Received: by mail.netbsd.org (Postfix, from userid 605) id 5479384E1D; Wed, 1 Jan 2020 20:36:55 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id CF46E84DCE for ; Wed, 1 Jan 2020 20:36:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id E-E5EwzK40z7 for ; Wed, 1 Jan 2020 20:36:53 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 9851384DC9 for ; Wed, 1 Jan 2020 20:36:53 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 9173EFA97; Wed, 1 Jan 2020 20:36:53 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_157791101344640" MIME-Version: 1.0 Date: Wed, 1 Jan 2020 20:36:53 +0000 From: =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= Subject: CVS commit: pkgsrc/mail/fetchmail To: pkgsrc-changes@NetBSD.org Reply-To: triaxx@netbsd.org X-Mailer: log_accum Message-Id: <20200101203653.9173EFA97@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_157791101344640 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Module Name: pkgsrc Committed By: triaxx Date: Wed Jan 1 20:36:53 UTC 2020 Modified Files: pkgsrc/mail/fetchmail: Makefile PLIST distinfo pkgsrc/mail/fetchmail/patches: patch-Makefile.in Removed Files: pkgsrc/mail/fetchmail/patches: patch-socket.c Log Message: fetchmail: update to 6.4.1 upstream cheanges: ------------------ fetchmail-6.4.1 (released 2019-09-28, 27473 LoC): ## REGRESSION FIXES: * The bug fix Debian Bug#941129 was incomplete and caused + a regression in the default file locations, so that fetchmail was no longer able to find its configuration files in some situations. Reported by Cy Schubert. + a regression under _FORTIFY_SOURCE where PATH_MAX > minimal _POSIX_PATH_MAX. -------------------------------------------------------------------------------- fetchmail 6.4.0 (released 2019-09-27, 27429 LoC): # NOTE THAT FETCHMAIL IS NO LONGER PUBLISHED THROUGH IBIBLIO. * They have stopped accepting submissions and consider themselves an archive. ## SECURITY FIXES THAT AFFECT BEHAVIOUR AND MAY REQUIRE RECONFIGURATION * Fetchmail no longer supports SSLv2. * Fetchmail no longer attempts to negotiate SSLv3 by default, even with --sslproto ssl23. Fetchmail can now use SSLv3, or TLSv1.1 or a newer TLS version, with STLS/STARTTLS (it would previously force TLSv1.0 with STARTTLS). If the OpenSSL version used at build and run-time supports these versions, --sslproto ssl3 and --sslproto ssl3+ can be used to re-enable SSLv3. Doing so is discouraged because the SSLv3 protocol is broken. Along the lines suggested - as patch - by Kurt Roeckx, Debian Bug #768843. While this change is supposed to be compatible with common configurations, users may have to and are advised to change all explicit --sslproto ssl2 (change to newer protocols required), --sslproto ssl3, --sslproto tls1 to --sslproto auto, so that they can benefit from TLSv1.1 and TLSv1.2 where supported by the server. The --sslproto option now understands the values auto, ssl3+, tls1+, tls1.1, tls1.1+, tls1.2, tls1.2+, tls1.3, tls1.3+ (case insensitively), see CHANGES below for details. * Fetchmail defaults to --sslcertck behaviour. A new option --nosslcertck to override this has been added, but may be removed in future fetchmail versions in favour of another configuration option that makes the insecurity in using this option clearer. ## SECURITY FIXES * Fetchmail prevents buffer overruns in GSSAPI authentication with user names beyond c. 6000 characters in length. Reported by Greg Hudson. ## CHANGED REQUIREMENTS * fetchmail 6.4.0 is written in C99 