ports/170613: [PATCH] mail/fetchmail: update to 6.3.21_1

Matthias Andree mandree at FreeBSD.org
Mon Aug 13 21:00:22 UTC 2012 

>Number:         170613
>Category:       ports
>Synopsis:       [PATCH] mail/fetchmail: update to 6.3.21_1
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 13 21:00:22 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Andree
>Release:        FreeBSD 9.1-PRERELEASE amd64
>Organization:
>Environment:
System: FreeBSD apollo.emma.line.org 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #3: Fri Aug 10 23:05:39 CEST 2012
>Description:
- Update to 6.3.21_1, with a security fix for NTLM auth (fixes a
  DoS/crash). Details to be disclosed later.

Added file(s):
- files/patch-3fbc7c

Port maintainer (chalpin at cs.wisc.edu) is cc'd.

Generated with FreeBSD Port Tools 0.99_6 (mode: update, diff: ports)
>How-To-Repeat:
>Fix:

--- fetchmail-6.3.21_1.patch begins here ---
diff -ruN --exclude=CVS /usr/ports//mail/fetchmail/Makefile ./Makefile
--- /usr/ports//mail/fetchmail/Makefile	2012-02-25 00:56:18.000000000 +0100
+++ ./Makefile	2012-08-13 22:46:33.000000000 +0200
@@ -12,6 +12,7 @@
 
 PORTNAME=	fetchmail
 PORTVERSION=	6.3.21
+PORTREVISION=	1
 CATEGORIES=	mail ipv6
 MASTER_SITES=	BERLIOS/${PORTNAME}/ \
 		SF/${PORTNAME}/branch_6.3/ \
diff -ruN --exclude=CVS /usr/ports//mail/fetchmail/files/patch-3fbc7c ./files/patch-3fbc7c
--- /usr/ports//mail/fetchmail/files/patch-3fbc7c	1970-01-01 01:00:00.000000000 +0100
+++ ./files/patch-3fbc7c	2012-08-13 22:46:13.000000000 +0200
@@ -0,0 +1,38 @@
+commit 3fbc7cd331602c76f882d1b507cd05c1d824ba8b
+Author: Matthias Andree <matthias.andree at gmx.de>
+Date:   Mon Aug 13 20:48:12 2012 +0200
+
+    Fix crash: Handle invalid base64 in NTLM challenge.
+    
+    Some servers, for instance the MS Exchange servers deployed by the
+    US-American National Aeronautics and Space Administration (NASA),
+    aborted the NTLM protocol exchange after receiving the initial request.
+    
+    Fetchmail did not detect that there was an error message, rather than
+    NTLM protocol exchange, and caught a segmentation fault while reading
+    from a bad location.
+    
+    Detect base64 decoding errors, and return PS_AUTHFAIL in this case.
+    
+    Reported by J[ames] Porter Clark.
+
+diff --git a/ntlmsubr.c b/ntlmsubr.c
+index f9d2733..9321d26 100644
+--- a/ntlmsubr.c
++++ b/ntlmsubr.c
+@@ -55,7 +55,14 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto)
+     if ((result = gen_recv(sock, msgbuf, sizeof msgbuf)))
+ 	goto cancelfail;
+ 
+-    (void)from64tobits (&challenge, msgbuf, sizeof(challenge));
++    if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0)
++    {
++	report (stderr, GT_("could not decode BASE64 challenge\n"));
++	/* We do not goto cancelfail; the server has already sent the
++	 * tagged reply, so the protocol exchange has ended, no need
++	 * for us to send the asterisk. */
++	return PS_AUTHFAIL;
++    }
+ 
+     if (outlevel >= O_DEBUG)
+ 	dumpSmbNtlmAuthChallenge(stdout, &challenge);
--- fetchmail-6.3.21_1.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list