Since the distro was built with a newer autoconf, the patch-configure
no longer applies and has been converted to a post-patch REINPLACE_CMD,
also to avoid future breakage.
This also adds one upstream Git patch to fix the version and date tags
in the manual page.
PR: 265251
Approved by: Corey Halpin (maintainer)
Now really 6.4.24 and not a 6.4.25 WIP.
fetchmail cannot legally be linked with LibreSSL,
because there is no GPLv2 clause 2b exemption for
LibreSSL, only for OpenSSL.
Correct LICENSE and remove LICENSE_COMB.
Add comment on FSF dynamic linking dynamically
suggested by Corey Halpin in the approval.
Remove LibreSSL patch.
Related to:
PR: 259214
Update:
PR: 259945
MFH: 2021Q4
Approved by: chalpin@cs.wisc.edu (maintainer)
fetchmail cannot legally be linked with LibreSSL,
because there is no GPLv2 clause 2b exemption for
LibreSSL, only for OpenSSL.
Correct LICENSE and remove LICENSE_COMB.
Remove LibreSSL patch.
Add FSF comment suggested by Corey Halpin in PR.
Related to:
PR: 259214
Update:
PR: 259945
MFH: 2021Q4
Approved by: chalpin@cs.wisc.edu (maintainer)
Update mail/fetchmail{,conf} to 6.4.13 and fix rc script to work correctly
when root's shell does not include /usr/local/bin in $PATH.
mail/fetchmail passes 'poudriere testport' on both i386 and amd64 under
11.4 and 12.1 for the following configurations:
- Default settings
- Default settings, build as non-root
- ssl=base, GSSAPI_MIT
- ssl=base, GSSAPI_NONE
- ssl=openssl
- ssl=openssl with SSL2 and SSL3 disabled
- ssl=openssl, GSSAPI_NONE
- ssl=libressl
- ssl=libressl, GSSAPI_NONE
mail/fetchmailconf passes 'poudriere testport' on both i386 and amd64 under
11.4 and 12.1 with default settings
Additionally, passes bulk -tC on 12.1-arm64.
PR: 250925 [1]
Submitted by: Corey Halpin (maintainer)
PR: 250691 [2, comments #14, #15]
Reported by: Brian Biskeborn [2], Andrey Kiryanov [2]
Turns out that our fetchmail_dump_config() function needs to add
one more level of quoting because it's being unquoted and word split
twice, once by su's shell, and again by sh.
While here, change sh to /bin/sh to make the intention clearer.
Bump PORTREVISION to get the fix out onto the systems.
PR: 250691
Reported by: Helmut Ritter <freebsd-ports@charlieroot.de>
Approved by: chalpin@cs.wisc.edu
MFH: 2020Q4 (blanket, one-line tested working fix, 4-eyes principle)
In a situation where fetchmail is to be started globally with the
configuration in $LOCALBASE/etc, the rc.d file would try to run
fetchmail for the wrong user.
Simplify script more, avoiding recursive call in single-user mode.
Submitted by: Corey Halpin (maintainer, direct mail to mandree@)
Reported by: Armin Tüting
Authors: CH = Corey Halpin, MA = Matthias Andree
- fetchmail's rc script now queries the daemon interval from the
configuration, and falls back to the rc.conf value if given. [CH]
- Similarly, the logging facility will be taken from the configuration [MA]
- Add documentation to the rcfile's header comments. [MA]
- Drop support for fetchmail_home_prefix in rc.conf, and query the
respective users' home directories with getent instead. [MA]
- In the rc scripts, redirect input from /dev/null so it will not ask
for passwords. [MA]
- Add support for the typical 12.1 rc.conf ${name}_... keywords. [MA]
- Make script execution easier to follow by simplifying if...else logic. [CH]
- Fix rcscript's exit code to be 1 if one of the per-user calls fails. [CH]
- Add relevant notes to UPDATING. [MA]
PR: 249860
Submitted by: Corey Halpin (maintainer)
Reported by: Chris James (on fetchmail-users mailing list)
Approved by: Corey Halpin (maintainer)
while here, switch distfile back to xz format and update
the > 2^31 "long long" fix so it patches the right place of the NEWS file.
- adds Romanian translation
- minor manual page fix to add "MD5" hash to sslfingerprint documentation
PR: 248954
Approved by: Corey Halpin (maintainer)
Add a patch to document --sslproto tls1.3+ and tls1.3 through the manpage,
which hasn't made 6.4.3-rc2 but works since 6.4.0 assuming that the SSL library
supports TLSv1.3.
