Created attachment 170078 [details] [patch] update port to 4.7.2; run service as non-root Boring mechanical stuff to do the update: - update rev info (checksums, refresh patches, etc.) - don't install new .md5 files - appease testport by removing empty dirs in STAGEDIR not in plist More interesting change piggybacking onto this update: - update rc.d script & {G,U}IDs files to run as davmail user rather than root - update rc.d script to take advantage of daemon(8) rather than hand-rolling process management Run tested: ok QA: - stage-qa: ok - portlint: ok - poudriere testport: ok (9-stable/32) from releasenotes.txt: ================= ** DavMail 4.7.2 released ** Bugfix release, detect Exchange throttling to temporarily block requests and a few Carddav fixes. EWS: - EWS: handle Exchange throttling, suspend all requests according to server provided delay - EWS: send DavMailException instead of authentication exception on EWS not available error Enhancements: - 128x128 DavMail icon - Add a new davmail.httpMaxRedirects setting - DAV: add a hidden davmail.disableNTLM setting Carddav: - Carddav: fix another regression on contact create with empty field - Carddav: remove email over EWS unit test - Carddav: fix email address removal over EWS ** DavMail 4.7.1 released ** Bugfix release, mainly for Carddav regression over EWS, also includes an NTLM support enhancement. Enhancement: - Improve NTLM support try to send hostname as workstation name instead of UNKNOWN - Fix notification dialog message - Prepare ExchangeSessionFactory refactoring - Fix typo in french translation - Fix broken Sourceforge link in About dialog Carddav: - Carddav: fix regression on contact update with empty field triggering DeleteItemField ** DavMail 4.7.0 released ** This new release contains a lot of fixes from user feedback, a new -notray command line option to force window mode and avoid tricky tray icon issues on Linux and native smartcard support on Windows. Caldav: - Caldav: Map additional priority levels - Caldav: fix missing LAST-MODIFIED in events Enhancements: - Improved tray icon with alpha blend - Fix imports - Prepare mutual SSL authentication between client and DavMail implementation - Implement -notray command line option as a workaround for broken SWT and Unity issues - Change warning messages to debug in close method - Improve client certificate dialog, build description from certificate - Exclude client certificates not issued by server provided issuers list IMAP: - IMAP: Additional translations and doc for new IMAP setting - IMAP: Merge patch by Mauro Cicognini, add a new setting to always send approximate message in RFC822.SIZE to avoid downloading full message body - IMAP: fix regression with quotes inside folder names - IMAP: handle quotes inside folder names correctly OSX: - OSX link local address on loopback interface - Exclude arguments starting with dash to avoid patch 38 regression on OSX Documentation: - Doc: Document -notray option - Switch to OpenHub instead of Ohloh EWS: - EWS: prepare distribution list implementation - Fix #254 davmail.exchange.ews.EWSException: ErrorIncorrectUpdatePropertyCount Linux: - Refresh davmail.spec, make RPM noarch - Handle missing or broken SWT library Windows: - Windows: Make MSCAPI keystore type available in Settings for Windows native smartcard support - Instantiate MSCAPI explicitly to access Windows Smartcards - Enable native Windows SmartCard access through MSCAPI (no PKCS11 config required) Carddav: - Carddav: Test case for comma in ADR field - Carddav: Do not replace comma on ADR field, see support request 255 - Caldav: Ignore missing END:VCALENDAR line on modified occurrences - CardDav: Add empty property test case ** DavMail 4.6.2 released ** Another bug fix release with some efforts on packaging. Packaging: - Compute distribution packages checksums - Maven: set mimimum Maven version and fix FindBugs filter - Maven: add Gtk lib in repo to avoid ClassNotFound - Maven: exclude non DavMail classes from FindBugs report - Maven: Update POM to Maven 3 - Separate prepare-dist ant task - Separate jar ant task - RPM: Change log for 4.6.1 and remove ant-nodeps dependency for Fedora >=19 compatibility - RPM: first step to a noarch package, externalize SWT dependency - RPM: Add rcdavmail link, mark logrotate config file - RPM: Fix License and URL Enhancements: - Fix davmailconsole.exe - Switch to TLS in DavGatewaySSLProtocolSocketFactory - Improve refresh folder logic, ctag stamp is limited to second, check message count - Try to support Citrix NetScaler authentication form - Improve Java version check - Update compile level to 1.6 - Remove unneeded catch section WebDav: - DAV: avoid NullPointerException trying to access Exchange 2013 in Dav mode IMAP: - IMAP: refactor IMAP test cases - IMAP: ignore Draft flag on update, Draft is readonly after create - IMAP: fix new IMAP tokenizer - IMAP: rewrite tokenizer to manage quoted folder names and complex search - IMAP: Fix #591 Properly escape quotes in folder names - IMAP: additional IMAP test cases EWS: - EWS: davmail.enableChunkedRequest default value is now false, as IIS does not support chunked requests - EWS: Make chunked content optional in CreateItemMethod with new davmail.enableChunkedRequest property - Use EWS path in davmail.properties template file Doc: - Doc: add Indicator SystemtrayUnity to linux doc - Fix Javadoc OSX: - OSX: merge patch 38, allow commandline options to run multiple instances. SMTP: - SMTP: use content chunk to send large messages =================
Fix incorrect component - sorry. Set maintainer-feedback? to maintainer.
