The NetBSD Project

CVS log for pkgsrc/mail/fetchmail/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / mail / fetchmail

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.62 / (download) - annotate - [select for diffs], Sun Dec 26 15:28:10 2021 UTC (3 weeks, 3 days ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base, pkgsrc-2021Q4, HEAD
Changes since 1.61: +4 -4 lines
Diff to previous 1.61 (colored)

fetchmail: Update to 6.1.25

upstream changes:
-----------------
fetchmail-6.4.25 (released 2021-12-10, 31653 LoC):

# BREAKING CHANGES:
* Since distributions continue patching for LibreSSL use, which cannot be
  linked legally, block out LibreSSL in configure.ac and socket.c, and
  refer to COPYING, unless on OpenBSD (which ships it in the base system).
  OpenSSL and wolfSSL 5 can be used.  SSL-related documentation was updated, do
  re-read COPYING, INSTALL, README, README.packaging, README.SSL.
* Bump OpenSSL version requirement to 1.0.2f in order to safely remove
  the obsolete OpenSSL flag SSL_OP_SINGLE_DH_USE. This blocks out 1.0.2e and
  older 1.0.2 versions. 1.0.2f was a security fix release, and 1.0.2u is
  publicly available from https://www.openssl.org/source/old/1.0.2/
* Some of the configure.ac fiddling MIGHT have broken cross-compilation
  again. The maintainer does not test cross-compiling fetchmail; if you
  have difficulties, try setting PKG_CONFIG_LIBDIR to the pkg-config path
  containing your target/host libraries, or see if --with-ssl-prefix or
  --with-wolfssl-prefix, or overriding LDFLAGS/LIBS/CPPFLAGS, can help.
  Feedback solicited on compliant systems that are before end-of-life.

# BUG FIXES:
* 6.4.24's workaround for OpenSSL 1.0.2's X509_V_FLAG_TRUSTED_FIRST flag
  contained a typo and would not kick in properly.
* Library and/or rpath setting from configure.ac was fixed.

# ADDITIONS:
* Added an example systemd unit file and instructions to contrib/systemd/
  which runs fetchmail as a daemon with 5-minute poll intervals.
  Courteously contributed by Barak A. Pearlmutter, Debian Bug#981464.
* fetchmail can now be used with wolfSSL 5's OpenSSL compatibility layer,
  see INSTALL and README.SSL. This is considered experimental.
  Feedback solicited.

# CHANGES:
* The getstats.py dist-tool now counts lines of .ac and .am files.
* ./configure --with-ssl now supports pkg-config module names, too. See INSTALL.

# TRANSLATIONS: language translations were updated by these fine people:
(in reverse alphabetical order of language codes so as not to prefer people):
* sv:    Göran Uddeborg [Swedish]
* sq:    Besnik Bleta [Albanian]
* pl:    Jakub Bogusz [Polish]
* ja:    Takeshi Hamasaki [Japanese]
* fr:    Frédéric Marchal [French]
* eo:    Keith Bowes [Esperanto]
* cs:    Petr Pisar [Czech]

# CREDITS:
* Thanks to Corey Halpin for testing release candidates.

--------------------------------------------------------------------------------
fetchmail-6.4.24 (released 2021-11-20, 30218 LoC):

# OPENSSL AND LICENSING NOTE:
> see fetchmail-6.4.22 below, and the file COPYING.

  Note that distribution of packages linked with LibreSSL is not feasible
  due to a missing GPLv2 clause 2(b) exception.

# COMPATIBILITY:
* Bison 3.8 dropped yytoknum altogether, breaking compilation due to a
  warning workaround. Remove the cast of yytoknum to void.  This may cause
  a compiler warning to reappear with older Bison versions.
* OpenSSL 1.0.2: Workaround for systems that keep the expired DST Root CA X3
  certificate in its trust store because OpenSSL by default prefers the
  untrusted certificate and fails.  Fetchmail now sets the
  X509_V_FLAG_TRUSTED_FIRST flag (on OpenSSL 1.0.2 only).
  This is workaround #2 from the OpenSSL Blog.  For details, see both:
  https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
  https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

  NOTE: OpenSSL 1.0.2 is end of life, it is assumed that the OpenSSL library
  is kept up to date by a distributor or via OpenSSL support contract.
  Where this is not the case, please upgrade to a supported OpenSSL version.

# DOCUMENTATION:
* The manual page was revised after re-checking with mandoc -Tlint, aspell,
  igor. Some more revisions were made for clarity.

# TRANSLATIONS: language translations were updated by these fine people:
* sv:    Göran Uddeborg [Swedish]
* pl:    Jakub Bogusz [Polish]
* fr:    Frédéric Marchal [French]
* cs:    Petr Pisar [Czech]
* eo:    Keith Bowes [Esperanto]
* ja:    Takeshi Hamasaki [Japanese]

--------------------------------------------------------------------------------
fetchmail-6.4.23 (released 2021-10-31, 30206 LoC):

# USABILITY:
* For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin
  - no matter its contents - and that set auth ssh), change the STARTTLS
  error message to suggest sslproto '' instead.
  This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22.
  Fixes Redhat Bugzilla 2008160. Fixes GitLab #39.

# TRANSLATIONS: language translations were updated by these fine people:
* ja:    Takeshi Hamasaki [Japanese]
* sr:	 иолав иколи (Miroslav Nikoli) [Serbian]

--------------------------------------------------------------------------------
fetchmail-6.4.22 (released 2021-09-13, 30201 LoC):

# OPENSSL AND LICENSING NOTE:
* fetchmail 6.4.22 is compatible with OpenSSL 1.1.1 and 3.0.0.
  OpenSSL's licensing changed between these releases from dual OpenSSL/SSLeay
  license to Apache License v2.0, which is considered incompatible with GPL v2
  by the FSF.  For implications and details, see the file COPYING.

# SECURITY FIXES:
* CVE-2021-39272: fetchmail-SA-2021-02: On IMAP connections, without --ssl and
  with nonempty --sslproto, meaning that fetchmail is to enforce TLS, and when
  the server or an attacker sends a PREAUTH greeting, fetchmail used to continue
  an unencrypted connection.  Now, log the error and abort the connection.
  --Recommendation for servers that support SSL/TLS-wrapped or "implicit" mode on
  a dedicated port (default 993): use --ssl, or the ssl user option in an rcfile.
  --Reported by: Andrew C. Aitchison, based on the USENIX Security 21 paper "Why
  TLS is better without STARTTLS - A Security Analysis of STARTTLS in the Email
  Context" by Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian
  Schinzel.  The paper did not mention fetchmail.

* On IMAP and POP3 connections, --auth ssh no longer prevents STARTTLS
  negotiation.
* On IMAP connections, fetchmail does not permit overriding a server-side
  LOGINDISABLED with --auth password any more.
* On POP3 connections, the possibility for RPA authentication (by probing with
  an AUTH command without arguments) no longer prevents STARTTLS negotiation.
* For POP3 connections, only attempt RPA if the authentication type is "any".

# BUG FIXES:
* On IMAP connections, when AUTHENTICATE EXTERNAL fails and we have received the
  tagged (= final) response, do not send "*".
* On IMAP connections, AUTHENTICATE EXTERNAL without username will properly send
  a "=" for protocol compliance.
* On IMAP connections, AUTHENTICATE EXTERNAL will now check if the server
  advertised SASL-IR (RFC-4959) support and otherwise refuse (fetchmail <= 6.4
  has not supported and does not support the separate challenge/response with
  command continuation)
* On IMAP connections, when --auth external is requested but not advertised by
  the server, log a proper error message.
* Fetchmail no longer crashes when attempting a connection with --plugin "" or
  --plugout "".
* Fetchmail no longer leaks memory when processing the arguments of --plugin or
  --plugout on connections.
* On POP3 connections, the CAPAbilities parser is now caseblind.
* Fix segfault on configurations with "defaults ... no envelope". Reported by
  Bjørn Mork. Fixes Debian Bug#992400.  This is a regression in fetchmail 6.4.3
  and happened when plugging memory leaks, which did not account for that the
  envelope parameter is special when set as "no envelope". The segfault happens
  in a constant strlen(-1), triggered by trusted local input => no vulnerability.
* Fix program abort (SIGABRT) with "internal error" when invalid sslproto is
  given with OpenSSL 1.1.0 API compatible SSL implementations.

# CHANGES:
* IMAP: When fetchmail is in not-authenticated state and the server volunteers
  CAPABILITY information, use it and do not re-probe. (After STARTTLS, fetchmail
  must and will re-probe explicitly.)
* For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option
  do not match, emit a warning and continue. Closes Gitlab #31.
  (cherry-picked from 6.5 beta branch "legacy_6x")
* fetchmail.man and README.SSL were updated in line with RFC-8314/8996/8997
  recommendations to prefer Implicit TLS (--ssl/ssl) and TLS v1.2 or newer,
  placing --sslproto tls1.2+ more prominently.
  The defaults shall not change between 6.4.X releases for compatibility.

# TRANSLATIONS: language translations were updated by these fine people:
* sq:    Besnik Bleta [Albanian]
* cs:    Petr Pisar [Czech]
* eo:    Keith Bowes [Esperanto]
* fr:    Frédéric Marchal [French]
* pl:    Jakub Bogusz [Polish]
* sv:    Göran Uddeborg [Swedish]

# CREDITS:
* Thanks for testing the release candidates and bug reports to:
  Corey Halpin, Stefan Eer.CVS: ----------------------------------------------------------------------

Revision 1.61 / (download) - annotate - [select for diffs], Tue Oct 26 10:54:01 2021 UTC (2 months, 3 weeks ago) by nia
Branch: MAIN
Changes since 1.60: +2 -2 lines
Diff to previous 1.60 (colored)

mail: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles were unfetchable (possibly fetched
conditionally?):

./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch

Revision 1.60 / (download) - annotate - [select for diffs], Thu Oct 7 14:25:18 2021 UTC (3 months, 1 week ago) by nia
Branch: MAIN
Changes since 1.59: +1 -2 lines
Diff to previous 1.59 (colored)

mail: Remove SHA1 hashes for distfiles

Revision 1.59 / (download) - annotate - [select for diffs], Sat Aug 28 05:21:19 2021 UTC (4 months, 3 weeks ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3
Changes since 1.58: +5 -5 lines
Diff to previous 1.58 (colored)

fetchmail: Update to 6.4.21

upstream changes:
-----------------
fetchmail-6.4.21 (released 2021-08-09, 30042 LoC):

# REGRESSION FIX:
* The new security fix in 6.4.20 for CVE-2021-36386 caused truncation of
  messages logged to buffered outputs, predominantly --logfile.

  This also caused lines in the logfile to run into one another because
  the fragment containing the '\n' line-end character was usually lost.

  Reason is that on all modern systems (with <stdarg.h> header and vsnprintf()
  interface), the length of log message fragments was added up twice, so
  that these ended too deep into a freshly allocated buffer, after the '\0'
  byte.  Unbuffered outputs flushed the fragments right away, which masked the
  bug.

  Reported by: Jürgen Edner, Erik Christiansen.

--------------------------------------------------------------------------------
fetchmail-6.4.20 (released 2021-07-28, 30042 LoC):

# SECURITY FIX:
* When a log message exceeds c. 2 kByte in size, for instance, with very long
  header contents, and depending on verbosity option, fetchmail can crash or
  misreport each first log message that requires a buffer reallocation.
  fetchmail then reallocates memory and re-runs vsnprintf() without another
  call to va_start(), so it reads garbage. The exact impact depends on
  many factors around the compiler and operating system configurations used and
  the implementation details of the stdarg.h interfaces of the two functions
  mentioned before. To fix CVE-2021-36386.

  Reported by Christian Herdtweck of Intra2net AG, Tübingen, Germany.

  He also offered a patch, which I could not take for fetchmail 6.4 because
  it required a C99 system and I'd promised earlier that 6.4 would remain
  compatible with C89 systems.

