From e7c89b27e51ba28eb98e959e82e416bb94c98ec8 Mon Sep 17 00:00:00 2001
From: taca <taca@pkgsrc.org>
Date: Sat, 4 May 2002 05:59:04 +0000
Subject: - add a patch for fixing bulldir vulnerability with "-u" option. -
 update PKGREVISION to 1.

---
 mail/qpopper/Makefile         |  3 ++-
 mail/qpopper/distinfo         |  3 ++-
 mail/qpopper/patches/patch-an | 22 ++++++++++++++++++++++
 3 files changed, 26 insertions(+), 2 deletions(-)
 create mode 100644 mail/qpopper/patches/patch-an

(limited to 'mail/qpopper')

diff --git a/mail/qpopper/Makefile b/mail/qpopper/Makefile
index a0d06400f1e..9f38a084e78 100644
--- a/mail/qpopper/Makefile
+++ b/mail/qpopper/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.32 2002/05/03 15:09:51 taca Exp $
+# $NetBSD: Makefile,v 1.33 2002/05/04 05:59:04 taca Exp $
 #
 
 DISTNAME=		qpopper${VERSION}
 PKGNAME=		qpopper-${VERSION}
+PKGREVISION=		1
 CATEGORIES=		mail
 MASTER_SITES=		ftp://ftp.qualcomm.com/eudora/servers/unix/popper/
 
diff --git a/mail/qpopper/distinfo b/mail/qpopper/distinfo
index 667f13f7e0f..4ee1741e155 100644
--- a/mail/qpopper/distinfo
+++ b/mail/qpopper/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2002/05/02 16:16:50 martti Exp $
+$NetBSD: distinfo,v 1.6 2002/05/04 05:59:04 taca Exp $
 
 SHA1 (qpopper4.0.4.tar.gz) = c8b35bfa79000e3f1d67574c93d8d8ef580cd57c
 Size (qpopper4.0.4.tar.gz) = 2261992 bytes
@@ -10,3 +10,4 @@ SHA1 (patch-ae) = 1e06159f56c78e63a7960d4d9ca80535752099b2
 SHA1 (patch-ag) = 4b187ab978ead4b751290fe483f6d6a6bf959089
 SHA1 (patch-al) = 63fdc28b9c1d292d55464cda13c529ffb2a47b34
 SHA1 (patch-am) = 50f1afde9771af17f77552254372374699caad73
+SHA1 (patch-an) = 43e7c20b9c3cfd978255748236efbcbaf2f929ce
diff --git a/mail/qpopper/patches/patch-an b/mail/qpopper/patches/patch-an
new file mode 100644
index 00000000000..7f83d64815f
--- /dev/null
+++ b/mail/qpopper/patches/patch-an
@@ -0,0 +1,22 @@
+$NetBSD: patch-an,v 1.1 2002/05/04 05:59:05 taca Exp $
+
+--- popper/pop_bull.c.orig	Wed Feb 21 10:15:17 2001
++++ popper/pop_bull.c
+@@ -702,7 +702,7 @@
+     int            msg_num;
+     int            msg_vis_num          = 0;
+     int            msg_ends_in_nl       = 0;
+-    char           bullName [ 256 ];
++    char           bullName [ MAXLINELEN ];
+     MsgInfoList   *mp;               /* Pointer to message info list */
+ 
+ 
+@@ -716,7 +716,7 @@
+     msg_num = p->msg_count;
+     p->msg_count = ( ( ( p->msg_count - 1 ) / ALLOC_MSGS ) + 1 ) * ALLOC_MSGS;
+ 
+-    sprintf ( bullName, "%s/%s", p->bulldir, name );
++    Qsnprintf ( bullName, sizeof bullName, "%s/%s", p->bulldir, name );
+     bull = fopen ( bullName, "r" );
+     if ( bull == NULL ) {
+        pop_log ( p, POP_PRIORITY, HERE,
-- 
cgit v1.2.3