# SECURITY FIXES
* SSL/TLS certificate information is now also reported properly on computers
that consider the "char" type signed. Fixes malloc() buffer overrun.
Workaround for older versions: do not use verbose mode. CVE-2010-0562
See fetchmail-SA-2010-01.txt for details, including a minimal patch.
# BUG FIXES
* The IMAP client no longer skips messages from several IMAP servers including
Dovecot if fetchmail's "idle" is in use. Causes were that fetchmail (a)
ignored some untagged responses when it should not (b) relied on EXISTS
messages in response to EXPUNGE, which aren't mandated by RFC-3501 (the IMAP
standard) and aren't sent by Dovecot either.
Fix by Sunil Shetye (the fix also consolidates IMAP response handling,
improving overall robustness of the IMAP client), bug report and testing by
Matt Doran, with further hints from Timo Sirainen.
* The SMTP client now recovers from errors (such as servers dropping the
connection after errors) when sending an RSET command.
Fix by Sunil Shetye. Report by James Moe.
* The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH UNSEEN NOT
DELETED" again on IMAP2, to fix a regression in fetchmail 6.2.5 reported by
Will Stringer in June 2004. (Sunil Shetye)
* The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4 and IMAP4r1
servers (Sunil Shetye).
* Workaround: The IMAP client now falls back to "FETCH n:m FLAGS" if the server
does not support "SEARCH". (Sunil Shetye)
* The IMAP client now requests message numbers in batches of 1,000 to avoid
problems if there are more than 1860 unseen messages. (Sunil Shetye)
Note that this wasn't security relevant because fetchmail would only read up
to the maximum buffer size and leave the remainder of the string unread, going
out of synch afterwards.
* Stricter validation of IMAP responses containing byte or message counts.
# CHANGES
* Only include gssapi.h if we're not including gssapi/gssapi.h, to fix a FreeBSD
compiler warning about gssapi.h being obsolete.
# DOCUMENTATION
* The README.SSL document was revised for grammar, spelling, and clarity.
Courtesy of Robert Mullin.
# TRANSLATION UPDATES
* [it] Italian, by Vincenzo Campanella
----------
Approved by: Corey Halpin (port maintainer)
Approved by: miwi@ (mentor)
- Remove Kerberos IV support, insecure and obsolete
- Mark BROKEN if KRB5_HOME is set and invalid
- Kill pre-configure, no longer needed
- Kill obsolete POP2 from make config menu, still available if given on make
command line
- Auto-detect KRB5_HOME if it's $LOCALBASE or /usr
- MARK_JOBS_SAFE=yes
- Cease messing with @cwd in pkg-plist
- Reduce asterisks on pkg-message.in, to avoid screen clutter on long $PREFIX
Rely on krb-config instead.
PR: 140100
Submitted by: Matthias Andree <matthias.andree@gmx.de>
Approved by: maintainer
mirrors appear to be behind. Also (temporarily?) remove home.leo.org,
as the site seems to have been rearranged.
PR: ports/130301
Submitted by: Matthias Andree <matthias dot andree at gmx dot de>
Hat: portmgr
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.
To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.
To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.
Changes to Mk/*:
- Add runtime detection magic in bsd.port.mk
- Remove CONFIGURE_TARGET hack in various bsd.*.mk
- USE_GNOME=gnometarget is now an no-op
Changes to individual ports, other than removing the CONFIGURE_TARGET hack:
= pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables)
- comms/gnuradio
- science/abinit
- science/elmer-fem
- science/elmer-matc
- science/elmer-meshgen2d
- science/elmerfront
- science/elmerpost
= use x86_64 as ARCH
- devel/g-wrap
= other changes
- print/magicfilter
GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf
Total # of ports modified: 1,027
Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes)
PR: 126524 (obsoletes 52917)
Submitted by: rafan
Tested on: two pointyhat 7-amd64 exp runs (by pav)
Approved by: portmgr (pav)
The affected ports are the ones with gettext as a run-dependency
according to ports/INDEX-7 (5007 of them) and the ones with USE_GETTEXT
in Makefile (29 of them).
