remove this port; there are known root exploits; the code is buggy;

the available patches may not plug all holes; see cucipop if you must use a pop daemon
1998-06-28 21:50:11 +00:00 · 1998-06-28 21:50:11 +00:00 · 75addc3341
commit 75addc3341
parent fa972b4f60
11 changed files with 0 additions and 268 deletions
--- a/mail/qpopper/Makefile
+++ b/mail/qpopper/Makefile
@ -1,61 +0,0 @@
-# OpenBSD makefile for:	qpopper
-# Version required:	2.4
-# Date created:		1998-May-01
-# Whom:			marc@OpenBSD.ORG
-#
-# $OpenBSD: Makefile,v 1.1.1.1 1998/05/01 23:09:23 marc Exp $
-#
-
-# What port/package will be created
-#
-DISTNAME=		qpopper-2.4
-CATEGORIES=     	mail
-
-# where to send bitches about this port
-#
-MAINTAINER=		ports@openbsd.org
-
-# Restrictions on the port/package
-#
-NO_CDROM=		"NOFEE: can't be sold"
-
-# where the source files and patches can be fetched
-#
-MASTER_SITES=		ftp://ftp.qualcomm.com/eudora/servers/unix/popper/
-DISTFILES=		qpopper2.4.tar.Z
-
-# build/configuration variables
-#
-GNU_CONFIGURE=		yes
-CONFIGURE_ARGS+=	--enable-debugging
-CONFIGURE_ARGS+=	--enable-apop
-
-# Overrides for default values
-#
-WRKSRC=			${WRKDIR}/qpopper2.4
-
-# Do the install here as the applications Makefile does not perform
-# the install function.  The steps are:
-#
-# 1) create pop user
-# 2) install popper and popauth
-# 3) install the man pages
-# 4) create the APOP authentication database
-#
-do-install:
-	@${SETENV} ${MAKE_ENV} perl ${SCRIPTDIR}/createuser
-	@${INSTALL_PROGRAM} ${WRKSRC}/popper ${PREFIX}/libexec
-	@${INSTALL_PROGRAM} ${WRKSRC}/popauth ${PREFIX}/sbin
-	@${SED} -e 's,||EXECDIR||,${PREFIX}/libexec,' \
-		${WRKSRC}/popper.8 > ${WRKSRC}/popper.8.out
-	@${INSTALL_MAN} ${WRKSRC}/popper.8.out ${PREFIX}/man/man8/popper.8
-	@${INSTALL_MAN} ${WRKSRC}/popauth.8 ${PREFIX}/man/man8
-	@if [ ! -f /etc/pop.auth.db ]; then \
-	    ${ECHO} "Initializing APOP authentication database"; \
-	    ${PREFIX}/sbin/popauth -init; \
-	 else \
-	    ${ECHO} "Using existing APOP authentication database"; \
-	 fi
-	@${ECHO} "see popper(8) for final installation instructions"
-
-.include <bsd.port.mk>
--- a/mail/qpopper/files/md5
+++ b/mail/qpopper/files/md5
@ -1 +0,0 @@
-MD5 (qpopper2.4.tar.Z) = 75f3987445cb9b2b0c9b1cf12244bd2c
--- a/mail/qpopper/patches/patch-aa
+++ b/mail/qpopper/patches/patch-aa
@ -1,44 +0,0 @@
--- configure.orig	Tue Sep 16 12:30:47 1997
-+++ configure	Fri May  1 11:07:09 1998
-@@ -14,7 +14,7 @@
- ac_help="$ac_help
-  --enable-debugging	compiling in debug mode"
- ac_help="$ac_help
- --with-apop=path 	Set the pop.auth file path [/etc/pop.auth]"
-+ --enable-apop[=path] 	Set the pop.auth file path [/etc/pop.auth]"
- 
- # Initialize some variables set by options.
