pkgsrc-changes: CVS commit: pkgsrc/mail/fetchmail

Subject: CVS commit: pkgsrc/mail/fetchmail
To: None <pkgsrc-changes@NetBSD.org>
From: Thorsten Frueauf <frueauf@netbsd.org>
List: pkgsrc-changes
Date: 07/22/2005 14:27:53

Module Name:	pkgsrc
Committed By:	frueauf
Date:		Fri Jul 22 14:27:53 UTC 2005

Modified Files:
	pkgsrc/mail/fetchmail: Makefile distinfo
Added Files:
	pkgsrc/mail/fetchmail/patches: patch-ag

Log Message:
Include patch for fetchmail 6.2.5.2 because of CAN-2005-2335.
For more details have a look at
http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt

Changes listed within the NEWS file since 6.2.5:

fetchmail-6.2.5.2 (Fri Jul 22 01:52 GMT 2005):

* NOTE: Due to a Makefile.in bug, you may need to use GNU make.
* SECURITY FIX: truncate UIDL replies, lest malicious or compromised
  POP3 servers overflow fetchmail's stack. Debian bug #212762.
  This is a remote root exploit. CVE Name: CAN-2005-2335.
  Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy.
  Thanks: Ludwig Nussel for a much simpler fix.
* Critical fix: omit blank between MAIL FROM: and <user@example.org>,
  as this causes mail loss with some listeners.
* Fix: POP2 driver wouldn't properly check authentication failure.
* Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.


To generate a diff of this commit:
cvs rdiff -r1.152 -r1.153 pkgsrc/mail/fetchmail/Makefile
cvs rdiff -r1.30 -r1.31 pkgsrc/mail/fetchmail/distinfo
cvs rdiff -r0 -r1.3 pkgsrc/mail/fetchmail/patches/patch-ag

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.