diff --git a/net/popa3d/Makefile b/net/popa3d/Makefile index f91a3a5a8a0..7261f439f02 100644 --- a/net/popa3d/Makefile +++ b/net/popa3d/Makefile @@ -1,11 +1,12 @@ -# $OpenBSD: Makefile,v 1.2 1999/09/12 15:04:40 brad Exp $ +# $OpenBSD: Makefile,v 1.3 2000/02/03 18:45:38 brad Exp $ -DISTNAME= popa3d-0.3 +DISTNAME= popa3d-0.4 CATEGORIES= net mail -MASTER_SITES= ftp://ftp.dataforce.net/pub/solar/ \ - ftp://ftp.dqc.org/archive/ +MASTER_SITES= http://www.openwall.com/popa3d/ \ + ftp://ftp.openwall.com/popa3d \ + ftp://ftp.dataforce.net/pub/solar/ -MAINTAINER= dobbe@xs4all.nl +MAINTAINER= cd@sentia.nl NO_CONFIGURE= yes ALL_TARGET= popa3d @@ -14,6 +15,6 @@ do-install: ${INSTALL_PROGRAM} ${WRKSRC}/popa3d ${PREFIX}/libexec post-install: - @${SH} ${PKGDIR}/INSTALL ${DISTNAME} POST-INSTALL + @PKG_PREFIX="${PREFIX}" sh ${PKGDIR}/INSTALL ${DISTNAME} POST-INSTALL .include diff --git a/net/popa3d/files/md5 b/net/popa3d/files/md5 index 6aa6c485933..bbabbe709c5 100644 --- a/net/popa3d/files/md5 +++ b/net/popa3d/files/md5 @@ -1,3 +1,3 @@ -MD5 (popa3d-0.3.tar.gz) = 53770ad90b763e2ba7721316e2da590f -RMD160 (popa3d-0.3.tar.gz) = c2cf6c16d9399987b7d478d273e5bc51bac099d8 -SHA1 (popa3d-0.3.tar.gz) = 4025f549a4aa9e04768835b2ef1dfc6a3adf0990 +MD5 (popa3d-0.4.tar.gz) = 4ce2ed209abeaeaae7724d8d24bb7dbf +RMD160 (popa3d-0.4.tar.gz) = 869ea1d25a626ce9248061894c47c1b1aacfdd9c +SHA1 (popa3d-0.4.tar.gz) = 47df1be78048b68b6ce7b552cccd76579d576710 diff --git a/net/popa3d/patches/patch-aa b/net/popa3d/patches/patch-aa index 4e1cb07a07e..b6a4d618a72 100644 --- a/net/popa3d/patches/patch-aa +++ b/net/popa3d/patches/patch-aa @@ -1,5 +1,5 @@ ---- params.h.orig Thu Mar 25 05:25:55 1999 -+++ params.h Fri Sep 10 21:11:11 1999 +--- params.h.orig Thu Feb 3 15:45:32 2000 ++++ params.h Thu Feb 3 15:59:36 2000 @@ -33,7 +33,7 @@ * An unprivileged dummy user to run as before authentication. The user * and its UID must not be used for any other purpose. @@ -9,22 +9,26 @@ /* * Sessions will be closed if idle for longer than POP_TIMEOUT seconds. -@@ -58,19 +58,19 @@ - /* - * Do we have shadow passwords? Note: password aging is not supported. +@@ -62,14 +62,15 @@ + * Do we have shadow passwords? (Not for *BSD.) + * Note: password aging is not supported. */ -#define AUTH_SHADOW 1 +#define AUTH_SHADOW 0 /* * A salt used to waste some CPU time on dummy crypt(3) calls and make - * it harder to check for valid usernames. Adjust it for your crypt(3). + * it harder (but still far from impossible, on most systems) to check + * for valid usernames. Adjust it for your crypt(3). */ -#define AUTH_DUMMY_SALT "xx" -+#define AUTH_DUMMY_SALT "$2a$07$DummyBlowfishSalt" ++/* echo -n "dummyblowfishsalt" | encrypt -b 7 */ ++#define AUTH_DUMMY_SALT "$2a$07$.SZB2Z1e3w0fyDRiRd8k/eHANXfEMcuNLZNva1iUFCzjVF0CzHbkq" /* - * Your mail spool directory. Note: only local (non-NFS) mode 755 mail + * Message to return to the client when authentication fails. You can +@@ -81,7 +82,7 @@ + * Your mail spool directory. Note: only local (non-NFS) mode 775 mail * spools are currently supported. */ -#define MAIL_SPOOL_PATH "/var/spool/mail" diff --git a/net/popa3d/patches/patch-ab b/net/popa3d/patches/patch-ab deleted file mode 100644 index a6348ee762d..00000000000 --- a/net/popa3d/patches/patch-ab +++ /dev/null @@ -1,17 +0,0 @@ ---- pop_root.c.orig Thu Mar 25 05:25:55 1999 -+++ pop_root.c Fri Sep 10 21:20:11 1999 -@@ -140,8 +140,13 @@ - *pw->pw_passwd == '*' || *pw->pw_passwd == '!') - crypt(pass, AUTH_DUMMY_SALT); - else -- if (!strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd)) -+ if (!strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd)) { -+#if defined(__OpenBSD__) -+ /* zero out the password, obsd getpwnam cleaned up the rest */ -+ bzero(pw->pw_passwd, strlen(pw->pw_passwd)); -+#endif - return pw; -+ } - - return NULL; - } diff --git a/net/popa3d/pkg/SECURITY b/net/popa3d/pkg/SECURITY index 9220167d3f7..36a010130a5 100644 --- a/net/popa3d/pkg/SECURITY +++ b/net/popa3d/pkg/SECURITY @@ -1,19 +1,17 @@ Security issues: -This port does not use "shadow" password authentication, because things -work a bit differently on BSD systems. The 'normal' authentication function -is patched to zero-out the password after authentication. Because OpenBSD's -getpwnam takes great care to cleanup, I'm fairly positive this patch achieves -the same level of security as all the trickery in function do_shadow_auth. - +The author recommends that a seperate user 'popa3d' is created. However, +for ease of installation this port uses 'nobody'. Don't use 'nobody' for +anything else, or recompile popa3d to use 'popa3d' and create that user +yourself. The onetime use of strcmp seems correct. One parameter is 'pw->passwd', obtained from a call to getpwnam. The other parameter is 'pass', which is -derived from an input-buffer of which apop3d takes care not to overrun. +derived from an input-buffer of which popa3d takes care not to overrun. sprintf is used once. Its parameters are 'MAIL_SPOOL_PATH', which is a compile-time constant and 'mailbox', which is the username, derived from the password-file. One more time: POP3 is inherently insecure. Passwords are sent in cleartext, -everytime a user checks his mailbox. apop3d does not have APOP support. +everytime a user checks his mailbox. popa3d does not have APOP support.