From 04d80ba195c44a044558c95ebcc5f3946756e924 Mon Sep 17 00:00:00 2001 From: adrianp Date: Wed, 1 Jun 2005 20:55:16 +0000 Subject: - Update qpopper to 4.0.8 - Thanks to taca@ and gavan@ for feedback and patch review - This also enables experimental PAM support (on platforms that support it) - Security fixes included - From the ChangeLog: > Changes from 4.0.7 to 4.0.8: > --------------------------- > 1. Fix compilation error on HPUX. > 2. Fix some compilation warnings. > 3. Update man page with '-x' option. > 4. Fix problems with 'make install' > > > Changes from 4.0.6 to 4.0.7: > --------------------------- > 1. Fix '-V' for standalone. > 2. Include 'man' directory in tarball. > > > Changes from 4.0.5 to 4.0.6: > ---------------------------- > 1. Minor fixes for true64. > 2. Patch from Uli Zappe to fix SCRAM compilation bugs. > 3. Minor fixes for true64. > 4. poppassd now runs smbpasswd as user, not root, to avoid exploit > 5. Remove -traditional-cpp from the compiler options for Darwin > builds (otherwise build fails) > 6. Open stdout and stderr as O_WRONLY instead of O_RDONLY so that > should anything actually be written to them it will show up > 7. When configured as --with-pam and required, > include instead of > (otherwise build fails) > 8. strdup the pw.pw_name field from getpwnam so that it's still > valid by the time genpath is called; also added corresponding > free (without this fix when the bug manifests, clients are > erroneously told there are 0 messages in the mail drop > regardless of the actual number) > 9. Add a pam bug workaround at the beginning of main to do a > pam_start and pam_end immediately when the program starts up > in order to avoid bogus authentication failed messages from > pam_authenticate later (only when configured as --with-pam) > [ Thanks to Kyle McKay for changes 5-9 ] > 10. Fixed error in configure script for Mac OS / Darwin. > 11. Support chained certs for OpenSSL [from Daniel Senie]. > 12. Fixes to compile better on Linux [from Daniel Senie]. > 13. X-UIDL header no longer written when Update_status_hdrs is false > [thanks to Helge Oldach] > 14. Now calling SSL_shutdown() again if it fails the first time. > 15. Now logging TLS errors when compiled with debugging and debug is > enabled (instead of either) [thanks to Maks N. Polunin]. > 16. Config file now always closed (not just on error). > 17. When using pam, Kerberos tickets are now destroyed. > Otherwise dead tickets accumulate in cache directory which runs > out of space quickly on busy server. Problem noted by Rodney > McDuff ITS UQ. (Directory permissions on ticket cache dir need > to be 1777). > 18. Always log "Servicing request" (instead of just when debugging is > on). This allows start of pop sessions to be logged always which > is useful for diagnosis of problems. > 19. Worked around problem on some systems causing SIGALRM to be masked, > leaving hung pop