Date: Sat, 10 Nov 2001 22:21:02 +0100 (CET) From: Thierry Thomas <thierry@thomas.as> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/31904: Port mail/imp: security update to v. 2.2.7 Message-ID: <20011110212102.4EBD67525@graf.pompo.net>
next in thread | raw e-mail | index | archive | help
>Number: 31904 >Category: ports >Synopsis: Port mail/imp: security update to v. 2.2.7 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Nov 10 13:30:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Thierry Thomas >Release: FreeBSD 4.4-STABLE i386 >Organization: Kabbale Eros >Environment: System: FreeBSD graf.pompo.net 4.4-STABLE FreeBSD 4.4-STABLE #0: Sat Sep 22 10:41:40 CEST 2001 root@graf.pompo.net:/usr/obj/mntsrc/src/sys/GRAF010429 i386 >Description: This PR supersedes PR ports/31889, about a vulnerability. Version 2.2.7 add support for simplified chinese. It supersedes PR ports/31090 (change default IMAP server), there are some minor updates, and it prepares the migration towards IMP v. 3. >How-To-Repeat: Apply the enclosed shar. >Fix: diff -rNu mail/imp.orig/Makefile mail/imp/Makefile --- mail/imp.orig/Makefile Sat Oct 13 23:48:59 2001 +++ mail/imp/Makefile Sat Nov 10 19:38:34 2001 @@ -7,8 +7,7 @@ # PORTNAME= imp -PORTVERSION= 2.2.6 -PORTREVISION= 1 +PORTVERSION= 2.2.7 CATEGORIES= mail www MASTER_SITES= ftp://ftp.horde.org/pub/imp/tarballs/ @@ -42,7 +41,7 @@ # # - WITH_COURIER-IMAP : IMP will work with courier-imap. # -# These choice are mutually exclusive, and cyrus-imapd is the default. +# These choice are mutually exclusive, and imap-uw is the default. # #----------------------------------------------------------------------- @@ -58,25 +57,25 @@ .endif .endif -RUN_DEPENDS+= ${LOCALBASE}/www/horde/:${PORTSDIR}/www/horde +RUN_DEPENDS+= ${LOCALBASE}/www/horde/index.php3:${PORTSDIR}/www/horde # I have no report about the support of dkimap4 by IMP, # but I shall be happy to add it if somebody report success with it. # If an IMAP server is already installed, we just record the dependence, -# else we shall install cyrus-imapd. +# else we shall install imap-uw. # IMAP servers are ordered according to my tastes, if several are # installed, we just record the first one. .if !defined(WITHOUT_IMAPSERVER) -.if defined(WITH_CYRUS-IMAPD) -RUN_DEPENDS+= ${LOCALBASE}/lib/libacap.a:${PORTSDIR}/mail/cyrus-imapd -.elif defined(WITH_IMAP-UW) +.if defined(WITH_IMAP-UW) RUN_DEPENDS+= ${LOCALBASE}/libexec/imapd:${PORTSDIR}/mail/imap-uw +.elif defined(WITH_CYRUS-IMAPD) +RUN_DEPENDS+= ${LOCALBASE}/lib/libacap.a:${PORTSDIR}/mail/cyrus-imapd .elif defined(WITH_CYRUS) RUN_DEPENDS+= ${LOCALBASE}/cyrus/:${PORTSDIR}/mail/cyrus .elif defined(WITH_COURIER-IMAP) RUN_DEPENDS+= ${LOCALBASE}/libexec/courier-imap/:${PORTSDIR}/mail/courier-imap .else -RUN_DEPENDS+= ${LOCALBASE}/lib/libacap.a:${PORTSDIR}/mail/cyrus-imapd +RUN_DEPENDS+= ${LOCALBASE}/libexec/imapd:${PORTSDIR}/mail/imap-uw .endif .endif @@ -100,12 +99,16 @@ LHORDEDIR?= www/horde LIMPDIR?