diff options
Diffstat (limited to 'meta-networking')
-rw-r--r-- | meta-networking/recipes-support/fetchmail/fetchmail/02_remove_SSLv3.patch | 1576 | ||||
-rw-r--r-- | meta-networking/recipes-support/fetchmail/fetchmail_6.4.1.bb (renamed from meta-networking/recipes-support/fetchmail/fetchmail_6.3.26.bb) | 7 |
2 files changed, 3 insertions, 1580 deletions
diff --git a/meta-networking/recipes-support/fetchmail/fetchmail/02_remove_SSLv3.patch b/meta-networking/recipes-support/fetchmail/fetchmail/02_remove_SSLv3.patch deleted file mode 100644 index 95cfa2f4a..000000000 --- a/meta-networking/recipes-support/fetchmail/fetchmail/02_remove_SSLv3.patch +++ /dev/null | |||
@@ -1,1576 +0,0 @@ | |||
1 | Description: <short summary of the patch> | ||
2 | TODO: Put a short summary on the line above and replace this paragraph | ||
3 | with a longer explanation of this change. Complete the meta-information | ||
4 | with other relevant fields (see below for details). To make it easier, the | ||
5 | information below has been extracted from the changelog. Adjust it or drop | ||
6 | it. | ||
7 | . | ||
8 | fetchmail (6.3.26-2) unstable; urgency=low | ||
9 | . | ||
10 | * New maintainer (closes: #800750). | ||
11 | * Backport upstream fix for SSLv3 removal (closes: #804604) and do not | ||
12 | recommend SSLv3 (closes: #801178). | ||
13 | * Remove quilt and its usage. | ||
14 | * Add dh-python to build depends. | ||
15 | * Update upstream URLs. | ||
16 | * Update watch file. | ||
17 | * Update Standards-Version to 3.9.6 . | ||
18 | Author: Laszlo Boszormenyi (GCS) <gcs@debian.org> | ||
19 | Bug-Debian: https://bugs.debian.org/800750 | ||
20 | Bug-Debian: https://bugs.debian.org/801178 | ||
21 | Bug-Debian: https://bugs.debian.org/804604 | ||
22 | |||
23 | --- | ||
24 | The information above should follow the Patch Tagging Guidelines, please | ||
25 | checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here | ||
26 | are templates for supplementary fields that you might want to add: | ||
27 | |||
28 | Origin: <vendor|upstream|other>, <url of original patch> | ||
29 | Bug: <url in upstream bugtracker> | ||
30 | Bug-Debian: https://bugs.debian.org/<bugnumber> | ||
31 | Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber> | ||
32 | Forwarded: <no|not-needed|url proving that it has been forwarded> | ||
33 | Reviewed-By: <name and email of someone who approved the patch> | ||
34 | Last-Update: <YYYY-MM-DD> | ||
35 | |||
36 | --- fetchmail-6.3.26.orig/Makefile.am | ||
37 | +++ fetchmail-6.3.26/Makefile.am | ||
38 | @@ -31,7 +31,7 @@ libfm_a_SOURCES= xmalloc.c base64.c rfc8 | ||
39 | servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \ | ||
40 | smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \ | ||
41 | libesmtp/gethostbyname.h libesmtp/gethostbyname.c \ | ||
42 | - smbtypes.h fm_getaddrinfo.c tls.c rfc822valid.c \ | ||
43 | + smbtypes.h fm_getaddrinfo.c starttls.c rfc822valid.c \ | ||
44 | xmalloc.h sdump.h sdump.c x509_name_match.c \ | ||
45 | fm_strl.h md5c.c | ||
46 | if NTLM_ENABLE | ||
47 | --- fetchmail-6.3.26.orig/Makefile.in | ||
48 | +++ fetchmail-6.3.26/Makefile.in | ||
49 | @@ -97,14 +97,14 @@ am__libfm_a_SOURCES_DIST = xmalloc.c bas | ||
50 | rfc2047e.c servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \ | ||
51 | smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \ | ||
52 | libesmtp/gethostbyname.h libesmtp/gethostbyname.c smbtypes.h \ | ||
53 | - fm_getaddrinfo.c tls.c rfc822valid.c xmalloc.h sdump.h sdump.c \ | ||
54 | + fm_getaddrinfo.c starttls.c rfc822valid.c xmalloc.h sdump.h sdump.c \ | ||
55 | x509_name_match.c fm_strl.h md5c.c ntlmsubr.c | ||
56 | @NTLM_ENABLE_TRUE@am__objects_1 = ntlmsubr.$(OBJEXT) | ||
57 | am_libfm_a_OBJECTS = xmalloc.$(OBJEXT) base64.$(OBJEXT) \ | ||
58 | rfc822.$(OBJEXT) report.$(OBJEXT) rfc2047e.$(OBJEXT) \ | ||
59 | servport.$(OBJEXT) smbdes.$(OBJEXT) smbencrypt.$(OBJEXT) \ | ||
60 | smbmd4.$(OBJEXT) smbutil.$(OBJEXT) gethostbyname.$(OBJEXT) \ | ||
61 | - fm_getaddrinfo.$(OBJEXT) tls.$(OBJEXT) rfc822valid.$(OBJEXT) \ | ||
62 | + fm_getaddrinfo.$(OBJEXT) starttls.$(OBJEXT) rfc822valid.$(OBJEXT) \ | ||
63 | sdump.$(OBJEXT) x509_name_match.$(OBJEXT) md5c.$(OBJEXT) \ | ||
64 | $(am__objects_1) | ||
65 | libfm_a_OBJECTS = $(am_libfm_a_OBJECTS) | ||
66 | @@ -483,7 +483,7 @@ libfm_a_SOURCES = xmalloc.c base64.c rfc | ||
67 | servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \ | ||
68 | smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \ | ||
69 | libesmtp/gethostbyname.h libesmtp/gethostbyname.c smbtypes.h \ | ||
70 | - fm_getaddrinfo.c tls.c rfc822valid.c xmalloc.h sdump.h sdump.c \ | ||
71 | + fm_getaddrinfo.c starttls.c rfc822valid.c xmalloc.h sdump.h sdump.c \ | ||
72 | x509_name_match.c fm_strl.h md5c.c $(am__append_1) | ||
73 | libfm_a_LIBADD = $(EXTRAOBJ) | ||
74 | libfm_a_DEPENDENCIES = $(EXTRAOBJ) | ||
75 | --- fetchmail-6.3.26.orig/NEWS | ||
76 | +++ fetchmail-6.3.26/NEWS | ||
77 | @@ -51,8 +51,6 @@ removed from a 6.4.0 or newer release.) | ||
78 | * The --bsmtp - mode of operation may be removed in a future release. | ||
79 | * Given that OpenSSL is severely underdocumented, and needs license exceptions, | ||
80 | fetchmail may switch to a different SSL library. | ||
81 | -* SSLv2 support will be removed from a future fetchmail release. It has been | ||
82 | - obsolete for more than a decade. | ||
83 | |||
84 | -------------------------------------------------------------------------------- | ||
85 | |||
86 | --- fetchmail-6.3.26.orig/README.SSL | ||
87 | +++ fetchmail-6.3.26/README.SSL | ||
88 | @@ -11,36 +11,45 @@ specific to fetchmail. | ||
89 | In case of troubles, mail the README.SSL-SERVER file to your ISP and | ||
90 | have them check their server configuration against it. | ||
91 | |||
92 | -Unfortunately, fetchmail confuses SSL/TLS protocol levels with whether | ||
93 | -a service needs to use in-band negotiation (STLS/STARTTLS for POP3/IMAP4) or is | ||
94 | -totally SSL-wrapped on a separate port. For compatibility reasons, this cannot | ||
95 | -be fixed in a bugfix release. | ||
96 | +Unfortunately, fetchmail confuses SSL/TLS protocol levels with whether a | ||
97 | +service needs to use in-band negotiation (STLS/STARTTLS for POP3/IMAP4) | ||
98 | +or is totally SSL-wrapped on a separate port. For compatibility | ||
99 | +reasons, this cannot be fixed in a bugfix or minor release. | ||
100 | + | ||
101 | +Also, fetchmail 6.4.0 and newer releases changed some of the semantics | ||
102 | +as the result of a bug-fix, and will auto-negotiate TLSv1 or newer only. | ||
103 | +If your server does not support this, you may have to specify --sslproto | ||
104 | +ssl3. This is in order to prefer the newer TLS protocols, because SSLv2 | ||
105 | +and v3 are broken. | ||
106 | |||
107 | - -- Matthias Andree, 2009-05-09 | ||
108 | + -- Matthias Andree, 2015-01-16 | ||
109 | |||
110 | |||
111 | Quickstart | ||
112 | ---------- | ||
113 | |||
114 | +Use an up-to-date release of OpenSSL 1.0.1 or newer, so as to get | ||
115 | +TLSv1.2 support. | ||
116 | + | ||
117 | For use of SSL or TLS with in-band negotiation on the regular service's port, | ||
118 | i. e. with STLS or STARTTLS, use these command line options | ||
119 | |||
120 | - --sslproto tls1 --sslcertck | ||
121 | + --sslproto auto --sslcertck | ||
122 | |||
123 | or these options in the rcfile (after the respective "user"... options) | ||
124 | |||
125 | - sslproto tls1 sslcertck | ||
126 | + sslproto auto sslcertck | ||
127 | |||
128 | |||
129 | For use of SSL or TLS on a separate port, if the whole TCP connection is | ||
130 | -SSL-encrypted from the very beginning, use these command line options (in the | ||
131 | -rcfile, omit all leading "--"): | ||
132 | +SSL-encrypted from the very beginning (SSL- or TLS-wrapped), use these | ||
133 | +command line options (in the rcfile, omit all leading "--"): | ||
134 | |||
135 | - --ssl --sslproto ssl3 --sslcertck | ||
136 | + --ssl --sslproto auto --sslcertck | ||
137 | |||
138 | or these options in the rcfile (after the respective "user"... options) | ||
139 | |||
140 | - ssl sslproto ssl3 sslcertck | ||
141 | + ssl sslproto auto sslcertck | ||
142 | |||
143 | |||
144 | Background and use (long version :-)) | ||
145 | --- fetchmail-6.3.26.orig/config.h.in | ||
146 | +++ fetchmail-6.3.26/config.h.in | ||
147 | @@ -49,9 +49,9 @@ | ||
148 | don't. */ | ||
149 | #undef HAVE_DECL_H_ERRNO | ||
150 | |||
151 | -/* Define to 1 if you have the declaration of `SSLv2_client_method', and to 0 | ||
152 | +/* Define to 1 if you have the declaration of `SSLv3_client_method', and to 0 | ||
153 | if you don't. */ | ||
154 | -#undef HAVE_DECL_SSLV2_CLIENT_METHOD | ||
155 | +#undef HAVE_DECL_SSLV3_CLIENT_METHOD | ||
156 | |||
157 | /* Define to 1 if you have the declaration of `strerror', and to 0 if you | ||
158 | don't. */ | ||
159 | --- fetchmail-6.3.26.orig/configure | ||
160 | +++ fetchmail-6.3.26/configure | ||
161 | @@ -1,13 +1,11 @@ | ||
162 | #! /bin/sh | ||
163 | # Guess values for system-dependent variables and create Makefiles. | ||
164 | -# Generated by GNU Autoconf 2.68 for fetchmail 6.3.26. | ||
165 | +# Generated by GNU Autoconf 2.69 for fetchmail 6.3.26. | ||
166 | # | ||
167 | # Report bugs to <fetchmail-users@lists.berlios.de>. | ||
168 | # | ||
169 | # | ||
170 | -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, | ||
171 | -# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software | ||
172 | -# Foundation, Inc. | ||
173 | +# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. | ||
174 | # | ||
175 | # | ||
176 | # This configure script is free software; the Free Software Foundation | ||
177 | @@ -136,6 +134,31 @@ export LANGUAGE | ||
178 | # CDPATH. | ||
179 | (unset CDPATH) >/dev/null 2>&1 && unset CDPATH | ||
