ports/58284: [non-maintainer][security update] mail/fetchmail -> 6.2.5
Simon Barner
barner at in.tum.de
Mon Oct 20 15:10:15 UTC 2003
>Number: 58284
>Category: ports
>Synopsis: [non-maintainer][security update] mail/fetchmail -> 6.2.5
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon Oct 20 08:10:12 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Simon Barner
>Release: FreeBSD 4.9-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD zi025.glhnet.mhn.de 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #1: Thu Sep 4 20:49:53 CEST 2003 simon at zi025.glhnet.mhn.de:/usr/src/sys/compile/KISTE i386
>Description:
According to
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:101
, fetchmail <= 6.2.4 is vulnerable to a denial of service attack:
Malicious email messages are reported to crash the fetchmail daemon.
While performing the upgrade, I encountered that a shared library was
missing on my system:
cc -L/usr/local/lib -L/usr/local/lib -lintl rcfile_y.o rcfile_l.o socket.o getpa
ss.o pop2.o pop3.o imap.o etrn.o odmr.o fetchmail.o idle.o env.o options.o daemo
n.o driver.o transact.o sink.o rfc822.o smtp.o xmalloc.o uid.o mxget.o md5ify.o
cram.o kerberos.o gssapi.o opie.o rpa.o interface.o netrc.o base64.o report.o un
mime.o conf.o checkalias.o smbdes.o smbencrypt.o smbmd4.o smbutil.o ipv6-connect
.o lock.o getopt.o getopt1.o -lopie -lcrypt -lmd -lkvm -lcom_err -lintl -lssl
-lcrypto -lRSAglue -lintl -lfl -o fetchmail
/usr/libexec/elf/ld: cannot find -lRSAglue
gmake: *** [fetchmail] Error 1
*** Error code 2
Removing -lRSAglue fixed the problem for me. Since I don't know,
whether it is a problem with my system or not, I did not supply a
patch for this issue. (I am using the OpenSSL port v0.9.7c on FreeBSD
4.9-PRERELEASE)
>How-To-Repeat:
>Fix:
Please apply the following (trivial) patch (gpg checksum of the source
tarball was successfully verified).
diff -ruN fetchmail.orig/Makefile fetchmail/Makefile
--- fetchmail.orig/Makefile Wed Sep 10 14:58:35 2003
+++ fetchmail/Makefile Mon Oct 20 16:41:14 2003
@@ -10,8 +10,7 @@
# want fetchmailconf to work, define WITH_X11
PORTNAME= fetchmail
-PORTVERSION= 6.2.4
-PORTREVISION= 1
+PORTVERSION= 6.2.5
CATEGORIES= mail ipv6
MASTER_SITES= http://www.catb.org/~esr/fetchmail/ \
ftp://ftp.ccil.org/pub/esr/fetchmail/ \
diff -ruN fetchmail.orig/distinfo fetchmail/distinfo
--- fetchmail.orig/distinfo Mon Oct 20 16:40:55 2003
+++ fetchmail/distinfo Mon Oct 20 16:41:55 2003
@@ -1 +1 @@
-MD5 (fetchmail-6.2.4.tar.gz) = 3614acbda936548d2f8d5bffb161ff59
+MD5 (fetchmail-6.2.5.tar.gz) = 9956b30139edaa4f5f77c4d0dbd80225
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list