diff -ruN /usr/ports/mail/fetchmail/Makefile fetchmail/Makefile --- /usr/ports/mail/fetchmail/Makefile 2010-04-22 14:13:24.000000000 -0500 +++ fetchmail/Makefile 2010-05-14 11:36:09.000000000 -0500 @@ -10,8 +10,7 @@ # want fetchmailconf to work, define WITH_X11 PORTNAME= fetchmail -PORTVERSION= 6.3.16 -PORTREVISION= 1 +PORTVERSION= 6.3.17 CATEGORIES= mail ipv6 MASTER_SITES= ${MASTER_SITE_BERLIOS} \ http://mandree.home.pages.de/fetchmail/:ma \ diff -ruN /usr/ports/mail/fetchmail/distinfo fetchmail/distinfo --- /usr/ports/mail/fetchmail/distinfo 2010-04-07 13:20:20.000000000 -0500 +++ fetchmail/distinfo 2010-05-14 11:21:31.000000000 -0500 @@ -1,3 +1,3 @@ -MD5 (fetchmail-6.3.16.tar.bz2) = 1a40acb371376c7d54fe468c99dfc216 -SHA256 (fetchmail-6.3.16.tar.bz2) = 2e316c8ebef47e1266217e5f0e1aa453707f19cf8ddbfacfcbc9eab101757d86 -SIZE (fetchmail-6.3.16.tar.bz2) = 1628808 +MD5 (fetchmail-6.3.17.tar.bz2) = 7b1d449ecddb6164e22c32854adc4a75 +SHA256 (fetchmail-6.3.17.tar.bz2) = d7a01ceac184c7ebde9a42982e310beec467deb5b3d05c4e413e48cd2619ca24 +SIZE (fetchmail-6.3.17.tar.bz2) = 1642598 diff -ruN /usr/ports/mail/fetchmail/files/patch-CVE-2010-1167 fetchmail/files/patch-CVE-2010-1167 --- /usr/ports/mail/fetchmail/files/patch-CVE-2010-1167 2010-04-22 14:13:24.000000000 -0500 +++ fetchmail/files/patch-CVE-2010-1167 1969-12-31 18:00:00.000000000 -0600 @@ -1,102 +0,0 @@ -commit ec06293134b85876f9201d8a52b844c41581b2b3 -Author: Matthias Andree -Date: Sun Apr 18 18:01:38 2010 +0200 - - SECURITY FIX: DoS on EILSEQ in report_*() in -vv and multibyte-locales. - -diff --git a/rfc822.c b/rfc822.c -index 6f2dbf3..dbcda32 100644 ---- a/rfc822.c -+++ b/rfc822.c -@@ -25,6 +25,7 @@ MIT license. Compile with -DMAIN to build the demonstrator. - #include - - #include "fetchmail.h" -+#include "sdump.h" - - #ifndef MAIN - #include "i18n.h" -@@ -74,9 +75,10 @@ char *reply_hack( - } - - #ifndef MAIN -- if (outlevel >= O_DEBUG) -- report_build(stdout, GT_("About to rewrite %.*s...\n"), -- (int)BEFORE_EOL(buf), buf); -+ if (outlevel >= O_DEBUG) { -+ report_build(stdout, GT_("About to rewrite %s...\n"), (cp = sdump(buf, BEFORE_EOL(buf)))); -+ xfree(cp); -+ } - - /* make room to hack the address; buf must be malloced */ - for (cp = buf; *cp; cp++) -@@ -211,9 +213,12 @@ char *reply_hack( - } - - #ifndef MAIN -- if (outlevel >= O_DEBUG) -- report_complete(stdout, GT_("...rewritten version is %.*s.\n"), -- (int)BEFORE_EOL(buf), buf); -+ if (outlevel >= O_DEBUG) { -+ report_complete(stdout, GT_("...rewritten version is %s.\n"), -+ (cp = sdump(buf, BEFORE_EOL(buf)))); -+ xfree(cp) -+ } -+ - #endif /* MAIN */ - *length = strlen(buf); - return(buf); -diff --git a/uid.c b/uid.c -index fdc6f5d..d813bee 100644 ---- a/uid.c -+++ b/uid.c -@@ -20,6 +20,7 @@ - - #include "fetchmail.h" - #include "i18n.h" -+#include "sdump.h" - - /* - * Machinery for handling UID lists live here. This is mainly to support -@@ -260,8 +261,11 @@ void initialize_saved_lists(struct query *hostlist, const char *idfile) - if (uidlcount) - { - report_build(stdout, GT_("Scratch list of UIDs:")); -- for (idp = scratchlist; idp; idp = idp->next) -- report_build(stdout, " %s", idp->id); -+ for (idp = scratchlist; idp; idp = idp->next) { -+ char *t = sdump(idp->id, strlen(idp->id)); -+ report_build(stdout, " %s", t); -+ free(t); -+ } - if (!idp) - report_build(stdout, GT_(" ")); - report_complete(stdout, "\n"); -@@ -517,8 +521,11 @@ void uid_swap_lists(struct query *ctl) - report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname); - else - report_build(stdout, GT_("New UID list from %s:"), ctl->server.pollname); -- for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) -- report_build(stdout, " %s = %d", idp->id, idp->val.status.mark); -+ for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) { -+ char *t = sdump(idp->id, strlen(idp->id)); -+ report_build(stdout, " %s = %d", t, idp->val.status.mark); -+ free(t); -+ } - if (!idp) - report_build(stdout, GT_(" ")); - report_complete(stdout, "\n"); -@@ -567,8 +574,11 @@ void uid_discard_new_list(struct query *ctl) - /* this is now a merged list! the mails which were seen in this - * poll are marked here. */ - report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname); -- for (idp = ctl->oldsaved; idp; idp = idp->next) -- report_build(stdout, " %s = %d", idp->id, idp->val.status.mark); -+ for (idp = ctl->oldsaved; idp; idp = idp->next) { -+ char *t = sdump(idp->id, strlen(idp->id)); -+ report_build(stdout, " %s = %d", t, idp->val.status.mark); -+ free(t); -+ } - if (!idp) - report_build(stdout, GT_(" ")); - report_complete(stdout, "\n");