Revision 1.58 / (download) - annotate - [select for diffs], Tue May 25 11:59:47 2021 UTC (7 months, 3 weeks ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base, pkgsrc-2021Q2
Changes since 1.57: +5 -5 lines
Diff to previous 1.57 (colored)

fetchmail: Update to 6.4.19

upstream changes:
-----------------
fetchmail-6.4.19 (released 2021-04-24, 30026 LoC):

# CHANGE:
* fetchmailconf: properly catch and report option parsing errors

# BUG FIX:
* LMTP: do not try to validate the last component of a UNIX-domain LMTP socket
  as though it were a TCP port.  Reported by Christoph Heitkamp, Gitlab issue #33.

# TRANSLATION UPDATE:
  This fine person has contributed an updated translation:
* sr:    иолав иколи (Miroslav Nikoli) [Serbian]

--------------------------------------------------------------------------------
fetchmail-6.4.18 (released 2021-03-27, 30011 LoC):

# REGRESSION FIX:
* fetchmailconf: fetchmail 6.4.16 added --sslcertfile to the configuration dump,
  but fetchmailconf support was incomplete in Git 7349f124 and it could not
  parse sslcertfile, thus the user settings editor came up empty with console
  errors printed.  Fix configuration parser in fetchmailconf.

# ROBUSTNESS FIXES:
* fetchmailconf: do not require fetchmail for -V. do not require Tk (Tkinter)
  for -d option. This is to fail more gracefully on incomplete installs.
* TLS code: remove OPENSSL_NO_DEPRECATED macros to avoid portability issues
  with OpenSSL v3 - these are for development purposes, not production.
* TLS futureproofing: use SSL_use_PrivateKey_file instead of
  SSL_use_RSAPrivateKey_file, the latter will be deprecated with OpenSSL v3,
  and the user's key file might be something else than RSA.

# TRANSLATION UPDATE:
  This fine person has contributed an updated translation:
* fi:    Lauri Nurmi [Finnish]

--------------------------------------------------------------------------------
fetchmail-6.4.17 (released 2021-03-07, 29998 LoC):

# BUG FIXES
* IMAP client: it used to leak memory for username and password when trying
  the LOGIN (password-based) authentication and encountered a timeout situation.
* dist-tools/getstats.py: also counts lines in *.py files, shown above.

# CHANGES
* fetchmail.man: now mentions that you may need to add --ssl when specifying
  a TLS-wrapped port.
* fetchmailconf: --version (-V) now prints the Python version in use.

# TRANSLATION UPDATE:
  This fine person has contributed an updated translation:
* ja:    Takeshi Hamasaki [Japanese]

--------------------------------------------------------------------------------
fetchmail-6.4.16 (released 2021-02-08, 27707 LoC):

# BUG FIXES
* fetchmail's --configdump, and fetchmailconf, lacked support for the
  sslcertfile option. --configdump support added by Earl Chew,
  Gitlab issue #25, merge request !28.
* fetchmail's manual page was never updated to reflect 6.2.5's change about the
  duplicate-killer code for multidrop mode, which read
  "* Dup-killer code now keys on an MD5 hash of the raw headers."
  ...instead of just the Message-ID. [commit 9dd8400, 2003-10-10 by esr]
  The manual page was now updated accordingly and documents
  historic behaviour:
  start to 5.0.7 no duplicate suppression;
  5.0.8 to 6.2.4 duplicate suppression only by Message-ID;
  6.2.5 to 6.4.X duplicate suppression by entire raw header.
  Manpage bug found by Julian Bane debugging "duplicate message" behaviour.
* ./configure no longer runs AC_LIB_LINKFLAGS (how to link) checks
  when called --without-ssl

# FEATURES
* fetchmail --version [fetchmail -V] now queries and prints the SSL/TLS
  library's "SSL default trusted certificate" file or directory (mind the word
  "default"), where the OpenSSL-compatible TLS implementation will look for
  trusted root, meaning certification authority (CA), certificates.
  NOTE 1: watch the output carefully if the line prints the defaults
  or the configured path (without "default").
  NOTE 2: SSL_CERT_DIR and SSL_CERT_FILE are documented environment variables
  for OpenSSL 1.1.1 to override the *default* locations (those compiled into
  OpenSSL or possibly in its configuration file).
  This was added when Gene Heskett was debugging his setup and the
  information "where does OpenSSL look" was missing.
* fetchmail --version now prints version of the OpenSSL library that
  it was compiled against, and that it is using at runtime, and also
  the OPENSSL_DIR and OPENSSL_ENGINES_DIR (if available).

# TRANSLATION UPDATES
  These fine people have contributed updated translations for fetchmail,
  in no particular order:
* sq:    Besnik Bleta [Albanian]
* eo:    Keith Bowes [Esperanto]
* cs:    Petr Pisar [Czech]
* pl:    Jakub Bogusz [Polish]
* sv:    Göran Uddeborg [Swedish]
* fr:    Frédéric Marchal [French]

Revision 1.57 / (download) - annotate - [select for diffs], Wed Jan 27 14:13:20 2021 UTC (11 months, 3 weeks ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1
Changes since 1.56: +5 -5 lines
Diff to previous 1.56 (colored)

fetchmail: Update to 6.4.15

upstream changes:
-----------------
fetchmail-6.4.15 (released 2021-01-03, 27614 LoC):
# BUG FIXES
* Fix a typo in the manual page reported by David McKelvie.
* Fix cross-compilation with openssl, by Fabrice Fontaine. Merge request !23.
* Fix truncation of SMTP PLAIN AUTH with ^ in credentials, by Earl Chew.   Gitlab issue #23, merge request !25.

fetchmail-6.4.14 (released 2020-11-26, 27608 LoC):
# TRANSLATION UPDATES were made by these fine people:
* sr:    иолав иколи (Miroslav Nikoli) [Serbian]

Revision 1.56 / (download) - annotate - [select for diffs], Mon Dec 14 00:41:03 2020 UTC (13 months, 1 week ago) by dbj
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.55: +3 -1 lines
Diff to previous 1.55 (colored)

mail/fetchmail: fix build on Darwin with gssapi or kerberos options

Darwin doesn't install include files in ${KRB5BASE}
(They are in the SDK instead)
therefore let fetchmail use krb5-config to determine how to
link against kerberos

Revision 1.55 / (download) - annotate - [select for diffs], Fri Oct 2 08:20:27 2020 UTC (15 months, 2 weeks ago) by triaxx
Branch: MAIN
Changes since 1.54: +5 -5 lines
Diff to previous 1.54 (colored)

fetchmail: Update to 6.4.12

pkgsrc changes:
---------------
  * Remove a conditional test for very old and unmaintained releases of
    NetBSD. The variable defined is this test seems to be absent from the
    pkgsrc tree and pkglint warns about its use.
  * Add a LICENSE to fetchmailconf

upstream changes:
-----------------
fetchmail-6.4.12 (released 2020-09-04, 27596 LoC):

# BUG FIXES:
* The README file is now the one from Git again. The makerelease.pl script
  used to roll and upload the tarball sometimes clobbered the README file and
  replaced its contents by a part of the NEWS file.

---------------------------------------------------------------------------------
fetchmail-6.4.11 (released 2020-08-28, 27596 LoC):

# REGRESSION FIX:
* configure: fetchmail 6.4.9 and 6.4.10 would miss checking for TLS v1.2 and
  TLS v1.3 support if AC_LIB_LINKFLAGS came up with something such as
  /path/to/libssl.so, rather than -lssl. (For instance on FreeBSD)

# KNOWN BUGS AND WORKAROUNDS
  (This section floats upwards through the NEWS file so it stays with the
  current release information)
* Fetchmail does not handle messages without Message-ID header well
  (See sourceforge.net bug #780933)
* Fetchmail currently uses 31-bit signed integers in several places
  where unsigned and/or wider types should have been used, for instance,
  for mailbox sizes, and misreports sizes of 2 GibiB and beyond.
  Fixing this requires C89 compatibility to be relinquished.
* BSMTP is mostly untested and errors can cause corrupt output.
* Fetchmail does not track pending deletes across crashes.
* The command line interface is sometimes a bit stubborn, for instance,
  fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some circumstances if
  no or no global IPv6 addresses are configured.
  (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
  messages. This will not be fixed, because the maintainer has no Kerberos 5
  server to test against. Use GSSAPI.

---------------------------------------------------------------------------------
fetchmail-6.4.10 (released 2020-08-27, 27596 LoC):

# REGRESSION FIX:
* configure: fetchmail 6.4.9's configure was unable to pick up OpenSSL
  if it wasn't announced by pkg-config, for instance, on FreeBSD.

---------------------------------------------------------------------------------
fetchmail-6.4.9: (not announced by e-mail, withdrawn)

## DOCUMENTATION UPDATE:
* manpage: mention that the SSL/TLS certificate fingerprint uses an MD5 hash.

## CHANGES:
* configure: try to use AC_LIB_LINKFLAGS to obtain proper link flags for
  libcrypto and libssl if pkg-config failed.
  This is an attempt to fix borderline issues when users building on systems
  with obsolete OpenSSL try to use a local newer OpenSSL from a separate
  directory.

## NEW TRANSLATION, with thanks to the translator:
* ro:    Florentina Muat [Romanian]

Revision 1.54 / (download) - annotate - [select for diffs], Thu Aug 27 16:05:39 2020 UTC (16 months, 3 weeks ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.53: +5 -5 lines
Diff to previous 1.53 (colored)

fetchmail: Update to 6.4.8

upstream changes:
-----------------
fetchmail-6.4.8 (released 2020-06-14, 27596 LoC):

## NEW TRANSLATION, with thanks to the translator:
* sr:    иолав иколи (Miroslav Nikoli) [Serbian]
- Sorry, this was missed earlier because my translation scripts did not properly
  report new translations.

# KNOWN BUGS AND WORKAROUNDS
  (This section floats upwards through the NEWS file so it stays with the
  current release information)
* Fetchmail does not handle messages without Message-ID header well
  (See sourceforge.net bug #780933)
* Fetchmail currently uses 31-bit signed integers in several places
  where unsigned and/or wider types should have been used, for instance,
  for mailbox sizes, and misreports sizes of 2 GibiB and beyond.
  Fixing this requires C89 compatibility to be relinquished.
* BSMTP is mostly untested and errors can cause corrupt output.
* Fetchmail does not track pending deletes across crashes.
* The command line interface is sometimes a bit stubborn, for instance,
  fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some circumstances if
  no or no global IPv6 addresses are configured.
  (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
  messages. This will not be fixed, because the maintainer has no Kerberos 5
  server to test against. Use GSSAPI.

---------------------------------------------------------------------------------
fetchmail-6.4.7 (released 2020-06-14, 27596 LoC):

## TRANSLATION UPDATE, with thanks to the translator:
* sv:    Göran Uddeborg [Swedish]

-------------------------------------------------------------------------------
fetchmail-6.4.6 (released 2020-05-29, 27596 LoC):

## TRANSLATION UPDATE, with thanks to the translator:
* eo:    Felipe Castro [Esperanto]

--------------------------------------------------------------------------------

fetchmail-6.4.5 (released 2020-05-07, 27596 LoC):

## REGRESSION FIX:
* fetchmail 6.4.0 and 6.4.1 changed the resolution of the home directory
  in a way that requires SUSv4 semantics of realpath(), which leads to
  'Cannot find absolute path for... directory' error messages followed by aborts
  on systems where realpath() follows strict SUSv2 semantics and returns
  EINVAL if the 2nd argument is NULL.

  On such systems, for instance, Solaris 10, fetchmail requires PATH_MAX to be
  defined, and will then work again.  Regression reported by David Hough.

  On systems that neither provide auto-allocation semantics for realpath(),
  nor PATH_MAX, fetchmail will print this error and abort. Such systems
  are unsupported, see README.

## CHANGES:
* Add a test program fm_realpath, and a t.realpath script, neither to be
  installed. These will test resolution of the current working directory.

