[pkgsrc/trunk]: pkgsrc/mail/fetchmail fetchmail: Update to 6.4.21

[triaxx <triaxx%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/fe2375e4d8de
branches:  trunk
changeset: 457513:fe2375e4d8de
user:      triaxx <triaxx%pkgsrc.org@localhost>
date:      Sat Aug 28 05:21:19 2021 +0000

description:
fetchmail: Update to 6.4.21

upstream changes:
-----------------
fetchmail-6.4.21 (released 2021-08-09, 30042 LoC):

# REGRESSION FIX:
* The new security fix in 6.4.20 for CVE-2021-36386 caused truncation of
  messages logged to buffered outputs, predominantly --logfile.

  This also caused lines in the logfile to run into one another because
  the fragment containing the '\n' line-end character was usually lost.

  Reason is that on all modern systems (with <stdarg.h> header and vsnprintf()
  interface), the length of log message fragments was added up twice, so
  that these ended too deep into a freshly allocated buffer, after the '\0'
  byte.  Unbuffered outputs flushed the fragments right away, which masked the
  bug.

  Reported by: Jürgen Edner, Erik Christiansen.

--------------------------------------------------------------------------------
fetchmail-6.4.20 (released 2021-07-28, 30042 LoC):

# SECURITY FIX:
* When a log message exceeds c. 2 kByte in size, for instance, with very long
  header contents, and depending on verbosity option, fetchmail can crash or
  misreport each first log message that requires a buffer reallocation.
  fetchmail then reallocates memory and re-runs vsnprintf() without another
  call to va_start(), so it reads garbage. The exact impact depends on
  many factors around the compiler and operating system configurations used and
  the implementation details of the stdarg.h interfaces of the two functions
  mentioned before. To fix CVE-2021-36386.

  Reported by Christian Herdtweck of Intra2net AG, Tübingen, Germany.

  He also offered a patch, which I could not take for fetchmail 6.4 because
  it required a C99 system and I'd promised earlier that 6.4 would remain
  compatible with C89 systems.

diffstat:

 mail/fetchmail/Makefile |   4 ++--
 mail/fetchmail/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (31 lines):

diff -r 692bd8e38681 -r fe2375e4d8de mail/fetchmail/Makefile
--- a/mail/fetchmail/Makefile   Sat Aug 28 05:15:33 2021 +0000
+++ b/mail/fetchmail/Makefile   Sat Aug 28 05:21:19 2021 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.197 2021/05/25 11:59:47 triaxx Exp $
+# $NetBSD: Makefile,v 1.198 2021/08/28 05:21:19 triaxx Exp $
 
 # Note to updaters: mail/fetchmailconf reaches over here, make sure it builds.
-DISTNAME=      fetchmail-6.4.19
+DISTNAME=      fetchmail-6.4.21
 CATEGORIES=    mail
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=fetchmail/}
 EXTRACT_SUFX=  .tar.xz
diff -r 692bd8e38681 -r fe2375e4d8de mail/fetchmail/distinfo
--- a/mail/fetchmail/distinfo   Sat Aug 28 05:15:33 2021 +0000
+++ b/mail/fetchmail/distinfo   Sat Aug 28 05:21:19 2021 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.58 2021/05/25 11:59:47 triaxx Exp $
+$NetBSD: distinfo,v 1.59 2021/08/28 05:21:19 triaxx Exp $
 
-SHA1 (fetchmail-6.4.19.tar.xz) = bb6959f0cf1f6d689c2ba3834c5bba72e4f9ec07
-RMD160 (fetchmail-6.4.19.tar.xz) = 97bdf84e6dce38d9fd7154e8cafba6a0b7fcd979
-SHA512 (fetchmail-6.4.19.tar.xz) = b10f0ac5b3b22f8b1d86367990fc96ea5c49dc21c873890c732c254c34503bd6ab9348c5ef88b99ba0f83f065fa9f9aead55de9721b0f296efa14eac0311daaf
-Size (fetchmail-6.4.19.tar.xz) = 1316672 bytes
+SHA1 (fetchmail-6.4.21.tar.xz) = a264c50256c2b42d2c7893f9efae7c9a29350786
+RMD160 (fetchmail-6.4.21.tar.xz) = c8c7e9ca1840e2f78a52b55a3db0eb10f35196a0
+SHA512 (fetchmail-6.4.21.tar.xz) = c9300f63c0e4073f199a9a7d9061774a7f88aad496b696cad96c0ee85107cae506461f0cd083903c60104b1e7654461213f3f759c1cdaffaf1c85fb1956faa67
+Size (fetchmail-6.4.21.tar.xz) = 1318996 bytes
 SHA1 (patch-Makefile.in) = 9cd2053a7c8bbbf6f71fcee03e33c0d29d235c4e
 SHA1 (patch-configure) = f5db59db380755d8b9fc8f75e723fd729ca06c30
 SHA1 (patch-configure.ac) = 9ff885f7d40a749f628d35a8408b1860f8017362