Subject: CVS commit: pkgsrc/mail/fetchmail
To: None <>
From: Thorsten Frueauf <>
List: pkgsrc-changes
Date: 12/20/2005 14:27:53
Module Name:	pkgsrc
Committed By:	frueauf
Date:		Tue Dec 20 14:27:53 UTC 2005

Modified Files:
	pkgsrc/mail/fetchmail: Makefile distinfo
	pkgsrc/mail/fetchmail/patches: patch-ae
Added Files:
	pkgsrc/mail/fetchmail/patches: patch-al
Removed Files:
	pkgsrc/mail/fetchmail/patches: patch-af patch-ag patch-ak

Log Message:
Update fetchmail to

Change homepage to and update MASTER_SITES.

Changes introduced since 6.2.5:

fetchmail-6.2.5.X is a security fix branch that forked off
fetchmail-6.2.5. It does not change for anything but security and the
most severe bug fixes. Note that no 6.2.5.X security audits are planned
except when a particular bug is reported, and that 6.2.5.X is unsafe to
use on some systems, particularly those that lack a *working and secure*
snprintf implementation.

The fetchmail 6.2.5.X branch will be discontinued early in 2006.

fetchmail-  2005-12-19  Matthias Andree

* SECURITY FIX CVE-2005-4348: fix null pointer dereference in
  multidrop mode when the message is empty. Reported by Daniel Drake
  <> and others
  (Debian Bug #343836). Fix by Sunil Shetye.
* Fix Debian bug #301964, fetchmail leaks sockets when SSL negotiation
  fails. Fix suggested by Goswin Brederlow.
* Add fetchmail-SA-2005-{01,02,03}.txt

fetchmail-  2005-11-13  Matthias Andree

* Also ship pre-built rcfile_y.[ch] for systems that don't have flex,
  yacc or bison.
* On FreeBSD, add /usr/local/include to CPPFLAGS so that libintl.h is found.
* Avoid automatically picking up HESIOD implementations that lack
  hesiod_getmailhost, such as the one in FreeBSD's base system.
* Fix makedepend for separated build (where the build is not run from
  the source directory), but prevent packaging from separated build, it
  yields bogus results.
* Fix resolv.h autodetection.
* Add +HESIOD to version printout if appropriate.

fetchmail-  2005-11-12  Matthias Andree

* SECURITY FIX CVE-2005-3088: fetchmailconf: fix password exposure: use
  umask 077 before opening output file and restore umask later.
* Critical fix: fix IMAP timeouts, counting message count down on
  servers that do not send EXISTS counts after EXPUNGE. Debian Bug#314509.
* Ship pre-built rcfile_l.c for systems that don't have flex.
* Build environment: Update included gettext. Fix
  --with-included-gettext. Fix parallel build (make -j). Fix "always
  rebuild fetchmail" syndrome.
* Do not link against -ll or -lfl (not needed).

(patch Fri Jul 22 01:52 GMT 2005,
 tarball Sat Jul 23 21:34 GMT 2005)

* README: Added a note about release status - READ IT!
* Note: Due to a bug, you may need to use GNU make.
* SECURITY FIX CVE-2005-2335: truncate UIDL replies, lest malicious or
  compromised POP3 servers overflow fetchmail's stack. Debian bug
  #212762.  This is a remote root exploit.
  Thanks: Miloslav Trmac for pointing out the fix in was buggy.
  Thanks: Ludwig Nussel for a much simpler fix.
* Critical fix: omit blank between MAIL FROM: and <>,
  as this causes mail loss with some listeners.
* Fix: POP2 driver wouldn't properly check authentication failure.
* Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.

To generate a diff of this commit:
cvs rdiff -r1.154 -r1.155 pkgsrc/mail/fetchmail/Makefile
cvs rdiff -r1.33 -r1.34 pkgsrc/mail/fetchmail/distinfo
cvs rdiff -r1.15 -r1.16 pkgsrc/mail/fetchmail/patches/patch-ae
cvs rdiff -r1.1 -r0 pkgsrc/mail/fetchmail/patches/patch-af \
cvs rdiff -r1.3 -r0 pkgsrc/mail/fetchmail/patches/patch-ag
cvs rdiff -r0 -r1.1 pkgsrc/mail/fetchmail/patches/patch-al

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.