Accepting request 940000 from home:dirkmueller:Factory

- update to 6.5.25: * 6.4.24's workaround for OpenSSL 1.0.2's X509_V_FLAG_TRUSTED_FIRST flag contained a typo and would not kick in properly. * Library and/or rpath setting from configure.ac was fixed. * Added an example systemd unit file and instructions to contrib/systemd/ which runs fetchmail as a daemon with 5-minute poll intervals. * fetchmail can now be used with wolfSSL 5's OpenSSL compatibility layer, see INSTALL and README.SSL. This is considered experimental. Feedback solicited. * Bison 3.8 dropped yytoknum altogether, breaking compilation due to a warning workaround. Remove the cast of yytoknum to void. This may cause a compiler warning to reappear with older Bison versions. * OpenSSL 1.0.2: Workaround for systems that keep the expired DST Root CA X3 certificate in its trust store because OpenSSL by default prefers the untrusted certificate and fails. * For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin - no matter its contents - and that set auth ssh), change the STARTTLS error message to suggest sslproto '' instead. This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22. - drop fetchmail-bison-3.8.patch (upstream) OBS-URL: https://build.opensuse.org/request/show/940000 OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=122
2021-12-20 09:50:29 +00:00 · 2021-12-20 09:50:29 +00:00 · d748927d55
commit d748927d55
parent 7b1f6bdab7
9 changed files with 94 additions and 98 deletions
--- a/fetchmail-6.4.22.tar.xz
+++ b/fetchmail-6.4.22.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:cc6818bd59435602169fa292d6d163d56b21c7f53112829470a3aceabe612c84
-size 1330176
--- a/fetchmail-6.4.22.tar.xz.asc
+++ b/fetchmail-6.4.22.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE3EplW9mTzUhx+oIQ5BKxVu/zhVoFAmE/vEgACgkQ5BKxVu/z
-hVqlTA//bMqmPdUfYjm6VYSy3n2v+arXSp1t3G3rKuWGUXsxu6w8YmTNgd7y+3b8
-k5owzg60FOHYaG2icX+2DYfZlprWdsz8sI1fZRUH5xxe4ozAPg0iPbvSLiXqBNI8
-uxewWTOt1pCSYQptaWF32wqZvcHtnHU0nEEEy0u3n1UG9vEbDoh7Ej9Z0TpvwnhA
-54tU8vDV/sQdS+XN/DuWYfXp6cqrNg6P/eGUb877i+E2YoFsoqHrZV0A27IMTxOn
-qTi0upysu0QyMRQo1Xd6zwjs7MyPudZ9pMoeXGu+wnFW6g8dDsnTx/SBh27sgssh
-SwTnKYANztgDCGH2ySrLgX0QxseI8Y7JPNbfQDS3pkpPx5TQuO+aDQcQhXhzG94o
-oez7/aUmSvAIbPKiF8Y1SQMoRms5iSNVJL8LyQNLOSDZziKT+fGzDVJhnNh3Jcn9
-Pbj5oMYkcd8YKcjZYRXlwK4rbdcvA/79b3TuFMmcZ7eiTJHiy7i/C7R9qrYyxXao
-c6ZmRjNuAYpL0TnFhIy/yUe/+mhse87a4I2XTk1CE1Z1RpNI4xPDHO+7EtSyTZDV
-1rBs9tA2B7t/WcXVQxZDF4MqJ02TWZRwCgxRJGCMG7d28xvZaxpuZrZ9jlosQHt4
-jEgoWvcboCCK0WOZlnpgtKwvd8SRoPoDxLJmnKc35r1dqsP4Aso=
-=Qd4Q
-----END PGP SIGNATURE-----
--- a/fetchmail-6.4.25.tar.xz
+++ b/fetchmail-6.4.25.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7ebefbe89172fd59f0fd8317d8743a8436f375ccdcab3900e4c3ec06a8fbf27f
+size 1343360
--- a/fetchmail-6.4.25.tar.xz.asc
+++ b/fetchmail-6.4.25.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE3EplW9mTzUhx+oIQ5BKxVu/zhVoFAmGzp6YACgkQ5BKxVu/z
+hVrG2xAAs2b2hMgFid2fYsKVDSjUJ9k4nMAtkIGLu4bTJiVlZSmsHv/ubuh+bV0W
+QaXEjI8XpnM2EeVnaZZDj3kMddioX5sqU1E8ZwhEvQhZJvCEs45qibNOXUS+McIG
+/+mut0YWpxenU49+HlbPx7ocdXYOiceOXNZNFFEA1HfLtwAPDfgNs1shoa+r5eTv
+gEPJZC3diXOI4SdmJnEZU9zJXsS69OD49yULMNZIUFgDzk++sNOyskB7DdGbopdi
+J9H6pgX1LAA7v0FgKoWzN9JQyrX8dLYN+sd3dPd1s9SYvOKBgDnGCHqBgTUoOxFc
+M1iP0M7okqtgg/8A0mo6heDAytvyqyG5w6IiGDTJAXhKKlwUQ4ckmDoRfNT7dxTi
+8r0xImpvAiXJO8sdkcmBaN/5rbrGl/wa1fxdrZQ8L2wlS7/Qf1vMaFjx4oGr9Otc
+XOmGLTz8ACHDVVi9AqTzojOJDcs0387XYqt3pZyan5TW0QaPTza91FJEsjC5QAKX
+P8pnUpfbeTK/BUNQFyFjR6nk1bWLdK54K7V7k2mKs2SNlZ99syMkYlA8a2NpJeH/
+s+EwyME5XxfkKtaUWpbyD9ixd3ELWNWouHz2bO9HdIGMANlJeRyKjIN7LDoaiom
+Pi+Q0+4HdNOX3T8w8m/YHs7f/ka6XAPvnLWycpXzuf69jCk2/+o=
+=8bN9
+-----END PGP SIGNATURE-----
--- a/fetchmail-add-imap-oauthbearer-support.patch
+++ b/fetchmail-add-imap-oauthbearer-support.patch
@ -17,10 +17,10 @@ When configured, it will also fall back on trying xoauth2.
 rcfile_l.l       |    1 
 8 files changed, 136 insertions(+), 3 deletions(-)

