pkgsrc/mail/fetchmail/distinfo

$NetBSD: distinfo,v 1.34 2005/12/20 14:27:53 frueauf Exp $

SHA1 (fetchmail-6.2.5.5.tar.gz) = 119dc2d0f533541413b7951edec8ecf1c0308b1b
RMD160 (fetchmail-6.2.5.5.tar.gz) = f0d74e5e985973867944962c949e7e5d76f77b84
Size (fetchmail-6.2.5.5.tar.gz) = 1327784 bytes
SHA1 (patch-aa) = 3c8aaac5d53c1069995ab74ad99bc5e64843a507
SHA1 (patch-ab) = 009a97639502365f8b6ec4e854622620391a812f
SHA1 (patch-ac) = ef0e651807bb0942ca79ed3b10ffc000f71bd330
SHA1 (patch-ad) = b6bffc59f28992fa0d3de0f9dad250c73bbeffc6
SHA1 (patch-ae) = da3152bfd2e61d914d1f32c5eee6821aaef3e461
SHA1 (patch-ah) = d6d08403b241a3e1a891faadbb36b0cd00df1398
SHA1 (patch-ai) = 16449ab08c266936d80b8be11c93a3dd1ac5c2fe
SHA1 (patch-aj) = 1051c1eb754b9c9cffad2eab4561791975aebbe1
SHA1 (patch-al) = 660df6275304a95b2bc7b98f71980a335677763e
Update fetchmail to 6.2.5.5. Change homepage to http://fetchmail.berlios.de/ and update MASTER_SITES. Changes introduced since 6.2.5: fetchmail-6.2.5.X is a security fix branch that forked off fetchmail-6.2.5. It does not change for anything but security and the most severe bug fixes. Note that no 6.2.5.X security audits are planned except when a particular bug is reported, and that 6.2.5.X is unsafe to use on some systems, particularly those that lack a working and secure snprintf implementation. The fetchmail 6.2.5.X branch will be discontinued early in 2006. fetchmail-6.2.5.5 2005-12-19 Matthias Andree * SECURITY FIX CVE-2005-4348: fix null pointer dereference in multidrop mode when the message is empty. Reported by Daniel Drake <http://article.gmane.org/gmane.mail.fetchmail.user/7573> and others (Debian Bug #343836). Fix by Sunil Shetye. * Fix Debian bug #301964, fetchmail leaks sockets when SSL negotiation fails. Fix suggested by Goswin Brederlow. * Add fetchmail-SA-2005-{01,02,03}.txt fetchmail-6.2.5.4 2005-11-13 Matthias Andree * Also ship pre-built rcfile_y.[ch] for systems that don't have flex, yacc or bison. * On FreeBSD, add /usr/local/include to CPPFLAGS so that libintl.h is found. * Avoid automatically picking up HESIOD implementations that lack hesiod_getmailhost, such as the one in FreeBSD's base system. * Fix makedepend for separated build (where the build is not run from the source directory), but prevent packaging from separated build, it yields bogus results. * Fix resolv.h autodetection. * Add +HESIOD to version printout if appropriate. fetchmail-6.2.5.3 2005-11-12 Matthias Andree * SECURITY FIX CVE-2005-3088: fetchmailconf: fix password exposure: use umask 077 before opening output file and restore umask later. * Critical fix: fix IMAP timeouts, counting message count down on servers that do not send EXISTS counts after EXPUNGE. Debian Bug#314509. * Ship pre-built rcfile_l.c for systems that don't have flex. * Build environment: Update included gettext. Fix --with-included-gettext. Fix parallel build (make -j). Fix "always rebuild fetchmail" syndrome. * Do not link against -ll or -lfl (not needed). fetchmail-6.2.5.2 (patch Fri Jul 22 01:52 GMT 2005, tarball Sat Jul 23 21:34 GMT 2005) * README: Added a note about release status - READ IT! * Note: Due to a Makefile.in bug, you may need to use GNU make. * SECURITY FIX CVE-2005-2335: truncate UIDL replies, lest malicious or compromised POP3 servers overflow fetchmail's stack. Debian bug #212762. This is a remote root exploit. Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy. Thanks: Ludwig Nussel for a much simpler fix. * Critical fix: omit blank between MAIL FROM: and <user@example.org>, as this causes mail loss with some listeners. * Fix: POP2 driver wouldn't properly check authentication failure. * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP. 2005-12-20 15:27:53 +01:00			$NetBSD: distinfo,v 1.34 2005/12/20 14:27:53 frueauf Exp $
