Am Mon, Jan 02, 2023 at 09:54:40AM +0100 schrieb Martin Ziemer:
> This patch updates getmail from 6.18.10 to 6.18.11.
>
> For the new shell quotes, which fixes a security hole, i changed the
> getmails-script from using /bin/sh to use bash.
>
> Tested on to amd64 systems.
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/mail/getmail/Makefile,v
> retrieving revision 1.103
> diff -u -p -u -p -r1.103 Makefile
> --- Makefile 9 Dec 2022 14:29:52 -0000 1.103
> +++ Makefile 2 Jan 2023 08:44:16 -0000
> @@ -1,6 +1,6 @@
> COMMENT= IMAP/POP3/SDPS mail retriever
>
> -MODPY_EGG_VERSION= 6.18.10
> +MODPY_EGG_VERSION= 6.18.11
> GH_ACCOUNT= getmail6
> GH_PROJECT= getmail6
> GH_TAGNAME= v${MODPY_EGG_VERSION}
> @@ -18,6 +18,8 @@ PERMIT_PACKAGE= Yes
> MODULES= lang/python
> MODPY_PYBUILD= setuptools
> NO_TEST= Yes
> +
> +RUN_DEPENDS= shells/bash
>
> EXDIR= ${PREFIX}/share/examples/getmail
>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/mail/getmail/distinfo,v
> retrieving revision 1.82
> diff -u -p -u -p -r1.82 distinfo
> --- distinfo 9 Dec 2022 14:29:52 -0000 1.82
> +++ distinfo 2 Jan 2023 08:44:16 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (getmail6-6.18.10.tar.gz) =
> DlYXz6LMh8WyWWNPWfVyjfOyVoqSyqVkdn4lb3mGatY=
> -SIZE (getmail6-6.18.10.tar.gz) = 205481
> +SHA256 (getmail6-6.18.11.tar.gz) =
> SD5PJr0PYsie0tRHazhArKu32GjEDeC8mT7HuWQtlok=
> +SIZE (getmail6-6.18.11.tar.gz) = 207051
> Index: patches/patch-getmails
> ===================================================================
> RCS file: /cvs/ports/mail/getmail/patches/patch-getmails,v
> retrieving revision 1.1
> diff -u -p -u -p -r1.1 patch-getmails
> --- patches/patch-getmails 9 Dec 2022 14:29:52 -0000 1.1
> +++ patches/patch-getmails 2 Jan 2023 08:44:16 -0000
> @@ -3,16 +3,22 @@
> Index: getmails
> --- getmails.orig
> +++ getmails
> -@@ -28,7 +28,7 @@ BASE1=${1##*/}
> - [ "$BASE1" != "${BASE1#$2}" ] && return 0 || return 1
> +@@ -1,4 +1,4 @@
> +-#!/bin/sh
> ++#!/usr/bin/env bash
> + # vim:se tw=78 sts=4:
> + # Copyright (C) 2011-2017 Osamu Aoki <os...@debian.org>, GPL2+
> +
> +@@ -32,7 +32,7 @@ shellquote() {
> + printf '%s\n' "'${1//\'/\'\\\'\'}'"
> }
> UID_BY_ID=$(id -u)
> -PID_GETMAILS=$(pgrep -U $UID_BY_ID '^getmails$')
> -+PID_GETMAILS=$(pgrep -f -U $UID_BY_ID '^/bin/sh /usr/local/bin/getmails$')
> ++PID_GETMAILS=$(pgrep -f -U $UID_BY_ID '^bash /usr/local/bin/getmails$')
> if [ "x$PID_GETMAILS" != "x$$" ]; then
> echo "The getmails script is already running as PID=\"$PID_GETMAILS\"
> ." >&2
> exit 1
> -@@ -44,7 +44,7 @@ if [ -f $getmailrcdir/stop ]; then
> +@@ -48,7 +48,7 @@ if [ -f $getmailrcdir/stop ]; then
> echo "Do not run getmail ... (if not, remove $getmailrcdir/stop)" >&2
> exit 1
> fi
> @@ -21,7 +27,7 @@ Index: getmails
> # Address concerns raised by #863856
> # emacs backup files: foo~ foo#
> # vim backup files: foo~ foo.swp
> -@@ -57,7 +57,8 @@ if $para ; then
> +@@ -61,7 +61,8 @@ if $para ; then
> ! endwith "$file" '#' && \
> ! startswith "$file" 'oldmail-' && \
> ! endwith "$file" '.swp' && \
> @@ -31,13 +37,13 @@ Index: getmails
> $rcfiles --rcfile "$file" "$@" &
> pids="$pids $!"
> fi
> -@@ -79,7 +80,8 @@ else
> +@@ -83,7 +84,8 @@ else
> ! endwith "$file" '#' && \
> ! startswith "$file" 'oldmail-' && \
> ! endwith "$file" '.swp' && \
> - ! endwith "$file" '.bak' ; then
> + ! endwith "$file" '.bak' && \
> + [ -f "$file" ]; then
> - rcfiles="$rcfiles --rcfile \"$file\""
> + rcfiles="$rcfiles --rcfile $(shellquote "$file")"
> fi
> done
>
