Attachment #55451 for bug #83805

View | Details | Raw Unified | Return to bug 83805
Collapse All | Expand All




# want fetchmailconf to work, define WITH_X11

PORTNAME=	fetchmail
PORTVERSION=	6.2.5.1
PORTREVISION=	2
CATEGORIES=	mail ipv6
MASTER_SITES=	http://www.catb.org/~esr/%SUBDIR%/ \
		http://download.berlios.de/%SUBDIR%/ \
		ftp://ftp.ayamura.org/pub/%SUBDIR%/ \
		ftp://ftp.win.jp/pub/%SUBDIR%/ \
		ftp://ftp.dti.ad.jp/pub/net/mail/%SUBDIR%/
MASTER_SITE_SUBDIR=	fetchmail
DISTNAME=	fetchmail-6.2.5

MAINTAINER=	ports@FreeBSD.org
COMMENT=	Batch mail retrieval utility for IMAP/POP2/POP3/APOP/KPOP/ETRN/ODMR

.if defined(WITH_X11)

Lines 11-17 Link Here

(-)/usr/home/emma/ports/mail/fetchmail/files/fetchmailconf (-1 / +1 lines)
11	exec $PREFIX/libexec/fetchmailconf.bin	11	exec $PREFIX/libexec/fetchmailconf.bin
12	else	12	else
13	cat <<EOF	13	cat <<EOF
14	The fetchmailconf program requires Python with Tkinter , which does not	14	The fetchmailconf program requires Python with Tkinter, which does not
15	appear to be installed on this system. Python/Tkinter can be found in	15	appear to be installed on this system. Python/Tkinter can be found in
16	the FreeBSD Ports Collection under x11-toolkits/py-tkinter.	16	the FreeBSD Ports Collection under x11-toolkits/py-tkinter.
17	EOF	17	EOF




--- ./sink.c~	2003-10-11 00:06:36.000000000 +0200
+++ ./sink.c	2005-07-20 18:26:32.000000000 +0200
@@ -724,7 +724,7 @@
 
     /* see the ap computation under the SMTP branch */
     fprintf(sinkfp, 
-	    "MAIL FROM: %s", (msg->return_path[0]) ? msg->return_path : user);
+	    "MAIL FROM:%s", (msg->return_path[0]) ? msg->return_path : user);
 
     if (ctl->pass8bits || (ctl->mimemsg & MSG_IS_8BIT))
 	fputs(" BODY=8BITMIME", sinkfp);
--- ./smtp.c~	2003-08-06 05:30:18.000000000 +0200
+++ ./smtp.c	2005-07-20 18:26:32.000000000 +0200
@@ -232,13 +232,13 @@
     int ok;
     char buf[MSGBUFSIZE];
 
-    if (strchr(from, '<'))
+    if (from[0]=='<')
 #ifdef HAVE_SNPRINTF
 	snprintf(buf, sizeof(buf),
 #else
 	sprintf(buf,
 #endif /* HAVE_SNPRINTF */
-		"MAIL FROM: %s", from);
+		"MAIL FROM:%s", from);
     else
 #ifdef HAVE_SNPRINTF
     snprintf(buf, sizeof(buf),




SECURITY FIX: truncate UIDL replies, lest malicious or compromised
POP3 servers overflow fetchmail's stack. Debian bug #212762.
This is a remote root exploit.

--- ./pop3.c~	2003-10-15 21:22:31.000000000 +0200
+++ ./pop3.c	2005-07-20 18:33:26.000000000 +0200
@@ -16,7 +16,8 @@
 #if defined(STDC_HEADERS)
 #include  <stdlib.h>
 #endif
- 
+#include  <errno.h>
+
 #include  "fetchmail.h"
 #include  "socket.h"
 #include  "i18n.h"
@@ -590,7 +591,8 @@
     return(PS_SUCCESS);
 }
 