Added suggestion to MFH for this (due to security-ish change - i.e., don't run as root). p.s. feedback timeout?
Thanks for the patch. Maintainer feedback timeout, indeed. Not sure this is gonna fly for MFH.
Comment on attachment 170078 [details] [patch] update port to 4.7.2; run service as non-root Implicit approval due to maintainer feedback timeout.
I think the non-root is certainly a good best practice but don't see that as enough to merge to quarterly without a known issue against it. I have some issues with the patch. 1. It fails to even start because it doesn't make the users. # service davmail onestart install: unknown group davmail It needs: USERS= davmail GROUPS= davmail 2. It doesn't make the pidfile directory # service davmail onestart install: mkdir : No such file or directory The davmail.in should probably do something more like: pidfiledir="/var/run/davmail" pidfile="${pidfiledir}/davmail.pid" ${pidfiledir} is currently undefined, hense the error. 3. davmail_daemon() also hard codes the username... it should be ${davmail_user}. Even after all that the service doesn't actually start. If you can update the patch and verify it runs I'll go ahead and review this for commit. Thanks.
Created attachment 171093 [details] [patch] v2: update port to 4.7.2; run service as non-root v2 of the patch after addressing Jason's feedback (thanks), including one other missed hard-coding in davmail.in
(In reply to Jason Unovitch from comment #5) Thanks for the thoughts on the MFH. I have seen merges to the quarterly branch that seemed to have less good reasons than this. Anyway, I thought it was worth a mention. Thanks for the catches on v1 of the patch - all things that poudriere couldn't catch and I didn't either since I didn't test run on a clean host.
Created attachment 171096 [details] [patch] v3: update port to 4.7.2; run service as non-root v3: fix misspelled DATADIR
A commit references this bug: Author: junovitch Date: Sun Jun 26 01:23:28 UTC 2016 New revision: 417509 URL: https://svnweb.freebsd.org/changeset/ports/417509 Log: mail/davmail: update 4.6.1 -> 4.7.2 - Update rc.d script to run as davmail user rather than root - Update rc.d script to take advantage of daemon(8) rather than hand-rolling process management - Update rev info (checksums, refresh patches, etc.) - Remove .md5 files - Appease testport by removing empty dirs in STAGEDIR not in plist UIDs/GIDs: add davmail user Changes: https://sourceforge.net/p/davmail/code/2427/tree/trunk/releasenotes.txt PR: 209354 Submitted by: John Hein <z7dr6ut7gs@snkmail.com> Approved by: maintainer timeout (7 weeks) Changes: head/GIDs head/UIDs head/mail/davmail/Makefile head/mail/davmail/distinfo head/mail/davmail/files/davmail.in head/mail/davmail/files/patch-build.xml
Sorry for the delay getting back to this PR, John. The update was committed under maintainer timeout. I just re-rolled the distinfo with the TIMESTAMP for reproducible builds. Thank you for addressing the earlier comments as well as submitting the patch to this port. Setting merge-quarterly- as there is not a documented security issue that warrants the immediate update. It will show up in 2016Q3 soon enough.