Include patch for fetchmail 6.2.5.2 because of CAN-2005-2335.

For more details have a look at
http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt

Changes listed within the NEWS file since 6.2.5:

fetchmail-6.2.5.2 (Fri Jul 22 01:52 GMT 2005):

* NOTE: Due to a Makefile.in bug, you may need to use GNU make.
* SECURITY FIX: truncate UIDL replies, lest malicious or compromised
  POP3 servers overflow fetchmail's stack. Debian bug #212762.
  This is a remote root exploit. CVE Name: CAN-2005-2335.
  Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy.
  Thanks: Ludwig Nussel for a much simpler fix.
* Critical fix: omit blank between MAIL FROM: and <user@example.org>,
  as this causes mail loss with some listeners.
* Fix: POP2 driver wouldn't properly check authentication failure.
* Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.

3 files changed, 188 insertions, 3 deletions

diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile
index 97920b865c7..bce0b6e8878 100644
--- a/mail/fetchmail/Makefile
+++ b/mail/fetchmail/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.152 2005/05/22 21:04:41 jlam Exp $
+# $NetBSD: Makefile,v 1.153 2005/07/22 14:27:52 frueauf Exp $
 
 DISTNAME=	fetchmail-6.2.5
-PKGREVISION=	4
+PKGREVISION=	5
 CATEGORIES=	mail
 MASTER_SITES=	http://www.catb.org/~esr/fetchmail/ \
 		http://sunsite.unc.edu/pub/Linux/system/mail/pop/
diff --git a/mail/fetchmail/distinfo b/mail/fetchmail/distinfo
index 83563786142..c17caaeff7c 100644
--- a/mail/fetchmail/distinfo
+++ b/mail/fetchmail/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.30 2005/04/21 11:13:18 frueauf Exp $
+$NetBSD: distinfo,v 1.31 2005/07/22 14:27:52 frueauf Exp $
 
