1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-14 23:46:10 +00:00
freebsd-ports/mail/pine4/files/patch-aa

99 lines
2.6 KiB
Plaintext
Raw Normal View History

Patch posted on BUGTRAQ & pine-info mailing lists which fixes the
so-called "remote exploit in pine" bug.
More info: http://www.washington.edu/pine/pine-info/1999.02/msg00056.html
*** ./pine/init.c.orig Tue Jan 26 11:57:56 1999
--- ./pine/init.c Tue Feb 9 19:23:06 1999
***************
*** 1791,1796 ****
--- 1791,1798 ----
F_QUELL_PARTIAL_FETCH, NO_HELP, PREF_NONE},
{"save-aggregates-copy-sequence",
F_AGG_SEQ_COPY, NO_HELP, PREF_NONE},
+ {"enable-mailcap-param-substitution",
+ F_DO_MAILCAP_PARAM_SUBST, NO_HELP, PREF_NONE},
{"termdef-takes-precedence",
F_TCAP_WINS, NO_HELP, PREF_NONE}
};
*** ./pine/mailcap.c.orig Wed Nov 18 10:00:15 1998
--- ./pine/mailcap.c Tue Feb 9 19:23:40 1999
***************
*** 739,745 ****
dprint(5, (debugfile, "- mc_passes_test -\n"));
if(mc->testcommand && *mc->testcommand)
! cmd = mc_bld_test_cmd(mc->testcommand, type, subtype, params);
if(!mc->testcommand || !cmd || !*cmd){
if(cmd)
--- 739,746 ----
dprint(5, (debugfile, "- mc_passes_test -\n"));
if(mc->testcommand && *mc->testcommand)
! if(!(cmd = mc_bld_test_cmd(mc->testcommand, type, subtype, params)))
! return(FALSE); /* couldn't be built */
if(!mc->testcommand || !cmd || !*cmd){
if(cmd)
***************
*** 794,800 ****
if(needsterm)
*needsterm = mc->needsterminal;
! command = mc_cmd_bldr(mc->command, type, subtype, params, tmp_file);
dprint(5, (debugfile, "built command: %s\n", command));
--- 795,802 ----
if(needsterm)
*needsterm = mc->needsterminal;
! if(!(command = mc_cmd_bldr(mc->command, type, subtype, params, tmp_file)))
! command = cpystr("");
dprint(5, (debugfile, "built command: %s\n", command));
***************
*** 871,876 ****
--- 873,884 ----
break;
case '{': /* insert requested MIME param */
+ if(F_OFF(F_DO_MAILCAP_PARAM_SUBST, ps_global)){
+ dprint(2,
+ (debugfile, "mc_cmd_bldr: param subs %s\n", from));
+ return(NULL);
+ }
+
s = strindex(from, '}');
if(!s){
q_status_message1(SM_ORDER, 0, 4,
***************
*** 956,962 ****
sprintf(to, MC_ADD_TMP, tmp_file);
return(cpystr(tmp_20k_buf));
! }
/*
--- 964,970 ----
sprintf(to, MC_ADD_TMP, tmp_file);
return(cpystr(tmp_20k_buf));
! }
/*
*** ./pine/pine.h.orig Thu Jan 28 16:52:00 1999
--- ./pine/pine.h Tue Feb 9 19:23:21 1999
***************
*** 886,891 ****
--- 886,892 ----
F_SHOW_TEXTPLAIN_INT,
F_ROLE_CONFIRM_DEFAULT,
F_NO_FCC_ATTACH,
+ F_DO_MAILCAP_PARAM_SUBST,
#ifdef ENABLE_LDAP
F_ADD_LDAP_TO_ABOOK,
#endif