## TRANSLATION UPDATES in reverse alphabetical order of language codes,
## with my thanks to the translators:
* zh_CN: Boyuan Yang [Chinese (simplified)]
* sv:    Göran Uddeborg [Swedish]
* sq:    Besnik Bleta [Albanian]
* pl:    Jakub Bogusz [Polish]
* ja:    Takeshi Hamasaki [Japanese]
* fr:    Frédéric Marchal [French]
* cs:    Petr Pisar [Czech]

--------------------------------------------------------------------------------

fetchmail-6.4.4 (released 2020-04-26, 27530 LoC):

## UPDATED TRANSLATIONS - WITH THANKS TO THE TRANSLATOR:
* ja:    Takeshi Hamasaki [Japanese]

--------------------------------------------------------------------------------

fetchmail-6.4.3 (released 2020-04-05, 27530 LoC):

## BUGFIXES:
* Plug memory leaks when parts of the configuration (defaults, rcfile, command
  line) override one another.
* fetchmail terminated the placeholder command string too late and included
  garbage from the heap at the end of the string. Workaround: don't use place-
  holders %h or %p in the --plugin string. Bug added in 6.4.0 when merging
  Gitlab merge request !5 in order to fix an input buffer overrun.
  Faulty commit 418cda65f752e367fa663fd13884a45fcbc39ddd.
  Reported by Stefan Thurner, Gitlab issue #16.
* Fetchmail now checks for errors when trying to read the .idfile,
  Gitlab issue #3.
* Fetchmail's error messages that reports that the defaults entry isn't the
  first was made more precise. It could be misleading if there was a poll or
  skip statement before the defaults.

## CHANGES:
* Fetchmail documentation was updated to require OpenSSL 1.1.1.
  OpenSSL 1.0.2 reached End Of Life status at the end of the year 2019.
  Fetchmail will tolerate, but warn about, 1.0.2 for now on the assumption that
  distributors backport security fixes as the need arises.
  Fetchmail will also warn if another SSL library that is API-compatible
  with OpenSSL lacks TLS v1.3 support.
* If the trust anchor is missing, fetchmail refers the user to README.SSL.

## INTERNAL CHANGES:
* The AC_DECLS(getenv) check was removed, its only user was broken and not
  accounting for that AC_DECLS always defines HAVE_DECL_... to 0 or 1, so
  fetchmail never declared a missing getenv() symbol (it was testing with
  #ifdef).  Remove the backup declaration. getenv is mandated by SUSv2 anyways.

## UPDATED TRANSLATIONS - WITH THANKS TO THE TRANSLATORS:
* sq:    Besnik Bleta [Albanian]
* zh_CN: Boyuan Yang [Chinese (simplified)]
* pl:    Jakub Bogusz [Polish]
* cs:    Petr Pisar [Czech]
* fr:    Frédéric Marchal [French]
* sv:    Göran Uddeborg [Swedish]
* eo:    Felipe Castro [Esperanto]

Revision 1.53 / (download) - annotate - [select for diffs], Wed Feb 19 16:48:02 2020 UTC (23 months ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.52: +5 -5 lines
Diff to previous 1.52 (colored)

fetchmail: update to 6.4.2

upstream changes:
-----------------
fetchmail-6.4.2 (released 2020-02-14, 27473 LoC):

## BREAKING CHANGES:
* fetchmailconf now supports Python 3 and currently requires the "future"
  package, see https://pypi.org/project/future/.
* fetchmailconf: The minimum supported version is now Python 2.7.13, but it is
  recommended to use at least 2.7.16 (due to its massive SSL updates).
  Older Python versions may check SSL certificates not strictly enough,
  which may cause fetchmail to complain later, if the certificate verify fails.
* fetchmailconf now autoprobes SSL-wrapped connections (ports 993 and 995 for
  IMAP and POP3) as well and by preference.
* fetchmailconf now defaults newly created users to "ssl" if either of the
  existing users sets ssl, or if the server has freshly been probed and
  found supporting ssl.
  There is a caveat: adding a user to an existing server without probing it
  again may skip adding ssl. (This does not prevent STARTTLS.)

## BUG FIXES:
* Fix three bugs in fetchmail.man (one unterminated string to .IP macro, one
  line that ran into a .PP macro, .TH date format), and remove one .br request
  from inside the table, which is unsupported by FreeBSD 12's mandoc(1)
  formatter.  FreeBSD Bug#241032, reported by Helge Oldach.
* Further man page fixes and additions by Chris Mayo and Gregor Zattler.
* When evaluating the need for STARTTLS in non-default configurations (SSL
  certificate validation turned off), fetchmail would only consider --sslproto
  tls1 as requiring STARTTLS, now all non-empty protocol versions do.
* fetchmailconf now properly writes "no sslcertck" if sslcertck is disabled.
* fetchmailconf now catches and reports OS errors (including DNS errors) when
  autoprobing.  Reported as Gitlab issue #12 by Sergey Alirzaev.
* fetchmailconf received a host of other bugfixes, see the Git commit log.

## CHANGES:
* Make t.smoke more robust and use temporary directory as FETCHMAILHOME, to make
  sure that the home directory resolves for the user running the test suite
  even if the environment isn't perfect. Reported by Konstantin Belousov,
  analysed by Corey Halpin, FreeBSD Bug#240914.

## UPDATED TRANSLATION - THANKS TO:
* zh_CN: Boyuan Yang [Chinese (simplified)]

Revision 1.52 / (download) - annotate - [select for diffs], Wed Jan 1 20:36:53 2020 UTC (2 years ago) by triaxx
Branch: MAIN
Changes since 1.51: +6 -7 lines
Diff to previous 1.51 (colored)

fetchmail: update to 6.4.1

upstream cheanges:
------------------
fetchmail-6.4.1 (released 2019-09-28, 27473 LoC):

## REGRESSION FIXES:
* The bug fix Debian Bug#941129 was incomplete and caused
  + a regression in the default file locations, so that fetchmail was no longer
    able to find its configuration files in some situations.
    Reported by Cy Schubert.
  + a regression under _FORTIFY_SOURCE where PATH_MAX > minimal _POSIX_PATH_MAX.

--------------------------------------------------------------------------------

fetchmail 6.4.0 (released 2019-09-27, 27429 LoC):

# NOTE THAT FETCHMAIL IS NO LONGER PUBLISHED THROUGH IBIBLIO.
* They have stopped accepting submissions and consider themselves an archive.

## SECURITY FIXES THAT AFFECT BEHAVIOUR AND MAY REQUIRE RECONFIGURATION
* Fetchmail no longer supports SSLv2.

* Fetchmail no longer attempts to negotiate SSLv3 by default,
  even with --sslproto ssl23. Fetchmail can now use SSLv3, or TLSv1.1 or a newer
  TLS version, with STLS/STARTTLS (it would previously force TLSv1.0 with
  STARTTLS).  If the OpenSSL version used at build and run-time supports these
  versions, --sslproto ssl3 and --sslproto ssl3+ can be used to re-enable SSLv3.
  Doing so is discouraged because the SSLv3 protocol is broken.

  Along the lines suggested - as patch - by Kurt Roeckx, Debian Bug #768843.

  While this change is supposed to be compatible with common configurations,
  users may have to and are advised to change all explicit --sslproto ssl2
  (change to newer protocols required), --sslproto ssl3, --sslproto tls1 to
  --sslproto auto, so that they can benefit from TLSv1.1 and TLSv1.2 where
  supported by the server.

  The --sslproto option now understands the values auto, ssl3+, tls1+, tls1.1,
  tls1.1+, tls1.2, tls1.2+, tls1.3, tls1.3+ (case insensitively), see CHANGES
  below for details.

* Fetchmail defaults to --sslcertck behaviour. A new option --nosslcertck to
  override this has been added, but may be removed in future fetchmail versions
  in favour of another configuration option that makes the insecurity in using
  this option clearer.

## SECURITY FIXES
* Fetchmail prevents buffer overruns in GSSAPI authentication with user names
  beyond c. 6000 characters in length. Reported by Greg Hudson.

## CHANGED REQUIREMENTS
* fetchmail 6.4.0 is written in C99 and requires a SUSv3 (Single Unix
  Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with
  XSI extension) compliant system. For now, a C89 compiler should also work
  if the system is SUSv3 compliant.

  In particular, older fetchmail versions had workaround for several functions
  standardized in the Single Unix Specification v3, these have been removed.

  The trio/ library has been removed from the distribution.

## CHANGES
* fetchmail 6.3.X is unsupported.
* fetchmail now configures OpenSSL support by default.
* fetchmail now requires OpenSSL v1.0.2 or newer.
* Fetchmail now supports --sslproto auto and --sslproto tls1+ (same as ssl23).
* --sslproto tls1.1+, tls1.2+, and tls1.3+ are now supported for
  auto-negotiation with a minimum specified TLS protocol version, and --sslproto
  tls1.1, --sslproto tls1.2 and --sslproto tls1.3 to force the specified TLS
  protocol version. Note that tls1.3 requires OpenSSL v1.1.1 or newer.
* Fetchmail now detects if the server hangs up prematurely during SSL_connect()
  and reports this condition as such, and not just as SSL connection failure.
  (OpenSSL 1.0.2 reported incompatible with pop3.live.com by Jerry Seibert).
* A foreground fetchmail can now accept a few more options while another copy is
  running in the background.
* fetchmail now handles POP3 --keep UID lists more efficiently, by using Rainer
  Weikusat's P-Tree implementation. This reduces the complexity for handling
  a large UIDL from O(n^2) to O(n log n) and becomes noticably faster with
  thousands of kept messages.
  (IMAP does not currently track UIDs and is unaffected.)
  At the same time, the UIDL emulation code for deficient servers has been
  removed. It never worked really well.  Servers that do not implement the
  optional UIDL command only work with --fetchall option set, which in itself is
  incompatible with the --keep option (it would cause message duplication).
* fetchmail, when setting up TLS connections, now uses SSL_set_tlsext_host_name()
  to set up the SNI (Server Name Indication). Some servers (for instance
  googlemail) require SNI when using newer SSL protocols.
* Fetchmail now sets the expected hostname through OpenSSL 1.0.2's new
  X509_VERIFY_PARAM_set1_host() function to enable OpenSSL's native certificate
  verification features.
* fetchmail will drop the connection when fetching with IMAP and receiving an
  unexpected untagged "* BYE" response, to work around certain faulty servers.
* The FETCHMAIL_POP3_FORCE_RETR environment variable is now documented,
  it forces fetchmail, when talking POP3, to always use the RETR command,
  even if it would otherwise use the TOP command.
* Fetchmail's configure stage will try to query pkg-config or pkgconf for libssl
  and libcrypto, in case other system use .pc files to document specific library
  dependencies. (contributed by Fabrice Fontaine, GitLab merge request !14.)
* The gethostbyname() API calls and compatibility functions have been removed.
* These translations are shipped but not installed by default because
  they have less than 500 translated messages out of 714: el fi gl pt_BR sk tr
  -> Greek, Finnish, Galician, Brazilian Portuguese, Slovak, Turkish.
* Fetchmail now refuses delivery if the MDA option contains single-quoted
  expansions.

