Subject: CVS commit: pkgsrc/mail/fetchmail
To: None <pkgsrc-changes@NetBSD.org>
From: Thorsten Frueauf <email@example.com>
Date: 07/22/2005 14:27:53
Module Name: pkgsrc
Committed By: frueauf
Date: Fri Jul 22 14:27:53 UTC 2005
pkgsrc/mail/fetchmail: Makefile distinfo
Include patch for fetchmail 18.104.22.168 because of CAN-2005-2335.
For more details have a look at
Changes listed within the NEWS file since 6.2.5:
fetchmail-22.214.171.124 (Fri Jul 22 01:52 GMT 2005):
* NOTE: Due to a Makefile.in bug, you may need to use GNU make.
* SECURITY FIX: truncate UIDL replies, lest malicious or compromised
POP3 servers overflow fetchmail's stack. Debian bug #212762.
This is a remote root exploit. CVE Name: CAN-2005-2335.
Thanks: Miloslav Trmac for pointing out the fix in 126.96.36.199 was buggy.
Thanks: Ludwig Nussel for a much simpler fix.
* Critical fix: omit blank between MAIL FROM: and <firstname.lastname@example.org>,
as this causes mail loss with some listeners.
* Fix: POP2 driver wouldn't properly check authentication failure.
* Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.
To generate a diff of this commit:
cvs rdiff -r1.152 -r1.153 pkgsrc/mail/fetchmail/Makefile
cvs rdiff -r1.30 -r1.31 pkgsrc/mail/fetchmail/distinfo
cvs rdiff -r0 -r1.3 pkgsrc/mail/fetchmail/patches/patch-ag
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.