2048 characters is sent to the qpopper process, a denial of service
condition will occur"
Actually, this is caused by an incorrect assumption. qpopper uses
the same buffer over and over when communicating. However, it never
makes sure that the buffer has been updated if something goes wrong.
Therefore, one can try to add to this buffer over and over; thus,
consuming available resources.
Solution, do not follow unofficial patch available in bugtraq mailing
list since losing pointer references is not an option. Otherwise,
change the way both getline and tgetline functions work. Just so
that they resemble read(2) return codes as follows:
1) if < 0 problem
2) if >= 0 user typed something (enter without anything else is
something)
First patch sent by Isao SEKI <iseki@gongon.com>
PR: 36326
Prompted by: Alessandro de Manzano <ale@unixmania.net>,
Isao SEKI <iseki@gongon.com>
Reviewed by: eivind,
Alessandro de Manzano <ale@unixmania.net>,
David Rufino <dr@soniq.net>,
Isao SEKI <iseki@gongon.com>
cannot log in the popper daemon, let the users decide for either
a default file (use a copy of the system's /etc/ftpusers file)
or an empty file
2) also, make the installation of this file prefix safe and name
it popusers (PREFIX/etc/qpopper/popusers). This changes expected
behavior of the port
3) add a PKGINSTALL script to handle this file install/deinstall
4) style changes: use variables to make the port easier to maintain
Prompted by: Dan Langille <dan@langille.org>
Reviewed by: freebsd-ports (silence), kris, sobomax
o Several fixes
o Improvements to poppassd
o Remove extra-patch since it has been merged into the distribution
Prompted by: Brett Jackson <brett@modlogic.com>, sudz@ns3g.com,
Mars G Miro <mars@cannoncreek.com>
gdbm port (--without-gdbm)
o USE_AUTOCONF due to files/patch-configure.in rev 1.1
o update ipv6 patch to version 20010504
o move all options to WITH_* options, let the older
options work for a while
o advertise all WITH_* options
o add WITH_POPPASSD support (Hajimu Umemoto contribution)
PR: 27093
Submitted by: Hajimu Umemoto <ume@mahoroba.org>,
K Karthik <kar_alerts@mglorysb.com>
freeze is coming today, so I decided to force things a little. Among other
things this release supports TLS/SSL, previously available in the Qualcomms's
commercial package "Qpopper LX".
Preserve popauth's name on installation, as it looks up argv[0] and
tries to change its default behavior according to it.
Reported in: FreeBSD-users-jp@jp.FreeBSD.org mailing list
Cleanup Makefile & patches a bit.
manpage-patch-files.
However, due to an odd bug in patch(1), 2 of the 3 hunks for
popper.8 fails (somehow, diff(1) thinks it is a binary file and
patch cannot patch it correctly if diff is used with the -a option).
So patch-ac only changes /usr/local/lib/popper to .../libexec/qpopper
and doesn't neither corrects the location of sendmail nor adds the
/etc/ftpusers file to the SEE ALSO section.
In the Makefile, /usr/local is now replaced with PREFIX for both manpages.
Renames port to qpopper, since this is the official name Qualcomm gives it.
Add pkg/MESSAGE for the inetd.conf line.
Create ${PREFIX}/etc/popper directory also for pkg's.
PR 18568 (Sent in by Jeff Palmer <jeff@isni.net>) gave me the idea for
this update.
Authors or any interesting parties are welcomed to merge functionality-extending
patches from the popper 2.53 (skey support, youbin support etc).
PR: 18745
Submitted by: Jeff Palmer <jeff@isni.net>
FWIW, checkout of these things took 5+hrs, staying on the local
.freebsd.org net w/o hitting the 'net at all.
As promised,
$ time cvs ci
real 67m51.701s
user 0m1.250s
sys 0m5.345s