180 | |||
181 | +# Use a proper internal environment variable to ensure we don't fall | ||
182 | + # into an infinite loop, continuously re-executing ourselves. | ||
183 | + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then | ||
184 | + _as_can_reexec=no; export _as_can_reexec; | ||
185 | + # We cannot yet assume a decent shell, so we have to provide a | ||
186 | +# neutralization value for shells without unset; and this also | ||
187 | +# works around shells that cannot unset nonexistent variables. | ||
188 | +# Preserve -v and -x to the replacement shell. | ||
189 | +BASH_ENV=/dev/null | ||
190 | +ENV=/dev/null | ||
191 | +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV | ||
192 | +case $- in # (((( | ||
193 | + *v*x* | *x*v* ) as_opts=-vx ;; | ||
194 | + *v* ) as_opts=-v ;; | ||
195 | + *x* ) as_opts=-x ;; | ||
196 | + * ) as_opts= ;; | ||
197 | +esac | ||
198 | +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} | ||
199 | +# Admittedly, this is quite paranoid, since all the known shells bail | ||
200 | +# out after a failed `exec'. | ||
201 | +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 | ||
202 | +as_fn_exit 255 | ||
203 | + fi | ||
204 | + # We don't want this to propagate to other subprocesses. | ||
205 | + { _as_can_reexec=; unset _as_can_reexec;} | ||
206 | if test "x$CONFIG_SHELL" = x; then | ||
207 | as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : | ||
208 | emulate sh | ||
209 | @@ -169,7 +192,8 @@ if ( set x; as_fn_ret_success y && test | ||
210 | else | ||
211 | exitcode=1; echo positional parameters were not saved. | ||
212 | fi | ||
213 | -test x\$exitcode = x0 || exit 1" | ||
214 | +test x\$exitcode = x0 || exit 1 | ||
215 | +test -x / || exit 1" | ||
216 | as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO | ||
217 | as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO | ||
218 | eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && | ||
219 | @@ -214,21 +238,25 @@ IFS=$as_save_IFS | ||
220 | |||
221 | |||
222 | if test "x$CONFIG_SHELL" != x; then : | ||
223 | - # We cannot yet assume a decent shell, so we have to provide a | ||
224 | - # neutralization value for shells without unset; and this also | ||
225 | - # works around shells that cannot unset nonexistent variables. | ||
226 | - # Preserve -v and -x to the replacement shell. | ||
227 | - BASH_ENV=/dev/null | ||
228 | - ENV=/dev/null | ||
229 | - (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV | ||
230 | - export CONFIG_SHELL | ||
231 | - case $- in # (((( | ||
232 | - *v*x* | *x*v* ) as_opts=-vx ;; | ||
233 | - *v* ) as_opts=-v ;; | ||
234 | - *x* ) as_opts=-x ;; | ||
235 | - * ) as_opts= ;; | ||
236 | - esac | ||
237 | - exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"} | ||
238 | + export CONFIG_SHELL | ||
239 | + # We cannot yet assume a decent shell, so we have to provide a | ||
240 | +# neutralization value for shells without unset; and this also | ||
241 | +# works around shells that cannot unset nonexistent variables. | ||
242 | +# Preserve -v and -x to the replacement shell. | ||
243 | +BASH_ENV=/dev/null | ||
244 | +ENV=/dev/null | ||
245 | +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV | ||
246 | +case $- in # (((( | ||
247 | + *v*x* | *x*v* ) as_opts=-vx ;; | ||
248 | + *v* ) as_opts=-v ;; | ||
249 | + *x* ) as_opts=-x ;; | ||
250 | + * ) as_opts= ;; | ||
251 | +esac | ||
252 | +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} | ||
253 | +# Admittedly, this is quite paranoid, since all the known shells bail | ||
254 | +# out after a failed `exec'. | ||
255 | +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 | ||
256 | +exit 255 | ||
257 | fi | ||
258 | |||
259 | if test x$as_have_required = xno; then : | ||
260 | @@ -331,6 +359,14 @@ $as_echo X"$as_dir" | | ||
261 | |||
262 | |||
263 | } # as_fn_mkdir_p | ||
264 | + | ||
265 | +# as_fn_executable_p FILE | ||
266 | +# ----------------------- | ||
267 | +# Test if FILE is an executable regular file. | ||
268 | +as_fn_executable_p () | ||
269 | +{ | ||
270 | + test -f "$1" && test -x "$1" | ||
271 | +} # as_fn_executable_p | ||
272 | # as_fn_append VAR VALUE | ||
273 | # ---------------------- | ||
274 | # Append the text in VALUE to the end of the definition contained in VAR. Take | ||
275 | @@ -452,6 +488,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits | ||
276 | chmod +x "$as_me.lineno" || | ||
277 | { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } | ||
278 | |||
279 | + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have | ||
280 | + # already done that, so ensure we don't try to do so again and fall | ||
281 | + # in an infinite loop. This has already happened in practice. | ||
282 | + _as_can_reexec=no; export _as_can_reexec | ||
283 | # Don't try to exec as it changes $[0], causing all sort of problems | ||
284 | # (the dirname of $[0] is not the place where we might find the | ||
285 | # original and so on. Autoconf is especially sensitive to this). | ||
286 | @@ -486,16 +526,16 @@ if (echo >conf$$.file) 2>/dev/null; then | ||
287 | # ... but there are two gotchas: | ||
288 | # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. | ||
289 | # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. | ||
290 | - # In both cases, we have to default to `cp -p'. | ||
291 | + # In both cases, we have to default to `cp -pR'. | ||
292 | ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || | ||
293 | - as_ln_s='cp -p' | ||
294 | + as_ln_s='cp -pR' | ||
295 | elif ln conf$$.file conf$$ 2>/dev/null; then | ||
296 | as_ln_s=ln | ||
297 | else | ||
298 | - as_ln_s='cp -p' | ||
299 | + as_ln_s='cp -pR' | ||
300 | fi | ||
301 | else | ||
302 | - as_ln_s='cp -p' | ||
303 | + as_ln_s='cp -pR' | ||
304 | fi | ||
305 | rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file | ||
306 | rmdir conf$$.dir 2>/dev/null | ||
307 | @@ -507,28 +547,8 @@ else | ||
308 | as_mkdir_p=false | ||
309 | fi | ||
310 | |||
311 | -if test -x / >/dev/null 2>&1; then | ||
312 | - as_test_x='test -x' | ||
313 | -else | ||
314 | - if ls -dL / >/dev/null 2>&1; then | ||
315 | - as_ls_L_option=L | ||
316 | - else | ||
317 | - as_ls_L_option= | ||
318 | - fi | ||
319 | - as_test_x=' | ||
320 | - eval sh -c '\'' | ||
321 | - if test -d "$1"; then | ||
322 | - test -d "$1/."; | ||
323 | - else | ||
324 | - case $1 in #( | ||
325 | - -*)set "./$1";; | ||
326 | - esac; | ||
327 | - case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( | ||
328 | - ???[sx]*):;;*)false;;esac;fi | ||
329 | - '\'' sh | ||
330 | - ' | ||
331 | -fi | ||
332 | -as_executable_p=$as_test_x | ||
333 | +as_test_x='test -x' | ||
334 | +as_executable_p=as_fn_executable_p | ||
335 | |||
336 | # Sed expression to map a string onto a valid CPP name. | ||
337 | as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" | ||
338 | @@ -742,6 +762,7 @@ infodir | ||
339 | docdir | ||
340 | oldincludedir | ||
341 | includedir | ||
342 | +runstatedir | ||
343 | localstatedir | ||
344 | sharedstatedir | ||
345 | sysconfdir | ||
346 | @@ -841,6 +862,7 @@ datadir='${datarootdir}' | ||
347 | sysconfdir='${prefix}/etc' | ||
348 | sharedstatedir='${prefix}/com' | ||
349 | localstatedir='${prefix}/var' | ||
350 | +runstatedir='${localstatedir}/run' | ||
351 | includedir='${prefix}/include' | ||
352 | oldincludedir='/usr/include' | ||
353 | docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' | ||
354 | @@ -1093,6 +1115,15 @@ do | ||
355 | | -silent | --silent | --silen | --sile | --sil) | ||
356 | silent=yes ;; | ||
357 | |||
358 | + -runstatedir | --runstatedir | --runstatedi | --runstated \ | ||
359 | + | --runstate | --runstat | --runsta | --runst | --runs \ | ||
360 | + | --run | --ru | --r) | ||
361 | + ac_prev=runstatedir ;; | ||
362 | + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ | ||
363 | + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ | ||
364 | + | --run=* | --ru=* | --r=*) | ||
365 | + runstatedir=$ac_optarg ;; | ||
366 | + | ||
367 | -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) | ||
368 | ac_prev=sbindir ;; | ||
369 | -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | ||
370 | @@ -1230,7 +1261,7 @@ fi | ||
371 | for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ | ||
372 | datadir sysconfdir sharedstatedir localstatedir includedir \ | ||
373 | oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ | ||
374 | - libdir localedir mandir | ||
375 | + libdir localedir mandir runstatedir | ||
376 | do | ||
377 | eval ac_val=\$$ac_var | ||
378 | # Remove trailing slashes. | ||
379 | @@ -1258,8 +1289,6 @@ target=$target_alias | ||
380 | if test "x$host_alias" != x; then | ||
381 | if test "x$build_alias" = x; then | ||
382 | cross_compiling=maybe | ||
383 | - $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host. | ||
384 | - If a cross compiler is detected then cross compile mode will be used" >&2 | ||
385 | elif test "x$build_alias" != "x$host_alias"; then | ||
386 | cross_compiling=yes | ||
387 | fi | ||
388 | @@ -1385,6 +1414,7 @@ Fine tuning of the installation director | ||
389 | --sysconfdir=DIR read-only single-machine data [PREFIX/etc] | ||
390 | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] | ||
391 | --localstatedir=DIR modifiable single-machine data [PREFIX/var] | ||
392 | + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] | ||
393 | --libdir=DIR object code libraries [EPREFIX/lib] | ||
394 | --includedir=DIR C header files [PREFIX/include] | ||
395 | --oldincludedir=DIR C header files for non-gcc [/usr/include] | ||
396 | @@ -1548,9 +1578,9 @@ test -n "$ac_init_help" && exit $ac_stat | ||
397 | if $ac_init_version; then | ||
398 | cat <<\_ACEOF | ||
399 | fetchmail configure 6.3.26 | ||
400 | -generated by GNU Autoconf 2.68 | ||
401 | +generated by GNU Autoconf 2.69 | ||
