From patchwork Tue Oct 14 13:07:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9197 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4cmDzw6pwWz3xQ9 for ; Tue, 14 Oct 2025 13:08:28 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4cmDzv2qYmz425 for ; Tue, 14 Oct 2025 13:08:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cmDzs6DtWz337n for ; Tue, 14 Oct 2025 13:08:25 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cmDzq1X21z32fp for ; Tue, 14 Oct 2025 13:08:23 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4cmDzp340Zz3Wx; Tue, 14 Oct 2025 13:08:22 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1760447302; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7HDPZf9sj/uh9RAT+lI3RqMcQ86mhs0EgriDU8j/Rg0=; b=31r2QxrjFtj+RmH6jgl4VFxco8U7iIYu4l9ba27yRIHkfWngfGTpe2KEFyL7ySnZIWduLn 8xoExxW7TpnNnaDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1760447302; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7HDPZf9sj/uh9RAT+lI3RqMcQ86mhs0EgriDU8j/Rg0=; b=lTvzczfbNCe1C5IsambylzstHfkQCyWAAHiwfPWpGO8vy+Abl0TGl5o2FeacHmxDzNBHJp ypzzkv1bDpbGQkle26cac6TYTl0+BjSe58aDlWNsivX+FQDkd6EAN9oDsa3fSOOdIz+X7F IETIMUWsnhsCBPZY9qOkiXWDJB+OnfAEGLWdB4+vXFGJta8lW/d53RhsQGhmL1Aofv2MYH 92rsR+skrEdyXuCfKeKNS6iZFKU/hAQ759ZJ2zAUebQY8usROMnWzeuackrxRkKmkWse9f tdLyxi0DeIKsGcvmztka3S1qAhyB7wgO39oJhxDPqverNWxI05R8alho0AlQ5g== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] fetchmail: Update to version 6.5.6 Date: Tue, 14 Oct 2025 15:07:54 +0200 Message-ID: <20251014130807.3469514-2-adolf.belka@ipfire.org> In-Reply-To: <20251014130807.3469514-1-adolf.belka@ipfire.org> References: <20251014130807.3469514-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 6.5.5 to 6.5.6 - No change to rootfile - Changelog 6.5.6 SECURITY BUGFIX: * fetchmail-SA-2025-01.txt: CVE pending assignment by MITRE An SMTP server advertising EHLO and AUTH, and if fetchmail is configured to authenticate (esmtpname and esmtppassword given and non-empty), the server might crash fetchmail by sending a "334" response without further blank to fetchmail's AUTH request. This is in violation of applicable RFC-4952 though. Fetchmail now detects this situation and reports it separately as malformed server reply. Fetchmail 6.5.6 has been released without waiting for translation updates or CVE identifier, these will be provided in followup releases. BUGFIXES: * RFC-5321: When the --smtpaddress, --smtphost, --smtpname, -D or -S argument is an numeric address literal such as 192.0.2.2 or 2001:0DB8::4321, properly format that as such in the SMTP RCPT command as user@[192.0.2.2] or user@[IPv6:2001:0DB8::4321]. * When printing output on the console while fetching mail, do not intersperse another copy of our program name and date in the middle of a log line. Workaround for older versions: --logfile /dev/tty (might also use --logfile /dev/stderr) - but note this changes buffering behavior and may output to appear later and without ticker marks. * A few low-priority memory leaks in the command-line options parser were fixed. Since this parser runs only once, leaks are harmless. * Some minor code cleanups and robustness fixes were made, and we should see fewer compiler warnings as a result. CHANGES: * Given the slow update schedules of some distributions, already add code that checks if time_t() is good beyond the year 2038, meaning time_t is either unsigned (which would last until 2106) or 64 bits wide. If the system isn't safe, warn on every launch of fetchmail beginning 2028-01-01 at 00:00 GMT so users have 10 years to plan. Fetchmail will also print a warning if time(time_t *t) overflows. Signed-off-by: Adolf Belka --- lfs/fetchmail | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/fetchmail b/lfs/fetchmail index 3a04ba881..2cd118aae 100644 --- a/lfs/fetchmail +++ b/lfs/fetchmail @@ -26,7 +26,7 @@ include Config SUMMARY = Full-Featured POP and IMAP Mail Retrieval Daemon -VER = 6.5.5 +VER = 6.5.6 THISAPP = fetchmail-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = fetchmail -PAK_VER = 21 +PAK_VER = 22 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 73d7dafb33dd6d8efd70c4d4ab7cb6d43d8fc41b66eef9facdd2ac27300e9ff94b0a40b5c49d6fa6a91bd0625243f6805f7dbc681e851ead9910d2507914d16e +$(DL_FILE)_BLAKE2 = cef4a2d2f7611cea3ab689c3cd6cedd7f598fef7f28908621b74d788fa8a3b747fb5b70fb3637052bce4f75eaa35f910ea7c41444becf9330248a6548a6cc984 install : $(TARGET)