Commit Graph

151 Commits

Author SHA1 Message Date
sthen
88ea72915d Change SEPARATE_BUILD=(concurrent|simple) to Yes; bsd.port.mk doesn't
make a distinction between these.  ok aja@ dcoppa@
2012-03-29 13:38:12 +00:00
sthen
b76000269d struct ifnet; bump 2011-11-16 00:02:38 +00:00
sthen
9422ba86e1 python is actually a build dep. pointed out jasper@ 2011-10-11 10:43:13 +00:00
sthen
6e18f060b0 Adjust the fetchmailconf wrapper to check ${MODPY_BIN} rather than
/usr/local/bin/python. Also check that python-tkinter is installed.
From Pascal Stumpf with tweaks from me.

(Python + tkinter aren't RUN_DEPENDs as many fetchmail installations
don't use this and it's a heavy dependency chain).
2011-08-24 19:18:57 +00:00
jasper
3e45ae7413 - update fetchmail to 6.3.21, includes a critical fix for imap/maildir users 2011-08-21 16:41:30 +00:00
sthen
02c6211f1a update fetchmail to 6.3.20, tested by jasper@, lots of fixes including:
* CVE-2011-1947
- use timeouts for IMAP STARTTLS/POP3 STLS negotiation which could cause
  fetchmail freezes if a server was hanging.
* security improvements to defang X.509 certificate abuse
- require wildcard CN/subject alternative names to start with "*." not just "*"
- don't allow wildcards to match domain literals (such as 10.9.8.7) or
  wildcards in domain literals ("*.168.23.23").
- don't allow wildcarding top-level domains.
2011-06-06 13:57:07 +00:00
espie
bc8dc9adb1 new depends 2010-11-19 07:23:05 +00:00
sthen
0666992301 fix tabs 2010-10-18 21:50:38 +00:00
espie
051dfa8362 USE_GROFF=Yes 2010-10-18 19:59:15 +00:00
stsp
8d294869c6 Add patch from upstream to fix bogus ssl check warning when the
sslfingerprint option is used.
hints and ok sthen@
2010-06-09 08:34:59 +00:00
giovanni
09a7c52666 Update to 6.3.17
ok kili@
2010-05-19 15:27:18 +00:00
jasper
168efadf72 - update fetchmail to 6.3.15
from charles smith, thanks.
2010-03-31 19:12:06 +00:00
sthen
3927255cfd security update to 6.3.14, heap overflow in verbose mode SSL cert display
on signed char arch. http://www.fetchmail.info/fetchmail-SA-2010-01.txt

"This might be exploitable to inject code if
- - fetchmail is run in verbose mode
AND
- - the host running fetchmail considers char signed
AND
- - the server uses malicious certificates with non-printing characters
  that have the high bit set
AND
- - these certificates manage to inject shell-code that consists purely of
  printable characters.

It is believed to be difficult to achieve all this."
2010-03-22 01:28:40 +00:00
sthen
706b5d1ee3 update to 6.3.13, fixing a regression introduced in 6.3.12. ok jasper@ 2009-11-02 19:47:49 +00:00
sthen
4ab60c1904 SECURITY update to 6.3.12, fixes CVE-2009-2666 (bad handling of nulls
in SSL domain names).  ok jasper@
2009-10-11 20:52:17 +00:00
jasper
5141823be7 - update fetchmail to 6.3.9
ok sthen@
2009-02-17 12:08:44 +00:00
bernd
457b898d2a Fix stunnel usage with TLS1 encryption.
From https://lists.berlios.de/pipermail/fetchmail-users/2007-December/001396.html
via Dieter Rauschenberger. Thank you!

Regen PLIST and drop maintainership. I don't use it anymore.
2009-02-02 11:42:13 +00:00
bernd
e260daa457 Remove the pre-generated yacc files so they will be re-build.
This fixes a problem with gcc2. Also fix a format string.

From miod@, thanks!
2008-10-30 15:33:59 +00:00
jasper
e073be6eab SECURITY FIX for http://secunia.com/advisories/30742/
(Fetchmail Large Header Processing Denial of Service)

Patch was taken from upstream advisory.
http://www.fetchmail.info/fetchmail-SA-2008-01.txt

ok bernd@ (MAINTAINER)
2008-08-19 22:41:24 +00:00
merdely
8b76ad71d8 Remove surrounding quotes in COMMENT*/PERMIT_* 2007-09-16 00:17:04 +00:00
rui
1dd81a5ac2 SECURITY: roll in a distribution patch which fixes CVE-2007-4565
Reference: http://securitytracker.com/alerts/2007/Aug/1018627.html

ok bernd@
2007-08-31 14:20:46 +00:00
bernd
573299d695 Security update to fetchmail-6.3.8. (CVE-2007-1558)
Make the APOP challenge parser more distrustful and have it reject challenges
that do not conform to RFC-822 msg-id format, in the hope to make mounting
man-in-the-middle attacks (MITM) against APOP a bit more difficult.

