update to fetchmail 6.3.24

mail/fetchmail/Makefile

@@ -1,9 +1,8 @@
-# $OpenBSD: Makefile,v 1.135 2012/08/21 23:18:24 sthen Exp $
+# $OpenBSD: Makefile,v 1.136 2013/01/14 01:42:24 sthen Exp $
 
 COMMENT=	mail retrieval utility for POP2, POP3, KPOP, IMAP and more
 
-DISTNAME=	fetchmail-6.3.21
-REVISION=	6
+DISTNAME=	fetchmail-6.3.24
 CATEGORIES=	mail
 MASTER_SITES=	${MASTER_SITE_BERLIOS:=fetchmail/}
 

mail/fetchmail/distinfo

@@ -1,5 +1,2 @@
-MD5 (fetchmail-6.3.21.tar.bz2) = CtjqxH6FvQrmOHDaoJmSrw==
-RMD160 (fetchmail-6.3.21.tar.bz2) = mBCEs4Trj29CSvZM61kioDAnFRk=
-SHA1 (fetchmail-6.3.21.tar.bz2) = 4yoNQOwTPWUXglQ+zXvJu+5S3/c=
-SHA256 (fetchmail-6.3.21.tar.bz2) = myDu3tp9Fasr3i1KDC0WnUiCAhzWMELsvtLxOZkYVQI=
-SIZE (fetchmail-6.3.21.tar.bz2) = 1724445
+SHA256 (fetchmail-6.3.24.tar.bz2) = LhD+gE4KThai3biXKOvvlOuwJLoqGT2QWjUNtAIRdyY=
+SIZE (fetchmail-6.3.24.tar.bz2) = 1729985

mail/fetchmail/patches/patch-Makefile_in

@@ -1,7 +1,7 @@
-$OpenBSD: patch-Makefile_in,v 1.17 2011/06/06 13:57:07 sthen Exp $
---- Makefile.in.orig	Mon Jun  6 12:22:47 2011
-+++ Makefile.in	Mon Jun  6 14:18:29 2011
-@@ -1616,7 +1616,7 @@ info: info-recursive
+$OpenBSD: patch-Makefile_in,v 1.18 2013/01/14 01:42:24 sthen Exp $
+--- Makefile.in.orig	Sun Dec 23 16:29:56 2012
++++ Makefile.in	Sat Dec 29 14:15:23 2012
+@@ -1667,7 +1667,7 @@ info: info-recursive
  
  info-am:
  

mail/fetchmail/patches/patch-configure_ac

@@ -1,7 +1,7 @@
-$OpenBSD: patch-configure_ac,v 1.1 2012/06/26 10:10:20 jasper Exp $
---- configure.ac.orig	Fri Jun 22 19:44:38 2012
-+++ configure.ac	Fri Jun 22 19:47:32 2012
-@@ -555,7 +555,7 @@ then
+$OpenBSD: patch-configure_ac,v 1.2 2013/01/14 01:42:24 sthen Exp $
+--- configure.ac.orig	Sun Dec 23 15:40:43 2012
++++ configure.ac	Sat Dec 29 14:15:23 2012
+@@ -556,7 +556,7 @@ then
    AC_DEFINE(HEIMDAL,1,Define if you have HEIMDAL kerberos 5)
    AC_DEFINE(KERBEROS_V5,1,Define if you have Kerberos V5)
    CFLAGS="$CFLAGS -I/usr/include/kerberosV"
@@ -10,15 +10,3 @@ $OpenBSD: patch-configure_ac,v 1.1 2012/06/26 10:10:20 jasper Exp $
  elif krb5-config 2> /dev/null >/dev/null ; then
    krb5_prefix=`krb5-config --prefix krb5`
    AC_MSG_RESULT([krb5-config points to kerberosV under $krb5_prefix])
-@@ -798,6 +798,11 @@ then
- else
-   AC_MSG_NOTICE(Disabling SSL support.)
- fi
-+
-+case "$LIBS" in *-lssl*)
-+	AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
-+	;;
-+esac
- 
- ###	use option --with-socks=DIR to point at SOCKS library
- AC_ARG_WITH(socks,

