Re: SECURITY UPDATE: fetchmail-6.2.5.2

[Federico G. Schwindt]

On Mon, Jul 25, 2005 at 10:28:45AM +0200, Bernd Ahlers wrote:
> Hi!
> 
> Attached is an update to fetchmail-6.2.5.2. This includes an important 
> security fix! Works for me on i386 and amd64.

  commited. thanks,

  f.-

Re: SECURITY UPDATE: fetchmail-6.2.5.2

[Chris Paul]

ok on 3.7

CP

Re: SECURITY UPDATE: fetchmail-6.2.5.2

[Alf Schlichting]

On Mon, Jul 25, 2005 at 10:28:45AM +0200, Bernd Ahlers wrote:
> Hi!
> 
> Attached is an update to fetchmail-6.2.5.2. This includes an important 
> security fix! Works for me on i386 and amd64.
> 
> port changes:
> 
> - update MASTER_SITES and HOMEPAGE (fetchmail moved to belios.de)
> - patch-driver_c not needed anymore (fixed in upstream)
> 
> ChangeLog:
> 
> http://developer.berlios.de/project/shownotes.php?release_id=6617
> 
> Security:
> 
> CAN-2005-2335.
> http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
> 
> Please test and comment.
> 
> Bernd

Works for me on 3.7-release i386, thanks.

Alf

SECURITY UPDATE: fetchmail-6.2.5.2

[Bernd Ahlers]

Hi!

Attached is an update to fetchmail-6.2.5.2. This includes an important 
security fix! Works for me on i386 and amd64.

port changes:

- update MASTER_SITES and HOMEPAGE (fetchmail moved to belios.de)
- patch-driver_c not needed anymore (fixed in upstream)

ChangeLog:

http://developer.berlios.de/project/shownotes.php?release_id=6617

Security:

CAN-2005-2335.
http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt

Please test and comment.

Bernd
Index: Makefile
===
RCS file: /cvs/ports/mail/fetchmail/Makefile,v
retrieving revision 1.101
diff -u -u -r1.101 Makefile
--- Makefile19 Feb 2005 21:27:35 -  1.101
+++ Makefile25 Jul 2005 08:21:25 -
@@ -2,13 +2,11 @@
 
 COMMENT=   "mail retrieval utility for POP2, POP3, KPOP, IMAP and more"
 
-DISTNAME=  fetchmail-6.2.5
-PKGNAME=   ${DISTNAME}p0
+DISTNAME=  fetchmail-6.2.5.2
 CATEGORIES=mail
-MASTER_SITES=  http://catb.org/~esr/fetchmail/ \
-   ftp://ftp.ccil.org/pub/esr/fetchmail/ 
+MASTER_SITES=  http://download.berlios.de/fetchmail/
 
-HOMEPAGE=  http://catb.org/~esr/fetchmail/
+HOMEPAGE=  http://fetchmail.berlios.de/
 
 MAINTAINER=Federico Schwindt <[EMAIL PROTECTED]>
 
Index: distinfo
===
RCS file: /cvs/ports/mail/fetchmail/distinfo,v
retrieving revision 1.16
diff -u -u -r1.16 distinfo
--- distinfo5 Jan 2005 16:58:54 -   1.16
+++ distinfo25 Jul 2005 08:21:25 -
@@ -1,4 +1,4 @@
-MD5 (fetchmail-6.2.5.tar.gz) = 9956b30139edaa4f5f77c4d0dbd80225
-RMD160 (fetchmail-6.2.5.tar.gz) = e32b91a959d0e80c4bd45a8758811cbe95a98180
-SHA1 (fetchmail-6.2.5.tar.gz) = 4656ec4393ccd1c137fe7b331f77cb26b576ac0e
-SIZE (fetchmail-6.2.5.tar.gz) = 1257376
+MD5 (fetchmail-6.2.5.2.tar.gz) = 6eefef076bf3517a870f27a6133ff8c4
+RMD160 (fetchmail-6.2.5.2.tar.gz) = eeda8897a63e4634abe6b301638ca9ede2674afe
+SHA1 (fetchmail-6.2.5.2.tar.gz) = 8341296bae50bf49dce8e146cbb685622c5421b9
+SIZE (fetchmail-6.2.5.2.tar.gz) = 1277649
Index: patches/patch-driver_c
===
RCS file: patches/patch-driver_c
diff -N patches/patch-driver_c
--- patches/patch-driver_c  12 Mar 2004 00:18:42 -  1.1
+++ /dev/null   1 Jan 1970 00:00:00 -
@@ -1,15 +0,0 @@
-Fix APOP.
-See: http://lists.ccil.org/pipermail/fetchmail-friends/2003-October/008080.html
-
-$OpenBSD: patch-driver_c,v 1.1 2004/03/12 00:18:42 fgsch Exp $
 driver.c.orig  2003-10-15 16:22:31.0 -0300
-+++ driver.c   2004-03-11 21:10:10.0 -0300
-@@ -429,7 +429,7 @@ static int fetch_messages(int mailserver
-   /* for POP3, we can get the size of one mail only! Unfortunately, this
-* protocol specific test cannot be done elsewhere as the protocol
-* could be "auto". */
--  if (ctl->server.protocol == P_POP3)
-+  if (ctl->server.protocol == P_POP3 || ctl->server.protocol == P_APOP)
-   fetchsizelimit = 1;
- 
-   /* Time to allocate memory to store the sizes */