[pkgsrc/trunk]: pkgsrc/mail/fetchmail Add patch-ak for a fetchmailconf securi...

[adrianp <adrianp%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/308110ccec86
branches:  trunk
changeset: 502034:308110ccec86
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Tue Nov 01 19:16:52 2005 +0000

description:
Add patch-ak for a fetchmailconf security issue.  This patch does
not impact the fetchmail package so no version bump is required.

diffstat:

 mail/fetchmail/distinfo         |   3 +-
 mail/fetchmail/patches/patch-ak |  46 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+), 1 deletions(-)

diffs (64 lines):

diff -r 11725220b15a -r 308110ccec86 mail/fetchmail/distinfo
--- a/mail/fetchmail/distinfo   Tue Nov 01 19:10:21 2005 +0000
+++ b/mail/fetchmail/distinfo   Tue Nov 01 19:16:52 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.32 2005/10/21 20:56:50 tonio Exp $
+$NetBSD: distinfo,v 1.33 2005/11/01 19:16:52 adrianp Exp $
 
 SHA1 (fetchmail-6.2.5.tar.gz) = 4656ec4393ccd1c137fe7b331f77cb26b576ac0e
 RMD160 (fetchmail-6.2.5.tar.gz) = e32b91a959d0e80c4bd45a8758811cbe95a98180
@@ -13,3 +13,4 @@
 SHA1 (patch-ah) = d6d08403b241a3e1a891faadbb36b0cd00df1398
 SHA1 (patch-ai) = 16449ab08c266936d80b8be11c93a3dd1ac5c2fe
 SHA1 (patch-aj) = 1051c1eb754b9c9cffad2eab4561791975aebbe1
+SHA1 (patch-ak) = d75b42146597a17a1ce91dddc7ed0821697d7ec2
diff -r 11725220b15a -r 308110ccec86 mail/fetchmail/patches/patch-ak
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/fetchmail/patches/patch-ak   Tue Nov 01 19:16:52 2005 +0000
@@ -0,0 +1,46 @@
+$NetBSD: patch-ak,v 1.1 2005/11/01 19:16:52 adrianp Exp $
+
+--- fetchmailconf.orig 2003-10-15 20:22:31.000000000 +0100
++++ fetchmailconf      2005-10-21 14:48:02.000000000 +0100
+@@ -4,7 +4,19 @@
+ # by Eric S. Raymond, <esr%snark.thyrsus.com@localhost>.
+ # Requires Python with Tkinter, and the following OS-dependent services:
+ #       posix, posixpath, socket
+-version = "1.43"
++#
++# Changes by Matthias Andree, in 2005:
++#
++# 1.43.1 - unsuccessful attempt to fix a password exposure bug
++#
++#        thanks to Thomas Wolff and Miloslav Trmac for pointing
++#        out the fix was insufficient
++#
++# 1.43.2 - fix password exposure bug, by restricting umask to 077
++#          before opening the file
++#        - record fetchmailconf version in output file
++#
++version = "1.43.2"
+ 
+ from Tkinter import *
+ from Dialog import *
+@@ -858,14 +870,17 @@
+           # Pre-1.5.2 compatibility...
+           except os.error:
+               pass
++          old_umask = os.umask(077)
+           fm = open(self.outfile, 'w')
++          os.umask(old_umask)
+       if fm:
+-          fm.write("# Configuration created %s by fetchmailconf\n" % time.ctime(time.time()))
++          if fm != sys.stdout:
++              os.chmod(self.outfile, 0600)
++          fm.write("# Configuration created %s by fetchmailconf %s\n"
++                  % (time.ctime(time.time()), version))
+           fm.write(`self.configuration`)
+           if self.outfile:
+               fm.close()
+-          if fm != sys.stdout:
+-              os.chmod(self.outfile, 0600)
+           self.destruct()
+ 
+ #