diff options
| author | Ankur Tyagi <ankur.tyagi85@gmail.com> | 2026-01-05 11:02:22 +0100 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2026-01-06 18:07:52 +0530 |
| commit | 22b7851cdeeb1153e1fd79ba346bfe3c5dd1b99e (patch) | |
| tree | 22a9910b3ce08e50858f52a3c235546bac24cdef /meta-networking/recipes-support | |
| parent | 0827d22e4c1200baeca876993832e83f483f0f05 (diff) | |
| download | meta-openembedded-22b7851cdeeb1153e1fd79ba346bfe3c5dd1b99e.tar.gz | |
fetchmail: patch CVE-2025-61962
Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 0d9da1105276f04cb23046de5f31fc75f09e2e89)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-networking/recipes-support')
| -rw-r--r-- | meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch | 51 | ||||
| -rw-r--r-- | meta-networking/recipes-support/fetchmail/fetchmail_6.5.2.bb | 1 |
2 files changed, 52 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch b/meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch new file mode 100644 index 0000000000..e7555021e4 --- /dev/null +++ b/meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch | |||
| @@ -0,0 +1,51 @@ | |||
| 1 | From 7860cf0689f8bd828bdd6e7116c6670416ead6d7 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Matthias Andree <matthias.andree@gmx.de> | ||
| 3 | Date: Fri, 3 Oct 2025 13:11:59 +0200 | ||
| 4 | Subject: [PATCH] Security fix: avoid NULL+1 deref on invalid AUTH reply | ||
| 5 | |||
| 6 | When fetchmail receives a 334 reply from the SMTP server | ||
| 7 | that does not contain the mandated blank after that response | ||
| 8 | code, it will attempt reading from memory location 1, which | ||
| 9 | will usually lead to a crash. | ||
| 10 | |||
| 11 | The simpler fix would have been to check for four bytes "334 " | ||
| 12 | instead of three bytes "334" but that would make malformed | ||
| 13 | replies and those that don't match the expected reply code | ||
| 14 | indistinguishable. | ||
| 15 | |||
| 16 | CVE: CVE-2025-61962 | ||
| 17 | Upstream-Status: Backport [https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8] | ||
| 18 | (cherry picked from commit 4c3cebfa4e659fb778ca2cae0ccb3f69201609a8) | ||
| 19 | Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> | ||
| 20 | --- | ||
| 21 | smtp.c | 10 ++++++++++ | ||
| 22 | 1 file changed, 10 insertions(+) | ||
| 23 | |||
| 24 | diff --git a/smtp.c b/smtp.c | ||
| 25 | index 8295c49a..9a89ef09 100644 | ||
| 26 | --- a/smtp.c | ||
| 27 | +++ b/smtp.c | ||
| 28 | @@ -92,6 +92,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password, | ||
| 29 | } | ||
| 30 | |||
| 31 | p = strchr(tmp, ' '); | ||
| 32 | + if (!p) { | ||
| 33 | + report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp)); | ||
| 34 | + SMTP_auth_error(sock, ""); | ||
| 35 | + return; | ||
| 36 | + } | ||
| 37 | p++; | ||
| 38 | /* (hmh) from64tobits will not NULL-terminate strings! */ | ||
| 39 | if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) { | ||
| 40 | @@ -145,6 +150,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password, | ||
| 41 | } | ||
| 42 | |||
| 43 | p = strchr(tmp, ' '); | ||
| 44 | + if (!p) { | ||
| 45 | + report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp)); | ||
| 46 | + SMTP_auth_error(sock, ""); | ||
| 47 | + return; | ||
| 48 | + } | ||
| 49 | p++; | ||
| 50 | if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) { | ||
| 51 | SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n")); | ||
diff --git a/meta-networking/recipes-support/fetchmail/fetchmail_6.5.2.bb b/meta-networking/recipes-support/fetchmail/fetchmail_6.5.2.bb index c1def016e9..6cb1a52d82 100644 --- a/meta-networking/recipes-support/fetchmail/fetchmail_6.5.2.bb +++ b/meta-networking/recipes-support/fetchmail/fetchmail_6.5.2.bb | |||
| @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=46d2874dd6a0c8961d80c805f106a35f" | |||
| 11 | DEPENDS = "openssl" | 11 | DEPENDS = "openssl" |
| 12 | 12 | ||
| 13 | SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz \ | 13 | SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz \ |
| 14 | file://CVE-2025-61962.patch \ | ||
| 14 | " | 15 | " |
| 15 | SRC_URI[sha256sum] = "8fd0477408620ae382c1d0ef83d8946a95e5be0c2e582dd4ebe55cba513a45fe" | 16 | SRC_URI[sha256sum] = "8fd0477408620ae382c1d0ef83d8946a95e5be0c2e582dd4ebe55cba513a45fe" |
| 16 | 17 | ||
