From dce5acf88ba3356e1d5f517ebabb9ec15cfdfede Mon Sep 17 00:00:00 2001 From: camield Date: Wed, 9 Feb 2000 08:37:32 +0000 Subject: [PATCH] - add MASTER_SITE - incorporate feedback from author in SECURITY - move post-install message from INSTALL to MESSAGE - Makefile-patch -> MAKE_FLAGS --- net/popa3d/Makefile | 9 ++++----- net/popa3d/patches/patch-ac | 13 ------------- net/popa3d/pkg/DEINSTALL | 6 ++++-- net/popa3d/pkg/INSTALL | 13 ------------- net/popa3d/pkg/MESSAGE | 8 ++++++++ net/popa3d/pkg/SECURITY | 6 +++++- 6 files changed, 21 insertions(+), 34 deletions(-) delete mode 100644 net/popa3d/patches/patch-ac delete mode 100755 net/popa3d/pkg/INSTALL create mode 100644 net/popa3d/pkg/MESSAGE diff --git a/net/popa3d/Makefile b/net/popa3d/Makefile index 7261f439f02..71c6dd5bb24 100644 --- a/net/popa3d/Makefile +++ b/net/popa3d/Makefile @@ -1,20 +1,19 @@ -# $OpenBSD: Makefile,v 1.3 2000/02/03 18:45:38 brad Exp $ +# $OpenBSD: Makefile,v 1.4 2000/02/09 08:37:32 camield Exp $ DISTNAME= popa3d-0.4 CATEGORIES= net mail MASTER_SITES= http://www.openwall.com/popa3d/ \ - ftp://ftp.openwall.com/popa3d \ + ftp://ftp.openwall.com/popa3d/ \ + ftp://ftp.false.com/security/popa3d/ \ ftp://ftp.dataforce.net/pub/solar/ MAINTAINER= cd@sentia.nl NO_CONFIGURE= yes ALL_TARGET= popa3d +MAKE_FLAGS= CC=${CC} LD=${CC} CFLAGS="-c ${CFLAGS}" do-install: ${INSTALL_PROGRAM} ${WRKSRC}/popa3d ${PREFIX}/libexec -post-install: - @PKG_PREFIX="${PREFIX}" sh ${PKGDIR}/INSTALL ${DISTNAME} POST-INSTALL - .include diff --git a/net/popa3d/patches/patch-ac b/net/popa3d/patches/patch-ac deleted file mode 100644 index e0ff20ddc50..00000000000 --- a/net/popa3d/patches/patch-ac +++ /dev/null @@ -1,13 +0,0 @@ ---- Makefile.orig Sat Nov 27 00:08:17 1999 -+++ Makefile Sat Nov 27 00:09:00 1999 -@@ -1,7 +1,7 @@ --CC = gcc --LD = gcc -+#CC = gcc -+LD = $(CC) - RM = rm -f --CFLAGS = -c -Wall -O2 -fomit-frame-pointer -+CFLAGS += -c -Wall -fomit-frame-pointer - LDFLAGS = -s - #LDFLAGS = -s -lcrypt - diff --git a/net/popa3d/pkg/DEINSTALL b/net/popa3d/pkg/DEINSTALL index 9bb8e6f85ba..3bedb06187e 100644 --- a/net/popa3d/pkg/DEINSTALL +++ b/net/popa3d/pkg/DEINSTALL @@ -1,3 +1,5 @@ -# $OpenBSD: DEINSTALL,v 1.1.1.1 1999/09/10 22:07:35 brad Exp $ +# $OpenBSD: DEINSTALL,v 1.2 2000/02/09 08:37:32 camield Exp $ -/bin/echo Remember to remove popa3d from /etc/inetd.conf and restart inetd. +PATH=/bin + +echo Remember to remove popa3d from /etc/inetd.conf and restart inetd. diff --git a/net/popa3d/pkg/INSTALL b/net/popa3d/pkg/INSTALL deleted file mode 100755 index e125c751ecc..00000000000 --- a/net/popa3d/pkg/INSTALL +++ /dev/null @@ -1,13 +0,0 @@ -# $OpenBSD: INSTALL,v 1.1.1.1 1999/09/10 22:07:35 brad Exp $ - -PATH=/bin - -if [ "X$2" = XPOST-INSTALL ]; then - echo - echo "To activate popa3d, add the following line to /etc/inetd.conf:" - echo "pop3\t\tstream\ttcp\tnowait\troot\t/usr/local/libexec/popa3d popa3d" - echo - echo "Then let inetd reread its configuration with:" - echo "kill -HUP \`cat /var/run/inetd.pid\`" - echo -fi diff --git a/net/popa3d/pkg/MESSAGE b/net/popa3d/pkg/MESSAGE new file mode 100644 index 00000000000..9e6c48f7bfd --- /dev/null +++ b/net/popa3d/pkg/MESSAGE @@ -0,0 +1,8 @@ + +To activate popa3d, add the following line to /etc/inetd.conf +(you may need to change /usr/local/ to the actual PREFIX): +pop3 stream tcp nowait root /usr/local/libexec/popa3d popa3d + +Then let inetd reread its configuration with: +kill -HUP `cat /var/run/inetd.pid` + diff --git a/net/popa3d/pkg/SECURITY b/net/popa3d/pkg/SECURITY index 36a010130a5..58295afe68d 100644 --- a/net/popa3d/pkg/SECURITY +++ b/net/popa3d/pkg/SECURITY @@ -12,6 +12,10 @@ derived from an input-buffer of which popa3d takes care not to overrun. sprintf is used once. Its parameters are 'MAIL_SPOOL_PATH', which is a compile-time constant and 'mailbox', which is the username, derived from the password-file. +Feedback from author: "buffer is malloc()'ed one line earlier to the correct +size, regardless of where the input comes from. The only required property of +those two strings, is that they're of a sane length not to cause an integer +overflow in the addition". One more time: POP3 is inherently insecure. Passwords are sent in cleartext, -everytime a user checks his mailbox. popa3d does not have APOP support. +everytime a user checks his mailbox.