and requires a SUSv3 (Single Unix Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with XSI extension) compliant system. For now, a C89 compiler should also work if the system is SUSv3 compliant. In particular, older fetchmail versions had workaround for several functions standardized in the Single Unix Specification v3, these have been removed. The trio/ library has been removed from the distribution. ## CHANGES * fetchmail 6.3.X is unsupported. * fetchmail now configures OpenSSL support by default. * fetchmail now requires OpenSSL v1.0.2 or newer. * Fetchmail now supports --sslproto auto and --sslproto tls1+ (same as ssl23). * --sslproto tls1.1+, tls1.2+, and tls1.3+ are now supported for auto-negotiation with a minimum specified TLS protocol version, and --sslproto tls1.1, --sslproto tls1.2 and --sslproto tls1.3 to force the specified TLS protocol version. Note that tls1.3 requires OpenSSL v1.1.1 or newer. * Fetchmail now detects if the server hangs up prematurely during SSL_connect() and reports this condition as such, and not just as SSL connection failure. (OpenSSL 1.0.2 reported incompatible with pop3.live.com by Jerry Seibert). * A foreground fetchmail can now accept a few more options while another copy is running in the background. * fetchmail now handles POP3 --keep UID lists more efficiently, by using Rainer Weikusat's P-Tree implementation. This reduces the complexity for handling a large UIDL from O(n^2) to O(n log n) and becomes noticably faster with thousands of kept messages. (IMAP does not currently track UIDs and is unaffected.) At the same time, the UIDL emulation code for deficient servers has been removed. It never worked really well. Servers that do not implement the optional UIDL command only work with --fetchall option set, which in itself is incompatible with the --keep option (it would cause message duplication). * fetchmail, when setting up TLS connections, now uses SSL_set_tlsext_host_name() to set up the SNI (Server Name Indication). Some servers (for instance googlemail) require SNI when using newer SSL protocols. * Fetchmail now sets the expected hostname through OpenSSL 1.0.2's new X509_VERIFY_PARAM_set1_host() function to enable OpenSSL's native certificate verification features. * fetchmail will drop the connection when fetching with IMAP and receiving an unexpected untagged "* BYE" response, to work around certain faulty servers. * The FETCHMAIL_POP3_FORCE_RETR environment variable is now documented, it forces fetchmail, when talking POP3, to always use the RETR command, even if it would otherwise use the TOP command. * Fetchmail's configure stage will try to query pkg-config or pkgconf for libssl and libcrypto, in case other system use .pc files to document specific library dependencies. (contributed by Fabrice Fontaine, GitLab merge request !14.) * The gethostbyname() API calls and compatibility functions have been removed. * These translations are shipped but not installed by default because they have less than 500 translated messages out of 714: el fi gl pt_BR sk tr -> Greek, Finnish, Galician, Brazilian Portuguese, Slovak, Turkish. * Fetchmail now refuses delivery if the MDA option contains single-quoted expansions. ## FIXES * Fix a typo in the FAQ. Submitted by David Lawyer, Debian Bug#706776. * Do not translate header tags such as "Subject:". Reported by Gonzalo Pérez de Olaguer Córdoba, Debian Bug#744907. * Convert most links from berlios.de to sourceforge.net. * Report error to