Add package patch checksum files. 1999-07-09 16:09:02 +02:00
Update fetchmail to 6.2.5.5. Change homepage to http://fetchmail.berlios.de/ and update MASTER_SITES. Changes introduced since 6.2.5: fetchmail-6.2.5.X is a security fix branch that forked off fetchmail-6.2.5. It does not change for anything but security and the most severe bug fixes. Note that no 6.2.5.X security audits are planned except when a particular bug is reported, and that 6.2.5.X is unsafe to use on some systems, particularly those that lack a working and secure snprintf implementation. The fetchmail 6.2.5.X branch will be discontinued early in 2006. fetchmail-6.2.5.5 2005-12-19 Matthias Andree * SECURITY FIX CVE-2005-4348: fix null pointer dereference in multidrop mode when the message is empty. Reported by Daniel Drake <http://article.gmane.org/gmane.mail.fetchmail.user/7573> and others (Debian Bug #343836). Fix by Sunil Shetye. * Fix Debian bug #301964, fetchmail leaks sockets when SSL negotiation fails. Fix suggested by Goswin Brederlow. * Add fetchmail-SA-2005-{01,02,03}.txt fetchmail-6.2.5.4 2005-11-13 Matthias Andree * Also ship pre-built rcfile_y.[ch] for systems that don't have flex, yacc or bison. * On FreeBSD, add /usr/local/include to CPPFLAGS so that libintl.h is found. * Avoid automatically picking up HESIOD implementations that lack hesiod_getmailhost, such as the one in FreeBSD's base system. * Fix makedepend for separated build (where the build is not run from the source directory), but prevent packaging from separated build, it yields bogus results. * Fix resolv.h autodetection. * Add +HESIOD to version printout if appropriate. fetchmail-6.2.5.3 2005-11-12 Matthias Andree * SECURITY FIX CVE-2005-3088: fetchmailconf: fix password exposure: use umask 077 before opening output file and restore umask later. * Critical fix: fix IMAP timeouts, counting message count down on servers that do not send EXISTS counts after EXPUNGE. Debian Bug#314509. * Ship pre-built rcfile_l.c for systems that don't have flex. * Build environment: Update included gettext. Fix --with-included-gettext. Fix parallel build (make -j). Fix "always rebuild fetchmail" syndrome. * Do not link against -ll or -lfl (not needed). fetchmail-6.2.5.2 (patch Fri Jul 22 01:52 GMT 2005, tarball Sat Jul 23 21:34 GMT 2005) * README: Added a note about release status - READ IT! * Note: Due to a Makefile.in bug, you may need to use GNU make. * SECURITY FIX CVE-2005-2335: truncate UIDL replies, lest malicious or compromised POP3 servers overflow fetchmail's stack. Debian bug #212762. This is a remote root exploit. Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy. Thanks: Ludwig Nussel for a much simpler fix. * Critical fix: omit blank between MAIL FROM: and <user@example.org>, as this causes mail loss with some listeners. * Fix: POP2 driver wouldn't properly check authentication failure. * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP. 2005-12-20 15:27:53 +01:00			`SHA1 (fetchmail-6.2.5.5.tar.gz) = 119dc2d0f533541413b7951edec8ecf1c0308b1b`
			`RMD160 (fetchmail-6.2.5.5.tar.gz) = f0d74e5e985973867944962c949e7e5d76f77b84`
			`Size (fetchmail-6.2.5.5.tar.gz) = 1327784 bytes`
Upgrade to 5.7.7. Needs gmake now. (Unfortunately, this doesn't fix my KPOP problem.) 2001-03-30 17:08:42 +02:00			`SHA1 (patch-aa) = 3c8aaac5d53c1069995ab74ad99bc5e64843a507`
