Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=xfcetesting.git;a=commitdiff;h=e91115219a16a9a9d1743d8a656f1af3982640a1

commit e91115219a16a9a9d1743d8a656f1af3982640a1
Author: Devil505 <devil505li...@gmail.com>
Date:   Fri Feb 18 18:09:44 2011 +0100

fetchmail-6.3.19-1-i686
* version bump
* removed patch

diff --git a/source/network/fetchmail/CVE-2010-1167.patch 
b/source/network/fetchmail/CVE-2010-1167.patch
deleted file mode 100644
index 404207a..0000000
--- a/source/network/fetchmail/CVE-2010-1167.patch
+++ /dev/null
@@ -1,340 +0,0 @@
-From ec06293134b85876f9201d8a52b844c41581b2b3 Mon Sep 17 00:00:00 2001
-From: Matthias Andree <matthias.and...@gmx.de>
-Date: Sun, 18 Apr 2010 18:01:38 +0200
-Subject: [PATCH] SECURITY FIX: DoS on EILSEQ in report_*() in -vv and 
multibyte-locales.
-
----
- Makefile.am              |    1 +
- NEWS                     |    8 ++
- fetchmail-SA-2010-02.txt |  209 ++++++++++++++++++++++++++++++++++++++++++++++
- rfc822.c                 |   17 +++--
- uid.c                    |   22 ++++--
- 5 files changed, 245 insertions(+), 12 deletions(-)
- create mode 100644 fetchmail-SA-2010-02.txt
-
-diff --git a/Makefile.am b/Makefile.am
-index 900ea59..de4e446 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -126,6 +126,7 @@ DISTDOCS=  FAQ FEATURES NOTES OLDNEWS fetchmail-man.html \
-               fetchmail-features.html README.SSL README.NTLM \
-               README.packaging README.SSL-SERVER \
-               fetchmail-FAQ.book fetchmail-FAQ.pdf fetchmail-FAQ.html \
-+              fetchmail-SA-2010-02.txt \
-               fetchmail-SA-2010-01.txt \
-               fetchmail-SA-2009-01.txt \
-               fetchmail-SA-2008-01.txt \
-diff --git a/fetchmail-SA-2010-02.txt b/fetchmail-SA-2010-02.txt
-new file mode 100644
-index 0000000..3e2e33b
---- /dev/null
-+++ b/fetchmail-SA-2010-02.txt
-@@ -0,0 +1,209 @@
-+- DRAFT - XXX - DRAFT -
-+
-+fetchmail-SA-2010-02: Denial of service in debug mode w/ multichar locales
-+
-+Topics:               Denial of service in debug output.
-+
-+Author:               Matthias Andree
-+Version:      0.1 XXX
-+Announced:    XXX
-+Type:         malloc() Buffer overrun with printable characters
-+Impact:               Denial of service.
-+Danger:               low
-+
-+CVE Name:     CVE-2010-XXXX
-+CVSSv2:               XXX
-+URL:          http://www.fetchmail.info/fetchmail-SA-2010-02.txt
-+Project URL:  http://www.fetchmail.info/
-+
-+Affects:      fetchmail releases 4.6.3 up to and including 6.3.16
-+
-+Not affected: fetchmail release 6.3.17 and newer
-+
-+Corrected:    2010-04-18 Git (XXX)
-+
-+
-+0. Release history
-+==================
-+
-+2010-04-18 0.1        first draft (visible in SVN and through oss-security)
-+XXX
-+
-+
-+1. Background
-+=============
-+
-+fetchmail is a software package to retrieve mail from remote POP2, POP3,
-+IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or
-+message delivery agents. It supports SSL and TLS security layers through
-+the OpenSSL library, if enabled at compile time and if also enabled at
-+run time.
-+
-+
-+2. Problem description and Impact
-+=================================
-+
-+In debug mode (-v -v), fetchmail prints information that was obtained from the
-+upstream server (POP3 UIDL lists) or from message headers retrieved from it.
