- Update qpopper to 4.0.8

- Thanks to taca@ and gavan@ for feedback and patch review
- This also enables experimental PAM support (on platforms that support it)
- Security fixes included
- From the ChangeLog:
> Changes from 4.0.7 to 4.0.8:
> ---------------------------
>  1.  Fix compilation error on HPUX.
>  2.  Fix some compilation warnings.
>  3.  Update man page with '-x' option.
>  4.  Fix problems with 'make install'
>
>
> Changes from 4.0.6 to 4.0.7:
> ---------------------------
>  1.  Fix '-V' for standalone.
>  2.  Include 'man' directory in tarball.
>
>
> Changes from 4.0.5 to 4.0.6:
> ----------------------------
>  1.  Minor fixes for true64.
>  2.  Patch from Uli Zappe to fix SCRAM compilation bugs.
>  3.  Minor fixes for true64.
>  4.  poppassd now runs smbpasswd as user, not root, to avoid exploit
>  5.  Remove -traditional-cpp from the compiler options for Darwin
>      builds (otherwise build fails)
>  6.  Open stdout and stderr as O_WRONLY instead of O_RDONLY so that
>      should anything actually be written to them it will show up
>  7.  When configured as --with-pam and required,
>      include <pam/pam_appl.h> instead of <security/pam_appl.h>
>      (otherwise build fails)
>  8.  strdup the pw.pw_name field from getpwnam so that it's still
>      valid by the time genpath is called; also added corresponding
>      free (without this fix when the bug manifests, clients are
>      erroneously told there are 0 messages in the mail drop
>      regardless of the actual number)
>  9.  Add a pam bug workaround at the beginning of main to do a
>      pam_start and pam_end immediately when the program starts up
>      in order to avoid bogus authentication failed messages from
>      pam_authenticate later (only when configured as --with-pam)
>      [ Thanks to Kyle McKay for changes 5-9 ]
> 10.  Fixed error in configure script for Mac OS / Darwin.
> 11.  Support chained certs for OpenSSL [from Daniel Senie].
> 12.  Fixes to compile better on Linux [from Daniel Senie].
> 13.  X-UIDL header no longer written when Update_status_hdrs is false
>      [thanks to Helge Oldach]
> 14.  Now calling SSL_shutdown() again if it fails the first time.
> 15.  Now logging TLS errors when compiled with debugging and debug is
>      enabled (instead of either) [thanks to Maks N. Polunin].
> 16.  Config file now always closed (not just on error).
> 17.  When using pam, Kerberos tickets are now destroyed.
>      Otherwise dead tickets accumulate in cache directory which runs
>      out of space quickly on busy server.  Problem noted by Rodney
>      McDuff ITS UQ.   (Directory permissions on ticket cache dir need
>      to be 1777).
> 18.  Always log "Servicing request" (instead of just when debugging is
>      on).   This allows start of pop sessions to be logged always which
>      is useful for diagnosis of problems.
> 19.  Worked around problem on some systems causing SIGALRM to be masked,
>      leaving hung pop processes which should have timed out waiting
>      for a command from the client.
>      [ Thanks to David Shrimpton for changes 16-19 ]
> 20.  Now defaulting to "EXPIRE NEVER" instead of "EXPIRE 0".
> 21.  Fix core dump on 64-bit Solaris 2.8 [thanks to Kenny Nguyen]
> 22.  Log facility set on command line now applies to daemon as well.
>      [Thanks to Helge Oldach]
> 23.  '-y' to set log facility on command line now works again.
> 24.  Allow '-V' as synonym for '-v' (to see version).
> 25.  Process user and spool config files as user, not as root (fix
>      security hole reported by Jens Steube)
> 26.  Added "xtnd_xmit" as a boolean option to permit/deny XTND XMIT
>      and 'x' as a command-line option to disable it.  You should
>      disable it unless you really need it, and even then it is better
>      to move to SMTP AUTH.
> 27.  popauth now opens trace file as user, not root (fix security
>      hole reported by Jens Steube); also umask now set.
> 28.  Fix race crash on FreeBSD (thanks to Martin Haller).
> 29.  Resolve some compiler warnings.
> 30.  Fix check for libcrypt on FreeBSD.
> 31.  Added sample pam configuration file (also installed by 'make
>      install')
> 32.  Use generic error msg and sleep in more auth failure cases.
> 33.  Added code to use mkstemp() instead of our perfectly safe usage
>      of tempnam() because some compilers issue overly broad warnings
>      implying that all uses of tempnam() are unsafe.  To bypass,
>      use '--enable-tempnam' with ./configure.

