diff --git a/bug-223507_fix-kpop-regression.diff b/bug-223507_fix-kpop-regression.diff new file mode 100644 index 0000000..1061190 --- /dev/null +++ b/bug-223507_fix-kpop-regression.diff @@ -0,0 +1,24 @@ +diff -u branches/BRANCH_6-3/pop3.c branches/BRANCH_6-3/pop3.c +--- branches/BRANCH_6-3/pop3.c 2007-02-02 23:34:11 UTC (rev 5020) ++++ branches/BRANCH_6-3/pop3.c 2007-02-02 23:47:15 UTC (rev 5021) +@@ -610,6 +610,20 @@ + } + #endif /* OPIE_ENABLE */ + ++ /* KPOP uses out-of-band authentication and does not check what ++ * we send here, so send some random fixed string, to avoid ++ * users switching *to* KPOP accidentally revealing their ++ * password */ ++ if ((ctl->server.authenticate == A_ANY ++ || ctl->server.authenticate == A_KERBEROS_V4 ++ || ctl->server.authenticate == A_KERBEROS_V5) ++ && (ctl->server.service != NULL ++ && strcmp(ctl->server.service, KPOP_PORT) == 0)) ++ { ++ ok = gen_transact(sock, "PASS krb_ticket"); ++ break; ++ } ++ + /* check if we are actually allowed to send the password */ + if (ctl->server.authenticate == A_ANY + || ctl->server.authenticate == A_PASSWORD) { diff --git a/bug-223507_fix-tlsfail-repoll.diff b/bug-223507_fix-tlsfail-repoll.diff new file mode 100644 index 0000000..ab68b52 --- /dev/null +++ b/bug-223507_fix-tlsfail-repoll.diff @@ -0,0 +1,64 @@ +Author: m-a +Date: 2007-02-02 18:13:12 -0600 (Fri, 02 Feb 2007) +New Revision: 5022 + +Modified: + branches/BRANCH_6-3/NEWS + branches/BRANCH_6-3/pop3.c +Log: +Fix 6.3.6 regression: repoll upon socket error after STLS failure. +Berlios Bug #10133, reported by Andrej Kacian. + +# FIXES FOR REGRESSIONS IN 6.3.6 +* Fix KPOP. Patch by Miloslav Trmac. +* Fix repoll when server disconnects after opportunistic TLS failed for POP3. + Berlios Bug #10133, reported by Andrej Kacian. + +Modified: branches/BRANCH_6-3/pop3.c +=================================================================== +--- branches/BRANCH_6-3/pop3.c 2007-02-02 23:47:15 UTC (rev 5021) ++++ branches/BRANCH_6-3/pop3.c 2007-02-03 00:13:12 UTC (rev 5022) +@@ -635,17 +635,6 @@ + } + memset(shroud, 0x55, sizeof(shroud)); + shroud[0] = '\0'; +-#ifdef SSL_ENABLE +- /* this is for servers which claim to support TLS, but actually +- * don't! */ +- if (connection_may_have_tls_errors && ok == PS_SOCKET) +- { +- xfree(ctl->sslproto); +- ctl->sslproto = xstrdup(""); +- /* repoll immediately without TLS */ +- ok = PS_REPOLL; +- } +-#endif + break; + + case P_APOP: +@@ -694,6 +683,18 @@ + ok = PS_ERROR; + } + ++#ifdef SSL_ENABLE ++ /* this is for servers which claim to support TLS, but actually ++ * don't! */ ++ if (connection_may_have_tls_errors && ok == PS_SOCKET) ++ { ++ xfree(ctl->sslproto); ++ ctl->sslproto = xstrdup(""); ++ /* repoll immediately without TLS */ ++ ok = PS_REPOLL; ++ } ++#endif ++ + if (ok != 0) + { + /* maybe we detected a lock-busy condition? */ + +_______________________________________________ +fetchmail-svn mailing list +fetchmail-svn@lists.berlios.de +https://lists.berlios.de/mailman/listinfo/fetchmail-svn + + diff --git a/fetchmail-6.3.6-kpop.patch b/fetchmail-6.3.6-kpop.patch deleted file mode 100644 index 5fce420..0000000 --- a/fetchmail-6.3.6-kpop.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- fetchmail-6.3.6/pop3.c.kpop 2007-01-22 23:42:14.000000000 +0100 -+++ fetchmail-6.3.6/pop3.c 2007-01-22 23:44:28.000000000 +0100 -@@ -612,7 +612,11 @@ - - /* check if we are actually allowed to send the password */ - if (ctl->server.authenticate == A_ANY -- || ctl->server.authenticate == A_PASSWORD) { -+ || ctl->server.authenticate == A_PASSWORD -+ || ((ctl->server.authenticate == A_KERBEROS_V4 -+ || ctl->server.authenticate == A_KERBEROS_V5) -+ && ctl->server.service -+ && strcmp(ctl->server.service, KPOP_PORT) == 0)) { - strlcpy(shroud, ctl->password, sizeof(shroud)); - ok = gen_transact(sock, "PASS %s", ctl->password); - } else { diff --git a/fetchmail.changes b/fetchmail.changes index 0c43e11..cbf4744 100644 --- a/fetchmail.changes +++ b/fetchmail.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Feb 6 15:01:38 CET 2007 - sbrabec@suse.cz + +- Repair repoll after opportunistic TLS failed (#223507#c27, + Berlios#10133). +- Use upstream fix of KPOP regression (#223507#c26). + ------------------------------------------------------------------- Thu Jan 25 15:57:47 CET 2007 - sbrabec@suse.cz diff --git a/fetchmail.spec b/fetchmail.spec index e7588b2..1fe672a 100644 --- a/fetchmail.spec +++ b/fetchmail.spec @@ -16,12 +16,14 @@ License: GNU General Public License (GPL), Other uncritical OpenSource Li Group: Productivity/Networking/Email/Utilities Autoreqprov: on Version: 6.3.6 -Release: 1 +Release: 2 Source: %{name}-%{version}.tar.bz2 Source1: %{name}.init Source2: %{name}.logrotate Source3: sysconfig.%{name} -Patch: fetchmail-6.3.6-kpop.patch +#Patch: fetchmail-6.3.6-kpop.patch +Patch: bug-223507_fix-kpop-regression.diff +Patch1: bug-223507_fix-tlsfail-repoll.diff %if %suse_version > 800 PreReq: %insserv_prereq %fillup_prereq coreutils %endif @@ -78,7 +80,8 @@ Authors: %prep %setup -q -%patch -p1 +%patch -p2 +%patch1 -p2 cp -a %{S:1} %{S:2} %{S:3} . %build @@ -161,6 +164,10 @@ rm -rf $RPM_BUILD_ROOT %{py_sitedir}/fetchmailconf.* %changelog -n fetchmail +* Tue Feb 06 2007 - sbrabec@suse.cz +- Repair repoll after opportunistic TLS failed (#223507#c27, + Berlios#10133). +- Use upstream fix of KPOP regression (#223507#c26). * Thu Jan 25 2007 - sbrabec@suse.cz - Fixed regression in KPOP support (#223507#c8). http://lists.berlios.de/pipermail/fetchmail-devel/2007-January/000857.html