rpms/fetchmail/F-8 fetchmail-6.3.8-CVE-2008-2711.patch, NONE, 1.1 fetchmail.spec, 1.54, 1.55

Fri Jun 27 10:43:52 UTC 2008

Author: vcrhonek

Update of /cvs/extras/rpms/fetchmail/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17408

Modified Files:
	fetchmail.spec 
Added Files:
	fetchmail-6.3.8-CVE-2008-2711.patch 
Log Message:
Fix CVE-2008-2711

fetchmail-6.3.8-CVE-2008-2711.patch:

--- NEW FILE fetchmail-6.3.8-CVE-2008-2711.patch ---
diff -up fetchmail-6.3.8/report.c_old fetchmail-6.3.8/report.c
--- fetchmail-6.3.8/report.c_old	2008-06-27 11:38:59.000000000 +0200
+++ fetchmail-6.3.8/report.c	2008-06-27 11:39:22.000000000 +0200
@@ -238,11 +238,17 @@ report_build (FILE *errfp, message, va_a
     rep_ensuresize();
 
 #if defined(VA_START)
-    VA_START (args, message);
     for ( ; ; )
     {
+	/*
+	 * args has to be initialized before every call of vsnprintf(), 
+	 * because vsnprintf() invokes va_arg macro and thus args is 
+	 * undefined after the call.
+	 */
+	VA_START(args, message);
 	n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used,
 		       message, args);
+	va_end (args);
 
 	if (n >= 0
 	    && (unsigned)n < partial_message_size - partial_message_size_used)
@@ -254,7 +260,6 @@ report_build (FILE *errfp, message, va_a
 	partial_message_size += 2048;
 	partial_message = REALLOC (partial_message, partial_message_size);
     }
-    va_end (args);
 #else
     for ( ; ; )
     {
@@ -304,12 +309,13 @@ report_complete (FILE *errfp, message, v
     rep_ensuresize();
 
 #if defined(VA_START)
-    VA_START (args, message);
     for ( ; ; )
     {
+	VA_START(args, message);
 	n = vsnprintf (partial_message + partial_message_size_used,
 		       partial_message_size - partial_message_size_used,
 		       message, args);
+	va_end(args);
 
 	/* old glibc versions return -1 for truncation */
 	if (n >= 0
@@ -322,7 +328,6 @@ report_complete (FILE *errfp, message, v
 	partial_message_size += 2048;
 	partial_message = REALLOC (partial_message, partial_message_size);
     }
-    va_end (args);
 #else
     for ( ; ; )
     {


Index: fetchmail.spec
===================================================================
RCS file: /cvs/extras/rpms/fetchmail/F-8/fetchmail.spec,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- fetchmail.spec	4 Sep 2007 12:27:30 -0000	1.54
+++ fetchmail.spec	27 Jun 2008 10:43:06 -0000	1.55
@@ -4,12 +4,13 @@
 Summary: A remote mail retrieval and forwarding utility
 Name: fetchmail
 Version: 6.3.8
-Release: 3%{?dist}
+Release: 4%{?dist}
 Requires: smtpdaemon
 Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2
 Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2.asc
 Patch0: fetchmail-6.2.5-addrconf.patch
 Patch1: fetchmail-6.3.8-CVE-2007-4565.patch
+Patch2: fetchmail-6.3.8-CVE-2008-2711.patch
 URL: http://fetchmail.berlios.de/
 # For a breakdown of the licensing, see COPYING
 License: GPL+ and Public Domain
@@ -49,6 +50,7 @@
 %setup -q
 %patch0 -p1 -b .addrconf
 %patch1 -p1 -b .cve_2007_4565
+%patch2 -p1 -b .cve_2008_2711
 
 %build
 %configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \
@@ -86,6 +88,9 @@
 %endif
 
 %changelog
+* Fri Jun 27 2008 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.8-4
+- Fix CVE-2008-2711
+
 * Tue Sep  4 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 6.3.8-3
 - Fix CVE-2007-4565
 