## FIXES
* Fix a typo in the FAQ. Submitted by David Lawyer, Debian Bug#706776.
* Do not translate header tags such as "Subject:".  Reported by Gonzalo Pérez de
  Olaguer Córdoba, Debian Bug#744907.
* Convert most links from berlios.de to sourceforge.net.
* Report error to stderr, and exit, if --idle is combined with multiple
  accounts.
* Point to --idle from GENERAL OPERATION to clarify --idle and multiple
  mailboxes do not mix.  In response to Jeremy Chadwick's trouble 2014-11-19,
  fetchmail-users mailing list.
* Fix SSL-enabled build on systems that do not declare SSLv3_client_method(),
  or that #define OPENSSL_NO_SSL3 inside #include <openssl/ssl.h>
  Related to Debian Bug#775255. Fixes Debian Bug #804604.
* Version report lists -SSLv3 on SSL-enabled no-ssl3 builds.
* Fetchmail no longer adds a NUL byte to the username in GSSAPI authentication.
  This was reported to break Kerberos-based authentication with Microsoft
  Exchange 2013 by Greg Hudson.
* Set umask properly before writing the .fetchids file, to avoid failing the
  security check on the next run.  Reported by Fabian Raab,
  Fixes Debian Bug#831611.
* When forwarding by LMTP, also check antispam response code when collecting
  the responses after the CR LF . CR LF sequence at the end of the DATA phase.
  (Contributed by Evil.2000, GitLab merge request !12.)
* fetchmail will not try other protocols after a socket error. This avoids
  mismatches of how different prococols see messages as "seen" and re-fetches
  of known mail.  (Fix contributed by Lauri Nurmi, GitLab Merge Request !10.)
* fetchmail no longer reports "System error during SSL_connect(): Success."
  Fixes Debian Bug#928916, reported by Paul Kimoto.
* fetchmailconf would ignore Edit or Delete actions on the first (topmost)
  item in a list (no matter if server list, user list, ...).
* The mimedecode feature now properly detects multipart/mixed-type matches, so
  that quoted-printable-encoded multipart messages can get decoded.
  (Regression in 5.0.0 on 1999-03-27, as a side effect of a PGP-mimedecode fix
  attributed to Henrik Storner.)
* FETCHMAILHOME can now safely be a relative path, which will be qualified
  through realpath(). Previously, it had to be absolute in daemon mode.
  Reported by Alex Andreotti, Debian Bug#941129.

Revision 1.51 / (download) - annotate - [select for diffs], Tue May 22 09:22:31 2018 UTC (3 years, 8 months ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2
Changes since 1.50: +5 -5 lines
Diff to previous 1.50 (colored)

fetchmail: update to 6.3.26

* add licenses
* remove kerberos conditional pre-configure rule (fixed in upstream)

Changes:
fetchmail-6.3.26 (released 2013-04-23, 26180 LoC):

# NOTE THAT FETCHMAIL IS NO LONGER PUBLISHED THROUGH IBIBLIO.
* They have stopped accepting submissions and consider themselves an archive.

# CRITICAL BUG FIX for setups using "mimedecode":
* The mimedecode feature failed to ship the last line of the body if it was
encoded as quoted-printable and had a MIME soft line break in the very last
line. Reported by Lars Hecking in June 2011.

Bug introduced on 1998-03-20 when the mimedecode support was added by ESR
before release 4.4.1 through code contributed by Henrik Storner.
Workaround for older releases: do not use mimedecode feature.

Earlier versions of this NEWS file claimed this bug fixed in fetchmail-6.3.23,
but it was not.

Fixes Launchpad Bug#1171818.

fetchmail-6.3.25 (released 2013-03-18, 26149 LoC):

# NOTE THAT FETCHMAIL IS NO LONGER PUBLISHED THROUGH IBIBLIO.
* They have stopped accepting submissions and consider themselves an archive.

# BUG FIXES
* Fix a memory leak in out-of-memory error condition while handling plugins.
  Report and patch by John Beck (found with Parfait static code analyzer).
* Fix a NULL pointer dereference in out-of-memory error condition while handling
  plugins.
  Report and patch by John Beck (found with Parfait static code analyzer).

# CHANGES
* Improved reporting when SSL/TLS X.509 certificate validation has failed,
  working around a not-so-recent swapping of two OpenSSL error codes, and
  a practical impossibility to distinguish broken certification chains from
  missing trust anchors (root certificates).
* OpenSSL decoded errors are now reported through report(), rather than dumped
  to stderr, so that they should show up in logfiles and/or syslog.
* The fetchmail manual page no longer claims that MD5 were the default OpenSSL
  hash format (for use with --sslfingerprint). Reported by Jakob Wilk,
  PARTIAL fix for Debian Bug#700266.
* The fetchmail manual page now refers the user to --softbounce from the
  SMTP/ESMTP ERROR HANDLING section.  Reported by Anton Shterenlikht.

# WORKAROUNDS
* Older systems that provide the older RFC-2553 implementation of getaddrinfo,
  rather than the current RFC-3493, and systems that do not provide this
  getaddrinfo() interface at all and thus use the replacement functions from
  libesmtp/getaddrinfo.?, might return EAI_NODATA when a host is registered in
  DNS as MX or similar, but without A or AAAA records.  Handle this situation
  when checking for multidrop aliases and treat EAI_NODATA the same as
  EAI_NONAME, i. e. name cannot be resolved.

  The proper fix, however, is to upgrade the operating system.

# TRANSLATION UPDATES
[cs] Czech, by Petr Pisar
[da] Danish, by Joe Hansen
[de] German
[eo] Esperanto, by Sian Mountbatten and Felipe Castro
[fr] French, by Frédéric Marchal
[ja] Japanese, by Takeshi Hamasaki
[pl] Polish, by Jakub Bogusz
[sv] Swedish, by Göran Uddeborg
[vi] Vietnamese, by Trầ Ngỹ Quân

Revision 1.50 / (download) - annotate - [select for diffs], Tue Feb 20 13:19:39 2018 UTC (3 years, 11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.49: +2 -1 lines
Diff to previous 1.49 (colored)

fetchmail: fix build with openssl-1.1.

Bump PKGREVISION.

Revision 1.49 / (download) - annotate - [select for diffs], Tue Nov 3 23:27:05 2015 UTC (6 years, 2 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.48: +2 -1 lines
Diff to previous 1.48 (colored)

Add SHA512 digests for distfiles for mail category

Problems found locating distfiles:
	Package mutt: missing distfile patch-1.5.24.rr.compressed.gz
	Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz
	Package pine: missing distfile fancy.patch.gz
	Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch
	Package qmail: missing distfile badrcptto.patch
	Package qmail: missing distfile outgoingip.patch
	Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch
	Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch
	Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz
	Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.48 / (download) - annotate - [select for diffs], Sun Nov 4 18:41:47 2012 UTC (9 years, 2 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)

Correct typo. Noted by Bug Hunting.

Revision 1.46.2.1 / (download) - annotate - [select for diffs], Sun Nov 4 17:12:29 2012 UTC (9 years, 2 months ago) by spz
Branch: pkgsrc-2012Q3
Changes since 1.46: +5 -5 lines
Diff to previous 1.46 (colored) next main 1.47 (colored)

Pullup ticket #3958 - requested by morr
mail/fetchmail: security update

Revisions pulled up:
- mail/fetchmail/Makefile                                       1.180
- mail/fetchmail/PLIST                                          1.14
- mail/fetchmail/distinfo                                       1.47
- mail/fetchmail/patches/patch-Makefile.in                      1.1
- mail/fetchmail/patches/patch-ntlmsubr.c                       deleted
- mail/fetchmailconf/Makefile                                   1.85

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sat Nov  3 22:50:23 UTC 2012

   Modified Files:
   	pkgsrc/mail/fetchmail: Makefile PLIST distinfo
   	pkgsrc/mail/fetchmailconf: Makefile
   Added Files:
   	pkgsrc/mail/fetchmail/patches: patch-Makefile.in
   Removed Files:
   	pkgsrc/mail/fetchmail/patches: patch-ntlmsubr.c

   Log Message:
   Update fetchmail and fetchmailconf to version 6.3.22.

   # SECURITY FIXES
   * for CVE-2012-3482:
     NTLM: fetchmail mistook an error message that the server sent in response to
     an NTLM request for protocol exchange, tried to decode it, and crashed while
     reading from a bad memory location.
     Also, with a carefully crafted NTLM challenge packet sent from the server, it
     would be possible that fetchmail conveyed confidential data not meant for the
     server through the NTLM response packet.
     Fix: Detect base64 decoding errors, validate the NTLM challenge, and abort
     NTLM authentication in case of error.
     See fetchmail-SA-2012-02.txt for further details.
     Reported by J. Porter Clark.
   * for CVE-2011-3389:
     SSL/TLS (wrapped and STARTTLS): fetchmail used to disable a countermeasure
     against a certain kind of attack against cipher block chaining initialization
     vectors (SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS).
     Whether this creates an exploitable situation, depends on the server and the
     negotiated ciphers.
     As a precaution, fetchmail 6.3.22 enables the countermeasure, by clearing
     SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.
     NOTE that this can cause connections to certain non-conforming servers to
     fail, in which case you can set the environment variable
     FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE to any non-empty value when starting
     fetchmail to re-instate the compatibility option at the expense of security.
     Reported by Apple Product Security.
     For technical details, refer to <http://www.openssl.org/~bodo/tls-cbc.txt>.
     See fetchmail-SA-2012-01.txt for further details.

   # BUG FIX
   * The Server certificate: message in verbose mode now appears on stdout like the
     remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807.
   * The GSSAPI-related autoconf code now matches gssapi.c better, and uses
     a different check to look for GSS_C_NT_HOSTBASED_SERVICE.
     This fixes the GSSAPI-enabled build on NetBSD 6 Beta.

   # CHANGES
   * On systems where SSLv2_client_method isn't defined in OpenSSL (such as
     newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't
     reference it (to fix the build) and if configured, print a run-time error
     that the OS does not support SSLv2. Fixes Debian Bug #622054,
     but note that that bug report has a more thorough patch that does away with
     SSLv2 altogether.
   * The security and errata notices fetchmail-{EN,SA}-20??-??.txt are now
     under the more relaxed CC BY-ND 3.0 license (the noncommercial clause
     was dropped). The Creative Commons address was updated.
   * The Python-related Makefile.am parts were simplified to avoid an automake
     1.11.X bug around noinst_PYTHON, Automake Bug #10995.
   * Configuring fetchmail without SSL now triggers a configure warning,
     and asks the user to consider running configure --with-ssl.

   # WORKAROUNDS
   * Some servers, notably Zimbra, return A1234 987 FETCH () in response to
     a header request, in the face of message corruption.  fetchmail now treats
     these as temporary errors. Report and Patch by Mikulas Patocka, Red Hat.
   * Some servers, notably Microsoft Exchange, return "A0009 OK FETCH completed."
     without any header in response to a header request for meeting reminder
     messages (with a "meeting.ics" attachment). fetchmail now treats these as
     transient errors.  Report by John Connett, Patch by Sunil Shetye.

   # TRANSLATION UPDATES
   * [cs]    Czech, by Petr Pisar
   * [de]    German
   * [fr]    French, by Frédéric Marchal
   * [ja]    Japanese, by Takeshi Hamasaki
   * [pl]    Polish, by Jakub Bogusz
   * [sv]    Swedish, by Göran Uddeborg --- NEW TRANSLATION - Thank you!
   * [vi]    Vietnamese, by Trầ Ngỹ Quân


   To generate a diff of this commit:
   cvs rdiff -u -r1.179 -r1.180 pkgsrc/mail/fetchmail/Makefile
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/fetchmail/PLIST
   cvs rdiff -u -r1.46 -r1.47 pkgsrc/mail/fetchmail/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/mail/fetchmail/patches/patch-Makefile.in
   cvs rdiff -u -r1.1 -r0 pkgsrc/mail/fetchmail/patches/patch-ntlmsubr.c
   cvs rdiff -u -r1.84 -r1.85 pkgsrc/mail/fetchmailconf/Makefile

Revision 1.47 / (download) - annotate - [select for diffs], Sat Nov 3 22:50:22 2012 UTC (9 years, 2 months ago) by morr
Branch: MAIN
Changes since 1.46: +5 -5 lines
Diff to previous 1.46 (colored)

Update fetchmail and fetchmailconf to version 6.3.22.

