Ubuntu
fetchmail package

Merge ~bryce/ubuntu/+source/fetchmail:eoan-merge-6.4.0-beta4-3 into ubuntu/+source/fetchmail:debian/sid

  1. Git
  2. lp:~bryce/ubuntu/+source/fetchmail
  3. eoan-merge-6.4.0-beta4-3
  4. Merge into debian/sid
Proposed by Bryce Harrington
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: 4a4c066fbf5722714f6e6f44d508597f1b42f4a6
Merge reported by: Bryce Harrington
Merged at revision: 4a4c066fbf5722714f6e6f44d508597f1b42f4a6
Proposed branch: ~bryce/ubuntu/+source/fetchmail:eoan-merge-6.4.0-beta4-3
Merge into: ubuntu/+source/fetchmail:debian/sid
Diff against target: 290 lines (+219/-1)
9 files modified
debian/changelog (+29/-0)
debian/control (+2/-1)
debian/patches/clang-robustness.patch (+59/-0)
debian/patches/series (+4/-0)
debian/patches/set-umask-for-fetchids.patch (+49/-0)
debian/patches/sni-support.patch (+32/-0)
debian/tests/control (+8/-0)
debian/tests/installation (+23/-0)
debian/tests/service (+13/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server packageset reviewers Pending
Canonical Server Pending
git-ubuntu developers Pending
Review via email: mp+369322@code.launchpad.net

Description of the change

Merge with debian's package. Carried forward one patch in the delta.

Added two stabilization fixes from upstream's git tree; these can be dropped next time we merge an new upstream version.

Also added are some basic dep8 tests to check installation and service operation, to try and address LP: #1677818. A complete set of tests would include actual fetching of an email, but that felt too out of scope for the merge so can be tackled later.

PPA available for testing is at
https://launchpad.net/~bryce/+archive/ubuntu/fetchmail-merge-6.4.0-beta4-3

Usual tags are pushed.

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

some changelog bikeshedding

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

some incomplete patch headers and a few questions on the added tests (all inline)

review: Needs Fixing
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Ack on the added stabilization patches

Revision history for this message
Bryce Harrington (bryce) wrote :

On Wed, Jun 26, 2019 at 07:21:25AM -0000, Christian Ehrhardt  wrote:
> some changelog bikeshedding
>
> Diff comments:
>
> > diff --git a/debian/changelog b/debian/changelog
> > index 6aaef1d..0bcbcad 100644
> > --- a/debian/changelog
> > +++ b/debian/changelog
> > @@ -1,3 +1,18 @@
> > +fetchmail (6.4.0~beta4-3ubuntu1) eoan; urgency=medium
> > +
> > + * Merge with Debian unstable. Remaining changes:
> > + + d/p/sni-support.patch: TLS: set hostname for SNI. Thanks to Matthias
>
> IIRC on this level this would usually be a "-".
> This is style which is meant to be flexible as long as it is understandable but usually we have
> * foo
> - bar
> + foobar
> in most cases, unless a changelog always uses a different syntax, then we follow that.

Thanks, fixed

> > + Andree <email address hidden> (LP #1798786)
> > + * d/p/clang-robustness.patch: Backport clang null pointer checks from upstream
>
> Added changes in the context of a merge go under a top entry
> * Added Changes:
>
> I saw no drops, but if there would be to be complete on this info those would list after
> * Dropped Change:
> It turned out on these drops to list reasons in brackets like
> [now upstream]
> [accepted by Debian]
> [no more needed becasue foo]

Thanks, was wondering about this, I've rebased with the changelog
reformats, and will repush the MP.

Bryce

> > + to prevent potential segfaults.
> > + * d/p/set-umask-for-fetchids.patch: Backport upstream fix to set umask
> > + properly before writing the .fetchids file.
> > + * d/p/tests: Add preliminary/basic dep8 tests to check installation and
> > + service operation.
> > + (Partial fix for LP: #1677818)
> > +
> > + -- Bryce Harrington <email address hidden> Sun, 16 Jun 2019 18:45:16 -0700
> > +
> > fetchmail (6.4.0~beta4-3) unstable; urgency=medium
> >
> > * Backport fix potential SIGSEGV in pop3_delete (closes: #921450).
>
>
> --
> https://code.launchpad.net/~bryce/ubuntu/+source/fetchmail/+git/fetchmail/+merge/369322
> You are the owner of ~bryce/ubuntu/+source/fetchmail:eoan-merge-6.4.0-beta4-3.

Revision history for this message
Bryce Harrington (bryce) wrote :

Thanks Christian, I've updated the branch with the review feedback, I
think it is ready for re-review.

