Update fetchmail and fetchmailconf to version 6.3.22.

# SECURITY FIXES
* for CVE-2012-3482:
  NTLM: fetchmail mistook an error message that the server sent in response to
  an NTLM request for protocol exchange, tried to decode it, and crashed while
  reading from a bad memory location.
  Also, with a carefully crafted NTLM challenge packet sent from the server, it
  would be possible that fetchmail conveyed confidential data not meant for the
  server through the NTLM response packet.
  Fix: Detect base64 decoding errors, validate the NTLM challenge, and abort
  NTLM authentication in case of error.
  See fetchmail-SA-2012-02.txt for further details.
  Reported by J. Porter Clark.
* for CVE-2011-3389:
  SSL/TLS (wrapped and STARTTLS): fetchmail used to disable a countermeasure
  against a certain kind of attack against cipher block chaining initialization
  vectors (SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS).
  Whether this creates an exploitable situation, depends on the server and the
  negotiated ciphers.
  As a precaution, fetchmail 6.3.22 enables the countermeasure, by clearing
  SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.
  NOTE that this can cause connections to certain non-conforming servers to
  fail, in which case you can set the environment variable
  FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE to any non-empty value when starting
  fetchmail to re-instate the compatibility option at the expense of security.
  Reported by Apple Product Security.
  For technical details, refer to <http://www.openssl.org/~bodo/tls-cbc.txt>.
  See fetchmail-SA-2012-01.txt for further details.

# BUG FIX
* The Server certificate: message in verbose mode now appears on stdout like the
  remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807.
* The GSSAPI-related autoconf code now matches gssapi.c better, and uses
  a different check to look for GSS_C_NT_HOSTBASED_SERVICE.
  This fixes the GSSAPI-enabled build on NetBSD 6 Beta.

# CHANGES
* On systems where SSLv2_client_method isn't defined in OpenSSL (such as
  newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't
  reference it (to fix the build) and if configured, print a run-time error
  that the OS does not support SSLv2. Fixes Debian Bug #622054,
  but note that that bug report has a more thorough patch that does away with
  SSLv2 altogether.
* The security and errata notices fetchmail-{EN,SA}-20??-??.txt are now
  under the more relaxed CC BY-ND 3.0 license (the noncommercial clause
  was dropped). The Creative Commons address was updated.
* The Python-related Makefile.am parts were simplified to avoid an automake
  1.11.X bug around noinst_PYTHON, Automake Bug #10995.
* Configuring fetchmail without SSL now triggers a configure warning,
  and asks the user to consider running configure --with-ssl.

# WORKAROUNDS
* Some servers, notably Zimbra, return A1234 987 FETCH () in response to
  a header request, in the face of message corruption.  fetchmail now treats
  these as temporary errors. Report and Patch by Mikulas Patocka, Red Hat.
* Some servers, notably Microsoft Exchange, return "A0009 OK FETCH completed."
  without any header in response to a header request for meeting reminder
  messages (with a "meeting.ics" attachment). fetchmail now treats these as
  transient errors.  Report by John Connett, Patch by Sunil Shetye.

# TRANSLATION UPDATES
* [cs]    Czech, by Petr Pisar
* [de]    German
* [fr]    French, by Frédéric Marchal
* [ja]    Japanese, by Takeshi Hamasaki
* [pl]    Polish, by Jakub Bogusz
* [sv]    Swedish, by Göran Uddeborg --- NEW TRANSLATION - Thank you!
* [vi]    Vietnamese, by Trần Ngọc Quân

5 files changed, 29 insertions, 31 deletions

diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile
index 888763d2d63..7f6f5f1ed41 100644
--- a/mail/fetchmail/Makefile
+++ b/mail/fetchmail/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.179 2012/10/08 12:19:11 asau Exp $
+# $NetBSD: Makefile,v 1.180 2012/11/03 22:50:22 morr Exp $
 
