diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2010-02-05 01:06:08 +0000 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2010-02-05 01:06:08 +0000 |
| commit | 8209860428405ca97e51dad4d91c3624893ad227 (patch) | |
| tree | b387fb7191b69dd554dc85be4dc5ddb3deb727fd | |
| parent | 958b996a2dad365a7c23b1488e00d9a2b47232e2 (diff) | |
| download | fetchmail-8209860428405ca97e51dad4d91c3624893ad227.tar.gz fetchmail-8209860428405ca97e51dad4d91c3624893ad227.tar.bz2 fetchmail-8209860428405ca97e51dad4d91c3624893ad227.zip | |
Getting ready for 6.3.14 release.
svn path=/branches/BRANCH_6-3/; revision=5480
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | RELEASEVERSIONS | 1 | ||||
| -rwxr-xr-x | dist-tools/makerelease | 16 | ||||
| -rw-r--r-- | fetchmail-SA-2010-01.txt | 29 |
4 files changed, 31 insertions, 17 deletions
@@ -47,7 +47,7 @@ removed from a 6.4.0 or newer release.) -------------------------------------------------------------------------------- -fetchmail 6.3.14 (not yet released): +fetchmail 6.3.14 (released 2010-02-05, 25487 LoC): # SECURITY FIXES * SSL/TLS certificate information is now also reported properly on computers diff --git a/RELEASEVERSIONS b/RELEASEVERSIONS index f2475c58..1067da80 100644 --- a/RELEASEVERSIONS +++ b/RELEASEVERSIONS @@ -1,6 +1,7 @@ SVN release - fetchmail release - release manager ==================================================== SORT_BY (release) +r5480 - 6.3.14 (2010-02-05) - MA r5450 - 6.3.13 (2009-10-30) - MA r5439 - 6.3.12 (2009-10-05) - MA r5398 - 6.3.11 (2009-08-06) - MA diff --git a/dist-tools/makerelease b/dist-tools/makerelease index 26a483e1..59b120e3 100755 --- a/dist-tools/makerelease +++ b/dist-tools/makerelease @@ -12,6 +12,8 @@ $svnrepos = "http://mknod.org/svn/$project"; $website = "http://developer.berlios.de/projects/$project"; $mailfrom = "<$project-devel-owner\@lists.berlios.de> (Fetchmail Development Team)"; +die "Need GNU sort!" unless `sort --version | head -n1` =~ /GNU/; + # parse options $diffs = 0; $verbose = 0; @@ -44,7 +46,7 @@ $tag = "RELEASE_$version"; $tag =~ tr/./-/; # extract existing tags -open(ID, "-|", "svn", "ls", $svnrepos . "/tags") || die "cannot run svn ls: $!\naborting"; +open(ID, "svn ls \"$svnrepos/tags\" | sort -t- -k1,1 -k2,2n -k3,3n |") || die "cannot run svn ls: $!\naborting"; while (<ID>) { if (m{^(RELEASE_.*)/}) { unshift(@versions, $1); @@ -76,14 +78,14 @@ if (system("autoreconf -isv")) { } print "### Test-building the software...\n"; -if (system("mkdir -p autobuild && cd autobuild && ../configure -C --silent && make -s clean && make distcheck")) { +if (system("mkdir -p autobuild && cd autobuild && ../configure -C --silent && make -s clean && make check distcheck")) { die("Compilation failure\n"); } -print "### Building the RPMs...\n"; -if (system("cd autobuild && cp ../fetchmail.xpm . && buildrpms $project-${version}.tar.bz2 $null")) { - die("RPM-build failure\n"); -} +# print "### Building the RPMs...\n"; +# if (system("cd autobuild && cp ../fetchmail.xpm . && buildrpms $project-${version}.tar.bz2 $null")) { +# die("RPM-build failure\n"); +# } open(REPORT, ">$tmp/$project.PREAMBLE.$$"); @@ -144,7 +146,7 @@ if ($diffs) { ." -n -D 'diff between $oldver and $version' -m 'text/plain' -e 7bit -f $tmp/$project.DIFFS.$$" ." -o ANNOUNCE.EMAIL"; } else { - system(mv, "$tmp/$project.PREAMBLE.$$", "ANNOUNCE.EMAIL"); + system("mv", "$tmp/$project.PREAMBLE.$$", "ANNOUNCE.EMAIL"); } #unlink("$tmp/$project.PREAMBLE.$$"); diff --git a/fetchmail-SA-2010-01.txt b/fetchmail-SA-2010-01.txt index 7abc2211..ea2b6617 100644 --- a/fetchmail-SA-2010-01.txt +++ b/fetchmail-SA-2010-01.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + fetchmail-SA-2010-01: Heap overrun in verbose SSL cert' info display. Topics: Heap overrun in verbose SSL certificate information display. @@ -8,9 +11,8 @@ Announced: Type: malloc() Buffer overrun with printable characters Impact: Code injection (difficult). Danger: low -CVSSv2 vectors: -CVE Name: +CVE Name: to be assigned via oss-security@ list URL: http://www.fetchmail.info/fetchmail-SA-2010-01.txt Project URL: http://www.fetchmail.info/ @@ -19,12 +21,14 @@ Affects: fetchmail releases 6.3.11, 6.3.12, and 6.3.13 Not affected: fetchmail release 6.3.14 and newer Corrected: 2010-02-04 fetchmail SVN (r5467) + 2010-02-05 fetchmail release 6.3.14 0. Release history ================== -2010-02-04 0.1 first draft (visible in SVN) +2010-02-04 0.1 first draft (visible in SVN and through oss-security) +2010-02-05 1.0 fixed signed/unsigned typo (found by Nico Golde) 1. Background @@ -50,14 +54,14 @@ buffer overrun because non-printing characters are escaped as \xFF..FFnn, where nn is 80..FF in hex. This might be exploitable to inject code if -- fetchmail is run in verbose mode +- - fetchmail is run in verbose mode AND -- the host running fetchmail considers char signed +- - the host running fetchmail considers char signed AND -- the server uses malicious certificates with non-printing characters +- - the server uses malicious certificates with non-printing characters that have the high bit set AND -- these certificates manage to inject shell-code that consists purely of +- - these certificates manage to inject shell-code that consists purely of printable characters. It is believed to be difficult to achieve all this. @@ -115,16 +119,23 @@ or strip them manually. You may want to use the "-p1" flag to patch. Whitespace differences can usually be ignored by invoking "patch -l", so try this if the patch does not apply. ---- a/sdump.c +- --- a/sdump.c +++ b/sdump.c @@ -36,7 +36,7 @@ char *sdump(const char *in, size_t len) if (isprint((unsigned char)in[i])) { *(oi++) = in[i]; } else { -- oi += sprintf(oi, "\\x%02X", in[i]); +- - oi += sprintf(oi, "\\x%02X", in[i]); + oi += sprintf(oi, "\\x%02X", (unsigned char)in[i]); } } *oi = '\0'; END OF fetchmail-SA-2010-01.txt +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.12 (GNU/Linux) + +iEYEARECAAYFAktrbs0ACgkQvmGDOQUufZWzMQCg49F/WJiOjGwWZKHHzBcfTgx/ +sLIAmQHPO3mezy3Ku0O29b4AXHL2ZQNb +=kF7s +-----END PGP SIGNATURE----- |