| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 01_fetchmailconf.patch | Remove header from fetchmailconf.py since it is a library. Remove header from fetchmailconf.py since it is a library. =================================================================== |
Hector Garcia <hector@debian.org> | no | |||
| 04_invoke-rc.d.diff | patch contrib files to run invoke-rc.d instead of /etc/init.d/* directly This is required by policy 4.0.0. | Nicolas Boulenguez <nicolas@debian.org> | no | |||
| 07_properly_report_size_of_mailboxes.patch | [PATCH] Properly report size of mailboxes of 2 GibiB or above. To fix Debian Bug#873668, reported by Andreas Schmidt. This requires C99's new long long type. |
Matthias Andree <matthias.andree@gmx.de> | no | 2019-08-24 | ||
| 08_remove_forced_OpenSSL_check.patch | Remove forced OpenSSL version check Not needed, linker should take care of proper library loading. | Laszlo Boszormenyi (GCS) <gcs@debian.org> | no | debian | 2021-02-13 | |
| 09_fix_memory_leak_in_timeout_situation.patch | diff --git a/imap.c b/imap.c index 90c3f92ceeefe4c2dafbd925b173560003ef76e1..a7ddc45f2914abcbb6aa8126ad75e373ff842aeb 100644 |
no | ||||
| 10_update_manpage.patch | diff --git a/fetchmail.man b/fetchmail.man index a94889f07f5625b3547b33430e1727dcbc1a01a2..9a461f4533192a308bc1c9d57d7276ab5883e0f9 100644 |
no | ||||
| 11_fix_CVE-2021-38386.patch | [PATCH] Fix SIGSEGV when resizing report*() buffer. Reported (with a different patch suggestion) by Christian Herdtweck <christian.herdtweck@intra2net.com>. Note that vsnprintf() calls va_arg(), and depending on operating system, compiler, configuration, this will invalidate the va_list argument pointer, so that va_start has to be called again before a subsequent vsnprintf(). However, it is better to do away with the loop and the trial-and-error, and leverage the return value of vsnprintf instead for a direct one-off resizing, whilst taking into account that on SUSv2 systems, the return value can be useless if the size argument to vsnprintf is 0. |
Matthias Andree <matthias.andree@gmx.de> | no | 2021-07-07 | ||
| 12_fix_logfile_and_message_truncation_issue.patch | [PATCH] Fix --logfile and message truncation issue. Regression in 6.4.20's security fix (Git commit c546c829). We doubly incremented partial_message_size_used on modern systems (stdard.h/vsnprintf), once in report_vbuild() and then again in report_build(), so the 2nd and subsequent report_build() fragments landed too late in the buffer. This will not cause overruns due to the reallocation prior to the vsnprintf/sprintf, but it write starts behind the '\0' byte, instead of right over it, so the string also gets truncated to the first fragment written with report_vbuild(). Fix by moving the increment back into the #else...#endif part that does not use report_vbuild(). Reported by: Jürgen Edner, Erik Christiansen |
Matthias Andree <matthias.andree@gmx.de> | no | 2021-08-09 | ||
| 13_fix_envelope_segfault.patch | diff --git a/fetchmail.c b/fetchmail.c index ac8e4607..71ecc1b0 100644 |
no |