- Fix security vulnerability (buffer overflow)

- Fix fetching - Switch UID of sympa user from 1025 to 200, >1000 UIDs should be really reserved for regular interactive users [1] [1] PR: ports/77367 Submitted by: Scott Balmos <scott.balmos@utoledo.edu> Approved by: maintainer timeout (2 weeks)
author: Pav Lucistnik <pav@FreeBSD.org> 2005-02-27 13:55:24 +0000
committer: Pav Lucistnik <pav@FreeBSD.org> 2005-02-27 13:55:24 +0000
commit: 75838a2fb77f051186a58a5555c0d4c9e14248bf (patch)
tree: 8ebab8d05b2556d22f164831e1ede56c712b3164 /mail
parent: Fix thread compile (diff)
4 files changed, 80 insertions, 2 deletions
diff --git a/mail/sympa/Makefile b/mail/sympa/Makefile
index e1cf3c961586..2f46d9588d2e 100644
--- a/mail/sympa/Makefile
+++ b/mail/sympa/Makefile
@@ -7,8 +7,9 @@
 
 PORTNAME=	sympa
 PORTVERSION?=	4.1.2
+PORTREVISION=	1
 CATEGORIES=	mail
-MASTER_SITES?=	http://www.sympa.org/distribution/
+MASTER_SITES?=	http://www.sympa.org/distribution/old/
 
 MAINTAINER=	autrijus@autrijus.org
 COMMENT?=	Sympa is an electronic mailing list manager
diff --git a/mail/sympa/files/patch-src-bouncequeue.c b/mail/sympa/files/patch-src-bouncequeue.c
new file mode 100644
index 000000000000..1dbbb67c397b
--- /dev/null
+++ b/mail/sympa/files/patch-src-bouncequeue.c
@@ -0,0 +1,35 @@
+===================================================================
+RCS file: /var/www/SourceSup/cvs/sympa/sympa/src/bouncequeue.c,v
+retrieving revision 1.4
+retrieving revision 1.4.2.1
+diff -u -r1.4 -r1.4.2.1
+--- src/bouncequeue.c	2003/10/07 12:04:47	1.4
++++ src/bouncequeue.c	2005/01/27 08:54:02	1.4.2.1
+@@ -1,5 +1,5 @@
+ /* boucequeue.c - This program does the non-delivery deports spooling
+-  RCS Identication ; $Revision: 1.4 $ ; $Date: 2003/10/07 12:04:47 $ 
++  RCS Identication ; $Revision: 1.4.2.1 $ ; $Date: 2005/01/27 08:54:02 $ 
+ 
+   Sympa - SYsteme de Multi-Postage Automatique
+   Copyright (c) 1997, 1998, 1999, 2000, 2001 Comite Reseau des Universites
+@@ -30,6 +30,11 @@
+ static char     buf[16384];
+ static int      i, fd;
+ 
++/* For HP-UX */
++#ifndef EX_CONFIG
++# define EX_CONFIG 78
++#endif
++
+ #ifndef CONFIG
+ # define CONFIG		"/etc/sympa.conf"
+ #endif
+@@ -97,7 +102,7 @@
+       exit(EX_NOPERM);
+    }
+    umask(027);
+-   sprintf(qfile, "T.%s.%ld.%d", listname, time(NULL), getpid());
++   snprintf(qfile, sizeof(qfile), "T.%s.%ld.%d", listname, time(NULL), getpid());
+    fd = open(qfile, O_CREAT|O_WRONLY, 0600);
+    if (fd == -1)
+       exit(EX_TEMPFAIL);
diff --git a/mail/sympa/files/patch-src-queue.c b/mail/sympa/files/patch-src-queue.c
new file mode 100644
index 000000000000..964998b17e9a
--- /dev/null
+++ b/mail/sympa/files/patch-src-queue.c
@@ -0,0 +1,42 @@
+===================================================================
+RCS file: /var/www/SourceSup/cvs/sympa/sympa/src/queue.c,v
+retrieving revision 1.4
+retrieving revision 1.4.2.1
+diff -u -r1.4 -r1.4.2.1
+--- src/queue.c	2003/10/07 12:04:47	1.4
++++ src/queue.c	2005/01/27 08:54:02	1.4.2.1
+@@ -1,5 +1,5 @@
+ /* queue.c - This program does the messages spooling
+-   RCS Identication ; $Revision: 1.4 $ ; $Date: 2003/10/07 12:04:47 $ 
++   RCS Identication ; $Revision: 1.4.2.1 $ ; $Date: 2005/01/27 08:54:02 $ 
+ 
+    Sympa - SYsteme de Multi-Postage Automatique
+    Copyright (c) 1997, 1998, 1999, 2000, 2001 Comite Reseau des Universites
+@@ -26,12 +26,17 @@
+ #include <string.h>
+ #include <stdlib.h>
+ 
+-static char rcsid[] = "(@)$Id: queue.c,v 1.4 2003/10/07 12:04:47 salaun Exp $";
++static char rcsid[] = "(@)$Id: queue.c,v 1.4.2.1 2005/01/27 08:54:02 sympa-authors Exp $";
+ 
+ static char     qfile[128];
+ static char     buf[16384];
+ static int      i, fd;
+ 
++/* For HP-UX */
++#ifndef EX_CONFIG
++# define EX_CONFIG 78
++#endif
++
+ #ifndef CONFIG
+ # define CONFIG		"/etc/sympa.conf"
+ #endif
+@@ -116,7 +121,7 @@
+      exit(EX_NOPERM);
+    }
+    umask(027);
+-   sprintf(qfile, "T.%s.%ld.%d", listname, time(NULL), getpid());
++   snprintf(qfile, sizeof(qfile), "T.%s.%ld.%d", listname, time(NULL), getpid());
+    fd = open(qfile, O_CREAT|O_WRONLY, 0600);
+    if (fd == -1){
+      char* buffer=(char*)malloc(strlen(argv[0])+strlen(queuedir)+80);
diff --git a/mail/sympa/pkg-install b/mail/sympa/pkg-install
index d8909209419a..d12872e0a719 100644
--- a/mail/sympa/pkg-install
+++ b/mail/sympa/pkg-install
@@ -44,7 +44,7 @@ fi
 
 USER=sympa
 GROUP=${USER}
-UID=1025
+UID=200
 GID=${UID}
 
 if ! pw groupshow "${GROUP}" 2>/dev/null 1>&2; then
author	Pav Lucistnik <pav@FreeBSD.org>	2005-02-27 13:55:24 +0000
committer	Pav Lucistnik <pav@FreeBSD.org>	2005-02-27 13:55:24 +0000
commit	75838a2fb77f051186a58a5555c0d4c9e14248bf (patch)
tree	8ebab8d05b2556d22f164831e1ede56c712b3164 /mail
parent	Fix thread compile (diff)