-Index: fetchmail-6.4.22/conf.c
+Index: fetchmail-6.4.25/conf.c
 ===================================================================
--- fetchmail-6.4.22.orig/conf.c
-+++ fetchmail-6.4.22/conf.c
+--- fetchmail-6.4.25.orig/conf.c
+++ fetchmail-6.4.25/conf.c
@@ -288,6 +288,8 @@ void dump_config(struct runctl *runp, st
 		stringdump("auth", "otp");
 	    else if (ctl->server.authenticate == A_MSN)
@ -30,11 +30,11 @@ Index: fetchmail-6.4.22/conf.c
 
 #ifdef HAVE_RES_SEARCH
 	    booldump("dns", ctl->server.dns);
-Index: fetchmail-6.4.22/fetchmail.c
+Index: fetchmail-6.4.25/fetchmail.c
 ===================================================================
--- fetchmail-6.4.22.orig/fetchmail.c
-+++ fetchmail-6.4.22/fetchmail.c
-@@ -1776,6 +1776,9 @@ static void dump_params (struct runctl *
+--- fetchmail-6.4.25.orig/fetchmail.c
+++ fetchmail-6.4.25/fetchmail.c
+@@ -1783,6 +1783,9 @@ static void dump_params (struct runctl *
 	case A_SSH:
 	    printf(GT_("  End-to-end encryption assumed.\n"));
 	    break;
@ -44,10 +44,10 @@ Index: fetchmail-6.4.22/fetchmail.c
 	}
 	if (ctl->server.principal != (char *) NULL)
 	    printf(GT_("  Mail service principal is: %s\n"), ctl->server.principal);
-Index: fetchmail-6.4.22/fetchmail.h
+Index: fetchmail-6.4.25/fetchmail.h
 ===================================================================
--- fetchmail-6.4.22.orig/fetchmail.h
-+++ fetchmail-6.4.22/fetchmail.h
+--- fetchmail-6.4.25.orig/fetchmail.h
+++ fetchmail-6.4.25/fetchmail.h
@@ -79,6 +79,7 @@ struct addrinfo;
 #define		A_SSH		8	/* authentication at session level */
 #define		A_MSN		9	/* same as NTLM with keyword MSN */
@ -64,20 +64,20 @@ Index: fetchmail-6.4.22/fetchmail.h
 #define		PASSWORDLEN	256	/* max password length */
 #define		DIGESTLEN	33	/* length of MD5 digest */
 