402 | |||
403 | -Copyright (C) 2010 Free Software Foundation, Inc. | ||
404 | +Copyright (C) 2012 Free Software Foundation, Inc. | ||
405 | This configure script is free software; the Free Software Foundation | ||
406 | gives unlimited permission to copy, distribute and modify it. | ||
407 | _ACEOF | ||
408 | @@ -1827,7 +1857,7 @@ $as_echo "$ac_try_echo"; } >&5 | ||
409 | test ! -s conftest.err | ||
410 | } && test -s conftest$ac_exeext && { | ||
411 | test "$cross_compiling" = yes || | ||
412 | - $as_test_x conftest$ac_exeext | ||
413 | + test -x conftest$ac_exeext | ||
414 | }; then : | ||
415 | ac_retval=0 | ||
416 | else | ||
417 | @@ -2030,7 +2060,8 @@ int | ||
418 | main () | ||
419 | { | ||
420 | static int test_array [1 - 2 * !(($2) >= 0)]; | ||
421 | -test_array [0] = 0 | ||
422 | +test_array [0] = 0; | ||
423 | +return test_array [0]; | ||
424 | |||
425 | ; | ||
426 | return 0; | ||
427 | @@ -2046,7 +2077,8 @@ int | ||
428 | main () | ||
429 | { | ||
430 | static int test_array [1 - 2 * !(($2) <= $ac_mid)]; | ||
431 | -test_array [0] = 0 | ||
432 | +test_array [0] = 0; | ||
433 | +return test_array [0]; | ||
434 | |||
435 | ; | ||
436 | return 0; | ||
437 | @@ -2072,7 +2104,8 @@ int | ||
438 | main () | ||
439 | { | ||
440 | static int test_array [1 - 2 * !(($2) < 0)]; | ||
441 | -test_array [0] = 0 | ||
442 | +test_array [0] = 0; | ||
443 | +return test_array [0]; | ||
444 | |||
445 | ; | ||
446 | return 0; | ||
447 | @@ -2088,7 +2121,8 @@ int | ||
448 | main () | ||
449 | { | ||
450 | static int test_array [1 - 2 * !(($2) >= $ac_mid)]; | ||
451 | -test_array [0] = 0 | ||
452 | +test_array [0] = 0; | ||
453 | +return test_array [0]; | ||
454 | |||
455 | ; | ||
456 | return 0; | ||
457 | @@ -2122,7 +2156,8 @@ int | ||
458 | main () | ||
459 | { | ||
460 | static int test_array [1 - 2 * !(($2) <= $ac_mid)]; | ||
461 | -test_array [0] = 0 | ||
462 | +test_array [0] = 0; | ||
463 | +return test_array [0]; | ||
464 | |||
465 | ; | ||
466 | return 0; | ||
467 | @@ -2195,7 +2230,7 @@ This file contains any messages produced | ||
468 | running configure, to aid debugging if configure makes a mistake. | ||
469 | |||
470 | It was created by fetchmail $as_me 6.3.26, which was | ||
471 | -generated by GNU Autoconf 2.68. Invocation command line was | ||
472 | +generated by GNU Autoconf 2.69. Invocation command line was | ||
473 | |||
474 | $ $0 $@ | ||
475 | |||
476 | @@ -2689,7 +2724,7 @@ case $as_dir/ in #(( | ||
477 | # by default. | ||
478 | for ac_prog in ginstall scoinst install; do | ||
479 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
480 | - if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then | ||
481 | + if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then | ||
482 | if test $ac_prog = install && | ||
483 | grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then | ||
484 | # AIX install. It has an incompatible calling convention. | ||
485 | @@ -2858,7 +2893,7 @@ do | ||
486 | IFS=$as_save_IFS | ||
487 | test -z "$as_dir" && as_dir=. | ||
488 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
489 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
490 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
491 | ac_cv_prog_STRIP="${ac_tool_prefix}strip" | ||
492 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
493 | break 2 | ||
494 | @@ -2898,7 +2933,7 @@ do | ||
495 | IFS=$as_save_IFS | ||
496 | test -z "$as_dir" && as_dir=. | ||
497 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
498 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
499 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
500 | ac_cv_prog_ac_ct_STRIP="strip" | ||
501 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
502 | break 2 | ||
503 | @@ -2949,7 +2984,7 @@ do | ||
504 | test -z "$as_dir" && as_dir=. | ||
505 | for ac_prog in mkdir gmkdir; do | ||
506 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
507 | - { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue | ||
508 | + as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue | ||
509 | case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( | ||
510 | 'mkdir (GNU coreutils) '* | \ | ||
511 | 'mkdir (coreutils) '* | \ | ||
512 | @@ -3002,7 +3037,7 @@ do | ||
513 | IFS=$as_save_IFS | ||
514 | test -z "$as_dir" && as_dir=. | ||
515 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
516 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
517 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
518 | ac_cv_prog_AWK="$ac_prog" | ||
519 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
520 | break 2 | ||
521 | @@ -3295,7 +3330,7 @@ do | ||
522 | IFS=$as_save_IFS | ||
523 | test -z "$as_dir" && as_dir=. | ||
524 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
525 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
526 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
527 | ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" | ||
528 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
529 | break 2 | ||
530 | @@ -3466,7 +3501,7 @@ do | ||
531 | IFS=$as_save_IFS | ||
532 | test -z "$as_dir" && as_dir=. | ||
533 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
534 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
535 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
536 | ac_cv_prog_AWK="$ac_prog" | ||
537 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
538 | break 2 | ||
539 | @@ -3512,7 +3547,7 @@ do | ||
540 | IFS=$as_save_IFS | ||
541 | test -z "$as_dir" && as_dir=. | ||
542 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
543 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
544 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
545 | ac_cv_prog_CC="${ac_tool_prefix}gcc" | ||
546 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
547 | break 2 | ||
548 | @@ -3552,7 +3587,7 @@ do | ||
549 | IFS=$as_save_IFS | ||
550 | test -z "$as_dir" && as_dir=. | ||
551 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
552 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
553 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
554 | ac_cv_prog_ac_ct_CC="gcc" | ||
555 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
556 | break 2 | ||
557 | @@ -3605,7 +3640,7 @@ do | ||
558 | IFS=$as_save_IFS | ||
559 | test -z "$as_dir" && as_dir=. | ||
560 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
561 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
562 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
563 | ac_cv_prog_CC="${ac_tool_prefix}cc" | ||
564 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
565 | break 2 | ||
566 | @@ -3646,7 +3681,7 @@ do | ||
567 | IFS=$as_save_IFS | ||
568 | test -z "$as_dir" && as_dir=. | ||
569 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
570 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
571 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
572 | if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then | ||
573 | ac_prog_rejected=yes | ||
574 | continue | ||
575 | @@ -3704,7 +3739,7 @@ do | ||
576 | IFS=$as_save_IFS | ||
577 | test -z "$as_dir" && as_dir=. | ||
578 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
579 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
580 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
581 | ac_cv_prog_CC="$ac_tool_prefix$ac_prog" | ||
582 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
583 | break 2 | ||
584 | @@ -3748,7 +3783,7 @@ do | ||
585 | IFS=$as_save_IFS | ||
586 | test -z "$as_dir" && as_dir=. | ||
587 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
588 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
589 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
590 | ac_cv_prog_ac_ct_CC="$ac_prog" | ||
591 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
592 | break 2 | ||
593 | @@ -4194,8 +4229,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ | ||
594 | /* end confdefs.h. */ | ||
595 | #include <stdarg.h> | ||
596 | #include <stdio.h> | ||
597 | -#include <sys/types.h> | ||
598 | -#include <sys/stat.h> | ||
599 | +struct stat; | ||
600 | /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ | ||
601 | struct buf { int x; }; | ||
602 | FILE * (*rcsopen) (struct buf *, struct stat *, int); | ||
603 | @@ -4751,7 +4785,7 @@ do | ||
604 | IFS=$as_save_IFS | ||
605 | test -z "$as_dir" && as_dir=. | ||
606 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
607 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
608 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
609 | ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" | ||
610 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
611 | break 2 | ||
612 | @@ -4791,7 +4825,7 @@ do | ||
613 | IFS=$as_save_IFS | ||
614 | test -z "$as_dir" && as_dir=. | ||
615 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
616 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
617 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
618 | ac_cv_prog_ac_ct_RANLIB="ranlib" | ||
619 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
620 | break 2 | ||
621 | @@ -4859,7 +4893,7 @@ do | ||
622 | for ac_prog in grep ggrep; do | ||
623 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
624 | ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" | ||
625 | - { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue | ||
626 | + as_fn_executable_p "$ac_path_GREP" || continue | ||
627 | # Check for GNU ac_path_GREP and select it if it is found. | ||
628 | # Check for GNU $ac_path_GREP | ||
629 | case `"$ac_path_GREP" --version 2>&1` in | ||
630 | @@ -4925,7 +4959,7 @@ do | ||
631 | for ac_prog in egrep; do | ||
632 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
633 | ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" | ||
