Bug 198297 - update mail/davmail to 4.6.1
Summary: update mail/davmail to 4.6.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Kurt Jaeger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-05 01:14 UTC by John Hein
Modified: 2015-05-30 17:53 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (john.c.prather)


Attachments
update davmail to 4.6.0 (2.85 KB, patch)
2015-03-05 01:14 UTC, John Hein
no flags Details | Diff
update davmail from 4.5.1 to 4.6.1 (2.85 KB, patch)
2015-03-05 02:23 UTC, John Hein
no flags Details | Diff
mail/davmail update to 4.6.1 and fix potential CVE-2014-3566 issue (4.88 KB, patch)
2015-05-23 12:24 UTC, Jason Unovitch
no flags Details | Diff
Poudriere Testport Build Logs from 10.1-RELEASE amd64 (29.00 KB, text/x-log)
2015-05-23 12:25 UTC, Jason Unovitch
no flags Details
mail/davmail entry for security/vuml (1.32 KB, patch)
2015-05-23 12:29 UTC, Jason Unovitch
no flags Details | Diff
mail/davmail entry for security/vuml (1.32 KB, patch)
2015-05-23 15:10 UTC, Jason Unovitch
no flags Details | Diff
rm extraneous patch hunk (856 bytes, patch)
2015-05-24 02:05 UTC, John Hein
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description John Hein 2015-03-05 01:14:27 UTC
Created attachment 153814 [details]
update davmail to 4.6.0

update rev info (checksums, etc.); minor plist reshuffling for adding new files / removing files no longer installed; remove patch that was committed upstream since 4.5.1

Run tested.

from relnotes.txt:

=====================
** DavMail 4.6.0 released **
Bugfix release with many IMAP enhancements over EWS, implement batch move items,
also includes a brand new generic OSX package to handle new OSX java behaviour.

OSX:
- OSX: refactor OSX package based on universalJavaApplicationStub
- Replace Java application stub with https://github.com/tofi86/universalJavaApplicationStub/blob/master/src/universalJavaApplicationStub

Doc:
- Doc: update OSX setup documentation
- Doc: additional Linux instructions for Ubuntu 14
- Fix #31 A typo in davmail.properties example

EWS:
- EWS: improve main calendar folder test
- EWS: fix batch move
- EWS: Adjust paged search for folders
- EWS: implement batch move items
- EWS: improve folder paged search
- Prepare batch move implementation
- EWS: force NTLM in direct EWS mode
- EWS: implement batch move method
- EWS: switch to GetMethod to check endpoint
- EWS: take paging into account in appendSubFolders
- EWS: fix ErrorExceededFindCountLimit on FindFolder requests
- EWS: avoid NullPointerException in fixAttendees

Linux:
- Allow Java 8 and default jre in debian package

IMAP:
- IMAP: fix 587 log and skip broken messages

Caldav
- Caldav: fix #98 Support of Contacts in CardDav REPORT 
- Fix #35 duplicates in updated reoccurring events 

Enhancements
- Fix potential CVE-2014-3566 vulnerability
- From audit: remove throws statement
- Adjust KerberosHelper logging message
- Fix for #534 Kerberos Authentication doesn't seem to be work cross domain

LDAP:
- LDAP: reset icon after search
==================
Comment 1 John Hein 2015-03-05 02:23:35 UTC
Created attachment 153815 [details]
update davmail from 4.5.1 to 4.6.1

4.6.0 was released on 2015-01-27

4.6.1 was released on 2015-02-17

updated patch for 4.6.1

I have less runtime on that, but a quick test proves okay.

=============
** DavMail 4.6.1 released **
Bugfix release to fix recent regression with Office 365,
also includes a few Linux and IMAP enhancements.

