From 0a9d6bb61cd6f238e8832d142fd4a2303bf8b747 Mon Sep 17 00:00:00 2001 From: salo Date: Tue, 1 Nov 2005 21:51:26 +0000 Subject: Pullup ticket 877 - requested by Adrian Portelli security fix for fetchmailconf, portability fixes for fetchmail Revisions pulled up: - pkgsrc/mail/fetchmail/Makefile 1.154 - pkgsrc/mail/fetchmail/distinfo 1.32, 1.33 - pkgsrc/mail/fetchmail/options.mk 1.12, 1.13 - pkgsrc/mail/fetchmail/patches/patch-ah 1.1 - pkgsrc/mail/fetchmail/patches/patch-ai 1.1 - pkgsrc/mail/fetchmail/patches/patch-aj 1.1 - pkgsrc/mail/fetchmail/patches/patch-ak 1.1 - pkgsrc/mail/fetchmailconf/Makefile 1.65 Module Name: pkgsrc Committed By: rillig Date: Wed Sep 28 21:55:32 UTC 2005 Modified Files: pkgsrc/mail/fetchmail: options.mk Log Message: Replaced "# defined" with "yes" in Makefile variables like GNU_CONFIGURE, NO_BUILD, USE_LIBTOOL. --- Module Name: pkgsrc Committed By: scottr Date: Tue Oct 25 17:52:38 UTC 2005 Modified Files: pkgsrc/mail/fetchmail: options.mk Log Message: Add SOCKS4/SOCKS5 support. --- Module Name: pkgsrc Committed By: tonio Date: Fri Oct 21 20:56:50 UTC 2005 Modified Files: pkgsrc/mail/fetchmail: Makefile distinfo Added Files: pkgsrc/mail/fetchmail/patches: patch-ah patch-ai patch-aj Log Message: Fix mail/fetchmail under darwin (PR 28543). The added patches add a prefix "fm_" to lock related finctions, to avoid name clash with darwin lock functions. Link with -lresolv under darwin. (thanks scole_at_sdf.lonestar.org for the patches) Bump PKGREVISION --- Module Name: pkgsrc Committed By: adrianp Date: Tue Nov 1 19:16:52 UTC 2005 Modified Files: pkgsrc/mail/fetchmail: distinfo Added Files: pkgsrc/mail/fetchmail/patches: patch-ak Log Message: Add patch-ak for a fetchmailconf security issue. This patch does not impact the fetchmail package so no version bump is required. --- Module Name: pkgsrc Committed By: adrianp Date: Tue Nov 1 19:17:41 UTC 2005 Modified Files: pkgsrc/mail/fetchmailconf: Makefile Log Message: Bump to nb3 for security patch --- mail/fetchmail/Makefile | 9 ++++-- mail/fetchmail/distinfo | 6 +++- mail/fetchmail/options.mk | 20 ++++++++++-- mail/fetchmail/patches/patch-ah | 67 +++++++++++++++++++++++++++++++++++++++++ mail/fetchmail/patches/patch-ai | 19 ++++++++++++ mail/fetchmail/patches/patch-aj | 56 ++++++++++++++++++++++++++++++++++ mail/fetchmail/patches/patch-ak | 46 ++++++++++++++++++++++++++++ mail/fetchmailconf/Makefile | 4 +-- 8 files changed, 219 insertions(+), 8 deletions(-) create mode 100644 mail/fetchmail/patches/patch-ah create mode 100644 mail/fetchmail/patches/patch-ai create mode 100644 mail/fetchmail/patches/patch-aj create mode 100644 mail/fetchmail/patches/patch-ak (limited to 'mail') diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile index bce0b6e8878..401159574f7 100644 --- a/mail/fetchmail/Makefile +++ b/mail/fetchmail/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.153 2005/07/22 14:27:52 frueauf Exp $ +# $NetBSD: Makefile,v 1.153.2.1 2005/11/01 21:51:26 salo Exp $ DISTNAME= fetchmail-6.2.5 -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= mail