Acknowledgement sent to "Nathaniel W. Turner" <nate@houseofnate.net>:
New Bug report received and forwarded. Copy sent to Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Package: fetchmail
Version: 6.3.1-4
Severity: important
After upgrading to 6.3.1-4, fetchmail dies with a segmentation fault
after trying to process the first message. The transcript of the
session, a sanitized fetchmailrc, and the message in question are
attached to this report.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-k7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages fetchmail depends on:
ii adduser 3.80 Add and remove users and groups
ii debianutils 2.15.1 Miscellaneous utilities specific t
ii gettext 0.14.5-2 GNU Internationalization utilities
ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an
ii libssl0.9.8 0.9.8a-5 SSL shared libraries
Versions of packages fetchmail recommends:
ii ca-certificates 20050804 Common CA Certificates PEM files
-- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>: Bug#348747; Package fetchmail.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nico@ngolde.de>:
Extra info received and forwarded to list. Copy sent to Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>.
(full text, mbox, link).
tags 348747 + upstream
Hi,
* Nathaniel W. Turner <nate@houseofnate.net> [2006-01-18 21:03]:
> Package: fetchmail
> Version: 6.3.1-4
> Severity: important
>
> After upgrading to 6.3.1-4, fetchmail dies with a segmentation fault
> after trying to process the first message. The transcript of the
> session, a sanitized fetchmailrc, and the message in question are
> attached to this report.
[...]
thanks forwarded upstream.
regards nico
--
Nico Golde - JAB: nion@jabber.ccc.de | GPG: 0x73647CFF
http://www.ngolde.de | http://www.muttng.org | http://grml.org
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!
Tags added: upstream
Request was from Nico Golde <nico@ngolde.de>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>: Bug#348747; Package fetchmail.
(full text, mbox, link).
Acknowledgement sent to "Nathaniel W. Turner" <nate@houseofnate.net>:
Extra info received and forwarded to list. Copy sent to Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>.
(full text, mbox, link).
From: "Nathaniel W. Turner" <nate@houseofnate.net>
To: 348747@bugs.debian.org
Subject: Re: fetchmail: segfault when submitting dsn to local postmaster
Date: Wed, 18 Jan 2006 15:12:47 -0500
I should add that downgrading to fetchmail 6.2.5.4-1 makes the problem
go away.
Information forwarded to debian-bugs-dist@lists.debian.org, Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>: Bug#348747; Package fetchmail.
(full text, mbox, link).
Acknowledgement sent to Matthias Andree <matthias.andree@gmx.de>:
Extra info received and forwarded to list. Copy sent to Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>.
(full text, mbox, link).
"Nathaniel W. Turner" <nate@houseofnate.net> writes:
> After upgrading to 6.3.1-4, fetchmail dies with a segmentation fault
> after trying to process the first message. The transcript of the
> session, a sanitized fetchmailrc, and the message in question are
> attached to this report.
Thank you for the bug report. It turns out the closer circumstances of
the bounce wouldn't matter; valgrind quickly pinpointed the bug to a
bogus free() call.
I broke this when I removed alloca() and added the necessary free()
code. My code tried to decrement a pointer address before dereferencing,
rather than decrementing the dereferenced pointer; this resulted in
frequent segfaults on machines that support unaligned access and bus
errors on those that don't (SPARC). Turns out the fix is rather simple.
(Attached.)
Note the patch has had little testing (it fixes the immediate valgrind
problem and looks less stupid). Please test and report.
Kind regards,
--
Matthias Andree
Severity set to `grave'.
Request was from matthias.andree@gmx.de (Matthias Andree)
to control@bugs.debian.org.
(full text, mbox, link).
Tags added: confirmed, patch, fixed-upstream, security
Request was from matthias.andree@gmx.de (Matthias Andree)
to control@bugs.debian.org.
(full text, mbox, link).
Severity set to `important'.
Request was from matthias.andree@gmx.de (Matthias Andree)
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>: Bug#348747; Package fetchmail.
(full text, mbox, link).
Acknowledgement sent to Matthias Andree <matthias.andree@gmx.de>:
Extra info received and forwarded to list. Copy sent to Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>: Bug#348747; Package fetchmail.
(full text, mbox, link).
Acknowledgement sent to "Nathaniel W. Turner" <nate@houseofnate.net>:
Extra info received and forwarded to list. Copy sent to Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>.
(full text, mbox, link).