-static int pop3_gettopid( int sock, int num , char *id)
+#define POSIX_space "\t\n\v\f\r "
+static int pop3_gettopid(int sock, int num , char *id, size_t idsize)
 {
     int ok;
     int got_it;
@@ -603,25 +605,51 @@
     {
 	if (DOTLINE(buf))
 	    break;
-	if ( ! got_it && ! strncasecmp("Message-Id:", buf, 11 )) {
-	    got_it = 1;
-	    /* prevent stack overflows */
-	    buf[IDLEN+12] = 0;
-	    sscanf( buf+12, "%s", id);
+	if (!got_it && 0 == strncasecmp("Message-Id:", buf, 11)) {
+	    char *p = buf + 11;
+	    p += strspn(p, POSIX_space);
+	    p = strtok(p, POSIX_space);
+	    strlcpy(id, p, idsize);
 	}
     }
     return 0;
 }
 
-static int pop3_getuidl( int sock, int num , char *id)
+/** Parse destructively the UID response (leading +OK must have been
+ * stripped off) in buf, store the number in gotnum, and store the ID
+ * into the caller-provided buffer "id" of size "idsize".
+ * Returns PS_SUCCESS or PS_PROTOCOL for failure. */
+static int parseuid(char *buf, unsigned long *gotnum, char *id, size_t idsize)
+{
+    char *i, *j;
+
+    i = strtok(buf, POSIX_space);
+    errno = 0;
+    *gotnum = strtoul(i, &j, 10);
+    if (*j != '\0' || j == i || errno) {
+	report(stderr, GT_("Cannot handle UIDL response from upstream server.\n"));
+	return PS_PROTOCOL;
+    }
+    i = strtok(NULL, POSIX_space);
+    strlcpy(id, i, idsize);
+    return PS_SUCCESS;
+}
+
+static int pop3_getuidl(int sock, int num , char *id, size_t idsize)
 {
     int ok;
     char buf [POPBUFSIZE+1];
+    unsigned long gotnum;
+
     gen_send(sock, "UIDL %d", num);
     if ((ok = pop3_ok(sock, buf)) != 0)
 	return(ok);
-    if (sscanf(buf, "%d %s", &num, id) != 2)
-	return(PS_PROTOCOL);
+    if ((ok = parseuid(buf, &gotnum, id, idsize)))
+	return ok;
+    if (gotnum != num) {
+	report(stderr, GT_("Server responded with UID for wrong message.\n"));
+	return PS_PROTOCOL;
+    }
     return(PS_SUCCESS);
 }
 
@@ -638,7 +666,7 @@
 	struct idlist	*new;
 
 	try_nr = (first_nr + last_nr) / 2;
-	if( (ok = pop3_getuidl( sock, try_nr, id )) != 0 )
+	if ((ok = pop3_getuidl(sock, try_nr, id, sizeof(id))) != 0)
 	    return ok;
 	if ((new = str_in_list(&ctl->oldsaved, id, FALSE)))
 	{
@@ -700,10 +728,10 @@
     int first_nr, list_len, try_id, try_nr, add_id;
     int num;
     char id [IDLEN+1];
-    
-    if( (ok = pop3_gettopid( sock, 1, id )) != 0 )
+
+    if ((ok = pop3_gettopid(sock, 1, id, sizeof(id))) != 0)
 	return ok;
-    
+
     if( ( first_nr = str_nr_in_list(&ctl->oldsaved, id) ) == -1 ) {
 	/* the first message is unknown -> all messages are new */
 	*newp = *countp;	
@@ -715,7 +743,7 @@
     try_id = list_len  - first_nr; /* -1 + 1 */
     if( try_id > 1 ) {
 	if( try_id <= *countp ) {
-	    if( (ok = pop3_gettopid( sock, try_id, id )) != 0 )
+	    if ((ok = pop3_gettopid(sock, try_id, id, sizeof(id))) != 0)
 		return ok;
     
 	    try_nr = str_nr_last_in_list(&ctl->oldsaved, id);
@@ -739,7 +767,7 @@
 		    } else 
 			try_id += add_id;
 		    
-		    if( (ok = pop3_gettopid( sock, try_id, id )) != 0 )
+		    if ((ok = pop3_gettopid(sock, try_id, id, sizeof(id))) != 0)
 			return ok;
 		    try_nr = str_nr_in_list(&ctl->oldsaved, id);
 		}
@@ -801,7 +829,7 @@
 