Linux:
- RPM: exclude Growl library from RPM package
- Add genericname to desktop entry
- RPM: Fix warning the init script refers to runlevel 4 which is admin defined. No distribution script must use it
- Detect and log message for Unity users
- RPM: Fix JAVA HOME detection for openSUSE_13.2
- RPM: update spec file from OpenSuse build by Dmitri Bachtin and  Achim Herwig

SWT:
- SWT: improve tray init, preload image and add a delay on first message

Enhancements:
- Add a few more logging statements

IMAP:
- Fix #36 Endless loop when using IMAP IDLE feature with SSL sockets, replaced thread sleep with a short timeout on socket read

EWS:
- EWS: update checkEndPointUrl, send get root folder request instead of static wsdl request no longer available on Office365
=============
Comment 2 John Hein 2015-04-20 15:46:32 UTC
I've been using 4.6.1 for email for months now.
Comment 3 Jason Unovitch freebsd_committer 2015-05-23 12:24:24 UTC
Created attachment 157077 [details]
mail/davmail update to 4.6.1 and fix potential CVE-2014-3566 issue

John,
Patch attached that is based off your with some minor revisions for portlint along with removal of the davmail.properties file patch.  The capitalization in 4.6.1 is already "enableKeepAlive"

Summary of changes for commit log:
- Security update to 4.6.1 to fix potential CVE-2014-3566 vulnerability
- Pet portlint

Details on portlint issues fixed in patch:
WARN: Makefile: [49]: do not use muted INSTALL_foo commands (i.e., those that start with '@').  These should be printed.

WARN: /basejail/usr/ports/mail/davmail/files/patch-build.xml: patch was not generated using ``make makepatch''.  It is recommended to use ``make makepatch'' to ensure proper patch format.
WARN: /basejail/usr/ports/mail/davmail/files/patch-src__etc__davmail.properties: patch was not generated using ``make makepatch''.  It is recommended to use ``make makepatch'' to ensure proper patch format.
Comment 4 Jason Unovitch freebsd_committer 2015-05-23 12:25:49 UTC
Created attachment 157078 [details]
Poudriere Testport Build Logs from 10.1-RELEASE amd64

Also build tested via Poudriere testport in both amd64 and i386 jails running 11-CURRENT, 10.1-RELEASE, 9.3-RELEASE, and 8.4-RELEASE.
Comment 5 Jason Unovitch freebsd_committer 2015-05-23 12:29:09 UTC
Created attachment 157079 [details]
mail/davmail entry for security/vuml

Can a committer look at applying this ASAP?  PR has been open for nearly 3 months with no response from maintainer.  The patch resolves a security issue fixed in the upstream release on 2015-01-27.  Submitter has been running the updated version for months.

Jason
Comment 6 Jason Unovitch freebsd_committer 2015-05-23 12:32:01 UTC
(In reply to jason.unovitch from comment #5)

Reply to myself, add vuxml validation steps performed for above comment.

# make validate
/bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy"
>>> Validating...
/usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml
>>> Successful.
Checking if tidy differs...
... seems okay
Checking for space/tab...
... seems okay
/usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml


# env PKG_DBDIR=/usr/ports/security/vuxml pkg audit davmail-4.5.1
davmail-4.5.1 is vulnerable:
davmail -- fix potential CVE-2014-3566 vulnerability (POODLE)
CVE: CVE-2014-3566
WWW: http://vuxml.FreeBSD.org/freebsd/384fc0b2-0144-11e5-8fda-002590263bf5.html

1 problem(s) in the installed packages found.

# env PKG_DBDIR=/usr/ports/security/vuxml pkg audit davmail-4.6.0
0 problem(s) in the installed packages found.

# env PKG_DBDIR=/usr/ports/security/vuxml pkg audit davmail-4.6.1
0 problem(s) in the installed packages found.
Comment 7 Jason Unovitch freebsd_committer 2015-05-23 15:10:46 UTC
Created attachment 157084 [details]
mail/davmail entry for security/vuml

Regen security/vuxml patch with correctly accented UTF character in reporters name.
Comment 8 Kurt Jaeger freebsd_committer 2015-05-23 17:18:56 UTC
testing@work
Comment 9 commit-hook freebsd_committer 2015-05-23 18:26:31 UTC
A commit references this bug:

Author: pi
Date: Sat May 23 18:25:51 UTC 2015
New revision: 387178
URL: https://svnweb.freebsd.org/changeset/ports/387178

Log:
  Add entry for mail/davmail.

