Update to fetchmail-6.3.20
This commit is contained in:
Vitezslav Crhonek
parent
6185e3d2fc
commit
106a938291
2
.gitignore
vendored
2
.gitignore
vendored
@ -4,3 +4,5 @@ fetchmail-6.3.17.tar.xz.asc
|
|||||||
/fetchmail-6.3.18.tar.xz.asc
|
/fetchmail-6.3.18.tar.xz.asc
|
||||||
/fetchmail-6.3.19.tar.xz
|
/fetchmail-6.3.19.tar.xz
|
||||||
/fetchmail-6.3.19.tar.xz.asc
|
/fetchmail-6.3.19.tar.xz.asc
|
||||||
|
/fetchmail-6.3.20.tar.xz
|
||||||
|
/fetchmail-6.3.20.tar.xz.asc
|
||||||
|
|||||||
@ -1,76 +0,0 @@
|
|||||||
commit 7dc67b8cf06f74aa57525279940e180c99701314
|
|
||||||
Author: Matthias Andree <matthias.andree@gmx.de>
|
|
||||||
Date: Thu May 26 01:47:41 2011 +0200
|
|
||||||
|
|
||||||
Run S(TART)TLS negotiation under timeout alarm.
|
|
||||||
|
|
||||||
Reported missing by Thomas Jarosch.
|
|
||||||
|
|
||||||
diff --git a/imap.c b/imap.c
|
|
||||||
index dca3bab..397b391 100644
|
|
||||||
--- a/imap.c
|
|
||||||
+++ b/imap.c
|
|
||||||
@@ -447,9 +447,9 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
|
|
||||||
* whether TLS is mandatory or opportunistic unless SSLOpen() fails
|
|
||||||
* (see below). */
|
|
||||||
if (gen_transact(sock, "STARTTLS") == PS_SUCCESS
|
|
||||||
- && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
|
|
||||||
+ && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
|
|
||||||
ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
|
|
||||||
- ctl->server.pollname, &ctl->remotename) != -1)
|
|
||||||
+ ctl->server.pollname, &ctl->remotename)) != -1)
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* RFC 2595 says this:
|
|
||||||
@@ -473,9 +473,11 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
|
|
||||||
} else if (must_tls(ctl)) {
|
|
||||||
/* Config required TLS but we couldn't guarantee it, so we must
|
|
||||||
* stop. */
|
|
||||||
+ set_timeout(0);
|
|
||||||
report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
|
|
||||||
return PS_SOCKET;
|
|
||||||
} else {
|
|
||||||
+ set_timeout(0);
|
|
||||||
if (outlevel >= O_VERBOSE) {
|
|
||||||
report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue\n"), commonname);
|
|
||||||
}
|
|
||||||
diff --git a/pop3.c b/pop3.c
|
|
||||||
index 3def391..9cf8494 100644
|
|
||||||
--- a/pop3.c
|
|
||||||
+++ b/pop3.c
|
|
||||||
@@ -448,9 +448,9 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
|
|
||||||
* whether TLS is mandatory or opportunistic unless SSLOpen() fails
|
|
||||||
* (see below). */
|
|
||||||
if (gen_transact(sock, "STLS") == PS_SUCCESS
|
|
||||||
- && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
|
|
||||||
+ && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
|
|
||||||
ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
|
|
||||||
- ctl->server.pollname, &ctl->remotename) != -1)
|
|
||||||
+ ctl->server.pollname, &ctl->remotename)) != -1)
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* RFC 2595 says this:
|
|
||||||
@@ -465,6 +465,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
|
|
||||||
* Now that we're confident in our TLS connection we can
|
|
||||||
* guarantee a secure capability re-probe.
|
|
||||||
*/
|
|
||||||
+ set_timeout(0);
|
|
||||||
done_capa = FALSE;
|
|
||||||
ok = capa_probe(sock);
|
|
||||||
if (ok != PS_SUCCESS) {
|
|
||||||
@@ -477,6 +478,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
|
|
||||||
} else if (must_tls(ctl)) {
|
|
||||||
/* Config required TLS but we couldn't guarantee it, so we must
|
|
||||||
* stop. */
|
|
||||||
+ set_timeout(0);
|
|
||||||
report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
|
|
||||||
return PS_SOCKET;
|
|
||||||
} else {
|
|
||||||
@@ -485,6 +487,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
|
|
||||||
* allowed til post-authentication), so leave it in an unknown
|
|
||||||
* state, mark it as such, and check more carefully if things
|
|
||||||
* go wrong when we try to authenticate. */
|
|
||||||
+ set_timeout(0);
|
|
||||||
connection_may_have_tls_errors = TRUE;
|
|
||||||
if (outlevel >= O_VERBOSE)
|
|
||||||
{
|
|
||||||
@ -3,11 +3,10 @@
|
|||||||
|
|
||||||
Summary: A remote mail retrieval and forwarding utility
|
Summary: A remote mail retrieval and forwarding utility
|
||||||
Name: fetchmail
|
Name: fetchmail
|
||||||
Version: 6.3.19
|
Version: 6.3.20
|
||||||
Release: 5%{?dist}
|
Release: 1%{?dist}
|
||||||
Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.xz
|
Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.xz
|
||||||
Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.xz.asc
|
Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.xz.asc
|
||||||
Patch0: fetchmail-6.3.19-cve-2011-1947.patch
|
|
||||||
URL: http://fetchmail.berlios.de/
|
URL: http://fetchmail.berlios.de/
|
||||||
# For a breakdown of the licensing, see COPYING
|
# For a breakdown of the licensing, see COPYING
|
||||||
License: GPL+ and Public Domain
|
License: GPL+ and Public Domain
|
||||||
@ -45,7 +44,6 @@ need to have Python and Tk installed in order to use fetchmailconf.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1 -b .cve-2011-1947
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \
|
%configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \
|
||||||
@ -84,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 07 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.20-1
|
||||||
|
- Update to fetchmail-6.3.20
|
||||||
|
|
||||||
* Thu Jun 02 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.19-5
|
* Thu Jun 02 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.19-5
|
||||||
- Fix CVE-2011-1947
|
- Fix CVE-2011-1947
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user