Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 13 Mar 2003 10:07:12 -0500 (EST)
From:      Mike Tancsa <mike@sentex.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/49988: update to qpopper port
Message-ID:  <200303131507.h2DF7C2R020349@granite.sentex.ca>
next in thread | raw e-mail | index | archive | help 

>Number:         49988
>Category:       ports
>Synopsis:       update to qpopper port
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 13 07:10:11 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Mike Tancsa
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
Sentex Communications
>Environment:
System: FreeBSD 


	
>Description:
	A security hole exists in qpopper 4.0.4 and before that allows a user with a valid account
	on the server to gain shell access 
>How-To-Repeat:
	
>Fix:

	An update to 4.0.5 fixes the problem.  The diffs below seem to work just fine
--- Makefile.prev
+++ Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=      qpopper
-PORTVERSION=   4.0.4
+PORTVERSION=   4.0.5
 PORTREVISION=  1
 CATEGORIES=    mail ipv6
 MASTER_SITES=  ftp://ftp.qualcomm.com/eudora/servers/unix/popper/%SUBDIR%/
@@ -17,7 +17,7 @@
 
 .if ${OSVERSION} >= 400014 && !defined(WITHOUT_IPV6)
 PATCH_SITES=   http://www.imasy.or.jp/~ume/ipv6/
-PATCHFILES=    qpopper4.0.4-ipv6-20020502.diff.gz
+PATCHFILES=    qpopper4.0.5-ipv6-20030313.diff.gz
 PATCH_DIST_STRIP=      -p1
 .endif


--- distinfo.prev       Thu Mar 13 09:55:26 2003
+++ distinfo    Thu Mar 13 09:58:46 2003
@@ -1,2 +1,2 @@
-MD5 (qpopper4.0.4.tar.gz) = 77f0968cd10b0d5236114838d9f507e5
-MD5 (qpopper4.0.4-ipv6-20020502.diff.gz) = 62f6b065a040e3fbc31a720746b9efae
+MD5 (qpopper4.0.5.tar.gz) = e00853280c9e899711f0b0239d3d8f86
+MD5 (qpopper4.0.5-ipv6-20030313.diff.gz) = 1d4b68ab55b95fb1d12528c505f24e5a


>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303131507.h2DF7C2R020349>