| Message ID | 20210918180137.1766-1-peter@korsgaard.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | package/fetchmail: security bump to version 6.4.22 | expand |
Peter, All, On 2021-09-18 20:01 +0200, Peter Korsgaard spake thusly: > Fixes the following security issues: > > - CVE-2021-39272: Fetchmail before 6.4.22 fails to enforce STARTTLS session > encryption in some circumstances, such as a certain situation with IMAP > and PREAUTH. > https://www.fetchmail.info/fetchmail-SA-2021-02.txt > > Update COPYING hash for a clarification of the license situation with > openssl 3.x (which is Apache 2.0 licensed): > > https://gitlab.com/fetchmail/fetchmail/-/commit/8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9 > > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Applied to master, thanks. Regards, Yann E. MORIN. > --- > package/fetchmail/fetchmail.hash | 8 +++----- > package/fetchmail/fetchmail.mk | 2 +- > 2 files changed, 4 insertions(+), 6 deletions(-) > > diff --git a/package/fetchmail/fetchmail.hash b/package/fetchmail/fetchmail.hash > index 30df3eb834..88deb343c4 100644 > --- a/package/fetchmail/fetchmail.hash > +++ b/package/fetchmail/fetchmail.hash > @@ -1,6 +1,4 @@ > -# From https://sourceforge.net/p/fetchmail/mailman/message/37327392/ > -sha256 6a459c1cafd7a1daa5cd137140da60c18c84b5699cd8e7249a79c33342c99d1d fetchmail-6.4.21.tar.xz > -# From https://sourceforge.net/projects/fetchmail/files/branch_6.4/ > -sha1 a264c50256c2b42d2c7893f9efae7c9a29350786 fetchmail-6.4.21.tar.xz > +# From https://sourceforge.net/p/fetchmail/mailman/message/37350119/ > +sha256 cc6818bd59435602169fa292d6d163d56b21c7f53112829470a3aceabe612c84 fetchmail-6.4.22.tar.xz > # Locally computed: > -sha256 6346b5aa04e258fa4326272ea92372d796b4382aa963535ae98a3bb5f8cd5aeb COPYING > +sha256 001d1b8d111a83e3bab8b4d511ea4767d37d3bd0583560fccece630df1ba8f3c COPYING > diff --git a/package/fetchmail/fetchmail.mk b/package/fetchmail/fetchmail.mk > index 0b4cf39cbd..77d9733296 100644 > --- a/package/fetchmail/fetchmail.mk > +++ b/package/fetchmail/fetchmail.mk > @@ -5,7 +5,7 @@ > ################################################################################ > > FETCHMAIL_VERSION_MAJOR = 6.4 > -FETCHMAIL_VERSION = $(FETCHMAIL_VERSION_MAJOR).21 > +FETCHMAIL_VERSION = $(FETCHMAIL_VERSION_MAJOR).22 > FETCHMAIL_SOURCE = fetchmail-$(FETCHMAIL_VERSION).tar.xz > FETCHMAIL_SITE = http://downloads.sourceforge.net/project/fetchmail/branch_$(FETCHMAIL_VERSION_MAJOR) > FETCHMAIL_LICENSE = GPL-2.0; some exceptions are mentioned in COPYING > -- > 2.20.1 > > _______________________________________________ > buildroot mailing list > buildroot@lists.buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > Fixes the following security issues: > - CVE-2021-39272: Fetchmail before 6.4.22 fails to enforce STARTTLS session > encryption in some circumstances, such as a certain situation with IMAP > and PREAUTH. > https://www.fetchmail.info/fetchmail-SA-2021-02.txt > Update COPYING hash for a clarification of the license situation with > openssl 3.x (which is Apache 2.0 licensed): > https://gitlab.com/fetchmail/fetchmail/-/commit/8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
diff --git a/package/fetchmail/fetchmail.hash b/package/fetchmail/fetchmail.hash index 30df3eb834..88deb343c4 100644 --- a/package/fetchmail/fetchmail.hash +++ b/package/fetchmail/fetchmail.hash @@ -1,6 +1,4 @@ -# From https://sourceforge.net/p/fetchmail/mailman/message/37327392/ -sha256 6a459c1cafd7a1daa5cd137140da60c18c84b5699cd8e7249a79c33342c99d1d fetchmail-6.4.21.tar.xz -# From https://sourceforge.net/projects/fetchmail/files/branch_6.4/ -sha1 a264c50256c2b42d2c7893f9efae7c9a29350786 fetchmail-6.4.21.tar.xz +# From https://sourceforge.net/p/fetchmail/mailman/message/37350119/ +sha256 cc6818bd59435602169fa292d6d163d56b21c7f53112829470a3aceabe612c84 fetchmail-6.4.22.tar.xz # Locally computed: -sha256 6346b5aa04e258fa4326272ea92372d796b4382aa963535ae98a3bb5f8cd5aeb COPYING +sha256 001d1b8d111a83e3bab8b4d511ea4767d37d3bd0583560fccece630df1ba8f3c COPYING diff --git a/package/fetchmail/fetchmail.mk b/package/fetchmail/fetchmail.mk index 0b4cf39cbd..77d9733296 100644 --- a/package/fetchmail/fetchmail.mk +++ b/package/fetchmail/fetchmail.mk @@ -5,7 +5,7 @@ ################################################################################ FETCHMAIL_VERSION_MAJOR = 6.4 -FETCHMAIL_VERSION = $(FETCHMAIL_VERSION_MAJOR).21 +FETCHMAIL_VERSION = $(FETCHMAIL_VERSION_MAJOR).22 FETCHMAIL_SOURCE = fetchmail-$(FETCHMAIL_VERSION).tar.xz FETCHMAIL_SITE = http://downloads.sourceforge.net/project/fetchmail/branch_$(FETCHMAIL_VERSION_MAJOR) FETCHMAIL_LICENSE = GPL-2.0; some exceptions are mentioned in COPYING
Fixes the following security issues: - CVE-2021-39272: Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. https://www.fetchmail.info/fetchmail-SA-2021-02.txt Update COPYING hash for a clarification of the license situation with openssl 3.x (which is Apache 2.0 licensed): https://gitlab.com/fetchmail/fetchmail/-/commit/8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- package/fetchmail/fetchmail.hash | 8 +++----- package/fetchmail/fetchmail.mk | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-)