processes which should have timed out waiting > for a command from the client. > [ Thanks to David Shrimpton for changes 16-19 ] > 20. Now defaulting to "EXPIRE NEVER" instead of "EXPIRE 0". > 21. Fix core dump on 64-bit Solaris 2.8 [thanks to Kenny Nguyen] > 22. Log facility set on command line now applies to daemon as well. > [Thanks to Helge Oldach] > 23. '-y' to set log facility on command line now works again. > 24. Allow '-V' as synonym for '-v' (to see version). > 25. Process user and spool config files as user, not as root (fix > security hole reported by Jens Steube) > 26. Added "xtnd_xmit" as a boolean option to permit/deny XTND XMIT > and 'x' as a command-line option to disable it. You should > disable it unless you really need it, and even then it is better > to move to SMTP AUTH. > 27. popauth now opens trace file as user, not root (fix security > hole reported by Jens Steube); also umask now set. > 28. Fix race crash on FreeBSD (thanks to Martin Haller). > 29. Resolve some compiler warnings. > 30. Fix check for libcrypt on FreeBSD. > 31. Added sample pam configuration file (also installed by 'make > install') > 32. Use generic error msg and sleep in more auth failure cases. > 33. Added code to use mkstemp() instead of our perfectly safe usage > of tempnam() because some compilers issue overly broad warnings > implying that all uses of tempnam() are unsafe. To bypass, > use '--enable-tempnam' with ./configure. --- mail/qpopper/Makefile | 7 +---- mail/qpopper/Makefile.common | 11 +++++--- mail/qpopper/distinfo | 19 +++++++------ mail/qpopper/options.mk | 11 ++++++-- mail/qpopper/patches/patch-am | 58 ++++++++++++++++++++------------------- mail/qpopper/patches/patch-ao | 22 --------------- mail/qpopper/patches/patch-ap | 63 +++++++++---------------------------------- 7 files changed, 70 insertions(+), 121 deletions(-) delete mode 100644 mail/qpopper/patches/patch-ao (limited to 'mail/qpopper') diff --git a/mail/qpopper/Makefile b/mail/qpopper/Makefile index 9cfb093b68c..c83a59130fe 100644 --- a/mail/qpopper/Makefile +++ b/mail/qpopper/Makefile @@ -1,16 +1,11 @@ -# $NetBSD: Makefile,v 1.49 2005/05/28 02:55:43 taca Exp $ +# $NetBSD: Makefile,v 1.50 2005/06/01 20:55:16 adrianp Exp $ # DISTNAME= qpopper${VERSION} PKGNAME= qpopper-${VERSION} -PKGREVISION= 7 CATEGORIES= mail MASTER_SITES= ${QPOPPER_MASTER_SITES} -PATCH_SITES= ftp://ftp.kame.net/pub/kame/misc/ -PATCHFILES= qpopper-4.0.5-ipv6-20030313.diff.gz -PATCH_DIST_STRIP= -p1 - MAINTAINER= mellon@fugue.com HOMEPAGE= ${QPOPPER_HOMEPAGE} COMMENT= Qualcomm's POP server for Eudora diff --git a/mail/qpopper/Makefile.common b/mail/qpopper/Makefile.common index 310de19d5c4..c27be92e551 100644 --- a/mail/qpopper/Makefile.common +++ b/mail/qpopper/Makefile.common @@ -1,6 +1,7 @@ -# $NetBSD: Makefile.common,v 1.14 2005/05/28 02:55:43 taca Exp $ +# $NetBSD: Makefile.common,v 1.15 2005/06/01 20:55:16 adrianp