diff options
author | hubertf <hubertf> | 2000-03-02 00:23:14 +0000 |
---|---|---|
committer | hubertf <hubertf> | 2000-03-02 00:23:14 +0000 |
commit | d4ee04a29b635a53f7fed471c61f916388261818 (patch) | |
tree | 80756e9a7f7659cad812f2b3c29940c03357ab5d /mail | |
parent | 4033a77173fec4c76dd8cf772fe825515246fed6 (diff) | |
download | pkgsrc-d4ee04a29b635a53f7fed471c61f916388261818.tar.gz |
Update to V1.0.3, per request of our security officers:
Versions prior to 1.0.3 of the nmh package contained a vulnerability
where incoming mail messages with carefully designed MIME headers could
cause nmh's mhshow command to execute arbitrary shell code.
See the changelog for another 372 lines of changes.
Diffstat (limited to 'mail')
-rw-r--r-- | mail/nmh/Makefile | 6 | ||||
-rw-r--r-- | mail/nmh/files/patch-sum | 13 | ||||
-rw-r--r-- | mail/nmh/patches/patch-ca | 16 | ||||
-rw-r--r-- | mail/nmh/patches/patch-cb | 24 | ||||
-rw-r--r-- | mail/nmh/patches/patch-cc | 10 | ||||
-rw-r--r-- | mail/nmh/patches/patch-cd | 13 | ||||
-rw-r--r-- | mail/nmh/patches/patch-ce | 17 | ||||
-rw-r--r-- | mail/nmh/patches/patch-cf | 31 | ||||
-rw-r--r-- | mail/nmh/patches/patch-cg | 16 | ||||
-rw-r--r-- | mail/nmh/patches/patch-ch | 16 | ||||
-rw-r--r-- | mail/nmh/pkg/PLIST | 129 |
11 files changed, 102 insertions, 189 deletions
diff --git a/mail/nmh/Makefile b/mail/nmh/Makefile index 3f966226bdf..17e04320f4b 100644 --- a/mail/nmh/Makefile +++ b/mail/nmh/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.32 2000/01/09 01:29:06 wiz Exp $ +# $NetBSD: Makefile,v 1.33 2000/03/02 00:23:14 hubertf Exp $ # FreeBSD Id: Makefile,v 1.2 1997/08/04 06:51:28 markm Exp # -DISTNAME= nmh-1.0 +DISTNAME= nmh-1.0.3 CATEGORIES= mail -MASTER_SITES= ftp://ftp.math.gatech.edu/pub/nmh/ +MASTER_SITES= ftp://ftp.mhost.com/pub/nmh/ MAINTAINER= kim@tac.nyc.ny.us HOMEPAGE= http://www.math.gatech.edu/nmh/ diff --git a/mail/nmh/files/patch-sum b/mail/nmh/files/patch-sum index ca417aa4d09..f549ebcb3d3 100644 --- a/mail/nmh/files/patch-sum +++ b/mail/nmh/files/patch-sum @@ -1,10 +1,5 @@ -$NetBSD: patch-sum,v 1.2 2000/01/18 15:50:32 agc Exp $ +$NetBSD: patch-sum,v 1.3 2000/03/02 00:23:15 hubertf Exp $ -MD5 (patch-ca) = f428195be1c2e6ea9dece64b9468c2a2 -MD5 (patch-cb) = a5e72cabb0581833781d838ba7a8f363 -MD5 (patch-cc) = 5b2aabb2f9324fa1f84916a5b6c700ea -MD5 (patch-cd) = cdd8cf36c8a4c32f9b95a46385eff29f -MD5 (patch-ce) = 45ec854a9800773bfdb4f02e4e861e80 -MD5 (patch-cf) = 81367991e788a1fdeb76dca211e2508e -MD5 (patch-cg) = 0f1266bf68fa26b57310bc9347b72dfc -MD5 (patch-ch) = 98075d650a2ed27b876118ffe220e24a +MD5 (patch-ca) = ba8bde6090ca48b315ac84f6a3c04f2d +MD5 (patch-cb) = 6ba803e016659cde1f688f27f6ce09b5 +MD5 (patch-cc) = 14aab99374bf88d3d661ca795fdd2af8 diff --git a/mail/nmh/patches/patch-ca b/mail/nmh/patches/patch-ca index 85a9e203f72..d10d3bccd1a 100644 --- a/mail/nmh/patches/patch-ca +++ b/mail/nmh/patches/patch-ca @@ -1,10 +1,10 @@ -$NetBSD: patch-ca,v 1.2 2000/01/18 15:50:33 agc Exp $ +$NetBSD: patch-ca,v 1.3 2000/03/02 00:23:15 hubertf Exp $ Use ${INSTALL_SCRIPT} to install scripts Install configuration files as <conf-file>.dist ---- etc/Makefile.in.orig Fri Oct 2 23:38:38 1998 -+++ etc/Makefile.in Thu Mar 4 01:41:05 1999 +--- etc/Makefile.in.orig Thu Jan 6 22:30:07 2000 ++++ etc/Makefile.in Thu Mar 2 00:46:18 2000 @@ -21,6 +21,7 @@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -13,24 +13,24 @@ Install configuration files as <conf-file>.dist # Path to search for programs to handle MIME # content. Used to create mhn.defaults -@@ -79,16 +80,16 @@ +@@ -80,16 +81,16 @@ $(INSTALL_DATA) $(srcdir)/$$file $(etcdir)/$$file; \ done for file in $(GEN_FILES); do \ - if [ -f $(etcdir)/$$file ]; then \ - mv $(etcdir)/$$file $(etcdir)/$$file.old; \ + if [ -f $(etcdir)/$$file.dist ]; then \ -+ mv $(etcdir)/$$file.dist $(etcdir)/$$file.dist.old; \ ++ mv $(etcdir)/$$file.dist $(etcdir)/$$file.old; \ fi; \ - $(INSTALL_DATA) $$file $(etcdir)/$$file; \ + $(INSTALL_DATA) $$file $(etcdir)/$$file.dist; \ done install-scripts: - $(top_srcdir)/mkinstalldirs $(libdir) + $(top_srcdir)/mkinstalldirs $(bindir) for script in $(SCRIPTS); do \ -- $(INSTALL_PROGRAM) $(srcdir)/$$script $(libdir)/$$script; \ -+ $(INSTALL_SCRIPT) $(srcdir)/$$script $(libdir)/$$script; \ +- $(INSTALL_PROGRAM) $(srcdir)/$$script $(bindir)/$$script; \ ++ $(INSTALL_SCRIPT) $(srcdir)/$$script $(bindir)/$$script; \ done uninstall: uninstall-files uninstall-scripts diff --git a/mail/nmh/patches/patch-cb b/mail/nmh/patches/patch-cb index 6dde242756e..9e638adcd48 100644 --- a/mail/nmh/patches/patch-cb +++ b/mail/nmh/patches/patch-cb @@ -1,7 +1,7 @@ -$NetBSD: patch-cb,v 1.4 1999/03/07 01:16:26 kim Exp $ +$NetBSD: patch-cb,v 1.5 2000/03/02 00:23:15 hubertf Exp $ ---- config.h.in.orig Sat Jan 23 21:27:49 1999 -+++ config.h.in Sat Mar 6 19:50:56 1999 +--- config.h.in.orig Sun Feb 6 13:40:21 2000 ++++ config.h.in Thu Mar 2 00:47:13 2000 @@ -1,5 +1,12 @@ /* config.h.in. Generated automatically from configure.in by autoheader. */ @@ -15,23 +15,7 @@ $NetBSD: patch-cb,v 1.4 1999/03/07 01:16:26 kim Exp $ /****** BEGIN USER CONFIGURATION SECTION *****/ /* -@@ -37,9 +44,12 @@ - * OpenBSD 2.x - * BSD/OS 2.x - */ --/* #define BIND 1 */ --/* #define BSD42 1 */ --/* #define BSD44 1 */ -+#ifdef BSD4_4 -+#define BIND 1 -+#define BSD42 1 -+#define BSD44 1 -+#define GCOS_HACK 1 -+#endif - - /* - * SCO 4.x -@@ -399,9 +409,6 @@ +@@ -405,9 +412,6 @@ /* Define if you have the <sys/ndir.h> header