# SECURITY FIXES
* for CVE-2012-3482:
  NTLM: fetchmail mistook an error message that the server sent in response to
  an NTLM request for protocol exchange, tried to decode it, and crashed while
  reading from a bad memory location.
  Also, with a carefully crafted NTLM challenge packet sent from the server, it
  would be possible that fetchmail conveyed confidential data not meant for the
  server through the NTLM response packet.
  Fix: Detect base64 decoding errors, validate the NTLM challenge, and abort
  NTLM authentication in case of error.
  See fetchmail-SA-2012-02.txt for further details.
  Reported by J. Porter Clark.
* for CVE-2011-3389:
  SSL/TLS (wrapped and STARTTLS): fetchmail used to disable a countermeasure
  against a certain kind of attack against cipher block chaining initialization
  vectors (SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS).
  Whether this creates an exploitable situation, depends on the server and the
  negotiated ciphers.
  As a precaution, fetchmail 6.3.22 enables the countermeasure, by clearing
  SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.
  NOTE that this can cause connections to certain non-conforming servers to
  fail, in which case you can set the environment variable
  FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE to any non-empty value when starting
  fetchmail to re-instate the compatibility option at the expense of security.
  Reported by Apple Product Security.
  For technical details, refer to <http://www.openssl.org/~bodo/tls-cbc.txt>.
  See fetchmail-SA-2012-01.txt for further details.

# BUG FIX
* The Server certificate: message in verbose mode now appears on stdout like the
  remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807.
* The GSSAPI-related autoconf code now matches gssapi.c better, and uses
  a different check to look for GSS_C_NT_HOSTBASED_SERVICE.
  This fixes the GSSAPI-enabled build on NetBSD 6 Beta.

# CHANGES
* On systems where SSLv2_client_method isn't defined in OpenSSL (such as
  newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't
  reference it (to fix the build) and if configured, print a run-time error
  that the OS does not support SSLv2. Fixes Debian Bug #622054,
  but note that that bug report has a more thorough patch that does away with
  SSLv2 altogether.
* The security and errata notices fetchmail-{EN,SA}-20??-??.txt are now
  under the more relaxed CC BY-ND 3.0 license (the noncommercial clause
  was dropped). The Creative Commons address was updated.
* The Python-related Makefile.am parts were simplified to avoid an automake
  1.11.X bug around noinst_PYTHON, Automake Bug #10995.
* Configuring fetchmail without SSL now triggers a configure warning,
  and asks the user to consider running configure --with-ssl.

# WORKAROUNDS
* Some servers, notably Zimbra, return A1234 987 FETCH () in response to
  a header request, in the face of message corruption.  fetchmail now treats
  these as temporary errors. Report and Patch by Mikulas Patocka, Red Hat.
* Some servers, notably Microsoft Exchange, return "A0009 OK FETCH completed."
  without any header in response to a header request for meeting reminder
  messages (with a "meeting.ics" attachment). fetchmail now treats these as
  transient errors.  Report by John Connett, Patch by Sunil Shetye.

# TRANSLATION UPDATES
* [cs]    Czech, by Petr Pisar
* [de]    German
* [fr]    French, by Frédéric Marchal
* [ja]    Japanese, by Takeshi Hamasaki
* [pl]    Polish, by Jakub Bogusz
* [sv]    Swedish, by Göran Uddeborg --- NEW TRANSLATION - Thank you!
* [vi]    Vietnamese, by Trầ Ngỹ Quân

Revision 1.46 / (download) - annotate - [select for diffs], Tue Aug 21 15:49:54 2012 UTC (9 years, 5 months ago) by tez
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base
Branch point for: pkgsrc-2012Q3
Changes since 1.45: +1 -0 lines
Diff to previous 1.45 (colored)

Fix CVE-2012-3482
patch from http://gitorious.org/fetchmail/fetchmail/commit/3fbc7cd331602c76f882d1b507cd05c1d824ba8b/diffs

Revision 1.44.2.1 / (download) - annotate - [select for diffs], Fri Aug 26 08:08:35 2011 UTC (10 years, 4 months ago) by sbd
Branch: pkgsrc-2011Q2
Changes since 1.44: +4 -4 lines
Diff to previous 1.44 (colored) next main 1.45 (colored)

Pullup ticket #3512 - requested by tron
mail/fetchmail critical bug fix

Revisions pulled up:
- mail/fetchmail/Makefile                                       1.177
- mail/fetchmail/distinfo                                       1.45
- mail/fetchmailconf/Makefile                                   1.81

---
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Fri Aug 26 07:19:25 UTC 2011

   Modified Files:
   	pkgsrc/mail/fetchmail: Makefile distinfo
   	pkgsrc/mail/fetchmailconf: Makefile

   Log Message:
   Update "fetchmail" and "fetchmailconf" package to version 6.3.21.
   Changes since version 6.3.20:
   - The IMAP client no longer inserts NUL bytes into the last line of a
     message when it is not closed with a LF or CRLF sequence. Reported
     by Antoine Levitt.  As a side effect of the fix, and in order to
     avoid a full rewrite, fetchmail will now CRLF-terminate the last
     line fetched through IMAP, even if it is originally not terminated
     by LF or CRLF. This bears no relevance if your messages end up in
     mbox, but adds line termination for storages (like Maildir) that do
     not require that the last line be LF- or CRLF-terminated.

Revision 1.45 / (download) - annotate - [select for diffs], Fri Aug 26 07:19:25 2011 UTC (10 years, 4 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3
Changes since 1.44: +4 -4 lines
Diff to previous 1.44 (colored)

Update "fetchmail" and "fetchmailconf" package to version 6.3.21.
Changes since version 6.3.20:
- The IMAP client no longer inserts NUL bytes into the last line of a
  message when it is not closed with a LF or CRLF sequence. Reported
  by Antoine Levitt.  As a side effect of the fix, and in order to
  avoid a full rewrite, fetchmail will now CRLF-terminate the last
  line fetched through IMAP, even if it is originally not terminated
  by LF or CRLF. This bears no relevance if your messages end up in
  mbox, but adds line termination for storages (like Maildir) that do
  not require that the last line be LF- or CRLF-terminated.

Revision 1.43.8.1 / (download) - annotate - [select for diffs], Mon Jun 13 08:47:55 2011 UTC (10 years, 7 months ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.43: +4 -5 lines
Diff to previous 1.43 (colored) next main 1.44 (colored)

Pullup ticket #3454 - requested by tron
mail/fetchmail security update

Revisions pulled up:
- mail/fetchmail/Makefile                                       1.176
- mail/fetchmail/distinfo                                       1.44
- mail/fetchmail/patches/patch-aa                               removed
- mail/fetchmailconf/Makefile                                   1.80

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Thu Jun  9 11:52:34 UTC 2011

   Modified Files:
   	pkgsrc/mail/fetchmail: Makefile distinfo
   	pkgsrc/mail/fetchmailconf: Makefile
   Removed Files:
   	pkgsrc/mail/fetchmail/patches: patch-aa

   Log Message:
   Update fetchmail to 6.3.20.
   Requested by PR#45030.

   fetchmail-6.3.20 (released 2011-06-06, 26005 LoC):

   # SECURITY BUG FIXES
   * CVE-2011-1947:
     STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the
     set timeout (default five minutes) now. This was reported missing, with
     observed fetchmail freezes beyond a week, by Thomas Jarosch.
        SSL-wrapped connections were unaffected by this timeout, so users of older
     versions can force ssl-wrapped connections -- if supported by the server --
     with the --ssl command line or ssl rcfile option.
     See fetchmail-SA-2011-01.txt for further details.

   # BUG FIXES
   * IMAP: Do not search for UNSEEN messages in ranges. Usually, there are very few
     new messages and most of the range searches result in nothing. Instead, split
     the long response to make the IMAP driver think that there are multiple lines
     of response. (Sunil Shetye)
   * Do not print "skipping message" for old messages even in verbose mode. If
     there are too many old messages, the logs just get filled without any real
     activity. (Sunil Shetye) (suggested by Yunfan Jiang)
   * Build: fetchmail now always uses its own MD5 implementation rather than trying
     to find a system library with matched header. The library and header variants
     found on systems are too diverse, and the code size saving is not worth any
     more wasted user or programmer time.

   # CHANGES
   * Call strlen() only once when removing CRLF from a line. (Sunil Shetye)
   * fetchmail sets Internet domain sockets to "keepalive" mode now. Note that
     there is no portable way to configure actual timeouts for this mode, and some
     systems only support a system-wide timeout setting. fetchmail does not
     attempt to tune the time spans of keepalive mode.

   # TRANSLATION UPDATES
     [cs]    Chech (Petr Pisar)
     [nl]    Dutch (Erwin Poeze)
     [fr]    French (Fric Marchal)
     [de]    German (Matthias Andree)
     [ja]    Japanese (Takeshi Hamasaki)
     [pl]    Polish (Jakub Bogusz)
     [sk]    Slovak (Marcel Telka)

   # KNOWN BUGS AND WORKAROUNDS
     (this section floats upwards through the NEWS file so it stays with the
     current release information - however, it was stuck with 6.3.8 for a while)
   * fetchmail does not handle messages without Message-ID header well
     (See sourceforge.net bug #780933)
   * BSMTP is mostly untested and errors can cause corrupt output.
   * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
     64-bit mode.  Either compile 32-bit code or use GCC to compile 64-bit
     fetchmail.  Note that fetchmail doesn't take advantage of 64-bit code,
     so compiling 32-bit SPARC code should not cause any difficulties.
   * fetchmail does not track pending deletes over crashes.
   * the command line interface is sometimes a bit stubborn, for instance,
     fetchmail -s doesn't work with a daemon running.
   * Linux systems may return duplicates of an IP address in some circumstances if
     no or no global IPv6 addresses are configured.
     (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
   * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
     messages. This will not be fixed, because the maintainer has no Kerberos 5
     server to test against. Use GSSAPI.

   fetchmail-6.3.19 (released 2010-12-10, 25945 LoC):

   # ERRATUM NOTICE ISSUED
   * fetchmail 6.3.18 contains several bug fixes that were considered sufficiently
     grave to warrant the issue of an erratum notice, fetchmail-EN-2010-03.txt.

   # BUG FIXES
   * When specifying multiple local multidrop lists, do not lose wildcard flag.
     (Affects "user foo is bar baz * is joe here")
   * In multidrop configurations, an asterisk can now appear anywhere in the list
     of local users, not just at the end.
   * In multidrop mode, header parsing is now more verbose in -vv mode, so that it
     becomes possible to see which header is used.
   * Make --antispam work from command line (these used to work in rcfiles).
     Reported by Kees Bakker, BerliOS Bug #17599. (Sunil Shetye)
   * Smoke test XHTML 1.1 validation, and if it fails, skip validating HTML
     documents.  Skip validating Mailbox-Names-UTF7.html. Several systems have
     broken XHTML 1.1 DTD installations that jeopardize the build.
     Reported by Mihail Nechkin against FreeBSD port.
     Workaround for 6.3.18: build in a separate directory, i. e:
     mkdir build && cd build && ../configure --options-go-here
   * Send a NOOP only after a failed STARTTLS in IMAP. (Sunil Shetye)
   * Demote GSSAPI verbose/debug syslog to INFO severity. Requested by Carlos E. R.
     and Derek Simkowiak via the fetchmail-users@ mailing list.
   * Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory even if the
     server capabilities do not show support for upgradation to TLS.
     To use this, configure --sslproto tls1. (Sunil Shetye)
   * IMAP: Understand empty strings as FETCH response, seen on Yahoo. Reported by
     Yasin Malli to fetchmail-users@ 2010-12-10.
     Note that fetchmail continues to expect literals as FETCH response for now.

   # DOCUMENTATION
   * The manual page now links to IANA for GSSAPI service names.

   # TRANSLATION UPDATES
     [cs]    Czech (Petr Pisar)
     [fr]    French (Fric Marchal)
     [de]    German
     [it]    Italian (Vincenzo Campanella)
     [pl]    Polish (Jakub Bogusz)

   fetchmail-6.3.18 (released 2010-10-09, 25936 LoC):

   # SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE
   * Fetchmail now only accepts wildcard certificate common names and subject
     alternative names if they start with "*.". Previous versions would accept
     wildcards even if no period followed immediately.
   * Fetchmail now disallows wildcards in certificates to match domain literals
     (such as 10.9.8.7), or wildcards in domain literals ("*.168.23.23").
     The test is overly picky and triggers if the pattern (after skipping the
     initial wildcard "*") or domain consists solely of digits and dots, and thus
     matches more than needed.
   * Fetchmail now disallows wildcarding top-level domains.

