From 704fe37ee0c9aa748df88548432d74ee62bd5a17 Mon Sep 17 00:00:00 2001
From: vcrhonek <vcrhonek@fedoraproject.org>
Date: Fri, 27 Jun 2008 09:50:26 +0000
Subject: [PATCH] Fix CVE-2008-2711

---
 fetchmail-6.3.8-CVE-2008-2711.patch | 53 +++++++++++++++++++++++++++++
 fetchmail.spec                      |  7 +++-
 2 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 fetchmail-6.3.8-CVE-2008-2711.patch

diff --git a/fetchmail-6.3.8-CVE-2008-2711.patch b/fetchmail-6.3.8-CVE-2008-2711.patch
new file mode 100644
index 0000000..c0cc301
--- /dev/null
+++ b/fetchmail-6.3.8-CVE-2008-2711.patch
@@ -0,0 +1,53 @@
+diff -up fetchmail-6.3.8/report.c_old fetchmail-6.3.8/report.c
+--- fetchmail-6.3.8/report.c_old	2008-06-27 11:38:59.000000000 +0200
++++ fetchmail-6.3.8/report.c	2008-06-27 11:39:22.000000000 +0200
+@@ -238,11 +238,17 @@ report_build (FILE *errfp, message, va_a
+     rep_ensuresize();
+ 
+ #if defined(VA_START)
+-    VA_START (args, message);
+     for ( ; ; )
+     {
++	/*
++	 * args has to be initialized before every call of vsnprintf(), 
++	 * because vsnprintf() invokes va_arg macro and thus args is 
++	 * undefined after the call.
++	 */
++	VA_START(args, message);
+ 	n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used,
+ 		       message, args);
++	va_end (args);
+ 
+ 	if (n >= 0
+ 	    && (unsigned)n < partial_message_size - partial_message_size_used)
+@@ -254,7 +260,6 @@ report_build (FILE *errfp, message, va_a
+ 	partial_message_size += 2048;
+ 	partial_message = REALLOC (partial_message, partial_message_size);
+     }
+-    va_end (args);
+ #else
+     for ( ; ; )
+     {
+@@ -304,12 +309,13 @@ report_complete (FILE *errfp, message, v
+     rep_ensuresize();
+ 
+ #if defined(VA_START)
+-    VA_START (args, message);
+     for ( ; ; )
+     {
++	VA_START(args, message);
+ 	n = vsnprintf (partial_message + partial_message_size_used,
+ 		       partial_message_size - partial_message_size_used,
+ 		       message, args);
++	va_end(args);
+ 
+ 	/* old glibc versions return -1 for truncation */
+ 	if (n >= 0
+@@ -322,7 +328,6 @@ report_complete (FILE *errfp, message, v
+ 	partial_message_size += 2048;
+ 	partial_message = REALLOC (partial_message, partial_message_size);
+     }
+-    va_end (args);
+ #else
+     for ( ; ; )
+     {
diff --git a/fetchmail.spec b/fetchmail.spec
index 1e05f43..a3120b3 100644
--- a/fetchmail.spec
+++ b/fetchmail.spec
@@ -4,12 +4,13 @@
 Summary: A remote mail retrieval and forwarding utility
 Name: fetchmail
 Version: 6.3.8
-Release: 6%{?dist}
+Release: 7%{?dist}
 Requires: server(smtp)
 Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2
 Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.bz2.asc
 Patch0: fetchmail-6.2.5-addrconf.patch
 Patch1: fetchmail-6.3.8-CVE-2007-4565.patch
+Patch2: fetchmail-6.3.8-CVE-2008-2711.patch
 URL: http://fetchmail.berlios.de/
 # For a breakdown of the licensing, see COPYING
 License: GPL+ and Public Domain
@@ -49,6 +50,7 @@ need to have Python and Tk installed in order to use fetchmailconf.
 %setup -q
 %patch0 -p1 -b .addrconf
 %patch1 -p1 -b .cve_2007_4565
+%patch2 -p1 -b .cve_2008_2711
 
 %build
 %configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \
@@ -86,6 +88,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Fri Jun 27 2008 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.8-7
+- Fix CVE-2008-2711
+
 * Wed Mar 26 2008 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.8-6
 - Replace smtpdaemon requires by server(smtp) requires
   Resolves: #66396