The mail/mew2 port and the mail/mew2-* slave ports install Mew 2.2, which have security problems according to the official announcement: http://www.mew.org/ml/mew-dist-3.1/msg00000.html Please update to 2.3 or 3.1. Fix: The following patch updates the mail/mew2 port (and hence the slave ports) to Mew 2.3. It seems to be working for me. How-To-Repeat: I don't know what the security problems mentioned are.
Responsible Changed From-To: freebsd-ports->kiri Over to Maintainer
It seems Mew 2.3 also has a problem: http://www.mew.org/ml/mew-dist-3.1/msg00101.html (in Japanese) In my opinion, this problem is also related to security. But I don't know if it is called a vulnerability or not. There are two ways to solve the problem. One is to apply the patch described in the above mail to Mew 2.3, and the other is to upgrade to 3.1. In the official announcement, it is recommended to upgrade to 3.1. http://www.mew.org/ml/mew-dist-3.1/msg00000.html http://www.mew.org/ml/mew-dist-3.1/msg00104.html (in Japanese) Sorry, but I don't have time to write a patch for the port right now. This mail is just to tell you that upgrading to 2.3 is no longer sufficient.
Here is a patch to update mail/mew2 (Mew 2.2) to Mew 3.1. What I did is: - Adjust rejected patches (patch-aa and patch-ac). - Adjust line numbers of patches (patch-ab and patch-ae). - Update distinfo and pkg-plist. - Update pkg-descr. I think Mew stands for "Messaging in the Emacs World," not "Message interface to Emacs Window" (pkg-comment and pkg-descr) It is intended to be stored under the name mail/mew3. It is not tested much. In addition, this patch doesn't touch anything in the section labeled as "only for MAINTAINER use" in Makefile. Index: Makefile =================================================================== RCS file: /home/ncvs/ports/mail/mew2/Makefile,v retrieving revision 1.7 diff -a -u -r1.7 Makefile --- Makefile 25 May 2002 02:42:42 -0000 1.7 +++ Makefile 18 Dec 2002 08:30:34 -0000 @@ -16,10 +16,10 @@ MAINTAINER?= kiri@FreeBSD.org # Mew major version -MEW_MAJOR_VER?= 2 +MEW_MAJOR_VER?= 3 # distfile version -MEW_VER= ${MEW_MAJOR_VER}.2 +MEW_VER= ${MEW_MAJOR_VER}.1 # document install directory by install-doc target MEW_DOCDIR?= share/doc/${PORTNAME}${MEW_MAJOR_VER} Index: distinfo =================================================================== RCS file: /home/ncvs/ports/mail/mew2/distinfo,v retrieving revision 1.4 diff -a -u -r1.4 distinfo --- distinfo 25 May 2002 02:42:42 -0000 1.4 +++ distinfo 18 Dec 2002 08:30:34 -0000 @@ -1 +1 @@ -MD5 (mew-2.2.tar.gz) = 2758098d970f253fa5bb8cf86244c0d7 +MD5 (mew-3.1.tar.gz) = f39a37dec53dfbce78e54c52ee7c0afa Index: pkg-comment =================================================================== RCS file: /home/ncvs/ports/mail/mew2/pkg-comment,v retrieving revision 1.3 diff -a -u -r1.3 pkg-comment --- pkg-comment 13 Dec 2001 02:02:21 -0000 1.3 +++ pkg-comment 18 Dec 2002 08:30:34 -0000 @@ -1 +1 @@ -Message interface to Emacs Window (version 2) for emacs21 +Messaging in the Emacs World (version 3) for emacs21 Index: pkg-descr =================================================================== RCS file: /home/ncvs/ports/mail/mew2/pkg-descr,v retrieving revision 1.3 diff -a -u -r1.3 pkg-descr --- pkg-descr 13 Dec 2001 02:02:21 -0000 1.3 +++ pkg-descr 18 Dec 2002 08:30:34 -0000 @@ -1,19 +1,20 @@ -Mew is a "Message interface to Emacs Window" to integrate +Mew is "Messaging in the Emacs World" to integrate - Email - - MIME(Multipurpose Internet Mail Extensions) - - PGP(Pretty Good Privacy) + - MIME (Multipurpose