head 1.11; access; symbols OPENPKG_E1_MP_HEAD:1.9 OPENPKG_E1_MP:1.9 OPENPKG_E1_MP_2_STABLE:1.7 OPENPKG_E1_FP:1.7 OPENPKG_2_STABLE_MP:1.9 OPENPKG_2_STABLE_20061018:1.7 OPENPKG_2_STABLE_20060622:1.7 OPENPKG_2_STABLE:1.7.0.2 OPENPKG_2_STABLE_BP:1.7 OPENPKG_2_5_RELEASE:1.6 OPENPKG_2_5_SOLID:1.6.0.2 OPENPKG_2_5_SOLID_BP:1.6 OPENPKG_2_4_RELEASE:1.5 OPENPKG_2_4_SOLID:1.5.0.4 OPENPKG_2_4_SOLID_BP:1.5 OPENPKG_CW_FP:1.5 OPENPKG_2_3_RELEASE:1.5 OPENPKG_2_3_SOLID:1.5.0.2 OPENPKG_2_3_SOLID_BP:1.5 OPENPKG_2_2_RELEASE:1.4 OPENPKG_2_2_SOLID:1.4.0.6 OPENPKG_2_2_SOLID_BP:1.4 OPENPKG_2_1_RELEASE:1.4 OPENPKG_2_1_SOLID:1.4.0.4 OPENPKG_2_1_SOLID_BP:1.4 OPENPKG_2_0_RELEASE:1.4 OPENPKG_2_0_SOLID:1.4.0.2 OPENPKG_2_0_SOLID_BP:1.4 OPENPKG_1_3_RELEASE:1.1 OPENPKG_1_3_SOLID:1.1.0.10 OPENPKG_1_3_SOLID_BP:1.1 OPENPKG_1_2_SOLID:1.1.0.8 OPENPKG_1_2_SOLID_BP:1.1 OPENPKG_1_STABLE:1.1.0.6 OPENPKG_1_STABLE_BP:1.1 OPENPKG_1_0_SOLID:1.1.0.4 OPENPKG_1_1_SOLID:1.1.0.2; locks; strict; comment @# @; 1.11 date 2008.11.17.21.08.59; author rse; state Exp; branches; next 1.10; commitid E34qhhIoIqQ9A0rt; 1.10 date 2007.09.04.08.29.06; author rse; state Exp; branches; next 1.9; commitid mYLLLdk2p1Blwows; 1.9 date 2007.01.06.09.23.12; author rse; state Exp; branches; next 1.8; commitid HdpWJP4TL5Jczq1s; 1.8 date 2006.11.28.11.49.08; author tho; state Exp; branches; next 1.7; commitid 8YUFyhgpxGSYCqWr; 1.7 date 2005.11.18.07.51.59; author rse; state Exp; branches 1.7.2.1; next 1.6; commitid 1QiKxj7URmlYmdar; 1.6 date 2005.07.28.12.10.04; author thl; state Exp; branches; next 1.5; 1.5 date 2005.01.29.12.39.27; author rse; state Exp; branches 1.5.2.1 1.5.4.1; next 1.4; 1.4 date 2003.10.19.11.23.48; author rse; state Exp; branches; next 1.3; 1.3 date 2003.10.16.08.33.20; author thl; state dead; branches; next 1.2; 1.2 date 2003.10.08.17.59.30; author rse; state Exp; branches; next 1.1; 1.1 date 2002.12.17.15.31.03; author rse; state dead; branches 1.1.2.1 1.1.4.1 1.1.10.1; next ; 1.7.2.1 date 2006.12.22.19.13.21; author thl; state Exp; branches; next 1.7.2.2; commitid 2LefOfqsS8nsjyZr; 1.7.2.2 date 2007.01.06.09.42.44; author rse; state Exp; branches; next ; commitid bKhM6VhAMiLTFq1s; 1.5.2.1 date 2005.07.28.12.15.14; author thl; state Exp; branches; next ; 1.5.4.1 date 2005.07.28.12.14.59; author thl; state Exp; branches; next ; 1.1.2.1 date 2002.12.17.15.31.03; author rse; state Exp; branches; next ; 1.1.4.1 date 2002.12.17.15.33.05; author rse; state Exp; branches; next ; 1.1.10.1 date 2004.04.08.11.41.14; author ms; state Exp; branches; next ; desc @@ 1.11 log @upgrading package: fetchmail 6.3.8 -> 6.3.9 @ text @Index: socket.c --- socket.c.orig 2008-11-13 12:48:47 +0100 +++ socket.c 2008-11-17 13:59:21 +0100 @@@@ -9,6 +9,8 @@@@ #include #include #include +#include +#include #include /* isspace() */ #ifdef HAVE_MEMORY_H #include @ 1.10 log @Security Fix (http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt) @ text @d2 2 a3 2 --- socket.c.orig 2006-12-17 01:05:31 +0100 +++ socket.c 2007-01-06 09:43:51 +0100 a12 19 ----------------------------------------------------------------------------- Security Fix http://fetchmail.berlios.de/fetchmail-SA-2007-02.txt