634 | - { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue | ||
635 | + as_fn_executable_p "$ac_path_EGREP" || continue | ||
636 | # Check for GNU ac_path_EGREP and select it if it is found. | ||
637 | # Check for GNU $ac_path_EGREP | ||
638 | case `"$ac_path_EGREP" --version 2>&1` in | ||
639 | @@ -5132,8 +5166,8 @@ else | ||
640 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
641 | /* end confdefs.h. */ | ||
642 | |||
643 | -# define __EXTENSIONS__ 1 | ||
644 | - $ac_includes_default | ||
645 | +# define __EXTENSIONS__ 1 | ||
646 | + $ac_includes_default | ||
647 | int | ||
648 | main () | ||
649 | { | ||
650 | @@ -5513,11 +5547,11 @@ else | ||
651 | int | ||
652 | main () | ||
653 | { | ||
654 | -/* FIXME: Include the comments suggested by Paul. */ | ||
655 | + | ||
656 | #ifndef __cplusplus | ||
657 | - /* Ultrix mips cc rejects this. */ | ||
658 | + /* Ultrix mips cc rejects this sort of thing. */ | ||
659 | typedef int charset[2]; | ||
660 | - const charset cs; | ||
661 | + const charset cs = { 0, 0 }; | ||
662 | /* SunOS 4.1.1 cc rejects this. */ | ||
663 | char const *const *pcpcc; | ||
664 | char **ppc; | ||
665 | @@ -5534,8 +5568,9 @@ main () | ||
666 | ++pcpcc; | ||
667 | ppc = (char**) pcpcc; | ||
668 | pcpcc = (char const *const *) ppc; | ||
669 | - { /* SCO 3.2v4 cc rejects this. */ | ||
670 | - char *t; | ||
671 | + { /* SCO 3.2v4 cc rejects this sort of thing. */ | ||
672 | + char tx; | ||
673 | + char *t = &tx; | ||
674 | char const *s = 0 ? (char *) 0 : (char const *) 0; | ||
675 | |||
676 | *t++ = 0; | ||
677 | @@ -5551,10 +5586,10 @@ main () | ||
678 | iptr p = 0; | ||
679 | ++p; | ||
680 | } | ||
681 | - { /* AIX XL C 1.02.0.0 rejects this saying | ||
682 | + { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying | ||
683 | "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ | ||
684 | - struct s { int j; const int *ap[3]; }; | ||
685 | - struct s *b; b->j = 5; | ||
686 | + struct s { int j; const int *ap[3]; } bx; | ||
687 | + struct s *b = &bx; b->j = 5; | ||
688 | } | ||
689 | { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ | ||
690 | const int foo = 10; | ||
691 | @@ -5600,7 +5635,7 @@ do | ||
692 | IFS=$as_save_IFS | ||
693 | test -z "$as_dir" && as_dir=. | ||
694 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
695 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
696 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
697 | ac_cv_prog_LEX="$ac_prog" | ||
698 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
699 | break 2 | ||
700 | @@ -5632,7 +5667,8 @@ a { ECHO; } | ||
701 | b { REJECT; } | ||
702 | c { yymore (); } | ||
703 | d { yyless (1); } | ||
704 | -e { yyless (input () != 0); } | ||
705 | +e { /* IRIX 6.5 flex 2.5.4 underquotes its yyless argument. */ | ||
706 | + yyless ((input () != 0)); } | ||
707 | f { unput (yytext[0]); } | ||
708 | . { BEGIN INITIAL; } | ||
709 | %% | ||
710 | @@ -5792,7 +5828,7 @@ do | ||
711 | IFS=$as_save_IFS | ||
712 | test -z "$as_dir" && as_dir=. | ||
713 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
714 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
715 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
716 | ac_cv_prog_YACC="$ac_prog" | ||
717 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
718 | break 2 | ||
719 | @@ -6044,7 +6080,7 @@ do | ||
720 | IFS=$as_save_IFS | ||
721 | test -z "$as_dir" && as_dir=. | ||
722 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
723 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
724 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
725 | ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" | ||
726 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
727 | break 2 | ||
728 | @@ -8548,7 +8584,7 @@ do | ||
729 | IFS=$as_save_IFS | ||
730 | test -z "$as_dir" && as_dir=. | ||
731 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
732 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
733 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
734 | ac_cv_path_procmail="$as_dir/$ac_word$ac_exec_ext" | ||
735 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
736 | break 2 | ||
737 | @@ -8590,7 +8626,7 @@ do | ||
738 | IFS=$as_save_IFS | ||
739 | test -z "$as_dir" && as_dir=. | ||
740 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
741 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
742 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
743 | ac_cv_path_sendmail="$as_dir/$ac_word$ac_exec_ext" | ||
744 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
745 | break 2 | ||
746 | @@ -8632,7 +8668,7 @@ do | ||
747 | IFS=$as_save_IFS | ||
748 | test -z "$as_dir" && as_dir=. | ||
749 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
750 | - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
751 | + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
752 | ac_cv_path_maildrop="$as_dir/$ac_word$ac_exec_ext" | ||
753 | $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
754 | break 2 | ||
755 | @@ -10121,16 +10157,16 @@ $as_echo "$as_me: WARNING: Consider re-r | ||
756 | fi | ||
757 | |||
758 | case "$LIBS" in *-lssl*) | ||
759 | - ac_fn_c_check_decl "$LINENO" "SSLv2_client_method" "ac_cv_have_decl_SSLv2_client_method" "#include <openssl/ssl.h> | ||
760 | + ac_fn_c_check_decl "$LINENO" "SSLv3_client_method" "ac_cv_have_decl_SSLv3_client_method" "#include <openssl/ssl.h> | ||
761 | " | ||
762 | -if test "x$ac_cv_have_decl_SSLv2_client_method" = xyes; then : | ||
763 | +if test "x$ac_cv_have_decl_SSLv3_client_method" = xyes; then : | ||
764 | ac_have_decl=1 | ||
765 | else | ||
766 | ac_have_decl=0 | ||
767 | fi | ||
768 | |||
769 | cat >>confdefs.h <<_ACEOF | ||
770 | -#define HAVE_DECL_SSLV2_CLIENT_METHOD $ac_have_decl | ||
771 | +#define HAVE_DECL_SSLV3_CLIENT_METHOD $ac_have_decl | ||
772 | _ACEOF | ||
773 | |||
774 | ;; | ||
775 | @@ -11334,16 +11370,16 @@ if (echo >conf$$.file) 2>/dev/null; then | ||
776 | # ... but there are two gotchas: | ||
777 | # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. | ||
778 | # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. | ||
779 | - # In both cases, we have to default to `cp -p'. | ||
780 | + # In both cases, we have to default to `cp -pR'. | ||
781 | ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || | ||
782 | - as_ln_s='cp -p' | ||
783 | + as_ln_s='cp -pR' | ||
784 | elif ln conf$$.file conf$$ 2>/dev/null; then | ||
785 | as_ln_s=ln | ||
786 | else | ||
787 | - as_ln_s='cp -p' | ||
788 | + as_ln_s='cp -pR' | ||
789 | fi | ||
790 | else | ||
791 | - as_ln_s='cp -p' | ||
792 | + as_ln_s='cp -pR' | ||
793 | fi | ||
794 | rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file | ||
795 | rmdir conf$$.dir 2>/dev/null | ||
796 | @@ -11403,28 +11439,16 @@ else | ||
797 | as_mkdir_p=false | ||
798 | fi | ||
799 | |||
800 | -if test -x / >/dev/null 2>&1; then | ||
801 | - as_test_x='test -x' | ||
802 | -else | ||
803 | - if ls -dL / >/dev/null 2>&1; then | ||
804 | - as_ls_L_option=L | ||
805 | - else | ||
806 | - as_ls_L_option= | ||
807 | - fi | ||
808 | - as_test_x=' | ||
809 | - eval sh -c '\'' | ||
810 | - if test -d "$1"; then | ||
811 | - test -d "$1/."; | ||
812 | - else | ||
813 | - case $1 in #( | ||
814 | - -*)set "./$1";; | ||
815 | - esac; | ||
816 | - case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( | ||
817 | - ???[sx]*):;;*)false;;esac;fi | ||
818 | - '\'' sh | ||
819 | - ' | ||
820 | -fi | ||
821 | -as_executable_p=$as_test_x | ||
822 | + | ||
823 | +# as_fn_executable_p FILE | ||
824 | +# ----------------------- | ||
825 | +# Test if FILE is an executable regular file. | ||
826 | +as_fn_executable_p () | ||
827 | +{ | ||
828 | + test -f "$1" && test -x "$1" | ||
829 | +} # as_fn_executable_p | ||
830 | +as_test_x='test -x' | ||
831 | +as_executable_p=as_fn_executable_p | ||
832 | |||
833 | # Sed expression to map a string onto a valid CPP name. | ||
834 | as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" | ||
835 | @@ -11446,7 +11470,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_wri | ||
836 | # values after options handling. | ||
837 | ac_log=" | ||
838 | This file was extended by fetchmail $as_me 6.3.26, which was | ||
839 | -generated by GNU Autoconf 2.68. Invocation command line was | ||
840 | +generated by GNU Autoconf 2.69. Invocation command line was | ||
841 | |||
842 | CONFIG_FILES = $CONFIG_FILES | ||
843 | CONFIG_HEADERS = $CONFIG_HEADERS | ||
844 | @@ -11512,10 +11536,10 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_writ | ||
845 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | ||
846 | ac_cs_version="\\ | ||
847 | fetchmail config.status 6.3.26 | ||
848 | -configured by $0, generated by GNU Autoconf 2.68, | ||
849 | +configured by $0, generated by GNU Autoconf 2.69, | ||
850 | with options \\"\$ac_cs_config\\" | ||
851 | |||
852 | -Copyright (C) 2010 Free Software Foundation, Inc. | ||
853 | +Copyright (C) 2012 Free Software Foundation, Inc. | ||
854 | This config.status script is free software; the Free Software Foundation | ||
855 | gives unlimited permission to copy, distribute and modify it." | ||
856 | |||
857 | @@ -11606,7 +11630,7 @@ fi | ||
858 | _ACEOF | ||
859 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | ||
860 | if \$ac_cs_recheck; then | ||
861 | - set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion | ||
862 | + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion | ||
863 | shift | ||
864 | \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 | ||
865 | CONFIG_SHELL='$SHELL' | ||
866 | --- fetchmail-6.3.26.orig/configure.ac | ||
867 | +++ fetchmail-6.3.26/configure.ac | ||
868 | @@ -802,7 +802,7 @@ else | ||
869 | fi | ||
870 | |||
871 | case "$LIBS" in *-lssl*) | ||
872 | - AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>]) | ||