   # CRITICAL BUG FIXES AND REGRESSION FIXES
   * Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to obtain MD5*
     functions, as an effect of an undocumented Solaris MD5 fix.
     This caused all MD5-related functions to malfunction if, for instance,
     libmd5.so was installed on other operating systems as part of libwww on
     machines where long isn't 32-bits, i. e. usually on 64-bit computers.
     Fixes Gentoo Bug #319283, reported, including libwww hint, by Karl Hakimian.
     Side effect: fetchmail will now use -lmd on Solaris rather than -lmd5.
   * Fetchmail 6.3.17 warned about insecure SSL/TLS connections even if a matching
     --sslfingerprint was specified. This is an omission from an SSL usability
     change made in 6.3.17.
     Fixes Debian Bug#580796 reported by Roland Stigge.
   * Fetchmail will now apply timeouts to the authentication stage.
     This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3.
     Reported missing by Thomas Jarosch.
   * Fetchmail now cancels GSSAPI authentication properly when encountering GSS
     errors, such as no or unsuitable credentials.
     It now sends an asterisk on a line by its own, as required in SASL.
       This fixes protocol synchronization issues that cause Authentication
     failures, often observed with kerberized MS Exchange servers.
     Fixes Debian Bug #568455 reported by Patrick Rynhart, and Alan Murrell, to the
     fetchmail-users list. Fix verified by Thomas Voigtmann and Patrick Rynhart.

   # BUG FIXES
   * Fetchmail will no longer print connection attempts and errors for one host
     in "silent" and "normal" logging modes, unless all connections fail. This
     should reduce irritation around refused-connection logging if services are
     only on an IPv4 socket if the host also supports IPv6. Often observed as
     connections refused to ::1/25 when the subsequent connection to 127.0.0.1/25
     then - silently - succeeds.  Fetchmail, unless in verbose mode, will collect
     all connect errors and only report them if all of them fail.
   * Fetchmail will not try GSSAPI authentication automatically, unless it has GSS
     credentials. However, if GSSAPI authentication is requested explicitly,
     fetchmail will always try it.
   * Fetchmail now parses response to "FETCH n:m RFC822.SIZE" and "FETCH n
     RFC822.HEADER" in a more flexible manner. (Sunil Shetye)
   * The manual page clearly states that --principal is for Kerberos 4 only, not
     for Kerberos 5 or GSSAPI. Found by Thomas Voigtmann.

   # CHANGES
   * When encountering incorrect headers, fetchmail will refer to the bad-header
     option in the manpage.
     Fixes BerliOS Bug #17272, change suggested by Bjn Voigt.
   * Fetchmail now decodes and reports GSSAPI status codes upon errors.
   * Fetchmail now autoprobes NTLM also for POP3.
   * The Fetchmail FAQ has a new item #R15 on authentication failures.

   # INTERNAL CHANGES
   * The common NTLM authentication code was factored out from pop3.c and imap.c.

   # TRANSLATION UPDATES
     [zh_CN] Chinese/simplified (Ji Zheng-Yu)
     [cs]    Czech (Petr Pisar)
     [nl]    Dutch (Erwin Poeze)
     [fr]    French (Fric Marchal)
     [de]    German
     [it]    Italian (Vincenzo Campanella)
     [ja]    Japanese (Takeshi Hamasaki)
     [pl]    Polish (Jakub Bogusz)
     [sk]    Slovak (Marcel Telka)

Revision 1.44 / (download) - annotate - [select for diffs], Thu Jun 9 11:52:33 2011 UTC (10 years, 7 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base
Branch point for: pkgsrc-2011Q2
Changes since 1.43: +4 -5 lines
Diff to previous 1.43 (colored)

Update fetchmail to 6.3.20.
Requested by PR#45030.

fetchmail-6.3.20 (released 2011-06-06, 26005 LoC):

# SECURITY BUG FIXES
* CVE-2011-1947:
  STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the
  set timeout (default five minutes) now. This was reported missing, with
  observed fetchmail freezes beyond a week, by Thomas Jarosch.
     SSL-wrapped connections were unaffected by this timeout, so users of older
  versions can force ssl-wrapped connections -- if supported by the server --
  with the --ssl command line or ssl rcfile option.
  See fetchmail-SA-2011-01.txt for further details.

# BUG FIXES
* IMAP: Do not search for UNSEEN messages in ranges. Usually, there are very few
  new messages and most of the range searches result in nothing. Instead, split
  the long response to make the IMAP driver think that there are multiple lines
  of response. (Sunil Shetye)
* Do not print "skipping message" for old messages even in verbose mode. If
  there are too many old messages, the logs just get filled without any real
  activity. (Sunil Shetye) (suggested by Yunfan Jiang)
* Build: fetchmail now always uses its own MD5 implementation rather than trying
  to find a system library with matched header. The library and header variants
  found on systems are too diverse, and the code size saving is not worth any
  more wasted user or programmer time.

# CHANGES
* Call strlen() only once when removing CRLF from a line. (Sunil Shetye)
* fetchmail sets Internet domain sockets to "keepalive" mode now. Note that
  there is no portable way to configure actual timeouts for this mode, and some
  systems only support a system-wide timeout setting. fetchmail does not
  attempt to tune the time spans of keepalive mode.

# TRANSLATION UPDATES
  [cs]    Chech (Petr Pisar)
  [nl]    Dutch (Erwin Poeze)
  [fr]    French (Frédéric Marchal)
  [de]    German (Matthias Andree)
  [ja]    Japanese (Takeshi Hamasaki)
  [pl]    Polish (Jakub Bogusz)
  [sk]    Slovak (Marcel Telka)

# KNOWN BUGS AND WORKAROUNDS
  (this section floats upwards through the NEWS file so it stays with the
  current release information - however, it was stuck with 6.3.8 for a while)
* fetchmail does not handle messages without Message-ID header well
  (See sourceforge.net bug #780933)
* BSMTP is mostly untested and errors can cause corrupt output.
* Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
  64-bit mode.  Either compile 32-bit code or use GCC to compile 64-bit
  fetchmail.  Note that fetchmail doesn't take advantage of 64-bit code,
  so compiling 32-bit SPARC code should not cause any difficulties.
* fetchmail does not track pending deletes over crashes.
* the command line interface is sometimes a bit stubborn, for instance,
  fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some circumstances if
  no or no global IPv6 addresses are configured.
  (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
  messages. This will not be fixed, because the maintainer has no Kerberos 5
  server to test against. Use GSSAPI.


fetchmail-6.3.19 (released 2010-12-10, 25945 LoC):

# ERRATUM NOTICE ISSUED
* fetchmail 6.3.18 contains several bug fixes that were considered sufficiently
  grave to warrant the issue of an erratum notice, fetchmail-EN-2010-03.txt.

# BUG FIXES
* When specifying multiple local multidrop lists, do not lose wildcard flag.
  (Affects "user foo is bar baz * is joe here")
* In multidrop configurations, an asterisk can now appear anywhere in the list
  of local users, not just at the end.
* In multidrop mode, header parsing is now more verbose in -vv mode, so that it
  becomes possible to see which header is used.
* Make --antispam work from command line (these used to work in rcfiles).
  Reported by Kees Bakker, BerliOS Bug #17599. (Sunil Shetye)
* Smoke test XHTML 1.1 validation, and if it fails, skip validating HTML
  documents.  Skip validating Mailbox-Names-UTF7.html. Several systems have
  broken XHTML 1.1 DTD installations that jeopardize the build.
  Reported by Mihail Nechkin against FreeBSD port.
  Workaround for 6.3.18: build in a separate directory, i. e:
  mkdir build && cd build && ../configure --options-go-here
* Send a NOOP only after a failed STARTTLS in IMAP. (Sunil Shetye)
* Demote GSSAPI verbose/debug syslog to INFO severity. Requested by Carlos E. R.
  and Derek Simkowiak via the fetchmail-users@ mailing list.
* Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory even if the
  server capabilities do not show support for upgradation to TLS.
  To use this, configure --sslproto tls1. (Sunil Shetye)
* IMAP: Understand empty strings as FETCH response, seen on Yahoo. Reported by
  Yasin Malli to fetchmail-users@ 2010-12-10.
  Note that fetchmail continues to expect literals as FETCH response for now.

# DOCUMENTATION
* The manual page now links to IANA for GSSAPI service names.

# TRANSLATION UPDATES
  [cs]    Czech (Petr Pisar)
  [fr]    French (Frédéric Marchal)
  [de]    German
  [it]    Italian (Vincenzo Campanella)
  [pl]    Polish (Jakub Bogusz)


fetchmail-6.3.18 (released 2010-10-09, 25936 LoC):

# SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE
* Fetchmail now only accepts wildcard certificate common names and subject
  alternative names if they start with "*.". Previous versions would accept
  wildcards even if no period followed immediately.
* Fetchmail now disallows wildcards in certificates to match domain literals
  (such as 10.9.8.7), or wildcards in domain literals ("*.168.23.23").
  The test is overly picky and triggers if the pattern (after skipping the
  initial wildcard "*") or domain consists solely of digits and dots, and thus
  matches more than needed.
* Fetchmail now disallows wildcarding top-level domains.

# CRITICAL BUG FIXES AND REGRESSION FIXES
* Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to obtain MD5*
  functions, as an effect of an undocumented Solaris MD5 fix.
  This caused all MD5-related functions to malfunction if, for instance,
  libmd5.so was installed on other operating systems as part of libwww on
  machines where long isn't 32-bits, i. e. usually on 64-bit computers.
  Fixes Gentoo Bug #319283, reported, including libwww hint, by Karl Hakimian.
  Side effect: fetchmail will now use -lmd on Solaris rather than -lmd5.
* Fetchmail 6.3.17 warned about insecure SSL/TLS connections even if a matching
  --sslfingerprint was specified. This is an omission from an SSL usability
  change made in 6.3.17.
  Fixes Debian Bug#580796 reported by Roland Stigge.
* Fetchmail will now apply timeouts to the authentication stage.
  This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3.
  Reported missing by Thomas Jarosch.
* Fetchmail now cancels GSSAPI authentication properly when encountering GSS
  errors, such as no or unsuitable credentials.
  It now sends an asterisk on a line by its own, as required in SASL.
    This fixes protocol synchronization issues that cause Authentication
  failures, often observed with kerberized MS Exchange servers.
  Fixes Debian Bug #568455 reported by Patrick Rynhart, and Alan Murrell, to the
  fetchmail-users list. Fix verified by Thomas Voigtmann and Patrick Rynhart.

# BUG FIXES
* Fetchmail will no longer print connection attempts and errors for one host
  in "silent" and "normal" logging modes, unless all connections fail. This
  should reduce irritation around refused-connection logging if services are
  only on an IPv4 socket if the host also supports IPv6. Often observed as
  connections refused to ::1/25 when the subsequent connection to 127.0.0.1/25
  then - silently - succeeds.  Fetchmail, unless in verbose mode, will collect
  all connect errors and only report them if all of them fail.
* Fetchmail will not try GSSAPI authentication automatically, unless it has GSS
  credentials. However, if GSSAPI authentication is requested explicitly,
  fetchmail will always try it.
* Fetchmail now parses response to "FETCH n:m RFC822.SIZE" and "FETCH n
  RFC822.HEADER" in a more flexible manner. (Sunil Shetye)
* The manual page clearly states that --principal is for Kerberos 4 only, not
  for Kerberos 5 or GSSAPI. Found by Thomas Voigtmann.

# CHANGES
* When encountering incorrect headers, fetchmail will refer to the bad-header
  option in the manpage.
  Fixes BerliOS Bug #17272, change suggested by Björn Voigt.
* Fetchmail now decodes and reports GSSAPI status codes upon errors.
* Fetchmail now autoprobes NTLM also for POP3.
* The Fetchmail FAQ has a new item #R15 on authentication failures.