3 files changed, 43 insertions, 100 deletions

diff --git a/mail/qpopper/patches/patch-am b/mail/qpopper/patches/patch-am
index 0414c68c0e1..8dcbaa3cf23 100644
--- a/mail/qpopper/patches/patch-am
+++ b/mail/qpopper/patches/patch-am
@@ -1,17 +1,17 @@
-$NetBSD: patch-am,v 1.3 2004/05/06 13:46:23 taca Exp $
+$NetBSD: patch-am,v 1.4 2005/06/01 20:55:16 adrianp Exp $
 
---- popper/Makefile.in.orig	Thu Mar 13 11:06:36 2003
+--- popper/Makefile.in.orig	2005-05-13 20:20:11.000000000 +0100
 +++ popper/Makefile.in
-@@ -90,6 +90,8 @@ VPATH           =   @srcdir@
+@@ -96,6 +96,8 @@ VPATH           =   @srcdir@
  prefix          =   @prefix@
  exec_prefix     =   @exec_prefix@
  installdir      =   @sbindir@
 +libexecdir	=   @libexecdir@
-+sbindir		=   @sbindir@
++sbindir         =   @sbindir@
  
  popper_srcdir   =   ${top_srcdir}/popper
  qd_srcdir       =   ${top_srcdir}/qd
-@@ -108,17 +110,20 @@ password_dir    =   ${base_dir}/password
+@@ -114,17 +116,20 @@ password_dir    =   ${base_dir}/password
  
  
  OBJS            =   pop_dele.o pop_dropcopy.o \
@@ -27,15 +27,15 @@ $NetBSD: patch-am,v 1.3 2004/05/06 13:46:23 taca Exp $
                      pop_extend.o scram.o hmac.o base64.o pop_util.o \
                      get_sub_opt.o msg_ptr.o drac.o pop_config.o pop_tls.o \
                      pop_tls_openssl.o pop_tls_sslplus.o sslplus_utils.o \
--                    main.o pop_cache.o genpath.o
-+                    pop_cache.o genpath.o
+-                    main.o pop_cache.o genpath.o 
++                    pop_cache.o genpath.o 
 +
 +INETDOBJ	=   main.o pop_init.o
 +STANDOBJ	=   main-stand.o pop_init-stand.o
  
  SRCS            =   pop_dele.c pop_dropcopy.c \
                      pop_get_command.c pop_get_subcommand.c pop_init.c \
-@@ -126,7 +131,7 @@ SRCS            =   pop_dele.c pop_dropc
+@@ -132,7 +137,7 @@ SRCS            =   pop_dele.c pop_dropc
                      pop_msg.c pop_parse.c pop_pass.c pop_quit.c \
                      pop_rset.c pop_send.c pop_stat.c pop_updt.c \
                      pop_user.c pop_xtnd.c pop_xmit.c popper.c \
@@ -44,7 +44,7 @@ $NetBSD: patch-am,v 1.3 2004/05/06 13:46:23 taca Exp $
                      pop_rpop.c pop_apop.c md5.c pop_auth.c pop_pope.c \
                      pop_extend.c scram.c hmac.c base64.c pop_util.c \
                      get_sub_opt.c msg_ptr.c drac.c pop_config.c pop_tls.c \
-@@ -174,7 +179,7 @@ SSL_INC         =   @SSL_DIR_INC@
+@@ -181,7 +186,7 @@ USE_PAM         =   @USE_PAM@
  
  .SUFFIXES: .c .o
  
@@ -53,7 +53,7 @@ $NetBSD: patch-am,v 1.3 2004/05/06 13:46:23 taca Exp $
  
  mangler_library: 
  	cd ${mmangle_dir} && ${MAKE} all
-@@ -182,13 +187,18 @@ mangler_library: 
+@@ -189,13 +194,18 @@ mangler_library: 
  common_library:
  	cd ${common_dir} && ${MAKE} all
  
@@ -75,20 +75,20 @@ $NetBSD: patch-am,v 1.3 2004/05/06 13:46:23 taca Exp $
  		${common_dir}/libcommon.a
  
  poppassd: common_library
-@@ -199,21 +209,32 @@ poppassd: common_library
+@@ -206,22 +216,36 @@ poppassd: common_library
  	        -I${mmangle_srcdir} -I${common_srcdir} ${SSL_INC} \
  	        ${CFLAGS} ${DEFS} ${CDEFS} ${OS_DEFS} $< -o $@
  
