Update fetchmail to 6.2.5.5.

Change homepage to http://fetchmail.berlios.de/ and update MASTER_SITES.

Changes introduced since 6.2.5:

fetchmail-6.2.5.X is a security fix branch that forked off
fetchmail-6.2.5. It does not change for anything but security and the
most severe bug fixes. Note that no 6.2.5.X security audits are planned
except when a particular bug is reported, and that 6.2.5.X is unsafe to
use on some systems, particularly those that lack a *working and secure*
snprintf implementation.

The fetchmail 6.2.5.X branch will be discontinued early in 2006.

fetchmail-6.2.5.5  2005-12-19  Matthias Andree

* SECURITY FIX CVE-2005-4348: fix null pointer dereference in
  multidrop mode when the message is empty. Reported by Daniel Drake
  <http://article.gmane.org/gmane.mail.fetchmail.user/7573> and others
  (Debian Bug #343836). Fix by Sunil Shetye.
* Fix Debian bug #301964, fetchmail leaks sockets when SSL negotiation
  fails. Fix suggested by Goswin Brederlow.
* Add fetchmail-SA-2005-{01,02,03}.txt

fetchmail-6.2.5.4  2005-11-13  Matthias Andree

* Also ship pre-built rcfile_y.[ch] for systems that don't have flex,
  yacc or bison.
* On FreeBSD, add /usr/local/include to CPPFLAGS so that libintl.h is found.
* Avoid automatically picking up HESIOD implementations that lack
  hesiod_getmailhost, such as the one in FreeBSD's base system.
* Fix makedepend for separated build (where the build is not run from
  the source directory), but prevent packaging from separated build, it
  yields bogus results.
* Fix resolv.h autodetection.
* Add +HESIOD to version printout if appropriate.

fetchmail-6.2.5.3  2005-11-12  Matthias Andree

* SECURITY FIX CVE-2005-3088: fetchmailconf: fix password exposure: use
  umask 077 before opening output file and restore umask later.
* Critical fix: fix IMAP timeouts, counting message count down on
  servers that do not send EXISTS counts after EXPUNGE. Debian Bug#314509.
* Ship pre-built rcfile_l.c for systems that don't have flex.
* Build environment: Update included gettext. Fix
  --with-included-gettext. Fix parallel build (make -j). Fix "always
  rebuild fetchmail" syndrome.
* Do not link against -ll or -lfl (not needed).

fetchmail-6.2.5.2
(patch Fri Jul 22 01:52 GMT 2005,
 tarball Sat Jul 23 21:34 GMT 2005)

* README: Added a note about release status - READ IT!
* Note: Due to a Makefile.in bug, you may need to use GNU make.
* SECURITY FIX CVE-2005-2335: truncate UIDL replies, lest malicious or
  compromised POP3 servers overflow fetchmail's stack. Debian bug
  #212762.  This is a remote root exploit.
  Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy.
  Thanks: Ludwig Nussel for a much simpler fix.
* Critical fix: omit blank between MAIL FROM: and <user@example.org>,
  as this causes mail loss with some listeners.
* Fix: POP2 driver wouldn't properly check authentication failure.
* Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.

mail/fetchmail/Makefile

@@ -1,13 +1,11 @@
-# $NetBSD: Makefile,v 1.154 2005/10/21 20:56:50 tonio Exp $
+# $NetBSD: Makefile,v 1.155 2005/12/20 14:27:53 frueauf Exp $
 
-DISTNAME=	fetchmail-6.2.5
-PKGREVISION=	6
+DISTNAME=	fetchmail-6.2.5.5
 CATEGORIES=	mail
-MASTER_SITES=	http://www.catb.org/~esr/fetchmail/ \
-		http://sunsite.unc.edu/pub/Linux/system/mail/pop/
+MASTER_SITES=	http://download.berlios.de/fetchmail/
 
 MAINTAINER=	frueauf@NetBSD.org
-HOMEPAGE=	http://catb.org/~esr/fetchmail/
+HOMEPAGE=	http://fetchmail.berlios.de/
 COMMENT=	Batch mail retrieval/forwarding utility for pop2, pop3, apop, imap
 
 PKG_INSTALLATION_TYPES=	overwrite pkgviews

mail/fetchmail/distinfo

@@ -1,16 +1,14 @@
-$NetBSD: distinfo,v 1.33 2005/11/01 19:16:52 adrianp Exp $
+$NetBSD: distinfo,v 1.34 2005/12/20 14:27:53 frueauf Exp $
 