# INTERNAL CHANGES
* The common NTLM authentication code was factored out from pop3.c and imap.c.

# TRANSLATION UPDATES
  [zh_CN] Chinese/simplified (Ji Zheng-Yu)
  [cs]    Czech (Petr Pisar)
  [nl]    Dutch (Erwin Poeze)
  [fr]    French (Frédéric Marchal)
  [de]    German
  [it]    Italian (Vincenzo Campanella)
  [ja]    Japanese (Takeshi Hamasaki)
  [pl]    Polish (Jakub Bogusz)
  [sk]    Slovak (Marcel Telka)

Revision 1.41.2.1 / (download) - annotate - [select for diffs], Sun May 9 18:10:13 2010 UTC (11 years, 8 months ago) by spz
Branch: pkgsrc-2010Q1
Changes since 1.41: +5 -4 lines
Diff to previous 1.41 (colored) next main 1.42 (colored)

Pullup ticket 3108 - requested by tez and tron
security update

Revisions pulled up:
- pkgsrc/mail/fetchmail/Makefile	1.173
- pkgsrc/mail/fetchmail/distinfo	1.43
- pkgsrc/mail/fetchmailconf/Makefile	1.79

Files added:
pkgsrc/mail/fetchmail/MESSAGE
pkgsrc/mail/fetchmail/patches/patch-aa

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Sat May  8 15:34:59 UTC 2010

   Modified Files:
           pkgsrc/mail/fetchmail: Makefile distinfo
   Added Files:
           pkgsrc/mail/fetchmail: MESSAGE

   Log Message:
   Update to 6.3.17 per PR#43269

   fetchmail-6.3.17 (released 2010-05-06, 25767 LoC):

   # SECURITY FIX
   * CVE-2010-1167: Fetchmail before release 6.3.17 did not properly sanitize
     external input (mail headers and UID). When a multi-character locale (such as

   # FEATURES
   * Fetchmail now supports a --sslcertfile <file> option to specify a "CA bundle"
     file (a file that contains trusted CA certificates). Since these bundled CA
     files do not require c_rehash to be run, they are easier to use and immune to
     OpenSSL library updates that affect the hash function.
   * Fetchmail now supports a FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS
     environment variable to force loading the default SSL CA certificate
     locations even if --sslcertfile or --sslcertpath is used.
     If neither option is in effect, fetchmail loads the default locations.

   # REGRESSION FIX
   * Fix string handling in rcfile scanner, which caused fetchmail to misparse a
     run control file in certain circumstances.  Fixes BerliOS bug #14257.
     Patch by Michael Banack.  This fixes a regression introduced before 6.3.0.

   # BUG FIXES
   * Plug memory leak when using a "defaults" entry in the run control file.
   * Do not print SSL certificate mismatches unless verbose or --sslcertck is
     enabled.
   * Do not lose "set invisible" in fetchmailconf. (Michael Barnack)

   # CHANGES
   * Usability: SSL certificate chains are fully printed in -v -v mode, and there
     are now helpful pointers to --sslcertpath and c_rehash for "unable to get
     local issuer certificate" and self-signed certificates -- these usually hint
     to missing root signing CAs in the certs directory.
   * Several fixes for compiler (GCC, Intel C++, CLang) and autotools warnings
   * Memory allocation failures will now cause abnormal program abort (SIGABRT),
     no longer an exit with unspecified code.

   # DOCUMENTATION
   * Fix table of global option to read "set softbounce" where there used to be a
     2nd copy of "set spambounce".  Patch by Michael Banack, BerliOS Bug #17067.
   * In the --sslcertpath description, mention that OpenSSL upgrade (and a 0.9.X
     to 1.0.0 upgrade in particular) may require running c_rehash.

   # TRANSLATION UPDATES
     [zh_CN] Chinese/simplified (Ji Zheng-Yu)
     [cs]    Czech (Petr Pisar)
     [nl]    Dutch (Erwin Poeze)
     [fr]    French (Fr\xc3<A9>d\xc3<A9>ric Marchal)
     [de]    German
     [id]    Indonesian (Andhika Padmawan)
     [it]    Italian (Vincenzo Campanella)
     [ja]    Japanese (Takeshi Hamasaki)
     [pl]    Polish (Jakub Bogusz)
     [sk]    Slovak (Marcel Telka)
     [vi]    Vietnamese (Clytie Siddall)

   # KNOWN BUGS AND WORKAROUNDS:
     (this section floats upwards through the NEWS file so it stays with the
     current release information - however, it was stuck with 6.3.8 for a while)
   * fetchmail does not handle messages without Message-ID header well
     (See sourceforge.net bug #780933)
   * BSMTP is mostly untested and errors can cause corrupt output.
   * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
     64-bit mode.  Either compile 32-bit code or use GCC to compile 64-bit
     fetchmail.  Note that fetchmail doesn't take advantage of 64-bit code,
     so compiling 32-bit SPARC code should not cause any difficulties.
   * fetchmail does not track pending deletes over crashes
   * the command line interface is sometimes a bit stubborn, for instance,
     fetchmail -s doesn't work with a daemon running

   fetchmail-6.3.16 (released 2010-04-06, 25574 LoC):

   # BUG FIX
   * Fix --interface option, broken in 6.3.15. Reported by Vladmimir Stavrinov.
     Fixes Debian Bug #576717.

   # CHANGE
   * Call OpenSSL_add_all_algorithms(). This is needed to support non-mandatory
     and non-standard algorithms in certificates.
     Sjoerd Simons, to fix Debian Bug #576430.
     OpenSSL 0.9.8* does not load - for instance - the SHA256 digest by default.
     Reported as OpenSSL RT#2224.

   fetchmail-6.3.15 (released 2010-03-28, 25572 LoC):

   # FEATURE
   * Fetchmail now supports a bad-header command line or rcfile option that takes
     exactly one argument, accept or reject (default).  This specifies how messages
     with bad headers retrieved from the current server are to be treated.

   # BUG FIXES
   * In the rcfile, recognize "local" as abbreviation for "localdomains", as
     documented. The short form has not ever worked since this feature was added in
     January 1997. Reported by Fr\xc3<A9>d\xc3<A9>ric Marchal.
   * Do not close stdout when using mda and "bsmtp -" at the same time.
   * Log operating system errors when BSMTP writes fail.
   * Fix verbose mode progress formatting regression from 6.3.10; SMTP trace lines
     were no longer on a line of their own. Reported by Melchior Franz.
   * Check seteuid() return value and abort running MDA if switch fails.
   * Set global flags in a consistent manner. Make --nosoftbounce and
     --nobounce work from command line (these used to work in rcfiles).
     Reported and fix confirmed working by N.J. Mann. (Sunil Shetye)
   * Properly import h_errno declarations, even on systems where h_errno isn't a
     macro. (Adds ./configure check, fixes Cygwin dllimport warnings.)

   # CHANGES
   * The repository has been converted and moved from the Subversion (SVN) format
     kindly hosted by Graham Wilson over the past years to Git format hosted on
     Gitorious.org.  My deepest thanks to Graham Wilson for this service that
     kept us going when BerliOS's Subversion service was faulty in its early days.
   * This opportunity was used to convert BRANCH_6-2 and BRANCH_1-9-9 to
     GnuPG-signed tags, as a sign that these are now closed.
   * The outdated SVN trunk is now called "oldtrunk" in Git just to save the work
     for future reference. All development in the past few years was on BRANCH_6-3.
   * master was branched from BRANCH_6-3.  BRANCH_6-3 is now obsolete (and in fact
     was also converted to a tag to record where the conversion from SVN to Git
     took place).
   * "make check" now skips HTML validation if xmllint or XHTML DTD are missing.

   # DOCUMENTATION
   * Web site and documentation were adjusted to reflect the SVN->Git move.
   * The fetchmail manual page is now much clearer on the user id switching
     (seteuid) when using --mda while running as the super user.

   # TRANSLATION UPDATES, by language name
   * [zh_CN] Chinese (Simplified), by Ji Zheng-Yu
   * [cs]    Czech, by Petr Pisar
   * [nl]    Dutch, by Erwin Poeze
   * [fr]    French, by Fr\xc3<A9>d\xc3<A9>ric Marchal
   * [de]    German
   * [id]    Indonesian, by Andhika Padmawan
   * [it]    Italian, by Vincenzo Campanella
   * [ja]    Japanese, by Takeshi Hamasaki
   * [pl]    Polish, by Jakub Bogusz
   * [vi]    Vietnamese, by Clytie Siddall


   To generate a diff of this commit:
   cvs rdiff -u -r0 -r1.1 pkgsrc/mail/fetchmail/MESSAGE
   cvs rdiff -u -r1.171 -r1.172 pkgsrc/mail/fetchmail/Makefile
   cvs rdiff -u -r1.41 -r1.42 pkgsrc/mail/fetchmail/distinfo

   -------------------------------------------------------------------------

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Sun May  9 11:45:28 UTC 2010

   Modified Files:
           pkgsrc/mail/fetchmail: Makefile distinfo
   Added Files:
           pkgsrc/mail/fetchmail/patches: patch-aa

   Log Message:
   Add patch by Matthias Andree to avoid warnings about insecure connections
   if SSL fingerprints are used.


   To generate a diff of this commit:
   cvs rdiff -u -r1.172 -r1.173 pkgsrc/mail/fetchmail/Makefile
   cvs rdiff -u -r1.42 -r1.43 pkgsrc/mail/fetchmail/distinfo
   cvs rdiff -u -r0 -r1.8 pkgsrc/mail/fetchmail/patches/patch-aa

   -------------------------------------------------------------------------

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Sun May  9 11:54:21 UTC 2010

   Modified Files:
           pkgsrc/mail/fetchmailconf: Makefile

   Log Message:
   Unbreak "fetchmailconf" package by updating it to version 6.3.17 as well.
   Changes since version 6.3.14:

   # BUG FIXES
   * Do not lose "set invisible" in fetchmailconf. (Michael Barnack)


   To generate a diff of this commit:
   cvs rdiff -u -r1.78 -r1.79 pkgsrc/mail/fetchmailconf/Makefile

Revision 1.43 / (download) - annotate - [select for diffs], Sun May 9 11:45:28 2010 UTC (11 years, 8 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2
Branch point for: pkgsrc-2011Q1
Changes since 1.42: +2 -1 lines
Diff to previous 1.42 (colored)

Add patch by Matthias Andree to avoid warnings about insecure connections
if SSL fingerprints are used.

Revision 1.42 / (download) - annotate - [select for diffs], Sat May 8 15:34:59 2010 UTC (11 years, 8 months ago) by tez
Branch: MAIN
Changes since 1.41: +3 -3 lines
Diff to previous 1.41 (colored)

Update to 6.3.17 per PR#43269

fetchmail-6.3.17 (released 2010-05-06, 25767 LoC):

# SECURITY FIX
* CVE-2010-1167: Fetchmail before release 6.3.17 did not properly sanitize
  external input (mail headers and UID). When a multi-character locale (such as

# FEATURES
* Fetchmail now supports a --sslcertfile <file> option to specify a "CA bundle"
  file (a file that contains trusted CA certificates). Since these bundled CA
  files do not require c_rehash to be run, they are easier to use and immune to
  OpenSSL library updates that affect the hash function.
* Fetchmail now supports a FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS
  environment variable to force loading the default SSL CA certificate
  locations even if --sslcertfile or --sslcertpath is used.
  If neither option is in effect, fetchmail loads the default locations.

# REGRESSION FIX
* Fix string handling in rcfile scanner, which caused fetchmail to misparse a
  run control file in certain circumstances.  Fixes BerliOS bug #14257.
  Patch by Michael Banack.  This fixes a regression introduced before 6.3.0.

# BUG FIXES
* Plug memory leak when using a "defaults" entry in the run control file.
* Do not print SSL certificate mismatches unless verbose or --sslcertck is
  enabled.
* Do not lose "set invisible" in fetchmailconf. (Michael Barnack)

# CHANGES
* Usability: SSL certificate chains are fully printed in -v -v mode, and there
  are now helpful pointers to --sslcertpath and c_rehash for "unable to get
  local issuer certificate" and self-signed certificates -- these usually hint
  to missing root signing CAs in the certs directory.
* Several fixes for compiler (GCC, Intel C++, CLang) and autotools warnings
* Memory allocation failures will now cause abnormal program abort (SIGABRT),
  no longer an exit with unspecified code.