upgrade to 5.8.6. fetchmail-5.8.6 (Tue Jun 12 08:16:54 EDT 2001), 20676 lines: * Reject candidate headers for the MAIL FROM address that have \n in them. * Add capability to insert poll trace data in the Received line. * HMH's patch to prevent buffer overflow due to long headers. Addresses Debian bug #100394. * Brendan Kehoe's patch to avoid doing DNS lookups on skip entries. There are 347 people on fetchmail-friends and 592 on fetchmail-announce. fetchmail-5.8.5 (Tue May 29 20:01:39 EDT 2001), 20650 lines: * Interface option fix from Alexander Kourakos. * Fixes for i18n glitches and new Danish translation from Byrial Jensen. * Attempted fix for Harry McGavran's problems with the Kerberos V build. * Added fetchmailnochda.pl to the contrib directory. * Sunil Shetye's patches for the seen count on IMAP and auto protocol. There are 337 people on fetchmail-friends and 583 on fetchmail-announce. fetchmail-5.8.4 (Mon May 21 15:08:03 EDT 2001), 20636 lines: * SSL certificate options from Thomas Moestl <tmoestl@gmx.net>. * Frantisek Brabec's patch for better UIDL error recovery. * Another zombie-leak patch from HMH. * Jorg de Jong's patch attempts to handle spaces in the ID part of UIDLs. * Eliminate use of -C in Makefile. There are 334 people on fetchmail-friends and 583 on fetchmail-announce. 2001-06-15 13:42:18 +02:00			`SHA1 (patch-ab) = 009a97639502365f8b6ec4e854622620391a812f`
Upgrade to 5.7.7. Needs gmake now. (Unfortunately, this doesn't fix my KPOP problem.) 2001-03-30 17:08:42 +02:00			`SHA1 (patch-ac) = ef0e651807bb0942ca79ed3b10ffc000f71bd330`
			`SHA1 (patch-ad) = b6bffc59f28992fa0d3de0f9dad250c73bbeffc6`
Update fetchmail to 6.2.5.5. Change homepage to http://fetchmail.berlios.de/ and update MASTER_SITES. Changes introduced since 6.2.5: fetchmail-6.2.5.X is a security fix branch that forked off fetchmail-6.2.5. It does not change for anything but security and the most severe bug fixes. Note that no 6.2.5.X security audits are planned except when a particular bug is reported, and that 6.2.5.X is unsafe to use on some systems, particularly those that lack a working and secure snprintf implementation. The fetchmail 6.2.5.X branch will be discontinued early in 2006. fetchmail-6.2.5.5 2005-12-19 Matthias Andree * SECURITY FIX CVE-2005-4348: fix null pointer dereference in multidrop mode when the message is empty. Reported by Daniel Drake <http://article.gmane.org/gmane.mail.fetchmail.user/7573> and others (Debian Bug #343836). Fix by Sunil Shetye. * Fix Debian bug #301964, fetchmail leaks sockets when SSL negotiation fails. Fix suggested by Goswin Brederlow. * Add fetchmail-SA-2005-{01,02,03}.txt fetchmail-6.2.5.4 2005-11-13 Matthias Andree * Also ship pre-built rcfile_y.[ch] for systems that don't have flex, yacc or bison. * On FreeBSD, add /usr/local/include to CPPFLAGS so that libintl.h is found. * Avoid automatically picking up HESIOD implementations that lack hesiod_getmailhost, such as the one in FreeBSD's base system. * Fix makedepend for separated build (where the build is not run from the source directory), but prevent packaging from separated build, it yields bogus results. * Fix resolv.h autodetection. * Add +HESIOD to version printout if appropriate. fetchmail-6.2.5.3 2005-11-12 Matthias Andree * SECURITY FIX CVE-2005-3088: fetchmailconf: fix password exposure: use umask 077 before opening output file and restore umask later. * Critical fix: fix IMAP timeouts, counting message count down on servers that do not send EXISTS counts after EXPUNGE. Debian Bug#314509. * Ship pre-built rcfile_l.c for systems that don't have flex. * Build environment: Update included gettext. Fix --with-included-gettext. Fix parallel build (make -j). Fix "always rebuild fetchmail" syndrome. * Do not link against -ll or -lfl (not needed). fetchmail-6.2.5.2 (patch Fri Jul 22 01:52 GMT 2005, tarball Sat Jul 23 21:34 GMT 2005) * README: Added a note about release status - READ IT! * Note: Due to a Makefile.in bug, you may need to use GNU make. * SECURITY FIX CVE-2005-2335: truncate UIDL replies, lest malicious or compromised POP3 servers overflow fetchmail's stack. Debian bug #212762. This is a remote root exploit. Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy. Thanks: Ludwig Nussel for a much simpler fix. * Critical fix: omit blank between MAIL FROM: and <user@example.org>, as this causes mail loss with some listeners. * Fix: POP2 driver wouldn't properly check authentication failure. * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP. 2005-12-20 15:27:53 +01:00			`SHA1 (patch-ae) = da3152bfd2e61d914d1f32c5eee6821aaef3e461`
