Update to V1.0.3, per request of our security officers:

Versions prior to 1.0.3 of the nmh package contained a vulnerability
where incoming mail messages with carefully designed MIME headers could
cause nmh's mhshow command to execute arbitrary shell code.

See the changelog for another 372 lines of changes.

mail/nmh/Makefile

@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.32 2000/01/09 01:29:06 wiz Exp $
+# $NetBSD: Makefile,v 1.33 2000/03/02 00:23:14 hubertf Exp $
 # FreeBSD Id: Makefile,v 1.2 1997/08/04 06:51:28 markm Exp
 #
 
-DISTNAME=	nmh-1.0
+DISTNAME=	nmh-1.0.3
 CATEGORIES=	mail
-MASTER_SITES=   ftp://ftp.math.gatech.edu/pub/nmh/
+MASTER_SITES=   ftp://ftp.mhost.com/pub/nmh/
 
 MAINTAINER=     kim@tac.nyc.ny.us
 HOMEPAGE=	http://www.math.gatech.edu/nmh/

mail/nmh/files/patch-sum

@@ -1,10 +1,5 @@
-$NetBSD: patch-sum,v 1.2 2000/01/18 15:50:32 agc Exp $
+$NetBSD: patch-sum,v 1.3 2000/03/02 00:23:15 hubertf Exp $
 
-MD5 (patch-ca) = f428195be1c2e6ea9dece64b9468c2a2
-MD5 (patch-cb) = a5e72cabb0581833781d838ba7a8f363
-MD5 (patch-cc) = 5b2aabb2f9324fa1f84916a5b6c700ea
-MD5 (patch-cd) = cdd8cf36c8a4c32f9b95a46385eff29f
-MD5 (patch-ce) = 45ec854a9800773bfdb4f02e4e861e80
-MD5 (patch-cf) = 81367991e788a1fdeb76dca211e2508e
-MD5 (patch-cg) = 0f1266bf68fa26b57310bc9347b72dfc
-MD5 (patch-ch) = 98075d650a2ed27b876118ffe220e24a
+MD5 (patch-ca) = ba8bde6090ca48b315ac84f6a3c04f2d
+MD5 (patch-cb) = 6ba803e016659cde1f688f27f6ce09b5
+MD5 (patch-cc) = 14aab99374bf88d3d661ca795fdd2af8

mail/nmh/patches/patch-ca

@@ -1,10 +1,10 @@
-$NetBSD: patch-ca,v 1.2 2000/01/18 15:50:33 agc Exp $
+$NetBSD: patch-ca,v 1.3 2000/03/02 00:23:15 hubertf Exp $
 
 Use ${INSTALL_SCRIPT} to install scripts
 Install configuration files as <conf-file>.dist
 
---- etc/Makefile.in.orig	Fri Oct  2 23:38:38 1998
-+++ etc/Makefile.in	Thu Mar  4 01:41:05 1999
+--- etc/Makefile.in.orig	Thu Jan  6 22:30:07 2000
++++ etc/Makefile.in	Thu Mar  2 00:46:18 2000
 @@ -21,6 +21,7 @@
  INSTALL         = @INSTALL@
  INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -13,24 +13,24 @@ Install configuration files as <conf-file>.dist
  
  # Path to search for programs to handle MIME
  # content.  Used to create mhn.defaults
-@@ -79,16 +80,16 @@
+@@ -80,16 +81,16 @@
  	  $(INSTALL_DATA) $(srcdir)/$$file $(etcdir)/$$file; \
  	done
  	for file in $(GEN_FILES); do \
 -	  if [ -f $(etcdir)/$$file ]; then \
 -	    mv $(etcdir)/$$file $(etcdir)/$$file.old; \
 +	  if [ -f $(etcdir)/$$file.dist ]; then \
-+	    mv $(etcdir)/$$file.dist $(etcdir)/$$file.dist.old; \
++	    mv $(etcdir)/$$file.dist $(etcdir)/$$file.old; \
  	  fi; \
 -	  $(INSTALL_DATA) $$file $(etcdir)/$$file; \
 +	  $(INSTALL_DATA) $$file $(etcdir)/$$file.dist; \
  	done
  
  install-scripts:
- 	$(top_srcdir)/mkinstalldirs $(libdir)
+ 	$(top_srcdir)/mkinstalldirs $(bindir)
  	for script in $(SCRIPTS); do \
--	  $(INSTALL_PROGRAM) $(srcdir)/$$script $(libdir)/$$script; \
-+	  $(INSTALL_SCRIPT) $(srcdir)/$$script $(libdir)/$$script; \
+-	  $(INSTALL_PROGRAM) $(srcdir)/$$script $(bindir)/$$script; \
++	  $(INSTALL_SCRIPT) $(srcdir)/$$script $(bindir)/$$script; \
  	done
  
  uninstall: uninstall-files uninstall-scripts

mail/nmh/patches/patch-cb

@@ -1,7 +1,7 @@
-$NetBSD: patch-cb,v 1.4 1999/03/07 01:16:26 kim Exp $
+$NetBSD: patch-cb,v 1.5 2000/03/02 00:23:15 hubertf Exp $
 
