diff mbox series

fetchmail: Update to version 6.5.6

Message ID 20251014130807.3469514-2-adolf.belka@ipfire.org
State Staged
Commit e95252a7566ab9d87e3d33c88060dd5367091534
Headers
Series fetchmail: Update to version 6.5.6 |

Commit Message

Adolf Belka 14 Oct 2025, 1:07 p.m. UTC 
- Update from version 6.5.5 to 6.5.6
- No change to rootfile
- Changelog
    6.5.6
      SECURITY BUGFIX:
	* fetchmail-SA-2025-01.txt: CVE pending assignment by MITRE
	  An SMTP server advertising EHLO and AUTH, and if fetchmail is configured to
	  authenticate (esmtpname and esmtppassword given and non-empty), the server
	  might crash fetchmail by sending a "334" response without further blank to
	  fetchmail's AUTH request. This is in violation of applicable RFC-4952 though.
	    Fetchmail now detects this situation and reports it separately as
	  malformed server reply.
	    Fetchmail 6.5.6 has been released without waiting for translation updates
	  or CVE identifier, these will be provided in followup releases.
      BUGFIXES:
	* RFC-5321: When the --smtpaddress, --smtphost, --smtpname, -D or -S argument
	  is an numeric address literal such as 192.0.2.2 or 2001:0DB8::4321, properly
	  format that as such in the SMTP RCPT command as user@[192.0.2.2] or
	  user@[IPv6:2001:0DB8::4321].
	* When printing output on the console while fetching mail, do not intersperse
	  another copy of our program name and date in the middle of a log line.
	  Workaround for older versions: --logfile /dev/tty  (might also use
	  --logfile /dev/stderr) - but note this changes buffering behavior and may
	  output to appear later and without ticker marks.
	* A few low-priority memory leaks in the command-line options parser were
	  fixed. Since this parser runs only once, leaks are harmless.
	* Some minor code cleanups and robustness fixes were made, and we should
	  see fewer compiler warnings as a result.
      CHANGES:
	* Given the slow update schedules of some distributions, already add code
	  that checks if time_t() is good beyond the year 2038,
	  meaning time_t is either unsigned (which would last until 2106) or
	  64 bits wide.  If the system isn't safe, warn on every launch of fetchmail
	  beginning 2028-01-01 at 00:00 GMT so users have 10 years to plan.
	  Fetchmail will also print a warning if time(time_t *t) overflows.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/fetchmail | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/lfs/fetchmail b/lfs/fetchmail
index 3a04ba881..2cd118aae 100644
--- a/lfs/fetchmail
+++ b/lfs/fetchmail
@@ -26,7 +26,7 @@  include Config
 
 SUMMARY    = Full-Featured POP and IMAP Mail Retrieval Daemon
 
-VER        = 6.5.5
+VER        = 6.5.6
 
 THISAPP    = fetchmail-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -34,7 +34,7 @@  DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = fetchmail
-PAK_VER    = 21
+PAK_VER    = 22
 
 DEPS       =
 
@@ -48,7 +48,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 73d7dafb33dd6d8efd70c4d4ab7cb6d43d8fc41b66eef9facdd2ac27300e9ff94b0a40b5c49d6fa6a91bd0625243f6805f7dbc681e851ead9910d2507914d16e
+$(DL_FILE)_BLAKE2 = cef4a2d2f7611cea3ab689c3cd6cedd7f598fef7f28908621b74d788fa8a3b747fb5b70fb3637052bce4f75eaa35f910ea7c41444becf9330248a6548a6cc984
 
 install : $(TARGET)