Exp $ -QPOPPER_MASTER_SITES= ftp://ftp.qualcomm.com/eudora/servers/unix/popper/ +QPOPPER_MASTER_SITES= ftp://ftp.qualcomm.com/eudora/servers/unix/popper/ \ + http://core.ring.gr.jp/archives/net/mail/qpopper/ QPOPPER_HOMEPAGE= http://www.eudora.com/products/unsupported/qpopper/ GNU_CONFIGURE= yes @@ -11,7 +12,7 @@ CONFIGURE_ARGS+= --libexecdir=${LOCALBASE}/libexec \ --enable-log-facility=LOG_${QPOPPER_FAC} \ --disable-update-abort --without-gdbm -VERSION= 4.0.5 +VERSION= 4.0.8 .include "../../mk/bsd.prefs.mk" .include "options.mk" @@ -22,6 +23,10 @@ QPOPPER_FAC?= LOCAL1 QPOPPER_APOP_AUTH?= ${PKG_SYSCONFDIR}/apop.auth DB_SUFFIX?= db +PATCH_SITES= http://www.imasy.or.jp/~ume/ipv6/ +PATCHFILES= qpopper4.0.8-ipv6-20050515.diff.gz +PATCH_DIST_STRIP= -p1 + .if defined(QPOPPER_SPOOL_DIR) CONFIGURE_ARGS+= --enable-spool-dir=${QPOPPER_SPOOL_DIR} .endif diff --git a/mail/qpopper/distinfo b/mail/qpopper/distinfo index 8911fdbf68a..6071fe690a6 100644 --- a/mail/qpopper/distinfo +++ b/mail/qpopper/distinfo @@ -1,17 +1,16 @@ -$NetBSD: distinfo,v 1.11 2005/02/24 09:59:28 agc Exp $ +$NetBSD: distinfo,v 1.12 2005/06/01 20:55:16 adrianp Exp $ -SHA1 (qpopper4.0.5.tar.gz) = 726d40da2210bf4b82541a28971986e6a3d9e1a5 -RMD160 (qpopper4.0.5.tar.gz) = e05c1b0823c8942d791c7b48af82e278a51591d2 -Size (qpopper4.0.5.tar.gz) = 2281284 bytes -SHA1 (qpopper-4.0.5-ipv6-20030313.diff.gz) = 31858d41e1dab90019152d957a7ea3d69fe085b0 -RMD160 (qpopper-4.0.5-ipv6-20030313.diff.gz) = b9d4329496ed427ca46c8981a2888f4471269737 -Size (qpopper-4.0.5-ipv6-20030313.diff.gz) = 60773 bytes +SHA1 (qpopper4.0.8.tar.gz) = 161038e6088b4952eedaf85fafa9f3b10eb40a01 +RMD160 (qpopper4.0.8.tar.gz) = 4a1dc2aaa6ef1330a76dfed5330d658a45e7d1d2 +Size (qpopper4.0.8.tar.gz) = 2766902 bytes +SHA1 (qpopper4.0.8-ipv6-20050515.diff.gz) = 3ccd51fa8fb1633c34dee19e6d50351cb649a3c1 +RMD160 (qpopper4.0.8-ipv6-20050515.diff.gz) = 0ca9a8893e31933d8bf33a3cfa4d88fde511ed5e +Size (qpopper4.0.8-ipv6-20050515.diff.gz) = 11479 bytes SHA1 (patch-aa) = d1f4e56dbb8eb4b7cc250ca261435ec609f14c23 SHA1 (patch-ab) = 67d661adce74d0662cab5b644d2e57bfd1d5e3c7 SHA1 (patch-ae) = 1e06159f56c78e63a7960d4d9ca80535752099b2 SHA1 (patch-ag) = 4b187ab978ead4b751290fe483f6d6a6bf959089 SHA1 (patch-al) = 63fdc28b9c1d292d55464cda13c529ffb2a47b34 -SHA1 (patch-am) = 145c5d5ca8bdf59d5ee9cdaed0f60b2da814d033 +SHA1 (patch-am) = 4f7c1c342f22e5cd6d6ef8dd2812629016fe17df SHA1 (patch-an) = 43e7c20b9c3cfd978255748236efbcbaf2f929ce -SHA1 (patch-ao) = 0edffdd0b548e2fd83d946225e32aeab0a1c99c2 -SHA1 (patch-ap) = e68fdccaea642c52dff60f5db59aecbb3084645d +SHA1 (patch-ap) = 14ad2349ba690bbdc679a24a8b96da5681af1f18 diff --git a/mail/qpopper/options.mk b/mail/qpopper/options.mk index ec4686c4b9b..6a110186261 100644 --- a/mail/qpopper/options.mk +++ b/mail/qpopper/options.mk @@ -1,7 +1,7 @@ -# $NetBSD: options.mk,v 1.4 2005/05/31 10:01:38 dillo Exp $ +# $NetBSD: options.mk,v 1.5 2005/06/01 