Remove fetchmailconf patch that is now part of the upstream code.
Switch to .lz downloads, a tiny bit smaller.
Upstream changelog:
## BUGFIXES:
* Plug memory leaks when parts of the configuration (defaults, rcfile, command
line) override one another.
* fetchmail terminated the placeholder command string too late and included
garbage from the heap at the end of the string. Workaround: don't use place-
holders %h or %p in the --plugin string. Bug added in 6.4.0 when merging
Gitlab merge request !5 in order to fix an input buffer overrun.
Faulty commit 418cda65f752e367fa663fd13884a45fcbc39ddd.
Reported by Stefan Thurner, Gitlab issue #16.
* Fetchmail now checks for errors when trying to read the .idfile,
Gitlab issue #3.
## CHANGES:
* Fetchmail documentation was updated to require OpenSSL 1.1.1.
OpenSSL 1.0.2 reached End Of Life status at the end of the year 2019.
Fetchmail will tolerate, but warn about, 1.0.2 for now on the assumption that
distributors backport security fixes as the need arises.
Fetchmail will also warn if another SSL library that is API-compatible
with OpenSSL lacks TLS v1.3 support.
* If the trust anchor is missing, fetchmail refers the user to README.SSL.
PR: 245187
Submitted by: mandree@
Approved by: Corey Halpin (maintainer)
Fetchmail updated to new revision 6.4.2
- one bugfix
- manual page updates
- update of Chinese (simplified) translation
- massive fetchmailconf overhaul
+ Python 3 compatible (requires py-future)
+ Supports IPv6 and SSL probing
- remove two patches for fetchmail that are in the upstream release
- add a smoke test to fetchmailconf's post-install,
and a patch to support that running without X11 $DISPLAY.
PR: 244130
Submitted by: mandree@
Reviewed by: Corey Halpin <chalpin@cs.wisc.edu> (maintainer)
Approved by: Corey Halpin <chalpin@cs.wisc.edu> (maintainer)
MFH: 2020Q1 (bugfixes and fetchmailconf update and Python3 compat.)
* Bring back SNI (server name indication) support for TLS connections,
lost in 6.3.26_10 (PORTREVISION=10) as a regression over _9.
Pointy hat: mandree@
* Drop the X11 option, remove the Python dependency, and create a new
mail/fetchmailconf slave port/package that installs the fetchmailconf
configurator. Note that the _DEPENDS of the ports reflects a technical
dependence (fetchmailconf needs fetchmail), and we cannot keep an
X11 option that depends on fetchmailconf, since that would create
a circular dependency, which we must avoid.
* Patch configure instead of configure.ac with Cy's Kerberos fix, drop
autoreconf from USES, and add a new configure check directly to set
HAVE_DECL_SSLV3_CLIENT_METHOD to cover the various TLS providers
(currently five, base, openssl, openssl111, libressl, libressl-devel)
* Add -Wl,--as-needed to LDFLAGS so as not to pull in unneeded .so
libraries, for instance, libcom_err when compiling under GSSAPI_NONE.
* Bump PORTREVISION.
Very fruitful and nice collaboration with and
Approved by: chalpin@cs.wisc.edu (maintainer)
This was also tested on a live 12.0 amd64 machine,
11.2-arm64 and 11.2-i386 poudriere boxes with base GSSAPI.
PR: 234740
Reported by: Peter Putzer (Bugzilla), Alex V. Petrov (e-mail)
Approved by: Corey Halpin (maintainer)
This was discovered while working through issues relating to an
exp-run using base with private Heimdal, part of the project to
make a) Heimdal in base private and b) import MIT into base (PR 222745).
PR: 227680
Submitted by: cy@
Approved by: Corey Halpin <chalpin@cs.wisc.edu> (maintainer)
MFH: 2018Q2
- Fix shebang for fetchmailconf.py [1]
- Convert POP2 knob into an option [1]
- Use option helpers [1]
- Fix staging of documentation and X11 files [1]
- Simplify post-install target and pkg-plist
- Replace USE_GMAKE and USE_XZ by their USES equivalents
- Do not display pkg-message in post-install
- Do not create /var/run/fetchmail in pkg-plist
PR: ports/185572 [1]
Submitted by: Takefu <takefu@airport.fm>
Approved by: maintainer timeout (<chalpin@cs.wisc.edu>)
- Update to 6.3.24
- Switch to OptionsNG
- Remove unused variables: PATCH_STRIP, MAKE_ENV
- Rearrange ordering of some sections
- Use PORTDOCS to handle document list instead of pkg-plist
- Alter pkg-plst to make portlint(1) happier
- Cleanup TABs
- Set USE_PYTHON_RUN only if X11 option is set.