Index: sink.c --- sink.c (revision 5118) +++ sink.c (revision 5119) @@@@ -262,7 +262,7 @@@@ const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@@"; /* don't bounce in reply to undeliverable bounces */ - if (!msg->return_path[0] || + if (!msg || !msg->return_path[0] || strcmp(msg->return_path, "<>") == 0 || strcasecmp(msg->return_path, md1) == 0 || strncasecmp(msg->return_path, md2, strlen(md2)) == 0) @ 1.9 log @upgrading package: fetchmail 6.3.5 -> 6.3.6 @ text @d13 19 @ 1.8 log @fixed fetchmail not logging in daemon mode @ text @d2 2 a3 2 --- socket.c.orig 2003-10-10 12:32:15.000000000 +0200 +++ socket.c 2003-10-19 13:17:45.000000000 +0200 a12 13 Index: daemon.c --- daemon.c.orig 2006-08-07 11:22:40 +0200 +++ daemon.c 2006-11-28 12:45:27 +0100 @@@@ -218,8 +218,7 @@@@ if ((logfd = open(logfile, O_CREAT|O_WRONLY|O_APPEND, 0666)) < 0) { /* stdout */ report(stderr, "cannot open %s: %s\n", logfile, strerror(errno)); return PS_IOERR; - } else - logfd = 0; /* use /dev/null */ + } } else logfd = 0; /* this is /dev/null */ @ 1.7 log @upgrading package: fetchmail 6.2.5 -> 6.2.9rc9 @ text @d13 13 @ 1.7.2.1 log @MFC: make up leeway for 2_STABLE by virtue of build-time results @ text @a12 13 Index: daemon.c --- daemon.c.orig 2006-08-07 11:22:40 +0200 +++ daemon.c 2006-11-28 12:45:27 +0100 @@@@ -218,8 +218,7 @@@@ if ((logfd = open(logfile, O_CREAT|O_WRONLY|O_APPEND, 0666)) < 0) { /* stdout */ report(stderr, "cannot open %s: %s\n", logfile, strerror(errno)); return PS_IOERR; - } else - logfd = 0; /* use /dev/null */ + } } else logfd = 0; /* this is /dev/null */ @ 1.7.2.2 log @MFC: security fixed version @ text @d2 2 a3 2 --- socket.c.orig 2006-12-17 01:05:31 +0100 +++ socket.c 2007-01-06 09:43:51 +0100 d13 13 @ 1.6 log @SA-2005.016-fetchmail; CAN-2005-2335 @ text @a12 49 Index: driver.c --- driver.c.orig 2003-10-15 21:22:31 +0200 +++ driver.c 2005-01-29 13:36:30 +0100 @@@@ -429,7 +429,9 @@@@ /* for POP3, we can get the size of one mail only! Unfortunately, this * protocol specific test cannot be done elsewhere as the protocol * could be "auto". */ - if (ctl->server.protocol == P_POP3) + if ( ctl->server.protocol == P_POP3 + || ctl->server.protocol == P_APOP + || ctl->server.protocol == P_RPOP) fetchsizelimit = 1; /* Time to allocate memory to store the sizes */ OpenPKG-SA-2005.016-fetchmail; CAN-2005-2335 Patch from Ludwig Nussel @@SUSE Index: fetchmail-6.2.5/pop3.c =================================================================== --- pop3.c.625 +++ pop3.c @@@@ -613,6 +613,8 @@@@ static int pop3_gettopid( int sock, int return 0; } +#define str(s) #s +#define UIDLFMT(n) "%d %" str(n) "s" static int pop3_getuidl( int sock, int num , char *id) { int ok; @@@@ -620,7 +622,7 @@@@ static int pop3_getuidl( int sock, int n gen_send(sock, "UIDL %d", num); if ((ok = pop3_ok(sock, buf)) != 0) return(ok); - if (sscanf(buf, "%d %s", &num, id) != 2) + if (sscanf(buf, UIDLFMT(IDLEN), &num, id) != 2) return(PS_PROTOCOL); return(PS_SUCCESS); } @@@@ -862,7 +864,7 @@@@ static int pop3_getrange(int sock, { if (DOTLINE(buf)) break; - else if (sscanf(buf, "%d %s", &num, id) == 2) + else if (sscanf(buf, UIDLFMT(IDLEN), &num, id) == 2) { struct