Internet Mail Extensions) + - PGP (Pretty Good Privacy) + - NetNews and to make it easy to view and compose them. With Mew you can send a picture of a birthday cake with the song "Happy Birthday to you" to your friend, which is encrypted by strong cryptograph. -This port is the Mew2(Mew with version 2) for emacs-21.x (editors/emacs21). -The Mew2 port and corresponding Emacs port are listed bellow and elisp +This port is the Mew3 (Mew version 3) for emacs-21.x (editors/emacs21). +The Mew3 port and corresponding Emacs port are listed bellow and elisp `site-lisp' directory(elisp load path), info path and etc directory(only effective for xemacs ports) are shown as well. -mail/mew2 (mew-emacs21-2.x) ===> editors/emacs21 (emacs-21.x) - Lisp directory : /usr/local/share/emacs/site-lisp/mew +mail/mew3 (mew-emacs21-2.x) ===> editors/emacs21 (emacs-21.x) + Lisp directory : /usr/local/share/emacs/site-lisp/mew3 Info directory : /usr/local/info - ETC directory : /usr/local/share/emacs/etc/mew + ETC directory : /usr/local/share/emacs/etc/mew3 Index: pkg-plist =================================================================== RCS file: /home/ncvs/ports/mail/mew2/pkg-plist,v retrieving revision 1.4 diff -a -u -r1.4 pkg-plist --- pkg-plist 25 May 2002 02:42:42 -0000 1.4 +++ pkg-plist 18 Dec 2002 08:30:34 -0000 @@ -9,6 +9,7 @@ info/mew%%MEW_MAJOR_VER%%.info-1 info/mew%%MEW_MAJOR_VER%%.info-2 info/mew%%MEW_MAJOR_VER%%.info-3 +info/mew%%MEW_MAJOR_VER%%.info-4 info/mew%%MEW_MAJOR_VER%%.jis.info info/mew%%MEW_MAJOR_VER%%.jis.info-1 info/mew%%MEW_MAJOR_VER%%.jis.info-2 @@ -20,13 +21,14 @@ share/doc/mew%%MEW_MAJOR_VER%%/00copyright share/doc/mew%%MEW_MAJOR_VER%%/00copyright.jis share/doc/mew%%MEW_MAJOR_VER%%/00diff +share/doc/mew%%MEW_MAJOR_VER%%/00roadmap share/doc/mew%%MEW_MAJOR_VER%%/00readme share/doc/mew%%MEW_MAJOR_VER%%/contrib/00readme share/doc/mew%%MEW_MAJOR_VER%%/contrib/00readme-namazu.jis share/doc/mew%%MEW_MAJOR_VER%%/contrib/mew-browse.el share/doc/mew%%MEW_MAJOR_VER%%/contrib/mew-caesar.el +share/doc/mew%%MEW_MAJOR_VER%%/contrib/mew-edebug.el share/doc/mew%%MEW_MAJOR_VER%%/contrib/mew-fancy-summary.el -share/doc/mew%%MEW_MAJOR_VER%%/contrib/mew-gnus.el share/doc/mew%%MEW_MAJOR_VER%%/contrib/mew-nmz-fixer.el share/doc/mew%%MEW_MAJOR_VER%%/contrib/mew-nmz.el share/doc/mew%%MEW_MAJOR_VER%%/contrib/mew-refile-view.el @@ -89,6 +91,7 @@ %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-config.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-const.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-const.elc +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-darwin.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-decode.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-decode.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-demo.el @@ -101,6 +104,8 @@ %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-encode.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-env.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-env.elc +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-exec.el +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-exec.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-ext.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-ext.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-fib.el @@ -112,9 +117,13 @@ %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-header.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-highlight.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-highlight.elc +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-imap.el +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-imap.