-Index: fetchmail-6.4.22/fetchmail.man
+Index: fetchmail-6.4.25/fetchmail.man
 ===================================================================
--- fetchmail-6.4.22.orig/fetchmail.man
-+++ fetchmail-6.4.22/fetchmail.man
-@@ -1007,7 +1007,7 @@ AUTHENTICATION below for details).  The
+--- fetchmail-6.4.25.orig/fetchmail.man
+++ fetchmail-6.4.25/fetchmail.man
+@@ -1001,7 +1001,7 @@ AUTHENTICATION below for details).  The
 \&\fBpassword\fP, \fBkerberos_v5\fP, \fBkerberos\fP (or, for
 excruciating exactness, \fBkerberos_v4\fP), \fBgssapi\fP,
 \fBcram\-md5\fP, \fBotp\fP, \fBntlm\fP, \fBmsn\fP (only for POP3),
 -\fBexternal\fP (only IMAP) and \fBssh\fP.
 +\fBexternal\fP (only IMAP), \fBssh\fP and \fBoauthbearer\fP (only IMAP).
 When \fBany\fP (the default) is specified, fetchmail tries
- first methods that don't require a password (EXTERNAL, GSSAPI, KERBEROS\ IV,
+ first methods that do not require a password (EXTERNAL, GSSAPI, KERBEROS\ IV,
 KERBEROS\ 5); then it looks for methods that mask your password
-@@ -1027,6 +1027,23 @@ GSSAPI or K4.  Choosing KPOP protocol au
+@@ -1025,6 +1025,23 @@ GSSAPI or K4.  Choosing KPOP protocol au
 authentication.  This option does not work with ETRN.  GSSAPI service names are
 in line with RFC-2743 and IANA registrations, see
 .URL https://www.iana.org/assignments/gssapi-service-names/ "Generic Security Service Application Program Interface (GSSAPI)/Kerberos/Simple Authentication and Security Layer (SASL) Service Names" .
@ -101,7 +101,7 @@ Index: fetchmail-6.4.22/fetchmail.man
 .SS Miscellaneous Options
 .TP
 .B \-f <pathname> | \-\-fetchmailrc <pathname>
-@@ -2333,7 +2350,9 @@ Legal protocol identifiers for use with
+@@ -2322,7 +2339,9 @@ Legal protocol identifiers for use with
 .PP
 Legal authentication types are 'any', 'password', 'kerberos',
 \&'kerberos_v4', 'kerberos_v5' and 'gssapi', 'cram\-md5', 'otp', 'msn'
@ -112,10 +112,10 @@ Index: fetchmail-6.4.22/fetchmail.man
 The 'password' type specifies
 authentication by normal transmission of a password (the password may be
 plain text or subject to protocol-specific encryption as in CRAM-MD5);
-Index: fetchmail-6.4.22/fetchmailconf.py
+Index: fetchmail-6.4.25/fetchmailconf.py
 ===================================================================
--- fetchmail-6.4.22.orig/fetchmailconf.py
-+++ fetchmail-6.4.22/fetchmailconf.py
+--- fetchmail-6.4.25.orig/fetchmailconf.py
+++ fetchmail-6.4.25/fetchmailconf.py
@@ -500,7 +500,7 @@ defaultports = {"auto":None,
                 "ODMR":"odmr"}
 