idlist *old, *new; @ 1.5 log @make Fetchmail compatible with QPopper's APOP functionality as mentioned on the fetchmail lists @ text @d27 35 @ 1.5.2.1 log @MFC: SA-2005.016-fetchmail; CAN-2005-2335 @ text @a26 35 OpenPKG-SA-2005.016-fetchmail; CAN-2005-2335 Patch from Ludwig Nussel @@SUSE Index: fetchmail-6.2.5/pop3.c =================================================================== --- pop3.c.625 +++ pop3.c @@@@ -613,6 +613,8 @@@@ static int pop3_gettopid( int sock, int return 0; } +#define str(s) #s +#define UIDLFMT(n) "%d %" str(n) "s" static int pop3_getuidl( int sock, int num , char *id) { int ok; @@@@ -620,7 +622,7 @@@@ static int pop3_getuidl( int sock, int n gen_send(sock, "UIDL %d", num); if ((ok = pop3_ok(sock, buf)) != 0) return(ok); - if (sscanf(buf, "%d %s", &num, id) != 2) + if (sscanf(buf, UIDLFMT(IDLEN), &num, id) != 2) return(PS_PROTOCOL); return(PS_SUCCESS); } @@@@ -862,7 +864,7 @@@@ static int pop3_getrange(int sock, { if (DOTLINE(buf)) break; - else if (sscanf(buf, "%d %s", &num, id) == 2) + else if (sscanf(buf, UIDLFMT(IDLEN), &num, id) == 2) { struct idlist *old, *new; @ 1.5.4.1 log @MFC: SA-2005.016-fetchmail; CAN-2005-2335 @ text @a26 35 OpenPKG-SA-2005.016-fetchmail; CAN-2005-2335 Patch from Ludwig Nussel @@SUSE Index: fetchmail-6.2.5/pop3.c =================================================================== --- pop3.c.625 +++ pop3.c @@@@ -613,6 +613,8 @@@@ static int pop3_gettopid( int sock, int return 0; } +#define str(s) #s +#define UIDLFMT(n) "%d %" str(n) "s" static int pop3_getuidl( int sock, int num , char *id) { int ok; @@@@ -620,7 +622,7 @@@@ static int pop3_getuidl( int sock, int n gen_send(sock, "UIDL %d", num); if ((ok = pop3_ok(sock, buf)) != 0) return(ok); - if (sscanf(buf, "%d %s", &num, id) != 2) + if (sscanf(buf, UIDLFMT(IDLEN), &num, id) != 2) return(PS_PROTOCOL); return(PS_SUCCESS); } @@@@ -862,7 +864,7 @@@@ static int pop3_getrange(int sock, { if (DOTLINE(buf)) break; - else if (sscanf(buf, "%d %s", &num, id) == 2) + else if (sscanf(buf, UIDLFMT(IDLEN), &num, id) == 2) { struct idlist *old, *new; @ 1.4 log @make more portable @ text @d13 14 @ 1.3 log @upgrading package: fetchmail 6.2.4 -> 6.2.5 @ text @d1 12 a12 20 --- rfc822.c.orig Thu Jul 17 03:03:20 2003 +++ rfc822.c Tue Sep 23 11:23:05 2003 @@@@ -176,7 +176,7 @@@@ case 3: /* we're in a <>-enclosed address */ if (*from == '@@' || *from == '!') has_host_part = TRUE; - else if (*from == '>' && from[-1] != '<') + else if (*from == '>' && (from > buf && from[-1] != '<')) { state = 1; if (!has_host_part) @@@@ -198,7 +198,7 @@@@ /* * If we passed a comma, reset everything. */ - if (from[-1] == ',' && !parendepth) { + if ((from > buf && from[-1] == ',') && !parendepth) { has_host_part = has_bare_name_part = FALSE; parens_from = NULL; } @ 1.2 log @modifying package: fetchmail-6.2.4 20030814 -> 20031008 @ text @@ 1.1 log @file fetchmail.patch was initially added on branch OPENPKG_1_1_SOLID. @ text @d1 20 @ 1.1.10.1 log @OpenPKG-SA-2004.012-fetchmail (CAN-2003-0792): Using patch code from Mandrake's fetchmail-6.2.4-reply_hack.patch and Immunix's fetchmail-5.9.0-reply_hack.patch, modify it to conform to fetchmail 6.2.3 for use