head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.38 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.36 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.34 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.32 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.30 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.28 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.26 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.24 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.22 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.20 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.18 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.16 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.14 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.12 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.10 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.8 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.6 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.4 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.2 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2005.12.20.14.27.53; author frueauf; state dead; branches; next 1.1; 1.1 date 2005.11.01.19.16.52; author adrianp; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.11.01.19.16.52; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.11.01.21.51.26; author salo; state Exp; branches; next ; desc @@ 1.2 log @Update fetchmail to 6.2.5.5. Change homepage to http://fetchmail.berlios.de/ and update MASTER_SITES. Changes introduced since 6.2.5: fetchmail-6.2.5.X is a security fix branch that forked off fetchmail-6.2.5. It does not change for anything but security and the most severe bug fixes. Note that no 6.2.5.X security audits are planned except when a particular bug is reported, and that 6.2.5.X is unsafe to use on some systems, particularly those that lack a *working and secure* snprintf implementation. The fetchmail 6.2.5.X branch will be discontinued early in 2006. fetchmail-6.2.5.5 2005-12-19 Matthias Andree * SECURITY FIX CVE-2005-4348: fix null pointer dereference in multidrop mode when the message is empty. Reported by Daniel Drake and others (Debian Bug #343836). Fix by Sunil Shetye. * Fix Debian bug #301964, fetchmail leaks sockets when SSL negotiation fails. Fix suggested by Goswin Brederlow. * Add fetchmail-SA-2005-{01,02,03}.txt fetchmail-6.2.5.4 2005-11-13 Matthias Andree * Also ship pre-built rcfile_y.[ch] for systems that don't have flex, yacc or bison. * On FreeBSD, add /usr/local/include to CPPFLAGS so that libintl.h is found. * Avoid automatically picking up HESIOD implementations that lack hesiod_getmailhost, such as the one in FreeBSD's base system. * Fix makedepend for separated build (where the build is not run from the source directory), but prevent packaging from separated build, it yields bogus results. * Fix resolv.h autodetection. * Add +HESIOD to version printout if appropriate. fetchmail-6.2.5.3 2005-11-12 Matthias Andree * SECURITY FIX CVE-2005-3088: fetchmailconf: fix password exposure: use umask 077 before opening output file and restore umask later. * Critical fix: fix IMAP timeouts, counting message count down on servers that do not send EXISTS counts after EXPUNGE. Debian Bug#314509. * Ship pre-built rcfile_l.c for systems that don't have flex. * Build environment: Update included gettext. Fix --with-included-gettext. Fix parallel build (make -j). Fix "always rebuild fetchmail" syndrome. * Do not link against -ll or -lfl (not needed). fetchmail-6.2.5.2 (patch Fri Jul 22 01:52 GMT 2005, tarball Sat Jul 23 21:34 GMT 2005) * README: Added a note about release status - READ IT! * Note: Due to a Makefile.in bug, you may need to use GNU make. * SECURITY FIX CVE-2005-2335: truncate UIDL replies, lest malicious or compromised POP3 servers overflow fetchmail's stack. Debian bug #212762. This is a remote root exploit. Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy. Thanks: Ludwig Nussel for a much simpler fix. * Critical fix: omit blank between MAIL FROM: and , as this causes mail loss with some listeners. * Fix: POP2 driver wouldn't properly check authentication failure. * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP. @ text @$NetBSD: patch-ak,v 1.1 2005/11/01 19:16:52 adrianp Exp $ --- fetchmailconf.orig 2003-10-15 20:22:31.000000000 +0100 +++ fetchmailconf 2005-10-21 14:48:02.000000000 +0100 @@@@ -4,7 +4,19 @@@@ # by Eric S. Raymond, . # Requires Python with Tkinter, and the following OS-dependent services: # posix, posixpath, socket -version = "1.43" +# +# Changes by Matthias Andree, in 2005: +# +# 1.43.1 - unsuccessful attempt to fix a password exposure bug +# +# thanks to Thomas Wolff and Miloslav Trmac for pointing +# out the fix was insufficient +# +# 1.43.2 - fix password exposure bug, by restricting umask to 077 +# before opening the file +# - record fetchmailconf version in output file +# +version = "1.43.2" from Tkinter import * from Dialog import * @@@@ -858,14 +870,17 @@@@ # Pre-1.5.2 compatibility... except os.error: pass + old_umask = os.umask(077) fm = open(self.outfile, 'w') + os.umask(old_umask) if fm: - fm.write("# Configuration created %s by fetchmailconf\n" % time.ctime(time.time())) + if fm != sys.stdout: + os.chmod(self.outfile, 0600) + fm.write("# Configuration created %s by fetchmailconf %s\n" + % (time.ctime(time.time()), version)) fm.write(`self.configuration`) if self.outfile: fm.close() - if fm != sys.stdout: - os.chmod(self.outfile, 0600) self.destruct() # @ 1.1 log @Add patch-ak for a fetchmailconf security issue. This patch does not impact the fetchmail package so no version bump is required. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ak was added on branch pkgsrc-2005Q3 on 2005-11-01 19:16:52 +0000 @ text @d1 46 @ 1.1.2.2 log @Pullup ticket 877 - requested by Adrian Portelli security fix for fetchmailconf, portability fixes for fetchmail Revisions pulled up: - pkgsrc/mail/fetchmail/Makefile 1.154 - pkgsrc/mail/fetchmail/distinfo 1.32, 1.33 - pkgsrc/mail/fetchmail/options.mk 1.12, 1.13 - pkgsrc/mail/fetchmail/patches/patch-ah 1.1 - pkgsrc/mail/fetchmail/patches/patch-ai 1.1 - pkgsrc/mail/fetchmail/patches/patch-aj 1.1 - pkgsrc/mail/fetchmail/patches/patch-ak 1.1 - pkgsrc/mail/fetchmailconf/Makefile 1.65 Module Name: pkgsrc Committed By: rillig Date: Wed Sep 28 21:55:32 UTC 2005 Modified Files: pkgsrc/mail/fetchmail: options.mk Log Message: Replaced "# defined" with "yes" in Makefile variables like GNU_CONFIGURE, NO_BUILD, USE_LIBTOOL. --- Module Name: pkgsrc Committed By: scottr Date: Tue Oct 25 17:52:38 UTC 2005 Modified Files: pkgsrc/mail/fetchmail: options.mk Log Message: Add SOCKS4/SOCKS5 support. --- Module Name: pkgsrc Committed By: tonio Date: Fri Oct 21 20:56:50 UTC 2005 Modified Files: pkgsrc/mail/fetchmail: Makefile distinfo Added Files: pkgsrc/mail/fetchmail/patches: patch-ah patch-ai patch-aj Log Message: Fix mail/fetchmail under darwin (PR 28543). The added patches add a prefix "fm_" to lock related finctions, to avoid name clash with darwin lock functions. Link with -lresolv under darwin. (thanks scole_at_sdf.lonestar.org for the patches) Bump PKGREVISION --- Module Name: pkgsrc Committed By: adrianp Date: Tue Nov 1 19:16:52 UTC 2005 Modified Files: pkgsrc/mail/fetchmail: distinfo Added Files: pkgsrc/mail/fetchmail/patches: patch-ak Log Message: Add patch-ak for a fetchmailconf security issue. This patch does not impact the fetchmail package so no version bump is required. --- Module Name: pkgsrc Committed By: adrianp Date: Tue Nov 1 19:17:41 UTC 2005 Modified Files: pkgsrc/mail/fetchmailconf: Makefile Log Message: Bump to nb3 for security patch @ text @a0 46 $NetBSD: patch-ak,v 1.1.2.1 2005/11/01 21:51:26 salo Exp $ --- fetchmailconf.orig 2003-10-15 20:22:31.000000000 +0100 +++ fetchmailconf 2005-10-21 14:48:02.000000000 +0100 @@@@ -4,7 +4,19 @@@@ # by Eric S. Raymond, . # Requires Python with Tkinter, and the following OS-dependent services: # posix, posixpath, socket -version = "1.43" +# +# Changes by Matthias Andree, in 2005: +# +# 1.43.1 - unsuccessful attempt to fix a password exposure bug +# +# thanks to Thomas Wolff and Miloslav Trmac for pointing +# out the fix was insufficient +# +# 1.43.2 - fix password exposure bug, by restricting umask to 077 +# before opening the file +# - record fetchmailconf version in output file +# +version = "1.43.2" from Tkinter import * from Dialog import * @@@@ -858,14 +870,17 @@@@ # Pre-1.5.2 compatibility... except os.error: pass + old_umask = os.umask(077) fm = open(self.outfile, 'w') + os.umask(old_umask) if fm: - fm.write("# Configuration created %s by fetchmailconf\n" % time.ctime(time.time())) + if fm != sys.stdout: + os.chmod(self.outfile, 0600) + fm.write("# Configuration created %s by fetchmailconf %s\n" + % (time.ctime(time.time()), version)) fm.write(`self.configuration`) if self.outfile: fm.close() - if fm != sys.stdout: - os.chmod(self.outfile, 0600) self.destruct() # @