diff options
| author | morr <morr@pkgsrc.org> | 2012-11-03 22:50:22 +0000 |
|---|---|---|
| committer | morr <morr@pkgsrc.org> | 2012-11-03 22:50:22 +0000 |
| commit | 56aa4250c53c318e814af2eb17964fadad125134 (patch) | |
| tree | ed350b50586102f424c040bac5c814d8cdf3690f /mail/fetchmailconf | |
| parent | 95b81640c6cb2c2de80ba031d867a4e2c76b8a8d (diff) | |
| download | pkgsrc-56aa4250c53c318e814af2eb17964fadad125134.tar.gz | |
Update fetchmail and fetchmailconf to version 6.3.22.
# SECURITY FIXES
* for CVE-2012-3482:
NTLM: fetchmail mistook an error message that the server sent in response to
an NTLM request for protocol exchange, tried to decode it, and crashed while
reading from a bad memory location.
Also, with a carefully crafted NTLM challenge packet sent from the server, it
would be possible that fetchmail conveyed confidential data not meant for the
server through the NTLM response packet.
Fix: Detect base64 decoding errors, validate the NTLM challenge, and abort
NTLM authentication in case of error.
See fetchmail-SA-2012-02.txt for further details.
Reported by J. Porter Clark.
* for CVE-2011-3389:
SSL/TLS (wrapped and STARTTLS): fetchmail used to disable a countermeasure
against a certain kind of attack against cipher block chaining initialization
vectors (SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS).
Whether this creates an exploitable situation, depends on the server and the
negotiated ciphers.
As a precaution, fetchmail 6.3.22 enables the countermeasure, by clearing
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.
NOTE that this can cause connections to certain non-conforming servers to
fail, in which case you can set the environment variable
FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE to any non-empty value when starting
fetchmail to re-instate the compatibility option at the expense of security.
Reported by Apple Product Security.
For technical details, refer to <http://www.openssl.org/~bodo/tls-cbc.txt>.
See fetchmail-SA-2012-01.txt for further details.
# BUG FIX
* The Server certificate: message in verbose mode now appears on stdout like the
remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807.
* The GSSAPI-related autoconf code now matches gssapi.c better, and uses
a different check to look for GSS_C_NT_HOSTBASED_SERVICE.
This fixes the GSSAPI-enabled build on NetBSD 6 Beta.
# CHANGES
* On systems where SSLv2_client_method isn't defined in OpenSSL (such as
newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't
reference it (to fix the build) and if configured, print a run-time error
that the OS does not support SSLv2. Fixes Debian Bug #622054,
but note that that bug report has a more thorough patch that does away with
SSLv2 altogether.
* The security and errata notices fetchmail-{EN,SA}-20??-??.txt are now
under the more relaxed CC BY-ND 3.0 license (the noncommercial clause
was dropped). The Creative Commons address was updated.
* The Python-related Makefile.am parts were simplified to avoid an automake
1.11.X bug around noinst_PYTHON, Automake Bug #10995.
* Configuring fetchmail without SSL now triggers a configure warning,
and asks the user to consider running configure --with-ssl.
# WORKAROUNDS
* Some servers, notably Zimbra, return A1234 987 FETCH () in response to
a header request, in the face of message corruption. fetchmail now treats
these as temporary errors. Report and Patch by Mikulas Patocka, Red Hat.
* Some servers, notably Microsoft Exchange, return "A0009 OK FETCH completed."
without any header in response to a header request for meeting reminder
messages (with a "meeting.ics" attachment). fetchmail now treats these as
transient errors. Report by John Connett, Patch by Sunil Shetye.
# TRANSLATION UPDATES
* [cs] Czech, by Petr Pisar
* [de] German
* [fr] French, by Frédéric Marchal
* [ja] Japanese, by Takeshi Hamasaki
* [pl] Polish, by Jakub Bogusz
* [sv] Swedish, by Göran Uddeborg --- NEW TRANSLATION - Thank you!
* [vi] Vietnamese, by Trần Ngọc Quân
Diffstat (limited to 'mail/fetchmailconf')
| -rw-r--r-- | mail/fetchmailconf/Makefile | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/mail/fetchmailconf/Makefile b/mail/fetchmailconf/Makefile index 98029530689..d5b0e6f7a1b 100644 --- a/mail/fetchmailconf/Makefile +++ b/mail/fetchmailconf/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.84 2012/10/08 12:19:11 asau Exp $ +# $NetBSD: Makefile,v 1.85 2012/11/03 22:50:22 morr Exp $ -DISTNAME= fetchmail-6.3.21 +DISTNAME= fetchmail-6.3.22 PKGNAME= ${DISTNAME:S/fetchmail/fetchmailconf/} -PKGREVISION= 2 CATEGORIES= mail MASTER_SITES= http://download.berlios.de/fetchmail/ EXTRACT_SUFX= .tar.bz2 |