Fix mail/fetchmail under darwin (PR 28543). The added patches add a prefix "fm_" to lock related finctions, to avoid name clash with darwin lock functions. Link with -lresolv under darwin. (thanks scole_at_sdf.lonestar.org for the patches) Bump PKGREVISION 2005-10-21 22:56:50 +02:00			`SHA1 (patch-ah) = d6d08403b241a3e1a891faadbb36b0cd00df1398`
			`SHA1 (patch-ai) = 16449ab08c266936d80b8be11c93a3dd1ac5c2fe`
			`SHA1 (patch-aj) = 1051c1eb754b9c9cffad2eab4561791975aebbe1`
Update fetchmail to 6.2.5.5. Change homepage to http://fetchmail.berlios.de/ and update MASTER_SITES. Changes introduced since 6.2.5: fetchmail-6.2.5.X is a security fix branch that forked off fetchmail-6.2.5. It does not change for anything but security and the most severe bug fixes. Note that no 6.2.5.X security audits are planned except when a particular bug is reported, and that 6.2.5.X is unsafe to use on some systems, particularly those that lack a working and secure snprintf implementation. The fetchmail 6.2.5.X branch will be discontinued early in 2006. fetchmail-6.2.5.5 2005-12-19 Matthias Andree * SECURITY FIX CVE-2005-4348: fix null pointer dereference in multidrop mode when the message is empty. Reported by Daniel Drake <http://article.gmane.org/gmane.mail.fetchmail.user/7573> and others (Debian Bug #343836). Fix by Sunil Shetye. * Fix Debian bug #301964, fetchmail leaks sockets when SSL negotiation fails. Fix suggested by Goswin Brederlow. * Add fetchmail-SA-2005-{01,02,03}.txt fetchmail-6.2.5.4 2005-11-13 Matthias Andree * Also ship pre-built rcfile_y.[ch] for systems that don't have flex, yacc or bison. * On FreeBSD, add /usr/local/include to CPPFLAGS so that libintl.h is found. * Avoid automatically picking up HESIOD implementations that lack hesiod_getmailhost, such as the one in FreeBSD's base system. * Fix makedepend for separated build (where the build is not run from the source directory), but prevent packaging from separated build, it yields bogus results. * Fix resolv.h autodetection. * Add +HESIOD to version printout if appropriate. fetchmail-6.2.5.3 2005-11-12 Matthias Andree * SECURITY FIX CVE-2005-3088: fetchmailconf: fix password exposure: use umask 077 before opening output file and restore umask later. * Critical fix: fix IMAP timeouts, counting message count down on servers that do not send EXISTS counts after EXPUNGE. Debian Bug#314509. * Ship pre-built rcfile_l.c for systems that don't have flex. * Build environment: Update included gettext. Fix --with-included-gettext. Fix parallel build (make -j). Fix "always rebuild fetchmail" syndrome. * Do not link against -ll or -lfl (not needed). fetchmail-6.2.5.2 (patch Fri Jul 22 01:52 GMT 2005, tarball Sat Jul 23 21:34 GMT 2005) * README: Added a note about release status - READ IT! * Note: Due to a Makefile.in bug, you may need to use GNU make. * SECURITY FIX CVE-2005-2335: truncate UIDL replies, lest malicious or compromised POP3 servers overflow fetchmail's stack. Debian bug #212762. This is a remote root exploit. Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy. Thanks: Ludwig Nussel for a much simpler fix. * Critical fix: omit blank between MAIL FROM: and <user@example.org>, as this causes mail loss with some listeners. * Fix: POP2 driver wouldn't properly check authentication failure. * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP. 2005-12-20 15:27:53 +01:00			`SHA1 (patch-al) = 660df6275304a95b2bc7b98f71980a335677763e`