---- config.h.in.orig	Sat Jan 23 21:27:49 1999
-+++ config.h.in	Sat Mar  6 19:50:56 1999
+--- config.h.in.orig	Sun Feb  6 13:40:21 2000
++++ config.h.in	Thu Mar  2 00:47:13 2000
 @@ -1,5 +1,12 @@
  /* config.h.in.  Generated automatically from configure.in by autoheader.  */
  
@@ -15,23 +15,7 @@ $NetBSD: patch-cb,v 1.4 1999/03/07 01:16:26 kim Exp $
  /****** BEGIN USER CONFIGURATION SECTION *****/
  
  /*
-@@ -37,9 +44,12 @@
-  *  OpenBSD 2.x
-  *  BSD/OS 2.x
-  */
--/* #define BIND     1 */
--/* #define BSD42    1 */
--/* #define BSD44    1 */
-+#ifdef BSD4_4
-+#define BIND     1
-+#define BSD42    1
-+#define BSD44    1
-+#define GCOS_HACK 1
-+#endif
- 
- /*
-  *  SCO 4.x
-@@ -399,9 +409,6 @@
+@@ -405,9 +412,6 @@
  
  /* Define if you have the <sys/ndir.h> header file.  */
  #undef HAVE_SYS_NDIR_H

mail/nmh/patches/patch-cc

@@ -1,9 +1,9 @@
-$NetBSD: patch-cc,v 1.1 1999/03/06 20:37:32 kim Exp $
+$NetBSD: patch-cc,v 1.2 2000/03/02 00:23:15 hubertf Exp $
 
---- uip/show.c.orig	Thu Dec  3 18:22:07 1998
-+++ uip/show.c	Sat Mar  6 14:55:52 1999
-@@ -315,6 +315,15 @@
- 	vec[vecp] = NULL;
+--- uip/show.c.orig	Sun Sep 12 15:50:12 1999
++++ uip/show.c	Thu Mar  2 00:47:34 2000
+@@ -326,6 +326,15 @@
+        vec[++vecp] = NULL;
      }
  
 +    /* If the "proc" is "mhshow", add "-file" if showing file or draft.

mail/nmh/patches/patch-cd

@@ -1,13 +0,0 @@
-$NetBSD: patch-cd,v 1.1 1999/03/06 20:37:32 kim Exp $
-
---- zotnet/tws/dtime.c.orig	Sun Jul 12 16:16:33 1998
-+++ zotnet/tws/dtime.c	Sat Mar  6 15:17:04 1999
-@@ -247,7 +247,7 @@
- char *
- dctime (struct tws *tw)
- {
--    static char buffer[25];
-+    static char buffer[26];
- 
-     if (!tw)
- 	return NULL;

mail/nmh/patches/patch-ce

@@ -1,17 +0,0 @@
-$NetBSD: patch-ce,v 1.1 1999/03/07 19:39:19 kim Exp $
-
---- uip/mhshowsbr.c.orig	Wed Sep  9 16:59:17 1998
-+++ uip/mhshowsbr.c	Sun Mar  7 14:14:59 1999
-@@ -509,10 +509,11 @@
- 		read (fileno (stdout), prompt, sizeof(prompt));
- 	    }
- 	    SIGNAL (SIGINT, istat);
--	    if (intr != OK) {
-+	    if (intr != OK || prompt[0] == 'n') {
- 		(*ct->c_ceclosefnx) (ct);
- 		return (alternate ? DONE : NOTOK);
- 	    }
-+	    if (prompt[0] == 'q') done(OK);
- 	}
-     }
- 