@ -125,10 +125,10 @@ Index: fetchmail-6.4.22/fetchmailconf.py
 
 listboxhelp = {
     'title' : 'List Selection Help',
-Index: fetchmail-6.4.22/imap.c
+Index: fetchmail-6.4.25/imap.c
 ===================================================================
--- fetchmail-6.4.22.orig/imap.c
-+++ fetchmail-6.4.22/imap.c
+--- fetchmail-6.4.25.orig/imap.c
+++ fetchmail-6.4.25/imap.c
@@ -26,6 +26,10 @@
 #define IMAP4		0	/* IMAP4 rev 0, RFC1730 */
 #define IMAP4rev1	1	/* IMAP4 rev 1, RFC2060 */
@ -241,7 +241,7 @@ Index: fetchmail-6.4.22/imap.c
 static void imap_canonicalize(char *result, char *raw, size_t maxlen)
 /* encode an IMAP password as per RFC1730's quoting conventions */
 {
-@@ -577,6 +661,26 @@ static int imap_getauth(int sock, struct
+@@ -582,6 +666,26 @@ static int imap_getauth(int sock, struct
 			 for future maintenance */
     (void)ok;
 
@ -268,10 +268,10 @@ Index: fetchmail-6.4.22/imap.c
     /* Yahoo hack - we'll just try ID if it was offered by the server,
      * and IGNORE errors. */
     {
-Index: fetchmail-6.4.22/options.c
+Index: fetchmail-6.4.25/options.c
 ===================================================================
--- fetchmail-6.4.22.orig/options.c
-+++ fetchmail-6.4.22/options.c
+--- fetchmail-6.4.25.orig/options.c
+++ fetchmail-6.4.25/options.c
@@ -421,6 +421,8 @@ int parsecmdline (int argc /** argument
 		ctl->server.authenticate = A_ANY;
 	    else if (strcmp(optarg, "msn") == 0)
@ -281,10 +281,10 @@ Index: fetchmail-6.4.22/options.c
 	    else {
 		fprintf(stderr,GT_("Invalid authentication `%s' specified.\n"), optarg);
 		errflag++;
-Index: fetchmail-6.4.22/rcfile_l.l
+Index: fetchmail-6.4.25/rcfile_l.l
 ===================================================================
--- fetchmail-6.4.22.orig/rcfile_l.l
-+++ fetchmail-6.4.22/rcfile_l.l
+--- fetchmail-6.4.25.orig/rcfile_l.l
+++ fetchmail-6.4.25/rcfile_l.l
@@ -106,6 +106,7 @@ cram(-md5)?	{ SETSTATE(0); yylval.proto
 msn		{ SETSTATE(0); yylval.proto = A_MSN; return AUTHTYPE;}
 ntlm		{ SETSTATE(0); yylval.proto = A_NTLM; return AUTHTYPE;}
--- a/fetchmail-bison-3.8.patch
+++ b/fetchmail-bison-3.8.patch
@ -1,11 +0,0 @@
--- a/rcfile_y.y
-+++ b/rcfile_y.y
-@@ -461,8 +461,6 @@
-     prc_errflag = 0;
-     querylist = hosttail = (struct query *)NULL;
- 
-    (void)yytoknum; /* work around compiler warning */
-
-     errno = 0;
- 
-     /* Check that the file is secure */
--- a/fetchmail-support-oauthbearer-xoauth2-with-pop3.patch
+++ b/fetchmail-support-oauthbearer-xoauth2-with-pop3.patch
@ -16,10 +16,10 @@ Git-commit: 7b5c56f0fa3acb4c5589a4747c1921a311d8a464
 create mode 100644 oauth2.c
 create mode 100644 oauth2.h

