cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

upgrade to popa3d 0.4; From: maintainer

Browse Source
This commit is contained in:
brad 2000-02-03 18:45:38 +00:00
parent bd0e50fbb0
commit ade0760a17
5 changed files with 28 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
net/popa3d/Makefile
View File

@ -1,11 +1,12 @@
# $OpenBSD: Makefile,v 1.2 1999/09/12 15:04:40 brad Exp $ # $OpenBSD: Makefile,v 1.3 2000/02/03 18:45:38 brad Exp $
DISTNAME= popa3d-0.3 DISTNAME= popa3d-0.4
CATEGORIES= net mail CATEGORIES= net mail
MASTER_SITES= ftp://ftp.dataforce.net/pub/solar/ \ MASTER_SITES= http://www.openwall.com/popa3d/ \
ftp://ftp.dqc.org/archive/ ftp://ftp.openwall.com/popa3d \
ftp://ftp.dataforce.net/pub/solar/
MAINTAINER= dobbe@xs4all.nl MAINTAINER= cd@sentia.nl
NO_CONFIGURE= yes NO_CONFIGURE= yes
ALL_TARGET= popa3d ALL_TARGET= popa3d
@ -14,6 +15,6 @@ do-install:
${INSTALL_PROGRAM} ${WRKSRC}/popa3d ${PREFIX}/libexec ${INSTALL_PROGRAM} ${WRKSRC}/popa3d ${PREFIX}/libexec
post-install: post-install:
@${SH} ${PKGDIR}/INSTALL ${DISTNAME} POST-INSTALL @PKG_PREFIX="${PREFIX}" sh ${PKGDIR}/INSTALL ${DISTNAME} POST-INSTALL
.include <bsd.port.mk> .include <bsd.port.mk>

6
net/popa3d/files/md5
View File

@ -1,3 +1,3 @@
MD5 (popa3d-0.3.tar.gz) = 53770ad90b763e2ba7721316e2da590f MD5 (popa3d-0.4.tar.gz) = 4ce2ed209abeaeaae7724d8d24bb7dbf
RMD160 (popa3d-0.3.tar.gz) = c2cf6c16d9399987b7d478d273e5bc51bac099d8 RMD160 (popa3d-0.4.tar.gz) = 869ea1d25a626ce9248061894c47c1b1aacfdd9c
SHA1 (popa3d-0.3.tar.gz) = 4025f549a4aa9e04768835b2ef1dfc6a3adf0990 SHA1 (popa3d-0.4.tar.gz) = 47df1be78048b68b6ce7b552cccd76579d576710

20
net/popa3d/patches/patch-aa
View File

@ -1,5 +1,5 @@
--- params.h.orig Thu Mar 25 05:25:55 1999 --- params.h.orig Thu Feb 3 15:45:32 2000
+++ params.h Fri Sep 10 21:11:11 1999 +++ params.h Thu Feb 3 15:59:36 2000
@@ -33,7 +33,7 @@ @@ -33,7 +33,7 @@
* An unprivileged dummy user to run as before authentication. The user * An unprivileged dummy user to run as before authentication. The user
* and its UID must not be used for any other purpose. * and its UID must not be used for any other purpose.
@ -9,22 +9,26 @@
/* /*
* Sessions will be closed if idle for longer than POP_TIMEOUT seconds. * Sessions will be closed if idle for longer than POP_TIMEOUT seconds.
@@ -58,19 +58,19 @@ @@ -62,14 +62,15 @@
/* * Do we have shadow passwords? (Not for *BSD.)
* Do we have shadow passwords? Note: password aging is not supported. * Note: password aging is not supported.
*/ */
-#define AUTH_SHADOW 1 -#define AUTH_SHADOW 1
+#define AUTH_SHADOW 0 +#define AUTH_SHADOW 0
/* /*
* A salt used to waste some CPU time on dummy crypt(3) calls and make * A salt used to waste some CPU time on dummy crypt(3) calls and make
* it harder to check for valid usernames. Adjust it for your crypt(3). * it harder (but still far from impossible, on most systems) to check
* for valid usernames. Adjust it for your crypt(3).
*/ */
-#define AUTH_DUMMY_SALT "xx" -#define AUTH_DUMMY_SALT "xx"
+#define AUTH_DUMMY_SALT "$2a$07$DummyBlowfishSalt" +/* echo -n "dummyblowfishsalt" | encrypt -b 7 */
+#define AUTH_DUMMY_SALT "$2a$07$.SZB2Z1e3w0fyDRiRd8k/eHANXfEMcuNLZNva1iUFCzjVF0CzHbkq"
/* /*
* Your mail spool directory. Note: only local (non-NFS) mode 755 mail * Message to return to the client when authentication fails. You can
@@ -81,7 +82,7 @@
* Your mail spool directory. Note: only local (non-NFS) mode 775 mail
* spools are currently supported. * spools are currently supported.
*/ */
-#define MAIL_SPOOL_PATH "/var/spool/mail" -#define MAIL_SPOOL_PATH "/var/spool/mail"

17
net/popa3d/patches/patch-ab
View File

@ -1,17 +0,0 @@
--- pop_root.c.orig Thu Mar 25 05:25:55 1999
+++ pop_root.c Fri Sep 10 21:20:11 1999
@@ -140,8 +140,13 @@
*pw->pw_passwd == '*' || *pw->pw_passwd == '!')
crypt(pass, AUTH_DUMMY_SALT);
else
- if (!strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd))
+ if (!strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd)) {
+#if defined(__OpenBSD__)
+ /* zero out the password, obsd getpwnam cleaned up the rest */
+ bzero(pw->pw_passwd, strlen(pw->pw_passwd));
+#endif
return pw;
+ }
return NULL;
}

14
net/popa3d/pkg/SECURITY
View File

@ -1,19 +1,17 @@
Security issues: Security issues:
This port does not use "shadow" password authentication, because things The author recommends that a seperate user 'popa3d' is created. However,
work a bit differently on BSD systems. The 'normal' authentication function for ease of installation this port uses 'nobody'. Don't use 'nobody' for
is patched to zero-out the password after authentication. Because OpenBSD's anything else, or recompile popa3d to use 'popa3d' and create that user
getpwnam takes great care to cleanup, I'm fairly positive this patch achieves yourself.
the same level of security as all the trickery in function do_shadow_auth.
The onetime use of strcmp seems correct. One parameter is 'pw->passwd', The onetime use of strcmp seems correct. One parameter is 'pw->passwd',
obtained from a call to getpwnam. The other parameter is 'pass', which is obtained from a call to getpwnam. The other parameter is 'pass', which is
derived from an input-buffer of which apop3d takes care not to overrun. derived from an input-buffer of which popa3d takes care not to overrun.
sprintf is used once. Its parameters are 'MAIL_SPOOL_PATH', which is a sprintf is used once. Its parameters are 'MAIL_SPOOL_PATH', which is a
compile-time constant and 'mailbox', which is the username, derived from compile-time constant and 'mailbox', which is the username, derived from
the password-file. the password-file.
One more time: POP3 is inherently insecure. Passwords are sent in cleartext, One more time: POP3 is inherently insecure. Passwords are sent in cleartext,
everytime a user checks his mailbox. apop3d does not have APOP support. everytime a user checks his mailbox. popa3d does not have APOP support.