MASTER_SITES= http://www.catb.org/~esr/fetchmail/ \ http://sunsite.unc.edu/pub/Linux/system/mail/pop/ @@ -23,6 +23,11 @@ CONFIGURE_ARGS+= --without-hesiod LDFLAGS+= ${CFLAGS} USE_TOOLS+= tbl +.if ${OPSYS} == "Darwin" +LDFLAGS+= -lresolv +CFLAGS.Darwin+= -DBIND_8_COMPAT -DHAVE_RESOLV_H +.endif + .include "options.mk" DOCDIR= ${PREFIX}/share/doc/fetchmail diff --git a/mail/fetchmail/distinfo b/mail/fetchmail/distinfo index c17caaeff7c..dfb5ede3d46 100644 --- a/mail/fetchmail/distinfo +++ b/mail/fetchmail/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.31 2005/07/22 14:27:52 frueauf Exp $ +$NetBSD: distinfo,v 1.31.2.1 2005/11/01 21:51:26 salo Exp $ SHA1 (fetchmail-6.2.5.tar.gz) = 4656ec4393ccd1c137fe7b331f77cb26b576ac0e RMD160 (fetchmail-6.2.5.tar.gz) = e32b91a959d0e80c4bd45a8758811cbe95a98180 @@ -10,3 +10,7 @@ SHA1 (patch-ad) = b6bffc59f28992fa0d3de0f9dad250c73bbeffc6 SHA1 (patch-ae) = 3acbacee78ab2084a615b0c02b7f83e563bfc7ac SHA1 (patch-af) = 06e7b84566b0d3ed50b56f88baf23f15ae21eb21 SHA1 (patch-ag) = e27a4769dc804bec71b449bed7ff318d15ae8bdf +SHA1 (patch-ah) = d6d08403b241a3e1a891faadbb36b0cd00df1398 +SHA1 (patch-ai) = 16449ab08c266936d80b8be11c93a3dd1ac5c2fe +SHA1 (patch-aj) = 1051c1eb754b9c9cffad2eab4561791975aebbe1 +SHA1 (patch-ak) = d75b42146597a17a1ce91dddc7ed0821697d7ec2 diff --git a/mail/fetchmail/options.mk b/mail/fetchmail/options.mk index 66ff6085de1..371719a1794 100644 --- a/mail/fetchmail/options.mk +++ b/mail/fetchmail/options.mk @@ -1,7 +1,9 @@ -# $NetBSD: options.mk,v 1.11 2005/05/30 18:06:37 frueauf Exp $ +# $NetBSD: options.mk,v 1.11.4.1 2005/11/01 21:51:26 salo Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.fetchmail PKG_SUPPORTED_OPTIONS= inet6 kerberos4 kerberos gssapi ssl +PKG_OPTIONS_OPTIONAL_GROUPS= socks +PKG_OPTIONS_GROUP.socks= socks4 socks5 PKG_SUGGESTED_OPTIONS= ssl @@ -27,7 +29,7 @@ CONFIGURE_ARGS+= --with-gssapi=no ### KPOP (POP3 + Kerberos IV) support. ### .if !empty(PKG_OPTIONS:Mkerberos4) -PKG_USE_KERBEROS= # defined +PKG_USE_KERBEROS= yes CONFIGURE_ARGS+= --with-kerberos=yes . if empty(MACHINE_PLATFORM:MNetBSD-1.[0-4]*-i386) REPLACE_KERBEROS_LIBS= yes @@ -41,7 +43,7 @@ CONFIGURE_ARGS+= --with-kerberos=no ### .if !empty(PKG_OPTIONS:Mkerberos) || !empty(PKG_OPTIONS:Mgssapi) . include "../../mk/krb5.buildlink3.mk" -PKG_USE_KERBEROS= # defined +PKG_USE_KERBEROS= yes CONFIGURE_ARGS+= --with-kerberos5=${KRB5BASE} .else CONFIGURE_ARGS+= --with-kerberos5=no @@ -56,3 +58,15 @@ CONFIGURE_ARGS+= --with-ssl=${SSLBASE} .else CONFIGURE_ARGS+= --without-ssl .endif + +### +### Include SOCKS firewall support +### +.if !empty(PKG_OPTIONS:Msocks4) +.include "../../net/socks4/buildlink3.mk" +CONFIGURE_ARGS+= --with-socks=${BUILDLINK_PREFIX.socks4} +.endif +.if !empty(PKG_OPTIONS:Msocks5) +.include "../../net/socks5/buildlink3.mk" +CONFIGURE_ARGS+= --with-socks5=${BUILDLINK_PREFIX.socks5} +.endif diff --git a/mail/fetchmail/patches/patch-ah b/mail/fetchmail/patches/patch-ah new file mode 100644 index 00000000000..7f56cdb6f8f --- /dev/null +++ b/mail/fetchmail/patches/patch-ah @@ -0,0 +1,67 @@ +$NetBSD: patch-ah,v 1.1.2.2 2005/11/01 21:51:26 