Date: Fri, 14 Mar 2003 02:06:25 +0800 From: "öÎ Àî" <delphij@hotmail.com> To: freebsd-gnats-submit@FreeBSD.org Cc: lioux@FreeBSD.org, delphij@frontfree.net, kris@FreeBSD.org, re@FreeBSD.org, security-officer@FreeBSD.org Subject: ports/49993: [update] SECURITY UPDATE qpopper to 4.0.5 Message-ID: <F7e2U8QVjp3b6uIU1Gj0002d6a8@hotmail.com>
next in thread | raw e-mail | index | archive | help
>Number: 49993 >Category: ports >Synopsis: [update] SECURITY UPDATE qpopper to 4.0.5 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Mar 13 10:10:07 PST 2003 >Closed-Date: >Last-Modified: >Originator: Xin LI delphij@frontfree.net >Release: FreeBSD 4.8-RC i386 >Organization: Frontfree Technology Network >Environment: System: FreeBSD mail.frontfree.net 4.8-RC FreeBSD 4.8-RC #84: Thu Mar 13 02:37:44 CST 2003 delphij@mail.frontfree.net:/usr/obj/usr/src/sys/MAIL i386 >Description: qpopper has an security vulnerability which could be remotely exploited, as described in http://www.securityfocus.net/archive/1/314643/2003-03-10/2003-03-16/0 and was fixed in 4.0.5fc2, which is described in http://www.securityfocus.net/archive/1/314789/2003-03-10/2003-03-16/0 then 4.0.5 was released. The ported version should be updated. >How-To-Repeat: >Fix: Apply the patch followed. As a security update I hope it is to be committed before 4.8-RELEASE. This PR is basically based on Mike Tancsa <mike@sentex.net>'s patch, with a little variant, and thanks to ume@ for the IPv6 patch. diff -ruN qpopper.old/Makefile qpopper/Makefile --- qpopper.old/Makefile Fri Mar 14 01:39:30 2003 +++ qpopper/Makefile Fri Mar 14 01:42:36 2003 @@ -6,8 +6,7 @@ # PORTNAME= qpopper -PORTVERSION= 4.0.4 -PORTREVISION= 1 +PORTVERSION= 4.0.5 CATEGORIES= mail ipv6 MASTER_SITES= ftp://ftp.qualcomm.com/eudora/servers/unix/popper/%SUBDIR%/ MASTER_SITE_SUBDIR= . old @@ -17,7 +16,7 @@ .if ${OSVERSION} >= 400014 && !defined(WITHOUT_IPV6) PATCH_SITES= http://www.imasy.or.jp/~ume/ipv6/ -PATCHFILES= qpopper4.0.4-ipv6-20020502.diff.gz +PATCHFILES= qpopper4.0.5-ipv6-20030313.diff.gz PATCH_DIST_STRIP= -p1 .endif diff -ruN qpopper.old/distinfo qpopper/distinfo --- qpopper.old/distinfo Fri Mar 14 01:39:30 2003 +++ qpopper/distinfo Fri Mar 14 01:44:52 2003 @@ -1,2 +1,2 @@ -MD5 (qpopper4.0.4.tar.gz) = 77f0968cd10b0d5236114838d9f507e5 -MD5 (qpopper4.0.4-ipv6-20020502.diff.gz) = 62f6b065a040e3fbc31a720746b9efae +MD5 (qpopper4.0.5.tar.gz) = e00853280c9e899711f0b0239d3d8f86 +MD5 (qpopper4.0.5-ipv6-20030313.diff.gz) = 1d4b68ab55b95fb1d12528c505f24e5a _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F7e2U8QVjp3b6uIU1Gj0002d6a8>