 # Note to updaters: mail/fetchmailconf reaches over here, make sure it builds.
-DISTNAME=	fetchmail-6.3.21
-PKGREVISION=	1
+DISTNAME=	fetchmail-6.3.22
 CATEGORIES=	mail
 MASTER_SITES=	http://download.berlios.de/fetchmail/
 EXTRACT_SUFX=	.tar.bz2
diff --git a/mail/fetchmail/PLIST b/mail/fetchmail/PLIST
index 13401f6323d..692e840e804 100644
--- a/mail/fetchmail/PLIST
+++ b/mail/fetchmail/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.13 2009/08/10 08:46:30 tron Exp $
+@comment $NetBSD: PLIST,v 1.14 2012/11/03 22:50:22 morr Exp $
 bin/fetchmail
 man/man1/fetchmail.1
 share/doc/fetchmail/COPYING
@@ -29,6 +29,7 @@ share/locale/pt_BR/LC_MESSAGES/fetchmail.mo
 share/locale/ru/LC_MESSAGES/fetchmail.mo
 share/locale/sk/LC_MESSAGES/fetchmail.mo
 share/locale/sq/LC_MESSAGES/fetchmail.mo
+share/locale/sv/LC_MESSAGES/fetchmail.mo
 share/locale/tr/LC_MESSAGES/fetchmail.mo
 share/locale/vi/LC_MESSAGES/fetchmail.mo
 share/locale/zh_CN/LC_MESSAGES/fetchmail.mo
diff --git a/mail/fetchmail/distinfo b/mail/fetchmail/distinfo
index 7573b5742de..66397eff762 100644
--- a/mail/fetchmail/distinfo
+++ b/mail/fetchmail/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.46 2012/08/21 15:49:54 tez Exp $
+$NetBSD: distinfo,v 1.47 2012/11/03 22:50:22 morr Exp $
 
-SHA1 (fetchmail-6.3.21.tar.bz2) = e32a0d40ec133d651782543ecd7bc9bbee52dff7
-RMD160 (fetchmail-6.3.21.tar.bz2) = 981084b384eb8f6f424af64ceb5922a030271519
-Size (fetchmail-6.3.21.tar.bz2) = 1724445 bytes
-SHA1 (patch-ntlmsubr.c) = 0f84d835f0bd49365706290b5bc1f27177ae6c5a
+SHA1 (fetchmail-6.3.22.tar.bz2) = f9411a16d4055669e5cfd89bf38acba6a5cce041
+RMD160 (fetchmail-6.3.22.tar.bz2) = b1b4ae20e7fc6d307cf97c697d5e27daddc6bc72
+Size (fetchmail-6.3.22.tar.bz2) = 1724108 bytes
+SHA1 (patch-Makefile.in) = 31e89c362185787a2cc7e3bbf144635777c1bab4
diff --git a/mail/fetchmail/patches/patch-Makefile.in b/mail/fetchmail/patches/patch-Makefile.in
new file mode 100644
index 00000000000..b1c00d2328c
--- /dev/null
+++ b/mail/fetchmail/patches/patch-Makefile.in
@@ -0,0 +1,20 @@
+$NetBSD: patch-Makefile.in,v 1.1 2012/11/03 22:50:22 morr Exp $
+
+Even with disabled python, wrapper around fetchmailconf.py and it's
+manpage is installed.
+
+--- Makefile.in.orig	2012-08-29 21:25:11.000000000 +0000
++++ Makefile.in
+@@ -448,10 +448,10 @@ ACLOCAL_AMFLAGS = -I m4 -I m4-local
+ AM_YFLAGS = -d
+ BUILT_SOURCES = rcfile_y.h
+ dist_noinst_SCRIPTS = specgen.sh
+-dist_man1_MANS = fetchmail.man $(pym)
++dist_man1_MANS = fetchmail.man
+ pys = fetchmailconf.py
+ pym = fetchmailconf.man
+-nodist_bin_SCRIPTS = fetchmailconf
++nodist_bin_SCRIPTS =
+ python_PYTHON = $(pys)
+ CLEANFILES = $(nodist_bin_SCRIPTS)
+ noinst_LIBRARIES = libfm.a $(am__append_2)
diff --git a/mail/fetchmail/patches/patch-ntlmsubr.c b/mail/fetchmail/patches/patch-ntlmsubr.c
deleted file mode 100644
index 8281fce6c84..00000000000
--- a/mail/fetchmail/patches/patch-ntlmsubr.c
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-ntlmsubr.c,v 1.1 2012/08/21 15:49:54 tez Exp $
-
-Fix CVE-2012-3482
-patch from http://gitorious.org/fetchmail/fetchmail/commit/3fbc7cd331602c76f882d1b507cd05c1d824ba8b/diffs
-
---- ntlmsubr.c.orig	2012-08-21 15:19:44.585694400 +0000
-+++ ntlmsubr.c
-@@ -55,7 +55,13 @@ int ntlm_helper(int sock, struct query *
-     if ((result = gen_recv(sock, msgbuf, sizeof msgbuf)))
- 	goto cancelfail;
- 
--    (void)from64tobits (&challenge, msgbuf, sizeof(challenge));
-+    if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0) {
-+	report (stderr, GT_("could not decode BASE64 challenge\n"));
-+	/* We do not goto cancelfail; the server has already sent the
-+	* tagged reply, so the protocol exchange has ended, no need
-+	* for us to send the asterisk. */
-+	return PS_AUTHFAIL;
-+    }
- 
-     if (outlevel >= O_DEBUG)
- 	dumpSmbNtlmAuthChallenge(stdout, &challenge);