summaryrefslogtreecommitdiff
path: root/mail
diff options
context:
space:
mode:
authoradrianp <adrianp@pkgsrc.org>2005-11-01 19:16:52 +0000
committeradrianp <adrianp@pkgsrc.org>2005-11-01 19:16:52 +0000
commit13325b96ee14493d5aab07003ad7180926311bc2 (patch)
tree5a012eff4e118699e0f3e52564159f7210989f4c /mail
parent86b05856901b246f59c722753ec6b84ceb5abfc4 (diff)
downloadpkgsrc-13325b96ee14493d5aab07003ad7180926311bc2.tar.gz
Add patch-ak for a fetchmailconf security issue. This patch does
not impact the fetchmail package so no version bump is required.
Diffstat (limited to 'mail')
-rw-r--r--mail/fetchmail/distinfo3
-rw-r--r--mail/fetchmail/patches/patch-ak46
2 files changed, 48 insertions, 1 deletions
diff --git a/mail/fetchmail/distinfo b/mail/fetchmail/distinfo
index 729f2e1dc91..b26b0d84066 100644
--- a/mail/fetchmail/distinfo
+++ b/mail/fetchmail/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.32 2005/10/21 20:56:50 tonio Exp $
+$NetBSD: distinfo,v 1.33 2005/11/01 19:16:52 adrianp Exp $
SHA1 (fetchmail-6.2.5.tar.gz) = 4656ec4393ccd1c137fe7b331f77cb26b576ac0e
RMD160 (fetchmail-6.2.5.tar.gz) = e32b91a959d0e80c4bd45a8758811cbe95a98180
@@ -13,3 +13,4 @@ SHA1 (patch-ag) = e27a4769dc804bec71b449bed7ff318d15ae8bdf
SHA1 (patch-ah) = d6d08403b241a3e1a891faadbb36b0cd00df1398
SHA1 (patch-ai) = 16449ab08c266936d80b8be11c93a3dd1ac5c2fe
SHA1 (patch-aj) = 1051c1eb754b9c9cffad2eab4561791975aebbe1
+SHA1 (patch-ak) = d75b42146597a17a1ce91dddc7ed0821697d7ec2
diff --git a/mail/fetchmail/patches/patch-ak b/mail/fetchmail/patches/patch-ak
new file mode 100644
index 00000000000..4c07d246251
--- /dev/null
+++ b/mail/fetchmail/patches/patch-ak
@@ -0,0 +1,46 @@
+$NetBSD: patch-ak,v 1.1 2005/11/01 19:16:52 adrianp Exp $
+
+--- fetchmailconf.orig 2003-10-15 20:22:31.000000000 +0100
++++ fetchmailconf 2005-10-21 14:48:02.000000000 +0100
+@@ -4,7 +4,19 @@
+ # by Eric S. Raymond, <esr@snark.thyrsus.com>.
+ # Requires Python with Tkinter, and the following OS-dependent services:
+ # posix, posixpath, socket
+-version = "1.43"
++#
++# Changes by Matthias Andree, in 2005:
++#
++# 1.43.1 - unsuccessful attempt to fix a password exposure bug
++#
++# thanks to Thomas Wolff and Miloslav Trmac for pointing
++# out the fix was insufficient
++#
++# 1.43.2 - fix password exposure bug, by restricting umask to 077
++# before opening the file
++# - record fetchmailconf version in output file
++#
++version = "1.43.2"
+
+ from Tkinter import *
+ from Dialog import *
+@@ -858,14 +870,17 @@
+ # Pre-1.5.2 compatibility...
+ except os.error:
+ pass
++ old_umask = os.umask(077)
+ fm = open(self.outfile, 'w')
++ os.umask(old_umask)
+ if fm:
+- fm.write("# Configuration created %s by fetchmailconf\n" % time.ctime(time.time()))
++ if fm != sys.stdout:
++ os.chmod(self.outfile, 0600)
++ fm.write("# Configuration created %s by fetchmailconf %s\n"
++ % (time.ctime(time.time()), version))
+ fm.write(`self.configuration`)
+ if self.outfile:
+ fm.close()
+- if fm != sys.stdout:
+- os.chmod(self.outfile, 0600)
+ self.destruct()
+
+ #