-SHA1 (fetchmail-6.2.5.tar.gz) = 4656ec4393ccd1c137fe7b331f77cb26b576ac0e
-RMD160 (fetchmail-6.2.5.tar.gz) = e32b91a959d0e80c4bd45a8758811cbe95a98180
-Size (fetchmail-6.2.5.tar.gz) = 1257376 bytes
+SHA1 (fetchmail-6.2.5.5.tar.gz) = 119dc2d0f533541413b7951edec8ecf1c0308b1b
+RMD160 (fetchmail-6.2.5.5.tar.gz) = f0d74e5e985973867944962c949e7e5d76f77b84
+Size (fetchmail-6.2.5.5.tar.gz) = 1327784 bytes
 SHA1 (patch-aa) = 3c8aaac5d53c1069995ab74ad99bc5e64843a507
 SHA1 (patch-ab) = 009a97639502365f8b6ec4e854622620391a812f
 SHA1 (patch-ac) = ef0e651807bb0942ca79ed3b10ffc000f71bd330
 SHA1 (patch-ad) = b6bffc59f28992fa0d3de0f9dad250c73bbeffc6
-SHA1 (patch-ae) = 3acbacee78ab2084a615b0c02b7f83e563bfc7ac
-SHA1 (patch-af) = 06e7b84566b0d3ed50b56f88baf23f15ae21eb21
-SHA1 (patch-ag) = e27a4769dc804bec71b449bed7ff318d15ae8bdf
+SHA1 (patch-ae) = da3152bfd2e61d914d1f32c5eee6821aaef3e461
 SHA1 (patch-ah) = d6d08403b241a3e1a891faadbb36b0cd00df1398
 SHA1 (patch-ai) = 16449ab08c266936d80b8be11c93a3dd1ac5c2fe
 SHA1 (patch-aj) = 1051c1eb754b9c9cffad2eab4561791975aebbe1
-SHA1 (patch-ak) = d75b42146597a17a1ce91dddc7ed0821697d7ec2
+SHA1 (patch-al) = 660df6275304a95b2bc7b98f71980a335677763e

mail/fetchmail/patches/patch-af

@@ -1,23 +0,0 @@
-$NetBSD: patch-af,v 1.1 2002/04/06 16:53:02 frueauf Exp $
-
---- intl/Makefile.in-ori	Sat Mar 16 16:18:38 2002
-+++ intl/Makefile.in	Mon Mar 25 21:54:08 2002
-@@ -204,12 +204,12 @@
- # The dependency for intlh.inst is different in gettext and all other
- # packages.  Because we cannot you GNU make features we have to solve
- # the problem while rewriting Makefile.in.
--@GT_YES@intlh.inst: intlh.inst.in ../config.status
--@GT_YES@	cd .. \
--@GT_YES@	&& CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= \
--@GT_YES@	  $(SHELL) ./config.status
--@GT_NO@.PHONY: intlh.inst
--@GT_NO@intlh.inst:
-+intlh.inst: intlh.inst.in ../config.status
-+	cd .. \
-+	&& CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= \
-+	  $(SHELL) ./config.status
-+#@GT_NO@.PHONY: intlh.inst
-+#@GT_NO@intlh.inst:
- 
- # Tell versions [3.59,3.63) of GNU make not to export all variables.
- # Otherwise a system limit (for SysV at least) may be exceeded.