mail/nmh/patches/patch-cf

@@ -1,31 +0,0 @@
-$NetBSD: patch-cf,v 1.1 1999/03/07 19:40:01 kim Exp $
-
---- sbr/m_getfld.c.orig	Fri Jul 31 18:48:37 1998
-+++ sbr/m_getfld.c	Sun Mar  7 14:33:11 1999
-@@ -259,7 +259,7 @@
- 		bp = sp = (unsigned char *) iob->_ptr - 1;
- 		j = (cnt = iob->_cnt+1) < i ? cnt : i;
- #endif
--		while ((c = *bp++) != ':' && c != '\n' && --j >= 0)
-+		while (--j >= 0 && (c = *bp++) != ':' && c != '\n')
- 		    *cp++ = c;
- 
- 		j = bp - sp;
-@@ -538,7 +538,7 @@
- 	    ;
- #else /* RPATHS */
- 	cp = unixbuf;
--	while ((c = getc (iob)) != '\n')
-+	while ((c = getc (iob)) != '\n' && cp - unixbuf < BUFSIZ - 1)
- 	    *cp++ = c;
- 	*cp = 0;
- #endif /* RPATHS */
-@@ -639,7 +639,7 @@
- 		break;
- #else /* RPATHS */
- 	cp = unixbuf;
--	while ((c = getc (iob)) != '\n' && c >= 0)
-+	while ((c = getc (iob)) != '\n' && c >= 0 && cp - unixbuf < BUFSIZ - 1)
- 	    *cp++ = c;
- 	*cp = 0;
- #endif /* RPATHS */

mail/nmh/patches/patch-cg

@@ -1,16 +0,0 @@
-$NetBSD: patch-cg,v 1.1 1999/03/08 20:48:28 kim Exp $
-
---- uip/mhparse.c.orig	Thu Oct 15 00:04:57 1998
-+++ uip/mhparse.c	Mon Mar  8 15:29:57 1999
-@@ -1194,9 +1194,9 @@
-     struct k2v *kv;
-     CI ci = &ct->c_ctinfo;
- 
--    if (ct->c_encoding != CE_7BIT) {
-+    if ((ct->c_encoding != CE_7BIT) && (ct->c_encoding != CE_8BIT)) {
- 	admonish (NULL,
--		  "\"%s/%s\" type in message %s should be encoded in 7bit",
-+		  "\"%s/%s\" type in message %s should be encoded in 7bit or 8bit",
- 		  ci->ci_type, ci->ci_subtype, ct->c_file);
- 	return NOTOK;
-     }

mail/nmh/patches/patch-ch

@@ -1,16 +0,0 @@
-$NetBSD: patch-ch,v 1.1 1999/03/08 20:48:29 kim Exp $
-
---- uip/mhbuildsbr.c.orig	Thu Oct 15 00:05:02 1998
-+++ uip/mhbuildsbr.c	Mon Mar  8 15:32:11 1999
-@@ -1433,9 +1433,9 @@
-     struct k2v *kv;
-     CI ci = &ct->c_ctinfo;
- 
--    if (ct->c_encoding != CE_7BIT) {
-+    if ((ct->c_encoding != CE_7BIT) && (ct->c_encoding != CE_8BIT)) {
- 	admonish (NULL,
--		  "\"%s/%s\" type in message %s should be encoded in 7bit",
-+		  "\"%s/%s\" type in message %s should be encoded in 7bit or 8bit",
- 		  ci->ci_type, ci->ci_subtype, ct->c_file);
- 	return NOTOK;
-     }