-Index: fetchmail-6.4.22/Makefile.am
+Index: fetchmail-6.4.25/Makefile.am
 ===================================================================
--- fetchmail-6.4.22.orig/Makefile.am
-+++ fetchmail-6.4.22/Makefile.am
+--- fetchmail-6.4.25.orig/Makefile.am
+++ fetchmail-6.4.25/Makefile.am
@@ -68,7 +68,7 @@ fetchmail_SOURCES=	fetchmail.h getopt.h
 		fetchmail.c env.c idle.c options.c daemon.c \
 		driver.c transact.c sink.c smtp.c \
@ -29,20 +29,20 @@ Index: fetchmail-6.4.22/Makefile.am
 		unmime.c conf.c checkalias.c uid_db.h uid_db.c\
 		lock.h lock.c \
 		rcfile_l.l rcfile_y.y \
-Index: fetchmail-6.4.22/fetchmail.man
+Index: fetchmail-6.4.25/fetchmail.man
 ===================================================================
--- fetchmail-6.4.22.orig/fetchmail.man
-+++ fetchmail-6.4.22/fetchmail.man
-@@ -1007,7 +1007,7 @@ AUTHENTICATION below for details).  The
+--- fetchmail-6.4.25.orig/fetchmail.man
+++ fetchmail-6.4.25/fetchmail.man
+@@ -1001,7 +1001,7 @@ AUTHENTICATION below for details).  The
 \&\fBpassword\fP, \fBkerberos_v5\fP, \fBkerberos\fP (or, for
 excruciating exactness, \fBkerberos_v4\fP), \fBgssapi\fP,
 \fBcram\-md5\fP, \fBotp\fP, \fBntlm\fP, \fBmsn\fP (only for POP3),
 -\fBexternal\fP (only IMAP), \fBssh\fP and \fBoauthbearer\fP (only IMAP).
 +\fBexternal\fP (only IMAP), \fBssh\fP and \fBoauthbearer\fP (requires token).
 When \fBany\fP (the default) is specified, fetchmail tries
- first methods that don't require a password (EXTERNAL, GSSAPI, KERBEROS\ IV,
+ first methods that do not require a password (EXTERNAL, GSSAPI, KERBEROS\ IV,
 KERBEROS\ 5); then it looks for methods that mask your password
-@@ -2351,8 +2351,7 @@ Legal protocol identifiers for use with
+@@ -2340,8 +2340,7 @@ Legal protocol identifiers for use with
 Legal authentication types are 'any', 'password', 'kerberos',
 \&'kerberos_v4', 'kerberos_v5' and 'gssapi', 'cram\-md5', 'otp', 'msn'
 (only for POP3), 'ntlm', 'ssh', 'external' (only IMAP),
@ -52,10 +52,10 @@ Index: fetchmail-6.4.22/fetchmail.man
 The 'password' type specifies
 authentication by normal transmission of a password (the password may be
 plain text or subject to protocol-specific encryption as in CRAM-MD5);
-Index: fetchmail-6.4.22/imap.c
+Index: fetchmail-6.4.25/imap.c
 ===================================================================
--- fetchmail-6.4.22.orig/imap.c
-+++ fetchmail-6.4.22/imap.c
+--- fetchmail-6.4.25.orig/imap.c
+++ fetchmail-6.4.25/imap.c
@@ -17,6 +17,7 @@
 #include  <limits.h>
 #include  <errno.h>
@ -134,10 +134,10 @@ Index: fetchmail-6.4.22/imap.c
 