873 | + AC_CHECK_DECLS([SSLv3_client_method],,,[#include <openssl/ssl.h>]) | ||
874 | ;; | ||
875 | esac | ||
876 | |||
877 | --- fetchmail-6.3.26.orig/fetchmail-FAQ.html | ||
878 | +++ fetchmail-6.3.26/fetchmail-FAQ.html | ||
879 | @@ -667,8 +667,8 @@ because there is not currently a standar | ||
880 | also uses this method, so the two will interoperate happily. They | ||
881 | better, because this is how Craig gets his mail ;-)</p> | ||
882 | |||
883 | -<p>Finally, you can use <a href="#K5">SSL</a> for complete | ||
884 | -end-to-end encryption if you have an SSL-enabled mailserver.</p> | ||
885 | +<p>Finally, you can use <a href="#K5">SSL or TLS</a> for complete | ||
886 | +end-to-end encryption if you have a TLS-enabled mailserver.</p> | ||
887 | |||
888 | <h2><a id="G11" name="G11">G11. Is any special configuration needed | ||
889 | to use a dynamic IP address?</a></h2> | ||
890 | @@ -2120,7 +2120,7 @@ SSL?</a></h2> | ||
891 | |||
892 | <p>You'll need to have the <a | ||
893 | href="http://www.openssl.org/">OpenSSL</a> libraries installed, and they | ||
894 | -should at least be version 0.9.7. | ||
895 | +should at least be version 0.9.8, with 1.0.1 preferred. | ||
896 | Configure with --with-ssl. If you have the OpenSSL libraries | ||
897 | installed in commonly-used default locations, this will | ||
898 | suffice. If you have them installed in a non-default location, | ||
899 | @@ -2130,7 +2130,7 @@ to --with-ssl after an equal sign.</p> | ||
900 | <p>Fetchmail binaries built this way support <code>ssl</code>, | ||
901 | <code>sslkey</code>, and <code>sslcert</code> options that control | ||
902 | SSL encryption, and will automatically use <code>tls</code> if the | ||
903 | -server offers it. You will need to have an SSL-enabled mailserver to | ||
904 | +server offers it. You will need to have an SSL/TLS-enabled mailserver to | ||
905 | use these options. See the manual page for details and some words | ||
906 | of care on the limited security provided.</p> | ||
907 | |||
908 | @@ -2155,13 +2155,14 @@ poll MYSERVER port 993 plugin "openssl s | ||
909 | protocol imap username MYUSERNAME password MYPASSWORD | ||
910 | </pre> | ||
911 | |||
912 | -<p>You should note that SSL is only secure against a "man-in-the-middle" | ||
913 | -attack if the client is able to verify that the peer's public key is the | ||
914 | -correct one, and has not been substituted by an attacker. fetchmail can do | ||
915 | -this in one of two ways: by verifying the SSL certificate, or by checking | ||
916 | -the fingerprint of the peer's public key.</p> | ||
917 | +<p>You should note that SSL or TLS are only secure against a | ||
918 | +"man-in-the-middle" attack if the client is able to verify that the | ||
919 | +peer's public key is the correct one, and has not been substituted by an | ||
920 | +attacker. fetchmail can do this in one of two ways: by verifying the SSL | ||
921 | +certificate, or by checking the fingerprint of the peer's public | ||
922 | +key.</p> | ||
923 | |||
924 | -<p>There are three parts to SSL certificate verification: checking that the | ||
925 | +<p>There are three parts to TLS certificate verification: checking that the | ||
926 | domain name in the certificate matches the hostname you asked to connect to; | ||
927 | checking that the certificate expiry date has not passed; and checking that | ||
928 | the certificate has been signed by a known Certificate Authority (CA). This | ||
929 | @@ -2227,8 +2228,12 @@ will automatically attempt TLS negotiati | ||
930 | time. This can however cause problems if the upstream didn't configure | ||
931 | his certificates properly.</p> | ||
932 | |||
933 | -<p>In order to prevent fetchmail from trying TLS (STLS, STARTTLS) | ||
934 | -negotiation, add this option:</p> | ||
935 | +<p>In order to prevent fetchmail 6.4.0 and newer versions from trying | ||
936 | +STLS or STARTTLS negotiation, add this option:</p> | ||
937 | +<pre>sslproto ''</pre> | ||
938 | + | ||
939 | +<p>In order to prevent older fetchmail versions from trying TLS (STLS, STARTTLS) | ||
940 | +negotiation where the above does not work, try this option:</p> | ||
941 | |||
942 | <pre>sslproto ssl23</pre> | ||
943 | |||
944 | @@ -2876,15 +2881,22 @@ need to say something like '<code>envelo | ||
945 | |||
946 | <pre> | ||
947 | Received: from send103.yahoomail.com (send103.yahoomail.com [205.180.60.92]) | ||
948 | - by iserv.ttns.net (8.8.5/8.8.5) with SMTP id RAA10088 | ||
949 | - for <ksturgeon@fbceg.org>; Wed, 9 Sep 1998 17:01:59 -0700 | ||
950 | + by iserv.example.net (8.8.5/8.8.5) with SMTP id RAA10088 | ||
951 | + for <ksturgeon@fbceg.example.org>; Wed, 9 Sep 1998 17:01:59 -0700 | ||
952 | </pre> | ||
953 | |||
954 | -<p>it checks to see if 'iserv.ttns.net' is a DNS alias of your | ||
955 | -mailserver before accepting 'ksturgeon@fbceg.org' as an envelope | ||
956 | +<p>it checks to see if 'iserv.example.net' is a DNS alias of your | ||
957 | +mailserver before accepting 'ksturgeon@fbceg.example.org' as an envelope | ||
958 | address. This check might fail if your DNS were misconfigured, or | ||
959 | -if you were using 'no dns' and had failed to declare iserv.ttns.net | ||
960 | -as an alias of your server.</p> | ||
961 | +if you were using 'no dns' and had failed to declare iserv.example.net | ||
962 | +as an alias of your server. The typical hint is logging similar to: | ||
963 | +<code>line rejected, iserv.example.net is not an alias of the mailserver</code>, | ||
964 | +if you use fetchmail in verbose mode.</p> | ||
965 | + | ||
966 | +<p><strong>Workaround:</strong> You can specify the alias explicitly, with <code>aka | ||
967 | + <em>iserv.example.net</em></code> statements in the rcfile. Replace | ||
968 | +<em>iserv.example.net</em> by the name you find in <strong>your</strong> | ||
969 | +'by' part of the 'Received:' line.</p> | ||
970 | |||
971 | <h2><a id="M8" name="M8">M8. Users are getting multiple copies of | ||
972 | messages.</a></h2> | ||
973 | @@ -3237,6 +3249,8 @@ Hayes mode escape "+++".</p> | ||
974 | <h2><a id="X8" name="X8">X8. A spurious ) is being appended to my | ||
975 | messages.</a></h2> | ||
976 | |||
977 | +<p><em>Fetchmail 6.3.5 and newer releases are supposed to fix this.</em></p> | ||
978 | + | ||
979 | <p>Due to the problem described in <a href="#S2">S2</a>, the | ||
980 | IMAP support in fetchmail cannot follow the IMAP protocol 100 %. | ||
981 | Most of the time it doesn't matter, but if you combine it with an | ||
982 | @@ -3279,8 +3293,6 @@ it at the end of the message it forwards | ||
983 | on, you'll get a message about actual != expected.</li> | ||
984 | </ol> | ||
985 | |||
986 | -<p>There is no fix for this.</p> | ||
987 | - | ||
988 | <h2><a id="X9" name="X9">X9. Missing "Content-Transfer-Encoding" header | ||
989 | with Domino IMAP</a></h2> | ||
990 | |||
991 | --- fetchmail-6.3.26.orig/fetchmail.c | ||
992 | +++ fetchmail-6.3.26/fetchmail.c | ||
993 | @@ -54,6 +54,10 @@ | ||
994 | #define ENETUNREACH 128 /* Interactive doesn't know this */ | ||
995 | #endif /* ENETUNREACH */ | ||
996 | |||
997 | +#ifdef SSL_ENABLE | ||
998 | +#include <openssl/ssl.h> /* for OPENSSL_NO_SSL2 and ..._SSL3 checks */ | ||
999 | +#endif | ||
1000 | + | ||
1001 | /* prototypes for internal functions */ | ||
1002 | static int load_params(int, char **, int); | ||
1003 | static void dump_params (struct runctl *runp, struct query *, flag implicit); | ||
1004 | @@ -138,7 +142,7 @@ static void printcopyright(FILE *fp) { | ||
1005 | "Copyright (C) 2004 Matthias Andree, Eric S. Raymond,\n" | ||
1006 | " Robert M. Funk, Graham Wilson\n" | ||
1007 | "Copyright (C) 2005 - 2012 Sunil Shetye\n" | ||
1008 | - "Copyright (C) 2005 - 2013 Matthias Andree\n" | ||
1009 | + "Copyright (C) 2005 - 2015 Matthias Andree\n" | ||
1010 | )); | ||
1011 | fprintf(fp, GT_("Fetchmail comes with ABSOLUTELY NO WARRANTY. This is free software, and you\n" | ||
1012 | "are welcome to redistribute it under certain conditions. For details,\n" | ||
1013 | @@ -262,6 +266,9 @@ int main(int argc, char **argv) | ||
1014 | #endif /* ODMR_ENABLE */ | ||
1015 | #ifdef SSL_ENABLE | ||
1016 | "+SSL" | ||
1017 | +#if (HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0) || defined(OPENSSL_NO_SSL3) | ||
1018 | + "-SSLv3" | ||
1019 | +#endif | ||
1020 | #endif | ||
1021 | #ifdef OPIE_ENABLE | ||
1022 | "+OPIE" | ||
1023 | --- fetchmail-6.3.26.orig/fetchmail.h | ||
1024 | +++ fetchmail-6.3.26/fetchmail.h | ||
1025 | @@ -771,9 +771,9 @@ int servport(const char *service); | ||
1026 | int fm_getaddrinfo(const char *node, const char *serv, const struct addrinfo *hints, struct addrinfo **res); | ||
1027 | void fm_freeaddrinfo(struct addrinfo *ai); | ||
1028 | |||
1029 | -/* prototypes from tls.c */ | ||
1030 | -int maybe_tls(struct query *ctl); | ||
1031 | -int must_tls(struct query *ctl); | ||
1032 | +/* prototypes from starttls.c */ | ||
1033 | +int maybe_starttls(struct query *ctl); | ||
1034 | +int must_starttls(struct query *ctl); | ||
1035 | |||
1036 | /* prototype from rfc822valid.c */ | ||
1037 | int rfc822_valid_msgid(const unsigned char *); | ||
1038 | --- fetchmail-6.3.26.orig/fetchmail.man | ||
1039 | +++ fetchmail-6.3.26/fetchmail.man | ||
1040 | @@ -412,23 +412,22 @@ from. The folder information is written | ||
1041 | .B \-\-ssl | ||
1042 | (Keyword: ssl) | ||
1043 | .br | ||
1044 | -Causes the connection to the mail server to be encrypted | ||
1045 | -via SSL. Connect to the server using the specified base protocol over a | ||
1046 | -connection secured by SSL. This option defeats opportunistic starttls | ||
1047 | -negotiation. It is highly recommended to use \-\-sslproto 'SSL3' | ||
1048 | -\-\-sslcertck to validate the certificates presented by the server and | ||
1049 | -defeat the obsolete SSLv2 negotiation. More information is available in | ||