     /*
      * Newer, RFC-1725-conformant POP servers may not have the LAST command.
-     * We work as hard as possible to hide this ugliness, but it makes 
+     * We work as hard as possible to hide this ugliness, but it makes
      * counting new messages intrinsically quadratic in the worst case.
      */
     last = 0;
@@ -839,15 +867,15 @@
 	    }
 	    *newp = (*countp - last);
 	}
- 	else
- 	{
+	else
+	{
 	    if (dofastuidl)
 		return(pop3_fastuidl( sock, ctl, *countp, newp));
 	    /* grab the mailbox's UID list */
 	    if ((ok = gen_transact(sock, "UIDL")) != 0)
 	    {
 		/* don't worry, yet! do it the slow way */
-		if((ok = pop3_slowuidl( sock, ctl, countp, newp))!=0)
+		if ((ok = pop3_slowuidl(sock, ctl, countp, newp)))
 		{
 		    report(stderr, GT_("protocol error while fetching UIDLs\n"));
 		    return(PS_ERROR);
@@ -855,27 +883,32 @@
 	    }
 	    else
 	    {
-		int	num;
+		unsigned long unum;
 
 		*newp = 0;
- 		while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0)
+		while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0)
 		{
- 		    if (DOTLINE(buf))
- 			break;
- 		    else if (sscanf(buf, "%d %s", &num, id) == 2)
+		    if (DOTLINE(buf))
+			break;
+
+		    if (parseuid(buf, &unum, id, sizeof(id)) == PS_SUCCESS)
 		    {
- 			struct idlist	*old, *new;
+			struct idlist	*old, *new;
 
 			new = save_str(&ctl->newsaved, id, UID_UNSEEN);
-			new->val.status.num = num;
+			new->val.status.num = unum;
 
 			if ((old = str_in_list(&ctl->oldsaved, id, FALSE)))
 			{
 			    flag mark = old->val.status.mark;
 			    if (mark == UID_DELETED || mark == UID_EXPUNGED)
 			    {
+				/* XXX FIXME: switch 3 occurrences from
+				 * (int)unum or (unsigned int)unum to
+				 * remove the cast and use %lu - not now
+				 * though, time for new release */
 				if (outlevel >= O_VERBOSE)
-				    report(stderr, GT_("id=%s (num=%d) was deleted, but is still present!\n"), id, num);
+				    report(stderr, GT_("id=%s (num=%d) was deleted, but is still present!\n"), id, (int)unum);
 				/* just mark it as seen now! */
 				old->val.status.mark = mark = UID_SEEN;
 			    }
@@ -884,25 +917,25 @@
 			    {
 				(*newp)++;
 				if (outlevel >= O_DEBUG)
-				    report(stdout, GT_("%u is unseen\n"), num);
+				    report(stdout, GT_("%u is unseen\n"), (unsigned int)unum);
 			    }
 			}
 			else
 			{
 			    (*newp)++;
 			    if (outlevel >= O_DEBUG)
-				report(stdout, GT_("%u is unseen\n"), num);
+				report(stdout, GT_("%u is unseen\n"), (unsigned int)unum);
 			    /* add it to oldsaved also! In case, we do not
 			     * swap the lists (say, due to socket error),
 			     * the same mail will not be downloaded again.
 			     */
 			    old = save_str(&ctl->oldsaved, id, UID_UNSEEN);
-			    old->val.status.num = num;
+			    old->val.status.num = unum;
 			}
 		    }
- 		}
- 	    }
- 	}
+		}
+	    }
+	}
     }
 
     return(PS_SUCCESS);
@@ -986,7 +1019,7 @@
 	}
 
 	/* get the uidl first! */
-	if (pop3_getuidl(sock, num, id) != PS_SUCCESS)
+	if (pop3_getuidl(sock, num, id, sizeof(id)) != PS_SUCCESS)
 	    return(TRUE);
 
