Date: Thu, 24 Feb 2011 10:04:23 +0100 (CET) From: Matthias Andree <matthias.andree@gmx.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: question+fbsdports@closedsrc.org Subject: ports/154997: [PATCH] mail/getmail: add SSL warning to pkg-descr Message-ID: <20110224090423.DD03D33CB9@rho.emma.line.org> Resent-Message-ID: <201102240940.p1O9e4Dq012591@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 154997 >Category: ports >Synopsis: [PATCH] mail/getmail: add SSL warning to pkg-descr >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Feb 24 09:40:04 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 8.1-RELEASE i386 >Organization: >Environment: System: FreeBSD rho.emma.line.org 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 >Description: - add a WARNING to pkg-descr stating that SSL doesn't validate certificates, thus not protecting against MITM eavesdropping evidence (as of 2011-02-24 09:00 UTC): http://pyropus.ca/software/getmail/configuration.html#retriever-simplepop3ssl - remove MD5 checksum Port maintainer (question+fbsdports@closedsrc.org) is cc'd; Linh, please follow up to this PR with a message stating whether or not you approve of the changes. Generated with FreeBSD Port Tools 0.99 >How-To-Repeat: >Fix: --- getmail-4.20.0.patch begins here --- diff -ruN --exclude=CVS /usr/ports/mail/getmail/distinfo /usr/home/emma/ports/mail/getmail/distinfo --- /usr/ports/mail/getmail/distinfo 2010-07-01 07:58:10.000000000 +0200 +++ /usr/home/emma/ports/mail/getmail/distinfo 2011-02-24 09:59:29.000000000 +0100 @@ -1,3 +1,2 @@ -MD5 (getmail-4.20.0.tar.gz) = 33a090d62b6039e0a8df4c3da545d851 SHA256 (getmail-4.20.0.tar.gz) = d6ce51d366c4d91f960a39dbd5f8821f8b0d79bb880f215a9839ee6054f6979d SIZE (getmail-4.20.0.tar.gz) = 156907 diff -ruN --exclude=CVS /usr/ports/mail/getmail/pkg-descr /usr/home/emma/ports/mail/getmail/pkg-descr --- /usr/ports/mail/getmail/pkg-descr 2005-02-22 07:04:39.000000000 +0100 +++ /usr/home/emma/ports/mail/getmail/pkg-descr 2011-02-24 10:01:18.000000000 +0100 @@ -3,6 +3,8 @@ Summary of features: - Retrieve mail from an unlimited number of POP3/IMAP4 mailboxes and servers. - Support for POP3-over-SSL and IMAP-over-SSL, as well as SDPS + WARNING: even with SSL, "no certificate or key validation is done." so + that getmail does not detect or protect from man-in-the-middle attacks. - Support for multidrop or domain mailboxes. - Safe and reliable delivery to qmail-style Maildirs, as well as program (pipe) delivery for use with arbitrary external MDAs. Includes an MDA --- getmail-4.20.0.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110224090423.DD03D33CB9>