  PR:		198297
  Submitted by:	Jason Unovitch <jason.unovitch@gmail.com>
  Approved by:	<john.c.prather@gmail.com> (maintainer (timeout))

Changes:
  head/security/vuxml/vuln.xml
Comment 10 commit-hook freebsd_committer 2015-05-23 18:28:33 UTC
A commit references this bug:

Author: pi
Date: Sat May 23 18:28:15 UTC 2015
New revision: 387179
URL: https://svnweb.freebsd.org/changeset/ports/387179

Log:
  mail/davmail: 4.5.1 -> 4.6.1

  Fixes potential CVE-2014-3566 vulnerability

  DavMail 4.6.1
  Bugfix release to fix recent regression with Office 365,
  also includes a few Linux and IMAP enhancements.

  Linux:
  - RPM: exclude Growl library from RPM package
  - Add genericname to desktop entry
  - RPM: Fix warning the init script refers to runlevel 4 which is
    admin defined. No distribution script must use it
  - Detect and log message for Unity users
  - RPM: Fix JAVA HOME detection for openSUSE_13.2
  - RPM: update spec file from OpenSuse build by Dmitri Bachtin and
    Achim Herwig

  SWT:
  - SWT: improve tray init, preload image and add a delay on first message

  Enhancements:
  - Add a few more logging statements

  IMAP:
  - Fix #36 Endless loop when using IMAP IDLE feature with SSL sockets,
    replaced thread sleep with a short timeout on socket read

  EWS:
  - EWS: update checkEndPointUrl, send get root folder request instead
    of static wsdl request no longer available on Office365

  DavMail 4.6.0
  Bugfix release with many IMAP enhancements over EWS, implement batch
  move items, also includes a brand new generic OSX package to handle
  new OSX java behaviour.

  OSX:
  - OSX: refactor OSX package based on universalJavaApplicationStub
  - Replace Java application stub with
    https://github.com/tofi86/universalJavaApplicationStub/blob/master/src/universalJavaApplicationStub

  Doc:
  - Doc: update OSX setup documentation
  - Doc: additional Linux instructions for Ubuntu 14
  - Fix #31 A typo in davmail.properties example

  EWS:
  - EWS: improve main calendar folder test
  - EWS: fix batch move
  - EWS: Adjust paged search for folders
  - EWS: implement batch move items
  - EWS: improve folder paged search
  - Prepare batch move implementation
  - EWS: force NTLM in direct EWS mode
  - EWS: implement batch move method
  - EWS: switch to GetMethod to check endpoint
  - EWS: take paging into account in appendSubFolders
  - EWS: fix ErrorExceededFindCountLimit on FindFolder requests
  - EWS: avoid NullPointerException in fixAttendees

  Linux:
  - Allow Java 8 and default jre in debian package

  IMAP:
  - IMAP: fix 587 log and skip broken messages

  Caldav
  - Caldav: fix #98 Support of Contacts in CardDav REPORT
  - Fix #35 duplicates in updated reoccurring events

  Enhancements
  - From audit: remove throws statement
  - Adjust KerberosHelper logging message
  - Fix for #534 Kerberos Authentication doesn't seem to be work cross domain

  LDAP:
  - LDAP: reset icon after search

  PR:		198297
  Submitted by:	John Hein <z7dr6ut7gs@snkmail.com>
  Approved by:	<john.c.prather@gmail.com> (maintainer (timeout))

Changes:
  head/mail/davmail/Makefile
  head/mail/davmail/distinfo
  head/mail/davmail/files/patch-build.xml
  head/mail/davmail/files/patch-src__etc__davmail.properties
  head/mail/davmail/pkg-plist
Comment 11 Kurt Jaeger freebsd_committer 2015-05-23 18:29:40 UTC
Tested build on 10.1a, 9.3a, 8.4i, all fine.

