i already put the 4.58 sources in distfiles but this patch needs to be remade for 4.58: mirror://gentoo//${P}-chappa-20030609.patch.bz2 Date: Wed, 10 Sep 2003 12:00:37 -0700 (Pacific Daylight Time) Sender: PINE-ANNOUNCE-owner@u.washington.edu List-Help: <http://www.washington.edu/computing/listproc/> List-Unsubscribe: <mailto:listproc@u.washington.edu?body=unsubscribe%20pine-announce> List-Subscribe: <mailto:listproc@u.washington.edu?body=subscribe%20pine-announce%20YourName> List-Owner: <mailto:pine-announce-request@u.washington.edu> (Human contact for the list) List-Post: <mailto:pine-announce@u.washington.edu> (Postings are moderated) From: Steve Hubert <hubert@washington.edu> To: Pine Announcement List <pine-announce@u.washington.edu> Subject: Pine 4.58 is now available X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='NOSPAM_INC, __CT, __CT_TEXT_PLAIN, __HAS_MSGID, __MIME_VERSION, __SANE_MSGID, __USER_AGENT_PINE' This note is to announce the availability of the Pine Message System version 4.58. This is a maintenance release with only a few new features. Perhaps the most notable change is a fix for a potential security problem. * Fixed potential security problems caused by maliciously-formed RFC 2231 attachment parameters Specific information about changes can always be found in the built-in release notes ("R" off the Main Menu), or via any of: http://www.washington.edu/pine/ http://www.washington.edu/pine/changes.html ftp://ftp.cac.washington.edu/pine/docs/ UNIX source code for the latest Pine release is available at: http://www.washington.edu/pine/getpine/ or ftp://ftp.cac.washington.edu/pine/pine.tar.Z (MD5: ae06c30bb8b7e87b7a7bfc6fd3a07dbf) ftp://ftp.cac.washington.edu/pine/pine.tar.bz2 (MD5: 6135222a12f06b2dfceea5c1b736891e) ftp://ftp.cac.washington.edu/pine/pine.tar.gz (MD5: 9fff1ca5fa2363f5684c144a9da4c7ef) Pre-built binaries are available for a small number of UNIX operating environments for citizens of the U.S. or Canada via: http://www.washington.edu/pine/getpine/ Instructions for building UNIX Pine are in the README file in the top-level directory of the tar file. The PC-Pine distribution is also available at the above url, or at: ftp://ftp.cac.washington.edu/pine/pcpine/setup_pine_4.58.exe (MD5: 1ea4e2317ea82e2ec7bfd1a0a49f8aa2) Alternatively, the zip file is also available at: ftp://ftp.cac.washington.edu/pine/pcpine/pm458w32.zip (MD5: 34edbfbb94d2ebfea691264e01e117ab) As with all Pine releases, it is important that you carefully test and determine for yourself that it performs suitably in your environment before placing Pine into production use. Thanks. The Pine Development Team -- ------------------------------------------------------------- For information about this mailing list, see: http://www.washington.edu/pine/pine-info/pine-announce.html -------------------------------------------------------------
Created attachment 17501 [details, diff] Patch that works with pine 4.58
lets watch this patch
Michal 'Spock' Januszewski Are you the author of this patch? If not can you please append a url where it comes from?
looks like that patch might come from: http://www.math.washington.edu/~chappa/pine/
raker: in the pine ebuild changelog you said "A hand picked group of patches from the chappa collection." ... is this still the case? could you hand pick them again from chappa's all.tar.gz for 4.58 ? thanks
I'm not the author of the attached patch. It's pine-4.56-chappa-20030609 (from Portage) remade so that it would work with pine-4.58. Since there are now versions of these patches for 4.58 on chappa's site, I believe it would be best to use them instead of the attached one.
i just checked in pine-4.58.ebuild. i removed the chappa patches for now since an exploit for pine =< 4.56 was just published. a GLSA will follow soon.
just checked in pine-4.58-r1.ebuild, keyworded for testing. it includes chappa's 'all' set of patches for pine as on 2003-09-15. i am not sure if the 'all' set includes all of the patches that were hand picked by raker and included with the ebuilds up until now. so please test!
glsa was sent out: http://forums.gentoo.org/viewtopic.php?t=84922 on 9/16/2003.