mail/fetchmail/patches/patch-ag

@@ -1,184 +0,0 @@
-$NetBSD: patch-ag,v 1.3 2005/07/22 14:27:53 frueauf Exp $
-
-This patch originates from
-http://download.berlios.de/fetchmail/fetchmail-patch-6.2.5.2.gz
-
-and upgrades fetchmail 6.2.5 to 6.2.5.2, which among other stuff fixes
-CAN-2005-2355: buffer overflow in "fetchmail".
-
-*** Makefile.in	Wed Oct 15 22:38:18 2003
---- Makefile.in	Fri Jul 22 01:55:44 2005
-***************
-*** 4,10 ****
-  # So just uncomment all the lines marked QNX.
-  
-  PACKAGE = fetchmail
-! VERSION = 6.2.5
-  
-  # Ultrix 2.2 make doesn't expand the value of VPATH.
-  srcdir = @srcdir@
---- 4,10 ----
-  # So just uncomment all the lines marked QNX.
-  
-  PACKAGE = fetchmail
-! VERSION = 6.2.5.2
-  
-  # Ultrix 2.2 make doesn't expand the value of VPATH.
-  srcdir = @srcdir@
-*** NEWS	Wed Oct 15 22:40:17 2003
---- NEWS	Fri Jul 22 01:52:16 2005
-***************
-*** 2,7 ****
---- 2,20 ----
-  
-  (The `lines' figures total .c, .h, .l, and .y files under version control.)
-  
-+ fetchmail-6.2.5.2 (Fri Jul 22 01:52 GMT 2005):
-+ 
-+ * NOTE: Due to a Makefile.in bug, you may need to use GNU make.
-+ * SECURITY FIX: truncate UIDL replies, lest malicious or compromised
-+   POP3 servers overflow fetchmail's stack. Debian bug #212762.
-+   This is a remote root exploit. CVE Name: CAN-2005-2335.
-+   Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy.
-+   Thanks: Ludwig Nussel for a much simpler fix.
-+ * Critical fix: omit blank between MAIL FROM: and <user@example.org>,
-+   as this causes mail loss with some listeners.
-+ * Fix: POP2 driver wouldn't properly check authentication failure.
-+ * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.
-+ 
-  fetchmail-6.2.5 (Wed Oct 15 18:39:22 EDT 2003), 23079 lines:
-  
-  * Updated Spanish, Turkish, and German translation files.
-*** driver.c	Wed Oct 15 19:22:31 2003
---- driver.c	Fri Jul 22 01:49:49 2005
-***************
-*** 429,436 ****
-  	/* for POP3, we can get the size of one mail only! Unfortunately, this
-  	 * protocol specific test cannot be done elsewhere as the protocol
-  	 * could be "auto". */
-! 	if (ctl->server.protocol == P_POP3)
-  	    fetchsizelimit = 1;
-  
-  	/* Time to allocate memory to store the sizes */
-  	xalloca(msgsizes, int *, sizeof(int) * fetchsizelimit);
---- 429,439 ----
-  	/* for POP3, we can get the size of one mail only! Unfortunately, this
-  	 * protocol specific test cannot be done elsewhere as the protocol
-  	 * could be "auto". */
-! 	switch (ctl->server.protocol)
-! 	{
-! 	    case P_POP3: case P_APOP: case P_RPOP:
-  	    fetchsizelimit = 1;
-+ 	}
-  
-  	/* Time to allocate memory to store the sizes */
-  	xalloca(msgsizes, int *, sizeof(int) * fetchsizelimit);
-*** pop2.c	Wed Oct 15 19:17:43 2003
---- pop2.c	Fri Jul 22 01:47:28 2005
-***************
-*** 61,66 ****
---- 61,67 ----
-  		  "HELO %s %s",
-  		  ctl->remotename, ctl->password);
-      shroud[0] = '\0';
-+     return status;
-  }
-  
-  static int pop2_getrange(int sock, struct query *ctl, const char *folder, 
-*** pop3.c	Wed Oct 15 19:22:31 2003
---- pop3.c	Fri Jul 22 01:44:00 2005
-***************
-*** 613,618 ****
---- 613,620 ----
-      return 0;
-  }
-  
-+ #define str(s) #s
-+ #define UIDLFMT(n) "%d %" str(n) "s"
-  static int pop3_getuidl( int sock, int num , char *id)
-  {
-      int ok;
-***************
-*** 620,626 ****
-      gen_send(sock, "UIDL %d", num);
-      if ((ok = pop3_ok(sock, buf)) != 0)
-  	return(ok);
-!     if (sscanf(buf, "%d %s", &num, id) != 2)
-  	return(PS_PROTOCOL);
-      return(PS_SUCCESS);
-  }
---- 622,628 ----
-      gen_send(sock, "UIDL %d", num);
-      if ((ok = pop3_ok(sock, buf)) != 0)
-  	return(ok);
-!     if (sscanf(buf, UIDLFMT(IDLEN), &num, id) != 2)
-  	return(PS_PROTOCOL);
-      return(PS_SUCCESS);
-  }
-***************
-*** 862,868 ****
-  		{
-   		    if (DOTLINE(buf))
-   			break;
-!  		    else if (sscanf(buf, "%d %s", &num, id) == 2)
-  		    {
-   			struct idlist	*old, *new;
-  
---- 864,870 ----
-  		{
-   		    if (DOTLINE(buf))
-   			break;
-!  		    else if (sscanf(buf, UIDLFMT(IDLEN), &num, id) == 2)
-  		    {
-   			struct idlist	*old, *new;
-  
-*** sink.c	Fri Oct 10 22:06:36 2003
---- sink.c	Fri Jul 22 01:42:23 2005
-***************
-*** 724,730 ****
-  
-      /* see the ap computation under the SMTP branch */
-      fprintf(sinkfp, 
-! 	    "MAIL FROM: %s", (msg->return_path[0]) ? msg->return_path : user);
-  
-      if (ctl->pass8bits || (ctl->mimemsg & MSG_IS_8BIT))
-  	fputs(" BODY=8BITMIME", sinkfp);
---- 724,730 ----
-  
-      /* see the ap computation under the SMTP branch */
-      fprintf(sinkfp, 
-! 	    "MAIL FROM:%s", (msg->return_path[0]) ? msg->return_path : user);
-  
-      if (ctl->pass8bits || (ctl->mimemsg & MSG_IS_8BIT))
-  	fputs(" BODY=8BITMIME", sinkfp);
-*** smtp.c	Wed Aug  6 03:30:18 2003
---- smtp.c	Fri Jul 22 01:42:23 2005
-***************
-*** 232,244 ****
-      int ok;
-      char buf[MSGBUFSIZE];
-  
-!     if (strchr(from, '<'))
-  #ifdef HAVE_SNPRINTF
-  	snprintf(buf, sizeof(buf),
-  #else
-  	sprintf(buf,
-  #endif /* HAVE_SNPRINTF */
-! 		"MAIL FROM: %s", from);
-      else
-  #ifdef HAVE_SNPRINTF
-      snprintf(buf, sizeof(buf),
---- 232,244 ----
-      int ok;
-      char buf[MSGBUFSIZE];
-  
-!     if (from[0]=='<')
-  #ifdef HAVE_SNPRINTF
-  	snprintf(buf, sizeof(buf),
-  #else
-  	sprintf(buf,
-  #endif /* HAVE_SNPRINTF */
-! 		"MAIL FROM:%s", from);
-      else
-  #ifdef HAVE_SNPRINTF
-      snprintf(buf, sizeof(buf),