From: "Nathaniel W. Turner" <nate@houseofnate.net>
To: Matthias Andree <matthias.andree@gmx.de>
Cc: 348747@bugs.debian.org
Subject: Re: [pkg-fetchmail-maint] Bug#348747: fetchmail: segfault when submitting dsn to local postmaster
Date: Thu, 19 Jan 2006 11:27:09 -0500
On Wednesday 18 January 2006 9:59 pm, Matthias Andree wrote:
> Turns out we need a 2nd patch to fix a 2nd occurrence of this bug.
> This patch goes on top of the previous.
Thank you for the quick response. Your patches do indeed fix the problem I
was seeing.
Cheers,
nate
--
Nathaniel W. Turner
http://houseofnate.net/
Information forwarded to debian-bugs-dist@lists.debian.org, Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>: Bug#348747; Package fetchmail.
(full text, mbox, link).
Acknowledgement sent to matthias.andree@gmx.de (Matthias Andree):
Extra info received and forwarded to list. Copy sent to Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>.
(full text, mbox, link).
This bug is tracked by MITRE's CVE database as
CVE-2006-0321.
Tags added: pending
Request was from Nico Golde <nico@ngolde.de>
to control@bugs.debian.org.
(full text, mbox, link).
Merged 348747349580.
Request was from matthias.andree@gmx.de (Matthias Andree)
to control@bugs.debian.org.
(full text, mbox, link).
Disconnected #349580 from all other report(s).
Request was from Matthias Andree <matthias.andree@gmx.de>
to control@bugs.debian.org.
(full text, mbox, link).
Reply sent to Hector Garcia <hector@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to "Nathaniel W. Turner" <nate@houseofnate.net>:
Bug acknowledged by developer.
(full text, mbox, link).
Source: fetchmail
Source-Version: 6.3.2-1
We believe that the bug you reported is fixed in the latest version of
fetchmail, which is due to be installed in the Debian FTP archive:
fetchmail_6.3.2-1.diff.gz
to pool/main/f/fetchmail/fetchmail_6.3.2-1.diff.gz
fetchmail_6.3.2-1.dsc
to pool/main/f/fetchmail/fetchmail_6.3.2-1.dsc
fetchmail_6.3.2-1_i386.deb
to pool/main/f/fetchmail/fetchmail_6.3.2-1_i386.deb
fetchmail_6.3.2.orig.tar.gz
to pool/main/f/fetchmail/fetchmail_6.3.2.orig.tar.gz
fetchmailconf_6.3.2-1_all.deb
to pool/main/f/fetchmail/fetchmailconf_6.3.2-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 348747@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hector Garcia <hector@debian.org> (supplier of updated fetchmail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 24 Jan 2006 16:46:51 +0100
Source: fetchmail
Binary: fetchmailconf fetchmail
Architecture: source i386 all
Version: 6.3.2-1
Distribution: unstable
Urgency: low
Maintainer: Fetchmail Maintainers <pkg-fetchmail-maint@lists.alioth.debian.org>
Changed-By: Hector Garcia <hector@debian.org>
Description:
fetchmail - SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
fetchmailconf - fetchmail configurator
Closes: 344978348747348855348964
Changes:
fetchmail (6.3.2-1) unstable; urgency=low
.
[ Nico Golde ]
* New upstream release
- Security fix of CVE-2006-0321 (Closes: #348747).
- Fix help for poll interval and fetchall in
fetchmailconf (Closes: #344978).
- Don't complain about READ-ONLY IMAP folders in
--fetchall --keep mode (Closes: #348964).
* Removed 01_man_page.dpatch file upstream included it.
* Fixed watch file to match on bz2 files.
.
[ Hector Garcia ]
* Changed usermod --home to -d to prevent failure on old versions of passwd.
(Closes: #348855)
Files:
7b8a6b200972e5a3aaf27b173160bb2e 748 mail optional fetchmail_6.3.2-1.dsc
a661735496077232acedb82a901fa499 1522264 mail optional fetchmail_6.3.2.orig.tar.gz
0f9e831329be857d4f4c13240500d817 168965 mail optional fetchmail_6.3.2-1.diff.gz
91be87717a0ca11e330a75803e8c56b3 113918 mail optional fetchmailconf_6.3.2-1_all.deb
2782505c75a20a2620fe1a0d54779a38 560632 mail optional fetchmail_6.3.2-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD1k7fMwsDi2xjdG0RApWJAKDOkIFQaDVq/WkY+eFYtoUV/0F+9wCfbrnv
9bVUp9Yz4fS8FxoVVijQDSg=
=E9WA
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 12:06:32 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.