diff options
| author | itojun <itojun@pkgsrc.org> | 2000-04-24 11:04:17 +0000 |
|---|---|---|
| committer | itojun <itojun@pkgsrc.org> | 2000-04-24 11:04:17 +0000 |
| commit | ee36cd1c9eaf641f4dc89251c5b0750b90d6e310 (patch) | |
| tree | 51255c0a18dcc3ad7809a01e8815a75dda741fce /mail/qpopper | |
| parent | a2734a59275954554b397d45cfdfb7718ee26015 (diff) | |
| download | pkgsrc-ee36cd1c9eaf641f4dc89251c5b0750b90d6e310.tar.gz | |
integrate temporary fix against long-line attack, from FreeBSD ports-current
(committed Apr 17 by ache@freebsd.org).
addresses problem outlined in this bugtraq article:
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=9763.000421@SECURITY.NNOV.RU
Diffstat (limited to 'mail/qpopper')
| -rw-r--r-- | mail/qpopper/files/patch-sum | 5 | ||||
| -rw-r--r-- | mail/qpopper/patches/patch-ah | 46 | ||||
| -rw-r--r-- | mail/qpopper/patches/patch-ak | 29 |
3 files changed, 53 insertions, 27 deletions
diff --git a/mail/qpopper/files/patch-sum b/mail/qpopper/files/patch-sum index 3756b031a88..ed67b778ceb 100644 --- a/mail/qpopper/files/patch-sum +++ b/mail/qpopper/files/patch-sum @@ -1,4 +1,4 @@ -$NetBSD: patch-sum,v 1.8 1999/09/15 21:36:35 tron Exp $ +$NetBSD: patch-sum,v 1.9 2000/04/24 11:04:17 itojun Exp $ MD5 (patch-aa) = 84e82919959c11bc713d467b238286b2 MD5 (patch-ab) = 49bd44f8866a35504dd4017d0ac3f546 @@ -7,6 +7,7 @@ MD5 (patch-ad) = caa8837a2df9af1b8c56a73992906a9a MD5 (patch-ae) = 226b6c8a515d37f631a1983f68eab2a3 MD5 (patch-af) = 4fc4ebc25499f90fd92274a76b7df5e3 MD5 (patch-ag) = a5f017474ee6242dc87c8773255070af -MD5 (patch-ah) = 13f18327b28b7ae29739ae2567719aca +MD5 (patch-ah) = 69ace9a7b4e0be37596fd77e592bb3c1 MD5 (patch-ai) = c5a6a595f51f68999e1e4e6d7c05d9e9 MD5 (patch-aj) = b88fbeb3afc4eb785c0d036e5c96fa5a +MD5 (patch-ak) = 1b8300342546f9299a246472d14f8a81 diff --git a/mail/qpopper/patches/patch-ah b/mail/qpopper/patches/patch-ah index 754d75f95d9..2b9a47eba18 100644 --- a/mail/qpopper/patches/patch-ah +++ b/mail/qpopper/patches/patch-ah @@ -1,18 +1,12 @@ -$NetBSD: patch-ah,v 1.6 1999/09/15 21:30:59 tron Exp $ - ---- popper.h.orig Fri Jul 10 01:44:08 1998 -+++ popper.h Wed Sep 15 23:28:17 1999 -@@ -31,14 +31,26 @@ - - #ifdef HAVE_SYS_PARAM_H +$NetBSD: patch-ah,v 1.7 2000/04/24 11:04:18 itojun Exp $ +--- popper.h.orig Fri Jul 10 08:44:08 1998 ++++ popper.h Mon Apr 24 19:56:38 2000 +@@ -33,3 +33,3 @@ #include <sys/param.h> -# if (defined(BSD) && (BSD >= 199103)) +# if (defined(BSD) && (BSD >= 199103)) && 0 /* shouldn't be necessary anymore */ # define HAVE_UNISTD_H - # define HAVE_VPRINTF - # define BIND43 - # endif - #endif +@@ -40,3 +40,15 @@ -#ifdef BSDI +#ifdef HAVE_STDLIB_H @@ -29,10 +23,20 @@ $NetBSD: patch-ah,v 1.6 1999/09/15 21:30:59 tron Exp $ + +#if defined (BSDI) || defined (__NetBSD__) #define BSD44_DBM - #endif - -@@ -67,12 +79,12 @@ - #define MAXPARMLEN 10 +@@ -62,3 +74,8 @@ + #define MAXDROPLEN 64 +-#define MAXLINELEN 1024 ++/* ++ * This program always assume that fgets return whole line, ++ * so the buffer must be at least one char bigger than sendmail ++ * use, because of >From ++ */ ++#define MAXLINELEN (2048 + 1) + #define MAXMSGLINELEN MAXLINELEN +@@ -66,11 +83,11 @@ + #define MAXPARMCOUNT 5 +-#define MAXPARMLEN 10 ++#define MAXPARMLEN 32 /* Large enough for 32-byte APOP parm */ #define ALLOC_MSGS 20 -#ifndef OSF1 @@ -46,21 +50,13 @@ $NetBSD: patch-ah,v 1.6 1999/09/15 21:30:59 tron Exp $ -#define POP_PRIORITY LOG_NOTICE +#define POP_PRIORITY LOG_INFO #define POP_DEBUG LOG_DEBUG - #define POP_LOGOPTS LOG_PID - -@@ -292,13 +304,13 @@ - #ifdef KERBEROS - +@@ -294,3 +311,3 @@ #ifndef KERBEROS_SERVICE -# define KERBEROS_SERVICE "rcmd" +# define KERBEROS_SERVICE "pop" #endif - - #ifdef SOLARIS2 - # include <kerberos/krb.h> +@@ -300,3 +317,3 @@ #else -# ifdef BSDI +# if defined (BSDI) || defined (__NetBSD__) # include <kerberosIV/des.h> - # include <kerberosIV/krb.h> - # else diff --git a/mail/qpopper/patches/patch-ak b/mail/qpopper/patches/patch-ak new file mode 100644 index 00000000000..1d0d56f548e --- /dev/null +++ b/mail/qpopper/patches/patch-ak @@ -0,0 +1,29 @@ +$NetBSD: patch-ak,v 1.1 2000/04/24 11:04:18 itojun Exp $ +--- pop_uidl.c- Mon Apr 24 19:57:35 2000 ++++ pop_uidl.c Mon Apr 24 19:58:41 2000 +@@ -98,6 +98,7 @@ + { + static char buf[MAXLINELEN]; + char *cp; ++ char *bp; + + fseek(p->drop, mp->offset, 0); + while (fgets(buf, sizeof(buf), p->drop) != NULL) { +@@ -105,6 +106,8 @@ + if (!strncasecmp("From:", buf, 5)) { + cp = index(buf, ':'); + while (*++cp && (*cp == ' ' || *cp == '\t')); ++ if ((bp = index(cp, NEWLINE)) != NULL) ++ *bp = 0; + return(cp); + } + } +@@ -165,7 +168,7 @@ + + sprintf(buffer, "%d %s", x, mp->uidl_str); + if (nl = index(buffer, NEWLINE)) *nl = 0; +- sprintf(buffer, "%s %d %.128s", buffer, mp->length, from_hdr(p, mp)); ++ sprintf(buffer, "%s %d %.128s\n", buffer, mp->length, from_hdr(p, mp)); + pop_sendline(p, buffer); + } + } |