Attachment 174495 Details for Bug 212466 – sieve-connect-0.88.diff

[patch] sieve-connect-0.88.diff

sieve-connect-0.88.diff (text/plain), 3.15 KB, created by Alexey Degtyarev on 2016-09-07 23:12:35 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Alexey Degtyarev

Created: 2016-09-07 23:12:35 UTC

Size: 3.15 KB

patch

obsolete

>diff -Nru sieve-connect.orig/Makefile sieve-connect/Makefile
>--- sieve-connect.orig/Makefile	2016-09-08 01:29:47.219436794 +0300
>+++ sieve-connect/Makefile	2016-09-08 01:30:28.490389824 +0300
>@@ -2,8 +2,7 @@
> # $FreeBSD: head/mail/sieve-connect/Makefile 417207 2016-06-21 13:24:53Z mat $
> 
> PORTNAME=	sieve-connect
>-PORTVERSION=	0.87
>-PORTREVISION=	1
>+PORTVERSION=	0.88
> CATEGORIES=	mail
> MASTER_SITES=	http://people.spodhuis.org/phil.pennock/software/ \
> 		ftp://ftp.renatasystems.org/pub/FreeBSD/ports/distfiles/
>@@ -11,7 +10,7 @@
> MAINTAINER=	alexey@renatasystems.org
> COMMENT=	Command-line client for the MANAGESIEVE protocol
> 
>-LICENSE=	PD
>+LICENSE=	BSD
> LICENSE_FILE=	${WRKSRC}/LICENSE
> 
> RUN_DEPENDS=	p5-Authen-SASL>=0:security/p5-Authen-SASL \
>diff -Nru sieve-connect.orig/distinfo sieve-connect/distinfo
>--- sieve-connect.orig/distinfo	2016-09-08 02:04:12.480235510 +0300
>+++ sieve-connect/distinfo	2016-09-08 01:25:19.906397379 +0300
>@@ -1,3 +1,3 @@
>-TIMESTAMP = 1473289452
>-SHA256 (sieve-connect-0.87.tar.bz2) = e3de80ab34994de0277fc7bf53b7c08e82db1a1f2762ddac4311d8191cea6c49
>-SIZE (sieve-connect-0.87.tar.bz2) = 40023
>+TIMESTAMP = 1473287119
>+SHA256 (sieve-connect-0.88.tar.bz2) = b8b0146120d76de7407017573d695680b9cae5fc4d9974f4a7cbf166328a3872
>+SIZE (sieve-connect-0.88.tar.bz2) = 45327
>diff -Nru sieve-connect.orig/pkg-message sieve-connect/pkg-message
>--- sieve-connect.orig/pkg-message	1970-01-01 03:00:00.000000000 +0300
>+++ sieve-connect/pkg-message	2016-09-08 01:45:56.912658743 +0300
>@@ -0,0 +1,38 @@
>+Upgrades to 0.88
>+================
>+
>+Version 0.88 contains two BREAKING CHANGES.
>+
>+BREAKING CHANGE #1: may, deliberately, cause connections to fail which
>+previously succeeded.
>+
>+If the Sieve server does not offer STARTTLS, then connections should now fail
>+unless one of three scenarios is in play:
>+
>+* `--clearchan` is explicitly passed on the command-line
>+* `SIEVECONNECT_INSECURE_CLEARTEXT_FALLBACK` is set non-empty in
>+  environ
>+* TLS verification is disabled, whether by packagers or command-line.
>+
>+The stance now is: if you try for TLS, don't fall back to non-TLS, unless
>+explicitly told that it's okay.  I've explicitly and deliberately changed to
>+handling MitM attacks stripping pre-TLS capabilities as part of the threat
>+model, and breaking in that scenario is now more important than "just working".
>+This is a pre-v1 tool, so I hope to be forgiven for this change.  It's my
>+belief that the world has changed enough that it's no longer socially
>+acceptable to run services without TLS and without users knowing to disable
>+TLS.
>+
>+(POSSIBLY) BREAKING CHANGE #2: when deriving a remote script name from the
>+local filename, use the basename and strip off directories.
>+
>+Some widespread ManageSieve servers (eg, timsieved) disallow a directory
>+separator in a sieve script name.  So when deriving remote names, just use
>+basename.  This might cause issues for those with servers which allow directory
>+separators and users who were relying upon this.
>+
>+Mitigation: explicitly specify the remote script name to include the path, and
>+things should work as before.
>+
>+Full ChangeLog can be found at:
>+http://people.spodhuis.org/phil.pennock/software/sieve-connect.ChangeLog.txt

Flags:

koobs: maintainer-approval-

Actions: View | Diff

Attachments on bug 212466: 174494 | 174495 | 174522 | 174687