mail/nmh/pkg/PLIST

@@ -1,31 +1,25 @@
-@comment $NetBSD: PLIST,v 1.11 2000/01/18 15:50:33 agc Exp $
+@comment $NetBSD: PLIST,v 1.12 2000/03/02 00:23:16 hubertf Exp $
 bin/ali
+bin/mhn
 bin/anno
 bin/burst
 bin/comp
 bin/dist
 bin/flist
-bin/flists
 bin/folder
-bin/folders
 bin/forw
-bin/inc
 bin/mark
 bin/mhbuild
 bin/mhlist
 bin/mhmail
-bin/mhn
 bin/mhparam
 bin/mhpath
 bin/mhshow
 bin/mhstore
-bin/mhtest
 bin/msgchk
 bin/msh
-bin/next
 bin/packf
 bin/pick
-bin/prev
 bin/prompter
 bin/refile
 bin/repl
@@ -35,47 +29,16 @@ bin/scan
 bin/send
 bin/show
 bin/sortm
+bin/inc
 bin/viamail
 bin/whatnow
 bin/whom
-etc/nmh/MailAliases
-etc/nmh/components
-etc/nmh/digestcomps
-etc/nmh/distcomps
-etc/nmh/forwcomps
-etc/nmh/mhl.body
-etc/nmh/mhl.digest
-etc/nmh/mhl.format
-etc/nmh/mhl.forward
-etc/nmh/mhl.headers
-etc/nmh/mhl.reply
-etc/nmh/mhn.defaults.dist
-etc/nmh/mts.conf.dist
-etc/nmh/rcvdistcomps
-etc/nmh/replcomps
-etc/nmh/replgroupcomps
-etc/nmh/scan.default
-etc/nmh/scan.mailx
-etc/nmh/scan.nomime
-etc/nmh/scan.size
-etc/nmh/scan.time
-etc/nmh/scan.timely
-etc/nmh/scan.unseen
-etc/nmh/tmac.h
-libexec/nmh/ap
-libexec/nmh/conflict
-libexec/nmh/dp
-libexec/nmh/fmtdump
-libexec/nmh/install-mh
-libexec/nmh/mhl
-libexec/nmh/post
-libexec/nmh/rcvdist
-libexec/nmh/rcvpack
-libexec/nmh/rcvstore
-libexec/nmh/rcvtty
-libexec/nmh/sendfiles
-libexec/nmh/slocal
-libexec/nmh/spost
+bin/flists
+bin/folders
+bin/prev
+bin/next
+bin/sendfiles
+man/man1/repl.1
 man/man1/ali.1
 man/man1/anno.1
 man/man1/burst.1
@@ -87,6 +50,7 @@ man/man1/forw.1
 man/man1/inc.1
 man/man1/mark.1
 man/man1/mh-chart.1
+man/man1/nmh.1
 man/man1/mhbuild.1
 man/man1/mhl.1
 man/man1/mhlist.1
@@ -99,7 +63,6 @@ man/man1/mhstore.1
 man/man1/msgchk.1
 man/man1/msh.1
 man/man1/next.1
-man/man1/nmh.1
 man/man1/packf.1
 man/man1/pick.1
 man/man1/prev.1
@@ -109,7 +72,6 @@ man/man1/rcvpack.1
 man/man1/rcvstore.1
 man/man1/rcvtty.1
 man/man1/refile.1
-man/man1/repl.1
 man/man1/rmf.1
 man/man1/rmm.1
 man/man1/scan.1
@@ -128,6 +90,7 @@ man/man5/mh-mail.5
 man/man5/mh-profile.5
 man/man5/mh-sequence.5
 man/man5/mh-tailor.5
+man/man5/mh_profile.5
 man/man8/ap.8
 man/man8/conflict.8
 man/man8/dp.8
@@ -141,7 +104,71 @@ share/doc/nmh/FAQ
 share/doc/nmh/MAIL.FILTERING
 share/doc/nmh/README
 share/doc/nmh/TODO
-share/doc/nmh/ZSH.COMPLETION
-@dirrm etc/nmh
-@dirrm libexec/nmh
+share/doc/nmh/COMPLETION-ZSH
+etc/nmh/mhl.body
+etc/nmh/mhl.digest
+etc/nmh/mhl.format
+etc/nmh/mhl.forward
+etc/nmh/mhl.headers
+etc/nmh/mhl.reply
+etc/nmh/scan.default
+etc/nmh/scan.mailx
+etc/nmh/scan.nomime
+etc/nmh/scan.size
+etc/nmh/scan.time
+etc/nmh/scan.timely
+etc/nmh/scan.unseen
+etc/nmh/components
+etc/nmh/digestcomps
+etc/nmh/distcomps
+etc/nmh/forwcomps
+etc/nmh/rcvdistcomps
+etc/nmh/rcvdistcomps.outbox
+etc/nmh/replcomps
+etc/nmh/replgroupcomps
+etc/nmh/MailAliases
+etc/nmh/mhn.defaults.dist
+etc/nmh/tmac.h
+etc/nmh/mhn.defaults
+etc/nmh/mts.conf.dist
+etc/nmh/mhl.body.old
+etc/nmh/mhl.digest.old
+etc/nmh/mhl.format.old
+etc/nmh/mhl.forward.old
+etc/nmh/mhl.headers.old
+etc/nmh/mhl.reply.old
+etc/nmh/scan.default.old
+etc/nmh/scan.mailx.old
+etc/nmh/scan.nomime.old
+etc/nmh/scan.size.old
+etc/nmh/scan.time.old
+etc/nmh/scan.timely.old
+etc/nmh/scan.unseen.old
+etc/nmh/components.old
+etc/nmh/digestcomps.old
+etc/nmh/distcomps.old
+etc/nmh/forwcomps.old
+etc/nmh/rcvdistcomps.old
+etc/nmh/rcvdistcomps.outbox.old
+etc/nmh/replcomps.old
+etc/nmh/replgroupcomps.old
+etc/nmh/MailAliases.old
+etc/nmh/mhn.defaults.old
+etc/nmh/mts.conf.old
+libexec/nmh/ap
+libexec/nmh/conflict
+libexec/nmh/dp
+libexec/nmh/fmtdump
+libexec/nmh/install-mh
+libexec/nmh/mhl
+libexec/nmh/post
+libexec/nmh/rcvdist
+libexec/nmh/rcvpack
+libexec/nmh/rcvstore
+libexec/nmh/rcvtty
+libexec/nmh/slocal
+libexec/nmh/spost
+libexec/nmh/mhtest
 @dirrm share/doc/nmh
+@dirrm libexec/nmh
+@dirrm etc/nmh