     return ok;
 }
-Index: fetchmail-6.4.22/oauth2.c
+Index: fetchmail-6.4.25/oauth2.c
 ===================================================================
 --- /dev/null
-+++ fetchmail-6.4.22/oauth2.c
+++ fetchmail-6.4.25/oauth2.c
@@ -0,0 +1,61 @@
 +/*
 + * oauth2.c -- oauthbearer and xoauth2 support
@ -200,10 +200,10 @@ Index: fetchmail-6.4.22/oauth2.c
 +
 +    return oauth2b64;
 +}
-Index: fetchmail-6.4.22/oauth2.h
+Index: fetchmail-6.4.25/oauth2.h
 ===================================================================
 --- /dev/null
-+++ fetchmail-6.4.22/oauth2.h
+++ fetchmail-6.4.25/oauth2.h
@@ -0,0 +1,6 @@
 +#ifndef OAUTH2_H
 +#define OAUTH2_H
@ -211,10 +211,10 @@ Index: fetchmail-6.4.22/oauth2.h
 +char *get_oauth2_string(struct query *ctl,flag xoauth2);
 +
 +#endif /*OAUTH2_H*/
-Index: fetchmail-6.4.22/pop3.c
+Index: fetchmail-6.4.25/pop3.c
 ===================================================================
--- fetchmail-6.4.22.orig/pop3.c
-+++ fetchmail-6.4.22/pop3.c
+--- fetchmail-6.4.25.orig/pop3.c
+++ fetchmail-6.4.25/pop3.c
@@ -20,6 +20,7 @@
 #include  <errno.h>
 
--- a/fetchmail.changes
+++ b/fetchmail.changes
@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Sat Dec 11 23:23:50 UTC 2021 - Dirk Müller <dmueller@suse.com>
+
+- update to 6.5.25:
+  * 6.4.24's workaround for OpenSSL 1.0.2's X509_V_FLAG_TRUSTED_FIRST flag
+    contained a typo and would not kick in properly.
+  * Library and/or rpath setting from configure.ac was fixed.
+  * Added an example systemd unit file and instructions to contrib/systemd/
+    which runs fetchmail as a daemon with 5-minute poll intervals.
+  * fetchmail can now be used with wolfSSL 5's OpenSSL compatibility layer,
+    see INSTALL and README.SSL. This is considered experimental.
+    Feedback solicited.
+  * Bison 3.8 dropped yytoknum altogether, breaking compilation due to a
+    warning workaround. Remove the cast of yytoknum to void.  This may cause
+    a compiler warning to reappear with older Bison versions.
+  * OpenSSL 1.0.2: Workaround for systems that keep the expired DST Root CA X3 
+    certificate in its trust store because OpenSSL by default prefers the 
+    untrusted certificate and fails.
+  * For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin
+    - no matter its contents - and that set auth ssh), change the STARTTLS 
+    error message to suggest sslproto '' instead.
+    This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22.
+- drop fetchmail-bison-3.8.patch (upstream)
+
 -------------------------------------------------------------------
 Tue Nov  9 16:23:42 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>

--- a/fetchmail.spec
+++ b/fetchmail.spec
@ -21,7 +21,7 @@
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           fetchmail
-Version:        6.4.22
+Version:        6.4.25
 Release:        0
 Summary:        Full-Featured POP and IMAP Mail Retrieval Daemon
 License:        GPL-2.0-or-later
@ -36,7 +36,6 @@ Source6:        %{name}.service
 Source7:        %{name}.tmpfiles
 Source8:        %{name}.exec
 Source9:        %{name}.sysusers
-
 Patch0:         fetchmail-6.3.8-smtp_errors.patch
 Patch1:         fetchmail-add-imap-oauthbearer-support.patch
 Patch2:         fetchmail-support-oauthbearer-xoauth2-with-pop3.patch
@ -51,7 +50,6 @@ Patch10:        fetchmail-oauth2-c-calculate-and-pass-in-correct-buffer-size-to-
 Patch11:        fetchmail-increase-max-password-length-to-handle-oauth-tokens.patch
 Patch12:        fetchmail-bump-max-passwordlen-to-1bytes.patch
 Patch13:        fetchmail-add-readme-oauth2-issue-27.patch
-Patch14:        fetchmail-bison-3.8.patch
 BuildRequires:  automake
 BuildRequires:  bison
 BuildRequires:  flex
@ -94,22 +92,7 @@ A GUI configuration utility for generating fetchmail configuration
 files (.fetchmailrc).

 %prep
-%setup -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p1
+%autosetup -p1
 cp -a %{SOURCE2} %{SOURCE3} .

 ACLOCAL="aclocal -I m4 -I m4-local" autoreconf -fvi