From e339a201630ed9fb146935198a8ea1b99848e131 Mon Sep 17 00:00:00 2001 From: bernd Date: Thu, 27 Oct 2005 21:58:51 +0000 Subject: [PATCH] Fix the latest security issue in fetchmailconf. http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt "passwords are written to a world-readable file" nicer fetchmailconf diff & ok fgsch@ (thanks!) --- mail/fetchmail/Makefile | 4 ++-- mail/fetchmail/patches/patch-fetchmailconf | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 mail/fetchmail/patches/patch-fetchmailconf diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile index 5a9cdcdd4ea..14dda49e8ac 100644 --- a/mail/fetchmail/Makefile +++ b/mail/fetchmail/Makefile @@ -1,9 +1,9 @@ -# $OpenBSD: Makefile,v 1.103 2005/08/31 19:55:36 sturm Exp $ +# $OpenBSD: Makefile,v 1.104 2005/10/27 21:58:51 bernd Exp $ COMMENT= "mail retrieval utility for POP2, POP3, KPOP, IMAP and more" DISTNAME= fetchmail-6.2.5.2 -PKGNAME= ${DISTNAME}p0 +PKGNAME= ${DISTNAME}p1 CATEGORIES= mail MASTER_SITES= http://download.berlios.de/fetchmail/ diff --git a/mail/fetchmail/patches/patch-fetchmailconf b/mail/fetchmail/patches/patch-fetchmailconf new file mode 100644 index 00000000000..7256156dc2d --- /dev/null +++ b/mail/fetchmail/patches/patch-fetchmailconf @@ -0,0 +1,20 @@ +$OpenBSD: patch-fetchmailconf,v 1.1 2005/10/27 21:58:51 bernd Exp $ +--- fetchmailconf.orig Thu Oct 27 14:42:59 2005 ++++ fetchmailconf Thu Oct 27 14:57:33 2005 +@@ -858,14 +858,13 @@ class ConfigurationEdit(Frame, MyWidget) + # Pre-1.5.2 compatibility... + except os.error: + pass +- fm = open(self.outfile, 'w') ++ fd = os.open(self.outfile, os.O_CREAT|os.O_WRONLY, 0600) ++ fm = os.fdopen(fd, 'w') + if fm: + fm.write("# Configuration created %s by fetchmailconf\n" % time.ctime(time.time())) + fm.write(`self.configuration`) + if self.outfile: + fm.close() +- if fm != sys.stdout: +- os.chmod(self.outfile, 0600) + self.destruct() + + #