This contains documentation updates, and one code change to the IMAP
client: IMAP: fix error code when LOGIN fails
This recently printed 'we've run out of authentication methods'
instead of the actual authentication failure.
This also formally adds OpenSSL 3.0.0 support.
PR: 258486
Approved by: Corey Halpin (maintainer)
This fixes an IMAP protocol issue affecting all but the first IMAP
server in a run. It also updates translations.
PR: 258146
MFH: 2021Q3
Approved by: Corey Halpin (maintainer)
* CHANGE: fetchmailconf: properly catch and report option parsing errors
* BUG FIX: LMTP: do not try to validate the last component of a
UNIX-domain LMTP socket as though it were a TCP port. Reported by
Christoph Heitkamp, Gitlab issue #33.
* TRANSLATION UPDATE: This fine person has contributed an updated
translation:
- sr: Мирослав Николић (Miroslav Nikolić) [Serbian]
PR: 256242
Approved by: Corey Halpin (maintainer)
fetchmail-6.4.18 (released 2021-03-27, 30011 LoC):
# REGRESSION FIX:
* fetchmailconf: fetchmail 6.4.16 added --sslcertfile to the configuration dump,
but fetchmailconf support was incomplete in Git 7349f124 and it could not
parse sslcertfile, thus the user settings editor came up empty with console
errors printed. Fix configuration parser in fetchmailconf.
# ROBUSTNESS FIXES:
* fetchmailconf: do not require fetchmail for -V. do not require Tk (Tkinter)
for -d option. This is to fail more gracefully on incomplete installs.
* TLS code: remove OPENSSL_NO_DEPRECATED macros to avoid portability issues
with OpenSSL v3 - these are for development purposes, not production.
* TLS futureproofing: use SSL_use_PrivateKey_file instead of
SSL_use_RSAPrivateKey_file, the latter will be deprecated with OpenSSL v3,
and the user's key file might be something else than RSA.
# TRANSLATION UPDATE:
This fine person has contributed an updated translation:
* fi: Lauri Nurmi [Finnish]
PR: 254619
Submitted by: mandree@
Approved by: Corey Halpin (maintainer)
# BUG FIXES
* IMAP client: plus memory leaks for username and password when trying
the LOGIN (password-based) authentication and encountered a timeout situation.
* dist-tools/getstats.py: also counts lines in *.py files [for NEWS file]
# CHANGES
* fetchmail.man: now mentions that you may need to add --ssl when specifying
a TLS-wrapped port.
* fetchmailconf: --version (-V) now prints the Python version in use.
# TRANSLATION UPDATE
* ja: Takeshi Hamasaki [Japanese]
PR: 254208
Approved by: Corey Halpin (maintainer)
MFH: 2021Q1
Update mail/fetchmail{,conf} to 6.4.13 and fix rc script to work correctly
when root's shell does not include /usr/local/bin in $PATH.
mail/fetchmail passes 'poudriere testport' on both i386 and amd64 under
11.4 and 12.1 for the following configurations:
- Default settings
- Default settings, build as non-root
- ssl=base, GSSAPI_MIT
- ssl=base, GSSAPI_NONE
- ssl=openssl
- ssl=openssl with SSL2 and SSL3 disabled
- ssl=openssl, GSSAPI_NONE
- ssl=libressl
- ssl=libressl, GSSAPI_NONE
mail/fetchmailconf passes 'poudriere testport' on both i386 and amd64 under
11.4 and 12.1 with default settings
Additionally, passes bulk -tC on 12.1-arm64.
PR: 250925 [1]
Submitted by: Corey Halpin (maintainer)
PR: 250691 [2, comments #14, #15]
Reported by: Brian Biskeborn [2], Andrey Kiryanov [2]
Turns out that our fetchmail_dump_config() function needs to add
one more level of quoting because it's being unquoted and word split
twice, once by su's shell, and again by sh.
While here, change sh to /bin/sh to make the intention clearer.
Bump PORTREVISION to get the fix out onto the systems.
PR: 250691
Reported by: Helmut Ritter <freebsd-ports@charlieroot.de>
Approved by: chalpin@cs.wisc.edu
MFH: 2020Q4 (blanket, one-line tested working fix, 4-eyes principle)
In a situation where fetchmail is to be started globally with the
configuration in $LOCALBASE/etc, the rc.d file would try to run
fetchmail for the wrong user.
Simplify script more, avoiding recursive call in single-user mode.
Submitted by: Corey Halpin (maintainer, direct mail to mandree@)
Reported by: Armin Tüting
Authors: CH = Corey Halpin, MA = Matthias Andree
- fetchmail's rc script now queries the daemon interval from the
configuration, and falls back to the rc.conf value if given. [CH]
- Similarly, the logging facility will be taken from the configuration [MA]
- Add documentation to the rcfile's header comments. [MA]
- Drop support for fetchmail_home_prefix in rc.conf, and query the
respective users' home directories with getent instead. [MA]
- In the rc scripts, redirect input from /dev/null so it will not ask
for passwords. [MA]
- Add support for the typical 12.1 rc.conf ${name}_... keywords. [MA]
- Make script execution easier to follow by simplifying if...else logic. [CH]
- Fix rcscript's exit code to be 1 if one of the per-user calls fails. [CH]
- Add relevant notes to UPDATING. [MA]
PR: 249860
Submitted by: Corey Halpin (maintainer)
Reported by: Chris James (on fetchmail-users mailing list)
Approved by: Corey Halpin (maintainer)
Fixes these regressions:
- Misleading false complaints that TLSv1.3 support were missing from the
system but still auto-negotiating it (broken in 6.4.9, fixed in 6.4.11).