Detailed information:
http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt
2007-04-13 13:22:25 +00:00
espie
9eafbbfb35 base64 checksums. 2007-04-05 16:19:55 +00:00
bernd
60d27b1449 Security update to fetchmail-6.3.6:
A password disclosure vulnerability (CVE-2006-5867, fetchmail's using unsafe
logins or omitting TLS) and a denial of service vulnerability (CVE-2006-5974,
fetchmail crashes, dereferencing the null page, when rejecting a message sent
to an MDA).

Fetchmail 6.3.6 also fixes several regressions and long-standing bugs.

Details:
https://lists.berlios.de/pipermail/fetchmail-announce/2007-January/000042.html

tests & ok jasper@, simon@
2007-01-09 10:35:42 +00:00
alek
a342f505ce Use MASTER_SITE_BERLIOS 2006-08-01 18:38:22 +00:00
bernd
c4c1542325 Update to fetchmail-6.3.4. 2006-04-21 09:21:59 +00:00
bernd
4be38c5eef Update to fetchmail-6.3.3. 2006-04-01 11:57:44 +00:00
bernd
b0caefa3d0 Update to fetchmail-6.3.2.
This update includes security fixes for CVE-2005-2335, CVE-2005-4348
and CVE-2006-0321.

Take over maintainership. (With permission from old MAINTAINER fgsch@.)

Tested by Sigfred Håversen and aanriot@.

ok aanriot@, brad@
2006-01-31 14:30:34 +00:00
bernd
e339a20163 Fix the latest security issue in fetchmailconf.
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
"passwords are written to a world-readable file"

nicer fetchmailconf diff & ok fgsch@ (thanks!)
2005-10-27 21:58:51 +00:00
sturm
0d88196840 bump PKGNAME so that 3.7 won't have higher PKGNAMEs than 3.8
suggested by espie@, ok pval@
2005-08-31 19:55:36 +00:00
fgsch
6c8c34dfa8 SECURITY FIX: update to 6.2.5.2, see
http://www.vuxml.org/openbsd/aee27100-fcf2-11d9-b3c7-00065bd5b0b6.html.
Update master sites and homepage (project moved to belios.de).
From Bernd Ahlers <b dot ahlers at ba-net dot org>.
2005-07-25 17:41:51 +00:00
alek
79c2dcee03 - Fix libintl detection
- Don't use bundled libintl headers
- Bump PKGNAME
2005-02-19 21:27:35 +00:00
naddy
a8817eabcc SIZE 2005-01-05 16:50:35 +00:00
alek
200b1ea2ea Add WANTLIB markers 2005-01-02 12:56:04 +00:00
espie
15a2aca1cd new style plists. 2004-09-15 09:09:41 +00:00
xsa
569ca0e221 new-style MODULES. 2004-08-10 09:14:47 +00:00
fgsch
e24b084b33 fix apop. from alexander dot bluhm at gmx dot net via PR/3709.
pvalchev@ ok.
2004-03-12 00:18:42 +00:00
naddy
2276d3b230 remove WWW lines 2003-12-15 21:42:08 +00:00
fgsch
55f346b834 update to 6.2.5. 2003-10-15 23:08:49 +00:00
markus
ee577057f2 out of bounds access; detected by malloc guard; ok fgsch@ 2003-09-23 20:37:51 +00:00
fgsch
b6cf2a59ca update to fetchmail 6.2.4; bugfix release. 2003-08-13 23:28:24 +00:00
fgsch
ebaf3d2b0e update to fetchmail 6.2.3. 2003-07-17 22:36:44 +00:00
fgsch
40ad228f0b no more kerberosIV stuff; reported and tested by krw. 2003-05-20 01:55:59 +00:00
fgsch
64e49b97ce update to fetchmail 6.2.2. 2003-04-04 04:34:18 +00:00
david
3e6f238637 remove double word stuttering
ok pvalchev@ brad@
2003-02-26 02:57:55 +00:00
fgsch
db76bc5a66 new MASTER_SITES and HOMEPAGE.
from by Joseph C. Bender <jcbender at benderhome dot net>.
2003-02-18 10:30:17 +00:00
fgsch
6e98edec2f SECURITY FIX: update to fetchmail 6.2.0. 2002-12-13 08:53:56 +00:00
fgsch
4d772574be Update to fetchmail 6.1.3. 2002-11-28 16:34:15 +00:00
fgsch
4d01b9259a update to fetchmail 6.1.2. 2002-11-02 20:23:34 +00:00
naddy
26e34fa97b No regression tests available. 2002-10-27 17:21:39 +00:00