diff --git a/.cvsignore b/.cvsignore index 96841fa..5e07ab6 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -mutt-1.5.19.tar.gz +mutt-1.5.20-20090827hg605559.tar.bz2 diff --git a/mutt-1.5.19-db47.patch b/mutt-1.5.19-db47.patch deleted file mode 100644 index d003704..0000000 --- a/mutt-1.5.19-db47.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up mutt-1.5.19/configure.db47 mutt-1.5.19/configure ---- mutt-1.5.19/configure.db47 2009-01-06 17:03:22.000000000 +0100 -+++ mutt-1.5.19/configure 2009-01-06 17:05:19.000000000 +0100 -@@ -16074,7 +16074,7 @@ echo "$as_me: error: GDBM could not be u - bdbpfx="$bdbpfx $d/$v" - done - done -- BDB_VERSIONS="db-4 db4 db-4.6 db4.6 db46 db-4.5 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db ''" -+ BDB_VERSIONS="db-4 db4 db-4.7 db4.7 db-4.6 db4.6 db46 db-4.5 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db ''" - { echo "$as_me:$LINENO: checking for BerkeleyDB > 4.0" >&5 - echo $ECHO_N "checking for BerkeleyDB > 4.0... $ECHO_C" >&6; } - for d in $bdbpfx; do diff --git a/mutt-1.5.19-gnutls.patch b/mutt-1.5.19-gnutls.patch deleted file mode 100644 index 1cd3ebe..0000000 --- a/mutt-1.5.19-gnutls.patch +++ /dev/null @@ -1,622 +0,0 @@ -diff -r a4b47ac32d32 -r 15c662a95b91 mutt_ssl_gnutls.c ---- a/mutt_ssl_gnutls.c Mon Jan 05 16:37:27 2009 -0800 -+++ b/mutt_ssl_gnutls.c Mon Jun 08 23:55:39 2009 -0700 -@@ -33,6 +33,16 @@ - #include "mutt_ssl.h" - #include "mutt_regex.h" - -+/* certificate error bitmap values */ -+#define CERTERR_VALID 0 -+#define CERTERR_EXPIRED 1 -+#define CERTERR_NOTYETVALID 2 -+#define CERTERR_REVOKED 4 -+#define CERTERR_NOTTRUSTED 8 -+#define CERTERR_HOSTNAME 16 -+#define CERTERR_SIGNERNOTCA 32 -+#define CERTERR_INSECUREALG 64 -+ - typedef struct _tlssockdata - { - gnutls_session state; -@@ -265,6 +275,12 @@ - SslClientCert, GNUTLS_X509_FMT_PEM); - } - -+#if HAVE_DECL_GNUTLS_VERIFY_DISABLE_TIME_CHECKS -+ /* disable checking certificate activation/expiration times -+ in gnutls, we do the checks ourselves */ -+ gnutls_certificate_set_verify_flags(data->xcred, GNUTLS_VERIFY_DISABLE_TIME_CHECKS); -+#endif -+ - gnutls_init(&data->state, GNUTLS_CLIENT); - - /* set socket */ -@@ -408,7 +424,7 @@ - } - - b64_data.size = fread(b64_data.data, 1, b64_data.size, fd1); -- fclose(fd1); -+ safe_fclose (&fd1); - - do { - ret = gnutls_pem_base64_decode_alloc(NULL, &b64_data, &cert); -@@ -504,7 +520,7 @@ - - buf[0] = '\0'; - tls_fingerprint (GNUTLS_DIG_MD5, buf, sizeof (buf), cert); -- while ((linestr = mutt_read_line(linestr, &linestrsize, fp, &linenum)) != NULL) -+ while ((linestr = mutt_read_line(linestr, &linestrsize, fp, &linenum, 0)) != NULL) - { - if(linestr[0] == '#' && linestr[1] == 'H') - { -@@ -517,7 +533,7 @@ - { - regfree(&preg); - FREE(&linestr); -- fclose(fp); -+ safe_fclose (&fp); - return 1; - } - } -@@ -525,24 +541,137 @@ - } - - regfree(&preg); -- fclose(fp); -+ safe_fclose (&fp); - } - - /* not found a matching name */ - return 0; - } - -+static int tls_check_preauth (const gnutls_datum_t *certdata, -+ gnutls_certificate_status certstat, -+ const char *hostname, int chainidx, int* certerr, -+ int* savedcert) -+{ -+ gnutls_x509_crt cert; -+ -+ *certerr = CERTERR_VALID; -+ *savedcert = 0; -+ -+ if (gnutls_x509_crt_init (&cert) < 0) -+ { -+ mutt_error (_("Error initialising gnutls certificate data")); -+ mutt_sleep (2); -+ return -1; -+ } -+ -+ if (gnutls_x509_crt_import (cert, certdata, GNUTLS_X509_FMT_DER) < 0) -+ { -+ mutt_error (_("Error processing certificate data")); -+ mutt_sleep (2); -+ gnutls_x509_crt_deinit (cert); -+ return -1; -+ } -+ -+ if (option (OPTSSLVERIFYDATES) != M_NO) -+ { -+ if (gnutls_x509_crt_get_expiration_time (cert) < time(NULL)) -+ *certerr |= CERTERR_EXPIRED; -+ if (gnutls_x509_crt_get_activation_time (cert) > time(NULL)) -+ *certerr |= CERTERR_NOTYETVALID; -+ } -+ -+ if (chainidx == 0 && option (OPTSSLVERIFYHOST) != M_NO -+ && !gnutls_x509_crt_check_hostname (cert, hostname) -+ && !tls_check_stored_hostname (certdata, hostname)) -+ *certerr |= CERTERR_HOSTNAME; -+ -+ /* see whether certificate is in our cache (certificates file) */ -+ if (tls_compare_certificates (certdata)) -+ { -+ *savedcert = 1; -+ -+ if (chainidx == 0 && certstat & GNUTLS_CERT_INVALID) -+ { -+ /* doesn't matter - have decided is valid because server -+ certificate is in our trusted cache */ -+ certstat ^= GNUTLS_CERT_INVALID; -+ } -+ -+ if (chainidx == 0 && certstat & GNUTLS_CERT_SIGNER_NOT_FOUND) -+ { -+ /* doesn't matter that we haven't found the signer, since -+ certificate is in our trusted cache */ -+ certstat ^= GNUTLS_CERT_SIGNER_NOT_FOUND; -+ } -+ -+ if (chainidx <= 1 && certstat & GNUTLS_CERT_SIGNER_NOT_CA) -+ { -+ /* Hmm. Not really sure how to handle this, but let's say -+ that we don't care if the CA certificate hasn't got the -+ correct X.509 basic constraints if server or first signer -+ certificate is in our cache. */ -+ certstat ^= GNUTLS_CERT_SIGNER_NOT_CA; -+ } -+ -+ if (chainidx == 0 && certstat & GNUTLS_CERT_INSECURE_ALGORITHM) -+ { -+ /* doesn't matter that it was signed using an insecure -+ algorithm, since certificate is in our trusted cache */ -+ certstat ^= GNUTLS_CERT_INSECURE_ALGORITHM; -+ } -+ } -+ -+ if (certstat & GNUTLS_CERT_REVOKED) -+ { -+ *certerr |= CERTERR_REVOKED; -+ certstat ^= GNUTLS_CERT_REVOKED; -+ } -+ -+ if (certstat & GNUTLS_CERT_INVALID) -+ { -+ *certerr |= CERTERR_NOTTRUSTED; -+ certstat ^= GNUTLS_CERT_INVALID; -+ } -+ -+ if (certstat & GNUTLS_CERT_SIGNER_NOT_FOUND) -+ { -+ /* NB: already cleared if cert in cache */ -+ *certerr |= CERTERR_NOTTRUSTED; -+ certstat ^= GNUTLS_CERT_SIGNER_NOT_FOUND; -+ } -+ -+ if (certstat & GNUTLS_CERT_SIGNER_NOT_CA) -+ { -+ /* NB: already cleared if cert in cache */ -+ *certerr |= CERTERR_SIGNERNOTCA; -+ certstat ^= GNUTLS_CERT_SIGNER_NOT_CA; -+ } -+ -+ if (certstat & GNUTLS_CERT_INSECURE_ALGORITHM) -+ { -+ /* NB: already cleared if cert in cache */ -+ *certerr |= CERTERR_INSECUREALG; -+ certstat ^= GNUTLS_CERT_INSECURE_ALGORITHM; -+ } -+ -+ gnutls_x509_crt_deinit (cert); -+ -+ /* we've been zeroing the interesting bits in certstat - -+ don't return OK if there are any unhandled bits we don't -+ understand */ -+ if (*certerr == CERTERR_VALID && certstat == 0) -+ return 0; -+ -+ return -1; -+} -+ - static int tls_check_one_certificate (const gnutls_datum_t *certdata, - gnutls_certificate_status certstat, - const char* hostname, int idx, int len) - { -+ int certerr, savedcert; - gnutls_x509_crt cert; -- int certerr_hostname = 0; -- int certerr_expired = 0; -- int certerr_notyetvalid = 0; -- int certerr_nottrusted = 0; -- int certerr_revoked = 0; -- int certerr_signernotca = 0; - char buf[SHORT_STRING]; - char fpbuf[SHORT_STRING]; - size_t buflen; -@@ -562,13 +691,29 @@ - gnutls_datum pemdata; - int i, row, done, ret; - -+ if (!tls_check_preauth (certdata, certstat, hostname, idx, &certerr, -+ &savedcert)) -+ return 1; -+ -+ /* skip signers if insecure algorithm was used */ -+ if (idx && (certerr & CERTERR_INSECUREALG)) -+ { -+ if (idx == 1) -+ { -+ mutt_error (_("Warning: Server certificate was signed using an insecure algorithm")); -+ mutt_sleep (2); -+ } -+ return 0; -+ } -+ -+ /* interactive check from user */ - if (gnutls_x509_crt_init (&cert) < 0) - { - mutt_error (_("Error initialising gnutls certificate data")); - mutt_sleep (2); - return 0; - } -- -+ - if (gnutls_x509_crt_import (cert, certdata, GNUTLS_X509_FMT_DER) < 0) - { - mutt_error (_("Error processing certificate data")); -@@ -576,94 +721,17 @@ - gnutls_x509_crt_deinit (cert); - return -1; - } -- -- if (gnutls_x509_crt_get_expiration_time (cert) < time(NULL)) -- certerr_expired = 1; -- if (gnutls_x509_crt_get_activation_time (cert) > time(NULL)) -- certerr_notyetvalid = 1; - -- if (!idx) -- { -- if (!gnutls_x509_crt_check_hostname (cert, hostname) && -- !tls_check_stored_hostname (certdata, hostname)) -- certerr_hostname = 1; -- } -- -- /* see whether certificate is in our cache (certificates file) */ -- if (tls_compare_certificates (certdata)) -- { -- if (certstat & GNUTLS_CERT_INVALID) -- { -- /* doesn't matter - have decided is valid because server -- certificate is in our trusted cache */ -- certstat ^= GNUTLS_CERT_INVALID; -- } -- -- if (certstat & GNUTLS_CERT_SIGNER_NOT_FOUND) -- { -- /* doesn't matter that we haven't found the signer, since -- certificate is in our trusted cache */ -- certstat ^= GNUTLS_CERT_SIGNER_NOT_FOUND; -- } -- -- if (certstat & GNUTLS_CERT_SIGNER_NOT_CA) -- { -- /* Hmm. Not really sure how to handle this, but let's say -- that we don't care if the CA certificate hasn't got the -- correct X.509 basic constraints if server certificate is -- in our cache. */ -- certstat ^= GNUTLS_CERT_SIGNER_NOT_CA; -- } -- } -- -- if (certstat & GNUTLS_CERT_REVOKED) -- { -- certerr_revoked = 1; -- certstat ^= GNUTLS_CERT_REVOKED; -- } -- -- if (certstat & GNUTLS_CERT_INVALID) -- { -- certerr_nottrusted = 1; -- certstat ^= GNUTLS_CERT_INVALID; -- } -- -- if (certstat & GNUTLS_CERT_SIGNER_NOT_FOUND) -- { -- /* NB: already cleared if cert in cache */ -- certerr_nottrusted = 1; -- certstat ^= GNUTLS_CERT_SIGNER_NOT_FOUND; -- } -- -- if (certstat & GNUTLS_CERT_SIGNER_NOT_CA) -- { -- /* NB: already cleared if cert in cache */ -- certerr_signernotca = 1; -- certstat ^= GNUTLS_CERT_SIGNER_NOT_CA; -- } -- -- /* OK if signed by (or is) a trusted certificate */ -- /* we've been zeroing the interesting bits in certstat - -- don't return OK if there are any unhandled bits we don't -- understand */ -- if (!