20:55:16 adrianp Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.qpopper -PKG_SUPPORTED_OPTIONS= inet6 ssl +PKG_SUPPORTED_OPTIONS= inet6 ssl PAM PKG_SUGGESTED_OPTIONS= ssl .include "../../mk/bsd.options.mk" @@ -18,3 +18,10 @@ CONFIGURE_ENV+= O_DEFS="${O_DEFS}" CFLAGS="-DINET6" .else CONFIGURE_ARGS+= --disable-ipv6 .endif + +.if !empty(PKG_OPTIONS:MPAM) +. include "../../mk/pam.buildlink3.mk" +CONFIGURE_ARGS+= --with-pam +.else +CONFIGURE_ARGS+= --without-pam +.endif diff --git a/mail/qpopper/patches/patch-am b/mail/qpopper/patches/patch-am index 0414c68c0e1..8dcbaa3cf23 100644 --- a/mail/qpopper/patches/patch-am +++ b/mail/qpopper/patches/patch-am @@ -1,17 +1,17 @@ -$NetBSD: patch-am,v 1.3 2004/05/06 13:46:23 taca Exp $ +$NetBSD: patch-am,v 1.4 2005/06/01 20:55:16 adrianp Exp $ ---- popper/Makefile.in.orig Thu Mar 13 11:06:36 2003 +--- popper/Makefile.in.orig 2005-05-13 20:20:11.000000000 +0100 +++ popper/Makefile.in -@@ -90,6 +90,8 @@ VPATH = @srcdir@ +@@ -96,6 +96,8 @@ VPATH = @srcdir@ prefix = @prefix@ exec_prefix = @exec_prefix@ installdir = @sbindir@ +libexecdir = @libexecdir@ -+sbindir = @sbindir@ ++sbindir = @sbindir@ popper_srcdir = ${top_srcdir}/popper qd_srcdir = ${top_srcdir}/qd -@@ -108,17 +110,20 @@ password_dir = ${base_dir}/password +@@ -114,17 +116,20 @@ password_dir = ${base_dir}/password OBJS = pop_dele.o pop_dropcopy.o \ @@ -27,15 +27,15 @@ $NetBSD: patch-am,v 1.3 2004/05/06 13:46:23 taca Exp $ pop_extend.o scram.o hmac.o base64.o pop_util.o \ get_sub_opt.o msg_ptr.o drac.o pop_config.o pop_tls.o \ pop_tls_openssl.o pop_tls_sslplus.o sslplus_utils.o \ -- main.o pop_cache.o genpath.o -+ pop_cache.o genpath.o +- main.o pop_cache.o genpath.o ++ pop_cache.o genpath.o + +INETDOBJ = main.o pop_init.o +STANDOBJ = main-stand.o pop_init-stand.o SRCS = pop_dele.c pop_dropcopy.c \ pop_get_command.c pop_get_subcommand.c pop_init.c \ -@@ -126,7 +131,7 @@ SRCS = pop_dele.c pop_dropc +@@ -132,7 +137,7 @@ SRCS = pop_dele.c pop_dropc pop_msg.c pop_parse.c pop_pass.c pop_quit.c \ pop_rset.c pop_send.c pop_stat.c pop_updt.c \ pop_user.c pop_xtnd.c pop_xmit.c popper.c \ @@ -44,7 +44,7 @@ $NetBSD: patch-am,v 1.3 2004/05/06 13:46:23 taca Exp $ pop_rpop.c pop_apop.c md5.c pop_auth.c pop_pope.c \ pop_extend.c scram.c hmac.c base64.c pop_util.c \ get_sub_opt.c msg_ptr.c drac.c pop_config.c pop_tls.c \ -@@ -174,7 +179,7 @@ SSL_INC = @SSL_DIR_INC@ +@@ -181,7 +186,7 @@ USE_PAM = @USE_PAM@ .SUFFIXES: .c .o @@ -53,7 +53,7 @@ $NetBSD: patch-am,v 1.3 2004/05/06 13:46:23 taca Exp $ mangler_library: cd ${mmangle_dir} && ${MAKE} all -@@ -182,13 +187,18 @@ mangler_library: +@@ -189,13 +194,18 @@ mangler_library: common_library: cd ${common_dir} && ${MAKE} all @@ -75,20 +75,20 @@ $NetBSD: patch-am,v 1.3 2004/05/06 13:46:23 taca Exp $ ${common_dir}/libcommon.a poppassd: common_library -@@ -199,21 +209,32 @@ poppassd: common_library +@@ -206,22 +216,36 @@ poppassd: common_library -I${mmangle_srcdir} -I${common_srcdir} ${SSL_INC} \ ${CFLAGS} ${DEFS} ${CDEFS} ${OS_DEFS} $< -o $@ +main-stand.o: main.c + ${CC} -c -I${base_dir} -I${top_srcdir} -I${srcdir} \ -+ -I${mmangle_srcdir} -I${common_srcdir} ${SSL_INC} \ -+ ${CFLAGS} ${DEFS} ${CDEFS} ${OS_DEFS} -DSTANDALONE \ ++ -I${mmangle_srcdir} -I${common_srcdir} ${SSL_INC} \ ++ ${CFLAGS} ${DEFS} ${CDEFS} ${OS_DEFS} -DSTANDALONE \ + -o $@ main.c + +pop_init-stand.o: pop_init.c + ${CC} -c -I${base_dir} -I${top_srcdir} -I${srcdir} \ -+ -I${mmangle_srcdir} -I${common_srcdir} ${SSL_INC} \ -+ ${CFLAGS} ${DEFS} ${CDEFS} ${OS_DEFS} -DSTANDALONE \ ++ -I${mmangle_srcdir} -I${common_srcdir} ${SSL_INC} \ ++ ${CFLAGS} ${DEFS} ${CDEFS} ${OS_DEFS} -DSTANDALONE \ + -o $@ pop_init.c + ${SRCS}: @@ -99,23 +99,27 @@ $NetBSD: patch-am,v 1.3 2004/05/06 13:46:23 taca Exp $ - echo "Installed popper as ${installdir}/popper" - if [ "x${poppassd}" != "x" ]; then \ - cd ${password_dir} && ${MAKE} $@ ;\ -- fi -- if [ "x${pop_auth}" != "x" ]; then \ -- ${INSTALL} -s -m 4755 -o ${apop_uid} -g 0 ${pop_auth} \ -- ${installdir}/${pop_auth}; \ -- echo "Installed popauth as ${installdir}/${pop_auth} " \ +install: popper popper-standalone ${pop_auth} + ${INSTALL} -s -m 0755 -o root popper ${libexecdir}/qpopper -+ @echo "Installed popper as ${libexecdir}/qpopper" ++ echo "Installed popper as ${libexecdir}/qpopper" + ${INSTALL} -s -m 0755 -o root popper-standalone ${sbindir}/qpopper + @echo "Installed standalone popper as ${sbindir}/qpopper" + @if [ "x${pop_auth}" != "x" ]; then \ -+ ${INSTALL} -s -m 4755 -o ${apop_uid} -g ${BINGRP} ${pop_auth} \ -+ ${sbindir}/q${pop_auth}; \ -+ echo "Installed popauth as ${sbindir}/q${pop_auth} " \ - "with uid ${apop_uid}"; \ ++ ${INSTALL} -s -m 4755 -o ${apop_uid} -g ${BINGRP} ${pop_auth} \ ++ ${sbindir}/q${pop_auth}; \ ++ echo "Installed popauth as ${sbindir}/q${pop_auth} " \ ++ "with uid ${apop_uid}"; \ ++ ${sbindir}/q${pop_auth} -init -safe; \ + fi + +- if [ "x${pop_auth}" != "x" ]; then \ +- ${INSTALL} -s -m 4755 -o ${apop_uid} -g 0 ${pop_auth} \ +- ${installdir}/${pop_auth}; \ +- echo "Installed popauth as ${installdir}/${pop_auth} " \ +- "with uid ${apop_uid}"; \ - ${installdir}/${pop_auth} -init -safe; \ -+ ${sbindir}/q${pop_auth} -init -safe; \ ++ if [ "x${poppassd}" != "x" ]; then \ ++ cd ${password_dir} && ${MAKE} $@ ;\ fi - clean: + if [ "x${USE_PAM}" != "x" ]; then \ diff --git a/mail/qpopper/patches/patch-ao b/mail/qpopper/patches/patch-ao deleted file mode 100644 index ead7e30c6c8..00000000000 --- a/mail/qpopper/patches/patch-ao +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-ao,v 1.1 2004/05/06 13:46:23 taca Exp $ - ---- common/maillock.c.orig Thu Mar 13 11:06:36 2003 -+++ common/maillock.c -@@ -272,13 +272,13 @@ Qmaillock ( char *drop_name, - - if ( bNo_atomic_open ) { - while ( fd == -1 ) { -+ char tempdir[FILENAME_MAX]; - /* - * Create a temporary file and