1050 | -the \fIREADME.SSL\fP file that ships with fetchmail. | ||
1051 | -.IP | ||
1052 | -Note that fetchmail may still try to negotiate SSL through starttls even | ||
1053 | -if this option is omitted. You can use the \-\-sslproto option to defeat | ||
1054 | -this behavior or tell fetchmail to negotiate a particular SSL protocol. | ||
1055 | +Causes the connection to the mail server to be encrypted via SSL, by | ||
1056 | +negotiating SSL directly after connecting (SSL-wrapped mode). It is | ||
1057 | +highly recommended to use \-\-sslcertck to validate the certificates | ||
1058 | +presented by the server. Please see the description of \-\-sslproto | ||
1059 | +below! More information is available in the \fIREADME.SSL\fP file that | ||
1060 | +ships with fetchmail. | ||
1061 | +.IP | ||
1062 | +Note that even if this option is omitted, fetchmail may still negotiate | ||
1063 | +SSL in-band for POP3 or IMAP, through the STLS or STARTTLS feature. You | ||
1064 | +can use the \-\-sslproto option to modify that behavior. | ||
1065 | .IP | ||
1066 | If no port is specified, the connection is attempted to the well known | ||
1067 | port of the SSL version of the base protocol. This is generally a | ||
1068 | different port than the port used by the base protocol. For IMAP, this | ||
1069 | is port 143 for the clear protocol and port 993 for the SSL secured | ||
1070 | -protocol, for POP3, it is port 110 for the clear text and port 995 for | ||
1071 | +protocol; for POP3, it is port 110 for the clear text and port 995 for | ||
1072 | the encrypted variant. | ||
1073 | .IP | ||
1074 | If your system lacks the corresponding entries from /etc/services, see | ||
1075 | @@ -470,39 +469,73 @@ cause some complications in daemon mode. | ||
1076 | .IP | ||
1077 | Also see \-\-sslcert above. | ||
1078 | .TP | ||
1079 | -.B \-\-sslproto <name> | ||
1080 | -(Keyword: sslproto) | ||
1081 | +.B \-\-sslproto <value> | ||
1082 | +(Keyword: sslproto, NOTE: semantic changes since v6.4.0) | ||
1083 | .br | ||
1084 | -Forces an SSL/TLS protocol. Possible values are \fB''\fP, | ||
1085 | -\&'\fBSSL2\fP' (not supported on all systems), | ||
1086 | -\&'\fBSSL23\fP', (use of these two values is discouraged | ||
1087 | -and should only be used as a last resort) \&'\fBSSL3\fP', and | ||
1088 | -\&'\fBTLS1\fP'. The default behaviour if this option is unset is: for | ||
1089 | -connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will | ||
1090 | -opportunistically try STARTTLS negotiation with TLS1. You can configure | ||
1091 | -this option explicitly if the default handshake (TLS1 if \-\-ssl is not | ||
1092 | -used) does not work for your server. | ||
1093 | -.IP | ||
1094 | -Use this option with '\fBTLS1\fP' value to enforce a STARTTLS | ||
1095 | -connection. In this mode, it is highly recommended to also use | ||
1096 | -\-\-sslcertck (see below). Note that this will then cause fetchmail | ||
1097 | -v6.3.19 to force STARTTLS negotiation even if it is not advertised by | ||
1098 | -the server. | ||
1099 | -.IP | ||
1100 | -To defeat opportunistic TLSv1 negotiation when the server advertises | ||
1101 | -STARTTLS or STLS, and use a cleartext connection use \fB''\fP. This | ||
1102 | -option, even if the argument is the empty string, will also suppress the | ||
1103 | -diagnostic 'SERVER: opportunistic upgrade to TLS.' message in verbose | ||
1104 | -mode. The default is to try appropriate protocols depending on context. | ||
1105 | +This option has a dual use, out of historic fetchmail behaviour. It | ||
1106 | +controls both the SSL/TLS protocol version and, if \-\-ssl is not | ||
1107 | +specified, the STARTTLS behaviour (upgrading the protocol to an SSL or | ||
1108 | +TLS connection in-band). Some other options may however make TLS | ||
1109 | +mandatory. | ||
1110 | +.PP | ||
1111 | +Only if this option and \-\-ssl are both missing for a poll, there will | ||
1112 | +be opportunistic TLS for POP3 and IMAP, where fetchmail will attempt to | ||
1113 | +upgrade to TLSv1 or newer. | ||
1114 | +.PP | ||
1115 | +Recognized values for \-\-sslproto are given below. You should normally | ||
1116 | +chose one of the auto-negotiating options, i. e. '\fBauto\fP' or one of | ||
1117 | +the options ending in a plus (\fB+\fP) character. Note that depending | ||
1118 | +on OpenSSL library version and configuration, some options cause | ||
1119 | +run-time errors because the requested SSL or TLS versions are not | ||
1120 | +supported by the particular installed OpenSSL library. | ||
1121 | +.RS | ||
1122 | +.IP "\fB''\fP, the empty string" | ||
1123 | +Disable STARTTLS. If \-\-ssl is given for the same server, log an error | ||
1124 | +and pretend that '\fBauto\fP' had been used instead. | ||
1125 | +.IP '\fBauto\fP' | ||
1126 | +(default). Since v6.4.0. Require TLS. Auto-negotiate TLSv1 or newer, disable SSLv3 downgrade. | ||
1127 | +(fetchmail 6.3.26 and older have auto-negotiated all protocols that | ||
1128 | +their OpenSSL library supported, including the broken SSLv3). | ||
1129 | +.IP "\&'\fBSSL23\fP' | ||
1130 | +see '\fBauto\fP'. | ||
1131 | +.IP \&'\fBSSL3\fP' | ||
1132 | +Require SSLv3 exactly. SSLv3 is broken, not supported on all systems, avoid it | ||
1133 | +if possible. This will make fetchmail negotiate SSLv3 only, and is the | ||
1134 | +only way besides '\fBSSL3+\fP' to have fetchmail 6.4.0 or newer permit SSLv3. | ||
1135 | +.IP \&'\fBSSL3+\fP' | ||
1136 | +same as '\fBauto\fP', but permit SSLv3 as well. This is the only way | ||
1137 | +besides '\fBSSL3\fP' to have fetchmail 6.4.0 or newer permit SSLv3. | ||
1138 | +.IP \&'\fBTLS1\fP' | ||
1139 | +Require TLSv1. This does not negotiate TLSv1.1 or newer, and is | ||
1140 | +discouraged. Replace by TLS1+ unless the latter chokes your server. | ||
1141 | +.IP \&'\fBTLS1+\fP' | ||
1142 | +Since v6.4.0. See 'fBauto\fP'. | ||
1143 | +.IP \&'\fBTLS1.1\fP' | ||
1144 | +Since v6.4.0. Require TLS v1.1 exactly. | ||
1145 | +.IP \&'\fBTLS1.1+\fP' | ||
1146 | +Since v6.4.0. Require TLS. Auto-negotiate TLSv1.1 or newer. | ||
1147 | +.IP \&'\fBTLS1.2\fP' | ||
1148 | +Since v6.4.0. Require TLS v1.2 exactly. | ||
1149 | +.IP '\fBTLS1.2+\fP' | ||
1150 | +Since v6.4.0. Require TLS. Auto-negotiate TLSv1.2 or newer. | ||
1151 | +.IP "Unrecognized parameters" | ||
1152 | +are treated the same as '\fBauto\fP'. | ||
1153 | +.RE | ||
1154 | +.IP | ||
1155 | +NOTE: you should hardly ever need to use anything other than '' (to | ||
1156 | +force an unencrypted connection) or 'auto' (to enforce TLS). | ||
1157 | .TP | ||
1158 | .B \-\-sslcertck | ||
1159 | (Keyword: sslcertck) | ||
1160 | .br | ||
1161 | -Causes fetchmail to strictly check the server certificate against a set of | ||
1162 | -local trusted certificates (see the \fBsslcertfile\fP and \fBsslcertpath\fP | ||
1163 | -options). If the server certificate cannot be obtained or is not signed by one | ||
1164 | -of the trusted ones (directly or indirectly), the SSL connection will fail, | ||
1165 | -regardless of the \fBsslfingerprint\fP option. | ||
1166 | +Causes fetchmail to require that SSL/TLS be used and disconnect if it | ||
1167 | +can not successfully negotiate SSL or TLS, or if it cannot successfully | ||
1168 | +verify and validate the certificate and follow it to a trust anchor (or | ||
1169 | +trusted root certificate). The trust anchors are given as a set of local | ||
1170 | +trusted certificates (see the \fBsslcertfile\fP and \fBsslcertpath\fP | ||
1171 | +options). If the server certificate cannot be obtained or is not signed | ||
1172 | +by one of the trusted ones (directly or indirectly), fetchmail will | ||
1173 | +disconnect, regardless of the \fBsslfingerprint\fP option. | ||
1174 | .IP | ||
1175 | Note that CRL (certificate revocation lists) are only supported in | ||
1176 | OpenSSL 0.9.7 and newer! Your system clock should also be reasonably | ||
1177 | @@ -1202,31 +1235,33 @@ capability response. Specify a user opti | ||
1178 | username and the part to the right as the NTLM domain. | ||
1179 | |||
1180 | .SS Secure Socket Layers (SSL) and Transport Layer Security (TLS) | ||
1181 | +.PP All retrieval protocols can use SSL or TLS wrapping for the | ||
1182 | +transport. Additionally, POP3 and IMAP retrival can also negotiate | ||
1183 | +SSL/TLS by means of STARTTLS (or STLS). | ||
1184 | .PP | ||
1185 | Note that fetchmail currently uses the OpenSSL library, which is | ||
1186 | severely underdocumented, so failures may occur just because the | ||
1187 | programmers are not aware of OpenSSL's requirement of the day. | ||
1188 | For instance, since v6.3.16, fetchmail calls | ||
1189 | OpenSSL_add_all_algorithms(), which is necessary to support certificates | ||
1190 | -using SHA256 on OpenSSL 0.9.8 -- this information is deeply hidden in the | ||
1191 | -documentation and not at all obvious. Please do not hesitate to report | ||
1192 | -subtle SSL failures. | ||
1193 | -.PP | ||
1194 | -You can access SSL encrypted services by specifying the \-\-ssl option. | ||
1195 | -You can also do this using the "ssl" user option in the .fetchmailrc | ||
1196 | -file. With SSL encryption enabled, queries are initiated over a | ||
1197 | -connection after negotiating an SSL session, and the connection fails if | ||
1198 | -SSL cannot be negotiated. Some services, such as POP3 and IMAP, have | ||
1199 | +using SHA256 on OpenSSL 0.9.8 -- this information is deeply hidden in | ||
1200 | +the documentation and not at all obvious. Please do not hesitate to | ||
1201 | +report subtle SSL failures. | ||
1202 | +.PP | ||
1203 | +You can access SSL encrypted services by specifying the options starting | ||
1204 | +with \-\-ssl, such as \-\-ssl, \-\-sslproto, \-\-sslcertck, and others. | ||