stderr, and exit, if --idle is combined with multiple accounts. * Point to --idle from GENERAL OPERATION to clarify --idle and multiple mailboxes do not mix. In response to Jeremy Chadwick's trouble 2014-11-19, fetchmail-users mailing list. * Fix SSL-enabled build on systems that do not declare SSLv3_client_method(), or that #define OPENSSL_NO_SSL3 inside #include Related to Debian Bug#775255. Fixes Debian Bug #804604. * Version report lists -SSLv3 on SSL-enabled no-ssl3 builds. * Fetchmail no longer adds a NUL byte to the username in GSSAPI authentication. This was reported to break Kerberos-based authentication with Microsoft Exchange 2013 by Greg Hudson. * Set umask properly before writing the .fetchids file, to avoid failing the security check on the next run. Reported by Fabian Raab, Fixes Debian Bug#831611. * When forwarding by LMTP, also check antispam response code when collecting the responses after the CR LF . CR LF sequence at the end of the DATA phase. (Contributed by Evil.2000, GitLab merge request !12.) * fetchmail will not try other protocols after a socket error. This avoids mismatches of how different prococols see messages as "seen" and re-fetches of known mail. (Fix contributed by Lauri Nurmi, GitLab Merge Request !10.) * fetchmail no longer reports "System error during SSL_connect(): Success." Fixes Debian Bug#928916, reported by Paul Kimoto. * fetchmailconf would ignore Edit or Delete actions on the first (topmost) item in a list (no matter if server list, user list, ...). * The mimedecode feature now properly detects multipart/mixed-type matches, so that quoted-printable-encoded multipart messages can get decoded. (Regression in 5.0.0 on 1999-03-27, as a side effect of a PGP-mimedecode fix attributed to Henrik Storner.) * FETCHMAILHOME can now safely be a relative path, which will be qualified through realpath(). Previously, it had to be absolute in daemon mode. Reported by Alex Andreotti, Debian Bug#941129. To generate a diff of this commit: cvs rdiff -u -r1.190 -r1.191 pkgsrc/mail/fetchmail/Makefile cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/fetchmail/PLIST cvs rdiff -u -r1.51 -r1.52 pkgsrc/mail/fetchmail/distinfo cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/fetchmail/patches/patch-Makefile.in cvs rdiff -u -r1.1 -r0 pkgsrc/mail/fetchmail/patches/patch-socket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_157791101344640 Content-Disposition: inline Content-Length: 4473 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/mail/fetchmail/Makefile diff -u pkgsrc/mail/fetchmail/Makefile:1.190 pkgsrc/mail/fetchmail/Makefile:1.191 --- pkgsrc/mail/fetchmail/Makefile:1.190 Sat Nov 9 11:32:14 2019 +++ pkgsrc/mail/fetchmail/Makefile Wed Jan 1 20:36:53 2020 @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.190 2019/11/09 11:32:14 nia Exp $ +# $NetBSD: Makefile,v 1.191 2020/01/01 20:36:53 triaxx Exp $ # Note to updaters: mail/fetchmailconf reaches over here, make sure it builds. -DISTNAME= fetchmail-6.3.26 +DISTNAME= fetchmail-6.4.1 CATEGORIES= mail MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=fetchmail/} EXTRACT_SUFX= .tar.xz Index: pkgsrc/mail/fetchmail/PLIST diff -u pkgsrc/mail/fetchmail/PLIST:1.16 pkgsrc/mail/fetchmail/PLIST:1.17 --- pkgsrc/mail/fetchmail/PLIST:1.16 Tue May 22 09:22:31 2018 +++ pkgsrc/mail/fetchmail/PLIST Wed Jan 1 20:36:53 2020 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.16 2018/05/22 09:22:31 triaxx Exp $ +@comment $NetBSD: PLIST,v 1.17 