rpms/fetchmail/F-8 fetchmail-6.3.8-CVE-2008-2711.patch, NONE, 1.1 fetchmail.spec, 1.54, 1.55
Vitezslav Crhonek (vcrhonek)
fedora-extras-commits at redhat.com
Fri Jun 27 10:43:52 UTC 2008
Author: vcrhonek
Update of /cvs/extras/rpms/fetchmail/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17408
Modified Files:
fetchmail.spec
Added Files:
fetchmail-6.3.8-CVE-2008-2711.patch
Log Message:
Fix CVE-2008-2711
fetchmail-6.3.8-CVE-2008-2711.patch:
--- NEW FILE fetchmail-6.3.8-CVE-2008-2711.patch ---
diff -up fetchmail-6.3.8/report.c_old fetchmail-6.3.8/report.c
--- fetchmail-6.3.8/report.c_old 2008-06-27 11:38:59.000000000 +0200
+++ fetchmail-6.3.8/report.c 2008-06-27 11:39:22.000000000 +0200
@@ -238,11 +238,17 @@ report_build (FILE *errfp, message, va_a
rep_ensuresize();
#if defined(VA_START)
- VA_START (args, message);
for ( ; ; )
{
+ /*
+ * args has to be initialized before every call of vsnprintf(),
+ * because vsnprintf() invokes va_arg macro and thus args is
+ * undefined after the call.
+ */
+ VA_START(args, message);
n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used,
message, args);
+ va_end (args);
if (n >= 0
&& (unsigned)n < partial_message_size - partial_message_size_used)
@@ -254,7 +260,6 @@ report_build (FILE *errfp, message, va_a
partial_message_size += 2048;
partial_message = REALLOC (partial_message, partial_message_size);
}
- va_end (args);
#else
for ( ; ; )
{
@@ -304,12 +309,13 @@ report_complete (FILE *errfp, message, v
rep_ensuresize();
#if defined(VA_START)
- VA_START (args, message);
for ( ; ; )
{
+ VA_START(args, message);
n = vsnprintf (partial_message + partial_message_size_used,
partial_message_size - partial_message_size_used,
message, args);
+ va_end(args);
/* old glibc versions return -1 for truncation */
if (n >= 0
@@ -322,7 +328,6 @@ report_complete (FILE *errfp, message, v
partial_message_size += 2048;
partial_message = REALLOC (partial_message, partial_message_size);
}
- va_end (args);
#else
for ( ; ; )
{
Index: fetchmail.spec
===================================================================
RCS file: /cvs/extras/rpms/fetchmail/F-8/fetchmail.spec,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- fetchmail.spec 4 Sep 2007 12:27:30 -0000 1.54
+++ fetchmail.spec 27 Jun 2008 10:43:06 -0000 1.55
@@ -4,12 +4,13 @@
Summary: A remote mail retrieval and forwarding utility
Name: fetchmail
Version: 6.3.8
-Release: 3%{?dist}
+Release: 4%{?dist}
Requires: smtpdaemon
Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2
Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2.asc
Patch0: fetchmail-6.2.5-addrconf.patch
Patch1: fetchmail-6.3.8-CVE-2007-4565.patch
+Patch2: fetchmail-6.3.8-CVE-2008-2711.patch
URL: http://fetchmail.berlios.de/
# For a breakdown of the licensing, see COPYING
License: GPL+ and Public Domain
@@ -49,6 +50,7 @@
%setup -q
%patch0 -p1 -b .addrconf
%patch1 -p1 -b .cve_2007_4565
+%patch2 -p1 -b .cve_2008_2711
%build
%configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \
@@ -86,6 +88,9 @@
%endif
%changelog
+* Fri Jun 27 2008 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.8-4
+- Fix CVE-2008-2711
+
* Tue Sep 4 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.8-3
- Fix CVE-2007-4565
More information about the fedora-extras-commits
mailing list