1205 | +You can also do this using the corresponding user options in the .fetchmailrc | ||
1206 | +file. Some services, such as POP3 and IMAP, have | ||
1207 | different well known ports defined for the SSL encrypted services. The | ||
1208 | encrypted ports will be selected automatically when SSL is enabled and | ||
1209 | -no explicit port is specified. The \-\-sslproto 'SSL3' option should be | ||
1210 | -used to select the SSLv3 protocol (default if unset: v2 or v3). Also, | ||
1211 | -the \-\-sslcertck command line or sslcertck run control file option | ||
1212 | -should be used to force strict certificate checking - see below. | ||
1213 | +no explicit port is specified. Also, the \-\-sslcertck command line or | ||
1214 | +sslcertck run control file option should be used to force strict | ||
1215 | +certificate checking - see below. | ||
1216 | .PP | ||
1217 | If SSL is not configured, fetchmail will usually opportunistically try to use | ||
1218 | -STARTTLS. STARTTLS can be enforced by using \-\-sslproto "TLS1". TLS | ||
1219 | -connections use the same port as the unencrypted version of the | ||
1220 | +STARTTLS. STARTTLS can be enforced by using \-\-sslproto\~auto and | ||
1221 | +defeated by using \-\-sslproto\~''. | ||
1222 | +TLS connections use the same port as the unencrypted version of the | ||
1223 | protocol and negotiate TLS via special command. The \-\-sslcertck | ||
1224 | command line or sslcertck run control file option should be used to | ||
1225 | force strict certificate checking - see below. | ||
1226 | --- fetchmail-6.3.26.orig/imap.c | ||
1227 | +++ fetchmail-6.3.26/imap.c | ||
1228 | @@ -405,6 +405,8 @@ static int imap_getauth(int sock, struct | ||
1229 | /* apply for connection authorization */ | ||
1230 | { | ||
1231 | int ok = 0; | ||
1232 | + char *commonname; | ||
1233 | + | ||
1234 | (void)greeting; | ||
1235 | |||
1236 | /* | ||
1237 | @@ -429,25 +431,21 @@ static int imap_getauth(int sock, struct | ||
1238 | return(PS_SUCCESS); | ||
1239 | } | ||
1240 | |||
1241 | -#ifdef SSL_ENABLE | ||
1242 | - if (maybe_tls(ctl)) { | ||
1243 | - char *commonname; | ||
1244 | - | ||
1245 | - commonname = ctl->server.pollname; | ||
1246 | - if (ctl->server.via) | ||
1247 | - commonname = ctl->server.via; | ||
1248 | - if (ctl->sslcommonname) | ||
1249 | - commonname = ctl->sslcommonname; | ||
1250 | + commonname = ctl->server.pollname; | ||
1251 | + if (ctl->server.via) | ||
1252 | + commonname = ctl->server.via; | ||
1253 | + if (ctl->sslcommonname) | ||
1254 | + commonname = ctl->sslcommonname; | ||
1255 | |||
1256 | - if (strstr(capabilities, "STARTTLS") | ||
1257 | - || must_tls(ctl)) /* if TLS is mandatory, ignore capabilities */ | ||
1258 | +#ifdef SSL_ENABLE | ||
1259 | + if (maybe_starttls(ctl)) { | ||
1260 | + if ((strstr(capabilities, "STARTTLS") && maybe_starttls(ctl)) | ||
1261 | + || must_starttls(ctl)) /* if TLS is mandatory, ignore capabilities */ | ||
1262 | { | ||
1263 | - /* Use "tls1" rather than ctl->sslproto because tls1 is the only | ||
1264 | - * protocol that will work with STARTTLS. Don't need to worry | ||
1265 | - * whether TLS is mandatory or opportunistic unless SSLOpen() fails | ||
1266 | - * (see below). */ | ||
1267 | + /* Don't need to worry whether TLS is mandatory or | ||
1268 | + * opportunistic unless SSLOpen() fails (see below). */ | ||
1269 | if (gen_transact(sock, "STARTTLS") == PS_SUCCESS | ||
1270 | - && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck, | ||
1271 | + && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, ctl->sslproto, ctl->sslcertck, | ||
1272 | ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname, | ||
1273 | ctl->server.pollname, &ctl->remotename)) != -1) | ||
1274 | { | ||
1275 | @@ -470,7 +468,7 @@ static int imap_getauth(int sock, struct | ||
1276 | { | ||
1277 | report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname); | ||
1278 | } | ||
1279 | - } else if (must_tls(ctl)) { | ||
1280 | + } else if (must_starttls(ctl)) { | ||
1281 | /* Config required TLS but we couldn't guarantee it, so we must | ||
1282 | * stop. */ | ||
1283 | set_timeout(0); | ||
1284 | @@ -492,6 +490,10 @@ static int imap_getauth(int sock, struct | ||
1285 | /* Usable. Proceed with authenticating insecurely. */ | ||
1286 | } | ||
1287 | } | ||
1288 | + } else { | ||
1289 | + if (strstr(capabilities, "STARTTLS") && outlevel >= O_VERBOSE) { | ||
1290 | + report(stdout, GT_("%s: WARNING: server offered STARTTLS but sslproto '' given.\n"), commonname); | ||
1291 | + } | ||
1292 | } | ||
1293 | #endif /* SSL_ENABLE */ | ||
1294 | |||
1295 | --- fetchmail-6.3.26.orig/po/Makevars | ||
1296 | +++ fetchmail-6.3.26/po/Makevars | ||
1297 | @@ -46,3 +46,15 @@ MSGID_BUGS_ADDRESS = fetchmail-devel@lis | ||
1298 | # This is the list of locale categories, beyond LC_MESSAGES, for which the | ||
1299 | # message catalogs shall be used. It is usually empty. | ||
1300 | EXTRA_LOCALE_CATEGORIES = | ||
1301 | + | ||
1302 | +# This tells whether the $(DOMAIN).pot file contains messages with an 'msgctxt' | ||
1303 | +# context. Possible values are "yes" and "no". Set this to yes if the | ||
1304 | +# package uses functions taking also a message context, like pgettext(), or | ||
1305 | +# if in $(XGETTEXT_OPTIONS) you define keywords with a context argument. | ||
1306 | +USE_MSGCTXT = no | ||
1307 | + | ||
1308 | +# These options get passed to msgmerge. | ||
1309 | +# Useful options are in particular: | ||
1310 | +# --previous to keep previous msgids of translated messages, | ||
1311 | +# --quiet to reduce the verbosity. | ||
1312 | +MSGMERGE_OPTIONS = | ||
1313 | --- fetchmail-6.3.26.orig/pop3.c | ||
1314 | +++ fetchmail-6.3.26/pop3.c | ||
1315 | @@ -281,6 +281,7 @@ static int pop3_getauth(int sock, struct | ||
1316 | #endif /* OPIE_ENABLE */ | ||
1317 | #ifdef SSL_ENABLE | ||
1318 | flag connection_may_have_tls_errors = FALSE; | ||
1319 | + char *commonname; | ||
1320 | #endif /* SSL_ENABLE */ | ||
1321 | |||
1322 | done_capa = FALSE; | ||
1323 | @@ -393,7 +394,7 @@ static int pop3_getauth(int sock, struct | ||
1324 | (ctl->server.authenticate == A_KERBEROS_V5) || | ||
1325 | (ctl->server.authenticate == A_OTP) || | ||
1326 | (ctl->server.authenticate == A_CRAM_MD5) || | ||
1327 | - maybe_tls(ctl)) | ||
1328 | + maybe_starttls(ctl)) | ||
1329 | { | ||
1330 | if ((ok = capa_probe(sock)) != PS_SUCCESS) | ||
1331 | /* we are in STAGE_GETAUTH => failure is PS_AUTHFAIL! */ | ||
1332 | @@ -406,12 +407,12 @@ static int pop3_getauth(int sock, struct | ||
1333 | (ok == PS_SOCKET && !ctl->wehaveauthed)) | ||
1334 | { | ||
1335 | #ifdef SSL_ENABLE | ||
1336 | - if (must_tls(ctl)) { | ||
1337 | + if (must_starttls(ctl)) { | ||
1338 | /* fail with mandatory STLS without repoll */ | ||
1339 | report(stderr, GT_("TLS is mandatory for this session, but server refused CAPA command.\n")); | ||
1340 | report(stderr, GT_("The CAPA command is however necessary for TLS.\n")); | ||
1341 | return ok; | ||
1342 | - } else if (maybe_tls(ctl)) { | ||
1343 | + } else if (maybe_starttls(ctl)) { | ||
1344 | /* defeat opportunistic STLS */ | ||
1345 | xfree(ctl->sslproto); | ||
1346 | ctl->sslproto = xstrdup(""); | ||
1347 | @@ -431,24 +432,19 @@ static int pop3_getauth(int sock, struct | ||
1348 | } | ||
1349 | |||
1350 | #ifdef SSL_ENABLE | ||
1351 | - if (maybe_tls(ctl)) { | ||
1352 | - char *commonname; | ||
1353 | + commonname = ctl->server.pollname; | ||
1354 | + if (ctl->server.via) | ||
1355 | + commonname = ctl->server.via; | ||
1356 | + if (ctl->sslcommonname) | ||
1357 | + commonname = ctl->sslcommonname; | ||
1358 | |||
1359 | - commonname = ctl->server.pollname; | ||
1360 | - if (ctl->server.via) | ||
1361 | - commonname = ctl->server.via; | ||
1362 | - if (ctl->sslcommonname) | ||
1363 | - commonname = ctl->sslcommonname; | ||
1364 | - | ||
1365 | - if (has_stls | ||
1366 | - || must_tls(ctl)) /* if TLS is mandatory, ignore capabilities */ | ||
1367 | + if (maybe_starttls(ctl)) { | ||
1368 | + if (has_stls || must_starttls(ctl)) /* if TLS is mandatory, ignore capabilities */ | ||
1369 | { | ||
1370 | - /* Use "tls1" rather than ctl->sslproto because tls1 is the only | ||
1371 | - * protocol that will work with STARTTLS. Don't need to worry | ||
1372 | - * whether TLS is mandatory or opportunistic unless SSLOpen() fails | ||
1373 | - * (see below). */ | ||
1374 | + /* Don't need to worry whether TLS is mandatory or | ||
1375 | + * opportunistic unless SSLOpen() fails (see below). */ | ||
1376 | if (gen_transact(sock, "STLS") == PS_SUCCESS | ||
1377 | - && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck, | ||
1378 | + && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, ctl->sslproto, ctl->sslcertck, | ||
1379 | ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname, | ||
1380 | ctl->server.pollname, &ctl->remotename)) != -1) | ||
1381 | { | ||
1382 | @@ -475,7 +471,7 @@ static int pop3_getauth(int sock, struct | ||
1383 | { | ||
1384 | report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname); | ||
1385 | } | ||
1386 | - } else if (must_tls(ctl)) { | ||
1387 | + } else if (must_starttls(ctl)) { | ||
1388 | /* Config required TLS but we couldn't guarantee it, so we must | ||
1389 | * stop. */ | ||
1390 | set_timeout(0); | ||
1391 | @@ -495,7 +491,11 @@ static int pop3_getauth(int sock, struct | ||
1392 | } | ||
1393 | } | ||
1394 | } | ||
1395 | - } /* maybe_tls() */ | ||
1396 | + } else { /* maybe_starttls() */ | ||
1397 | + if (has_stls && outlevel >= O_VERBOSE) { | ||
1398 | + report(stdout, GT_("%s: WARNING: server offered STLS, but sslproto '' given.\n"), commonname); | ||
1399 | + } | ||
1400 | + } /* maybe_starttls() */ | ||
1401 | #endif /* SSL_ENABLE */ | ||
1402 | |||
1403 | /* | ||
1404 | --- fetchmail-6.3.26.orig/socket.c | ||
