_ACCESS) == 0){
+ 
+@@ -141,6 +143,7 @@
+           exit(-1);
+       }
+     }
++#endif
+ 
+     /*
+      * Try opening the remote folder.
+@@ -206,11 +209,18 @@
+     /*
+      * Try opening the local file.
+      */
+-    if((fp = fopen(local, "w")) == NULL){
++    if ((fd = open(local, O_WRONLY|O_CREAT|O_EXCL,
++                   S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)) < 0){
+       fprintf(stderr, "Can't open \"%s\": %s\n", local, err_desc(errno));
+       mail_close(stream);
+       exit(-1);
+     }
++    if((fp = fdopen(fd, "w")) == NULL){
++      fprintf(stderr, "Can't open \"%s\": %s\n", local, err_desc(errno));
++      mail_close(stream);
++        close(fd);
++      exit(-1);
++    }
+ 
+     p = data;
+     for(p = data; p < data+i; p++){



Home | Main Index | Thread Index | Old Index