Created attachment 212862 [details] update fetchmail + fetchmailconf to 6.4.3-rc1 Hi Corey, the attached patch * updates fetchmail and fetchmailconf to 6.4.3-rc1 * removes the now-obsolete patch for fetchmailconf * switches the distfiles from .xz to .lz (saves 3 kB, and GNU lobbies for preferring lzip over xz)
Created attachment 212874 [details] update to -rc2 + additional patch to manpage I figured that the bugfix to plug memory leaks could lead to double-frees in some circumstances. This is the Git history since -rc1, the change 74c1a6... is not in rc2 and added as separate files/patch-fetchmail.man * 74c1a609 2020-03-30 | fetchmail.man: --sslproto: document tls1.3 and tls1.3+ values. (HEAD -> legacy_64, sourceforge/legacy_64, origin/legacy_64) [Matthias Andree] * aa38c490 2020-03-30 | Record po for 6.4.3-rc2. (tag: SNAPSHOT_6-4-3-rc2) [Matthias Andree] * 6f7a83c0 2020-03-30 | Make fetchmail -V print SSL/TLS library warnings... [Matthias Andree] * 0e590bf4 2020-03-30 | Fix -SSL/+SSL reporting in fetchmail -V output. [Matthias Andree] * 43b557d5 2020-03-30 | Fix HAVE_DECL_ users to check value, not definition. [Matthias Andree] * 66a35bd6 2020-03-30 | Remove broken AC_CHECK_DECLS(getenv). [Matthias Andree] * c9fb6180 2020-03-30 | Properly report if the defaults entry is not the first. [Matthias Andree] * 5af21c95 2020-03-30 | Bump version, we'll need -rc2. [Matthias Andree] * 85e5a019 2020-03-30 | fetchmail.c Avoid double-free in optmerge()'s STRING_MERGE macro. [Matthias Andree]
Build logs from poudriere: https://people.freebsd.org/~mandree/fetchmail-6.4.3.r2-poudrierelogs.tar.lz (uncompress with lzip, perhaps xz works)
Patch looks good to me. No new complaints from portlint. mail/fetchmail passes 'poudriere testport' on both i386 and amd64 under 11.3 and 12.1 for the following configurations: - Default settings - Default settings, build as non-root - ssl=base, GSSAPI_MIT - ssl=base, GSSAPI_NONE - ssl=openssl - ssl=openssl with SSL2 and SSL3 disabled - ssl=openssl, GSSAPI_NONE - ssl=libressl - ssl=libressl, GSSAPI_NONE mail/fetchmailconf passes 'poudriere testport' on both i386 and amd64 under 11.3 and 12.1 with default settings. Built package works well in my testing. I approve this patch. Thank you!
A commit references this bug: Author: mandree Date: Tue Mar 31 15:43:01 UTC 2020 New revision: 529980 URL: https://svnweb.freebsd.org/changeset/ports/529980 Log: mail/fetchmail, fetchmailconf: update to 6.4.3-rc2 (bug fixes) Add a patch to document --sslproto tls1.3+ and tls1.3 through the manpage, which hasn't made 6.4.3-rc2 but works since 6.4.0 assuming that the SSL library supports TLSv1.3. Remove fetchmailconf patch that is now part of the upstream code. Switch to .lz downloads, a tiny bit smaller. Upstream changelog: ## BUGFIXES: * Plug memory leaks when parts of the configuration (defaults, rcfile, command line) override one another. * fetchmail terminated the placeholder command string too late and included garbage from the heap at the end of the string. Workaround: don't use place- holders %h or %p in the --plugin string. Bug added in 6.4.0 when merging Gitlab merge request !5 in order to fix an input buffer overrun. Faulty commit 418cda65f752e367fa663fd13884a45fcbc39ddd. Reported by Stefan Thurner, Gitlab issue #16. * Fetchmail now checks for errors when trying to read the .idfile, Gitlab issue #3. ## CHANGES: * Fetchmail documentation was updated to require OpenSSL 1.1.1. OpenSSL 1.0.2 reached End Of Life status at the end of the year 2019. Fetchmail will tolerate, but warn about, 1.0.2 for now on the assumption that distributors backport security fixes as the need arises. Fetchmail will also warn if another SSL library that is API-compatible with OpenSSL lacks TLS v1.3 support. * If the trust anchor is missing, fetchmail refers the user to README.SSL. PR: 245187 Submitted by: mandree@ Approved by: Corey Halpin (maintainer) Changes: head/mail/fetchmail/Makefile head/mail/fetchmail/distinfo head/mail/fetchmail/files/patch-fetchmail.man head/mail/fetchmailconf/Makefile head/mail/fetchmailconf/files/patch-fetchmailconf.py
Corey, thanks for the review, opinion on having the bugfix before the 2020Q2 branch, and the tests! Committed as r529980.