File security1.diff of Package qpopper

--- common/logit.c
+++ common/logit.c
@@ -161,7 +161,7 @@
         char whence [ 512 ];
         int  len;
         
-        iLeft -= ( iChunk >= 0 ? iChunk : strlen(msgbuf) );
+        iLeft -= strlen(msgbuf);
         len    = Qsprintf ( whence, " [%s:%lu]", fn, ln );
         strncat ( msgbuf, whence, iLeft );
         msgbuf [ sizeof(msgbuf) -1 ] = '\0'; /* just to make sure */
@@ -191,7 +191,7 @@
         syslog ( loglev, "%s", msgbuf) ;
     }
     
-    if ( iChunk == -1 ) {
+    if ( iChunk >= sizeof(msgbuf) - 1 ) {
         /* 
          * We blew out the format buffer.
          */
--- common/snprintf.c
+++ common/snprintf.c
@@ -358,7 +358,12 @@
                     limit  = atoi ( p );
                 }
                 else
-                if ( nState == IN_FORM && bWidth == FALSE ) {
+                /* This statement originally had nState == IN_FORM
+                * but we never get here when in state IN_FORM.
+                * They probably meant IN_CONV.
+                * If you insist on re-inventing wheels, they invariably
+                * turn out to be bumpier that the original. --okir */
+                if ( nState == IN_CONV && bWidth == FALSE ) {
                     bWidth = TRUE;
                     width  = atoi ( p );
                 }
--- popper/popauth.c
+++ popper/popauth.c
@@ -780,6 +780,8 @@
                 fprintf ( stderr, "%s: \"-%s\" unknown option\n", program, cp );
                 helpful();
             case TRACESW:
+		if (getuid())
+                adios ( HERE, "you are not allowed to do that" );
                 debug++;
                 open_trace ( argv[1] );
                 argc--;