PR: ports/124340
Submitted by: edwin@
Approved by: portmgr (pav)
supports them. This is determined by running ``configure --help'' in
do-configure target and set the shell variable _LATE_CONFIGURE_ARGS
which is then passed to CONFIGURE_ARGS.
- Remove --mandir and --infodir in ports' Makefile where applicable
Few ports use REINPLACE_CMD to achieve the same effect, remove them too.
- Correct some manual pages location from PREFIX/man to MANPREFIX/man
- Define INFO_PATH where necessary
- Document that .info files are installed in a subdirectory relative to
PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and
subdirectory detection.
PR: ports/111470
Approved by: portmgr
Discussed with: stas (Mk/*), gerald (info related stuffs)
Tested by: pointyhat exp run
mode
- Document that above variable is ignored in the per-user daemon mode
- Bump port revision
Requested by: Graham Menhennitt <graham@menhennitt.com.au>
PR: ports/114701
that fetchmail is started "BEFORE LOGIN". "REQUIRE mail" (which in turn
requires LOGIN) is enough.
- Bump PORTREVISION
PR: ports/114294
Submitted by: Alson van der Meulen <alson@flutnet.org>
to specify where fetchmail logs to. Default: --syslog (as hardcoded
before). [1]
- Use marco for cp [2]
- Try to remove directories not listed in mtree [2]
- No portrevision bump since the default behaviour remains the same, and
a new fetchmail version is to be exspected soon anyway.
Requested by: Gerard Seibert <gerard@seibercom.net> [1]
Submitted by: Stanislav Sedov <ssedov@mbsd.msk.ru> [2]
PR: ports/101517
- Add rcNG script. See $PREFIX/etc/rc.d/fetchmail for
instructions. Inspired by [2] and ports/www/apache22.
PR: ports/96987 [1], ports/96079
Submitted by: Rob MacGregor <freebsd.macgregor@blueyonder.co.uk> [1],
Martin Jackson <mhjacks@swbell.net>
- Fix packaging if python is not present at compile time [2]
- Sort targets in Makefile
- Fix variable in the WITH_X11 case
- Bump PORTREVISION (for [1])
Submitted by: Andreas Haakh <bugReporter@Haakh.de> [1]
Reviewed by: Matthias Andree <matthias.andree@gmx.de>
(upstream maintainer) [1]
Reported by: pointyhat via kris [2]
succeeds (if the servers certificate is signed by one of those authorites)
- Bump PORTREVISON, since a failing certiciate check spams the port users'
maillog.
- From the announcement:
fetchmail 6.3.0 has been released on 2005-11-30. More than two years
after the previous formal 6.2.5 release, this collects several dozen
bug fixes, documentation, portability and IPv6 improvements and marks
the beginning of a new "stable" 6.3.X branch that will not change,
except for bug fixes and documentation updates.
- files/patch-pop2.c contributed by Stanislav Brabec <sbrabec@suse.cz>
via Matthias Andree <matthias.andree@gmx.de> (upstream maintainer)
leave some messages on an IMAP server, i.e. this is the correct fix
for the following bug (as described Makefile:1.161 and
files/patch-imap.c:1.1):
fix IMAP client timeout bug with upstream servers that do not send updated
EXISTS counts after acknowledging EXPUNGE see <http://bugs.debian.org/314509>
- Bump PORTREVISION to 4
PR: ports/88850
Submitted by: Vasil Dimov
Patch provided by: Matthias Andree (upstream maintainer)
Patch tested by: barner, Vasil Dimov
EXISTS counts after acknowledging EXPUNGE see <http://bugs.debian.org/314509>
- add fetchmailconf wrapper check for _tkinter.so (if python was installed but
not Tkinter, the wrapper would still try to run fetchmailconf.bin, which
gives a less clear error message to the user than was intended)
- let fetchmailconf wrapper pass command line arguments to fetchmailconf.bin
(it supports -d and -f FILE)
- replace PREFIX with LOCALBASE where appropriate
- bump PORTREVISION
Submitted by: Matthias Andree <matthias.andree@gmx.de>
PR: ports/88444
insecure file creation.
- While here, move berlios.de to the top of the MASTERSITEs, since
development takes place there.
- Bump PORTREVISION
Security: CVE-2005-3088
Security: http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