mail/fetchmail/patches/patch-fetchmail_man

@@ -1,27 +0,0 @@
-$OpenBSD: patch-fetchmail_man,v 1.3 2012/06/26 10:10:20 jasper Exp $
---- fetchmail.man.orig	Tue Jun 19 20:45:20 2012
-+++ fetchmail.man	Tue Jun 19 20:47:40 2012
-@@ -478,7 +478,8 @@ Also see \-\-sslcert above.
- (Keyword: sslproto)
- .br
- Forces an SSL/TLS protocol. Possible values are \fB''\fP,
--\&'\fBSSL2\fP', '\fBSSL23\fP', (use of these two values is discouraged
-+\&'\fBSSL2\fP' (not supported on all systems),
-+\&'\fBSSL23\fP', (use of these two values is discouraged
- and should only be used as a last resort) \&'\fBSSL3\fP', and
- \&'\fBTLS1\fP'.  The default behaviour if this option is unset is: for
- connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will
-@@ -7075,6 +7076,13 @@ then that name is used as the default local name.  Oth
- \fBgetpwuid\fP(3) must be able to retrieve a password entry for the
- session ID (this elaborate logic is designed to handle the case of
- multiple names per userid gracefully).
-+
-+.IP \fBFETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE\fP
-+(since v6.3.22):
-+If this environment variable is set and not empty, fetchmail will disable
-+a countermeasure against an SSL CBC IV attack (by setting 
-+SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS).  This is a security risk, but may be
-+necessary for connecting to certain non-standards-conforming servers.
- 
- .IP \fBFETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS\fP
- (since v6.3.17):

mail/fetchmail/patches/patch-socket_c

@@ -1,33 +0,0 @@
-$OpenBSD: patch-socket_c,v 1.6 2012/06/26 10:10:20 jasper Exp $
-
-- Fix potential for information disclosure under active attack. CVE-2011-3389
-- Build with OpenSSL without SSLv2 support.
-
---- socket.c.orig	Sun Aug 21 09:34:58 2011
-+++ socket.c	Tue Jun 19 20:48:04 2012
-@@ -874,7 +874,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const
- 	_ssl_context[sock] = NULL;
- 	if(myproto) {
- 		if(!strcasecmp("ssl2",myproto)) {
-+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
- 			_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
-+#else
-+			report(stderr, GT_("Your operating system does not support SSLv2.\n"));
-+			return -1;
-+#endif
- 		} else if(!strcasecmp("ssl3",myproto)) {
- 			_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
- 		} else if(!strcasecmp("tls1",myproto)) {
-@@ -895,6 +900,12 @@ int SSLOpen(int sock, char *mycert, char *mykey, const
- 	}
- 
- 	SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
-+
-+	{
-+	    char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE");
-+	    if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp))
-+		SSL_CTX_clear_options(_ctx[sock], SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
-+	}
- 
- 	if (certck) {
- 		SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);

mail/fetchmail/pkg/PLIST

@@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.19 2009/10/11 20:52:17 sthen Exp $
+@comment $OpenBSD: PLIST,v 1.20 2013/01/14 01:42:24 sthen Exp $
 @bin bin/fetchmail
 bin/fetchmailconf
 libexec/fetchmailconf.bin
@@ -37,6 +37,7 @@ share/locale/sk/LC_MESSAGES/fetchmail.mo
 share/locale/sq/
 share/locale/sq/LC_MESSAGES/
 share/locale/sq/LC_MESSAGES/fetchmail.mo
+share/locale/sv/LC_MESSAGES/fetchmail.mo
 share/locale/tr/LC_MESSAGES/fetchmail.mo
 share/locale/vi/LC_MESSAGES/fetchmail.mo
 share/locale/zh_CN/LC_MESSAGES/fetchmail.mo