= ${LHORDEDIR}/imp +HORDESBIN?= ${PREFIX}/sbin PLIST_SUB= HORDEDIR=${LHORDEDIR} IMPDIR=${LIMPDIR} HORDEDIR= ${PREFIX}/${LHORDEDIR} IMPDIR= ${PREFIX}/${LIMPDIR} +APACHE_CNFDIR?= ${LOCALBASE}/etc/apache +APACHE_CONF= ${APACHE_CNFDIR}/httpd.conf + pre-everything:: .if !defined(WITHOUT_IMAPSERVER) @${ECHO_MSG} "" @@ -116,6 +119,12 @@ pre-install: # N.B.: database dependencies are binded with mod_php#, neither by Horde nor IMP. + @if [ -f ${IMPDIR}/index.php ]; then \ + ${ECHO_MSG} "" ; \ + ${ECHO_MSG} "Please deinstall the port mail/imp-devel." ; \ + ${ECHO_MSG} "" ; \ + ${FALSE} ; \ + fi @if ! ${LDCONFIG} -r | ${GREP} -q -e "c-client4.8"; then \ ${ECHO_MSG} "" ; \ ${ECHO_MSG} "Please configure PHP with IMAP support." ; \ @@ -173,6 +182,12 @@ ${PERL} -pi -e "s:/bin/tar:/usr/bin/tar:g" ${IMPDIR}/config/defaults.php3.dist ${PERL} -pi -e "s:/usr/bin/zipinfo:${LOCALBASE}/bin/zipinfo:g" \ ${IMPDIR}/config/defaults.php3.dist + ${PERL} -pi -e "s:sh ./secure.sh:${HORDESBIN}/horde_secure.sh:g" \ + ${IMPDIR}/templates/index/imp_notconfigured.inc + ${PERL} -pi -e "s:sh ./install.sh:${HORDESBIN}/horde_setup.sh:g" \ + ${IMPDIR}/templates/index/imp_notconfigured.inc + ${PERL} -pi -e "s:sh ./secure.sh:${HORDESBIN}/horde_secure.sh:g" \ + ${HORDEDIR}/templates/setup/imp/write_file.inc @if [ ! -f ${IMPDIR}/config/defaults.php3 ]; then \ ${CP} ${IMPDIR}/config/defaults.php3.dist ${IMPDIR}/config/defaults.php3; \ fi @@ -186,8 +201,21 @@ @if [ ! -f ${IMPDIR}/config/servers.php3 ]; then \ ${CP} ${IMPDIR}/config/servers.php3.dist ${IMPDIR}/config/servers.php3; \ fi + ${CHOWN} -R www:www ${IMPDIR} ${CHMOD} 444 ${HORDEDIR}/setup.php3 + @(if [ -f ${APACHE_CONF} ] ; then \ + (if [ ! -f ${APACHE_CONF}.beforeIMP ] ; then \ + ${ECHO} "===> Updating ${APACHE_CONF}..." ; \ + ${CP} -p ${.CURDIR}/httpd.conf.imp ${WRKDIR}/httpd.conf.imp ; \ + ${PERL} -pi -e "s:/home/httpd/html/horde/imp:${IMPDIR}:g" \ + ${WRKDIR}/httpd.conf.imp ; \ + ${CP} -p ${APACHE_CONF} ${APACHE_CONF}.beforeIMP ; \ + ${GREP} -qw 'Added for IMP' ${APACHE_CONF} || ${CAT} ${WRKDIR}/httpd.conf.imp \ + >> ${APACHE_CONF} ; \ + fi) ; \ + fi) .if !defined(NOPORTDOCS) + ${PERL} -pi -e "s:/home/httpd/html/horde/imp:${IMPDIR}:g" ${WRKSRC}/docs/SECURITY ${MKDIR} ${DOCSDIR} .for FILE in ${DOCS} ${INSTALL_DATA} ${WRKSRC}/${FILE} ${DOCSDIR} @@ -208,8 +236,11 @@ @${ECHO} "In order to end IMP's configuration, please read the" @${ECHO} "file ${DOCSDIR}/INSTALL." @${ECHO} "" + @${ECHO} "If ${APACHE_CONF} has been updated," + @${ECHO} "you have to restart Apache." + @${ECHO} "" @${ECHO} "The configuration utitility is located at" - @${ECHO} "<URL:http://localhost/horde/imp/setup.php3>". + @${ECHO} "<URL:http://localhost/horde/setup.php3>". @${ECHO} "" @${ECHO} "IMP requires an IMAP server. If you want to install one on this" @${ECHO} "machine, you may install the ports mail/cyrus-imapd, or" diff -rNu mail/imp.orig/distinfo mail/imp/distinfo --- mail/imp.orig/distinfo Sun Jul 22 10:31:31 2001 +++ mail/imp/distinfo Sat Nov 10 18:45:10 2001 @@ -1 +1 @@ -MD5 (imp-2.2.6.tar.gz) = 10c5f9b73b1894a2c6b78e46935808ea +MD5 (imp-2.2.7.tar.gz) = b5c683e1dc862fd185c9be0ce7188894 diff -rNu mail/imp.orig/httpd.conf.imp mail/imp/httpd.conf.imp --- mail/imp.orig/httpd.conf.imp Thu Jan 1 01:00:00 1970 +++ mail/imp/httpd.conf.imp Fri Oct 12 14:22:25 2001 @@ -0,0 +1,24 @@ + +# Added for IMP +# +# For security, don't serve pages from the IMP configuration and +# library directories. +# +<Directory "/home/httpd/html/horde/imp/config"> + order deny,allow + deny from all +</Directory> +<Directory "/home/httpd/html/horde/imp/lib"> + order deny,allow + deny from all +</Directory> +<Directory "/home/httpd/html/horde/imp/locale"> + order deny,allow + deny from all +</Directory> +<Directory "/home/httpd/html/horde/imp/templates"> + order deny,allow + deny from all +</Directory> +# End of IMP configuration ================ + diff -rNu mail/imp.orig/pkg-deinstall mail/imp/pkg-deinstall --- mail/imp.orig/pkg-deinstall Thu Jan 1 01:00:00 1970 +++ mail/imp/pkg-deinstall Fri Oct 12 14:33:10 2001 @@ -0,0 +1,12 @@ +#!/bin/sh +# Try to restore httpd.conf when deinstalling IMP + +if [ x$2 != xDEINSTALL ]; then + exit +fi + +if [ -f ${PKG_PREFIX}/etc/apache/httpd.conf.beforeIMP ] ; then + echo "Restoring httpd.conf..." + cp ${PKG_PREFIX}/etc/apache/httpd.conf ${PKG_PREFIX}/etc/apache/httpd.conf.deinstIMP + mv ${PKG_PREFIX}/etc/apache/httpd.conf.beforeIMP ${PKG_PREFIX}/etc/apache/httpd.conf +fi diff -rNu mail/imp.orig/pkg-plist mail/imp/pkg-plist --- mail/imp.orig/pkg-plist Sun Jul 22 15:56:50 2001 +++ mail/imp/pkg-plist Sat Nov 10 19:20:14 2001 @@ -729,6 +729,29 @@ %%IMPDIR%%/locale/sl/select.lang %%IMPDIR%%/locale/sl/spelling.lang %%IMPDIR%%/locale/sl/status.lang +%%IMPDIR%%/locale/zh/compose.help +%%IMPDIR%%/locale/zh/compose.lang +%%IMPDIR%%/locale/zh/contacts.help +%%IMPDIR%%/locale/zh/contacts.lang +%%IMPDIR%%/locale/zh/folders.help +%%IMPDIR%%/locale/zh/folders.lang +%%IMPDIR%%/locale/zh/help.lang +%%IMPDIR%%/locale/zh/horde.lang +%%IMPDIR%%/locale/zh/login.help +%%IMPDIR%%/locale/zh/login.lang +%%IMPDIR%%/locale/zh/mailbox.lang +%%IMPDIR%%/locale/zh/menu.lang +%%IMPDIR%%/locale/zh/message.lang +%%IMPDIR%%/locale/zh/newuser.entro.txt +%%IMPDIR%%/locale/zh/newuser.intro.txt +%%IMPDIR%%/locale/zh/newuser.lang +%%IMPDIR%%/locale/zh/newuser.start.txt +%%IMPDIR%%/locale/zh/openwin.lang +%%IMPDIR%%/locale/zh/passwd.lang +%%IMPDIR%%/locale/zh/prefs.lang +%%IMPDIR%%/locale/zh/select.lang +%%IMPDIR%%/locale/zh/spelling.lang +%%IMPDIR%%/locale/zh/status.lang %%IMPDIR%%/locale/zh-tw/compose.help %%IMPDIR%%/locale/zh-tw/compose.lang %%IMPDIR%%/locale/zh-tw/contacts.help @@ -850,6 +873,7 @@ @dirrm %%IMPDIR%%/templates @dirrm %%IMPDIR%%/scripts @dirrm %%IMPDIR%%/locale/zh-tw +@dirrm %%IMPDIR%%/locale/zh @dirrm %%IMPDIR%%/locale/sl @dirrm %%IMPDIR%%/locale/sk @dirrm %%IMPDIR%%/locale/se >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011110212102.4EBD67525>