On Wed, Jun 26, 2019 at 07:33:07AM -0000, Christian Ehrhardt  wrote:
> Ack on the added stabilization patches
> --
> https://code.launchpad.net/~bryce/ubuntu/+source/fetchmail/+git/fetchmail/+merge/369322
> You are the owner of ~bryce/ubuntu/+source/fetchmail:eoan-merge-6.4.0-beta4-3.

Revision history for this message
Bryce Harrington (bryce) wrote :

Is there something else I need to do or set before this can get another review? Should I resubmit it?

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hey, just as so many others as mentioned yesterday this was lost it seems.
I think nothing is missing, let me re-check it.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Yeah LGTM now, thanks for adding all the stuff I asked for!

review: Approve
Revision history for this message
Bryce Harrington (bryce) wrote :

Thanks Christian, uploaded.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I pushed the tag for upload/6.4.0_beta4-3ubuntu1 on 4a4c066fbf5722714f6e6f44d508597f1b42f4a6?:
$ git push pkg upload/6.4.0_beta4-3ubuntu1
Enumerating objects: 56, done.
Counting objects: 100% (56/56), done.
Delta compression using up to 2 threads
Compressing objects: 100% (50/50), done.
Writing objects: 100% (50/50), 7.93 KiB | 1.13 MiB/s, done.
Total 50 (delta 32), reused 0 (delta 0)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/fetchmail
 * [new tag] upload/6.4.0_beta4-3ubuntu1 -> upload/6.4.0_beta4-3ubuntu1