link it to lock file - */ -- pTmp = tempnam ( pSpool_dir, "POP" ); -- if ( pTmp != NULL ) { -- fd = open ( pTmp, O_CREAT | O_EXCL, 0600 ); -- } -+ Qsprintf(tempdir, "%s/POPXXXXXXXXXX", pSpool_dir); -+ fd = mkstemp(tempdir); -+ pTmp = strdup(tempdir); - if ( fd == -1 ) { - if ( DEBUGGING && bDebugging ) { - logit ( fTrace, POP_DEBUG, HERE, diff --git a/mail/qpopper/patches/patch-ap b/mail/qpopper/patches/patch-ap index 3390c6be829..61ec0ccbc6d 100644 --- a/mail/qpopper/patches/patch-ap +++ b/mail/qpopper/patches/patch-ap @@ -1,72 +1,33 @@ -$NetBSD: patch-ap,v 1.2 2005/01/30 04:41:16 taca Exp $ +$NetBSD: patch-ap,v 1.3 2005/06/01 20:55:16 adrianp Exp $ ---- popper/main.c.orig 2005-01-30 13:05:52.000000000 +0900 +--- popper/main.c.orig 2005-05-28 17:29:10.000000000 +0100 +++ popper/main.c -@@ -226,7 +226,8 @@ main ( int argc, char *argv[] ) - #else - struct sockaddr_in cli_addr; - struct sockaddr_in serv_addr; -- unsigned short port = SERV_TCP_PORT; -+ unsigned short hport = SERV_TCP_PORT; -+ unsigned short port; - unsigned long addr = INADDR_ANY; - int pollfd [ 1 ]; - #endif -@@ -236,6 +237,7 @@ main ( int argc, char *argv[] ) +@@ -246,6 +246,7 @@ main ( int argc, char *argv[] ) fd_set fdset_templ; fd_set fdset_read; int fd_flags = 0; + FILE *fp; - if ( argc >= 2 && ( strncmp ( argv[1], "-v", 2 ) == 0 || -@@ -256,7 +258,7 @@ main ( int argc, char *argv[] ) - * Ensure default port & address is in network order - */ - addr = htonl ( addr ); -- port = htons ( port ); -+ port = htons ( hport ); - #endif + #ifdef USE_PAM +@@ -625,7 +626,10 @@ main ( int argc, char *argv[] ) + "listening using socket fd %d", + sockfd ); - /* -@@ -290,8 +292,7 @@ main ( int argc, char *argv[] ) - { - #ifndef INET6 - unsigned long a = addr; -- unsigned short n = ntohs ( port ); -- unsigned short n = port; -+ int n = hport; - char b [ 25 ] = ""; - #endif - char *q = b; -@@ -349,7 +350,8 @@ main ( int argc, char *argv[] ) - if ( a == BAD_ADDR || n == 0 || n > USHRT_MAX ) - err_dump ( HERE, "invalid address and/or port: \"%s\"", argv[1] ); - -- port = htons ( n ); -+ hport = n; -+ port = htons ( hport ); - addr = a; - #endif - -@@ -636,7 +638,10 @@ main ( int argc, char *argv[] ) - TRACE ( trace_file, POP_DEBUG, HERE, "listening using socket fd %d", - sockfd ); - -- listen ( sockfd, 5 ); +- listen ( sockfd, 5 ); +#ifndef SOMAXCONN +#define SOMAXCONN 5 +#endif + listen ( sockfd, SOMAXCONN ); - /* - * Set file descriptor to be non-blocking in case there isn't really a -@@ -762,6 +767,16 @@ main ( int argc, char *argv[] ) + /* + * Set file descriptor to be non-blocking in case there isn't really a +@@ -655,6 +659,16 @@ main ( int argc, char *argv[] ) signal ( SIGHUP, VOIDSTAR hupit ); signal ( SIGTERM, VOIDSTAR cleanup ); +#ifndef PIDFILE -+#define PIDFILE "/var/run/qpopper.pid" ++#define PIDFILE "/var/run/qpopper.pid" +#endif + fp = fopen(PIDFILE, "w"); + if (fp == NULL) { -- cgit v1.2.3