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-key.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-key.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-lang-jp.el +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-local.el +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-local.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-mark.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-mark.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-md5.el @@ -128,8 +137,12 @@ %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-mule.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-mule0.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-mule3.el +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-net.el +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-net.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-nntp.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-nntp.elc +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-nntp2.el +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-nntp2.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-pgp.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-pgp.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-pick.el @@ -148,8 +161,16 @@ %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-sort.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-ssh.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-ssh.elc +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-ssl.el +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-ssl.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-summary.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-summary.elc +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-summary2.el +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-summary2.elc +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-summary3.el +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-summary3.elc +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-summary4.el +%%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-summary4.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-syntax.el %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-syntax.elc %%EMACS_LIBDIR%%/site-lisp/mew%%MEW_MAJOR_VER%%/mew-temacs.el Index: files/patch-aa =================================================================== RCS file: /home/ncvs/ports/mail/mew2/files/patch-aa,v retrieving revision 1.2 diff -a -u -r1.2 patch-aa --- files/patch-aa 25 Aug 2001 09:17:57 -0000 1.2 +++ files/patch-aa 18 Dec 2002 08:30:34 -0000 @@ -1,5 +1,5 @@ ---- Makefile.orig Wed Jul 18 08:20:40 2001 -+++ Makefile Fri Aug 3 22:18:35 2001 +--- Makefile.orig Wed Oct 30 16:38:29 2002 ++++ Makefile Wed Dec 18 16:39:42 2002 @@ -19,14 +19,14 @@ ## EDIT THE FOLLOWINGS ## @@ -38,25 +38,25 @@ ################################################################ ## -@@ -67,6 +70,8 @@ - mew-key.elc mew-thread.elc mew-smime.elc \ - mew-theme.elc mew.elc +@@ -70,6 +73,8 @@ + mew-vars.elc mew-vars2.elc mew-virtual.elc \ + mew-exec.elc mew.elc +OBJS_PKG= auto-autoloads.elc custom-load.elc + - SRCS = mew-addrbook.el mew-attach.el mew-blvs.el \ - mew-bq.el mew-cache.el mew-complete.el \ - mew-config.el mew-const.el mew-decode.el \ -@@ -87,6 +92,8 @@ - mew-thread.el mew-smime.el mew-theme.el \ - mew.el + SRCS = mew-addrbook.el mew-attach.el mew-auth.el \ + mew-blvs.el mew-bq.el mew-cache.el \ + mew-complete.el mew-config.el mew-const.el \ +@@ -93,6 +98,8 @@ + mew-win32.el