in OpenPKG UPD package fetchmail-6.2.3-1.3.1.src.rpm @ text @a0 67 Lines 9-73 of this patch resolve CAN-2003-0792: * When allocating storage for an overlong line, allocate space for the string's NUL terminator. * When rewriting a header to qualify email addresses, update the length (the header must not contain NUL bytes) to account for newly-added text so that we avoid chopping off data when the line is stored in the headers list. diff -Nau fetchmail.h.orig fetchmail.h --- fetchmail.h.orig 2003-08-05 23:30:16.000000000 -0400 +++ fetchmail.h 2003-10-09 15:36:07.000000000 -0400 @@@@ -506,7 +506,7 @@@@ void close_warning_by_mail(struct query *, struct msgblk *); /* rfc822.c: RFC822 header parsing */ -unsigned char *reply_hack(unsigned char *, const unsigned char *); +unsigned char *reply_hack(unsigned char *, const unsigned char *, int *); unsigned char *nxtaddr(const unsigned char *); /* uid.c: UID support */ diff -Nau rfc822.c.orig rfc822.c --- rfc822.c.orig 2003-10-09 15:38:42.000000000 -0400 +++ rfc822.c 2003-10-09 15:36:33.000000000 -0400 @@@@ -39,10 +39,11 @@@@ #define HEADER_END(p) ((p)[0] == '\n' && ((p)[1] != ' ' && (p)[1] != '\t')) -unsigned char *reply_hack(buf, host) +unsigned char *reply_hack(buf, host, length) /* hack message headers so replies will work properly */ unsigned char *buf; /* header to be hacked */ const unsigned char *host; /* server hostname */ +int *length; { unsigned char *from, *cp, last_nws = '\0', *parens_from = NULL; int parendepth, state, has_bare_name_part, has_host_part; @@@@ -208,6 +209,7 @@@@ if (outlevel >= O_DEBUG) report_complete(stdout, GT_("Rewritten version is %s\n"), buf); #endif /* MAIN */ + *length = strlen(buf); return(buf); } diff -Nau transact.c.orig transact.c --- transact.c.orig 2003-08-05 23:30:19.000000000 -0400 +++ transact.c 2003-10-09 15:28:40.000000000 -0400 @@@@ -446,8 +446,9 @@@@ */ if ( n && buf[n-1] != '\n' ) { overlong = TRUE; - line = realloc(line, linelen); + line = realloc(line, linelen + 1); memcpy(line + linelen - n, buf, n); + line[linelen] = '\0'; ch = ' '; /* So the next iteration starts */ continue; } @@@@ -659,7 +659,7 @@@@ } if (ctl->rewrite) - line = reply_hack(line, ctl->server.truename); + line = reply_hack(line, ctl->server.truename, &linelen); /* * OK, this is messy. If we're forwarding by SMTP, it's the @ 1.1.4.1 log @add security patch @ text @a0 11 --- rfc822.c Mon Aug 26 19:52:42 2002 +++ rfc822.c Mon Dec 9 15:50:11 2002 @@@@ -63,7 +63,7 @@@@ for (cp = buf; *cp; cp++) if (*cp == ',' || isspace(*cp)) addresscount++; - buf = (unsigned char *)xrealloc(buf, strlen(buf) + addresscount * strlen(host) + 1); + buf = (unsigned char *)xrealloc(buf, strlen(buf) + addresscount * (strlen(host) + 1) + 1); #endif /* TESTMAIN */ /* @ 1.1.2.1 log @add security bugfix @ text @a0 11 --- rfc822.c Mon Aug 26 19:52:42 2002 +++ rfc822.c Mon Dec 9 15:50:11 2002 @@@@ -63,7 +63,7 @@@@ for (cp = buf; *cp; cp++) if (*cp == ',' || isspace(*cp)) addresscount++; - buf = (unsigned char *)xrealloc(buf, strlen(buf) + addresscount * strlen(host) + 1); + buf = (unsigned char *)xrealloc(buf, strlen(buf) + addresscount * (strlen(host) + 1) + 1); #endif /* TESTMAIN */ /* @