summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support
diff options
context:
space:
mode:
authorAnkur Tyagi <ankur.tyagi85@gmail.com>2026-01-05 11:02:22 +0100
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-01-06 18:07:52 +0530
commit22b7851cdeeb1153e1fd79ba346bfe3c5dd1b99e (patch)
tree22a9910b3ce08e50858f52a3c235546bac24cdef /meta-networking/recipes-support
parent0827d22e4c1200baeca876993832e83f483f0f05 (diff)
downloadmeta-openembedded-22b7851cdeeb1153e1fd79ba346bfe3c5dd1b99e.tar.gz
fetchmail: patch CVE-2025-61962
Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit 0d9da1105276f04cb23046de5f31fc75f09e2e89) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-networking/recipes-support')
-rw-r--r--meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch51
-rw-r--r--meta-networking/recipes-support/fetchmail/fetchmail_6.5.2.bb1
2 files changed, 52 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch b/meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch
new file mode 100644
index 0000000000..e7555021e4
--- /dev/null
+++ b/meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch
@@ -0,0 +1,51 @@
1From 7860cf0689f8bd828bdd6e7116c6670416ead6d7 Mon Sep 17 00:00:00 2001
2From: Matthias Andree <matthias.andree@gmx.de>
3Date: Fri, 3 Oct 2025 13:11:59 +0200
4Subject: [PATCH] Security fix: avoid NULL+1 deref on invalid AUTH reply
5
6When fetchmail receives a 334 reply from the SMTP server
7that does not contain the mandated blank after that response
8code, it will attempt reading from memory location 1, which
9will usually lead to a crash.
10
11The simpler fix would have been to check for four bytes "334 "
12instead of three bytes "334" but that would make malformed
13replies and those that don't match the expected reply code
14indistinguishable.
15
16CVE: CVE-2025-61962
17Upstream-Status: Backport [https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8]
18(cherry picked from commit 4c3cebfa4e659fb778ca2cae0ccb3f69201609a8)
19Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
20---
21 smtp.c | 10 ++++++++++
22 1 file changed, 10 insertions(+)
23
24diff --git a/smtp.c b/smtp.c
25index 8295c49a..9a89ef09 100644
26--- a/smtp.c
27+++ b/smtp.c
28@@ -92,6 +92,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
29 }
30
31 p = strchr(tmp, ' ');
32+ if (!p) {
33+ report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
34+ SMTP_auth_error(sock, "");
35+ return;
36+ }
37 p++;
38 /* (hmh) from64tobits will not NULL-terminate strings! */
39 if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
40@@ -145,6 +150,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
41 }
42
43 p = strchr(tmp, ' ');
44+ if (!p) {
45+ report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
46+ SMTP_auth_error(sock, "");
47+ return;
48+ }
49 p++;
50 if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
51 SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
diff --git a/meta-networking/recipes-support/fetchmail/fetchmail_6.5.2.bb b/meta-networking/recipes-support/fetchmail/fetchmail_6.5.2.bb
index c1def016e9..6cb1a52d82 100644
--- a/meta-networking/recipes-support/fetchmail/fetchmail_6.5.2.bb
+++ b/meta-networking/recipes-support/fetchmail/fetchmail_6.5.2.bb
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=46d2874dd6a0c8961d80c805f106a35f"
11DEPENDS = "openssl" 11DEPENDS = "openssl"
12 12
13SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz \ 13SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz \
14 file://CVE-2025-61962.patch \
14 " 15 "
15SRC_URI[sha256sum] = "8fd0477408620ae382c1d0ef83d8946a95e5be0c2e582dd4ebe55cba513a45fe" 16SRC_URI[sha256sum] = "8fd0477408620ae382c1d0ef83d8946a95e5be0c2e582dd4ebe55cba513a45fe"
16 17