mew-xemacs.el mew-exec.el \ + mew-darwin.el mew.el +SRCS_PKG= auto-autoloads.el custom-load.el + TEMPFILE = temp.el CP = cp -@@ -103,7 +110,9 @@ +@@ -109,7 +116,9 @@ ################################################################ @@ -67,7 +67,7 @@ @echo 'Compiling EL files of Mew ... ' @echo 'PLEASE IGNORE WARNINGS IF DISPLAYED. TAKE IT EASY!' $(EMACS) -batch -q -no-site-file -l ./$(TEMPFILE) -f mew-compile -@@ -116,11 +125,11 @@ +@@ -122,11 +131,11 @@ @echo ')))' >> $(TEMPFILE) install-el: $(OBJS) @@ -82,7 +82,7 @@ ################################################################ -@@ -136,7 +145,9 @@ +@@ -142,7 +151,9 @@ cd info; $(MAKE) info EMACS=$(EMACS) install-info: @@ -93,7 +93,7 @@ ################################################################ -@@ -144,15 +155,72 @@ +@@ -150,15 +161,72 @@ cd info; $(MAKE) jinfo EMACS=$(EMACS) install-jinfo: Index: files/patch-ab =================================================================== RCS file: /home/ncvs/ports/mail/mew2/files/patch-ab,v retrieving revision 1.4 diff -a -u -r1.4 patch-ab --- files/patch-ab 25 May 2002 02:42:42 -0000 1.4 +++ files/patch-ab 18 Dec 2002 08:30:34 -0000 @@ -1,15 +1,15 @@ ---- bin/Makefile.in.orig Thu Jan 17 20:26:55 2002 -+++ bin/Makefile.in Sun Feb 3 18:19:20 2002 -@@ -69,7 +69,7 @@ - $(CC) $(COFLAG) $(OBJ1) $(LIBS) +--- bin/Makefile.in.orig Wed Nov 13 18:01:51 2002 ++++ bin/Makefile.in Wed Dec 18 17:06:21 2002 +@@ -71,7 +71,7 @@ + $(CC) $(COFLAG) $(LDFLAGS) $(OBJ1) $(LIBS) $(RM) $(ALT) for f in $(ALT); do \ - $(LN) $(PRG1) $${f}; done + $(LN) -sf $(PRG1) $${f}; done $(PRG2): $(OBJ2) - $(CC) $(COFLAG) $(CFLAGS) $(OBJ2) -@@ -95,7 +95,7 @@ + $(CC) $(COFLAG) $(LDFLAGS) $(OBJ2) +@@ -97,7 +97,7 @@ fi $(INSTALL) -m 555 $(PRG1) $(bindir) for f in $(ALT); do \ @@ -18,7 +18,7 @@ $(INSTALL) -m 555 $(PRG2) $(bindir) $(INSTALL) -m 555 $(PRG3) $(bindir) -@if [ ! -d $(mandir) ]; then \ -@@ -103,7 +103,7 @@ +@@ -105,7 +105,7 @@ fi $(INSTALL) -m 444 $(MAN1) $(mandir) for f in $(MALT); do \ Index: files/patch-ac =================================================================== RCS file: /home/ncvs/ports/mail/mew2/files/patch-ac,v retrieving revision 1.4 diff -a -u -r1.4 patch-ac --- files/patch-ac 25 May 2002 02:42:42 -0000 1.4 +++ files/patch-ac 18 Dec 2002 08:30:34 -0000 @@ -16,9 +16,9 @@ ## DO NOT EDIT THE FOLLOWINGS ## --INFO = mew.info mew.info-1 mew.info-2 mew.info-3 +-INFO = mew.info mew.info-1 mew.info-2 mew.info-3 mew.info-4 -JINFO = mew.jis.info mew.jis.info-1 mew.jis.info-2 mew.jis.info-3 -+INFO = mew${MEW_MAJOR_VER}.info mew${MEW_MAJOR_VER}.info-1 mew${MEW_MAJOR_VER}.info-2 mew${MEW_MAJOR_VER}.info-3 ++INFO = mew${MEW_MAJOR_VER}.info mew${MEW_MAJOR_VER}.info-1 mew${MEW_MAJOR_VER}.info-2 mew${MEW_MAJOR_VER}.info-3 mew${MEW_MAJOR_VER}.info-4 +JINFO = mew${MEW_MAJOR_VER}.jis.info mew${MEW_MAJOR_VER}.jis.info-1 mew${MEW_MAJOR_VER}.jis.info-2 mew${MEW_MAJOR_VER}.jis.info-3 +MANUALS= 00readme mew.texi Index: files/patch-ae =================================================================== RCS file: /home/ncvs/ports/mail/mew2/files/patch-ae,v retrieving revision 1.1 diff -a -u -r1.1 patch-ae --- files/patch-ae 25 Aug 2001 09:17:57 -0000 1.1 +++ files/patch-ae 18 Dec 2002 08:30:34 -0000 @@ -1,6 +1,6 @@ ---- mew-key.el~ Wed Jul 18 08:19:11 2001 -+++ mew-key.el Fri Aug 3 11:30:10 2001 -@@ -507,7 +507,7 @@ +--- mew-key.el.orig Tue Nov 12 16:32:50 2002 ++++ mew-key.el Wed Dec 18 17:06:21 2002 +@@ -559,7 +559,7 @@ ;;; (defvar mew-icon-directory (if (fboundp 'locate-data-directory)
State Changed From-To: open->closed Committed. Thanks!