(certerr_expired || certerr_notyetvalid || -- certerr_hostname || certerr_nottrusted) && certstat == 0) -- { -- gnutls_x509_crt_deinit (cert); -- return 1; -- } -- -- /* interactive check from user */ - menu = mutt_new_menu (-1); - menu->max = 25; - menu->dialog = (char **) safe_calloc (1, menu->max * sizeof (char *)); - for (i = 0; i < menu->max; i++) - menu->dialog[i] = (char *) safe_calloc (1, SHORT_STRING * sizeof (char)); -- -+ - row = 0; - strfcpy (menu->dialog[row], _("This certificate belongs to:"), SHORT_STRING); - row++; -- -+ - buflen = sizeof (dn_common_name); - if (gnutls_x509_crt_get_dn_by_oid (cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, - dn_common_name, &buflen) != 0) -@@ -692,17 +760,17 @@ - if (gnutls_x509_crt_get_dn_by_oid (cert, GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, - dn_country, &buflen) != 0) - dn_country[0] = '\0'; -- -+ - snprintf (menu->dialog[row++], SHORT_STRING, " %s %s", dn_common_name, dn_email); - snprintf (menu->dialog[row++], SHORT_STRING, " %s", dn_organization); - snprintf (menu->dialog[row++], SHORT_STRING, " %s", dn_organizational_unit); - snprintf (menu->dialog[row++], SHORT_STRING, " %s %s %s", - dn_locality, dn_province, dn_country); - row++; -- -+ - strfcpy (menu->dialog[row], _("This certificate was issued by:"), SHORT_STRING); - row++; -- -+ - buflen = sizeof (dn_common_name); - if (gnutls_x509_crt_get_issuer_dn_by_oid (cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, - dn_common_name, &buflen) != 0) -@@ -731,52 +799,52 @@ - if (gnutls_x509_crt_get_issuer_dn_by_oid (cert, GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, - dn_country, &buflen) != 0) - dn_country[0] = '\0'; -- -+ - snprintf (menu->dialog[row++], SHORT_STRING, " %s %s", dn_common_name, dn_email); - snprintf (menu->dialog[row++], SHORT_STRING, " %s", dn_organization); - snprintf (menu->dialog[row++], SHORT_STRING, " %s", dn_organizational_unit); - snprintf (menu->dialog[row++], SHORT_STRING, " %s %s %s", - dn_locality, dn_province, dn_country); - row++; -- -+ - snprintf (menu->dialog[row++], SHORT_STRING, _("This certificate is valid")); -- -+ - t = gnutls_x509_crt_get_activation_time (cert); -- snprintf (menu->dialog[row++], SHORT_STRING, _(" from %s"), -+ snprintf (menu->dialog[row++], SHORT_STRING, _(" from %s"), - tls_make_date (t, datestr, 30)); -- -+ - t = gnutls_x509_crt_get_expiration_time (cert); -- snprintf (menu->dialog[row++], SHORT_STRING, _(" to %s"), -+ snprintf (menu->dialog[row++], SHORT_STRING, _(" to %s"), - tls_make_date (t, datestr, 30)); -- -+ - fpbuf[0] = '\0'; - tls_fingerprint (GNUTLS_DIG_SHA, fpbuf, sizeof (fpbuf), certdata); - snprintf (menu->dialog[row++], SHORT_STRING, _("SHA1 Fingerprint: %s"), fpbuf); - fpbuf[0] = '\0'; - tls_fingerprint (GNUTLS_DIG_MD5, fpbuf, sizeof (fpbuf), certdata); - snprintf (menu->dialog[row++], SHORT_STRING, _("MD5 Fingerprint: %s"), fpbuf); -- -- if (certerr_notyetvalid) -+ -+ if (certerr & CERTERR_NOTYETVALID) - { - row++; - strfcpy (menu->dialog[row], _("WARNING: Server certificate is not yet valid"), SHORT_STRING); - } -- if (certerr_expired) -+ if (certerr & CERTERR_EXPIRED) - { - row++; - strfcpy (menu->dialog[row], _("WARNING: Server certificate has expired"), SHORT_STRING); - } -- if (certerr_revoked) -+ if (certerr & CERTERR_REVOKED) - { - row++; - strfcpy (menu->dialog[row], _("WARNING: Server certificate has been revoked"), SHORT_STRING); - } -- if (certerr_hostname) -+ if (certerr & CERTERR_HOSTNAME) - { - row++; - strfcpy (menu->dialog[row], _("WARNING: Server hostname does not match certificate"), SHORT_STRING); - } -- if (certerr_signernotca) -+ if (certerr & CERTERR_SIGNERNOTCA) - { - row++; - strfcpy (menu->dialog[row], _("WARNING: Signer of server certificate is not a CA"), SHORT_STRING); -@@ -788,7 +856,9 @@ - menu->title = title; - /* certificates with bad dates, or that are revoked, must be - accepted manually each and every time */ -- if (SslCertFile && !certerr_expired && !certerr_notyetvalid && !certerr_revoked) -+ if (SslCertFile && !savedcert -+ && !(certerr & (CERTERR_EXPIRED | CERTERR_NOTYETVALID -+ | CERTERR_REVOKED))) - { - menu->prompt = _("(r)eject, accept (o)nce, (a)ccept always"); - menu->keys = _("roa"); -@@ -798,14 +868,14 @@ - menu->prompt = _("(r)eject, accept (o)nce"); - menu->keys = _("ro"); - } -- -+ - helpstr[0] = '\0'; - mutt_make_help (buf, sizeof (buf), _("Exit "), MENU_GENERIC, OP_EXIT); - safe_strcat (helpstr, sizeof (helpstr), buf); - mutt_make_help (buf, sizeof (buf), _("Help"), MENU_GENERIC, OP_HELP); - safe_strcat (helpstr, sizeof (helpstr), buf); - menu->help = helpstr; -- -+ - done = 0; - set_option (OPTUNBUFFEREDINPUT); - while (!done) -@@ -822,12 +892,12 @@ - if ((fp = fopen (SslCertFile, "a"))) - { - /* save hostname if necessary */ -- if (certerr_hostname) -+ if (certerr & CERTERR_HOSTNAME) - { - fprintf(fp, "#H %s %s\n", hostname, fpbuf); - done = 1; - } -- if (certerr_nottrusted) -+ if (certerr & CERTERR_NOTTRUSTED) - { - done = 0; - ret = gnutls_pem_base64_encode_alloc ("CERTIFICATE", certdata, -@@ -841,7 +911,7 @@ - gnutls_free (pemdata.data); - } - } -- fclose (fp); -+ safe_fclose (&fp); - } - if (!done) - { -@@ -866,23 +936,14 @@ - return (done == 2); - } - --static int tls_check_certificate (CONNECTION* conn) -+/* sanity-checking wrapper for gnutls_certificate_verify_peers */ -+static gnutls_certificate_status tls_verify_peers (gnutls_session tlsstate) - { -- tlssockdata *data = conn->sockdata; -- gnutls_session state = data->state; -- const gnutls_datum *cert_list; -- unsigned int cert_list_size = 0; - gnutls_certificate_status certstat; -- int i, rc; - -- if (gnutls_auth_get_type (state) != GNUTLS_CRD_CERTIFICATE) -- { -- mutt_error (_("Unable to get certificate from peer")); -- mutt_sleep (2); -- return 0; -- } -- -- certstat = gnutls_certificate_verify_peers (state); -+ certstat = gnutls_certificate_verify_peers (tlsstate); -+ if (!certstat) -+ return certstat; - - if (certstat == GNUTLS_E_NO_CERTIFICATE_FOUND) - { -@@ -899,13 +960,34 @@ - } - - /* We only support X.509 certificates (not OpenPGP) at the moment */ -- if (gnutls_certificate_type_get (state) != GNUTLS_CRT_X509) -+ if (gnutls_certificate_type_get (tlsstate) != GNUTLS_CRT_X509) - { - mutt_error (_("Certificate is not X.509")); - mutt_sleep (2); - return 0; - } - -+ return certstat; -+} -+ -+static int tls_check_certificate (CONNECTION* conn) -+{ -+ tlssockdata *data = conn->sockdata; -+ gnutls_session state = data->state; -+ const gnutls_datum *cert_list; -+ unsigned int cert_list_size = 0; -+ gnutls_certificate_status certstat; -+ int certerr, i, preauthrc, savedcert, rc = 0; -+ -+ if (gnutls_auth_get_type (state) != GNUTLS_CRD_CERTIFICATE) -+ { -+ mutt_error (_("Unable to get certificate from peer")); -+ mutt_sleep (2); -+ return 0; -+ } -+ -+ certstat = tls_verify_peers (state); -+ - cert_list = gnutls_certificate_get_peers (state, &cert_list_size); - if (!cert_list) - { -@@ -914,13 +996,42 @@ - return 0; - } - -+ /* tls_verify_peers doesn't check hostname or expiration, so walk -+ * from most specific to least checking these. If we see a saved certificate, -+ * its status short-circuits the remaining checks. */ -+ preauthrc = 0; -+ for (i = 0; i < cert_list_size; i++) { -+ rc = tls_check_preauth(&cert_list[i], certstat, conn->account.host, i, -+ &certerr, &savedcert); -+ preauthrc += rc; -+ -+ if (savedcert) -+ { -+ if (!preauthrc) -+ return 1; -+ else -+ break; -+ } -+ } -+ -+ /* then check interactively, starting from chain root */ - for (i = cert_list_size - 1; i >= 0; i--) - { - rc = tls_check_one_certificate (&cert_list[i], certstat, conn->account.host, - i, cert_list_size); -- if (rc) -- return rc; -+ -+ /* add signers to trust set, then reverify */ -+ if (i && rc) { -+ rc = gnutls_certificate_set_x509_trust_mem (data->xcred, &cert_list[i], -+ GNUTLS_X509_FMT_DER); -+ if (rc != 1) -+ dprint (1, (debugfile, "error trusting certificate %d: %d\n", i, rc)); -+ -+ certstat = tls_verify_peers (state); -+ if (!certstat) -+ return 1; -+ } - } - -- return 0; -+ return rc; - } -diff -up mutt-1.5.19/mutt_ssl_gnutls.c.gnutls2 mutt-1.5.19/mutt_ssl_gnutls.c ---- mutt-1.5.19/mutt_ssl_gnutls.c.gnutls2 2009-06-09 15:41:56.000000000 +0200 -+++ mutt-1.5.19/mutt_ssl_gnutls.c 2009-06-09 16:05:51.000000000 +0200 -@@ -275,7 +275,7 @@ static int tls_negotiate (CONNECTION * c - SslClientCert, GNUTLS_X509_FMT_PEM); - } - --#if HAVE_DECL_GNUTLS_VERIFY_DISABLE_TIME_CHECKS -+#if 1 - /* disable checking certificate activation/expiration times - in gnutls, we do the checks ourselves */ - gnutls_certificate_set_verify_flags(data->xcred, GNUTLS_VERIFY_DISABLE_TIME_CHECKS); -@@ -520,7 +520,7 @@ static int tls_check_stored_hostname (co - - buf[0] = '\0'; - tls_fingerprint (GNUTLS_DIG_MD5, buf, sizeof (buf), cert); -- while ((linestr = mutt_read_line(linestr, &linestrsize, fp, &linenum, 0)) != NULL) -+ while ((linestr = mutt_read_line(linestr, &linestrsize, fp, &linenum)) != NULL) - { - if(linestr[0] == '#' && linestr[1] == 