Update to fetchmail-6.3.20

2011-06-07 12:14:28 +02:00 · 2011-06-07 12:14:28 +02:00 · 106a938291
commit 106a938291
parent 6185e3d2fc
4 changed files with 9 additions and 82 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,5 @@ fetchmail-6.3.17.tar.xz.asc
 /fetchmail-6.3.18.tar.xz.asc
 /fetchmail-6.3.19.tar.xz
 /fetchmail-6.3.19.tar.xz.asc
+/fetchmail-6.3.20.tar.xz
+/fetchmail-6.3.20.tar.xz.asc
--- a/fetchmail-6.3.19-cve-2011-1947.patch
+++ b/fetchmail-6.3.19-cve-2011-1947.patch
@ -1,76 +0,0 @@
-commit 7dc67b8cf06f74aa57525279940e180c99701314
-Author: Matthias Andree <matthias.andree@gmx.de>
-Date:   Thu May 26 01:47:41 2011 +0200
-
-    Run S(TART)TLS negotiation under timeout alarm.
-    
-    Reported missing by Thomas Jarosch.
-
-diff --git a/imap.c b/imap.c
-index dca3bab..397b391 100644
--- a/imap.c
-+++ b/imap.c
-@@ -447,9 +447,9 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
- 	     * whether TLS is mandatory or opportunistic unless SSLOpen() fails
- 	     * (see below). */
- 	    if (gen_transact(sock, "STARTTLS") == PS_SUCCESS
-		    && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
-+		    && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
- 			ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
-			ctl->server.pollname, &ctl->remotename) != -1)
-+			ctl->server.pollname, &ctl->remotename)) != -1)
- 	    {
- 		/*
- 		 * RFC 2595 says this:
-@@ -473,9 +473,11 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
- 	    } else if (must_tls(ctl)) {
- 		/* Config required TLS but we couldn't guarantee it, so we must
- 		 * stop. */
-+		set_timeout(0);
- 		report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
- 		return PS_SOCKET;
- 	    } else {
-+		set_timeout(0);
- 		if (outlevel >= O_VERBOSE) {
- 		    report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue\n"), commonname);
- 		}
-diff --git a/pop3.c b/pop3.c
-index 3def391..9cf8494 100644
--- a/pop3.c
-+++ b/pop3.c
-@@ -448,9 +448,9 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
- 		* whether TLS is mandatory or opportunistic unless SSLOpen() fails
- 		* (see below). */
- 	       if (gen_transact(sock, "STLS") == PS_SUCCESS
-		       && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
-+		       && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
- 			   ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
-			   ctl->server.pollname, &ctl->remotename) != -1)
-+			   ctl->server.pollname, &ctl->remotename)) != -1)
- 	       {
- 		   /*
- 		    * RFC 2595 says this:
-@@ -465,6 +465,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
- 		    * Now that we're confident in our TLS connection we can
- 		    * guarantee a secure capability re-probe.
- 		    */
-+		   set_timeout(0);
- 		   done_capa = FALSE;
- 		   ok = capa_probe(sock);
- 		   if (ok != PS_SUCCESS) {
-@@ -477,6 +478,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
- 	       } else if (must_tls(ctl)) {
- 		   /* Config required TLS but we couldn't guarantee it, so we must
- 		    * stop. */
-+		   set_timeout(0);
- 		   report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
- 		   return PS_SOCKET;
- 	       } else {
-@@ -485,6 +487,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
- 		    * allowed til post-authentication), so leave it in an unknown
- 		    * state, mark it as such, and check more carefully if things
- 		    * go wrong when we try to authenticate. */
-+		   set_timeout(0);
- 		   connection_may_have_tls_errors = TRUE;
- 		   if (outlevel >= O_VERBOSE)
- 		   {
--- a/fetchmail.spec
+++ b/fetchmail.spec
@ -3,11 +3,10 @@

 Summary: A remote mail retrieval and forwarding utility
 Name: fetchmail
-Version: 6.3.19
-Release: 5%{?dist}
+Version: 6.3.20
+Release: 1%{?dist}
 Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.xz
 Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.xz.asc
-Patch0: fetchmail-6.3.19-cve-2011-1947.patch
 URL: http://fetchmail.berlios.de/
 # For a breakdown of the licensing, see COPYING
 License: GPL+ and Public Domain
@ -45,7 +44,6 @@ need to have Python and Tk installed in order to use fetchmailconf.

 %prep
 %setup -q
-%patch0 -p1 -b .cve-2011-1947

 %build
 %configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \
@ -84,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif

 %changelog
+* Tue Jun 07 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.20-1
+- Update to fetchmail-6.3.20
+
 * Thu Jun 02 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.19-5
 - Fix CVE-2011-1947

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-6c5a1e26da06b85f9a47fe66cef8aa31  fetchmail-6.3.19.tar.xz
-53a6595846fa8cad2720ea33cb3a8aa8  fetchmail-6.3.19.tar.xz.asc
+76406dbb37471f911cbb483830afe068  fetchmail-6.3.20.tar.xz
+7f4c33505e4d28a88f40dbd6382b38fe  fetchmail-6.3.20.tar.xz.asc