- Rename files/fetchmailconf to files/fetchmailconf.in,
add it into SUB_FILES, and make the corresponding change in
pre-patch target.
- The `fetchmailconf' wrapper will only be installed when X11
option is unset, otherwise we use the native wrapper which will
directly call the script under PYTHON_SITELIBDIR.
- Add %%X11%% and %%NOX11%% prefix to PLIST_SUB.
Changes by Corey Halpin (maintainer):
- Update MASTER_SITES
PR: 174873
Submitted by: Po-Chien Lin <linpc@cs.nctu.edu.tw>
Approved by: Corey Halpin (maintainer)
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().
In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.
- Fix: rcfile: export FETCHMAILUSER=$fetchmail_user [1]
- Fix: when installing from source, make /var/run/fetchmail directory
so that a global fetchmail installation won't break after port
upgrades
- Change: compile GSSAPI support by default (it's in base)
- Cleanup: rcfile: drop support for fetchmail.sh script name
- Cleanup: rcfile: don't mix backtick with apostrophe in comments, they don't
match
Reported by: thierry, Victor Balada Diaz <victor@bsdes.net> [1]
Suggested by: Victor Balada Diaz <victor@bsdes.net> [1]
PR: ports/151783
Approved by: maintainer timeout [1]
# SECURITY FIXES
* SSL/TLS certificate information is now also reported properly on computers
that consider the "char" type signed. Fixes malloc() buffer overrun.
Workaround for older versions: do not use verbose mode. CVE-2010-0562
See fetchmail-SA-2010-01.txt for details, including a minimal patch.
# BUG FIXES
* The IMAP client no longer skips messages from several IMAP servers including
Dovecot if fetchmail's "idle" is in use. Causes were that fetchmail (a)
ignored some untagged responses when it should not (b) relied on EXISTS
messages in response to EXPUNGE, which aren't mandated by RFC-3501 (the IMAP
standard) and aren't sent by Dovecot either.
Fix by Sunil Shetye (the fix also consolidates IMAP response handling,
improving overall robustness of the IMAP client), bug report and testing by
Matt Doran, with further hints from Timo Sirainen.
* The SMTP client now recovers from errors (such as servers dropping the
connection after errors) when sending an RSET command.
Fix by Sunil Shetye. Report by James Moe.
* The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH UNSEEN NOT
DELETED" again on IMAP2, to fix a regression in fetchmail 6.2.5 reported by
Will Stringer in June 2004. (Sunil Shetye)
* The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4 and IMAP4r1
servers (Sunil Shetye).
* Workaround: The IMAP client now falls back to "FETCH n:m FLAGS" if the server
does not support "SEARCH". (Sunil Shetye)
* The IMAP client now requests message numbers in batches of 1,000 to avoid
problems if there are more than 1860 unseen messages. (Sunil Shetye)
Note that this wasn't security relevant because fetchmail would only read up
to the maximum buffer size and leave the remainder of the string unread, going
out of synch afterwards.
* Stricter validation of IMAP responses containing byte or message counts.
# CHANGES
* Only include gssapi.h if we're not including gssapi/gssapi.h, to fix a FreeBSD
compiler warning about gssapi.h being obsolete.
# DOCUMENTATION
* The README.SSL document was revised for grammar, spelling, and clarity.
Courtesy of Robert Mullin.
# TRANSLATION UPDATES
* [it] Italian, by Vincenzo Campanella
----------
Approved by: Corey Halpin (port maintainer)
Approved by: miwi@ (mentor)
- Remove Kerberos IV support, insecure and obsolete
- Mark BROKEN if KRB5_HOME is set and invalid
- Kill pre-configure, no longer needed
- Kill obsolete POP2 from make config menu, still available if given on make
command line
- Auto-detect KRB5_HOME if it's $LOCALBASE or /usr
- MARK_JOBS_SAFE=yes
- Cease messing with @cwd in pkg-plist
- Reduce asterisks on pkg-message.in, to avoid screen clutter on long $PREFIX
Rely on krb-config instead.
PR: 140100
Submitted by: Matthias Andree <matthias.andree@gmx.de>
Approved by: maintainer
