pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q1]: pkgsrc/mail/pine Pullup ticket 443 - requested by Mat...
details: https://anonhg.NetBSD.org/pkgsrc/rev/c5e966f3401d
branches: pkgsrc-2005Q1
changeset: 490945:c5e966f3401d
user: salo <salo%pkgsrc.org@localhost>
date: Sat Apr 16 13:24:16 2005 +0000
description:
Pullup ticket 443 - requested by Matthias Scheler
security fix for pine
Revisions pulled up:
- pkgsrc/mail/pine/Makefile 1.104
- pkgsrc/mail/pine/PLIST 1.6
- pkgsrc/mail/pine/distinfo 1.28
- pkgsrc/mail/pine/patches/patch-ah 1.5
Module Name: pkgsrc
Committed By: tron
Date: Fri Apr 15 16:36:40 UTC 2005
Modified Files:
pkgsrc/mail/pine: Makefile PLIST distinfo
Added Files:
pkgsrc/mail/pine/patches: patch-ah
Log Message:
- Fix unsafe file operations in "rpdump" utility (CAN-2005-1066).
- Install manual pages for "rpdump" and "rpload" utilities.
Bump package revision because of the above changes.
diffstat:
mail/pine/Makefile | 14 +++++++-----
mail/pine/PLIST | 4 ++-
mail/pine/distinfo | 3 +-
mail/pine/patches/patch-ah | 48 ++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 61 insertions(+), 8 deletions(-)
diffs (116 lines):
diff -r dc681ba320fa -r c5e966f3401d mail/pine/Makefile
--- a/mail/pine/Makefile Sat Apr 16 12:56:04 2005 +0000
+++ b/mail/pine/Makefile Sat Apr 16 13:24:16 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.102 2005/03/15 17:03:17 kim Exp $
+# $NetBSD: Makefile,v 1.102.2.1 2005/04/16 13:24:16 salo Exp $
DISTNAME= pine4.62
PKGNAME= pine-4.62
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= mail news
MASTER_SITES= ftp://ftp.cac.washington.edu/pine/ \
ftp://ftp.fu-berlin.de/unix/mail/pine/
@@ -81,11 +81,13 @@
EXTRALDFLAGS="${LDFLAGS} ${LIBS}"
do-install:
- ${INSTALL_PROGRAM} ${WRKSRC}/bin/pine ${PREFIX}/bin/
- ${INSTALL_PROGRAM} ${WRKSRC}/bin/rpdump ${PREFIX}/bin/
- ${INSTALL_PROGRAM} ${WRKSRC}/bin/rpload ${PREFIX}/bin/
+ ${INSTALL_PROGRAM} ${WRKSRC}/bin/pine ${PREFIX}/bin
+ ${INSTALL_PROGRAM} ${WRKSRC}/bin/rpdump ${PREFIX}/bin
+ ${INSTALL_PROGRAM} ${WRKSRC}/bin/rpload ${PREFIX}/bin
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/pine
- ${INSTALL_MAN} ${WRKSRC}/doc/pine.1 ${PREFIX}/man/man1/pine.1
+ ${INSTALL_MAN} ${WRKSRC}/doc/pine.1 ${PREFIX}/man/man1
+ ${INSTALL_MAN} ${WRKSRC}/doc/rpdump.1 ${PREFIX}/man/man1
+ ${INSTALL_MAN} ${WRKSRC}/doc/rpload.1 ${PREFIX}/man/man1
( ${ECHO} '# (This file is not part of the pine distribution! - HF)' ; \
${PREFIX}/bin/pine -conf ) | ${SED} \
-e 's|^\(use-only-domain-name\)=.*$$|\1=No|g' \
diff -r dc681ba320fa -r c5e966f3401d mail/pine/PLIST
--- a/mail/pine/PLIST Sat Apr 16 12:56:04 2005 +0000