- # The variables have the same names as the options, with
-@@ -865,11 +865,13 @@
- 	if test -z "$apop" ; then
- 		cat >> confdefs.h <<EOF
- #define APOP "/etc/pop.auth"
-+#define POPUID "pop"
- EOF
- 
- 	else
- 		cat >> confdefs.h <<EOF
- #define APOP "$apop"
-+#define POPUID "pop"
- EOF
- 
- 	fi
-@@ -972,15 +974,15 @@
- EOF
- 
- 	cat >> confdefs.h <<\EOF
-#define POP_DROP "/var/mail/.%s.pop"
-+#define POP_DROP "/var/tmp/.%s.pop"
- EOF
- 
- 	cat >> confdefs.h <<\EOF
-#define POP_TMPDROP "/var/mail/tmpXXXXXX"
-+#define POP_TMPDROP "/var/tmp/tmpXXXXXX"
- EOF
- 
- 	cat >> confdefs.h <<\EOF
-#define POP_TMPXMIT "/var/mail/xmitXXXXXX"
-+#define POP_TMPXMIT "/var/tmp/xmitXXXXXX"
- EOF
- 
- 	echo "$ac_t""found at /var/mail" 1>&6
--- a/mail/qpopper/patches/patch-ab
+++ b/mail/qpopper/patches/patch-ab
@ -1,10 +0,0 @@
--- config.h.in.~1~	Fri Sep 12 13:39:55 1997
-+++ config.h.in	Fri May  1 11:08:49 1998
-@@ -38,6 +38,7 @@
- 
- #undef DEBUG
- #undef APOP
-+#undef POPUID
- #undef GDBM
- #undef MAIL_COMMAND
- #undef POP_MAILDIR
--- a/mail/qpopper/patches/patch-ac
+++ b/mail/qpopper/patches/patch-ac
@ -1,18 +0,0 @@
--- popper.h.orig	Fri Sep 12 13:22:30 1997
-+++ popper.h	Fri May  1 12:06:41 1998
-@@ -32,9 +32,12 @@
- #ifdef		HAVE_SYS_PARAM_H
- #include <sys/param.h>
- # if (defined(BSD) && (BSD >= 199103))
-#  define	HAVE_UNISTD_H
-#  define	HAVE_VPRINTF
-#  define	BIND43
-+#  define	HAVE_UNISTD_H	1
-+#  define	HAVE_VPRINTF	1
-+#  define	BIND43		1
-+# endif
-+# if defined( BSD4_4 )
-+#  define BSD44_DBM
- # endif
- #endif
- 
--- a/mail/qpopper/patches/patch-ad
+++ b/mail/qpopper/patches/patch-ad
@ -1,16 +0,0 @@
--- popauth.c.~1~	Fri Sep 12 13:41:52 1997
-+++ popauth.c	Fri May  1 14:04:13 1998
-@@ -47,6 +47,13 @@
- #include <sys/file.h>
- #endif
- 
-+#ifdef		HAVE_SYS_PARAM_H
-+#include <sys/param.h>
-+# if defined( BSD4_4 )
-+#  define BSD44_DBM
-+# endif
-+#endif
-+
- #ifdef BSDI
- #define BSD44_DBM
- #endif
--- a/mail/qpopper/patches/patch-ae
+++ b/mail/qpopper/patches/patch-ae
@ -1,71 +0,0 @@
--- popper.8.~1~	Thu Jun  5 15:05:52 1997
-+++ popper.8	Fri May  1 14:40:15 1998
-@@ -16,13 +16,13 @@
- .SH NAME
- popper \- pop 3 server
- .SH SYNOPSIS
-.B /usr/etc/popper
-+.B ||EXECDIR||/popper
- [ -d ]
- [ -s ]
- [ -k ]
-[ -t trace-file]
-[ -T timeout]
-[ -b bulldir]
-+[ -t trace-file ]
-+[ -T timeout ]
-+[ -b bulldir ]
- .SH DESCRIPTION
- .I Popper
- is an implementation of the Post Office Protocol server that runs on a
-@@ -135,10 +135,8 @@
- The POP server uses syslog to keep a record of its activities.  On
- systems with BSD 4.3 syslogging, the server logs (by default) to the
- "local0" facility at priority "notice" for all messages except
-debugging which is logged at priority "debug".  The default log file is
-/usr/spool/mqueue/POPlog.  These can be changed, if desired.  On
-systems with 4.2 syslogging all messages are logged to the local log
-file, usually /usr/spool/mqueue/syslog.