Committed, thanks to both of you!
Comment 12 John Hein 2015-05-24 01:22:16 UTC
Jason,
The patch update looks mostly good to me.  The extra change in patch-build.xml shouldn't hard-code /usr/local.  The post-patch target does the appropriate change anyway.  I would leave patch-build.xml as it is.  Maybe that change to patch-build.xml was the result of manually running 'make makepatch' (as encouraged by portlint)?  I suspect that's what happened here.

I'll attach yet another version of the patch without that extra unecessary hunk in patch-build.xml.

Re: comment 3, I agree on the davmail.properties patch removal.  My patch does that also - kinda hard to tell that a file removal is what's going on by just looking at the patch - it really helps to have a comment to explain that an 'svn rm' operation is needed.

I haven't really done much with vuxml entries, so I can't give much feedback for that patch other than it's a good idea in principle.
Comment 13 John Hein 2015-05-24 01:31:41 UTC
Hmm... I see it's already been committed.  I was a little too late to in my last comment.

Kurt, could you please back out the new (second) hunk in files/patch-build.xml (the one that starts at line 138)?  It seems it was an inadvertent side effect of Jason running 'make makepatch' without realizing that the change is already done by post-patch.  In the patch file, that change hard codes /usr/local which is bad.
Comment 14 Jason Unovitch freebsd_committer 2015-05-24 01:36:04 UTC
(In reply to John Hein from comment #13)

I can't believe I missed that. Eager to fix what portlint mentioned I trusted the output.  Sorry for that.  I'm away from home and only have my phone but will make a patch tomorrow night.
Comment 15 John Hein 2015-05-24 02:05:33 UTC
Created attachment 157092 [details]
rm extraneous patch hunk

No worries, Jason.
Here's the patch to remove the stray patch hunk.
Comment 16 John Hein 2015-05-24 02:08:24 UTC
Not sure if this is the "right" thing to do, but I reopened the PR to get this last tweak in.
Comment 17 John Hein 2015-05-24 02:24:44 UTC
p.s. I just added bug 200241 that fixes portlint which was reporting a false warning for mail/davmail (among other ports).
Comment 18 John Hein 2015-05-24 02:32:56 UTC
I meant bug 200421.
Comment 19 commit-hook freebsd_committer 2015-05-24 06:46:33 UTC
A commit references this bug:

Author: pi
Date: Sun May 24 06:45:54 UTC 2015
New revision: 387243
URL: https://svnweb.freebsd.org/changeset/ports/387243

Log:
  mail/davmail: fix patch to patch-build.xml

  PR:		198297
  Submitted by:	John Hein <z7dr6ut7gs@snkmail.com>
  Approved by:	<john.c.prather@gmail.com> (maintainer)

Changes:
  head/mail/davmail/files/patch-build.xml
Comment 20 Kurt Jaeger freebsd_committer 2015-05-24 06:47:18 UTC
Fix committed, thanks!
Comment 21 commit-hook freebsd_committer 2015-05-30 17:53:08 UTC
A commit references this bug:

Author: pi
Date: Sat May 30 17:52:08 UTC 2015
New revision: 387975
URL: https://svnweb.freebsd.org/changeset/ports/387975

Log:
  mail/davmail: Security update to 4.6.1

  MFH: r387179, r387243

  PR:		198297
  Security:	CVE-2014-3566
  Approved by:	ports-secteam

Changes:
  branches/2015Q2/mail/davmail/Makefile
  branches/2015Q2/mail/davmail/distinfo
  branches/2015Q2/mail/davmail/files/patch-build.xml
  branches/2015Q2/mail/davmail/files/patch-src__etc__davmail.properties
  branches/2015Q2/mail/davmail/pkg-plist