Created attachment 153814 [details] update davmail to 4.6.0 update rev info (checksums, etc.); minor plist reshuffling for adding new files / removing files no longer installed; remove patch that was committed upstream since 4.5.1 Run tested. from relnotes.txt: ===================== ** DavMail 4.6.0 released ** Bugfix release with many IMAP enhancements over EWS, implement batch move items, also includes a brand new generic OSX package to handle new OSX java behaviour. OSX: - OSX: refactor OSX package based on universalJavaApplicationStub - Replace Java application stub with https://github.com/tofi86/universalJavaApplicationStub/blob/master/src/universalJavaApplicationStub Doc: - Doc: update OSX setup documentation - Doc: additional Linux instructions for Ubuntu 14 - Fix #31 A typo in davmail.properties example EWS: - EWS: improve main calendar folder test - EWS: fix batch move - EWS: Adjust paged search for folders - EWS: implement batch move items - EWS: improve folder paged search - Prepare batch move implementation - EWS: force NTLM in direct EWS mode - EWS: implement batch move method - EWS: switch to GetMethod to check endpoint - EWS: take paging into account in appendSubFolders - EWS: fix ErrorExceededFindCountLimit on FindFolder requests - EWS: avoid NullPointerException in fixAttendees Linux: - Allow Java 8 and default jre in debian package IMAP: - IMAP: fix 587 log and skip broken messages Caldav - Caldav: fix #98 Support of Contacts in CardDav REPORT - Fix #35 duplicates in updated reoccurring events Enhancements - Fix potential CVE-2014-3566 vulnerability - From audit: remove throws statement - Adjust KerberosHelper logging message - Fix for #534 Kerberos Authentication doesn't seem to be work cross domain LDAP: - LDAP: reset icon after search ==================
Created attachment 153815 [details] update davmail from 4.5.1 to 4.6.1 4.6.0 was released on 2015-01-27 4.6.1 was released on 2015-02-17 updated patch for 4.6.1 I have less runtime on that, but a quick test proves okay. ============= ** DavMail 4.6.1 released ** Bugfix release to fix recent regression with Office 365, also includes a few Linux and IMAP enhancements. Linux: - RPM: exclude Growl library from RPM package - Add genericname to desktop entry - RPM: Fix warning the init script refers to runlevel 4 which is admin defined. No distribution script must use it - Detect and log message for Unity users - RPM: Fix JAVA HOME detection for openSUSE_13.2 - RPM: update spec file from OpenSuse build by Dmitri Bachtin and Achim Herwig SWT: - SWT: improve tray init, preload image and add a delay on first message Enhancements: - Add a few more logging statements IMAP: - Fix #36 Endless loop when using IMAP IDLE feature with SSL sockets, replaced thread sleep with a short timeout on socket read EWS: - EWS: update checkEndPointUrl, send get root folder request instead of static wsdl request no longer available on Office365 =============
I've been using 4.6.1 for email for months now.
Created attachment 157077 [details] mail/davmail update to 4.6.1 and fix potential CVE-2014-3566 issue John, Patch attached that is based off your with some minor revisions for portlint along with removal of the davmail.properties file patch. The capitalization in 4.6.1 is already "enableKeepAlive" Summary of changes for commit log: - Security update to 4.6.1 to fix potential CVE-2014-3566 vulnerability - Pet portlint Details on portlint issues fixed in patch: WARN: Makefile: [49]: do not use muted INSTALL_foo commands (i.e., those that start with '@'). These should be printed. WARN: /basejail/usr/ports/mail/davmail/files/patch-build.xml: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' to ensure proper patch format. WARN: /basejail/usr/ports/mail/davmail/files/patch-src__etc__davmail.properties: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' to ensure proper patch format.
Created attachment 157078 [details] Poudriere Testport Build Logs from 10.1-RELEASE amd64 Also build tested via Poudriere testport in both amd64 and i386 jails running 11-CURRENT, 10.1-RELEASE, 9.3-RELEASE, and 8.4-RELEASE.
Created attachment 157079 [details] mail/davmail entry for security/vuml Can a committer look at applying this ASAP? PR has been open for nearly 3 months with no response from maintainer. The patch resolves a security issue fixed in the upstream release on 2015-01-27. Submitter has been running the updated version for months. Jason
(In reply to jason.unovitch from comment #5) Reply to myself, add vuxml validation steps performed for above comment. # make validate /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit davmail-4.5.1 davmail-4.5.1 is vulnerable: davmail -- fix potential CVE-2014-3566 vulnerability (POODLE) CVE: CVE-2014-3566 WWW: http://vuxml.FreeBSD.org/freebsd/384fc0b2-0144-11e5-8fda-002590263bf5.html 1 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit davmail-4.6.0 0 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit davmail-4.6.1 0 problem(s) in the installed packages found.