+++ b/mail/pine/PLIST Sat Apr 16 13:24:16 2005 +0000
@@ -1,8 +1,10 @@
-@comment $NetBSD: PLIST,v 1.5 2004/05/07 20:00:53 reed Exp $
+@comment $NetBSD: PLIST,v 1.5.8.1 2005/04/16 13:24:16 salo Exp $
bin/pine
bin/rpdump
bin/rpload
man/man1/pine.1
+man/man1/rpdump.1
+man/man1/rpload.1
share/pine/tech-notes.txt
share/pine/contrib/krb5-setup
share/pine/contrib/ldap-setup
diff -r dc681ba320fa -r c5e966f3401d mail/pine/distinfo
--- a/mail/pine/distinfo Sat Apr 16 12:56:04 2005 +0000
+++ b/mail/pine/distinfo Sat Apr 16 13:24:16 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.27 2005/03/19 12:52:28 schwarz Exp $
+$NetBSD: distinfo,v 1.27.2.1 2005/04/16 13:24:16 salo Exp $
SHA1 (pine4.62.tar.bz2) = 7011a1030fcf3f78d8fb7d5b7bf2cd46037668f7
RMD160 (pine4.62.tar.bz2) = f906b4db71aa72a1c4f638d0ea046e352a002c34
@@ -10,6 +10,7 @@
SHA1 (patch-ae) = 0faf3a4161cba517a559a776d2a3a7fcb5116570
SHA1 (patch-af) = 1cd12e0b7aea804528730ed7323e7ea1ac385466
SHA1 (patch-ag) = 74d7e2dc9b986148825335f6f2b52bde963f9a67
+SHA1 (patch-ah) = cb29b1112cb77e96d6a7563dc329bc2e86a725aa
SHA1 (patch-al) = 0e25dad2c4caf71b4204f137eee3f85d7b9b507c
SHA1 (patch-ap) = ad1733f86195ecbd2211f3af7671c1d1c35803bc
SHA1 (patch-aq) = 127023252f8984651c861be23735d50ae85eaa1e
diff -r dc681ba320fa -r c5e966f3401d mail/pine/patches/patch-ah
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/pine/patches/patch-ah Sat Apr 16 13:24:16 2005 +0000
@@ -0,0 +1,48 @@
+$NetBSD: patch-ah,v 1.4.12.1 2005/04/16 13:24:16 salo Exp $
+
+--- pine/rpdump.c.orig 2004-05-07 23:55:32.000000000 +0100
++++ pine/rpdump.c 2005-04-15 17:31:21.000000000 +0100
+@@ -82,6 +82,7 @@
+ char *argv[];
+ {
+ MAILSTREAM *stream = NULL;
++ int fd;
+ FILE *fp;
+ int usage = 0;
+ char buf[10000];
+@@ -126,6 +127,7 @@
+ exit(-1);
+ }
+
++#ifdef UNSECURE_CODE_WITH_RACE_CONDITION
+ if(access(local, ACCESS_EXISTS) == 0){
+ if(access(local, WRITE_ACCESS) == 0){
+
+@@ -141,6 +143,7 @@
+ exit(-1);
+ }
+ }
++#endif
+
+ /*
+ * Try opening the remote folder.
+@@ -206,11 +209,18 @@
+ /*
+ * Try opening the local file.
+ */
+- if((fp = fopen(local, "w")) == NULL){
++ if ((fd = open(local, O_WRONLY|O_CREAT|O_EXCL,
++ S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)) < 0){
+ fprintf(stderr, "Can't open \"%s\": %s\n", local, err_desc(errno));
+ mail_close(stream);
+ exit(-1);
+ }
++ if((fp = fdopen(fd, "w")) == NULL){
++ fprintf(stderr, "Can't open \"%s\": %s\n", local, err_desc(errno));
++ mail_close(stream);
++ close(fd);
++ exit(-1);
++ }
+
+ p = data;
+ for(p = data; p < data+i; p++){
Home |
Main Index |
Thread Index |
Old Index