forked from pool/fetchmail
Angel Yankov
7f7443dc80
* Rebased fetchmail-add-passwordfile-and-passwordfd-options.patch
* Rebased fetchmail-add-query_to64_outsize-utility-function.patch
* Rebased fetchmail-bump-max-passwordlen-to-1bytes.patch
* Rebased fetchmail-give-each-ctl-it-s-own-copy-of-password.patch
* Rebased fetchmail-increase-max-password-length-to-handle-oauth-tokens.patch
* Rebased fetchmail-re-read-passwordfile-on-every-poll.patch
* Rebased fetchmail-support-oauthbearer-xoauth2-with-pop3.patch
* SECURITY BUGFIX:
* fetchmail-SA-2025-01.txt: CVE pending assignment by MITRE
An SMTP server advertising EHLO and AUTH, and if fetchmail is configured to
authenticate (esmtpname and esmtppassword given and non-empty), the server
might crash fetchmail by sending a "334" response without further blank to
fetchmail's AUTH request. This is in violation of applicable RFC-4952 though.
Fetchmail now detects this situation and reports it separately as
malformed server reply.
Fetchmail 6.5.6 has been released without waiting for translation updates
or CVE identifier, these will be provided in followup releases.
* BUGFIXES:
* RFC-5321: When the --smtpaddress, --smtphost, --smtpname, -D or -S argument
is an numeric address literal such as 192.0.2.2 or 2001:0DB8::4321, properly
format that as such in the SMTP RCPT command as user@[192.0.2.2] or
user@[IPv6:2001:0DB8::4321].
* When printing output on the console while fetching mail, do not intersperse
another copy of our program name and date in the middle of a log line.
Workaround for older versions: --logfile /dev/tty (might also use
--logfile /dev/stderr) - but note this changes buffering behavior and may
output to appear later and without ticker marks.
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=165
42 lines
1.6 KiB
Diff
42 lines
1.6 KiB
Diff
From: Matthew Ogilvie <mmogilvi+fml@zoho.com>
|
|
Date: Fri, 21 Dec 2018 09:00:46 -0700
|
|
Subject: add query_to64_outsize() utility function
|
|
Git-repo: https://gitlab.com/fetchmail/fetchmail.git
|
|
Git-commit: cc6e146d516140df800da68976eb7c0aa1cef7c0
|
|
|
|
---
|
|
base64.c | 7 +++++++
|
|
fetchmail.h | 1 +
|
|
2 files changed, 8 insertions(+)
|
|
|
|
Index: fetchmail-6.5.6/base64.c
|
|
===================================================================
|
|
--- fetchmail-6.5.6.orig/base64.c
|
|
+++ fetchmail-6.5.6/base64.c
|
|
@@ -77,6 +77,13 @@ fail:
|
|
return rc;
|
|
}
|
|
|
|
+size_t query_to64_outsize(size_t inlen)
|
|
+/* Returns how much space needs to be allocated to receive the output from
|
|
+ * to64frombits(), including the '\0' terminator. */
|
|
+{
|
|
+ return ((inlen+2)/3)*4+1;
|
|
+}
|
|
+
|
|
int from64tobits(void *out_, const char *in, int maxlen)
|
|
/** base 64 to raw bytes in quasi-big-endian order, \return count of bytes, or
|
|
* -1 on error (invalid input characters, or input not properly padded with '='
|
|
Index: fetchmail-6.5.6/fetchmail.h
|
|
===================================================================
|
|
--- fetchmail-6.5.6.orig/fetchmail.h
|
|
+++ fetchmail-6.5.6/fetchmail.h
|
|
@@ -618,6 +618,7 @@ int prc_filecheck(const char *, const fl
|
|
/* base64.c */
|
|
unsigned len64frombits(unsigned inlen); /** calculate length needed to encode inlen octets. warnings: 1. caller needs to add 1 for a trailing \0 byte himself. 2. returns 0 for inlen 0! */
|
|
int to64frombits(char *, const void *, int inlen, size_t outlen);
|
|
+size_t query_to64_outsize(size_t inlen);
|
|
int from64tobits(void *, const char *, int mxoutlen);
|
|
|
|
/* unmime.c */
|