- README contained NEWS fragments (broken since c. 1 year/c. 6.4.2,
fixed in 6.4.12) instead of the actual contents.
(This was also the reason to skip 6.4.11).
For the potential MFH 6.4.8 -> 6.4.12, 6.4.9 also
adds to the manual page which has is used for fingerprints, MD5,
and adds a Romanian-language translation by Florentina Musat.
PR: 249009
Approved by: Corey Halpin (maintainer)
MFH: 2020Q3 (manpage, README fixes, added translation)
while here, switch distfile back to xz format and update
the > 2^31 "long long" fix so it patches the right place of the NEWS file.
- adds Romanian translation
- minor manual page fix to add "MD5" hash to sslfingerprint documentation
PR: 248954
Approved by: Corey Halpin (maintainer)
Add a patch to document --sslproto tls1.3+ and tls1.3 through the manpage,
which hasn't made 6.4.3-rc2 but works since 6.4.0 assuming that the SSL library
supports TLSv1.3.
Remove fetchmailconf patch that is now part of the upstream code.
Switch to .lz downloads, a tiny bit smaller.
Upstream changelog:
## BUGFIXES:
* Plug memory leaks when parts of the configuration (defaults, rcfile, command
line) override one another.
* fetchmail terminated the placeholder command string too late and included
garbage from the heap at the end of the string. Workaround: don't use place-
holders %h or %p in the --plugin string. Bug added in 6.4.0 when merging
Gitlab merge request !5 in order to fix an input buffer overrun.
Faulty commit 418cda65f752e367fa663fd13884a45fcbc39ddd.
Reported by Stefan Thurner, Gitlab issue #16.
* Fetchmail now checks for errors when trying to read the .idfile,
Gitlab issue #3.
## CHANGES:
* Fetchmail documentation was updated to require OpenSSL 1.1.1.
OpenSSL 1.0.2 reached End Of Life status at the end of the year 2019.
Fetchmail will tolerate, but warn about, 1.0.2 for now on the assumption that
distributors backport security fixes as the need arises.
Fetchmail will also warn if another SSL library that is API-compatible
with OpenSSL lacks TLS v1.3 support.
* If the trust anchor is missing, fetchmail refers the user to README.SSL.
PR: 245187
Submitted by: mandree@
Approved by: Corey Halpin (maintainer)
Fetchmail updated to new revision 6.4.2
- one bugfix
- manual page updates
- update of Chinese (simplified) translation
- massive fetchmailconf overhaul
+ Python 3 compatible (requires py-future)
+ Supports IPv6 and SSL probing
- remove two patches for fetchmail that are in the upstream release
- add a smoke test to fetchmailconf's post-install,
and a patch to support that running without X11 $DISPLAY.
PR: 244130
Submitted by: mandree@
Reviewed by: Corey Halpin <chalpin@cs.wisc.edu> (maintainer)
Approved by: Corey Halpin <chalpin@cs.wisc.edu> (maintainer)
MFH: 2020Q1 (bugfixes and fetchmailconf update and Python3 compat.)
This is to assist with build error diagnosis,
after PRs 240914 and 241032.
Submitted by: mandree@
Approved by: Corey Halpin (maintainer)
(obtained by e-mail outside Bugzilla)
MIPS regressed in r513614 because it does not have a C11
compiler. Fetchmail 6.4.1 is C89 code, one patch we provide
makes it C99 (it requires the long long int type).
The base compiler on powerpc 11/12 does not yield an executable,
but MIPS on the other hand does not offer a C11 compiler,
so for now, revert anything but powerpc before FreeBSD 13
to use its base compiler. FreeBSD 13 is exempt and also uses
the base compiler, because the ARCH guys intend to merge LLVM 9
soon.
PR: 241031
Reviewed by: pkubaj@
Approved by: blanket (fix recent regression from r513614)
* Bring back SNI (server name indication) support for TLS connections,
lost in 6.3.26_10 (PORTREVISION=10) as a regression over _9.
Pointy hat: mandree@
* Drop the X11 option, remove the Python dependency, and create a new
mail/fetchmailconf slave port/package that installs the fetchmailconf
configurator. Note that the _DEPENDS of the ports reflects a technical
dependence (fetchmailconf needs fetchmail), and we cannot keep an
X11 option that depends on fetchmailconf, since that would create
a circular dependency, which we must avoid.
* Patch configure instead of configure.ac with Cy's Kerberos fix, drop
autoreconf from USES, and add a new configure check directly to set
HAVE_DECL_SSLV3_CLIENT_METHOD to cover the various TLS providers
(currently five, base, openssl, openssl111, libressl, libressl-devel)
* Add -Wl,--as-needed to LDFLAGS so as not to pull in unneeded .so
libraries, for instance, libcom_err when compiling under GSSAPI_NONE.
* Bump PORTREVISION.
Very fruitful and nice collaboration with and
Approved by: chalpin@cs.wisc.edu (maintainer)
This was also tested on a live 12.0 amd64 machine,
11.2-arm64 and 11.2-i386 poudriere boxes with base GSSAPI.
PR: 234740
Reported by: Peter Putzer (Bugzilla), Alex V. Petrov (e-mail)
Approved by: Corey Halpin (maintainer)
This was discovered while working through issues relating to an
exp-run using base with private Heimdal, part of the project to
make a) Heimdal in base private and b) import MIT into base (PR 222745).
PR: 227680
Submitted by: cy@
Approved by: Corey Halpin <chalpin@cs.wisc.edu> (maintainer)
MFH: 2018Q2
The only reason to use post-stage is because the port needs to do
"things" at a later time, like some plist manipulation.
While there, fold post-install in do-install targets when they are
defined.
PR: 214780
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight
