Bug 49988

Summary: update to qpopper port
Product: Ports & Packages Reporter: mike
Component: Individual Port(s)Assignee: Mario Sergio Fujikawa Ferreira <lioux>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description mike 2003-03-13 15:10:11 UTC
	A security hole exists in qpopper 4.0.4 and before that allows a user with a valid account
	on the server to gain shell access

Fix: An update to 4.0.5 fixes the problem.  The diffs below seem to work just fine
--- Makefile.prev
+++ Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=      qpopper
-PORTVERSION=   4.0.4
+PORTVERSION=   4.0.5
 PORTREVISION=  1
 CATEGORIES=    mail ipv6
 MASTER_SITES=  ftp://ftp.qualcomm.com/eudora/servers/unix/popper/%SUBDIR%/
@@ -17,7 +17,7 @@
 
 .if ${OSVERSION} >= 400014 && !defined(WITHOUT_IPV6)
 PATCH_SITES=   http://www.imasy.or.jp/~ume/ipv6/
-PATCHFILES=    qpopper4.0.4-ipv6-20020502.diff.gz
+PATCHFILES=    qpopper4.0.5-ipv6-20030313.diff.gz
 PATCH_DIST_STRIP=      -p1
 .endif
Comment 1 Norikatsu Shigemura freebsd_committer 2003-03-13 15:20:24 UTC
Responsible Changed
From-To: freebsd-ports-bugs->lioux

Over to maintainer.
Comment 2 Mario Sergio Fujikawa Ferreira freebsd_committer 2003-03-15 02:01:46 UTC
State Changed
From-To: open->closed

Duplicate of PR 49993. Thanks!