Bug 258071

Summary:

mail/fetchmail: security update to 6.4.22.rc2 - CVE-2021-39272

Product:

Ports & Packages

Reporter:

Matthias Andree <mandree>

Component:

Individual Port(s)

Assignee:

Matthias Andree <mandree>

Status:

Closed FIXED

Severity:

Affects Only Me

CC:

chalpin, eduardo

Priority:

---

Keywords:

patch, security

Version:

Latest

Flags:

chalpin: maintainer-feedback+

Hardware:

Any

OS:

Any

URL:

https://www.fetchmail.info/fetchmail-SA-2021-01.txt

Bug Depends on:

Bug Blocks:

258146

Attachments:

Description	Flags
port update formatted with git format-patch	none
new update to 6.4.22.rc2	chalpin: maintainer-approval+

Description Matthias Andree freebsd_committer

2021-08-26 23:13:39 UTC

Created attachment 227461 [details]
port update formatted with git format-patch

mail/fetchmail: security update to 6.4.22.rc1
    
    MFH:            2021Q3
    URL:            https://www.fetchmail.info/fetchmail-SA-2021-02.txt
    Changelog:      https://gitlab.com/fetchmail/fetchmail/-/blob/SNAPSHOT_6-4-22-rc1/NEWS#L89
    Security:       CVE-2021-39272
    Security:       1d6410e8-06c1-11ec-a35d-03ca114d16d6

Comment 1 Matthias Andree freebsd_committer

2021-08-27 14:18:16 UTC

Comment on attachment 227461 [details]
port update formatted with git format-patch

I am putting this on hold after a regression report.

Comment 2 Matthias Andree freebsd_committer

2021-08-27 18:06:47 UTC

Created attachment 227486 [details]
new update to 6.4.22.rc2

rc2 should fix the regressions observed in 6.4.22.rc1.

This is a new proposed patch, again in "git format-patch" format. 
Git parent hash subject to change ;-)

Comment 3 Corey Halpin 2021-08-27 18:47:41 UTC

Comment on attachment 227486 [details]
new update to 6.4.22.rc2

Looks good to me, no new complaints from `portlint`, passes `poudriere testport`, and the built package works in my testing.

I approve this patch, thank you!

Comment 4 commit-hook freebsd_committer

2021-08-27 21:27:17 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c2b9bf3fe69a4ea781dba11fb486dc1651cf2f0d

commit c2b9bf3fe69a4ea781dba11fb486dc1651cf2f0d
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2021-08-26 23:07:41 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2021-08-27 21:24:53 +0000

    mail/fetchmail: security update to 6.4.22.rc2

    MFH:            2021Q3
    URL:            https://www.fetchmail.info/fetchmail-SA-2021-02.txt
    Changelog:      https://gitlab.com/fetchmail/fetchmail/-/blob/SNAPSHOT_6-4-22-rc2/NEWS#L87
    Security:       CVE-2021-39272
    Security:       1d6410e8-06c1-11ec-a35d-03ca114d16d6
    PR:             258071
    Approved by:    Corey Halpin (maintainer)

 mail/fetchmail/Makefile | 2 +-
 mail/fetchmail/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

Comment 5 commit-hook freebsd_committer

2021-08-27 21:28:18 UTC

A commit in branch 2021Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=92a4074f3ca8d2481381537d518fcb516eba7941

commit 92a4074f3ca8d2481381537d518fcb516eba7941
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2021-08-26 23:07:41 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2021-08-27 21:27:16 +0000

    mail/fetchmail: security update to 6.4.22.rc2

    MFH:            2021Q3
    URL:            https://www.fetchmail.info/fetchmail-SA-2021-02.txt
    Changelog:      https://gitlab.com/fetchmail/fetchmail/-/blob/SNAPSHOT_6-4-22-rc2/NEWS#L87
    Security:       CVE-2021-39272
    Security:       1d6410e8-06c1-11ec-a35d-03ca114d16d6
    PR:             258071
    Approved by:    Corey Halpin (maintainer)

    (cherry picked from commit c2b9bf3fe69a4ea781dba11fb486dc1651cf2f0d)

 mail/fetchmail/Makefile | 2 +-
 mail/fetchmail/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

Comment 6 Matthias Andree freebsd_committer

2021-08-27 21:28:42 UTC

Thanks for the prompt review and approval!