git: 6f60247b9b29 - main - mail/fetchmail: make OPIE and RPA optional, UPDATING info added

From: Matthias Andree <mandree_at_FreeBSD.org>
Date: Tue, 05 Nov 2024 20:24:18 UTC
The branch main has been updated by mandree:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6f60247b9b290857f7312e1ce3df08bc547df789

commit 6f60247b9b290857f7312e1ce3df08bc547df789
Author:     Corey Halpin <chalpin@cs.wisc.edu>
AuthorDate: 2024-11-05 20:19:00 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2024-11-05 20:24:07 +0000

    mail/fetchmail: make OPIE and RPA optional, UPDATING info added
    
    Fix a build failure on FreeBSD 14+ with OPIE (now in ports) enabled and
    NLS disabled, by adding ${LOCALBASE}/include to the compiler's path.
    
    OPIE and RPA have been made optional because both have significant security
    problems. OPIE support was not provided by the port on 14.x until the update
    to 6.5.0, when it was briefly re-activated. Because of its security flaws, it
    has now been disabled by default on both 13.x and 14.x.
    
    RPA is currently enabled by default, but this will change in a future update.
    
    PR:             282444
    Reported by:    Helge Oldach
---
 UPDATING                | 11 +++++++++++
 mail/fetchmail/Makefile | 19 ++++++++++++-------
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/UPDATING b/UPDATING
index 654de4d90d5d..1a674317b048 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,17 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20241104:
+  AFFECTS: users of mail/fetchmail
+  AUTHOR: chalpin@cs.wisc.edu
+
+  OPIE and RPA have been made optional because both have significant security
+  problems. OPIE support was not provided by the port on 14.x until the update
+  to 6.5.0, when it was briefly re-activated. Because of its security flaws, it
+  has now been disabled by default on both 13.x and 14.x.
+
+  RPA is currently enabled by default, but this will change in a future update.
+
 20241019:
   AFFECTS: users of security/libressl
   AUTHOR: brnrd@FreeBSD.org
diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile
index 0bcc67a95a21..3eae97f3aa3c 100644
--- a/mail/fetchmail/Makefile
+++ b/mail/fetchmail/Makefile
@@ -1,6 +1,6 @@
 PORTNAME?=	fetchmail
 DISTVERSION=	6.5.0
-PORTREVISION?=	0
+PORTREVISION?=	1
 CATEGORIES=	mail
 # The next line is inherited by the fetchmailconf dependent port,
 # do NOT replace fetchmail by ${PORTNAME}
@@ -27,9 +27,7 @@ GNU_CONFIGURE_MANPREFIX=${PREFIX}/share
 
 # the added PYTHON=: suppresses python builds,
 # see ../../mail/fetchmailconf/ for the configuration tool
-CONFIGURE_ARGS=	--enable-opie \
-		--enable-RPA \
-		--enable-SDPS \
+CONFIGURE_ARGS=	--enable-SDPS \
 		--without-hesiod \
 		PYTHON=:
 
@@ -45,14 +43,20 @@ PORTDOCS=	FAQ FEATURES NEWS NOTES OLDNEWS README README.SSL \
 		README.SSL-SERVER design-notes.html esrs-design-notes.html \
 		fetchmail-FAQ.html fetchmail-features.html todo.html
 
-OPTIONS_DEFINE=		DOCS NLS
-OPTIONS_DEFAULT=	GSSAPI_BASE OPENSSL
+OPTIONS_DEFINE=		OPIE RPA DOCS NLS
+OPTIONS_DEFAULT=	GSSAPI_BASE OPENSSL RPA
 OPTIONS_SINGLE=		GSSAPI TLS
 OPTIONS_SINGLE_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
 OPTIONS_SINGLE_TLS=	OPENSSL WOLFSSL
 
 OPTIONS_SUB=	yes
 
+OPIE_CONFIGURE_ON=		--enable-opie
+OPIE_DESC=			Build with OPIE support (deprecated - weak/broken cryptography)
+
+RPA_CONFIGURE_ON=		--enable-RPA
+RPA_DESC=			Build with RPA support (deprecated - weak/broken cryptography)
+
 GSSAPI_BASE_USES=		gssapi
 GSSAPI_BASE_CONFIGURE_ON=	${GSSAPI_CONFIGURE_ARGS} \
 				--with-gssapi=${GSSAPIBASEDIR}
@@ -101,9 +105,10 @@ post-install-DOCS-on:
 
 .include <bsd.port.pre.mk>
 
-.if ${MASTERDIR} == ${.CURDIR} && ${OPSYS} == FreeBSD
+.if ${PORT_OPTIONS:MOPIE} && ${MASTERDIR} == ${.CURDIR} && ${OPSYS} == FreeBSD
 . if ${OSVERSION} >= 1400072
 LIB_DEPENDS+=	libopie.so:security/opie	# moved to port (from base in 13.X)
+CPPFLAGS+=	-I${LOCALBASE}/include
 . endif
 .endif