 SHA1 (fetchmail-6.2.5.tar.gz) = 4656ec4393ccd1c137fe7b331f77cb26b576ac0e
 RMD160 (fetchmail-6.2.5.tar.gz) = e32b91a959d0e80c4bd45a8758811cbe95a98180
@@ -9,3 +9,4 @@ SHA1 (patch-ac) = ef0e651807bb0942ca79ed3b10ffc000f71bd330
 SHA1 (patch-ad) = b6bffc59f28992fa0d3de0f9dad250c73bbeffc6
 SHA1 (patch-ae) = 3acbacee78ab2084a615b0c02b7f83e563bfc7ac
 SHA1 (patch-af) = 06e7b84566b0d3ed50b56f88baf23f15ae21eb21
+SHA1 (patch-ag) = e27a4769dc804bec71b449bed7ff318d15ae8bdf
diff --git a/mail/fetchmail/patches/patch-ag b/mail/fetchmail/patches/patch-ag
new file mode 100644
index 00000000000..ce76cfce7c7
--- /dev/null
+++ b/mail/fetchmail/patches/patch-ag
@@ -0,0 +1,184 @@
+$NetBSD: patch-ag,v 1.3 2005/07/22 14:27:53 frueauf Exp $
+
+This patch originates from
+http://download.berlios.de/fetchmail/fetchmail-patch-6.2.5.2.gz
+
+and upgrades fetchmail 6.2.5 to 6.2.5.2, which among other stuff fixes
+CAN-2005-2355: buffer overflow in "fetchmail".
+
+*** Makefile.in	Wed Oct 15 22:38:18 2003
+--- Makefile.in	Fri Jul 22 01:55:44 2005
+***************
+*** 4,10 ****
+  # So just uncomment all the lines marked QNX.
+  
+  PACKAGE = fetchmail
+! VERSION = 6.2.5
+  
+  # Ultrix 2.2 make doesn't expand the value of VPATH.
+  srcdir = @srcdir@
+--- 4,10 ----
+  # So just uncomment all the lines marked QNX.
+  
+  PACKAGE = fetchmail
+! VERSION = 6.2.5.2
+  
+  # Ultrix 2.2 make doesn't expand the value of VPATH.
+  srcdir = @srcdir@
+*** NEWS	Wed Oct 15 22:40:17 2003
+--- NEWS	Fri Jul 22 01:52:16 2005
+***************
+*** 2,7 ****
+--- 2,20 ----
+  
+  (The `lines' figures total .c, .h, .l, and .y files under version control.)
+  
++ fetchmail-6.2.5.2 (Fri Jul 22 01:52 GMT 2005):
++ 
++ * NOTE: Due to a Makefile.in bug, you may need to use GNU make.
++ * SECURITY FIX: truncate UIDL replies, lest malicious or compromised
++   POP3 servers overflow fetchmail's stack. Debian bug #212762.
++   This is a remote root exploit. CVE Name: CAN-2005-2335.
++   Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy.
++   Thanks: Ludwig Nussel for a much simpler fix.
++ * Critical fix: omit blank between MAIL FROM: and <user@example.org>,
++   as this causes mail loss with some listeners.
++ * Fix: POP2 driver wouldn't properly check authentication failure.
++ * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.
++ 
+  fetchmail-6.2.5 (Wed Oct 15 18:39:22 EDT 2003), 23079 lines:
+  
+  * Updated Spanish, Turkish, and German translation files.
+*** driver.c	Wed Oct 15 19:22:31 2003
+--- driver.c	Fri Jul 22 01:49:49 2005
+***************
+*** 429,436 ****
+  	/* for POP3, we can get the size of one mail only! Unfortunately, this
+  	 * protocol specific test cannot be done elsewhere as the protocol
+  	 * could be "auto". */
+! 	if (ctl->server.protocol == P_POP3)
+  	    fetchsizelimit = 1;
+  
+  	/* Time to allocate memory to store the sizes */
+  	xalloca(msgsizes, int *, sizeof(int) * fetchsizelimit);
+--- 429,439 ----
+  	/* for POP3, we can get the size of one mail only! Unfortunately, this
+  	 * protocol specific test cannot be done elsewhere as the protocol
+  	 * could be "auto". */
+! 	switch (ctl->server.protocol)
+! 	{
+! 	    case P_POP3: case P_APOP: case P_RPOP:
+  	    fetchsizelimit = 1;
++ 	}
+  
+  	/* Time to allocate memory to store the sizes */
+  	xalloca(msgsizes, int *, sizeof(int) * fetchsizelimit);
+*** pop2.c	Wed Oct 15 19:17:43 2003
+--- pop2.c	Fri Jul 22 01:47:28 2005
+***************
+*** 61,66 ****
+--- 61,67 ----
+  		  "HELO %s %s",
+  		  ctl->remotename, ctl->password);
+      shroud[0] = '\0';
++     return status;
+  }
+  
+  static int pop2_getrange(int sock, struct query *ctl, const char *folder, 
+*** pop3.c	Wed Oct 15 19:22:31 2003
+--- pop3.c	Fri Jul 22 01:44:00 2005
+***************
+*** 613,618 ****
+--- 613,620 ----
+      return 0;
+  }
+  
++ #define str(s) #s
++ #define UIDLFMT(n) "%d %" str(n) "s"
+  static int pop3_getuidl( int sock, int num , char *id)
+  {
+      int ok;
+***************
+*** 620,626 ****
+      gen_send(sock, "UIDL %d", num);
+      if ((ok = pop3_ok(sock, buf)) != 0)
+  	return(ok);
+!     if (sscanf(buf, "%d %s", &num, id) != 2)
+  	return(PS_PROTOCOL);
+      return(PS_SUCCESS);
+  }
+--- 622,628 ----
+      gen_send(sock, "UIDL %d", num);
+      if ((ok = pop3_ok(sock, buf)) != 0)
+  	return(ok);
+!     if (sscanf(buf, UIDLFMT(IDLEN), &num, id) != 2)
+  	return(PS_PROTOCOL);
+      return(PS_SUCCESS);
+  }
+***************
+*** 862,868 ****
+  		{
+   		    if (DOTLINE(buf))
+   			break;
+!  		    else if (sscanf(buf, "%d %s", &num, id) == 2)
+  		    {
+   			struct idlist	*old, *new;
+  
+--- 864,870 ----
+  		{
+   		    if (DOTLINE(buf))
+   			break;
+!  		    else if (sscanf(buf, UIDLFMT(IDLEN), &num, id) == 2)
+  		    {
+   			struct idlist	*old, *new;
+  
+*** sink.c	Fri Oct 10 22:06:36 2003
+--- sink.c	Fri Jul 22 01:42:23 2005
+***************
+*** 724,730 ****
+  
+      /* see the ap computation under the SMTP branch */
+      fprintf(sinkfp, 
+! 	    "MAIL FROM: %s", (msg->return_path[0]) ? msg->return_path : user);
+  
+      if (ctl->pass8bits || (ctl->mimemsg & MSG_IS_8BIT))
+  	fputs(" BODY=8BITMIME", sinkfp);
+--- 724,730 ----
+  
+      /* see the ap computation under the SMTP branch */
+      fprintf(sinkfp, 
+! 	    "MAIL FROM:%s", (msg->return_path[0]) ? msg->return_path : user);
+  
+      if (ctl->pass8bits || (ctl->mimemsg & MSG_IS_8BIT))
+  	fputs(" BODY=8BITMIME", sinkfp);
+*** smtp.c	Wed Aug  6 03:30:18 2003
+--- smtp.c	Fri Jul 22 01:42:23 2005
+***************
+*** 232,244 ****
+      int ok;
+      char buf[MSGBUFSIZE];
+  
+!     if (strchr(from, '<'))
+  #ifdef HAVE_SNPRINTF
+  	snprintf(buf, sizeof(buf),
+  #else
+  	sprintf(buf,
+  #endif /* HAVE_SNPRINTF */
+! 		"MAIL FROM: %s", from);
+      else
+  #ifdef HAVE_SNPRINTF
+      snprintf(buf, sizeof(buf),
+--- 232,244 ----
+      int ok;
+      char buf[MSGBUFSIZE];
+  
+!     if (from[0]=='<')
+  #ifdef HAVE_SNPRINTF
+  	snprintf(buf, sizeof(buf),
+  #else
+  	sprintf(buf,
+  #endif /* HAVE_SNPRINTF */
+! 		"MAIL FROM:%s", from);
+      else
+  #ifdef HAVE_SNPRINTF
+      snprintf(buf, sizeof(buf),