Date: Mon, 20 Oct 2003 17:03:57 +0200 (CEST) From: Simon Barner <barner@in.tum.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: ve@sci.fi Subject: ports/58284: [non-maintainer][security update] mail/fetchmail -> 6.2.5 Message-ID: <20031020150357.C0A63AE9@zi025.glhnet.mhn.de> Resent-Message-ID: <200310201510.h9KFADWE080662@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 58284 >Category: ports >Synopsis: [non-maintainer][security update] mail/fetchmail -> 6.2.5 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Mon Oct 20 08:10:12 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Simon Barner >Release: FreeBSD 4.9-PRERELEASE i386 >Organization: >Environment: System: FreeBSD zi025.glhnet.mhn.de 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #1: Thu Sep 4 20:49:53 CEST 2003 simon@zi025.glhnet.mhn.de:/usr/src/sys/compile/KISTE i386 >Description: According to http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:101 , fetchmail <= 6.2.4 is vulnerable to a denial of service attack: Malicious email messages are reported to crash the fetchmail daemon. While performing the upgrade, I encountered that a shared library was missing on my system: cc -L/usr/local/lib -L/usr/local/lib -lintl rcfile_y.o rcfile_l.o socket.o getpa ss.o pop2.o pop3.o imap.o etrn.o odmr.o fetchmail.o idle.o env.o options.o daemo n.o driver.o transact.o sink.o rfc822.o smtp.o xmalloc.o uid.o mxget.o md5ify.o cram.o kerberos.o gssapi.o opie.o rpa.o interface.o netrc.o base64.o report.o un mime.o conf.o checkalias.o smbdes.o smbencrypt.o smbmd4.o smbutil.o ipv6-connect .o lock.o getopt.o getopt1.o -lopie -lcrypt -lmd -lkvm -lcom_err -lintl -lssl -lcrypto -lRSAglue -lintl -lfl -o fetchmail /usr/libexec/elf/ld: cannot find -lRSAglue gmake: *** [fetchmail] Error 1 *** Error code 2 Removing -lRSAglue fixed the problem for me. Since I don't know, whether it is a problem with my system or not, I did not supply a patch for this issue. (I am using the OpenSSL port v0.9.7c on FreeBSD 4.9-PRERELEASE) >How-To-Repeat: >Fix: Please apply the following (trivial) patch (gpg checksum of the source tarball was successfully verified). diff -ruN fetchmail.orig/Makefile fetchmail/Makefile --- fetchmail.orig/Makefile Wed Sep 10 14:58:35 2003 +++ fetchmail/Makefile Mon Oct 20 16:41:14 2003 @@ -10,8 +10,7 @@ # want fetchmailconf to work, define WITH_X11 PORTNAME= fetchmail -PORTVERSION= 6.2.4 -PORTREVISION= 1 +PORTVERSION= 6.2.5 CATEGORIES= mail ipv6 MASTER_SITES= http://www.catb.org/~esr/fetchmail/ \ ftp://ftp.ccil.org/pub/esr/fetchmail/ \ diff -ruN fetchmail.orig/distinfo fetchmail/distinfo --- fetchmail.orig/distinfo Mon Oct 20 16:40:55 2003 +++ fetchmail/distinfo Mon Oct 20 16:41:55 2003 @@ -1 +1 @@ -MD5 (fetchmail-6.2.4.tar.gz) = 3614acbda936548d2f8d5bffb161ff59 +MD5 (fetchmail-6.2.5.tar.gz) = 9956b30139edaa4f5f77c4d0dbd80225 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031020150357.C0A63AE9>