diff options
author | hubertf <hubertf@pkgsrc.org> | 2000-03-02 00:23:14 +0000 |
---|---|---|
committer | hubertf <hubertf@pkgsrc.org> | 2000-03-02 00:23:14 +0000 |
commit | 467336a0701001d823fc678143dc168d6b93df32 (patch) | |
tree | 80756e9a7f7659cad812f2b3c29940c03357ab5d | |
parent | 89b6816a23e703fae8e62c2bd844ab394f0fbae4 (diff) | |
download | pkgsrc-467336a0701001d823fc678143dc168d6b93df32.tar.gz |
Update to V1.0.3, per request of our security officers:
Versions prior to 1.0.3 of the nmh package contained a vulnerability
where incoming mail messages with carefully designed MIME headers could
cause nmh's mhshow command to execute arbitrary shell code.
See the changelog for another 372 lines of changes.
-rw-r--r-- | mail/nmh/Makefile | 6 | ||||
-rw-r--r-- | mail/nmh/files/patch-sum | 13 | ||||
-rw-r--r-- | mail/nmh/patches/patch-ca | 16 | ||||
-rw-r--r-- | mail/nmh/patches/patch-cb | 24 | ||||
-rw-r--r-- | mail/nmh/patches/patch-cc | 10 | ||||
-rw-r--r-- | mail/nmh/patches/patch-cd | 13 | ||||
-rw-r--r-- | mail/nmh/patches/patch-ce | 17 | ||||
-rw-r--r-- | mail/nmh/patches/patch-cf | 31 | ||||
-rw-r--r-- | mail/nmh/patches/patch-cg | 16 | ||||
-rw-r--r-- | mail/nmh/patches/patch-ch | 16 | ||||
-rw-r--r-- | mail/nmh/pkg/PLIST | 129 |
11 files changed, 102 insertions, 189 deletions
diff --git a/mail/nmh/Makefile b/mail/nmh/Makefile index 3f966226bdf..17e04320f4b 100644 --- a/mail/nmh/Makefile +++ b/mail/nmh/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.32 2000/01/09 01:29:06 wiz Exp $ +# $NetBSD: Makefile,v 1.33 2000/03/02 00:23:14 hubertf Exp $ # FreeBSD Id: Makefile,v 1.2 1997/08/04 06:51:28 markm Exp # -DISTNAME= nmh-1.0 +DISTNAME= nmh-1.0.3 CATEGORIES= mail -MASTER_SITES= ftp://ftp.math.gatech.edu/pub/nmh/ +MASTER_SITES= ftp://ftp.mhost.com/pub/nmh/ MAINTAINER= kim@tac.nyc.ny.us HOMEPAGE= http://www.math.gatech.edu/nmh/ diff --git a/mail/nmh/files/patch-sum b/mail/nmh/files/patch-sum index ca417aa4d09..f549ebcb3d3 100644 --- a/mail/nmh/files/patch-sum +++ b/mail/nmh/files/patch-sum @@ -1,10 +1,5 @@ -$NetBSD: patch-sum,v 1.2 2000/01/18 15:50:32 agc Exp $ +$NetBSD: patch-sum,v 1.3 2000/03/02 00:23:15 hubertf Exp $ -MD5 (patch-ca) = f428195be1c2e6ea9dece64b9468c2a2 -MD5 (patch-cb) = a5e72cabb0581833781d838ba7a8f363 -MD5 (patch-cc) = 5b2aabb2f9324fa1f84916a5b6c700ea -MD5 (patch-cd) = cdd8cf36c8a4c32f9b95a46385eff29f -MD5 (patch-ce) = 45ec854a9800773bfdb4f02e4e861e80 -MD5 (patch-cf) = 81367991e788a1fdeb76dca211e2508e -MD5 (patch-cg) = 0f1266bf68fa26b57310bc9347b72dfc -MD5 (patch-ch) = 98075d650a2ed27b876118ffe220e24a +MD5 (patch-ca) = ba8bde6090ca48b315ac84f6a3c04f2d +MD5 (patch-cb) = 6ba803e016659cde1f688f27f6ce09b5 +MD5 (patch-cc) = 14aab99374bf88d3d661ca795fdd2af8 diff --git a/mail/nmh/patches/patch-ca b/mail/nmh/patches/patch-ca index 85a9e203f72..d10d3bccd1a 100644 --- a/mail/nmh/patches/patch-ca +++ b/mail/nmh/patches/patch-ca @@ -1,10 +1,10 @@ -$NetBSD: patch-ca,v 1.2 2000/01/18 15:50:33 agc Exp $ +$NetBSD: patch-ca,v 1.3 2000/03/02 00:23:15 hubertf Exp $ Use ${INSTALL_SCRIPT} to install scripts Install configuration files as <conf-file>.dist ---- etc/Makefile.in.orig Fri Oct 2 23:38:38 1998 -+++ etc/Makefile.in Thu Mar 4 01:41:05 1999 +--- etc/Makefile.in.orig Thu Jan 6 22:30:07 2000 ++++ etc/Makefile.in Thu Mar 2 00:46:18 2000 @@ -21,6 +21,7 @@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -13,24 +13,24 @@ Install configuration files as <conf-file>.dist # Path to search for programs to handle MIME # content. Used to create mhn.defaults -@@ -79,16 +80,16 @@ +@@ -80,16 +81,16 @@ $(INSTALL_DATA) $(srcdir)/$$file $(etcdir)/$$file; \ done for file in $(GEN_FILES); do \ - if [ -f $(etcdir)/$$file ]; then \ - mv $(etcdir)/$$file $(etcdir)/$$file.old; \ + if [ -f $(etcdir)/$$file.dist ]; then \ -+ mv $(etcdir)/$$file.dist $(etcdir)/$$file.dist.old; \ ++ mv $(etcdir)/$$file.dist $(etcdir)/$$file.old; \ fi; \ - $(INSTALL_DATA) $$file $(etcdir)/$$file; \ + $(INSTALL_DATA) $$file $(etcdir)/$$file.dist; \ done install-scripts: - $(top_srcdir)/mkinstalldirs $(libdir) + $(top_srcdir)/mkinstalldirs $(bindir) for script in $(SCRIPTS); do \ -- $(INSTALL_PROGRAM) $(srcdir)/$$script $(libdir)/$$script; \ -+ $(INSTALL_SCRIPT) $(srcdir)/$$script $(libdir)/$$script; \ +- $(INSTALL_PROGRAM) $(srcdir)/$$script $(bindir)/$$script; \ ++ $(INSTALL_SCRIPT) $(srcdir)/$$script $(bindir)/$$script; \ done uninstall: uninstall-files uninstall-scripts diff --git a/mail/nmh/patches/patch-cb b/mail/nmh/patches/patch-cb index 6dde242756e..9e638adcd48 100644 --- a/mail/nmh/patches/patch-cb +++ b/mail/nmh/patches/patch-cb @@ -1,7 +1,7 @@ -$NetBSD: patch-cb,v 1.4 1999/03/07 01:16:26 kim Exp $ +$NetBSD: patch-cb,v 1.5 2000/03/02 00:23:15 hubertf Exp $ ---- config.h.in.orig Sat Jan 23 21:27:49 1999 -+++ config.h.in Sat Mar 6 19:50:56 1999 +--- config.h.in.orig Sun Feb 6 13:40:21 2000 ++++ config.h.in Thu Mar 2 00:47:13 2000 @@ -1,5 +1,12 @@ /* config.h.in. Generated automatically from configure.in by autoheader. */ @@ -15,23 +15,7 @@ $NetBSD: patch-cb,v 1.4 1999/03/07 01:16:26 kim Exp $ /****** BEGIN USER CONFIGURATION SECTION *****/ /* -@@ -37,9 +44,12 @@ - * OpenBSD 2.x - * BSD/OS 2.x - */ --/* #define BIND 1 */ --/* #define BSD42 1 */ --/* #define BSD44 1 */ -+#ifdef BSD4_4 -+#define BIND 1 -+#define BSD42 1 -+#define BSD44 1 -+#define GCOS_HACK 1 -+#endif - - /* - * SCO 4.x -@@ -399,9 +409,6 @@ +@@ -405,9 +412,6 @@ /* Define if you have the <sys/ndir.h> header file. */ #undef HAVE_SYS_NDIR_H diff --git a/mail/nmh/patches/patch-cc b/mail/nmh/patches/patch-cc index 25dfa0e8644..4b1f1624afd 100644 --- a/mail/nmh/patches/patch-cc +++ b/mail/nmh/patches/patch-cc @@ -1,9 +1,9 @@ -$NetBSD: patch-cc,v 1.1 1999/03/06 20:37:32 kim Exp $ +$NetBSD: patch-cc,v 1.2 2000/03/02 00:23:15 hubertf Exp $ ---- uip/show.c.orig Thu Dec 3 18:22:07 1998 -+++ uip/show.c Sat Mar 6 14:55:52 1999 -@@ -315,6 +315,15 @@ - vec[vecp] = NULL; +--- uip/show.c.orig Sun Sep 12 15:50:12 1999 ++++ uip/show.c Thu Mar 2 00:47:34 2000 +@@ -326,6 +326,15 @@ + vec[++vecp] = NULL; } + /* If the "proc" is "mhshow", add "-file" if showing file or draft. diff --git a/mail/nmh/patches/patch-cd b/mail/nmh/patches/patch-cd deleted file mode 100644 index de8b6c229b6..00000000000 --- a/mail/nmh/patches/patch-cd +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-cd,v 1.1 1999/03/06 20:37:32 kim Exp $ - ---- zotnet/tws/dtime.c.orig Sun Jul 12 16:16:33 1998 -+++ zotnet/tws/dtime.c Sat Mar 6 15:17:04 1999 -@@ -247,7 +247,7 @@ - char * - dctime (struct tws *tw) - { -- static char buffer[25]; -+ static char buffer[26]; - - if (!tw) - return NULL; diff --git a/mail/nmh/patches/patch-ce b/mail/nmh/patches/patch-ce deleted file mode 100644 index 8b899e41728..00000000000 --- a/mail/nmh/patches/patch-ce +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-ce,v 1.1 1999/03/07 19:39:19 kim Exp $ - ---- uip/mhshowsbr.c.orig Wed Sep 9 16:59:17 1998 -+++ uip/mhshowsbr.c Sun Mar 7 14:14:59 1999 -@@ -509,10 +509,11 @@ - read (fileno (stdout), prompt, sizeof(prompt)); - } - SIGNAL (SIGINT, istat); -- if (intr != OK) { -+ if (intr != OK || prompt[0] == 'n') { - (*ct->c_ceclosefnx) (ct); - return (alternate ? DONE : NOTOK); - } -+ if (prompt[0] == 'q') done(OK); - } - } - diff --git a/mail/nmh/patches/patch-cf b/mail/nmh/patches/patch-cf deleted file mode 100644 index cbc7b644a1e..00000000000 --- a/mail/nmh/patches/patch-cf +++ /dev/null @@ -1,31 +0,0 @@ -$NetBSD: patch-cf,v 1.1 1999/03/07 19:40:01 kim Exp $ - ---- sbr/m_getfld.c.orig Fri Jul 31 18:48:37 1998 -+++ sbr/m_getfld.c Sun Mar 7 14:33:11 1999 -@@ -259,7 +259,7 @@ - bp = sp = (unsigned char *) iob->_ptr - 1; - j = (cnt = iob->_cnt+1) < i ? cnt : i; - #endif -- while ((c = *bp++) != ':' && c != '\n' && --j >= 0) -+ while (--j >= 0 && (c = *bp++) != ':' && c != '\n') - *cp++ = c; - - j = bp - sp; -@@ -538,7 +538,7 @@ - ; - #else /* RPATHS */ - cp = unixbuf; -- while ((c = getc (iob)) != '\n') -+ while ((c = getc (iob)) != '\n' && cp - unixbuf < BUFSIZ - 1) - *cp++ = c; - *cp = 0; - #endif /* RPATHS */ -@@ -639,7 +639,7 @@ - break; - #else /* RPATHS */ - cp = unixbuf; -- while ((c = getc (iob)) != '\n' && c >= 0) -+ while ((c = getc (iob)) != '\n' && c >= 0 && cp - unixbuf < BUFSIZ - 1) - *cp++ = c; - *cp = 0; - #endif /* RPATHS */ diff --git a/mail/nmh/patches/patch-cg b/mail/nmh/patches/patch-cg deleted file mode 100644 index 2a63d89823d..00000000000 --- a/mail/nmh/patches/patch-cg +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-cg,v 1.1 1999/03/08 20:48:28 kim Exp $ - ---- uip/mhparse.c.orig Thu Oct 15 00:04:57 1998 -+++ uip/mhparse.c Mon Mar 8 15:29:57 1999 -@@ -1194,9 +1194,9 @@ - struct k2v *kv; - CI ci = &ct->c_ctinfo; - -- if (ct->c_encoding != CE_7BIT) { -+ if ((ct->c_encoding != CE_7BIT) && (ct->c_encoding != CE_8BIT)) { - admonish (NULL, -- "\"%s/%s\" type in message %s should be encoded in 7bit", -+ "\"%s/%s\" type in message %s should be encoded in 7bit or 8bit", - ci->ci_type, ci->ci_subtype, ct->c_file); - return NOTOK; - } diff --git a/mail/nmh/patches/patch-ch b/mail/nmh/patches/patch-ch deleted file mode 100644 index bfed7eaff3c..00000000000 --- a/mail/nmh/patches/patch-ch +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ch,v 1.1 1999/03/08 20:48:29 kim Exp $ - ---- uip/mhbuildsbr.c.orig Thu Oct 15 00:05:02 1998 -+++ uip/mhbuildsbr.c Mon Mar 8 15:32:11 1999 -@@ -1433,9 +1433,9 @@ - struct k2v *kv; - CI ci = &ct->c_ctinfo; - -- if (ct->c_encoding != CE_7BIT) { -+ if ((ct->c_encoding != CE_7BIT) && (ct->c_encoding != CE_8BIT)) { - admonish (NULL, -- "\"%s/%s\" type in message %s should be encoded in 7bit", -+ "\"%s/%s\" type in message %s should be encoded in 7bit or 8bit", - ci->ci_type, ci->ci_subtype, ct->c_file); - return NOTOK; - } diff --git a/mail/nmh/pkg/PLIST b/mail/nmh/pkg/PLIST index 7e616a6af44..fc384d72b70 100644 --- a/mail/nmh/pkg/PLIST +++ b/mail/nmh/pkg/PLIST @@ -1,31 +1,25 @@ -@comment $NetBSD: PLIST,v 1.11 2000/01/18 15:50:33 agc Exp $ +@comment $NetBSD: PLIST,v 1.12 2000/03/02 00:23:16 hubertf Exp $ bin/ali +bin/mhn bin/anno bin/burst bin/comp bin/dist bin/flist -bin/flists bin/folder -bin/folders bin/forw -bin/inc bin/mark bin/mhbuild bin/mhlist bin/mhmail -bin/mhn bin/mhparam bin/mhpath bin/mhshow bin/mhstore -bin/mhtest bin/msgchk bin/msh -bin/next bin/packf bin/pick -bin/prev bin/prompter bin/refile bin/repl @@ -35,47 +29,16 @@ bin/scan bin/send bin/show bin/sortm +bin/inc bin/viamail bin/whatnow bin/whom -etc/nmh/MailAliases -etc/nmh/components -etc/nmh/digestcomps -etc/nmh/distcomps -etc/nmh/forwcomps -etc/nmh/mhl.body -etc/nmh/mhl.digest -etc/nmh/mhl.format -etc/nmh/mhl.forward -etc/nmh/mhl.headers -etc/nmh/mhl.reply -etc/nmh/mhn.defaults.dist -etc/nmh/mts.conf.dist -etc/nmh/rcvdistcomps -etc/nmh/replcomps -etc/nmh/replgroupcomps -etc/nmh/scan.default -etc/nmh/scan.mailx -etc/nmh/scan.nomime -etc/nmh/scan.size -etc/nmh/scan.time -etc/nmh/scan.timely -etc/nmh/scan.unseen -etc/nmh/tmac.h -libexec/nmh/ap -libexec/nmh/conflict -libexec/nmh/dp -libexec/nmh/fmtdump -libexec/nmh/install-mh -libexec/nmh/mhl -libexec/nmh/post -libexec/nmh/rcvdist -libexec/nmh/rcvpack -libexec/nmh/rcvstore -libexec/nmh/rcvtty -libexec/nmh/sendfiles -libexec/nmh/slocal -libexec/nmh/spost +bin/flists +bin/folders +bin/prev +bin/next +bin/sendfiles +man/man1/repl.1 man/man1/ali.1 man/man1/anno.1 man/man1/burst.1 @@ -87,6 +50,7 @@ man/man1/forw.1 man/man1/inc.1 man/man1/mark.1 man/man1/mh-chart.1 +man/man1/nmh.1 man/man1/mhbuild.1 man/man1/mhl.1 man/man1/mhlist.1 @@ -99,7 +63,6 @@ man/man1/mhstore.1 man/man1/msgchk.1 man/man1/msh.1 man/man1/next.1 -man/man1/nmh.1 man/man1/packf.1 man/man1/pick.1 man/man1/prev.1 @@ -109,7 +72,6 @@ man/man1/rcvpack.1 man/man1/rcvstore.1 man/man1/rcvtty.1 man/man1/refile.1 -man/man1/repl.1 man/man1/rmf.1 man/man1/rmm.1 man/man1/scan.1 @@ -128,6 +90,7 @@ man/man5/mh-mail.5 man/man5/mh-profile.5 man/man5/mh-sequence.5 man/man5/mh-tailor.5 +man/man5/mh_profile.5 man/man8/ap.8 man/man8/conflict.8 man/man8/dp.8 @@ -141,7 +104,71 @@ share/doc/nmh/FAQ share/doc/nmh/MAIL.FILTERING share/doc/nmh/README share/doc/nmh/TODO -share/doc/nmh/ZSH.COMPLETION -@dirrm etc/nmh -@dirrm libexec/nmh +share/doc/nmh/COMPLETION-ZSH +etc/nmh/mhl.body +etc/nmh/mhl.digest +etc/nmh/mhl.format +etc/nmh/mhl.forward +etc/nmh/mhl.headers +etc/nmh/mhl.reply +etc/nmh/scan.default +etc/nmh/scan.mailx +etc/nmh/scan.nomime +etc/nmh/scan.size +etc/nmh/scan.time +etc/nmh/scan.timely +etc/nmh/scan.unseen +etc/nmh/components +etc/nmh/digestcomps +etc/nmh/distcomps +etc/nmh/forwcomps +etc/nmh/rcvdistcomps +etc/nmh/rcvdistcomps.outbox +etc/nmh/replcomps +etc/nmh/replgroupcomps +etc/nmh/MailAliases +etc/nmh/mhn.defaults.dist +etc/nmh/tmac.h +etc/nmh/mhn.defaults +etc/nmh/mts.conf.dist +etc/nmh/mhl.body.old +etc/nmh/mhl.digest.old +etc/nmh/mhl.format.old +etc/nmh/mhl.forward.old +etc/nmh/mhl.headers.old +etc/nmh/mhl.reply.old +etc/nmh/scan.default.old +etc/nmh/scan.mailx.old +etc/nmh/scan.nomime.old +etc/nmh/scan.size.old +etc/nmh/scan.time.old +etc/nmh/scan.timely.old +etc/nmh/scan.unseen.old +etc/nmh/components.old +etc/nmh/digestcomps.old +etc/nmh/distcomps.old +etc/nmh/forwcomps.old +etc/nmh/rcvdistcomps.old +etc/nmh/rcvdistcomps.outbox.old +etc/nmh/replcomps.old +etc/nmh/replgroupcomps.old +etc/nmh/MailAliases.old +etc/nmh/mhn.defaults.old +etc/nmh/mts.conf.old +libexec/nmh/ap +libexec/nmh/conflict +libexec/nmh/dp +libexec/nmh/fmtdump +libexec/nmh/install-mh +libexec/nmh/mhl +libexec/nmh/post +libexec/nmh/rcvdist +libexec/nmh/rcvpack +libexec/nmh/rcvstore +libexec/nmh/rcvtty +libexec/nmh/slocal +libexec/nmh/spost +libexec/nmh/mhtest @dirrm share/doc/nmh +@dirrm libexec/nmh +@dirrm etc/nmh |