'H') - { -@@ -573,7 +573,7 @@ static int tls_check_preauth (const gnut - return -1; - } - -- if (option (OPTSSLVERIFYDATES) != M_NO) -+ if (1) - { - if (gnutls_x509_crt_get_expiration_time (cert) < time(NULL)) - *certerr |= CERTERR_EXPIRED; -@@ -581,7 +581,7 @@ static int tls_check_preauth (const gnut - *certerr |= CERTERR_NOTYETVALID; - } - -- if (chainidx == 0 && option (OPTSSLVERIFYHOST) != M_NO -+ if (chainidx == 0 - && !gnutls_x509_crt_check_hostname (cert, hostname) - && !tls_check_stored_hostname (certdata, hostname)) - *certerr |= CERTERR_HOSTNAME; diff --git a/mutt-1.5.19-inodesort.patch b/mutt-1.5.19-inodesort.patch deleted file mode 100644 index 8345caf..0000000 --- a/mutt-1.5.19-inodesort.patch +++ /dev/null @@ -1,36 +0,0 @@ -# HG changeset patch -# User Rocco Rutte -# Date 1233066304 -3600 -# Branch HEAD -# Node ID eb918af802ec62136f5a522dcb1ac18cb470d4ac -# Parent da94a92c3ba0ec7718c78a1c60d62931d13b062f -Unconditionally inode-sort Maildir and MH folders. Closes #3166. - -diff -r da94a92c3ba0 -r eb918af802ec mh.c ---- a/mh.c Mon Jan 26 12:32:30 2009 -0800 -+++ b/mh.c Tue Jan 27 15:25:04 2009 +0100 -@@ -1027,13 +1027,14 @@ - if (!ctx->quiet && progress) - mutt_progress_update (progress, count, -1); - -+ DO_SORT(); -+ - snprintf (fn, sizeof (fn), "%s/%s", ctx->path, p->h->path); - - #if USE_HCACHE - if (option(OPTHCACHEVERIFY)) - { -- DO_SORT(); -- ret = stat(fn, &lastchanged); -+ ret = stat(fn, &lastchanged); - } - else - { -@@ -1057,7 +1058,6 @@ - { - #endif /* USE_HCACHE */ - -- DO_SORT(); - if (maildir_parse_message (ctx->magic, fn, p->h->old, p->h)) - { - p->header_parsed = 1; diff --git a/mutt-1.5.19-realpath.patch b/mutt-1.5.19-realpath.patch deleted file mode 100644 index 4f506be..0000000 --- a/mutt-1.5.19-realpath.patch +++ /dev/null @@ -1,32 +0,0 @@ -# HG changeset patch -# User Miroslav Lichvar -# Date 1238589215 -7200 -# Branch HEAD -# Node ID 8205a12329d395b87eeb890cb86d28e761e83992 -# Parent 47c64fd9ac708fee9f4969e571c42e105287596e -Use PATH_MAX for buffers passed to realpath(3) as we're supposed to - -diff -r 47c64fd9ac70 -r 8205a12329d3 hcache.c ---- a/hcache.c Wed Apr 01 13:16:35 2009 +0200 -+++ b/hcache.c Wed Apr 01 14:33:35 2009 +0200 -@@ -836,7 +836,7 @@ - * to ensure equivalent paths share the hcache */ - if (stat (folder, &st) == 0) - { -- p = safe_malloc (_POSIX_PATH_MAX+1); -+ p = safe_malloc (PATH_MAX+1); - if (!realpath (folder, p)) - mutt_str_replace (&p, folder); - } else -diff -r 47c64fd9ac70 -r 8205a12329d3 muttlib.c ---- a/muttlib.c Wed Apr 01 13:16:35 2009 +0200 -+++ b/muttlib.c Wed Apr 01 14:33:35 2009 +0200 -@@ -759,7 +759,7 @@ - char *p = s, *q = s; - size_t len; - url_scheme_t scheme; -- char tmp[_POSIX_PATH_MAX]; -+ char tmp[PATH_MAX]; - - scheme = url_check_scheme (s); - diff --git a/mutt-1.5.19-saslcb.patch b/mutt-1.5.19-saslcb.patch deleted file mode 100644 index 6094f79..0000000 --- a/mutt-1.5.19-saslcb.patch +++ /dev/null @@ -1,19 +0,0 @@ -# HG changeset patch -# User Roman Kraevskiy -# Date 1237455364 -3600 -# Branch HEAD -# Node ID 6fac57b97bf1e829d1bfdf643583f5921e153fea -# Parent 17d770ae41e4bc94527181dc62072564b9fbd252 -Restore connection polling callback when closing SASL connection. Closes #3206. - -diff -r 17d770ae41e4 -r 6fac57b97bf1 mutt_sasl.c ---- a/mutt_sasl.c Wed Mar 18 14:48:07 2009 +0100 -+++ b/mutt_sasl.c Thu Mar 19 10:36:04 2009 +0100 -@@ -481,6 +481,7 @@ - conn->conn_close = sasldata->msasl_close; - conn->conn_read = sasldata->msasl_read; - conn->conn_write = sasldata->msasl_write; -+ conn->conn_poll = sasldata->msasl_poll; - - /* release sasl resources */ - sasl_dispose (&sasldata->saslconn); diff --git a/mutt.spec b/mutt.spec index dd59715..3b53678 100644 --- a/mutt.spec +++ b/mutt.spec @@ -15,29 +15,26 @@ Summary: A text mode mail user agent Name: mutt -Version: 1.5.19 -Release: 6%{?dist} +Version: 1.5.20 +Release: 1.20090827hg605559%{?dist} Epoch: 5 # The entire source code is GPLv2+ except # pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain License: GPLv2+ and Public Domain Group: Applications/Internet -Source: ftp://ftp.mutt.org/pub/mutt/devel/mutt-%{version}.tar.gz +# hg snapshot created from http://dev.mutt.org/hg/mutt +Source: mutt-1.5.20-20090827hg605559.tar.bz2 +#Source: ftp://ftp.mutt.org/pub/mutt/devel/mutt-%{version}.tar.gz Source1: mutt_ldap_query Patch2: mutt-1.5.13-nodotlock.patch Patch3: mutt-1.5.18-muttrc.patch Patch4: mutt-1.5.18-manual.patch -Patch7: mutt-1.5.19-db47.patch -Patch8: mutt-1.5.19-realpath.patch -Patch9: mutt-1.5.19-inodesort.patch -Patch10: mutt-1.5.19-saslcb.patch -Patch11: mutt-1.5.19-gnutls.patch Url: http://www.mutt.org/ Requires: mailcap urlview BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: aspell /usr/sbin/sendmail BuildRequires: ncurses-devel BuildRequires: gettext +BuildRequires: automake # required to build documentation BuildRequires: docbook-style-xsl libxslt lynx @@ -65,21 +62,19 @@ regular expression searches and a powerful pattern matching language for selecting groups of messages. %prep -%setup -q +%setup -q -n mutt +./prepare -V # Thou shalt use fcntl, and only fcntl %patch2 -p1 -b .nodl %patch3 -p1 -b .muttrc %patch4 -p1 -b .manual -%patch7 -p1 -b .db47 -%patch8 -p1 -b .realpath -%patch9 -p1 -b .inodesort -%patch10 -p1 -b .saslcb -%patch11 -p1 -b .gnutls install -p -m644 %{SOURCE1} mutt_ldap_query %build %configure \ + SENDMAIL=%{_sbindir}/sendmail \ + ISPELL=%{_bindir}/hunspell \ %{?with_debug: --enable-debug}\ %{?with_pop: --enable-pop}\ %{?with_imap: --enable-imap} \ @@ -114,11 +109,7 @@ cat contrib/gpg.rc >> \ grep -5 "^color" contrib/sample.muttrc >> \ $RPM_BUILD_ROOT%{_sysconfdir}/Muttrc -# and we use aspell cat >> $RPM_BUILD_ROOT%{_sysconfdir}/Muttrc < 5:1.5.20-1.20090827hg605559 +- update to post 1.5.20 hg snapshot (#515148) +- use hunspell by default (#510358) + * Sat Jul 25 2009 Fedora Release Engineering - 5:1.5.19-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild diff --git a/sources b/sources index 2dbf6fe..fc6981a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -73b3747bc7f7c805921e8d24ebac693f mutt-1.5.19.tar.gz +a459f1139a9fff840222268aa1bc17a0 mutt-1.5.20-20090827hg605559.tar.bz2