Author: ken
Date: 2008-07-12 13:22:18 -0600 (Sat, 12 Jul 2008)
New Revision: 1967
Added:
trunk/fetchmail/
trunk/fetchmail/fetchmail-6.3.8-security_fixes-1.patch
Log:
Patch the known fetchmail vulnerabilities.
Added: trunk/fetchmail/fetchmail-6.3.8-security_fixes-1.patch
===================================================================
--- trunk/fetchmail/fetchmail-6.3.8-security_fixes-1.patch
(rev 0)
+++ trunk/fetchmail/fetchmail-6.3.8-security_fixes-1.patch 2008-07-12
19:22:18 UTC (rev 1967)
@@ -0,0 +1,72 @@
+Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
+Date: 2008-07-12
+Initial Package Version: 6.3.8
+Upstream Status: From Upstream
+Origin: Fetchmail security advisories SA-2007-02 and SA-2008-01
+Description: Fixes vulnerabilities CVE-2007-4565 and CVE-2008-2711.
+
+diff -Naur fetchmail-6.3.8.orig/report.c fetchmail-6.3.8/report.c
+--- fetchmail-6.3.8.orig/report.c 2006-03-14 08:53:31.000000000 +0000
++++ fetchmail-6.3.8/report.c 2008-07-12 19:40:16.000000000 +0100
+@@ -238,11 +238,17 @@
+ rep_ensuresize();
+
+ #if defined(VA_START)
+- VA_START (args, message);
+ for ( ; ; )
+ {
++ /*
++ * args has to be initialized before every call of vsnprintf(),
++ * because vsnprintf() invokes va_arg macro and thus args is
++ * undefined after the call.
++ */
++ VA_START(args, message);
+ n = vsnprintf (partial_message + partial_message_size_used,
partial_message_size - partial_message_size_used,
+ message, args);
++ va_end (args);
+
+ if (n >= 0
+ && (unsigned)n < partial_message_size - partial_message_size_used)
+@@ -254,7 +260,6 @@
+ partial_message_size += 2048;
+ partial_message = REALLOC (partial_message, partial_message_size);
+ }
+- va_end (args);
+ #else
+ for ( ; ; )
+ {
+@@ -304,12 +309,13 @@
+ rep_ensuresize();
+
+ #if defined(VA_START)
+- VA_START (args, message);
+ for ( ; ; )
+ {
++ VA_START(args, message);
+ n = vsnprintf (partial_message + partial_message_size_used,
+ partial_message_size - partial_message_size_used,
+ message, args);
++ va_end(args);
+
+ /* old glibc versions return -1 for truncation */
+ if (n >= 0
+@@ -322,7 +328,6 @@
+ partial_message_size += 2048;
+ partial_message = REALLOC (partial_message, partial_message_size);
+ }
+- va_end (args);
+ #else
+ for ( ; ; )
+ {
+diff -Naur fetchmail-6.3.8.orig/sink.c fetchmail-6.3.8/sink.c
+--- fetchmail-6.3.8.orig/sink.c 2007-03-29 23:45:17.000000000 +0100
++++ fetchmail-6.3.8/sink.c 2008-07-12 19:40:08.000000000 +0100
+@@ -262,7 +262,7 @@
+ const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@";
+
+ /* don't bounce in reply to undeliverable bounces */
+- if (!msg->return_path[0] ||
++ if (!msg || !msg->return_path[0] ||
+ strcmp(msg->return_path, "<>") == 0 ||
+ strcasecmp(msg->return_path, md1) == 0 ||
+ strncasecmp(msg->return_path, md2, strlen(md2)) == 0)
--
http://linuxfromscratch.org/mailman/listinfo/patches
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