Created attachment 157084 [details] mail/davmail entry for security/vuml Regen security/vuxml patch with correctly accented UTF character in reporters name.
testing@work
A commit references this bug: Author: pi Date: Sat May 23 18:25:51 UTC 2015 New revision: 387178 URL: https://svnweb.freebsd.org/changeset/ports/387178 Log: Add entry for mail/davmail. PR: 198297 Submitted by: Jason Unovitch <jason.unovitch@gmail.com> Approved by: <john.c.prather@gmail.com> (maintainer (timeout)) Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: pi Date: Sat May 23 18:28:15 UTC 2015 New revision: 387179 URL: https://svnweb.freebsd.org/changeset/ports/387179 Log: mail/davmail: 4.5.1 -> 4.6.1 Fixes potential CVE-2014-3566 vulnerability DavMail 4.6.1 Bugfix release to fix recent regression with Office 365, also includes a few Linux and IMAP enhancements. Linux: - RPM: exclude Growl library from RPM package - Add genericname to desktop entry - RPM: Fix warning the init script refers to runlevel 4 which is admin defined. No distribution script must use it - Detect and log message for Unity users - RPM: Fix JAVA HOME detection for openSUSE_13.2 - RPM: update spec file from OpenSuse build by Dmitri Bachtin and Achim Herwig SWT: - SWT: improve tray init, preload image and add a delay on first message Enhancements: - Add a few more logging statements IMAP: - Fix #36 Endless loop when using IMAP IDLE feature with SSL sockets, replaced thread sleep with a short timeout on socket read EWS: - EWS: update checkEndPointUrl, send get root folder request instead of static wsdl request no longer available on Office365 DavMail 4.6.0 Bugfix release with many IMAP enhancements over EWS, implement batch move items, also includes a brand new generic OSX package to handle new OSX java behaviour. OSX: - OSX: refactor OSX package based on universalJavaApplicationStub - Replace Java application stub with https://github.com/tofi86/universalJavaApplicationStub/blob/master/src/universalJavaApplicationStub Doc: - Doc: update OSX setup documentation - Doc: additional Linux instructions for Ubuntu 14 - Fix #31 A typo in davmail.properties example EWS: - EWS: improve main calendar folder test - EWS: fix batch move - EWS: Adjust paged search for folders - EWS: implement batch move items - EWS: improve folder paged search - Prepare batch move implementation - EWS: force NTLM in direct EWS mode - EWS: implement batch move method - EWS: switch to GetMethod to check endpoint - EWS: take paging into account in appendSubFolders - EWS: fix ErrorExceededFindCountLimit on FindFolder requests - EWS: avoid NullPointerException in fixAttendees Linux: - Allow Java 8 and default jre in debian package IMAP: - IMAP: fix 587 log and skip broken messages Caldav - Caldav: fix #98 Support of Contacts in CardDav REPORT - Fix #35 duplicates in updated reoccurring events Enhancements - From audit: remove throws statement - Adjust KerberosHelper logging message - Fix for #534 Kerberos Authentication doesn't seem to be work cross domain LDAP: - LDAP: reset icon after search PR: 198297 Submitted by: John Hein <z7dr6ut7gs@snkmail.com> Approved by: <john.c.prather@gmail.com> (maintainer (timeout)) Changes: head/mail/davmail/Makefile head/mail/davmail/distinfo head/mail/davmail/files/patch-build.xml head/mail/davmail/files/patch-src__etc__davmail.properties head/mail/davmail/pkg-plist
Tested build on 10.1a, 9.3a, 8.4i, all fine. Committed, thanks to both of you!
Jason, The patch update looks mostly good to me. The extra change in patch-build.xml shouldn't hard-code /usr/local. The post-patch target does the appropriate change anyway. I would leave patch-build.xml as it is. Maybe that change to patch-build.xml was the result of manually running 'make makepatch' (as encouraged by portlint)? I suspect that's what happened here. I'll attach yet another version of the patch without that extra unecessary hunk in patch-build.xml. Re: comment 3, I agree on the davmail.properties patch removal. My patch does that also - kinda hard to tell that a file removal is what's going on by just looking at the patch - it really helps to have a comment to explain that an 'svn rm' operation is needed. I haven't really done much with vuxml entries, so I can't give much feedback for that patch other than it's a good idea in principle.
Hmm... I see it's already been committed. I was a little too late to in my last comment. Kurt, could you please back out the new (second) hunk in files/patch-build.xml (the one that starts at line 138)? It seems it was an inadvertent side effect of Jason running 'make makepatch' without realizing that the change is already done by post-patch. In the patch file, that change hard codes /usr/local which is bad.
(In reply to John Hein from comment #13) I can't believe I missed that. Eager to fix what portlint mentioned I trusted the output. Sorry for that. I'm away from home and only have my phone but will make a patch tomorrow night.
Created attachment 157092 [details] rm extraneous patch hunk No worries, Jason. Here's the patch to remove the stray patch hunk.
Not sure if this is the "right" thing to do, but I reopened the PR to get this last tweak in.
p.s. I just added bug 200241 that fixes portlint which was reporting a false warning for mail/davmail (among other ports).
I meant bug 200421.
A commit references this bug: Author: pi Date: Sun May 24 06:45:54 UTC 2015 New revision: 387243 URL: https://svnweb.freebsd.org/changeset/ports/387243 Log: mail/davmail: fix patch to patch-build.xml PR: 198297 Submitted by: John Hein <z7dr6ut7gs@snkmail.com> Approved by: <john.c.prather@gmail.com> (maintainer) Changes: head/mail/davmail/files/patch-build.xml
Fix committed, thanks!
A commit references this bug: Author: pi Date: Sat May 30 17:52:08 UTC 2015 New revision: 387975 URL: https://svnweb.freebsd.org/changeset/ports/387975 Log: mail/davmail: Security update to 4.6.1 MFH: r387179, r387243 PR: 198297 Security: CVE-2014-3566 Approved by: ports-secteam Changes: branches/2015Q2/mail/davmail/Makefile branches/2015Q2/mail/davmail/distinfo branches/2015Q2/mail/davmail/files/patch-build.xml branches/2015Q2/mail/davmail/files/patch-src__etc__davmail.properties branches/2015Q2/mail/davmail/pkg-plist