From owner-freebsd-ports-bugs Thu Mar 13 7:10:20 2003 Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 23EA137B401 for ; Thu, 13 Mar 2003 07:10:18 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 51BF843FEC for ; Thu, 13 Mar 2003 07:10:13 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h2DFACNS094678 for ; Thu, 13 Mar 2003 07:10:12 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h2DFACMr094675; Thu, 13 Mar 2003 07:10:12 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C86837B404 for ; Thu, 13 Mar 2003 07:07:19 -0800 (PST) Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2962E43F3F for ; Thu, 13 Mar 2003 07:07:18 -0800 (PST) (envelope-from mdtancsa@granite.sentex.ca) Received: from granite.sentex.ca (ns.sentex.ca [199.212.134.1]) by smtp1.sentex.ca (8.12.8/8.12.6) with ESMTP id h2DF7F8W001405 for ; Thu, 13 Mar 2003 10:07:19 -0500 (EST) (envelope-from mdtancsa@granite.sentex.ca) Received: from granite.sentex.ca (localhost [127.0.0.1]) by granite.sentex.ca (8.12.8/8.12.6) with ESMTP id h2DF7Cng020350 for ; Thu, 13 Mar 2003 10:07:12 -0500 (EST) (envelope-from mdtancsa@granite.sentex.ca) Received: (from mdtancsa@localhost) by granite.sentex.ca (8.12.8/8.12.6/Submit) id h2DF7C2R020349; Thu, 13 Mar 2003 10:07:12 -0500 (EST) (envelope-from mdtancsa) Message-Id: <200303131507.h2DF7C2R020349@granite.sentex.ca> Date: Thu, 13 Mar 2003 10:07:12 -0500 (EST) From: Mike Tancsa Reply-To: Mike Tancsa To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/49988: update to qpopper port Sender: owner-freebsd-ports-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 49988 >Category: ports >Synopsis: update to qpopper port >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Mar 13 07:10:11 PST 2003 >Closed-Date: >Last-Modified: >Originator: Mike Tancsa >Release: FreeBSD 4.7-STABLE i386 >Organization: Sentex Communications >Environment: System: FreeBSD >Description: A security hole exists in qpopper 4.0.4 and before that allows a user with a valid account on the server to gain shell access >How-To-Repeat: >Fix: An update to 4.0.5 fixes the problem. The diffs below seem to work just fine --- Makefile.prev +++ Makefile @@ -6,7 +6,7 @@ # PORTNAME= qpopper -PORTVERSION= 4.0.4 +PORTVERSION= 4.0.5 PORTREVISION= 1 CATEGORIES= mail ipv6 MASTER_SITES= ftp://ftp.qualcomm.com/eudora/servers/unix/popper/%SUBDIR%/ @@ -17,7 +17,7 @@ .if ${OSVERSION} >= 400014 && !defined(WITHOUT_IPV6) PATCH_SITES= http://www.imasy.or.jp/~ume/ipv6/ -PATCHFILES= qpopper4.0.4-ipv6-20020502.diff.gz +PATCHFILES= qpopper4.0.5-ipv6-20030313.diff.gz PATCH_DIST_STRIP= -p1 .endif --- distinfo.prev Thu Mar 13 09:55:26 2003 +++ distinfo Thu Mar 13 09:58:46 2003 @@ -1,2 +1,2 @@ -MD5 (qpopper4.0.4.tar.gz) = 77f0968cd10b0d5236114838d9f507e5 -MD5 (qpopper4.0.4-ipv6-20020502.diff.gz) = 62f6b065a040e3fbc31a720746b9efae +MD5 (qpopper4.0.5.tar.gz) = e00853280c9e899711f0b0239d3d8f86 +MD5 (qpopper4.0.5-ipv6-20030313.diff.gz) = 1d4b68ab55b95fb1d12528c505f24e5a >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports-bugs" in the body of the message