From owner-freebsd-ports-bugs Thu Mar 13 10:10:16 2003 Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6390337B404 for ; Thu, 13 Mar 2003 10:10:12 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3653143F93 for ; Thu, 13 Mar 2003 10:10:11 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h2DIA7NS073768 for ; Thu, 13 Mar 2003 10:10:07 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h2DIA7sP073767; Thu, 13 Mar 2003 10:10:07 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4708637B401; Thu, 13 Mar 2003 10:06:28 -0800 (PST) Received: from hotmail.com (f7.law10.hotmail.com [64.4.15.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 295A943F75; Thu, 13 Mar 2003 10:06:27 -0800 (PST) (envelope-from delphij@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 13 Mar 2003 10:06:27 -0800 Received: from 211.150.228.2 by lw10fd.law10.hotmail.msn.com with HTTP; Thu, 13 Mar 2003 18:06:25 GMT Message-Id: Date: Fri, 14 Mar 2003 02:06:25 +0800 From: "öÎ Àî" To: freebsd-gnats-submit@FreeBSD.org Cc: lioux@FreeBSD.org, delphij@frontfree.net, kris@FreeBSD.org, re@FreeBSD.org, security-officer@FreeBSD.org Subject: ports/49993: [update] SECURITY UPDATE qpopper to 4.0.5 Sender: owner-freebsd-ports-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 49993 >Category: ports >Synopsis: [update] SECURITY UPDATE qpopper to 4.0.5 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Mar 13 10:10:07 PST 2003 >Closed-Date: >Last-Modified: >Originator: Xin LI delphij@frontfree.net >Release: FreeBSD 4.8-RC i386 >Organization: Frontfree Technology Network >Environment: System: FreeBSD mail.frontfree.net 4.8-RC FreeBSD 4.8-RC #84: Thu Mar 13 02:37:44 CST 2003 delphij@mail.frontfree.net:/usr/obj/usr/src/sys/MAIL i386 >Description: qpopper has an security vulnerability which could be remotely exploited, as described in http://www.securityfocus.net/archive/1/314643/2003-03-10/2003-03-16/0 and was fixed in 4.0.5fc2, which is described in http://www.securityfocus.net/archive/1/314789/2003-03-10/2003-03-16/0 then 4.0.5 was released. The ported version should be updated. >How-To-Repeat: >Fix: Apply the patch followed. As a security update I hope it is to be committed before 4.8-RELEASE. This PR is basically based on Mike Tancsa 's patch, with a little variant, and thanks to ume@ for the IPv6 patch. diff -ruN qpopper.old/Makefile qpopper/Makefile --- qpopper.old/Makefile Fri Mar 14 01:39:30 2003 +++ qpopper/Makefile Fri Mar 14 01:42:36 2003 @@ -6,8 +6,7 @@ # PORTNAME= qpopper -PORTVERSION= 4.0.4 -PORTREVISION= 1 +PORTVERSION= 4.0.5 CATEGORIES= mail ipv6 MASTER_SITES= ftp://ftp.qualcomm.com/eudora/servers/unix/popper/%SUBDIR%/ MASTER_SITE_SUBDIR= . old @@ -17,7 +16,7 @@ .if ${OSVERSION} >= 400014 && !defined(WITHOUT_IPV6) PATCH_SITES= http://www.imasy.or.jp/~ume/ipv6/ -PATCHFILES= qpopper4.0.4-ipv6-20020502.diff.gz +PATCHFILES= qpopper4.0.5-ipv6-20030313.diff.gz PATCH_DIST_STRIP= -p1 .endif diff -ruN qpopper.old/distinfo qpopper/distinfo --- qpopper.old/distinfo Fri Mar 14 01:39:30 2003 +++ qpopper/distinfo Fri Mar 14 01:44:52 2003 @@ -1,2 +1,2 @@ -MD5 (qpopper4.0.4.tar.gz) = 77f0968cd10b0d5236114838d9f507e5 -MD5 (qpopper4.0.4-ipv6-20020502.diff.gz) = 62f6b065a040e3fbc31a720746b9efae +MD5 (qpopper4.0.5.tar.gz) = e00853280c9e899711f0b0239d3d8f86 +MD5 (qpopper4.0.5-ipv6-20030313.diff.gz) = 1d4b68ab55b95fb1d12528c505f24e5a _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports-bugs" in the body of the message