mirror of
https://git.FreeBSD.org/ports.git
synced 2024-11-14 23:46:10 +00:00
36ed40dd19
This is a quick update for mail/imap-uw after Mark Crispin (supposedly) solved the LIST "AAAAA...." vulnerability in imapd. PR: ports/18269 Submitted by: MAINTAINER
20 lines
780 B
Bash
20 lines
780 B
Bash
#!/bin/sh
|
|
TTY=/dev/tty
|
|
|
|
case $2 in
|
|
POST-INSTALL)
|
|
;;
|
|
PRE-INSTALL)
|
|
if dialog --yesno "This port is not safe to use on a system which does not\nprovide shell access to users who can retrieve mail via IMAP.\nimapd contains buffer overflows which a user can exploit\nafter they have logged into imap to get access to their\naccount on the machine. If your imap users have shell access\nanyway, this is not a significant vulnerability.\n\nThere is also a vulnerability wherein local users can prevent\narbitrary POP2/3 mailboxes from being opened, and force IMAP\nmailboxes to only open read-only.\n\nDo you wish to proceed with the build?" 16 65 < ${TTY} >${TTY} 2>&1; then
|
|
exit 0
|
|
else
|
|
exit 1
|
|
fi
|
|
;;
|
|
*)
|
|
echo "Unexpected argument $2!"
|
|
exit 1
|
|
;;
|
|
esac
|
|
exit 0
|