* Bring back SNI (server name indication) support for TLS connections,
lost in 6.3.26_10 (PORTREVISION=10) as a regression over _9.
Pointy hat: mandree@
* Drop the X11 option, remove the Python dependency, and create a new
mail/fetchmailconf slave port/package that installs the fetchmailconf
configurator. Note that the _DEPENDS of the ports reflects a technical
dependence (fetchmailconf needs fetchmail), and we cannot keep an
X11 option that depends on fetchmailconf, since that would create
a circular dependency, which we must avoid.
* Patch configure instead of configure.ac with Cy's Kerberos fix, drop
autoreconf from USES, and add a new configure check directly to set
HAVE_DECL_SSLV3_CLIENT_METHOD to cover the various TLS providers
(currently five, base, openssl, openssl111, libressl, libressl-devel)
* Add -Wl,--as-needed to LDFLAGS so as not to pull in unneeded .so
libraries, for instance, libcom_err when compiling under GSSAPI_NONE.
* Bump PORTREVISION.
Very fruitful and nice collaboration with and
Approved by: chalpin@cs.wisc.edu (maintainer)
This was also tested on a live 12.0 amd64 machine,
11.2-arm64 and 11.2-i386 poudriere boxes with base GSSAPI.
PR: 234740
Reported by: Peter Putzer (Bugzilla), Alex V. Petrov (e-mail)
Approved by: Corey Halpin (maintainer)
This was discovered while working through issues relating to an
exp-run using base with private Heimdal, part of the project to
make a) Heimdal in base private and b) import MIT into base (PR 222745).
PR: 227680
Submitted by: cy@
Approved by: Corey Halpin <chalpin@cs.wisc.edu> (maintainer)
MFH: 2018Q2
# SECURITY FIXES
* SSL/TLS certificate information is now also reported properly on computers
that consider the "char" type signed. Fixes malloc() buffer overrun.
Workaround for older versions: do not use verbose mode. CVE-2010-0562
See fetchmail-SA-2010-01.txt for details, including a minimal patch.
# BUG FIXES
* The IMAP client no longer skips messages from several IMAP servers including
Dovecot if fetchmail's "idle" is in use. Causes were that fetchmail (a)
ignored some untagged responses when it should not (b) relied on EXISTS
messages in response to EXPUNGE, which aren't mandated by RFC-3501 (the IMAP
standard) and aren't sent by Dovecot either.
Fix by Sunil Shetye (the fix also consolidates IMAP response handling,
improving overall robustness of the IMAP client), bug report and testing by
Matt Doran, with further hints from Timo Sirainen.
* The SMTP client now recovers from errors (such as servers dropping the
connection after errors) when sending an RSET command.
Fix by Sunil Shetye. Report by James Moe.
* The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH UNSEEN NOT
DELETED" again on IMAP2, to fix a regression in fetchmail 6.2.5 reported by
Will Stringer in June 2004. (Sunil Shetye)
* The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4 and IMAP4r1
servers (Sunil Shetye).
* Workaround: The IMAP client now falls back to "FETCH n:m FLAGS" if the server
does not support "SEARCH". (Sunil Shetye)
* The IMAP client now requests message numbers in batches of 1,000 to avoid
problems if there are more than 1860 unseen messages. (Sunil Shetye)
Note that this wasn't security relevant because fetchmail would only read up
to the maximum buffer size and leave the remainder of the string unread, going
out of synch afterwards.
* Stricter validation of IMAP responses containing byte or message counts.
# CHANGES
* Only include gssapi.h if we're not including gssapi/gssapi.h, to fix a FreeBSD
compiler warning about gssapi.h being obsolete.
# DOCUMENTATION
* The README.SSL document was revised for grammar, spelling, and clarity.
Courtesy of Robert Mullin.
# TRANSLATION UPDATES
* [it] Italian, by Vincenzo Campanella
----------
Approved by: Corey Halpin (port maintainer)
Approved by: miwi@ (mentor)
- Remove Kerberos IV support, insecure and obsolete
- Mark BROKEN if KRB5_HOME is set and invalid
- Kill pre-configure, no longer needed
- Kill obsolete POP2 from make config menu, still available if given on make
command line
- Auto-detect KRB5_HOME if it's $LOCALBASE or /usr
- MARK_JOBS_SAFE=yes
- Cease messing with @cwd in pkg-plist
- Reduce asterisks on pkg-message.in, to avoid screen clutter on long $PREFIX
Rely on krb-config instead.
PR: 140100
Submitted by: Matthias Andree <matthias.andree@gmx.de>
Approved by: maintainer
- From the announcement:
fetchmail 6.3.0 has been released on 2005-11-30. More than two years
after the previous formal 6.2.5 release, this collects several dozen
bug fixes, documentation, portability and IPv6 improvements and marks
the beginning of a new "stable" 6.3.X branch that will not change,
except for bug fixes and documentation updates.
- files/patch-pop2.c contributed by Stanislav Brabec <sbrabec@suse.cz>
via Matthias Andree <matthias.andree@gmx.de> (upstream maintainer)
are included in the package, and it contains many upstream bugfixes, installs
the NEWS documentation file. These are the upstream fixes:
* OTP fix patches from Stanislav Brabec <utx@penguin.cz>
* fix patch for writing antispam capability correctly in conf.c.
* Fix patches for Debian bugs #162571, #156592.
* Correction to manpage re -b and qmail.
* Patch to disable use of STLS if auth passwd is specified.
* Fix specfile generation to handle SSL correctly.
* New Danish, Turkish, and Catalan translation files.
* Improved ODMR debug messages.
* IMAP efficiency hack; don't fetch sizes unless needed.
* Detect and rewrite invalid return paths beginning with @.
* Fix for subtle freeing bug that suppressed information in some bounce msgs.
* Newline fix patches for internationalization files.
* Fix reversed test guarding authentication-failure warnings.
* Fix POP3 breakage starting at 5.9.14.
PR: 44330
Submitted by: Matthias Andree <matthias.andree@web.de>
/usr/bin/true for autoconf and friends - the fetchmail build system
does the right thing now.
Approved by: maintainer
Apologies to: sobomax for my harsher-than-needed complaints for his
fast and to-the-point port fixes.