 	if ((new = str_in_list(&ctl->oldsaved, id, FALSE))) {

Return to bug 83805

Lines 10-25 Link Here

(-)/usr/home/emma/ports/mail/fetchmail/Makefile (-2 / +3 lines)
10	# want fetchmailconf to work, define WITH_X11	10	# want fetchmailconf to work, define WITH_X11
11		11
12	PORTNAME= fetchmail	12	PORTNAME= fetchmail
13	PORTVERSION= 6.2.5	13	PORTVERSION= 6.2.5.1
14	PORTREVISION= 2
15	CATEGORIES= mail ipv6	14	CATEGORIES= mail ipv6
16	MASTER_SITES= http://www.catb.org/~esr/%SUBDIR%/ \	15	MASTER_SITES= http://www.catb.org/~esr/%SUBDIR%/ \
		16	http://download.berlios.de/%SUBDIR%/ \
17	ftp://ftp.ayamura.org/pub/%SUBDIR%/ \	17	ftp://ftp.ayamura.org/pub/%SUBDIR%/ \
18	ftp://ftp.win.jp/pub/%SUBDIR%/ \	18	ftp://ftp.win.jp/pub/%SUBDIR%/ \
19	ftp://ftp.dti.ad.jp/pub/net/mail/%SUBDIR%/	19	ftp://ftp.dti.ad.jp/pub/net/mail/%SUBDIR%/
20	MASTER_SITE_SUBDIR= fetchmail	20	MASTER_SITE_SUBDIR= fetchmail
		21	DISTNAME= fetchmail-6.2.5
21		22
22	MAINTAINER= ports@FreeBSD.org	23	MAINTAINER= ports@FreeBSD.org
23	COMMENT= Batch mail retrieval utility for IMAP/POP2/POP3/APOP/KPOP/ETRN/ODMR	24	COMMENT= Batch mail retrieval utility for IMAP/POP2/POP3/APOP/KPOP/ETRN/ODMR
24		25
25	.if defined(WITH_X11)	26	.if defined(WITH_X11)

Line 0 Link Here

(-)/usr/home/emma/ports/mail/fetchmail/files/patch-r1 (+29 lines)
	1	--- ./sink.c~ 2003-10-11 00:06:36.000000000 +0200
	2	+++ ./sink.c 2005-07-20 18:26:32.000000000 +0200
	3	@@ -724,7 +724,7 @@
	4
	5	/* see the ap computation under the SMTP branch */
	6	fprintf(sinkfp,
	7	- "MAIL FROM: %s", (msg->return_path[0]) ? msg->return_path : user);
	8	+ "MAIL FROM:%s", (msg->return_path[0]) ? msg->return_path : user);
	9
	10	if (ctl->pass8bits \|\| (ctl->mimemsg & MSG_IS_8BIT))
	11	fputs(" BODY=8BITMIME", sinkfp);
	12	--- ./smtp.c~ 2003-08-06 05:30:18.000000000 +0200
	13	+++ ./smtp.c 2005-07-20 18:26:32.000000000 +0200
	14	@@ -232,13 +232,13 @@
	15	int ok;
	16	char buf[MSGBUFSIZE];
	17
	18	- if (strchr(from, '<'))
	19	+ if (from[0]=='<')
	20	#ifdef HAVE_SNPRINTF
	21	snprintf(buf, sizeof(buf),
	22	#else
	23	sprintf(buf,
	24	#endif /* HAVE_SNPRINTF */
	25	- "MAIL FROM: %s", from);
	26	+ "MAIL FROM:%s", from);
	27	else
	28	#ifdef HAVE_SNPRINTF
	29	snprintf(buf, sizeof(buf),

