From ef039426dddc13adf00d7fb121bad72d07f8a093 Mon Sep 17 00:00:00 2001 From: jakob Date: Wed, 3 May 2000 07:44:56 +0000 Subject: [PATCH] update to v4.7c1 & add security notice. ok turan@. --- mail/imap-uw/Makefile | 10 +++++----- mail/imap-uw/files/md5 | 6 +++--- mail/imap-uw/pkg/SECURITY | 9 +++++++++ 3 files changed, 17 insertions(+), 8 deletions(-) create mode 100644 mail/imap-uw/pkg/SECURITY diff --git a/mail/imap-uw/Makefile b/mail/imap-uw/Makefile index 7c45e0b0a13..c861c8e965d 100644 --- a/mail/imap-uw/Makefile +++ b/mail/imap-uw/Makefile @@ -1,7 +1,7 @@ -# $OpenBSD: Makefile,v 1.5 2000/03/07 08:25:52 jakob Exp $ +# $OpenBSD: Makefile,v 1.6 2000/05/03 07:44:56 jakob Exp $ -DISTNAME= imap-4.7b -PKGNAME= imap-uw-4.7b +DISTNAME= imap-4.7c1 +PKGNAME= imap-uw-4.7c1 CATEGORIES= mail MAINTAINER= jakob@openbsd.org @@ -17,8 +17,8 @@ MASTER_SITES= ftp://ftp.cac.washington.edu/imap/ \ ftp://ftp.sunet.se/pub/unix/mail/imap/old/ EXTRACT_SUFX= .tar.Z -FAKE= yes - +FAKE= yes +WRKDIST= ${WRKDIR}/imap-4.7c ALL_TARGET= bso do-install: diff --git a/mail/imap-uw/files/md5 b/mail/imap-uw/files/md5 index d73a5c775cf..95416049690 100644 --- a/mail/imap-uw/files/md5 +++ b/mail/imap-uw/files/md5 @@ -1,3 +1,3 @@ -MD5 (imap-4.7b.tar.Z) = 18ea9e22bde74afaa6c5b18236137ec0 -RMD160 (imap-4.7b.tar.Z) = 92605e353e61883047b7d9c383cd7aa8377689cd -SHA1 (imap-4.7b.tar.Z) = ce0261ad3a25ea2bb1689ad9e2513456e3753f28 +MD5 (imap-4.7c1.tar.Z) = c99eb0c3db2d9433562d74de5e799c09 +RMD160 (imap-4.7c1.tar.Z) = 4a5d8893289adc8c255a69500e1224369e90a775 +SHA1 (imap-4.7c1.tar.Z) = c8848e1bb4ebd7abe3769722ed41c22ee2529fda diff --git a/mail/imap-uw/pkg/SECURITY b/mail/imap-uw/pkg/SECURITY new file mode 100644 index 00000000000..5a58fe22249 --- /dev/null +++ b/mail/imap-uw/pkg/SECURITY @@ -0,0 +1,9 @@ +$Id: SECURITY,v 1.1 2000/05/03 07:44:56 jakob Exp $ + +This port is not safe to use on a system which does not provide shell +access to users who can retrieve mail via IMAP. imapd contains buffer +overflows which a user can exploit after they have logged into imap to get +access to their account on the machine. If your imap users have shell +access anyway, this is not a significant vulnerability. There is also a +vulnerability wherein local users can prevent arbitrary POP2/3 mailboxes +from being opened, and force IMAP mailboxes to only open read-only.