FreeBSD Bugzilla – Attachment 55451 Details for
Bug 83805
[PATCH] mail/fetchmail: update to 6.2.5.1, set maintainer
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
fetchmail-6.2.5.1.patch
fetchmail-6.2.5.1.patch (text/plain), 9.76 KB, created by
Matthias Andree
on 2005-07-20 20:00:35 UTC
(
hide
)
Description:
fetchmail-6.2.5.1.patch
Filename:
MIME Type:
Creator:
Matthias Andree
Created:
2005-07-20 20:00:35 UTC
Size:
9.76 KB
patch
obsolete
>diff -ruN --exclude=CVS /usr/ports/mail/fetchmail/Makefile /usr/home/emma/ports/mail/fetchmail/Makefile >--- /usr/ports/mail/fetchmail/Makefile Wed Jul 20 19:25:58 2005 >+++ /usr/home/emma/ports/mail/fetchmail/Makefile Wed Jul 20 20:41:31 2005 >@@ -10,16 +10,17 @@ > # want fetchmailconf to work, define WITH_X11 > > PORTNAME= fetchmail >-PORTVERSION= 6.2.5 >-PORTREVISION= 2 >+PORTVERSION= 6.2.5.1 > CATEGORIES= mail ipv6 > MASTER_SITES= http://www.catb.org/~esr/%SUBDIR%/ \ >+ http://download.berlios.de/%SUBDIR%/ \ > ftp://ftp.ayamura.org/pub/%SUBDIR%/ \ > ftp://ftp.win.jp/pub/%SUBDIR%/ \ > ftp://ftp.dti.ad.jp/pub/net/mail/%SUBDIR%/ > MASTER_SITE_SUBDIR= fetchmail >+DISTNAME= fetchmail-6.2.5 > > MAINTAINER= ports@FreeBSD.org > COMMENT= Batch mail retrieval utility for IMAP/POP2/POP3/APOP/KPOP/ETRN/ODMR > > .if defined(WITH_X11) >diff -ruN --exclude=CVS /usr/ports/mail/fetchmail/files/fetchmailconf /usr/home/emma/ports/mail/fetchmail/files/fetchmailconf >--- /usr/ports/mail/fetchmail/files/fetchmailconf Wed May 30 07:14:45 2001 >+++ /usr/home/emma/ports/mail/fetchmail/files/fetchmailconf Wed Jul 20 20:19:52 2005 >@@ -11,7 +11,7 @@ > exec $PREFIX/libexec/fetchmailconf.bin > else > cat <<EOF >-The fetchmailconf program requires Python with Tkinter , which does not >+The fetchmailconf program requires Python with Tkinter, which does not > appear to be installed on this system. Python/Tkinter can be found in > the FreeBSD Ports Collection under x11-toolkits/py-tkinter. > EOF >diff -ruN --exclude=CVS /usr/ports/mail/fetchmail/files/patch-r1 /usr/home/emma/ports/mail/fetchmail/files/patch-r1 >--- /usr/ports/mail/fetchmail/files/patch-r1 Thu Jan 1 01:00:00 1970 >+++ /usr/home/emma/ports/mail/fetchmail/files/patch-r1 Wed Jul 20 20:27:20 2005 >@@ -0,0 +1,29 @@ >+--- ./sink.c~ 2003-10-11 00:06:36.000000000 +0200 >++++ ./sink.c 2005-07-20 18:26:32.000000000 +0200 >+@@ -724,7 +724,7 @@ >+ >+ /* see the ap computation under the SMTP branch */ >+ fprintf(sinkfp, >+- "MAIL FROM: %s", (msg->return_path[0]) ? msg->return_path : user); >++ "MAIL FROM:%s", (msg->return_path[0]) ? msg->return_path : user); >+ >+ if (ctl->pass8bits || (ctl->mimemsg & MSG_IS_8BIT)) >+ fputs(" BODY=8BITMIME", sinkfp); >+--- ./smtp.c~ 2003-08-06 05:30:18.000000000 +0200 >++++ ./smtp.c 2005-07-20 18:26:32.000000000 +0200 >+@@ -232,13 +232,13 @@ >+ int ok; >+ char buf[MSGBUFSIZE]; >+ >+- if (strchr(from, '<')) >++ if (from[0]=='<') >+ #ifdef HAVE_SNPRINTF >+ snprintf(buf, sizeof(buf), >+ #else >+ sprintf(buf, >+ #endif /* HAVE_SNPRINTF */ >+- "MAIL FROM: %s", from); >++ "MAIL FROM:%s", from); >+ else >+ #ifdef HAVE_SNPRINTF >+ snprintf(buf, sizeof(buf), >diff -ruN --exclude=CVS /usr/ports/mail/fetchmail/files/patch-s1 /usr/home/emma/ports/mail/fetchmail/files/patch-s1 >--- /usr/ports/mail/fetchmail/files/patch-s1 Thu Jan 1 01:00:00 1970 >+++ /usr/home/emma/ports/mail/fetchmail/files/patch-s1 Wed Jul 20 20:33:36 2005 >@@ -0,0 +1,237 @@ >+SECURITY FIX: truncate UIDL replies, lest malicious or compromised >+POP3 servers overflow fetchmail's stack. Debian bug #212762. >+This is a remote root exploit. >+ >+--- ./pop3.c~ 2003-10-15 21:22:31.000000000 +0200 >++++ ./pop3.c 2005-07-20 18:33:26.000000000 +0200 >+@@ -16,7 +16,8 @@ >+ #if defined(STDC_HEADERS) >+ #include <stdlib.h> >+ #endif >+- >++#include <errno.h> >++ >+ #include "fetchmail.h" >+ #include "socket.h" >+ #include "i18n.h" >+@@ -590,7 +591,8 @@ >+ return(PS_SUCCESS); >+ } >+ >+-static int pop3_gettopid( int sock, int num , char *id) >++#define POSIX_space "\t\n\v\f\r " >++static int pop3_gettopid(int sock, int num , char *id, size_t idsize) >+ { >+ int ok; >+ int got_it; >+@@ -603,25 +605,51 @@ >+ { >+ if (DOTLINE(buf)) >+ break; >+- if ( ! got_it && ! strncasecmp("Message-Id:", buf, 11 )) { >+- got_it = 1; >+- /* prevent stack overflows */ >+- buf[IDLEN+12] = 0; >+- sscanf( buf+12, "%s", id); >++ if (!got_it && 0 == strncasecmp("Message-Id:", buf, 11)) { >++ char *p = buf + 11; >++ p += strspn(p, POSIX_space); >++ p = strtok(p, POSIX_space); >++ strlcpy(id, p, idsize); >+ } >+ } >+ return 0; >+ } >+ >+-static int pop3_getuidl( int sock, int num , char *id) >++/** Parse destructively the UID response (leading +OK must have been >++ * stripped off) in buf, store the number in gotnum, and store the ID >++ * into the caller-provided buffer "id" of size "idsize". >++ * Returns PS_SUCCESS or PS_PROTOCOL for failure. */ >++static int parseuid(char *buf, unsigned long *gotnum, char *id, size_t idsize) >++{ >++ char *i, *j; >++ >++ i = strtok(buf, POSIX_space); >++ errno = 0; >++ *gotnum = strtoul(i, &j, 10); >++ if (*j != '\0' || j == i || errno) { >++ report(stderr, GT_("Cannot handle UIDL response from upstream server.\n")); >++ return PS_PROTOCOL; >++ } >++ i = strtok(NULL, POSIX_space); >++ strlcpy(id, i, idsize); >++ return PS_SUCCESS; >++} >++ >++static int pop3_getuidl(int sock, int num , char *id, size_t idsize) >+ { >+ int ok; >+ char buf [POPBUFSIZE+1]; >++ unsigned long gotnum; >++ >+ gen_send(sock, "UIDL %d", num); >+ if ((ok = pop3_ok(sock, buf)) != 0) >+ return(ok); >+- if (sscanf(buf, "%d %s", &num, id) != 2) >+- return(PS_PROTOCOL); >++ if ((ok = parseuid(buf, &gotnum, id, idsize))) >++ return ok; >++ if (gotnum != num) { >++ report(stderr, GT_("Server responded with UID for wrong message.\n")); >++ return PS_PROTOCOL; >++ } >+ return(PS_SUCCESS); >+ } >+ >+@@ -638,7 +666,7 @@ >+ struct idlist *new; >+ >+ try_nr = (first_nr + last_nr) / 2; >+- if( (ok = pop3_getuidl( sock, try_nr, id )) != 0 ) >++ if ((ok = pop3_getuidl(sock, try_nr, id, sizeof(id))) != 0) >+ return ok; >+ if ((new = str_in_list(&ctl->oldsaved, id, FALSE))) >+ { >+@@ -700,10 +728,10 @@ >+ int first_nr, list_len, try_id, try_nr, add_id; >+ int num; >+ char id [IDLEN+1]; >+- >+- if( (ok = pop3_gettopid( sock, 1, id )) != 0 ) >++ >++ if ((ok = pop3_gettopid(sock, 1, id, sizeof(id))) != 0) >+ return ok; >+- >++ >+ if( ( first_nr = str_nr_in_list(&ctl->oldsaved, id) ) == -1 ) { >+ /* the first message is unknown -> all messages are new */ >+ *newp = *countp; >+@@ -715,7 +743,7 @@ >+ try_id = list_len - first_nr; /* -1 + 1 */ >+ if( try_id > 1 ) { >+ if( try_id <= *countp ) { >+- if( (ok = pop3_gettopid( sock, try_id, id )) != 0 ) >++ if ((ok = pop3_gettopid(sock, try_id, id, sizeof(id))) != 0) >+ return ok; >+ >+ try_nr = str_nr_last_in_list(&ctl->oldsaved, id); >+@@ -739,7 +767,7 @@ >+ } else >+ try_id += add_id; >+ >+- if( (ok = pop3_gettopid( sock, try_id, id )) != 0 ) >++ if ((ok = pop3_gettopid(sock, try_id, id, sizeof(id))) != 0) >+ return ok; >+ try_nr = str_nr_in_list(&ctl->oldsaved, id); >+ } >+@@ -801,7 +829,7 @@ >+ >+ /* >+ * Newer, RFC-1725-conformant POP servers may not have the LAST command. >+- * We work as hard as possible to hide this ugliness, but it makes >++ * We work as hard as possible to hide this ugliness, but it makes >+ * counting new messages intrinsically quadratic in the worst case. >+ */ >+ last = 0; >+@@ -839,15 +867,15 @@ >+ } >+ *newp = (*countp - last); >+ } >+- else >+- { >++ else >++ { >+ if (dofastuidl) >+ return(pop3_fastuidl( sock, ctl, *countp, newp)); >+ /* grab the mailbox's UID list */ >+ if ((ok = gen_transact(sock, "UIDL")) != 0) >+ { >+ /* don't worry, yet! do it the slow way */ >+- if((ok = pop3_slowuidl( sock, ctl, countp, newp))!=0) >++ if ((ok = pop3_slowuidl(sock, ctl, countp, newp))) >+ { >+ report(stderr, GT_("protocol error while fetching UIDLs\n")); >+ return(PS_ERROR); >+@@ -855,27 +883,32 @@ >+ } >+ else >+ { >+- int num; >++ unsigned long unum; >+ >+ *newp = 0; >+- while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0) >++ while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0) >+ { >+- if (DOTLINE(buf)) >+- break; >+- else if (sscanf(buf, "%d %s", &num, id) == 2) >++ if (DOTLINE(buf)) >++ break; >++ >++ if (parseuid(buf, &unum, id, sizeof(id)) == PS_SUCCESS) >+ { >+- struct idlist *old, *new; >++ struct idlist *old, *new; >+ >+ new = save_str(&ctl->newsaved, id, UID_UNSEEN); >+- new->val.status.num = num; >++ new->val.status.num = unum; >+ >+ if ((old = str_in_list(&ctl->oldsaved, id, FALSE))) >+ { >+ flag mark = old->val.status.mark; >+ if (mark == UID_DELETED || mark == UID_EXPUNGED) >+ { >++ /* XXX FIXME: switch 3 occurrences from >++ * (int)unum or (unsigned int)unum to >++ * remove the cast and use %lu - not now >++ * though, time for new release */ >+ if (outlevel >= O_VERBOSE) >+- report(stderr, GT_("id=%s (num=%d) was deleted, but is still present!\n"), id, num); >++ report(stderr, GT_("id=%s (num=%d) was deleted, but is still present!\n"), id, (int)unum); >+ /* just mark it as seen now! */ >+ old->val.status.mark = mark = UID_SEEN; >+ } >+@@ -884,25 +917,25 @@ >+ { >+ (*newp)++; >+ if (outlevel >= O_DEBUG) >+- report(stdout, GT_("%u is unseen\n"), num); >++ report(stdout, GT_("%u is unseen\n"), (unsigned int)unum); >+ } >+ } >+ else >+ { >+ (*newp)++; >+ if (outlevel >= O_DEBUG) >+- report(stdout, GT_("%u is unseen\n"), num); >++ report(stdout, GT_("%u is unseen\n"), (unsigned int)unum); >+ /* add it to oldsaved also! In case, we do not >+ * swap the lists (say, due to socket error), >+ * the same mail will not be downloaded again. >+ */ >+ old = save_str(&ctl->oldsaved, id, UID_UNSEEN); >+- old->val.status.num = num; >++ old->val.status.num = unum; >+ } >+ } >+- } >+- } >+- } >++ } >++ } >++ } >+ } >+ >+ return(PS_SUCCESS); >+@@ -986,7 +1019,7 @@ >+ } >+ >+ /* get the uidl first! */ >+- if (pop3_getuidl(sock, num, id) != PS_SUCCESS) >++ if (pop3_getuidl(sock, num, id, sizeof(id)) != PS_SUCCESS) >+ return(TRUE); >+ >+ if ((new = str_in_list(&ctl->oldsaved, id, FALSE))) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=55451">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 83805
: 55451