 +main-stand.o: main.c
 +	${CC} -c -I${base_dir} -I${top_srcdir} -I${srcdir} \
-+	        -I${mmangle_srcdir} -I${common_srcdir} ${SSL_INC} \
-+	        ${CFLAGS} ${DEFS} ${CDEFS} ${OS_DEFS} -DSTANDALONE \
++		-I${mmangle_srcdir} -I${common_srcdir} ${SSL_INC} \
++		${CFLAGS} ${DEFS} ${CDEFS} ${OS_DEFS} -DSTANDALONE \
 +		-o $@ main.c
 +
 +pop_init-stand.o: pop_init.c
 +	${CC} -c -I${base_dir} -I${top_srcdir} -I${srcdir} \
-+	        -I${mmangle_srcdir} -I${common_srcdir} ${SSL_INC} \
-+	        ${CFLAGS} ${DEFS} ${CDEFS} ${OS_DEFS} -DSTANDALONE \
++		-I${mmangle_srcdir} -I${common_srcdir} ${SSL_INC} \
++		${CFLAGS} ${DEFS} ${CDEFS} ${OS_DEFS} -DSTANDALONE \
 +		-o $@ pop_init.c
 +
  ${SRCS}:
@@ -99,23 +99,27 @@ $NetBSD: patch-am,v 1.3 2004/05/06 13:46:23 taca Exp $
 -	echo "Installed popper as ${installdir}/popper"
 -	if [ "x${poppassd}" != "x" ]; then \
 -	    cd ${password_dir} && ${MAKE} $@ ;\
--	fi
--	if [ "x${pop_auth}" != "x" ]; then \
--	    ${INSTALL} -s -m 4755 -o ${apop_uid} -g 0 ${pop_auth} \
--	               ${installdir}/${pop_auth}; \
--	    echo "Installed popauth as ${installdir}/${pop_auth} " \
 +install: popper popper-standalone ${pop_auth}
 +	${INSTALL} -s -m 0755 -o root popper ${libexecdir}/qpopper
-+	@echo "Installed popper as ${libexecdir}/qpopper"
++	echo "Installed popper as ${libexecdir}/qpopper"
 +	${INSTALL} -s -m 0755 -o root popper-standalone ${sbindir}/qpopper
 +	@echo "Installed standalone popper as ${sbindir}/qpopper"
 +	@if [ "x${pop_auth}" != "x" ]; then \
-+	    ${INSTALL} -s -m 4755 -o ${apop_uid} -g ${BINGRP} ${pop_auth} \
-+	               ${sbindir}/q${pop_auth}; \
-+	    echo "Installed popauth as ${sbindir}/q${pop_auth} " \
- 	         "with uid ${apop_uid}"; \
++		${INSTALL} -s -m 4755 -o ${apop_uid} -g ${BINGRP} ${pop_auth} \
++			${sbindir}/q${pop_auth}; \
++		echo "Installed popauth as ${sbindir}/q${pop_auth} " \
++			"with uid ${apop_uid}"; \
++		${sbindir}/q${pop_auth} -init -safe; \
+ 	fi
+ 
+-	if [ "x${pop_auth}" != "x" ]; then \
+-	    ${INSTALL} -s -m 4755 -o ${apop_uid} -g 0 ${pop_auth} \
+-	               ${installdir}/${pop_auth}; \
+-	    echo "Installed popauth as ${installdir}/${pop_auth} " \
+-	         "with uid ${apop_uid}"; \
 -	    ${installdir}/${pop_auth} -init -safe; \
-+	    ${sbindir}/q${pop_auth} -init -safe; \
++	if [ "x${poppassd}" != "x" ]; then \
++	    cd ${password_dir} && ${MAKE} $@ ;\
  	fi
  