salo Exp $ + +--- fetchmail.c.orig 2003-10-15 21:22:31.000000000 +0200 ++++ fetchmail.c +@@ -172,7 +172,7 @@ int main(int argc, char **argv) + * call near the beginning of the polling loop for details). We want + * to be sure the lock gets nuked on any error exit, basically. + */ +- lock_dispose(); ++ fm_lock_dispose(); + + #ifdef HAVE_GETCWD + /* save the current directory */ +@@ -268,7 +268,7 @@ int main(int argc, char **argv) + report_init((run.poll_interval == 0 || nodetach) && !run.logfile); + + /* construct the lockfile */ +- lock_setup(); ++ fm_lock_setup(); + + #ifdef HAVE_SETRLIMIT + /* +@@ -349,7 +349,7 @@ int main(int argc, char **argv) + } + + /* check for another fetchmail running concurrently */ +- pid = lock_state(); ++ pid = fm_lock_state(); + bkgd = (pid < 0); + pid = bkgd ? -pid : pid; + +@@ -387,7 +387,7 @@ int main(int argc, char **argv) + { + fprintf(stderr,GT_("fetchmail: %s fetchmail at %d killed.\n"), + bkgd ? GT_("background") : GT_("foreground"), pid); +- lock_release(); ++ fm_lock_release(); + if (argc == 2) + exit(0); + else +@@ -420,7 +420,7 @@ int main(int argc, char **argv) + } + else if (getpid() == pid) + /* this test enables re-execing on a changed rcfile */ +- lock_assert(); ++ fm_lock_assert(); + else if (argc > 1) + { + fprintf(stderr, +@@ -529,7 +529,7 @@ int main(int argc, char **argv) + set_signal_handler(SIGQUIT, terminate_run); + + /* here's the exclusion lock */ +- lock_or_die(); ++ fm_lock_or_die(); + + /* + * Query all hosts. If there's only one, the error return will +@@ -1300,7 +1300,7 @@ static RETSIGTYPE terminate_run(int sig) + memset(ctl->password, '\0', strlen(ctl->password)); + + #if !defined(HAVE_ATEXIT) && !defined(HAVE_ON_EXIT) +- lock_release(); ++ fm_lock_release(); + #endif + + if (activecount == 0) diff --git a/mail/fetchmail/patches/patch-ai b/mail/fetchmail/patches/patch-ai new file mode 100644 index 00000000000..1b56776ad21 --- /dev/null +++ b/mail/fetchmail/patches/patch-ai @@ -0,0 +1,19 @@ +$NetBSD: patch-ai,v 1.1.2.2 2005/11/01 21:51:26 salo Exp $ + +--- fetchmail.h.orig 2003-10-15 21:22:31.000000000 +0200 ++++ fetchmail.h +@@ -461,10 +461,10 @@ int gen_transact(); + extern struct msgblk msgblk; + + /* lock.c: concurrency locking */ +-void lock_setup(void), lock_assert(void); +-void lock_or_die(void), lock_release(void); +-int lock_state(void); +-void lock_dispose(void); ++void fm_lock_setup(void), fm_lock_assert(void); ++void fm_lock_or_die(void), fm_lock_release(void); ++int fm_lock_state(void); ++void fm_lock_dispose(void); + + /* use these to track what was happening when the nonresponse timer fired */ + #define GENERAL_WAIT 0 /* unknown wait type */ diff --git a/mail/fetchmail/patches/patch-aj b/mail/fetchmail/patches/patch-aj new file mode 100644 index 00000000000..6efd6f19481 --- /dev/null +++ b/mail/fetchmail/patches/patch-aj @@ -0,0 +1,56 @@ +$NetBSD: patch-aj,v 1.1.2.2 2005/11/01 21:51:26 salo Exp $ + +--- lock.c.orig 2003-08-13 10:08:17.000000000 +0200 ++++ lock.c +@@ -24,7 +24,7 @@ + static char *lockfile; /* name of lockfile */ + static int lock_acquired; /* have we