mail/fetchmail/patches/patch-ak

@@ -1,46 +0,0 @@
-$NetBSD: patch-ak,v 1.1 2005/11/01 19:16:52 adrianp Exp $
-
---- fetchmailconf.orig	2003-10-15 20:22:31.000000000 +0100
-+++ fetchmailconf	2005-10-21 14:48:02.000000000 +0100
-@@ -4,7 +4,19 @@
- # by Eric S. Raymond, <esr@snark.thyrsus.com>.
- # Requires Python with Tkinter, and the following OS-dependent services:
- #       posix, posixpath, socket
--version = "1.43"
-+#
-+# Changes by Matthias Andree, in 2005:
-+#
-+# 1.43.1 - unsuccessful attempt to fix a password exposure bug
-+#
-+#        thanks to Thomas Wolff and Miloslav Trmac for pointing
-+#        out the fix was insufficient
-+#
-+# 1.43.2 - fix password exposure bug, by restricting umask to 077
-+#          before opening the file
-+#        - record fetchmailconf version in output file
-+#
-+version = "1.43.2"
- 
- from Tkinter import *
- from Dialog import *
-@@ -858,14 +870,17 @@
- 	    # Pre-1.5.2 compatibility...
- 	    except os.error:
- 		pass
-+	    old_umask = os.umask(077)
- 	    fm = open(self.outfile, 'w')
-+	    os.umask(old_umask)
- 	if fm:
--	    fm.write("# Configuration created %s by fetchmailconf\n" % time.ctime(time.time()))
-+	    if fm != sys.stdout:
-+		os.chmod(self.outfile, 0600)
-+	    fm.write("# Configuration created %s by fetchmailconf %s\n"
-+		    % (time.ctime(time.time()), version))
- 	    fm.write(`self.configuration`)
- 	    if self.outfile:
- 		fm.close()
--	    if fm != sys.stdout:
--		os.chmod(self.outfile, 0600)
- 	    self.destruct()
- 
- #

mail/fetchmail/patches/patch-al

@@ -0,0 +1,13 @@
+$NetBSD: patch-al,v 1.1 2005/12/20 14:27:53 frueauf Exp $
+
+--- po/Makefile.in.in.orig	2005-12-20 15:18:52.000000000 +0100
++++ po/Makefile.in.in	2005-12-20 15:21:06.000000000 +0100
+@@ -28,7 +28,7 @@
+ 
+ INSTALL = @INSTALL@
+ INSTALL_DATA = @INSTALL_DATA@
+-MKINSTALLDIRS = @MKINSTALLDIRS@
++MKINSTALLDIRS = ../@MKINSTALLDIRS@
+ mkinstalldirs = $(SHELL) $(MKINSTALLDIRS)
+ 
+ GMSGFMT = @GMSGFMT@