Line 0 Link Here

(-)/usr/home/emma/ports/mail/fetchmail/files/patch-s1 (+237 lines)
		1	SECURITY FIX: truncate UIDL replies, lest malicious or compromised
		2	POP3 servers overflow fetchmail's stack. Debian bug #212762.
		3	This is a remote root exploit.
		4
		5	--- ./pop3.c~ 2003-10-15 21:22:31.000000000 +0200
		6	+++ ./pop3.c 2005-07-20 18:33:26.000000000 +0200
		7	@@ -16,7 +16,8 @@
		8	#if defined(STDC_HEADERS)
		9	#include <stdlib.h>
		10	#endif
		11	-
		12	+#include <errno.h>
		13	+
		14	#include "fetchmail.h"
		15	#include "socket.h"
		16	#include "i18n.h"
		17	@@ -590,7 +591,8 @@
		18	return(PS_SUCCESS);
		19	}
		20
		21	-static int pop3_gettopid( int sock, int num , char *id)
		22	+#define POSIX_space "\t\n\v\f\r "
		23	+static int pop3_gettopid(int sock, int num , char *id, size_t idsize)
		24	{
		25	int ok;
		26	int got_it;
		27	@@ -603,25 +605,51 @@
		28	{
		29	if (DOTLINE(buf))
		30	break;
		31	- if ( ! got_it && ! strncasecmp("Message-Id:", buf, 11 )) {
		32	- got_it = 1;
		33	- /* prevent stack overflows */
		34	- buf[IDLEN+12] = 0;
		35	- sscanf( buf+12, "%s", id);
		36	+ if (!got_it && 0 == strncasecmp("Message-Id:", buf, 11)) {
		37	+ char *p = buf + 11;
		38	+ p += strspn(p, POSIX_space);
		39	+ p = strtok(p, POSIX_space);
		40	+ strlcpy(id, p, idsize);
		41	}
		42	}
		43	return 0;
		44	}
		45
		46	-static int pop3_getuidl( int sock, int num , char *id)
		47	+/** Parse destructively the UID response (leading +OK must have been
		48	+ * stripped off) in buf, store the number in gotnum, and store the ID
		49	+ * into the caller-provided buffer "id" of size "idsize".
		50	+ * Returns PS_SUCCESS or PS_PROTOCOL for failure. */
		51	+static int parseuid(char buf, unsigned long gotnum, char *id, size_t idsize)
		52	+{
		53	+ char i, j;
		54	+
		55	+ i = strtok(buf, POSIX_space);
		56	+ errno = 0;
		57	+ *gotnum = strtoul(i, &j, 10);
		58	+ if (*j != '\0' \|\| j == i \|\| errno) {
		59	+ report(stderr, GT_("Cannot handle UIDL response from upstream server.\n"));
		60	+ return PS_PROTOCOL;
		61	+ }
		62	+ i = strtok(NULL, POSIX_space);
		63	+ strlcpy(id, i, idsize);
		64	+ return PS_SUCCESS;
65	+}
66	+
67	+static int pop3_getuidl(int sock, int num , char *id, size_t idsize)
68	{
69	int ok;
70	char buf [POPBUFSIZE+1];
71	+ unsigned long gotnum;
72	+
73	gen_send(sock, "UIDL %d", num);
74	if ((ok = pop3_ok(sock, buf)) != 0)
75	return(ok);
76	- if (sscanf(buf, "%d %s", &num, id) != 2)
77	- return(PS_PROTOCOL);
78	+ if ((ok = parseuid(buf, &gotnum, id, idsize)))
79	+ return ok;
80	+ if (gotnum != num) {
81	+ report(stderr, GT_("Server responded with UID for wrong message.\n"));
82	+ return PS_PROTOCOL;
83	+ }
84	return(PS_SUCCESS);
85	}
86
87	@@ -638,7 +666,7 @@
88	struct idlist *new;
89
90	try_nr = (first_nr + last_nr) / 2;
91	- if( (ok = pop3_getuidl( sock, try_nr, id )) != 0 )
92	+ if ((ok = pop3_getuidl(sock, try_nr, id, sizeof(id))) != 0)
93	return ok;
94	if ((new = str_in_list(&ctl->oldsaved, id, FALSE)))
95	{
96	@@ -700,10 +728,10 @@
97	int first_nr, list_len, try_id, try_nr, add_id;
98	int num;
99	char id [IDLEN+1];
100	-
101	- if( (ok = pop3_gettopid( sock, 1, id )) != 0 )
102	+
103	+ if ((ok = pop3_gettopid(sock, 1, id, sizeof(id))) != 0)
104	return ok;
105	-
106	+
107	if( ( first_nr = str_nr_in_list(&ctl->oldsaved, id) ) == -1 ) {
108	/* the first message is unknown -> all messages are new */
109	newp = countp;
110	@@ -715,7 +743,7 @@
111	try_id = list_len - first_nr; /* -1 + 1 */
112	if( try_id > 1 ) {
113	if( try_id <= *countp ) {
114	- if( (ok = pop3_gettopid( sock, try_id, id )) != 0 )