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 6aaef1d..5b412e9 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,19 @@
6+fetchmail (6.4.0~beta4-3ubuntu1) eoan; urgency=medium
7+
8+ * Merge with Debian unstable. Remaining changes:
9+ - d/p/sni-support.patch: TLS: set hostname for SNI. Thanks to Matthias
10+ Andree <matthias.andree@gmx.de> (LP #1798786)
11+ * Added Changes:
12+ - d/p/clang-robustness.patch: Backport clang null pointer checks from upstream
13+ to prevent potential segfaults.
14+ - d/p/set-umask-for-fetchids.patch: Backport upstream fix to set umask
15+ properly before writing the .fetchids file.
16+ - d/p/tests: Add preliminary/basic dep8 tests to check installation and
17+ service operation.
18+ (Partial fix for LP: #1677818)
19+
20+ -- Bryce Harrington <bryce@canonical.com> Sun, 16 Jun 2019 18:45:16 -0700
21+
22 fetchmail (6.4.0~beta4-3) unstable; urgency=medium
23
24 * Backport fix potential SIGSEGV in pop3_delete (closes: #921450).
25@@ -52,6 +68,19 @@ fetchmail (6.4.0~beta4-1) experimental; urgency=medium
26
27 -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 23 Jun 2018 15:52:22 +0000
28
29+fetchmail (6.3.26-3ubuntu1) disco; urgency=medium
30+
31+ * d/p/sni-support.patch: TLS: set hostname for SNI. Thanks to Matthias
32+ Andree <matthias.andree@gmx.de> (LP: #1798786)
33+
34+ -- Karl Stenerud <karl.stenerud@canonical.com> Wed, 24 Oct 2018 05:12:24 -0700
35+
36+fetchmail (6.3.26-3build1) bionic; urgency=high
37+
38+ * No change rebuild against openssl1.1.
39+
40+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 05 Feb 2018 23:21:22 +0000
41+
42 fetchmail (6.3.26-3) unstable; urgency=low
43
44 * Use short debhelper rules format.
45diff --git a/debian/control b/debian/control
46index 77824a7..6b8827a 100644
47--- a/debian/control
48+++ b/debian/control
49@@ -1,7 +1,8 @@
50 Source: fetchmail
51 Section: mail
52 Priority: optional
53-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
54+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
55+XSBC-Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
56 Build-Depends: debhelper (>= 11), libssl-dev (>= 1.0.2), bison, python (>= 2.7), dh-python, libkrb5-dev, libgssglue-dev
57 Standards-Version: 4.3.0
58 Homepage: http://www.fetchmail.info
59diff --git a/debian/patches/clang-robustness.patch b/debian/patches/clang-robustness.patch
60new file mode 100644
61index 0000000..125e1ee
62--- /dev/null
63+++ b/debian/patches/clang-robustness.patch
64@@ -0,0 +1,59 @@
65+Description: Backport clang null pointer checks from upstream
66+ to prevent potential segfaults.
67+Author: Matthias Andree <matthias.andree@gmx.de>
68+Origin: upstream, https://gitlab.com/fetchmail/fetchmail/commit/124518ae5fba9e352a9cf8a8d7c1a8160475d10b
69+Last-Update: 2019-06-27
70+---
71+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
72+index 6176bcb9..74e1b28a 100644
73+--- a/driver.c
74++++ b/driver.c
75+@@ -542,8 +542,9 @@ static int fetch_messages(int mailserver_socket, struct query *ctl,
76+ lastnum = num + fetchsizelimit - 1;
77+ if (lastnum > count)
78+ lastnum = count;
79+- for (i = 0; i < fetchsizelimit; i++)
80+- (*msgsizes)[i] = 0;
81++ if (*msgsizes)
82++ for (i = 0; i < fetchsizelimit; i++)
83++ (*msgsizes)[i] = 0;
84+
85+ stage = STAGE_GETSIZES;
86+ err = (ctl->server.base_protocol->getpartialsizes)(mailserver_socket, num, lastnum, *msgsizes);
87+diff --git a/report.c b/report.c
88+index 5d9abb73..1466802a 100644
89+--- a/report.c
90++++ b/report.c
91+@@ -362,7 +362,7 @@ report_at_line (FILE *errfp, errnum, file_name, line_number, message, va_alist)
92+ static unsigned int old_line_number;
93+
94+ if (old_line_number == line_number &&
95+- (file_name == old_file_name || !strcmp (old_file_name, file_name)))
96++ (file_name == old_file_name || (old_file_name != NULL && 0 == strcmp (old_file_name, file_name))))
97+ /* Simply return and print nothing. */
98+ return;
99+
100+diff --git a/sink.c b/sink.c
101+index e8dd8355..164c36d8 100644
102+--- a/sink.c
103++++ b/sink.c
104+@@ -1189,14 +1189,14 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg,
105+ ** the worst case (end of string) sp[1] == '\0' */
106+ if (sp[1] == 's' || sp[1] == 'T') {
107+ *dp++ = '\'';
108+- strcpy(dp, names);
109++ if (names) strcpy(dp, names);
110+ dp += nameslen;
111+ *dp++ = '\'';
112+ sp++; /* position sp over [sT] */
113+ dp--; /* adjust dp */
114+ } else if (sp[1] == 'F') {
115+ *dp++ = '\'';
116+- strcpy(dp, from);
117++ if (from) strcpy(dp, from);
118+ dp += fromlen;
119+ *dp++ = '\'';
120+ sp++; /* position sp over F */
121+--
122+2.17.1
123+
124diff --git a/debian/patches/series b/debian/patches/series
125index 6747c0a..ce42e10 100644
126--- a/debian/patches/series
127+++ b/debian/patches/series
128@@ -4,3 +4,7 @@
129 04_invoke-rc.d.diff
130 05_Fix_potential_SIGSEGV_in_pop3_delete.patch
131 06_Enable_OpenSSL_native_name_verification.patch
132+
133+sni-support.patch
134+clang-robustness.patch
135+set-umask-for-fetchids.patch
136diff --git a/debian/patches/set-umask-for-fetchids.patch b/debian/patches/set-umask-for-fetchids.patch
137new file mode 100644
138index 0000000..5f2811b
139--- /dev/null
140+++ b/debian/patches/set-umask-for-fetchids.patch