-+debugging which is logged at priority "debug".  See syslog.conf(5)
-+for more information.
- .SH DEBUGGING
- .PP
- The popper program will log debugging information when the -d parameter
-@@ -148,12 +146,6 @@
- will place debugging information into file "<file-name>" using fprintf
- instead of syslog.
- .PP
-For SunOS version 3.5, the popper program is launched by inetd from
-/etc/servers.  This file does not allow you to specify command line
-arguments.  Therefore, if you want to enable debugging, you can specify
-a shell script in /etc/servers to be launched instead of popper and in
-this script call popper with the desired arguments.
-.PP
- You can confirm that the POP server is running on Unix by telneting to
- port 110 (or 109 if you set it up that way).  For example:
- .PP
-@@ -170,7 +162,7 @@
- .PP
- The server implements two extended commands.
- .PP
-XTND XMIT: Sends a mail message using /usr/lib/sendmail.
-+XTND XMIT: Sends a mail message using /usr/sbin/sendmail.
- .PP
- XTND XLIST header [num]: Extracts and returns the specified header line
- for the specified message number. If the "num" parameter is missing, 
-@@ -178,13 +170,14 @@
- marked for deletion.
- .SH FILES
- .nf
-/usr/spool/mail         mail files
-+/var/mail               mail files
- /etc/inetd.conf         pop program invocation
- /etc/syslog.conf        logging specifications
- ~/.popbull              largest bulletin number seen by user
- .fi
- .SH "SEE ALSO"
- inetd(8), 
-+syslog.conf(5),
- RFC1081, 
- RFC1082,
- RFC1939
--- a/mail/qpopper/pkg/COMMENT
+++ b/mail/qpopper/pkg/COMMENT
@ -1 +0,0 @@
-POP3 server for most versions of UNIX
--- a/mail/qpopper/pkg/DESCR
+++ b/mail/qpopper/pkg/DESCR
@ -1,8 +0,0 @@
-Qpopper supports the widely used POP3 protocol for downloading Internet
-e-mail used by many popular e-mail clients. Qopper does not include a
-message transfer agent or SMTP support and normally works with standard
-UNIX mail transfer agents such as sendmail or smail.
-
-Qpopper supports APOP, an alternate authentication method.  It is able
-to authenticate without passing the password in cleartext over the wire.
-
--- a/mail/qpopper/pkg/PLIST
+++ b/mail/qpopper/pkg/PLIST
@ -1,9 +0,0 @@
-sbin/popauth
-libexec/popper
-man/man8/popper.8
-man/man8/popauth.8
-@exec echo "see popper(8) for final installation instructions"
-@unexec echo ""
-@unexec echo "*** You must remove the file /etc/pop.auth.db by hand to"
-@unexec echo "*** fully delete this package from your system"
-@unexec echo ""
--- a/mail/qpopper/scripts/createuser
+++ b/mail/qpopper/scripts/createuser
@ -1,29 +0,0 @@
-#!/usr/bin/perl
-#
-
-eval '(exit $?0)' && eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
-& eval 'exec /usr/bin/perl -S $0 $argv:q'
-if 0;
-
-if( $> ) {
-	print "\nYou must be root to run this step!\n\n";
-	exit 1;
-} 
-
-if( getpwnam( "pop" ) ) {
-	( $null, $null, $popUID ) = getpwnam( "pop" );
-} else {
-	$popUID = 75;
-	while( getpwuid( $popUID ) ) {
-		$popUID++;
-	}
-}
-
-( $null, $null, $popGID ) = getgrnam( "bin" );
-
-print "pop user using uid $popUID, gid $popGID\n";
-
-print( "/usr/bin/chpass -a \"pop:*:$popUID\:$popUID\:\:\:\:POP pseudo-user\:/\:/sbin/nologin\"" );
-system( "/usr/bin/chpass -a \"pop:*:$popUID\:$popGID\:\:\:\:POP pseudo-user\:/\:/sbin/nologin\"" );
-print( "\n" );
-
				`@ -1 +0,0 @@`
				`MD5 (qpopper2.4.tar.Z) = 75f3987445cb9b2b0c9b1cf12244bd2c`