From 8bfc256277c19e88604bce89387a210b37946e03ae8f5455621f063d5fe07b98 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 10 Aug 2009 15:49:38 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fetchmail?expand=0&rev=26 --- fetchmail-6.3.10.tar.bz2 | 3 -- fetchmail-6.3.11-fix-invalid-free.patch | 15 ++++++++++ fetchmail-6.3.11.tar.bz2 | 3 ++ fetchmail.changes | 37 +++++++++++++++++++++++++ fetchmail.spec | 14 ++++++---- 5 files changed, 63 insertions(+), 9 deletions(-) delete mode 100644 fetchmail-6.3.10.tar.bz2 create mode 100644 fetchmail-6.3.11-fix-invalid-free.patch create mode 100644 fetchmail-6.3.11.tar.bz2 diff --git a/fetchmail-6.3.10.tar.bz2 b/fetchmail-6.3.10.tar.bz2 deleted file mode 100644 index ef8a1f9..0000000 --- a/fetchmail-6.3.10.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d3a22d81990908f7df4bfd25f12b9e41303e956b3e70d7447356cf92ad7f6607 -size 1608066 diff --git a/fetchmail-6.3.11-fix-invalid-free.patch b/fetchmail-6.3.11-fix-invalid-free.patch new file mode 100644 index 0000000..96c5171 --- /dev/null +++ b/fetchmail-6.3.11-fix-invalid-free.patch @@ -0,0 +1,15 @@ +--- socket.c.org 2009-08-08 16:01:49.000000000 +0200 ++++ socket.c 2009-08-08 16:03:17.000000000 +0200 +@@ -628,9 +628,10 @@ + report(stdout, GT_("Unknown Issuer CommonName\n")); + } + if ((i = X509_NAME_get_text_by_NID(subj, NID_commonName, buf, sizeof(buf))) != -1) { +- if (outlevel >= O_VERBOSE) ++ if (outlevel >= O_VERBOSE) { + report(stdout, GT_("Server CommonName: %s\n"), (tt = sdump(buf, i))); +- xfree(tt); ++ xfree(tt); ++ } + if ((size_t)i >= sizeof(buf) - 1) { + /* Possible truncation. In this case, this is a DNS name, so this + * is really bad. We do not tolerate this even in the non-strict case. */ diff --git a/fetchmail-6.3.11.tar.bz2 b/fetchmail-6.3.11.tar.bz2 new file mode 100644 index 0000000..e2f004a --- /dev/null +++ b/fetchmail-6.3.11.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ba679cef82b9520bc5dbe9e2e54381e488b5712faf885deb7612393b5ab80c6f +size 1608923 diff --git a/fetchmail.changes b/fetchmail.changes index 39a4035..ee3e5f8 100644 --- a/fetchmail.changes +++ b/fetchmail.changes @@ -1,3 +1,40 @@ +------------------------------------------------------------------- +Mon Aug 10 09:30:16 UTC 2009 - puzel@novell.com + +- add fetchmail-6.3.11-fix-invalid-free.patch + - fix https://bugs.gentoo.org/280760 + +------------------------------------------------------------------- +Sun Aug 9 12:43:26 CEST 2009 - coolo@novell.com + +- use new python macros + +------------------------------------------------------------------- +Thu Aug 6 11:35:50 UTC 2009 - puzel@novell.com + +- update to 6.3.11 + # SECURITY BUGFIXES + * CVE-2009-2666: SSL NUL prefix impersonation attack through NULs in a + part of a X.509 certificate's CommonName and subjectAltName fields. These + fields use opaque strings with a separate length field, so that the NUL + character isn't a special character inside the certificate. Fetchmail, being + written in the C language, used to treat these strings as C strings + nonetheless, so that the domain comparison would end at the first embedded NUL + character, rather than at the real end of the string. + Fetchmail will now abort certificate verification as failed if NULs are + encountered inside either of these fields regardless of their position, and + drop the connection even if --sslcertck is not used, because NUL is not a + valid character in legitimate DNS names. + See fetchmail-SA-2009-01.txt for details, including a minimal patch. + + # BUGFIXES + * Remove the spurious message "message delimiter found while scanning headers". + RFC-5322 syntax states that the delimiter is part of the body, and the body is + optional. + * Convert all non-printable characters in certificate Subject/Issuer + Common Name or Subject Alternative Name fields to ANSI-C hex escapes (\xnn, + where nn are hex digits). + ------------------------------------------------------------------- Fri Jul 3 09:58:22 CEST 2009 - puzel@novell.com diff --git a/fetchmail.spec b/fetchmail.spec index cf38cd6..b20c6f7 100644 --- a/fetchmail.spec +++ b/fetchmail.spec @@ -1,5 +1,5 @@ # -# spec file for package fetchmail (Version 6.3.10) +# spec file for package fetchmail (Version 6.3.11) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -26,16 +26,17 @@ BuildRequires: ed openssl-devel opie postfix procmail pwdutils python-devel %if 0%{?with_krb5} BuildRequires: krb5-devel %endif -License: GPL v2 or later ; Other uncritical OpenSource License ; Public Domain, Freeware +License: GPL v2 or later ; Other uncritical OpenSource License ; Public Domain, Freeware Group: Productivity/Networking/Email/Utilities AutoReqProv: on -Version: 6.3.10 +Version: 6.3.11 Release: 1 Source: %{name}-%{version}.tar.bz2 Source1: %{name}.init Source2: %{name}.logrotate Source3: sysconfig.%{name} -Patch: fetchmail-6.3.8-smtp_errors.patch +Patch0: fetchmail-6.3.8-smtp_errors.patch +Patch1: fetchmail-6.3.11-fix-invalid-free.patch PreReq: %insserv_prereq %fillup_prereq coreutils pwdutils Url: http://fetchmail.berlios.de/ Icon: fetchmail.xpm @@ -87,7 +88,8 @@ Authors: %prep %setup -q -%patch -p1 +%patch0 -p1 +%patch1 -p0 cp -a %{S:1} %{S:2} %{S:3} . %build @@ -170,6 +172,6 @@ rm -rf $RPM_BUILD_ROOT %defattr(-, root, root) %{_bindir}/fetchmailconf %doc %{_mandir}/man1/fetchmailconf.1.gz -%{py_sitedir}/fetchmailconf.* +%{python_sitelib}/fetchmailconf.* %changelog