acquired a lock */ + +-void lock_setup(void) ++void fm_lock_setup(void) + /* set up the global lockfile name */ + { + /* set up to do lock protocol */ +@@ -55,7 +55,7 @@ static void unlockit(void) + unlink(lockfile); + } + +-void lock_dispose(void) ++void fm_lock_dispose(void) + /* arrange for a lock to be removed on process exit */ + { + #ifdef HAVE_ATEXIT +@@ -66,7 +66,7 @@ void lock_dispose(void) + #endif + } + +-int lock_state(void) ++int fm_lock_state(void) + { + int pid, st; + FILE *lockfp; +@@ -88,13 +88,13 @@ int lock_state(void) + return(bkgd ? -pid : pid); + } + +-void lock_assert(void) ++void fm_lock_assert(void) + /* assert that we already posess a lock */ + { + lock_acquired = TRUE; + } + +-void lock_or_die(void) ++void fm_lock_or_die(void) + /* get a lock on a given host or exit */ + { + int fd; +@@ -125,7 +125,7 @@ void lock_or_die(void) + } + } + +-void lock_release(void) ++void fm_lock_release(void) + /* release a lock on a given host */ + { + unlink(lockfile); diff --git a/mail/fetchmail/patches/patch-ak b/mail/fetchmail/patches/patch-ak new file mode 100644 index 00000000000..61d2cac417b --- /dev/null +++ b/mail/fetchmail/patches/patch-ak @@ -0,0 +1,46 @@ +$NetBSD: patch-ak,v 1.1.2.2 2005/11/01 21:51:26 salo Exp $ + +--- fetchmailconf.orig 2003-10-15 20:22:31.000000000 +0100 ++++ fetchmailconf 2005-10-21 14:48:02.000000000 +0100 +@@ -4,7 +4,19 @@ + # by Eric S. Raymond, . + # Requires Python with Tkinter, and the following OS-dependent services: + # posix, posixpath, socket +-version = "1.43" ++# ++# Changes by Matthias Andree, in 2005: ++# ++# 1.43.1 - unsuccessful attempt to fix a password exposure bug ++# ++# thanks to Thomas Wolff and Miloslav Trmac for pointing ++# out the fix was insufficient ++# ++# 1.43.2 - fix password exposure bug, by restricting umask to 077 ++# before opening the file ++# - record fetchmailconf version in output file ++# ++version = "1.43.2" + + from Tkinter import * + from Dialog import * +@@ -858,14 +870,17 @@ + # Pre-1.5.2 compatibility... + except os.error: + pass ++ old_umask = os.umask(077) + fm = open(self.outfile, 'w') ++ os.umask(old_umask) + if fm: +- fm.write("# Configuration created %s by fetchmailconf\n" % time.ctime(time.time())) ++ if fm != sys.stdout: ++ os.chmod(self.outfile, 0600) ++ fm.write("# Configuration created %s by fetchmailconf %s\n" ++ % (time.ctime(time.time()), version)) + fm.write(`self.configuration`) + if self.outfile: + fm.close() +- if fm != sys.stdout: +- os.chmod(self.outfile, 0600) + self.destruct() + + # diff --git a/mail/fetchmailconf/Makefile b/mail/fetchmailconf/Makefile index 949c3a06062..6897c3aa7ac 100644 --- a/mail/fetchmailconf/Makefile +++ b/mail/fetchmailconf/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.64 2005/06/16 06:58:02 jlam Exp $ +# $NetBSD: Makefile,v 1.64.4.1 2005/11/01 21:51:26 salo Exp $ DISTNAME= fetchmail-6.2.5 PKGNAME= ${DISTNAME:S/fetchmail/fetchmailconf/} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= mail MASTER_SITES= http://www.catb.org/~esr/fetchmail/ \ http://sunsite.unc.edu/pub/Linux/system/mail/pop/ -- cgit v1.2.3