pkgsrc-changes: CVS commit: [pkgsrc-2005Q2] pkgsrc/mail/fetchmail

Subject: CVS commit: [pkgsrc-2005Q2] pkgsrc/mail/fetchmail
To: None <pkgsrc-changes@NetBSD.org>
From: Soren Jacobsen <snj@netbsd.org>
List: pkgsrc-changes
Date: 07/24/2005 22:12:21

Module Name:	pkgsrc
Committed By:	snj
Date:		Sun Jul 24 22:12:21 UTC 2005

Modified Files:
	pkgsrc/mail/fetchmail [pkgsrc-2005Q2]: Makefile distinfo
Added Files:
	pkgsrc/mail/fetchmail/patches [pkgsrc-2005Q2]: patch-ag

Log Message:
Pullup ticket 623 - requested by Thorsten Frueauf
security fix for fetchmail

Revisions pulled up:
- pkgsrc/mail/fetchmail/Makefile		1.153
- pkgsrc/mail/fetchmail/distinfo		1.31
- pkgsrc/mail/fetchmail/patches/patch-ag	1.3

    Include patch for fetchmail 6.2.5.2 because of CAN-2005-2335.
    For more details have a look at
    http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt

    Changes listed within the NEWS file since 6.2.5:

    fetchmail-6.2.5.2 (Fri Jul 22 01:52 GMT 2005):

    * NOTE: Due to a Makefile.in bug, you may need to use GNU make.
    * SECURITY FIX: truncate UIDL replies, lest malicious or compromised
      POP3 servers overflow fetchmail's stack. Debian bug #212762.
      This is a remote root exploit. CVE Name: CAN-2005-2335.
      Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy.
      Thanks: Ludwig Nussel for a much simpler fix.
    * Critical fix: omit blank between MAIL FROM: and <user@example.org>,
      as this causes mail loss with some listeners.
    * Fix: POP2 driver wouldn't properly check authentication failure.
    * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.


To generate a diff of this commit:
cvs rdiff -r1.152 -r1.152.2.1 pkgsrc/mail/fetchmail/Makefile
cvs rdiff -r1.30 -r1.30.2.1 pkgsrc/mail/fetchmail/distinfo
cvs rdiff -r0 -r1.2.14.1 pkgsrc/mail/fetchmail/patches/patch-ag

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.