Add a patch to address the known remote buffer overflow, from

Mike Silbersack <silby@silby.com>. Add a build- and install-time
warning about the probable existence of further remote security
problems, and remove FORBIDDEN.

Submitted by:	Mike Silbersack <silby@silby.com>

chinese/pine4/Makefile

@@ -13,12 +13,15 @@ DISTNAME=	pine${PORTVERSION}
 
 MAINTAINER=	avatar@www.mmlab.cse.yzu.edu.tw
 
-FORBIDDEN=	"Remotely exploitable buffer overflows."
-
 NO_LATEST_LINK= yes
 
 MAN1= 		pine.1 pico.1 pilot.1
 
+pre-fetch:
+.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
+	${SH} pkg-install
+.endif
+
 post-patch:
 	for i in ${WRKSRC}/doc/pine.1 \
 		${WRKSRC}/pine/init.c \

chinese/pine4/files/patch-bz

@@ -0,0 +1,20 @@
+*** pine/newmail.c.orig	Mon Sep 25 15:07:01 2000
+--- pine/newmail.c	Tue Sep 26 15:34:24 2000
+***************
+*** 342,348 ****
+  					   e->from->personal, NULL),
+  		   ps_global->ttyo->screen_cols);
+  	else
+! 	  sprintf(from + ((number > 1L) ? 18 : 6), "%s%s%s", 
+  		  e->from->mailbox,
+  		  e->from->host ? "@" : "",
+  		  e->from->host ? e->from->host : "");
+--- 342,349 ----
+  					   e->from->personal, NULL),
+  		   ps_global->ttyo->screen_cols);
+  	else
+! 	  snprintf(from + ((number > 1L) ? 18 : 6), sizeof(from) - strlen(from),
+!                   "%s%s%s", 
+  		  e->from->mailbox,
+  		  e->from->host ? "@" : "",
+  		  e->from->host ? e->from->host : "");

chinese/pine4/pkg-install

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ "$2" = "POST-INSTALL" -o -n "${PACKAGE_BUILDING}" ]; then
+  exit 0
+fi
+
+/usr/bin/dialog --yesno "SECURITY NOTE: The pine software has had several remote vulnerabilities discovered in the past, which allowed remote attackers to execute arbitrary code as you on your local system, by the action of sending a specially-prepared email. All such KNOWN problems have been fixed, but the pine code is written in a very insecure style and the FreeBSD Security Officer believes there are likely to be other undiscovered vulnerabilities. Do you wish to proceed with the installation of pine anyway?" 12 70 || /usr/bin/false
+
+

hebrew/pine/Makefile

@@ -12,10 +12,13 @@ DISTNAME=	pine4.21_heb2.09
 
 MAINTAINER?=	nadav@cs.technion.ac.il
 
-FORBIDDEN=	"Remotely exploitable buffer overflows."
-
 MAN1=		pine.1 pico.1 pilot.1
 
+pre-fetch:
+.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
+	${SH} pkg-install
+.endif
+
 post-patch:
 	for i in ${WRKSRC}/doc/pine.1 \
 		${WRKSRC}/pine/init.c \

hebrew/pine/pkg-install

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ "$2" = "POST-INSTALL" -o -n "${PACKAGE_BUILDING}" ]; then
+  exit 0
+fi
+
+/usr/bin/dialog --yesno "SECURITY NOTE: The pine software has had several remote vulnerabilities discovered in the past, which allowed remote attackers to execute arbitrary code as you on your local system, by the action of sending a specially-prepared email. All such KNOWN problems have been fixed, but the pine code is written in a very insecure style and the FreeBSD Security Officer believes there are likely to be other undiscovered vulnerabilities. Do you wish to proceed with the installation of pine anyway?" 12 70 || /usr/bin/false
+
+

mail/pine4-ssl/pkg-install

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ "$2" = "POST-INSTALL" -o -n "${PACKAGE_BUILDING}" ]; then
+  exit 0
+fi
+
+/usr/bin/dialog --yesno "SECURITY NOTE: The pine software has had several remote vulnerabilities discovered in the past, which allowed remote attackers to execute arbitrary code as you on your local system, by the action of sending a specially-prepared email. All such KNOWN problems have been fixed, but the pine code is written in a very insecure style and the FreeBSD Security Officer believes there are likely to be other undiscovered vulnerabilities. Do you wish to proceed with the installation of pine anyway?" 12 70 || /usr/bin/false
+
+

mail/pine4/Makefile

@@ -16,8 +16,6 @@ DISTNAME?=	${PORTNAME}${PORTVERSION}
 
 MAINTAINER?=	pine@freebsd.ady.ro
 
-FORBIDDEN=	"Remotely exploitable buffer overflows."
-
 Y2K=		http://www.washington.edu/pine/QandA/sysadmins.html#Millenium
 
 MAN1=		pine.1 pico.1 pilot.1
@@ -33,6 +31,11 @@ LDAP_PREFIX?=	${LOCALBASE}
 BUILD_DEPENDS+=	${LDAP_PREFIX}/lib/libldap.a:${PORTSDIR}/net/ldap
 .endif
 
+pre-fetch:
+.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
+	${SH} pkg-install
+.endif
+
 post-patch:
 	for i in ${WRKSRC}/doc/pine.1 \
 		${WRKSRC}/pine/init.c \

mail/pine4/files/patch-ba

@@ -0,0 +1,20 @@
+*** pine/newmail.c.orig	Mon Sep 25 15:07:01 2000
+--- pine/newmail.c	Tue Sep 26 15:34:24 2000
+***************
+*** 342,348 ****
+  					   e->from->personal, NULL),
+  		   ps_global->ttyo->screen_cols);
+  	else
+! 	  sprintf(from + ((number > 1L) ? 18 : 6), "%s%s%s", 
+  		  e->from->mailbox,
+  		  e->from->host ? "@" : "",
+  		  e->from->host ? e->from->host : "");
+--- 342,349 ----
+  					   e->from->personal, NULL),
+  		   ps_global->ttyo->screen_cols);
+  	else
+! 	  snprintf(from + ((number > 1L) ? 18 : 6), sizeof(from) - strlen(from),
+!                   "%s%s%s", 
+  		  e->from->mailbox,
+  		  e->from->host ? "@" : "",
+  		  e->from->host ? e->from->host : "");

mail/pine4/pkg-install

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ "$2" = "POST-INSTALL" -o -n "${PACKAGE_BUILDING}" ]; then
+  exit 0
+fi
+
+/usr/bin/dialog --yesno "SECURITY NOTE: The pine software has had several remote vulnerabilities discovered in the past, which allowed remote attackers to execute arbitrary code as you on your local system, by the action of sending a specially-prepared email. All such KNOWN problems have been fixed, but the pine code is written in a very insecure style and the FreeBSD Security Officer believes there are likely to be other undiscovered vulnerabilities. Do you wish to proceed with the installation of pine anyway?" 12 70 || /usr/bin/false
+
+