Subject: CVS commit: pkgsrc/mail/fetchmail
To: None <>
From: Thorsten Frueauf <>
List: pkgsrc-changes
Date: 07/22/2005 14:27:53
Module Name:	pkgsrc
Committed By:	frueauf
Date:		Fri Jul 22 14:27:53 UTC 2005

Modified Files:
	pkgsrc/mail/fetchmail: Makefile distinfo
Added Files:
	pkgsrc/mail/fetchmail/patches: patch-ag

Log Message:
Include patch for fetchmail because of CAN-2005-2335.
For more details have a look at

Changes listed within the NEWS file since 6.2.5:

fetchmail- (Fri Jul 22 01:52 GMT 2005):

* NOTE: Due to a bug, you may need to use GNU make.
* SECURITY FIX: truncate UIDL replies, lest malicious or compromised
  POP3 servers overflow fetchmail's stack. Debian bug #212762.
  This is a remote root exploit. CVE Name: CAN-2005-2335.
  Thanks: Miloslav Trmac for pointing out the fix in was buggy.
  Thanks: Ludwig Nussel for a much simpler fix.
* Critical fix: omit blank between MAIL FROM: and <>,
  as this causes mail loss with some listeners.
* Fix: POP2 driver wouldn't properly check authentication failure.
* Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.

To generate a diff of this commit:
cvs rdiff -r1.152 -r1.153 pkgsrc/mail/fetchmail/Makefile
cvs rdiff -r1.30 -r1.31 pkgsrc/mail/fetchmail/distinfo
cvs rdiff -r0 -r1.3 pkgsrc/mail/fetchmail/patches/patch-ag

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.