115	+ if ((ok = pop3_gettopid(sock, try_id, id, sizeof(id))) != 0)
116	return ok;
117
118	try_nr = str_nr_last_in_list(&ctl->oldsaved, id);
119	@@ -739,7 +767,7 @@
120	} else
121	try_id += add_id;
122
123	- if( (ok = pop3_gettopid( sock, try_id, id )) != 0 )
124	+ if ((ok = pop3_gettopid(sock, try_id, id, sizeof(id))) != 0)
125	return ok;
126	try_nr = str_nr_in_list(&ctl->oldsaved, id);
127	}
128	@@ -801,7 +829,7 @@
129
130	/*
131	* Newer, RFC-1725-conformant POP servers may not have the LAST command.
132	- * We work as hard as possible to hide this ugliness, but it makes
133	+ * We work as hard as possible to hide this ugliness, but it makes
134	* counting new messages intrinsically quadratic in the worst case.
135	*/
136	last = 0;
137	@@ -839,15 +867,15 @@
138	}
139	newp = (countp - last);
140	}
141	- else
142	- {
143	+ else
144	+ {
145	if (dofastuidl)
146	return(pop3_fastuidl( sock, ctl, *countp, newp));
147	/* grab the mailbox's UID list */
148	if ((ok = gen_transact(sock, "UIDL")) != 0)
149	{
150	/* don't worry, yet! do it the slow way */
151	- if((ok = pop3_slowuidl( sock, ctl, countp, newp))!=0)
152	+ if ((ok = pop3_slowuidl(sock, ctl, countp, newp)))
153	{
154	report(stderr, GT_("protocol error while fetching UIDLs\n"));
155	return(PS_ERROR);
156	@@ -855,27 +883,32 @@
157	}
158	else
159	{
160	- int num;
161	+ unsigned long unum;
162
163	*newp = 0;
164	- while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0)
165	+ while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0)
166	{
167	- if (DOTLINE(buf))
168	- break;
169	- else if (sscanf(buf, "%d %s", &num, id) == 2)
170	+ if (DOTLINE(buf))
171	+ break;
172	+
173	+ if (parseuid(buf, &unum, id, sizeof(id)) == PS_SUCCESS)
174	{
175	- struct idlist old, new;
176	+ struct idlist old, new;
177
178	new = save_str(&ctl->newsaved, id, UID_UNSEEN);
179	- new->val.status.num = num;
180	+ new->val.status.num = unum;
181
182	if ((old = str_in_list(&ctl->oldsaved, id, FALSE)))
183	{
184	flag mark = old->val.status.mark;
185	if (mark == UID_DELETED \|\| mark == UID_EXPUNGED)
186	{
187	+ /* XXX FIXME: switch 3 occurrences from
188	+ * (int)unum or (unsigned int)unum to
189	+ * remove the cast and use %lu - not now
190	+ * though, time for new release */
191	if (outlevel >= O_VERBOSE)
192	- report(stderr, GT_("id=%s (num=%d) was deleted, but is still present!\n"), id, num);
193	+ report(stderr, GT_("id=%s (num=%d) was deleted, but is still present!\n"), id, (int)unum);
194	/* just mark it as seen now! */
195	old->val.status.mark = mark = UID_SEEN;
196	}
197	@@ -884,25 +917,25 @@
198	{
199	(*newp)++;
200	if (outlevel >= O_DEBUG)
201	- report(stdout, GT_("%u is unseen\n"), num);
202	+ report(stdout, GT_("%u is unseen\n"), (unsigned int)unum);
203	}
204	}
205	else
206	{
207	(*newp)++;
208	if (outlevel >= O_DEBUG)
209	- report(stdout, GT_("%u is unseen\n"), num);
210	+ report(stdout, GT_("%u is unseen\n"), (unsigned int)unum);
211	/* add it to oldsaved also! In case, we do not
212	* swap the lists (say, due to socket error),
213	* the same mail will not be downloaded again.
214	*/
215	old = save_str(&ctl->oldsaved, id, UID_UNSEEN);
216	- old->val.status.num = num;
217	+ old->val.status.num = unum;
218	}
219	}
220	- }
221	- }
222	- }
223	+ }
224	+ }
225	+ }
226	}
227
228	return(PS_SUCCESS);
229	@@ -986,7 +1019,7 @@
230	}
231
232	/* get the uidl first! */
233	- if (pop3_getuidl(sock, num, id) != PS_SUCCESS)
234	+ if (pop3_getuidl(sock, num, id, sizeof(id)) != PS_SUCCESS)
235	return(TRUE);
236
237	if ((new = str_in_list(&ctl->oldsaved, id, FALSE))) {