141@@ -0,0 +1,49 @@
142+Description: Set umask properly before writing the .fetchids file,
143+ to avoid failing the security check on the next run.
144+Author: Matthias Andree <matthias.andree@gmx.de>
145+Origin: upstream, https://gitlab.com/fetchmail/fetchmail/commit/295ff6340f665d58e369035ffa4257f2f84553d6
146+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831611
147+Last-Update: 2019-06-27
148+---
149+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
150+index d910c19d..af2e77ba 100644
151+--- a/NEWS
152++++ b/NEWS
153+@@ -131,6 +131,8 @@ fetchmail-6.4.0 (not yet released):
154+ * Fetchmail no longer adds a NUL byte to the username in GSSAPI authentication.
155+ This was reported to break Kerberos-based authentication with Microsoft
156+ Exchange 2013 by Greg Hudson.
157++* Set umask properly before writing the .fetchids file, to avoid failing the
158++ security check on the next run. Reported by Fabian Raab, Debian Bug#831611.
159+
160+ # KNOWN BUGS AND WORKAROUNDS
161+ (This section floats upwards through the NEWS file so it stays with the
162+diff --git a/uid.c b/uid.c
163+index 7ee702b9..2db06733 100644
164+--- a/uid.c
165++++ b/uid.c
166+@@ -469,11 +469,13 @@ void write_saved_lists(struct query *hostlist, const char *idfile)
167+ report(stderr, GT_("Error deleting %s: %s\n"), idfile, strerror(errno));
168+ } else {
169+ char *newnam = (char *)xmalloc(strlen(idfile) + 2);
170++ mode_t old_umask;
171+ strcpy(newnam, idfile);
172+ strcat(newnam, "_");
173+ if (outlevel >= O_DEBUG)
174+ report(stdout, GT_("Writing fetchids file.\n"));
175+ (void)unlink(newnam); /* remove file/link first */
176++ old_umask = umask(S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH);
177+ if ((tmpfp = fopen(newnam, "w")) != (FILE *)NULL) {
178+ struct write_saved_info info;
179+ int errflg = 0;
180+@@ -517,6 +519,7 @@ bailout:
181+ report(stderr, GT_("Cannot open fetchids file %s for writing: %s\n"), newnam, strerror(errno));
182+ }
183+ free(newnam);
184++ (void)umask(old_umask);
185+ }
186+ }
187+ #endif /* POP3_ENABLE */
188+--
189+2.17.1
190+
191diff --git a/debian/patches/sni-support.patch b/debian/patches/sni-support.patch
192new file mode 100644
193index 0000000..e29ff88
194--- /dev/null
195+++ b/debian/patches/sni-support.patch
196@@ -0,0 +1,32 @@
197+Description: TLS: set hostname for SNI.
198+Author: Matthias Andree <matthias.andree@gmx.de>
199+Origin: upstream, https://gitlab.com/fetchmail/fetchmail/commit/9b8b634312f169fab872f3580c2febe5af031615
200+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/fetchmail/+bug/1798786
201+Last-Update: 2018-10-24
202+---
203+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
204+Index: fetchmail-gu/socket.c
205+===================================================================
206+--- fetchmail-gu.orig/socket.c
207++++ fetchmail-gu/socket.c
208+@@ -1201,6 +1201,20 @@ int SSLOpen(int sock, char *mycert, char
209+ }
210+ }
211+
212++ /*
213++ * Support SNI, some servers (googlemail) appear to require it.
214++ */
215++ {
216++ long r;
217++ r = SSL_set_tlsext_host_name(_ssl_context[sock], servercname);
218++
219++ if (0 == r) {
220++ /* handle error */
221++ report(stderr, GT_("Warning: SSL_set_tlsext_host_name(%p, \"%s\") failed (code %#lx), trying to continue.\n"), _ssl_context[sock], servercname, r);
222++ ERR_print_errors_fp(stderr);
223++ }
224++ }
225++
226+ if( mycert || mykey ) {
227+
228+ /* Ok... He has a certificate file defined, so lets declare it. If
229diff --git a/debian/tests/control b/debian/tests/control
230new file mode 100644
231index 0000000..1ca0335
232--- /dev/null
233+++ b/debian/tests/control
234@@ -0,0 +1,8 @@
235+Tests: installation
236+Depends: @
237+Restrictions:
238+
239+Tests: service
240+Depends: @, systemd-sysv
241+Restrictions: needs-root
242+
243diff --git a/debian/tests/installation b/debian/tests/installation
244new file mode 100755
245index 0000000..271fc6c
246--- /dev/null
247+++ b/debian/tests/installation
248@@ -0,0 +1,23 @@
249+#!/bin/sh
250+
251+############################################
252+### Check main installation requirements ###
253+############################################
254+
255+set -e
256+
257+# Config file
258+echo "Checking config file present"
259+test -e /etc/default/fetchmail
260+
261+# Service
262+echo "Checking service scripts are installed"
263+test -e /etc/init.d/fetchmail
264+test -e /etc/ppp/ip-down.d/fetchmail
265+
266+# Script
267+echo "Checking fetchmail is present"
268+test -e /usr/bin/fetchmail
269+fetchmail --version > /dev/null 2>&1
270+c=$(fetchmail --help 2>&1 | wc -l)
271+test $c -gt 5
272diff --git a/debian/tests/service b/debian/tests/service
273new file mode 100755
274index 0000000..95f9abc
275--- /dev/null
276+++ b/debian/tests/service
277@@ -0,0 +1,13 @@
278+#!/bin/sh
279+
280+###############################
281+### Check fetchmail service ###
282+###############################
283+
284+set -e
285+
286+echo "Checking fetchmail service is enabled"
287+systemctl is-enabled fetchmail.service
288+
289+echo "Checking fetchmail service is active"
290+systemctl is-active fetchmail.service

Subscribers

People subscribed via source and target branches