-+  If printing such information fails, for instance because there are invalid
-+multibyte character sequences in this information (message headers), fetchmail
-+will misinterpret this condition, and believe that the buffer was too small,
-+and reallocate a bigger one (with linearly increasing buffer size), and 
repeat,
-+until the allocation fails. At that point, fetchmail will abort.
-+
-+Note that the "Affects:" line above may be inaccurate, and it may be that
-+versions before 5.6.6 are actually unaffected.  The author was unable to
-+compile such old fetchmail versions to verify the existence of the bug.
-+  Given that other security issues are present in such versions, those should
-+not be used, and the wider version range was listed as vulnerable to err
-+towards the safe.
-+
-+
-+3. Solution
-+===========
-+
-+There are two alternatives, either of them by itself is sufficient:
-+
-+a. Apply the patch found in section B of this announcement to
-+   fetchmail 6.3.14 or newer, recompile and reinstall it.
-+
-+b. Install fetchmail 6.3.17 or newer after it will have become available.
-+   The fetchmail source code is always available from
-+   <http://developer.berlios.de/project/showfiles.php?group_id=1824>.
-+
-+
-+4. Workaround
-+=============
-+
-+Run fetchmail with at most one -v (--verbose) option.
-+
-+
-+A. Copyright, License and Warranty
-+==================================
-+
-+(C) Copyright 2010 by Matthias Andree, <matthias.and...@gmx.de>.
-+Some rights reserved.
-+
-+This work is licensed under the Creative Commons
-+Attribution-Noncommercial-No Derivative Works 3.0 Germany License.
-+To view a copy of this license, visit
-+http://creativecommons.org/licenses/by-nc-nd/3.0/de/ or send a letter to
-+
-+Creative Commons
-+171 Second Street
-+Suite 300
-+SAN FRANCISCO, CALIFORNIA 94105
-+USA
-+
-+
-+THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
-+Use the information herein at your own risk.
-+
-+
-+B. Patch to remedy the problem
-+==============================
-+
-+Note that when taking this from a GnuPG clearsigned file, the lines
-+starting with a "-" character are prefixed by another "- " (dash +
-+blank) combination. Either feed this file through GnuPG to strip them,
-+or strip them manually. You may want to use the "-p1" flag to patch.
-+
-+Whitespace differences can usually be ignored by invoking "patch -l",
-+so try this if the patch does not apply.
-+
-+diff --git a/rfc822.c b/rfc822.c
-+index 6f2dbf3..dbcda32 100644
-+--- a/rfc822.c
-++++ b/rfc822.c
-+@@ -25,6 +25,7 @@ MIT license.  Compile with -DMAIN to build the demonstrator.
-+ #include  <stdlib.h>
-+
-+ #include "fetchmail.h"
-++#include "sdump.h"
-+
-+ #ifndef MAIN
-+ #include "i18n.h"
-+@@ -74,9 +75,10 @@ char *reply_hack(
-+     }
-+
-+ #ifndef MAIN
-+-    if (outlevel >= O_DEBUG)
-+-     report_build(stdout, GT_("About to rewrite %.*s...\n"),
-+-                     (int)BEFORE_EOL(buf), buf);
-++    if (outlevel >= O_DEBUG) {
-++     report_build(stdout, GT_("About to rewrite %s...\n"), (cp = sdump(buf, 
BEFORE_EOL(buf))));
-++     xfree(cp);
-++    }
-+
