ports/58284: [non-maintainer][security update] mail/fetchmail -> 6.2.5

Simon Barner barner at in.tum.de
Mon Oct 20 15:10:15 UTC 2003 

>Number:         58284
>Category:       ports
>Synopsis:       [non-maintainer][security update] mail/fetchmail -> 6.2.5
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 20 08:10:12 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Simon Barner
>Release:        FreeBSD 4.9-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD zi025.glhnet.mhn.de 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #1: Thu Sep 4 20:49:53 CEST 2003 simon at zi025.glhnet.mhn.de:/usr/src/sys/compile/KISTE i386

>Description:

According to

   http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:101

, fetchmail <= 6.2.4 is vulnerable to a denial of service attack:
Malicious email messages are reported to crash the fetchmail daemon.

While performing the upgrade, I encountered that a shared library was
missing on my system:

cc -L/usr/local/lib -L/usr/local/lib -lintl rcfile_y.o rcfile_l.o socket.o getpa
ss.o pop2.o pop3.o imap.o etrn.o odmr.o fetchmail.o idle.o env.o options.o daemo
n.o driver.o transact.o sink.o rfc822.o smtp.o xmalloc.o uid.o mxget.o md5ify.o 
cram.o kerberos.o gssapi.o opie.o rpa.o interface.o netrc.o base64.o report.o un
mime.o conf.o checkalias.o smbdes.o smbencrypt.o smbmd4.o smbutil.o ipv6-connect
.o lock.o getopt.o getopt1.o  -lopie -lcrypt  -lmd -lkvm -lcom_err -lintl -lssl 
-lcrypto -lRSAglue -lintl -lfl -o fetchmail
/usr/libexec/elf/ld: cannot find -lRSAglue
gmake: *** [fetchmail] Error 1
*** Error code 2

Removing -lRSAglue fixed the problem for me. Since I don't know,
whether it is a problem with my system or not, I did not supply a
patch for this issue. (I am using the OpenSSL port v0.9.7c on FreeBSD
4.9-PRERELEASE)

>How-To-Repeat:
>Fix:

Please apply the following (trivial) patch (gpg checksum of the source
tarball was successfully verified).

diff -ruN fetchmail.orig/Makefile fetchmail/Makefile
--- fetchmail.orig/Makefile	Wed Sep 10 14:58:35 2003
+++ fetchmail/Makefile	Mon Oct 20 16:41:14 2003
@@ -10,8 +10,7 @@
 # want fetchmailconf to work, define WITH_X11
 
 PORTNAME=	fetchmail
-PORTVERSION=	6.2.4
-PORTREVISION=	1
+PORTVERSION=	6.2.5
 CATEGORIES=	mail ipv6
 MASTER_SITES=	http://www.catb.org/~esr/fetchmail/ \
 		ftp://ftp.ccil.org/pub/esr/fetchmail/ \
diff -ruN fetchmail.orig/distinfo fetchmail/distinfo
--- fetchmail.orig/distinfo	Mon Oct 20 16:40:55 2003
+++ fetchmail/distinfo	Mon Oct 20 16:41:55 2003
@@ -1 +1 @@
-MD5 (fetchmail-6.2.4.tar.gz) = 3614acbda936548d2f8d5bffb161ff59
+MD5 (fetchmail-6.2.5.tar.gz) = 9956b30139edaa4f5f77c4d0dbd80225
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list