diff options
| author | Steve Price <steve@FreeBSD.org> | 1999-03-15 01:41:19 +0000 |
|---|---|---|
| committer | Steve Price <steve@FreeBSD.org> | 1999-03-15 01:41:19 +0000 |
| commit | 7e03a84d91c03fcbeee35e02ae00b543839befa8 (patch) | |
| tree | 7ecbd59498e0dca2d6f3d75328347a6108886f10 /mail/pine4/files/patch-aa | |
| parent | Update to version 4.5. (diff) | |
Update to version 4.10.
PR: 10286
Submitted by: maintainer
Diffstat (limited to 'mail/pine4/files/patch-aa')
| -rw-r--r-- | mail/pine4/files/patch-aa | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/mail/pine4/files/patch-aa b/mail/pine4/files/patch-aa new file mode 100644 index 000000000000..19ea424ab676 --- /dev/null +++ b/mail/pine4/files/patch-aa @@ -0,0 +1,98 @@ +Patch posted on BUGTRAQ & pine-info mailing lists which fixes the +so-called "remote exploit in pine" bug. +More info: http://www.washington.edu/pine/pine-info/1999.02/msg00056.html +*** ./pine/init.c.orig Tue Jan 26 11:57:56 1999 +--- ./pine/init.c Tue Feb 9 19:23:06 1999 +*************** +*** 1791,1796 **** +--- 1791,1798 ---- + F_QUELL_PARTIAL_FETCH, NO_HELP, PREF_NONE}, + {"save-aggregates-copy-sequence", + F_AGG_SEQ_COPY, NO_HELP, PREF_NONE}, ++ {"enable-mailcap-param-substitution", ++ F_DO_MAILCAP_PARAM_SUBST, NO_HELP, PREF_NONE}, + {"termdef-takes-precedence", + F_TCAP_WINS, NO_HELP, PREF_NONE} + }; +*** ./pine/mailcap.c.orig Wed Nov 18 10:00:15 1998 +--- ./pine/mailcap.c Tue Feb 9 19:23:40 1999 +*************** +*** 739,745 **** + dprint(5, (debugfile, "- mc_passes_test -\n")); + + if(mc->testcommand && *mc->testcommand) +! cmd = mc_bld_test_cmd(mc->testcommand, type, subtype, params); + + if(!mc->testcommand || !cmd || !*cmd){ + if(cmd) +--- 739,746 ---- + dprint(5, (debugfile, "- mc_passes_test -\n")); + + if(mc->testcommand && *mc->testcommand) +! if(!(cmd = mc_bld_test_cmd(mc->testcommand, type, subtype, params))) +! return(FALSE); /* couldn't be built */ + + if(!mc->testcommand || !cmd || !*cmd){ + if(cmd) +*************** +*** 794,800 **** + if(needsterm) + *needsterm = mc->needsterminal; + +! command = mc_cmd_bldr(mc->command, type, subtype, params, tmp_file); + + dprint(5, (debugfile, "built command: %s\n", command)); + +--- 795,802 ---- + if(needsterm) + *needsterm = mc->needsterminal; + +! if(!(command = mc_cmd_bldr(mc->command, type, subtype, params, tmp_file))) +! command = cpystr(""); + + dprint(5, (debugfile, "built command: %s\n", command)); + +*************** +*** 871,876 **** +--- 873,884 ---- + break; + + case '{': /* insert requested MIME param */ ++ if(F_OFF(F_DO_MAILCAP_PARAM_SUBST, ps_global)){ ++ dprint(2, ++ (debugfile, "mc_cmd_bldr: param subs %s\n", from)); ++ return(NULL); ++ } ++ + s = strindex(from, '}'); + if(!s){ + q_status_message1(SM_ORDER, 0, 4, +*************** +*** 956,962 **** + sprintf(to, MC_ADD_TMP, tmp_file); + + return(cpystr(tmp_20k_buf)); +! } + + + /* +--- 964,970 ---- + sprintf(to, MC_ADD_TMP, tmp_file); + + return(cpystr(tmp_20k_buf)); +! } + + + /* +*** ./pine/pine.h.orig Thu Jan 28 16:52:00 1999 +--- ./pine/pine.h Tue Feb 9 19:23:21 1999 +*************** +*** 886,891 **** +--- 886,892 ---- + F_SHOW_TEXTPLAIN_INT, + F_ROLE_CONFIRM_DEFAULT, + F_NO_FCC_ATTACH, ++ F_DO_MAILCAP_PARAM_SUBST, + #ifdef ENABLE_LDAP + F_ADD_LDAP_TO_ABOOK, + #endif |