2020/01/01 20:36:53 triaxx Exp $ bin/fetchmail man/man1/fetchmail.1 share/doc/fetchmail/COPYING @@ -13,23 +13,17 @@ share/locale/ca/LC_MESSAGES/fetchmail.mo share/locale/cs/LC_MESSAGES/fetchmail.mo share/locale/da/LC_MESSAGES/fetchmail.mo share/locale/de/LC_MESSAGES/fetchmail.mo -share/locale/el/LC_MESSAGES/fetchmail.mo share/locale/en_GB/LC_MESSAGES/fetchmail.mo share/locale/eo/LC_MESSAGES/fetchmail.mo share/locale/es/LC_MESSAGES/fetchmail.mo -share/locale/fi/LC_MESSAGES/fetchmail.mo share/locale/fr/LC_MESSAGES/fetchmail.mo -share/locale/gl/LC_MESSAGES/fetchmail.mo share/locale/id/LC_MESSAGES/fetchmail.mo share/locale/it/LC_MESSAGES/fetchmail.mo share/locale/ja/LC_MESSAGES/fetchmail.mo share/locale/nl/LC_MESSAGES/fetchmail.mo share/locale/pl/LC_MESSAGES/fetchmail.mo -share/locale/pt_BR/LC_MESSAGES/fetchmail.mo share/locale/ru/LC_MESSAGES/fetchmail.mo -share/locale/sk/LC_MESSAGES/fetchmail.mo share/locale/sq/LC_MESSAGES/fetchmail.mo share/locale/sv/LC_MESSAGES/fetchmail.mo -share/locale/tr/LC_MESSAGES/fetchmail.mo share/locale/vi/LC_MESSAGES/fetchmail.mo share/locale/zh_CN/LC_MESSAGES/fetchmail.mo Index: pkgsrc/mail/fetchmail/distinfo diff -u pkgsrc/mail/fetchmail/distinfo:1.51 pkgsrc/mail/fetchmail/distinfo:1.52 --- pkgsrc/mail/fetchmail/distinfo:1.51 Tue May 22 09:22:31 2018 +++ pkgsrc/mail/fetchmail/distinfo Wed Jan 1 20:36:53 2020 @@ -1,8 +1,7 @@ -$NetBSD: distinfo,v 1.51 2018/05/22 09:22:31 triaxx Exp $ +$NetBSD: distinfo,v 1.52 2020/01/01 20:36:53 triaxx Exp $ -SHA1 (fetchmail-6.3.26.tar.xz) = de8dbe62a8edfa232ee4278257a1fe67aa1c797a -RMD160 (fetchmail-6.3.26.tar.xz) = ce9a54b6d11da4c5e042c760284f8b3c6ac5a4ff -SHA512 (fetchmail-6.3.26.tar.xz) = 8e0a2484e60eaf6c0231e2599e10fec6d207fa1c0fa02ec99b3ef9aea00b6d87275434e79470a25f06e358cdd4a293f9c46a82dd128fe733a99c85144e6caa63 -Size (fetchmail-6.3.26.tar.xz) = 1283816 bytes -SHA1 (patch-Makefile.in) = c08ef115550f004496481e610140d7d2391016b2 -SHA1 (patch-socket.c) = 3d51ef4ffa6d721889d08ee04fc78b1b77715989 +SHA1 (fetchmail-6.4.1.tar.xz) = 1aadf078ed8fb1b6c93e9126cc0375b1f740301a +RMD160 (fetchmail-6.4.1.tar.xz) = 753d982f132cd5dcedb261631b5bee653410fef9 +SHA512 (fetchmail-6.4.1.tar.xz) = 940b8df52f963f71537962ebe2b2cb88298fd2b54ca79932e5c974abe850f0b59cdc4919d606ee4f210e82d1e0a6f090ea87f1d3bdea18b531d4fbb36f7f9ea0 +Size (fetchmail-6.4.1.tar.xz) = 1257488 bytes +SHA1 (patch-Makefile.in) = 9cd2053a7c8bbbf6f71fcee03e33c0d29d235c4e Index: pkgsrc/mail/fetchmail/patches/patch-Makefile.in diff -u pkgsrc/mail/fetchmail/patches/patch-Makefile.in:1.2 pkgsrc/mail/fetchmail/patches/patch-Makefile.in:1.3 --- pkgsrc/mail/fetchmail/patches/patch-Makefile.in:1.2 Sun Nov 4 18:41:47 2012 +++ pkgsrc/mail/fetchmail/patches/patch-Makefile.in Wed Jan 1 20:36:53 2020 @@ -1,13 +1,13 @@ -$NetBSD: patch-Makefile.in,v 1.2 2012/11/04 18:41:47 morr Exp $ +$NetBSD: patch-Makefile.in,v 1.3 2020/01/01 20:36:53 triaxx Exp $ Even with disabled python, wrapper around fetchmailconf.py and its manpage is installed. ---- Makefile.in.orig 2012-08-29 21:25:11.000000000 +0000 +--- Makefile.in.orig 2019-09-28 10:37:51.000000000 +0000 +++ Makefile.in -@@ -448,10 +448,10 @@ ACLOCAL_AMFLAGS = -I m4 -I m4-local - AM_YFLAGS = -d - BUILT_SOURCES = rcfile_y.h +@@ -793,10 +793,10 @@ AM_YFLAGS = -d + # without building a few dozen other files first. + BUILT_SOURCES = rcfile_y.h socket.$(OBJEXT) dist_noinst_SCRIPTS = specgen.sh -dist_man1_MANS = fetchmail.man $(pym) +dist_man1_MANS = fetchmail.man --_----------=_157791101344640--