file. */ #undef HAVE_SYS_NDIR_H diff --git a/mail/nmh/patches/patch-cc b/mail/nmh/patches/patch-cc index 25dfa0e8644..4b1f1624afd 100644 --- a/mail/nmh/patches/patch-cc +++ b/mail/nmh/patches/patch-cc @@ -1,9 +1,9 @@ -$NetBSD: patch-cc,v 1.1 1999/03/06 20:37:32 kim Exp $ +$NetBSD: patch-cc,v 1.2 2000/03/02 00:23:15 hubertf Exp $ ---- uip/show.c.orig Thu Dec 3 18:22:07 1998 -+++ uip/show.c Sat Mar 6 14:55:52 1999 -@@ -315,6 +315,15 @@ - vec[vecp] = NULL; +--- uip/show.c.orig Sun Sep 12 15:50:12 1999 ++++ uip/show.c Thu Mar 2 00:47:34 2000 +@@ -326,6 +326,15 @@ + vec[++vecp] = NULL; } + /* If the "proc" is "mhshow", add "-file" if showing file or draft. diff --git a/mail/nmh/patches/patch-cd b/mail/nmh/patches/patch-cd deleted file mode 100644 index de8b6c229b6..00000000000 --- a/mail/nmh/patches/patch-cd +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-cd,v 1.1 1999/03/06 20:37:32 kim Exp $ - ---- zotnet/tws/dtime.c.orig Sun Jul 12 16:16:33 1998 -+++ zotnet/tws/dtime.c Sat Mar 6 15:17:04 1999 -@@ -247,7 +247,7 @@ - char * - dctime (struct tws *tw) - { -- static char buffer[25]; -+ static char buffer[26]; - - if (!tw) - return NULL; diff --git a/mail/nmh/patches/patch-ce b/mail/nmh/patches/patch-ce deleted file mode 100644 index 8b899e41728..00000000000 --- a/mail/nmh/patches/patch-ce +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-ce,v 1.1 1999/03/07 19:39:19 kim Exp $ - ---- uip/mhshowsbr.c.orig Wed Sep 9 16:59:17 1998 -+++ uip/mhshowsbr.c Sun Mar 7 14:14:59 1999 -@@ -509,10 +509,11 @@ - read (fileno (stdout), prompt, sizeof(prompt)); - } - SIGNAL (SIGINT, istat); -- if (intr != OK) { -+ if (intr != OK || prompt[0] == 'n') { - (*ct->c_ceclosefnx) (ct); - return (alternate ? DONE : NOTOK); - } -+ if (prompt[0] == 'q') done(OK); - } - } - diff --git a/mail/nmh/patches/patch-cf b/mail/nmh/patches/patch-cf deleted file mode 100644 index cbc7b644a1e..00000000000 --- a/mail/nmh/patches/patch-cf +++ /dev/null @@ -1,31 +0,0 @@ -$NetBSD: patch-cf,v 1.1 1999/03/07 19:40:01 kim Exp $ - ---- sbr/m_getfld.c.orig Fri Jul 31 18:48:37 1998 -+++ sbr/m_getfld.c Sun Mar 7 14:33:11 1999 -@@ -259,7 +259,7 @@ - bp = sp = (unsigned char *) iob->_ptr - 1; - j = (cnt = iob->_cnt+1) < i ? cnt : i; - #endif -- while ((c = *bp++) != ':' && c != '\n' && --j >= 0) -+ while (--j >= 0 && (c = *bp++) != ':' && c != '\n') - *cp++ = c; - - j = bp - sp; -@@ -538,7 +538,7 @@ - ; - #else /* RPATHS */ - cp = unixbuf; -- while ((c = getc (iob)) != '\n') -+ while ((c = getc (iob)) != '\n' && cp - unixbuf < BUFSIZ - 1) - *cp++ = c; - *cp = 0; - #endif /* RPATHS */ -@@ -639,7 +639,7 @@ - break; - #else /* RPATHS */ - cp = unixbuf; -- while ((c = getc (iob)) != '\n' && c >= 0) -+ while ((c = getc (iob)) != '\n' && c >= 0 && cp - unixbuf < BUFSIZ - 1) - *cp++ = c; - *cp = 0; - #endif /* RPATHS */ diff --git a/mail/nmh/patches/patch-cg b/mail/nmh/patches/patch-cg deleted file mode 100644 index 2a63d89823d..00000000000 --- a/mail/nmh/patches/patch-cg +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-cg,v 1.1 1999/03/08 20:48:28 kim Exp $ - ---- uip/mhparse.c.orig Thu Oct 15 00:04:57 1998 -+++ uip/mhparse.c Mon Mar 8 15:29:57 1999 -@@ -1194,9 +1194,9 @@ - struct k2v *kv; - CI ci = &ct->c_ctinfo; - -- if (ct->c_encoding != CE_7BIT) { -+ if ((ct->c_encoding != CE_7BIT) && (ct->c_encoding != CE_8BIT)) { - admonish (NULL, -- "\"%s/%s\" type in message %s should be encoded in 7bit", -+ "\"%s/%s\" type in message %s should be encoded in 7bit or 8bit", - ci->ci_type, ci->ci_subtype, ct->c_file); - return NOTOK; - } diff --git a/mail/nmh/patches/patch-ch b/mail/nmh/patches/patch-ch deleted file mode 100644 index bfed7eaff3c..00000000000 --- a/mail/nmh/patches/patch-ch +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ch,v 1.1 1999/03/08 20:48:29 kim Exp $ - ---- uip/mhbuildsbr.c.orig Thu Oct 15 00:05:02 1998 -+++ uip/mhbuildsbr.c Mon Mar 8 15:32:11 1999 -@@ -1433,9 +1433,9 @@ - struct k2v *kv; - CI ci = &ct->c_ctinfo; - -- if (ct->c_encoding != CE_7BIT) { -+ if ((ct->c_encoding != CE_7BIT) && (ct->c_encoding != CE_8BIT)) { - admonish (NULL, -- "\"%s/%s\" type in message %s should be encoded in 7bit", -+ "\"%s/%s\" type in message %s should be encoded in 7bit or 8bit", - ci->ci_type, ci->ci_subtype, ct->c_file); - return NOTOK; - } diff --git a/mail/nmh/pkg/PLIST b/mail/nmh/pkg/PLIST index 7e616a6af44..fc384d72b70 100644 --- a/mail/nmh/pkg/PLIST +++ b/mail/nmh/pkg/PLIST @@ -1,31 +1,25 @@ -@comment $NetBSD: PLIST,v 1.11 2000/01/18 15:50:33 agc Exp $ +@comment $NetBSD: PLIST,v 1.12 2000/03/02 00:23:16 hubertf Exp $ bin/ali +bin/mhn bin/anno bin/burst bin/comp bin/dist bin/flist -bin/flists bin/folder -bin/folders bin/forw -bin/inc bin/mark bin/mhbuild bin/mhlist bin/mhmail -bin/mhn bin/mhparam bin/mhpath bin/mhshow bin/mhstore -bin/mhtest bin/msgchk bin/msh -bin/next bin/packf bin/pick -bin/prev bin/prompter bin/refile bin/repl @@ -35,47 +29,16 @@ bin/scan bin/send bin/show bin/sortm +bin/inc bin/viamail bin/whatnow bin/whom -etc/nmh/MailAliases -etc/nmh/components -etc/nmh/digestcomps -etc/nmh/distcomps -etc/nmh/forwcomps -etc/nmh/mhl.body -etc/nmh/mhl.digest -etc/nmh/mhl.format -etc/nmh/mhl.forward -etc/nmh/mhl.headers -etc/nmh/mhl.reply -etc/nmh/mhn.defaults.dist -etc/nmh/mts.conf.dist -etc/nmh/rcvdistcomps -etc/nmh/replcomps -etc/nmh/replgroupcomps -etc/nmh/scan.default -etc/nmh/scan.mailx -etc/nmh/scan.nomime -etc/nmh/scan.size -etc/nmh/scan.time -etc/nmh/scan.timely -etc/nmh/scan.unseen -etc/nmh/tmac.h -libexec/nmh/ap -libexec/nmh/conflict -libexec/nmh/dp -libexec/nmh/fmtdump -libexec/nmh/install-mh -libexec/nmh/mhl -libexec/nmh/post -libexec/nmh/rcvdist -libexec/nmh/rcvpack -libexec/nmh/rcvstore -libexec/nmh/rcvtty -libexec/nmh/sendfiles -libexec/nmh/slocal -libexec/nmh/spost +bin/flists +bin/folders +bin/prev +bin/next +bin/sendfiles +man/man1/repl.1 man/man1/ali.1 man/man1/anno.1 man/man1/burst.1 @@ -87,6 +50,7 @@ man/man1/forw.1 man/man1/inc.1 man/man1/mark.1 man/man1/mh-chart.1 +man/man1/nmh.1 man/man1/mhbuild.1 man/man1/mhl.1 man/man1/mhlist.1 @@ -99,7 +63,6 @@ man/man1/mhstore.1 man/man1/msgchk.1 man/man1/msh.1 man/man1/next.1 -man/man1/nmh.1 man/man1/packf.1 man/man1/pick.1 man/man1/prev.1 @@ -109,7 +72,6 @@ man/man1/rcvpack.1 man/man1/rcvstore.1 man/man1/rcvtty.1 man/man1/refile.1 -man/man1/repl.1 man/man1/rmf.1 man/man1/rmm.1 man/man1/scan.1 @@ -128,6 +90,7 @@ man/man5/mh-mail.5 man/man5/mh-profile.5 man/man5/mh-sequence.5 man/man5/mh-tailor.5 +man/man5/mh_profile.5 man/man8/ap.8 man/man8/conflict.8 man/man8/dp.8 @@ -141,7 +104,71 @@ share/doc/nmh/FAQ share/doc/nmh/MAIL.FILTERING share/doc/nmh/README share/doc/nmh/TODO -share/doc/nmh/ZSH.COMPLETION -@dirrm etc/nmh -@dirrm libexec/nmh +share/doc/nmh/COMPLETION-ZSH +etc/nmh/mhl.body +etc/nmh/mhl.digest +etc/nmh/mhl.format +etc/nmh/mhl.forward +etc/nmh/mhl.headers +etc/nmh/mhl.reply +etc/nmh/scan.default +etc/nmh/scan.mailx +etc/nmh/scan.nomime +etc/nmh/scan.size +etc/nmh/scan.time +etc/nmh/scan.timely +etc/nmh/scan.unseen +etc/nmh/components +etc/nmh/digestcomps +etc/nmh/distcomps +etc/nmh/forwcomps +etc/nmh/rcvdistcomps +etc/nmh/rcvdistcomps.outbox +etc/nmh/replcomps +etc/nmh/replgroupcomps +etc/nmh/MailAliases +etc/nmh/mhn.defaults.dist +etc/nmh/tmac.h +etc/nmh/mhn.defaults +etc/nmh/mts.conf.dist +etc/nmh/mhl.body.old +etc/nmh/mhl.digest.old +etc/nmh/mhl.format.old +etc/nmh/mhl.forward.old +etc/nmh/mhl.headers.old +etc/nmh/mhl.reply.old +etc/nmh/scan.default.old +etc/nmh/scan.mailx.old +etc/nmh/scan.nomime.old +etc/nmh/scan.size.old +etc/nmh/scan.time.old +etc/nmh/scan.timely.old +etc/nmh/scan.unseen.old +etc/nmh/components.old +etc/nmh/digestcomps.old +etc/nmh/distcomps.old +etc/nmh/forwcomps.old +etc/nmh/rcvdistcomps.old +etc/nmh/rcvdistcomps.outbox.old +etc/nmh/replcomps.old +etc/nmh/replgroupcomps.old +etc/nmh/MailAliases.old +etc/nmh/mhn.defaults.old +etc/nmh/mts.conf.old +libexec/nmh/ap +libexec/nmh/conflict +libexec/nmh/dp +libexec/nmh/fmtdump +libexec/nmh/install-mh +libexec/nmh/mhl +libexec/nmh/post +libexec/nmh/rcvdist +libexec/nmh/rcvpack +libexec/nmh/rcvstore +libexec/nmh/rcvtty +libexec/nmh/slocal +libexec/nmh/spost +libexec/nmh/mhtest @dirrm share/doc/nmh +@dirrm libexec/nmh +@dirrm etc/nmh |