- clean:
+ 	if [ "x${USE_PAM}" != "x" ]; then     \
diff --git a/mail/qpopper/patches/patch-ao b/mail/qpopper/patches/patch-ao
deleted file mode 100644
index ead7e30c6c8..00000000000
--- a/mail/qpopper/patches/patch-ao
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-ao,v 1.1 2004/05/06 13:46:23 taca Exp $
-
---- common/maillock.c.orig	Thu Mar 13 11:06:36 2003
-+++ common/maillock.c
-@@ -272,13 +272,13 @@ Qmaillock ( char         *drop_name,
- 
-         if ( bNo_atomic_open ) {
-             while ( fd == -1 ) {
-+		char tempdir[FILENAME_MAX];
-                 /* 
-                  * Create a temporary file and link it to lock file 
-                  */
--                pTmp = tempnam ( pSpool_dir, "POP" );
--                if ( pTmp != NULL ) {
--                    fd = open ( pTmp, O_CREAT | O_EXCL, 0600 );
--                }
-+		Qsprintf(tempdir, "%s/POPXXXXXXXXXX", pSpool_dir);
-+		fd = mkstemp(tempdir);
-+                pTmp = strdup(tempdir);
-                 if ( fd == -1 ) {
-                     if ( DEBUGGING && bDebugging ) {
-                         logit ( fTrace, POP_DEBUG, HERE,
diff --git a/mail/qpopper/patches/patch-ap b/mail/qpopper/patches/patch-ap
index 3390c6be829..61ec0ccbc6d 100644
--- a/mail/qpopper/patches/patch-ap
+++ b/mail/qpopper/patches/patch-ap
@@ -1,72 +1,33 @@
-$NetBSD: patch-ap,v 1.2 2005/01/30 04:41:16 taca Exp $
+$NetBSD: patch-ap,v 1.3 2005/06/01 20:55:16 adrianp Exp $
 
---- popper/main.c.orig	2005-01-30 13:05:52.000000000 +0900
+--- popper/main.c.orig	2005-05-28 17:29:10.000000000 +0100
 +++ popper/main.c
-@@ -226,7 +226,8 @@ main ( int argc, char *argv[] )
- #else
-     struct sockaddr_in  cli_addr;
-     struct sockaddr_in  serv_addr;
--    unsigned short      port        = SERV_TCP_PORT;
-+    unsigned short      hport        = SERV_TCP_PORT;
-+    unsigned short      port;
-     unsigned long       addr        = INADDR_ANY;
-     int                 pollfd [ 1 ];
- #endif
-@@ -236,6 +237,7 @@ main ( int argc, char *argv[] )
+@@ -246,6 +246,7 @@ main ( int argc, char *argv[] )
      fd_set              fdset_templ;
      fd_set              fdset_read;
      int                 fd_flags    = 0;
 +    FILE		*fp;
  
  
-     if ( argc >= 2 && ( strncmp ( argv[1], "-v",  2 ) == 0 ||
-@@ -256,7 +258,7 @@ main ( int argc, char *argv[] )
-      * Ensure default port & address is in network order
-      */
-     addr = htonl ( addr );
--    port = htons ( port );
-+    port = htons ( hport );
- #endif
+ #ifdef USE_PAM
+@@ -625,7 +626,10 @@ main ( int argc, char *argv[] )
+             "listening using socket fd %d", 
+             sockfd );
  
-     /*
-@@ -290,8 +292,7 @@ main ( int argc, char *argv[] )
-     {
- #ifndef INET6
-         unsigned long  a = addr;
--        unsigned short n = ntohs ( port );
--        unsigned short n = port;
-+	int	       n = hport;
-         char           b [ 25 ] = "";
- #endif
-         char          *q = b;
-@@ -349,7 +350,8 @@ main ( int argc, char *argv[] )
-         if ( a == BAD_ADDR || n == 0 || n > USHRT_MAX )
-             err_dump ( HERE, "invalid address and/or port: \"%s\"", argv[1] );
- 
--        port = htons ( n );
-+        hport = n;
-+	port = htons ( hport );
-         addr = a;
- #endif
-         
-@@ -636,7 +638,10 @@ main ( int argc, char *argv[] )
- 	TRACE ( trace_file, POP_DEBUG, HERE, "listening using socket fd %d",
- 		sockfd );
- 
--	listen ( sockfd, 5 );
+-    listen ( sockfd, 5 );
 +#ifndef SOMAXCONN
 +#define SOMAXCONN 5
 +#endif
 +	listen ( sockfd, SOMAXCONN );
  
- 	/*
- 	 * Set file descriptor to be non-blocking in case there isn't really a
-@@ -762,6 +767,16 @@ main ( int argc, char *argv[] )
+     /*
+      * Set file descriptor to be non-blocking in case there isn't really a
+@@ -655,6 +659,16 @@ main ( int argc, char *argv[] )
      signal ( SIGHUP,  VOIDSTAR hupit   );
      signal ( SIGTERM, VOIDSTAR cleanup );
  
 +#ifndef PIDFILE
-+#define	PIDFILE	"/var/run/qpopper.pid"
++#define        PIDFILE "/var/run/qpopper.pid"
 +#endif
 +    fp = fopen(PIDFILE, "w");
 +    if (fp == NULL) {