Package: fetchmail / 6.4.16-4+deb11u1

Metadata

Package Version Patches format
fetchmail 6.4.16-4+deb11u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01_fetchmailconf.patch | (download)

fetchmailconf.py | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 
 remove header from fetchmailconf.py since it is a library.
04_invoke rc.d.diff | (download)

contrib/fetchmail.logrotate | 6 1 + 5 - 0 !
1 file changed, 1 insertion(+), 5 deletions(-)

 
 patch contrib files to run invoke-rc.d instead of /etc/init.d/* directly
 This is required by policy 4.0.0.
07_properly_report_size_of_mailboxes.patch | (download)

driver.c | 7 4 + 3 - 0 !
etrn.c | 2 1 + 1 - 0 !
fetchmail.h | 2 1 + 1 - 0 !
imap.c | 2 1 + 1 - 0 !
odmr.c | 2 1 + 1 - 0 !
pop2.c | 2 1 + 1 - 0 !
pop3.c | 4 2 + 2 - 0 !
7 files changed, 11 insertions(+), 10 deletions(-)

 
 [patch] properly report size of mailboxes of 2 gibib or above.

To fix Debian Bug#873668, reported by Andreas Schmidt.
This requires C99's new long long type.
08_remove_forced_OpenSSL_check.patch | (download)

socket.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 
 remove forced openssl version check
 Not needed, linker should take care of proper library loading.
09_fix_memory_leak_in_timeout_situation.patch | (download)

imap.c | 8 5 + 3 - 0 !
1 file changed, 5 insertions(+), 3 deletions(-)

 
---
10_update_manpage.patch | (download)

fetchmail.man | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 
---
11_fix_CVE 2021 38386.patch | (download)

NEWS | 18 18 + 0 - 0 !
report.c | 138 77 + 61 - 0 !
2 files changed, 95 insertions(+), 61 deletions(-)

 
 [patch] fix sigsegv when resizing report*() buffer.
12_fix_logfile_and_message_truncation_issue.patch | (download)

NEWS | 18 18 + 0 - 0 !
report.c | 3 2 + 1 - 0 !
2 files changed, 20 insertions(+), 1 deletion(-)

 
 [patch] fix --logfile and message truncation issue.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Regression in 6.4.20's security fix (Git commit c546c829).

We doubly incremented partial_message_size_used on modern systems
(stdard.h/vsnprintf), once in report_vbuild() and then again in
report_build(), so the 2nd and subsequent report_build() fragments
landed too late in the buffer.  This will not cause overruns due to the
reallocation prior to the vsnprintf/sprintf, but it write starts behind
the '\0' byte, instead of right over it, so the string also gets
truncated to the first fragment written with report_vbuild().

Fix by moving the increment back into the #else...#endif part that does
not use report_vbuild().

Reported by: Jrgen Edner, Erik Christiansen
13_fix_envelope_segfault.patch | (download)

fetchmail.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
---