From owner-freebsd-ports  Thu Jul 16 08:35:44 1998
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA26969
          for freebsd-ports-outgoing; Thu, 16 Jul 1998 08:35:44 -0700 (PDT)
          (envelope-from owner-freebsd-ports@FreeBSD.ORG)
Received: from ady.warpnet.ro (ady.warpnet.ro [193.230.201.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA26936
          for <freebsd-ports@FreeBSD.ORG>; Thu, 16 Jul 1998 08:35:07 -0700 (PDT)
          (envelope-from ady@warpnet.ro)
Received: from localhost (ady@localhost)
	by ady.warpnet.ro (8.8.8/8.8.8) with SMTP id SAA03116;
	Thu, 16 Jul 1998 18:32:44 +0300 (EEST)
	(envelope-from ady@warpnet.ro)
Date: Thu, 16 Jul 1998 18:32:44 +0300 (EEST)
From: Adrian Penisoara <ady@warpnet.ro>
To: Steve Price <sprice@hiwaay.net>
cc: Matt Behrens <matt@megaweapon.zigg.com>, imap-uw@freebsd.ady.ro,
        FreeBSD ports <freebsd-ports@FreeBSD.ORG>
Subject: Re: imap-uw security hole -- please update port
In-Reply-To: <Pine.OSF.3.96.980716100820.23260C-100000@fly.HiWAAY.net>
Message-ID: <Pine.BSF.3.96.980716182054.3069A-100000@ady.warpnet.ro>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi,

On Thu, 16 Jul 1998, Steve Price wrote:

> Hey, I won't worry if Matt doesn't. :)  If we don't install

 I'd still worry if Matty was happy and the sources were
security-compromising... :)

> the imap tools does that satisfy your requirements Matt or
> are you expecting them to be installed as part of pine4?

 Pine 3.96 & Pine 4.00 install only c-client library, pico (the Editor),
Pilot (the file Browser) and Pine (the MUA); I believe this is what the
average user expects -- if someone wants the mail daemons (ipop2d, ipop3d,
imapd) then they will happily be served by the imap-uw port :)

> If so, would a *_DEPENDS on the imap-uw port work?  Of
> course its build/install would have to be conditionalized
> appropriately first of course.

 That wouldn't be necessary (if the POP/IMAP dameons build was expected)
-- Pine 4.00 source tarball comes with the sources for these dameons
already, *_DEPENDS should be used only to force using imap-uw's sources
instead what the pine port has; but I do repeat: the user 
doesn't/shouldn't expect the port to install anything else but what they
come for and that's the Pine binaries; if they want the mail daemons they
should go for imap-uw...

 What's your opinion, Matt ?

> 
> Just out of curiousity why isn't the imap-uw port afflicted
> by the same security problems mentioned on BUGTRAQ?

 I believe this is because only the newly released Pine 4.00 source
tarball has the latest sources wich have that security bug -- but this is
just a supposition, it must be verified !

 And about that, could you dig up a bit more and tell me what exactly is
this security compromise about or where can I find more about it, Matt ?
Thanks !

> 
> Steve
> 
> On Thu, 16 Jul 1998, Adrian Penisoara wrote:
> 

 
  Ady (@freebsd.ady.ro)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message