rpms/fetchmail/FC-4 fetchmail-6.2.5-CAN-2005-2355.patch, NONE, 1.1 fetchmail.spec, 1.23, 1.24

[fedora-cvs-commits redhat com]

Author: mitr

Update of /cvs/dist/rpms/fetchmail/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv25870

Modified Files:
	fetchmail.spec 
Added Files:
	fetchmail-6.2.5-CAN-2005-2355.patch 
Log Message:
* Thu Jul 21 2005 Miloslav Trmac <mitr redhat com> - 6.2.5-7.fc4.1
- Fix CAN-2005-2355 (#163819, patch by Ludwig Nussel)


fetchmail-6.2.5-CAN-2005-2355.patch:
 pop3.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

--- NEW FILE fetchmail-6.2.5-CAN-2005-2355.patch ---
From: Ludwig Nussel <ludwig nussel suse de>

Not as generic but should be sufficient for the uidl overflow:

Index: fetchmail-6.2.5/pop3.c
===================================================================
--- fetchmail-6.2.5.orig/pop3.c
+++ fetchmail-6.2.5/pop3.c
@@ -613,6 +613,8 @@ static int pop3_gettopid( int sock, int 
     return 0;
 }
 
+#define str(s) #s
+#define UIDLFMT(n) "%d %" str(n) "s"
 static int pop3_getuidl( int sock, int num , char *id)
 {
     int ok;
@@ -620,7 +622,7 @@ static int pop3_getuidl( int sock, int n
     gen_send(sock, "UIDL %d", num);
     if ((ok = pop3_ok(sock, buf)) != 0)
 	return(ok);
-    if (sscanf(buf, "%d %s", &num, id) != 2)
+    if (sscanf(buf, UIDLFMT(IDLEN), &num, id) != 2)
 	return(PS_PROTOCOL);
     return(PS_SUCCESS);
 }
@@ -862,7 +864,7 @@ static int pop3_getrange(int sock, 
 		{
  		    if (DOTLINE(buf))
  			break;
- 		    else if (sscanf(buf, "%d %s", &num, id) == 2)
+ 		    else if (sscanf(buf, UIDLFMT(IDLEN), &num, id) == 2)
 		    {
  			struct idlist	*old, *new;
 



Index: fetchmail.spec
===================================================================
RCS file: /cvs/dist/rpms/fetchmail/FC-4/fetchmail.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- fetchmail.spec	16 Mar 2005 23:49:19 -0000	1.23
+++ fetchmail.spec	21 Jul 2005 16:38:32 -0000	1.24
@@ -3,7 +3,7 @@
 Summary: A remote mail retrieval and forwarding utility.
 Name: fetchmail
 Version: 6.2.5
-Release: 7
+Release: 7.fc4.1
 Requires: smtpdaemon
 Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.gz
 Source1: http://www.catb.org/~esr/fetchmail/fetchmail-%{version}.tar.gz.asc
@@ -15,6 +15,7 @@
 Patch4: fetchmail-6.2.5-addrconf.patch
 Patch5: fetchmail-6.2.5-recent-after-expunge.patch
 Patch6: fetchmail-6.2.5-krb5.patch
+Patch7: fetchmail-6.2.5-CAN-2005-2355.patch
 URL: http://fetchmail.berlios.de/
 License: GPL
 Group: Applications/Internet
@@ -60,6 +61,7 @@
 %patch4 -p1 -b .addrconf
 %patch5 -p1 -b .recent-after-expunge
 %patch6 -p1 -b .krb5
+%patch7 -p1 -b .can-2005-2355
 autoheader
 autoconf
 
@@ -102,6 +104,9 @@
 %endif
 
 %changelog
+* Thu Jul 21 2005 Miloslav Trmac <mitr redhat com> - 6.2.5-7.fc4.1
+- Fix CAN-2005-2355 (#163819, patch by Ludwig Nussel)
+
 * Wed Mar 16 2005 Nalin Dahyabhai <nalin redhat com> 6.2.5-7
 - stop using one of the libkrb5 private functions