-+     /* make room to hack the address; buf must be malloced */
-+     for (cp = buf; *cp; cp++)
-+@@ -211,9 +213,12 @@ char *reply_hack(
-+     }
-+
-+ #ifndef MAIN
-+-    if (outlevel >= O_DEBUG)
-+-     report_complete(stdout, GT_("...rewritten version is %.*s.\n"),
-+-                     (int)BEFORE_EOL(buf), buf);
-++    if (outlevel >= O_DEBUG) {
-++     report_complete(stdout, GT_("...rewritten version is %s.\n"),
-++                     (cp = sdump(buf, BEFORE_EOL(buf))));
-++     xfree(cp)
-++    }
-++
-+ #endif /* MAIN */
-+     *length = strlen(buf);
-+     return(buf);
-+diff --git a/uid.c b/uid.c
-+index fdc6f5d..d813bee 100644
-+--- a/uid.c
-++++ b/uid.c
-+@@ -20,6 +20,7 @@
-+
-+ #include "fetchmail.h"
-+ #include "i18n.h"
-++#include "sdump.h"
-+
-+ /*
-+  * Machinery for handling UID lists live here.  This is mainly to support
-+@@ -260,8 +261,11 @@ void initialize_saved_lists(struct query *hostlist, 
const char *idfile)
-+      if (uidlcount)
-+      {
-+          report_build(stdout, GT_("Scratch list of UIDs:"));
-+-         for (idp = scratchlist; idp; idp = idp->next)
-+-             report_build(stdout, " %s", idp->id);
-++         for (idp = scratchlist; idp; idp = idp->next) {
-++             char *t = sdump(idp->id, strlen(idp->id));
-++             report_build(stdout, " %s", t);
-++             free(t);
-++         }
-+          if (!idp)
-+              report_build(stdout, GT_(" <empty>"));
-+          report_complete(stdout, "\n");
-+@@ -517,8 +521,11 @@ void uid_swap_lists(struct query *ctl)
-+          report_build(stdout, GT_("Merged UID list from %s:"), 
ctl->server.pollname);
-+      else
-+          report_build(stdout, GT_("New UID list from %s:"), 
ctl->server.pollname);
-+-     for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = 
idp->next)
-+-         report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
-++     for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = 
idp->next) {
-++         char *t = sdump(idp->id, strlen(idp->id));
-++         report_build(stdout, " %s = %d", t, idp->val.status.mark);
-++         free(t);
-++        }
-+      if (!idp)
-+          report_build(stdout, GT_(" <empty>"));
-+      report_complete(stdout, "\n");
-+@@ -567,8 +574,11 @@ void uid_discard_new_list(struct query *ctl)
-+      /* this is now a merged list! the mails which were seen in this
-+       * poll are marked here. */
-+      report_build(stdout, GT_("Merged UID list from %s:"), 
ctl->server.pollname);
-+-     for (idp = ctl->oldsaved; idp; idp = idp->next)
-+-         report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
-++     for (idp = ctl->oldsaved; idp; idp = idp->next) {
-++         char *t = sdump(idp->id, strlen(idp->id));
-++         report_build(stdout, " %s = %d", t, idp->val.status.mark);
-++         free(t);
-++     }
-+      if (!idp)
-+          report_build(stdout, GT_(" <empty>"));
-+      report_complete(stdout, "\n");
-diff --git a/rfc822.c b/rfc822.c
-index 6f2dbf3..dbcda32 100644
---- a/rfc822.c
-+++ b/rfc822.c
-@@ -25,6 +25,7 @@ MIT license.  Compile with -DMAIN to build the demonstrator.
