Date: Thu, 13 Mar 2003 10:07:12 -0500 (EST) From: Mike Tancsa <mike@sentex.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/49988: update to qpopper port Message-ID: <200303131507.h2DF7C2R020349@granite.sentex.ca>
next in thread | raw e-mail | index | archive | help
>Number: 49988 >Category: ports >Synopsis: update to qpopper port >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Mar 13 07:10:11 PST 2003 >Closed-Date: >Last-Modified: >Originator: Mike Tancsa >Release: FreeBSD 4.7-STABLE i386 >Organization: Sentex Communications >Environment: System: FreeBSD >Description: A security hole exists in qpopper 4.0.4 and before that allows a user with a valid account on the server to gain shell access >How-To-Repeat: >Fix: An update to 4.0.5 fixes the problem. The diffs below seem to work just fine --- Makefile.prev +++ Makefile @@ -6,7 +6,7 @@ # PORTNAME= qpopper -PORTVERSION= 4.0.4 +PORTVERSION= 4.0.5 PORTREVISION= 1 CATEGORIES= mail ipv6 MASTER_SITES= ftp://ftp.qualcomm.com/eudora/servers/unix/popper/%SUBDIR%/ @@ -17,7 +17,7 @@ .if ${OSVERSION} >= 400014 && !defined(WITHOUT_IPV6) PATCH_SITES= http://www.imasy.or.jp/~ume/ipv6/ -PATCHFILES= qpopper4.0.4-ipv6-20020502.diff.gz +PATCHFILES= qpopper4.0.5-ipv6-20030313.diff.gz PATCH_DIST_STRIP= -p1 .endif --- distinfo.prev Thu Mar 13 09:55:26 2003 +++ distinfo Thu Mar 13 09:58:46 2003 @@ -1,2 +1,2 @@ -MD5 (qpopper4.0.4.tar.gz) = 77f0968cd10b0d5236114838d9f507e5 -MD5 (qpopper4.0.4-ipv6-20020502.diff.gz) = 62f6b065a040e3fbc31a720746b9efae +MD5 (qpopper4.0.5.tar.gz) = e00853280c9e899711f0b0239d3d8f86 +MD5 (qpopper4.0.5-ipv6-20030313.diff.gz) = 1d4b68ab55b95fb1d12528c505f24e5a >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303131507.h2DF7C2R020349>