From 106a9382918cdd560e25c7b6c6457cb102378a03 Mon Sep 17 00:00:00 2001
From: Vitezslav Crhonek <vcrhonek@redhat.com>
Date: Jun 07 2011 10:14:28 +0000
Subject: Update to fetchmail-6.3.20


---

diff --git a/.gitignore b/.gitignore
index dad53c8..933a39a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@ fetchmail-6.3.17.tar.xz.asc
 /fetchmail-6.3.18.tar.xz.asc
 /fetchmail-6.3.19.tar.xz
 /fetchmail-6.3.19.tar.xz.asc
+/fetchmail-6.3.20.tar.xz
+/fetchmail-6.3.20.tar.xz.asc
diff --git a/fetchmail-6.3.19-cve-2011-1947.patch b/fetchmail-6.3.19-cve-2011-1947.patch
deleted file mode 100644
index 2f14096..0000000
--- a/fetchmail-6.3.19-cve-2011-1947.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-commit 7dc67b8cf06f74aa57525279940e180c99701314
-Author: Matthias Andree <matthias.andree@gmx.de>
-Date:   Thu May 26 01:47:41 2011 +0200
-
-    Run S(TART)TLS negotiation under timeout alarm.
-    
-    Reported missing by Thomas Jarosch.
-
-diff --git a/imap.c b/imap.c
-index dca3bab..397b391 100644
---- a/imap.c
-+++ b/imap.c
-@@ -447,9 +447,9 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
- 	     * whether TLS is mandatory or opportunistic unless SSLOpen() fails
- 	     * (see below). */
- 	    if (gen_transact(sock, "STARTTLS") == PS_SUCCESS
--		    && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
-+		    && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
- 			ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
--			ctl->server.pollname, &ctl->remotename) != -1)
-+			ctl->server.pollname, &ctl->remotename)) != -1)
- 	    {
- 		/*
- 		 * RFC 2595 says this:
-@@ -473,9 +473,11 @@ static int imap_getauth(int sock, struct query *ctl, char *greeting)
- 	    } else if (must_tls(ctl)) {
- 		/* Config required TLS but we couldn't guarantee it, so we must
- 		 * stop. */
-+		set_timeout(0);
- 		report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
- 		return PS_SOCKET;
- 	    } else {
-+		set_timeout(0);
- 		if (outlevel >= O_VERBOSE) {
- 		    report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue\n"), commonname);
- 		}
-diff --git a/pop3.c b/pop3.c
-index 3def391..9cf8494 100644
---- a/pop3.c
-+++ b/pop3.c
-@@ -448,9 +448,9 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
- 		* whether TLS is mandatory or opportunistic unless SSLOpen() fails
- 		* (see below). */
- 	       if (gen_transact(sock, "STLS") == PS_SUCCESS
--		       && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
-+		       && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
- 			   ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
--			   ctl->server.pollname, &ctl->remotename) != -1)
-+			   ctl->server.pollname, &ctl->remotename)) != -1)
- 	       {
- 		   /*
- 		    * RFC 2595 says this:
-@@ -465,6 +465,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
- 		    * Now that we're confident in our TLS connection we can
- 		    * guarantee a secure capability re-probe.
- 		    */
-+		   set_timeout(0);
- 		   done_capa = FALSE;
- 		   ok = capa_probe(sock);
- 		   if (ok != PS_SUCCESS) {
-@@ -477,6 +478,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
- 	       } else if (must_tls(ctl)) {
- 		   /* Config required TLS but we couldn't guarantee it, so we must
- 		    * stop. */
-+		   set_timeout(0);
- 		   report(stderr, GT_("%s: upgrade to TLS failed.\n"), commonname);
- 		   return PS_SOCKET;
- 	       } else {
-@@ -485,6 +487,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting)
- 		    * allowed til post-authentication), so leave it in an unknown
- 		    * state, mark it as such, and check more carefully if things
- 		    * go wrong when we try to authenticate. */
-+		   set_timeout(0);
- 		   connection_may_have_tls_errors = TRUE;
- 		   if (outlevel >= O_VERBOSE)
- 		   {
diff --git a/fetchmail.spec b/fetchmail.spec
index 618e0b2..b8221b8 100644
--- a/fetchmail.spec
+++ b/fetchmail.spec
@@ -3,11 +3,10 @@
 
 Summary: A remote mail retrieval and forwarding utility
 Name: fetchmail
-Version: 6.3.19
-Release: 5%{?dist}
+Version: 6.3.20
+Release: 1%{?dist}
 Source0: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.xz
 Source1: http://download.berlios.de/fetchmail/fetchmail-%{version}.tar.xz.asc
-Patch0: fetchmail-6.3.19-cve-2011-1947.patch
 URL: http://fetchmail.berlios.de/
 # For a breakdown of the licensing, see COPYING
 License: GPL+ and Public Domain
@@ -45,7 +44,6 @@ need to have Python and Tk installed in order to use fetchmailconf.
 
 %prep
 %setup -q
-%patch0 -p1 -b .cve-2011-1947
 
 %build
 %configure --enable-POP3 --enable-IMAP --with-ssl --with-hesiod \
@@ -84,6 +82,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Tue Jun 07 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.20-1
+- Update to fetchmail-6.3.20
+
 * Thu Jun 02 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.19-5
 - Fix CVE-2011-1947
 
diff --git a/sources b/sources
index 05bce0e..aed2753 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-6c5a1e26da06b85f9a47fe66cef8aa31  fetchmail-6.3.19.tar.xz
-53a6595846fa8cad2720ea33cb3a8aa8  fetchmail-6.3.19.tar.xz.asc
+76406dbb37471f911cbb483830afe068  fetchmail-6.3.20.tar.xz
+7f4c33505e4d28a88f40dbd6382b38fe  fetchmail-6.3.20.tar.xz.asc