1405 | +++ fetchmail-6.3.26/socket.c | ||
1406 | @@ -876,7 +876,9 @@ int SSLOpen(int sock, char *mycert, char | ||
1407 | { | ||
1408 | struct stat randstat; | ||
1409 | int i; | ||
1410 | + int avoid_ssl_versions = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; | ||
1411 | long sslopts = SSL_OP_ALL; | ||
1412 | + int ssle_connect = 0; | ||
1413 | |||
1414 | SSL_load_error_strings(); | ||
1415 | SSL_library_init(); | ||
1416 | @@ -906,25 +908,57 @@ int SSLOpen(int sock, char *mycert, char | ||
1417 | /* Make sure a connection referring to an older context is not left */ | ||
1418 | _ssl_context[sock] = NULL; | ||
1419 | if(myproto) { | ||
1420 | - if(!strcasecmp("ssl2",myproto)) { | ||
1421 | -#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0 | ||
1422 | - _ctx[sock] = SSL_CTX_new(SSLv2_client_method()); | ||
1423 | + if(!strcasecmp("ssl3",myproto)) { | ||
1424 | +#if (HAVE_DECL_SSLV3_CLIENT_METHOD > 0) && (0 == OPENSSL_NO_SSL3 + 0) | ||
1425 | + _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); | ||
1426 | + avoid_ssl_versions &= ~SSL_OP_NO_SSLv3; | ||
1427 | #else | ||
1428 | - report(stderr, GT_("Your operating system does not support SSLv2.\n")); | ||
1429 | + report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n")); | ||
1430 | return -1; | ||
1431 | #endif | ||
1432 | - } else if(!strcasecmp("ssl3",myproto)) { | ||
1433 | - _ctx[sock] = SSL_CTX_new(SSLv3_client_method()); | ||
1434 | + } else if(!strcasecmp("ssl3+",myproto)) { | ||
1435 | + avoid_ssl_versions &= ~SSL_OP_NO_SSLv3; | ||
1436 | + myproto = NULL; | ||
1437 | } else if(!strcasecmp("tls1",myproto)) { | ||
1438 | _ctx[sock] = SSL_CTX_new(TLSv1_client_method()); | ||
1439 | - } else if (!strcasecmp("ssl23",myproto)) { | ||
1440 | + } else if(!strcasecmp("tls1+",myproto)) { | ||
1441 | + myproto = NULL; | ||
1442 | +#if defined(TLS1_1_VERSION) && TLS_MAX_VERSION >= TLS1_1_VERSION | ||
1443 | + } else if(!strcasecmp("tls1.1",myproto)) { | ||
1444 | + _ctx[sock] = SSL_CTX_new(TLSv1_1_client_method()); | ||
1445 | + } else if(!strcasecmp("tls1.1+",myproto)) { | ||
1446 | + myproto = NULL; | ||
1447 | + avoid_ssl_versions |= SSL_OP_NO_TLSv1; | ||
1448 | +#else | ||
1449 | + } else if(!strcasecmp("tls1.1",myproto) || !strcasecmp("tls1.1+", myproto)) { | ||
1450 | + report(stderr, GT_("Your OpenSSL version does not support TLS v1.1.\n")); | ||
1451 | + return -1; | ||
1452 | +#endif | ||
1453 | +#if defined(TLS1_2_VERSION) && TLS_MAX_VERSION >= TLS1_2_VERSION | ||
1454 | + } else if(!strcasecmp("tls1.2",myproto)) { | ||
1455 | + _ctx[sock] = SSL_CTX_new(TLSv1_2_client_method()); | ||
1456 | + } else if(!strcasecmp("tls1.2+",myproto)) { | ||
1457 | + myproto = NULL; | ||
1458 | + avoid_ssl_versions |= SSL_OP_NO_TLSv1; | ||
1459 | + avoid_ssl_versions |= SSL_OP_NO_TLSv1_1; | ||
1460 | +#else | ||
1461 | + } else if(!strcasecmp("tls1.2",myproto) || !strcasecmp("tls1.2+", myproto)) { | ||
1462 | + report(stderr, GT_("Your OpenSSL version does not support TLS v1.2.\n")); | ||
1463 | + return -1; | ||
1464 | +#endif | ||
1465 | + } else if (!strcasecmp("ssl23",myproto) || 0 == strcasecmp("auto",myproto)) { | ||
1466 | myproto = NULL; | ||
1467 | } else { | ||
1468 | - report(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSLv23).\n"), myproto); | ||
1469 | + report(stderr,GT_("Invalid SSL protocol '%s' specified, using default autoselect (SSL23).\n"), myproto); | ||
1470 | myproto = NULL; | ||
1471 | } | ||
1472 | } | ||
1473 | - if(!myproto) { | ||
1474 | + // do not combine into an else { } as myproto may be nulled | ||
1475 | + // above! | ||
1476 | + if (!myproto) { | ||
1477 | + // SSLv23 is a misnomer and will in fact use the best | ||
1478 | + // available protocol, subject to SSL_OP_NO* | ||
1479 | + // constraints. | ||
1480 | _ctx[sock] = SSL_CTX_new(SSLv23_client_method()); | ||
1481 | } | ||
1482 | if(_ctx[sock] == NULL) { | ||
1483 | @@ -938,7 +972,7 @@ int SSLOpen(int sock, char *mycert, char | ||
1484 | sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; | ||
1485 | } | ||
1486 | |||
1487 | - SSL_CTX_set_options(_ctx[sock], sslopts); | ||
1488 | + SSL_CTX_set_options(_ctx[sock], sslopts | avoid_ssl_versions); | ||
1489 | |||
1490 | if (certck) { | ||
1491 | SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback); | ||
1492 | @@ -1008,8 +1042,18 @@ int SSLOpen(int sock, char *mycert, char | ||
1493 | } | ||
1494 | |||
1495 | if (SSL_set_fd(_ssl_context[sock], sock) == 0 | ||
1496 | - || SSL_connect(_ssl_context[sock]) < 1) { | ||
1497 | + || (ssle_connect = SSL_connect(_ssl_context[sock])) < 1) { | ||
1498 | + int e = errno; | ||
1499 | + unsigned long ssle_err_from_queue = ERR_peek_error(); | ||
1500 | + unsigned long ssle_err_from_get_error = SSL_get_error(_ssl_context[sock], ssle_connect); | ||
1501 | ERR_print_errors_fp(stderr); | ||
1502 | + if (SSL_ERROR_SYSCALL == ssle_err_from_get_error && 0 == ssle_err_from_queue) { | ||
1503 | + if (0 == ssle_connect) { | ||
1504 | + report(stderr, GT_("Server shut down connection prematurely during SSL_connect().\n")); | ||
1505 | + } else if (ssle_connect < 0) { | ||
1506 | + report(stderr, GT_("System error during SSL_connect(): %s\n"), strerror(e)); | ||
1507 | + } | ||
1508 | + } | ||
1509 | SSL_free( _ssl_context[sock] ); | ||
1510 | _ssl_context[sock] = NULL; | ||
1511 | SSL_CTX_free(_ctx[sock]); | ||
1512 | @@ -1017,6 +1061,24 @@ int SSLOpen(int sock, char *mycert, char | ||
1513 | return(-1); | ||
1514 | } | ||
1515 | |||
1516 | + if (outlevel >= O_VERBOSE) { | ||
1517 | + SSL_CIPHER const *sc; | ||
1518 | + int bitsmax, bitsused; | ||
1519 | + | ||
1520 | + const char *ver; | ||
1521 | + | ||
1522 | + ver = SSL_get_version(_ssl_context[sock]); | ||
1523 | + | ||
1524 | + sc = SSL_get_current_cipher(_ssl_context[sock]); | ||
1525 | + if (!sc) { | ||
1526 | + report (stderr, GT_("Cannot obtain current SSL/TLS cipher - no session established?\n")); | ||
1527 | + } else { | ||
1528 | + bitsused = SSL_CIPHER_get_bits(sc, &bitsmax); | ||
1529 | + report(stdout, GT_("SSL/TLS: using protocol %s, cipher %s, %d/%d secret/processed bits\n"), | ||
1530 | + ver, SSL_CIPHER_get_name(sc), bitsused, bitsmax); | ||
1531 | + } | ||
1532 | + } | ||
1533 | + | ||
1534 | /* Paranoia: was the callback not called as we expected? */ | ||
1535 | if (!_depth0ck) { | ||
1536 | report(stderr, GT_("Certificate/fingerprint verification was somehow skipped!\n")); | ||
1537 | --- /dev/null | ||
1538 | +++ fetchmail-6.3.26/starttls.c | ||
1539 | @@ -0,0 +1,37 @@ | ||
1540 | +/** \file tls.c - collect common TLS functionality | ||
1541 | + * \author Matthias Andree | ||
1542 | + * \date 2006 | ||
1543 | + */ | ||
1544 | + | ||
1545 | +#include "fetchmail.h" | ||
1546 | + | ||
1547 | +#include <string.h> | ||
1548 | + | ||
1549 | +#ifdef HAVE_STRINGS_H | ||
1550 | +#include <strings.h> | ||
1551 | +#endif | ||
1552 | + | ||
1553 | +/** return true if user allowed opportunistic STARTTLS/STLS */ | ||
1554 | +int maybe_starttls(struct query *ctl) { | ||
1555 | +#ifdef SSL_ENABLE | ||
1556 | + /* opportunistic or forced TLS */ | ||
1557 | + return (!ctl->sslproto || strlen(ctl->sslproto)) | ||
1558 | + && !ctl->use_ssl; | ||
1559 | +#else | ||
1560 | + (void)ctl; | ||
1561 | + return 0; | ||
1562 | +#endif | ||
1563 | +} | ||
1564 | + | ||
1565 | +/** return true if user requires STARTTLS/STLS, note though that this | ||
1566 | + * code must always use a logical AND with maybe_tls(). */ | ||
1567 | +int must_starttls(struct query *ctl) { | ||
1568 | +#ifdef SSL_ENABLE | ||
1569 | + return maybe_starttls(ctl) | ||
1570 | + && (ctl->sslfingerprint || ctl->sslcertck | ||
1571 | + || (ctl->sslproto && !strcasecmp(ctl->sslproto, "tls1"))); | ||
1572 | +#else | ||
1573 | + (void)ctl; | ||
1574 | + return 0; | ||
1575 | +#endif | ||
1576 | +} | ||
diff --git a/meta-networking/recipes-support/fetchmail/fetchmail_6.3.26.bb b/meta-networking/recipes-support/fetchmail/fetchmail_6.4.1.bb index 5af5d0df6..21caa918a 100644 --- a/meta-networking/recipes-support/fetchmail/fetchmail_6.3.26.bb +++ b/meta-networking/recipes-support/fetchmail/fetchmail_6.4.1.bb | |||
@@ -3,15 +3,14 @@ HOMEPAGE = "http://www.fetchmail.info/" | |||
3 | DESCRIPTION = "Fetchmail is a full-featured, robust, well-documented remote-mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It supports every remote-mail protocol now in use on the Internet: POP2, POP3, RPOP, APOP, KPOP, all flavors of IMAP, ETRN, and ODMR. It can even support IPv6 and IPSEC." | 3 | DESCRIPTION = "Fetchmail is a full-featured, robust, well-documented remote-mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It supports every remote-mail protocol now in use on the Internet: POP2, POP3, RPOP, APOP, KPOP, all flavors of IMAP, ETRN, and ODMR. It can even support IPv6 and IPSEC." |
4 | SECTION = "mail" | 4 | SECTION = "mail" |
5 | LICENSE = "GPLv2 & MIT" | 5 | LICENSE = "GPLv2 & MIT" |
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=fbb509e0303f5ded1cbfc0cc8705f28c" | 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=ca53985c1fd053ae0bffffaa89ed49f1" |
7 | 7 | ||
8 | DEPENDS = "openssl" | 8 | DEPENDS = "openssl" |
9 | 9 | ||
10 | SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz \ | 10 | SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz \ |
11 | file://02_remove_SSLv3.patch \ | ||
12 | " | 11 | " |
13 | SRC_URI[md5sum] = "61b66faad044afa26e142bb1791aa2b3" | 12 | SRC_URI[md5sum] = "c2b836a919cdd4ec53b06b70e0aa3e63" |
14 | SRC_URI[sha256sum] = "79b4c54cdbaf02c1a9a691d9948fcb1a77a1591a813e904283a8b614b757e850" | 13 | SRC_URI[sha256sum] = "3f33f11dd08c3e8cc3e9d18eec686b1626d4818f4d5a72791507bbc4dce6a9a0" |
15 | 14 | ||
16 | inherit autotools gettext python-dir pythonnative | 15 | inherit autotools gettext python-dir pythonnative |
17 | 16 | ||