- #include  <stdlib.h>
-
- #include "fetchmail.h"
-+#include "sdump.h"
-
- #ifndef MAIN
- #include "i18n.h"
-@@ -74,9 +75,10 @@ char *reply_hack(
-     }
-
- #ifndef MAIN
--    if (outlevel >= O_DEBUG)
--      report_build(stdout, GT_("About to rewrite %.*s...\n"),
--                      (int)BEFORE_EOL(buf), buf);
-+    if (outlevel >= O_DEBUG) {
-+      report_build(stdout, GT_("About to rewrite %s...\n"), (cp = sdump(buf, 
BEFORE_EOL(buf))));
-+      xfree(cp);
-+    }
-
-     /* make room to hack the address; buf must be malloced */
-     for (cp = buf; *cp; cp++)
-@@ -211,9 +213,12 @@ char *reply_hack(
-     }
-
- #ifndef MAIN
--    if (outlevel >= O_DEBUG)
--      report_complete(stdout, GT_("...rewritten version is %.*s.\n"),
--                      (int)BEFORE_EOL(buf), buf);
-+    if (outlevel >= O_DEBUG) {
-+      report_complete(stdout, GT_("...rewritten version is %s.\n"),
-+                      (cp = sdump(buf, BEFORE_EOL(buf))));
-+      xfree(cp)
-+    }
-+
- #endif /* MAIN */
-     *length = strlen(buf);
-     return(buf);
-diff --git a/uid.c b/uid.c
-index fdc6f5d..d813bee 100644
---- a/uid.c
-+++ b/uid.c
-@@ -20,6 +20,7 @@
-
- #include "fetchmail.h"
- #include "i18n.h"
-+#include "sdump.h"
-
- /*
-  * Machinery for handling UID lists live here.  This is mainly to support
-@@ -260,8 +261,11 @@ void initialize_saved_lists(struct query *hostlist, const 
char *idfile)
-       if (uidlcount)
-       {
-           report_build(stdout, GT_("Scratch list of UIDs:"));
--          for (idp = scratchlist; idp; idp = idp->next)
--              report_build(stdout, " %s", idp->id);
-+          for (idp = scratchlist; idp; idp = idp->next) {
-+              char *t = sdump(idp->id, strlen(idp->id));
-+              report_build(stdout, " %s", t);
-+              free(t);
-+          }
-           if (!idp)
-               report_build(stdout, GT_(" <empty>"));
-           report_complete(stdout, "\n");
-@@ -517,8 +521,11 @@ void uid_swap_lists(struct query *ctl)
-           report_build(stdout, GT_("Merged UID list from %s:"), 
ctl->server.pollname);
-       else
-           report_build(stdout, GT_("New UID list from %s:"), 
ctl->server.pollname);
--      for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = 
idp->next)
--          report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
-+      for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = 
idp->next) {
-+          char *t = sdump(idp->id, strlen(idp->id));
-+          report_build(stdout, " %s = %d", t, idp->val.status.mark);
-+          free(t);
-+        }
-       if (!idp)
-           report_build(stdout, GT_(" <empty>"));
-       report_complete(stdout, "\n");
-@@ -567,8 +574,11 @@ void uid_discard_new_list(struct query *ctl)
-       /* this is now a merged list! the mails which were seen in this
-        * poll are marked here. */
-       report_build(stdout, GT_("Merged UID list from %s:"), 
ctl->server.pollname);
--      for (idp = ctl->oldsaved; idp; idp = idp->next)
--          report_build(stdout, " %s = %d", idp->id, idp->val.status.mark);
-+      for (idp = ctl->oldsaved; idp; idp = idp->next) {
-+          char *t = sdump(idp->id, strlen(idp->id));
-+          report_build(stdout, " %s = %d", t, idp->val.status.mark);
-+          free(t);
-+      }
-       if (!idp)
-           report_build(stdout, GT_(" <empty>"));
-       report_complete(stdout, "\n");
---
-1.6.1
-
diff --git a/source/network/fetchmail/FrugalBuild 
b/source/network/fetchmail/FrugalBuild
index ab6f7f7..974a466 100644
--- a/source/network/fetchmail/FrugalBuild
+++ b/source/network/fetchmail/FrugalBuild
@@ -2,8 +2,8 @@
# Maintainer: Janos Kovacs <ja...@frugalware.org>

pkgname=fetchmail
-pkgver=6.3.16
-pkgrel=3
+pkgver=6.3.19
+pkgrel=1
pkgdesc="A remote-mail retrieval and forwarding utility."
_F_berlios_ext=".tar.bz2"
Finclude berlios
@@ -11,9 +11,7 @@ url="http://catb.org/~esr/fetchmail/";
depends=('openssl>=1.0.0')
groups=('network')
archs=('i686' 'x86_64')
-source=($source CVE-2010-1167.patch)
-sha1sums=('76e396b2469f9696b66a99fa397cf468652d239e' \
-          '261c6d40b24dad57260e22d119c7e6c91ab9d797')
+sha1sums=('fcc9b9299fe147d8f522cff93f8f619e5e1372b7')

confpkg=fetchmailconf
subpkgs=('fetchmailconf')
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to