From owner-freebsd-security Wed Mar 12 11:50:57 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 888C137B401 for ; Wed, 12 Mar 2003 11:50:52 -0800 (PST) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB4D643FBD for ; Wed, 12 Mar 2003 11:50:51 -0800 (PST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.8/8.12.8) with ESMTP id h2CJon8w080431; Wed, 12 Mar 2003 14:50:49 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030312145029.0572f058@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Wed, 12 Mar 2003 14:55:43 -0500 To: Brett Glass , security@FreeBSD.ORG From: Mike Tancsa Subject: Re: Fwd: Qpopper 4.0.5fc2 available In-Reply-To: <4.3.2.7.2.20030312123805.03d83a20@localhost> References: <5.2.0.9.0.20030311221739.073ac2f0@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (lava/20020517) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I dont see the offical release yet, but I imagine the guy is on the west coast, so its not quite afternoon there. The only patch that does not apply cleanly in the port is the ipv6 patch. As I dont use that, I disabled it. If you want to get things going quickly, here is what I did checkpoint# diff -u qpopper/Makefile qpopper.new/Makefile --- qpopper/Makefile Sun Feb 23 14:58:21 2003 +++ qpopper.new/Makefile Wed Mar 12 11:15:08 2003 @@ -6,16 +6,17 @@ # PORTNAME= qpopper -PORTVERSION= 4.0.4 +PORTVERSION= 4.0.5fc2 PORTREVISION= 1 CATEGORIES= mail ipv6 MASTER_SITES= ftp://ftp.qualcomm.com/eudora/servers/unix/popper/%SUBDIR%/ MASTER_SITE_SUBDIR= . old DISTNAME= ${PORTNAME}${PORTVERSION} +WITHOUT_IPV6=Y .include -.if ${OSVERSION} >= 400014 && !defined(WITHOUT_IPV6) +.if ${OSVERSION} >= 900014 && !defined(WITHOUT_IPV6) PATCH_SITES= http://www.imasy.or.jp/~ume/ipv6/ PATCHFILES= qpopper4.0.4-ipv6-20020502.diff.gz PATCH_DIST_STRIP= -p1 @@ -32,7 +33,8 @@ CONFIGURE_ARGS= --enable-apop=${PREFIX}/etc/qpopper/pop.auth \ --enable-nonauth-file=${POPUSERS_FILE} \ --with-apopuid=pop --without-gdbm \ - --enable-keep-temp-drop + --enable-keep-temp-drop \ + --enable-shy --enable-servermode --enable-log-login PLIST_SUB= EPOPPASSD=${EPOPPASSD} \ POP_USER=${POP_USER} \ checkpoint# Note, the + --enable-keep-temp-drop \ + --enable-shy --enable-servermode --enable-log-login Are specific to my setup. And checkpoint# diff -u qpopper/distinfo qpopper.new/distinfo --- qpopper/distinfo Mon May 20 19:25:49 2002 +++ qpopper.new/distinfo Wed Mar 12 11:09:31 2003 @@ -1,2 +1,3 @@ MD5 (qpopper4.0.4.tar.gz) = 77f0968cd10b0d5236114838d9f507e5 +MD5 (qpopper4.0.5fc2.tar.gz) = fe1ea4d0e59104af37e513aba0fc7d6e MD5 (qpopper4.0.4-ipv6-20020502.diff.gz) = 62f6b065a040e3fbc31a720746b9efae checkpoint# I have been running this on a lesser used server and it seems to function correctly. ---Mike At 12:38 PM 12/03/2003 -0700, Brett Glass wrote: >Has the port been patched? Since it's now the 12th, is the final >version up yet? > >--Brett > > >At 08:17 PM 3/11/2003, Mike Tancsa wrote: > > > >FYI > > > > > >>X-Mailer: Eudora for Mac OS X v6.0a > >>Date: Tue, 11 Mar 2003 18:42:04 -0800 > >>List-Subscribe: > >>List-Unsubscribe: > > >>List-Archive: > >>List-Post: > >>List-Owner: Pensive Mailing List Admin > >>List-Help: http://www.pensive.org/Mailing_Lists/ > >>List-Id: > >>List-Software: AutoShare 4.2.3 by Mikael Hansen > >>To: Qpopper Public List , > >> qpopper-announce@rohan.qualcomm.com > >>From: Randall Gellens > >>Subject: Qpopper 4.0.5fc2 available > >>X-Random-Sig-Tag: 1.0b25 > >>X-Spam-Status: No, hits=0.8 required=7.0 > >> tests=SPAM_PHRASE_00_01 > >> version=2.43 > >>X-Virus-Scanned: by Sentex Communications (avscan1/20021227) > >> > >>Qpopper 4.0.5fc2 is available at > . > >> > >>The full list of changes from one release to the next is on the FTP > site, at . > >> > >>Changes from 4.0.4b2 to 4.0.5fc2: > >>------------------------------ > >> 10. Fixed (non-root) buffer overflow. > >> > >>Please check this release out and let me know if you encounter any > problems. I plan on releasing 4.0.5 tomorrow afternoon if no problem > reports are received. > >>-- > >>Randall Gellens > >>Opinions are personal; facts are suspect; I speak for myself only > >>-------------- Randomly-selected tag: --------------- > >>Man is a rational animal who always loses his temper when he is > >>called upon to act in accordance with the dictates of reason. > >> --Oscar Wilde > > > >-------------------------------------------------------------------- > >Mike Tancsa, tel +1 519 651 3400 > >Sentex Communications, mike@sentex.net > >Providing Internet since 1994 www.sentex.net > >Cambridge, Ontario Canada www.sentex.net/mike > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message