fetchmail: patch CVE-2025-61962

Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit 0d9da1105276f04cb23046de5f31fc75f09e2e89) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-05-22 03:22:37 +00:00 · 2026-01-05 11:02:22 +01:00 · 2026-01-05 11:02:22 +01:00 · 22b7851cde
commit 22b7851cde
parent 0827d22e4c
2 changed files with 52 additions and 0 deletions
--- a/meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch
+++ b/meta-networking/recipes-support/fetchmail/fetchmail/CVE-2025-61962.patch
@ -0,0 +1,51 @@
+From 7860cf0689f8bd828bdd6e7116c6670416ead6d7 Mon Sep 17 00:00:00 2001
+From: Matthias Andree <matthias.andree@gmx.de>
+Date: Fri, 3 Oct 2025 13:11:59 +0200
+Subject: [PATCH] Security fix: avoid NULL+1 deref on invalid AUTH reply
+
+When fetchmail receives a 334 reply from the SMTP server
+that does not contain the mandated blank after that response
+code, it will attempt reading from memory location 1, which
+will usually lead to a crash.
+
+The simpler fix would have been to check for four bytes "334 "
+instead of three bytes "334" but that would make malformed
+replies and those that don't match the expected reply code
+indistinguishable.
+
+CVE: CVE-2025-61962
+Upstream-Status: Backport [https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8]
+(cherry picked from commit 4c3cebfa4e659fb778ca2cae0ccb3f69201609a8)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ smtp.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/smtp.c b/smtp.c
+index 8295c49a..9a89ef09 100644
+--- a/smtp.c
+++ b/smtp.c
+@@ -92,6 +92,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
+ 		}
+ 
+ 		p = strchr(tmp, ' ');
+		if (!p) {
+			report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
+			SMTP_auth_error(sock, "");
+			return;
+		}
+ 		p++;
+ 		/* (hmh) from64tobits will not NULL-terminate strings! */
+ 		if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+@@ -145,6 +150,11 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password,
+ 		}
+ 
+ 		p = strchr(tmp, ' ');
+		if (!p) {
+			report(stderr, "%s: \"%s\"\n", GT_("Malformed server reply"), visbuf(tmp));
+			SMTP_auth_error(sock, "");
+			return;
+		}
+ 		p++;
+ 		if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+ 			SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
--- a/meta-networking/recipes-support/fetchmail/fetchmail_6.5.2.bb
+++ b/meta-networking/recipes-support/fetchmail/fetchmail_6.5.2.bb
@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=46d2874dd6a0c8961d80c805f106a35f"
 DEPENDS = "openssl"

 SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz \
+           file://CVE-2025-61962.patch \
           "
 SRC_URI[sha256sum] = "8fd0477408620ae382c1d0ef83d8946a95e5be0c2e582dd4ebe55cba513a45fe"