# DOCUMENTATION
* Fix table of global option to read "set softbounce" where there used to be a
  2nd copy of "set spambounce".  Patch by Michael Banack, BerliOS Bug #17067.
* In the --sslcertpath description, mention that OpenSSL upgrade (and a 0.9.X
  to 1.0.0 upgrade in particular) may require running c_rehash.

# TRANSLATION UPDATES
  [zh_CN] Chinese/simplified (Ji Zheng-Yu)
  [cs]    Czech (Petr Pisar)
  [nl]    Dutch (Erwin Poeze)
  [fr]    French (Fr\xc3<A9>d\xc3<A9>ric Marchal)
  [de]    German
  [id]    Indonesian (Andhika Padmawan)
  [it]    Italian (Vincenzo Campanella)
  [ja]    Japanese (Takeshi Hamasaki)
  [pl]    Polish (Jakub Bogusz)
  [sk]    Slovak (Marcel Telka)
  [vi]    Vietnamese (Clytie Siddall)

# KNOWN BUGS AND WORKAROUNDS:
  (this section floats upwards through the NEWS file so it stays with the
  current release information - however, it was stuck with 6.3.8 for a while)
* fetchmail does not handle messages without Message-ID header well
  (See sourceforge.net bug #780933)
* BSMTP is mostly untested and errors can cause corrupt output.
* Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
  64-bit mode.  Either compile 32-bit code or use GCC to compile 64-bit
  fetchmail.  Note that fetchmail doesn't take advantage of 64-bit code,
  so compiling 32-bit SPARC code should not cause any difficulties.
* fetchmail does not track pending deletes over crashes
* the command line interface is sometimes a bit stubborn, for instance,
  fetchmail -s doesn't work with a daemon running


fetchmail-6.3.16 (released 2010-04-06, 25574 LoC):

# BUG FIX
* Fix --interface option, broken in 6.3.15. Reported by Vladmimir Stavrinov.
  Fixes Debian Bug #576717.

# CHANGE
* Call OpenSSL_add_all_algorithms(). This is needed to support non-mandatory
  and non-standard algorithms in certificates.
  Sjoerd Simons, to fix Debian Bug #576430.
  OpenSSL 0.9.8* does not load - for instance - the SHA256 digest by default.
  Reported as OpenSSL RT#2224.


fetchmail-6.3.15 (released 2010-03-28, 25572 LoC):

# FEATURE
* Fetchmail now supports a bad-header command line or rcfile option that takes
  exactly one argument, accept or reject (default).  This specifies how messages
  with bad headers retrieved from the current server are to be treated.

# BUG FIXES
* In the rcfile, recognize "local" as abbreviation for "localdomains", as
  documented. The short form has not ever worked since this feature was added in
  January 1997. Reported by Fr\xc3<A9>d\xc3<A9>ric Marchal.
* Do not close stdout when using mda and "bsmtp -" at the same time.
* Log operating system errors when BSMTP writes fail.
* Fix verbose mode progress formatting regression from 6.3.10; SMTP trace lines
  were no longer on a line of their own. Reported by Melchior Franz.
* Check seteuid() return value and abort running MDA if switch fails.
* Set global flags in a consistent manner. Make --nosoftbounce and
  --nobounce work from command line (these used to work in rcfiles).
  Reported and fix confirmed working by N.J. Mann. (Sunil Shetye)
* Properly import h_errno declarations, even on systems where h_errno isn't a
  macro. (Adds ./configure check, fixes Cygwin dllimport warnings.)

# CHANGES
* The repository has been converted and moved from the Subversion (SVN) format
  kindly hosted by Graham Wilson over the past years to Git format hosted on
  Gitorious.org.  My deepest thanks to Graham Wilson for this service that
  kept us going when BerliOS's Subversion service was faulty in its early days.
* This opportunity was used to convert BRANCH_6-2 and BRANCH_1-9-9 to
  GnuPG-signed tags, as a sign that these are now closed.
* The outdated SVN trunk is now called "oldtrunk" in Git just to save the work
  for future reference. All development in the past few years was on BRANCH_6-3.
* master was branched from BRANCH_6-3.  BRANCH_6-3 is now obsolete (and in fact
  was also converted to a tag to record where the conversion from SVN to Git
  took place).
* "make check" now skips HTML validation if xmllint or XHTML DTD are missing.

# DOCUMENTATION
* Web site and documentation were adjusted to reflect the SVN->Git move.
* The fetchmail manual page is now much clearer on the user id switching
  (seteuid) when using --mda while running as the super user.

# TRANSLATION UPDATES, by language name
* [zh_CN] Chinese (Simplified), by Ji Zheng-Yu
* [cs]    Czech, by Petr Pisar
* [nl]    Dutch, by Erwin Poeze
* [fr]    French, by Fr\xc3<A9>d\xc3<A9>ric Marchal
* [de]    German
* [id]    Indonesian, by Andhika Padmawan
* [it]    Italian, by Vincenzo Campanella
* [ja]    Japanese, by Takeshi Hamasaki
* [pl]    Polish, by Jakub Bogusz
* [vi]    Vietnamese, by Clytie Siddall

Revision 1.40.4.1 / (download) - annotate - [select for diffs], Mon Feb 15 07:37:32 2010 UTC (11 years, 11 months ago) by spz
Branch: pkgsrc-2009Q4
Changes since 1.40: +4 -4 lines
Diff to previous 1.40 (colored) next main 1.41 (colored)

Pullup ticket 3006 - requested by tron
security update

Revisions pulled up:
- pkgsrc/mail/fetchmail/Makefile	1.170
- pkgsrc/mail/fetchmail/distinfo	1.41
- pkgsrc/mail/fetchmailconf/Makefile	1.78

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Sun Feb 14 09:46:00 UTC 2010

   Modified Files:
           pkgsrc/mail/fetchmail: Makefile distinfo

   Log Message:
   Update to 6.3.14:

   fetchmail 6.3.14 (released 2010-02-05, 25487 LoC):

   # SECURITY FIXES
   * SSL/TLS certificate information is now also reported properly on computers
     that consider the "char" type signed. Fixes malloc() buffer overrun.
     Workaround for older versions: do not use verbose mode.
     See fetchmail-SA-2010-01.txt for details, including a minimal patch.

   # BUG FIXES
   * The IMAP client no longer skips messages from several IMAP servers including
     Dovecot if fetchmail's "idle" is in use.  Causes were that fetchmail (a)
     ignored some untagged responses when it should not (b) relied on EXISTS
     messages in response to EXPUNGE, which aren't mandated by RFC-3501 (the IMAP
     standard) and aren't sent by Dovecot either.
       Fix by Sunil Shetye (the fix also consolidates IMAP response handling,
     improving overall robustness of the IMAP client), bug report and testing by
     Matt Doran, with further hints from Timo Sirainen.
   * The SMTP client now recovers from errors (such as servers dropping the
     connection after errors) when sending an RSET command.
       Fix by Sunil Shetye. Report by James Moe.
   * The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH UNSEEN NOT
     DELETED" again on IMAP2, to fix a regression in fetchmail 6.2.5 reported by
     Will Stringer in June 2004. (Sunil Shetye)
   * The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4 and IMAP4r1
     servers (Sunil Shetye).
   * Workaround: The IMAP client now falls back to "FETCH n:m FLAGS" if the server
     does not support "SEARCH". (Sunil Shetye)
   * The IMAP client now requests message numbers in batches of 1,000 to avoid
     problems if there are more than 1860 unseen messages. (Sunil Shetye)
       Note that this wasn't security relevant because fetchmail would only read up
     to the maximum buffer size and leave the remainder of the string unread, going
     out of synch afterwards.
   * Stricter validation of IMAP responses containing byte or message counts.

   # CHANGES
   * Only include gssapi.h if we're not including gssapi/gssapi.h, to fix a FreeBSD
     compiler warning about gssapi.h being obsolete.

   # DOCUMENTATION
   * The README.SSL document was revised for grammar, spelling, and clarity.
     Courtesy of Robert Mullin.

   fetchmail 6.3.13 (released 2009-10-30, 25333 LoC):

   # REGRESSION FIXES
   * The multiline SMTP error fix in release 6.3.12 caused fetchmail to lose
     message codes 400..599 and treat all of these as temporary error. This would
     cause messages to be left on the server even if softbounce was turned off.
     Reported by Thomas Jarosch.

   fetchmail 6.3.12 (released 2009-10-05):

   # REGRESSION FIXES
   * The CVS-2009-2666 fix in fetchmail release 6.3.11 caused a free() of
     unallocated memory on SSL connections, which caused crashes or program aborts
     on some systems (depending on how initialization and free() of unallocated
     memory is handled in compiler and libc).
     Workaround for older versions: run in verbose mode.
     Patch courtesy of Thomas Heinz, fixes Gentoo Bug #280760.
     This regression affected only the 6.3.11 release, but not the patch that was
     part of the security announcement fetchmail-SA-2009-01.

   # BUG FIXES
   * Fix error reporting for GSSAPI on Heimdal (h5l) Kerberos.
   * Look for MD5_Init in libcrypto rather than libssl, fixes Gentoo Kerberos
     builds; fixes upstream parts of Gentoo Bugs #231400 and #185652, and fixes
     BerliOS Bug #16134.
   * Report multiline SMTP errors properly, reported by Earl Chew; fixes Debian Bug
     #529899, reported by Akihiro Terasaki.
     Note: This fix introduced a regression, fixed in 6.3.13.
   * Replace control characters in SMTP replies by '?'.
   * Fetchmailconf: Fix descriptions for smtpaddress and smtpname options;
     smtpaddress is for RCPT TO, not MAIL FROM. Found by Gerard Seibert.

   ..as well as translation updates in all three releases.


   To generate a diff of this commit:
   cvs rdiff -u -r1.169 -r1.170 pkgsrc/mail/fetchmail/Makefile
   cvs rdiff -u -r1.40 -r1.41 pkgsrc/mail/fetchmail/distinfo

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tnn
   Date:           Sun Feb 14 13:06:32 UTC 2010

   Modified Files:
           pkgsrc/mail/fetchmailconf: Makefile

   Log Message:
   catch up w/ fetchmail


   To generate a diff of this commit:
   cvs rdiff -u -r1.77 -r1.78 pkgsrc/mail/fetchmailconf/Makefile

Revision 1.41 / (download) - annotate - [select for diffs], Sun Feb 14 09:46:00 2010 UTC (11 years, 11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base
Branch point for: pkgsrc-2010Q1
Changes since 1.40: +4 -4 lines
Diff to previous 1.40 (colored)

Update to 6.3.14:

fetchmail 6.3.14 (released 2010-02-05, 25487 LoC):

# SECURITY FIXES
* SSL/TLS certificate information is now also reported properly on computers
  that consider the "char" type signed. Fixes malloc() buffer overrun.
  Workaround for older versions: do not use verbose mode.
  See fetchmail-SA-2010-01.txt for details, including a minimal patch.

# BUG FIXES
* The IMAP client no longer skips messages from several IMAP servers including
  Dovecot if fetchmail's "idle" is in use.  Causes were that fetchmail (a)
  ignored some untagged responses when it should not (b) relied on EXISTS
  messages in response to EXPUNGE, which aren't mandated by RFC-3501 (the IMAP
  standard) and aren't sent by Dovecot either.
    Fix by Sunil Shetye (the fix also consolidates IMAP response handling,
  improving overall robustness of the IMAP client), bug report and testing by
  Matt Doran, with further hints from Timo Sirainen.
* The SMTP client now recovers from errors (such as servers dropping the
  connection after errors) when sending an RSET command.
    Fix by Sunil Shetye. Report by James Moe.
* The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH UNSEEN NOT
  DELETED" again on IMAP2, to fix a regression in fetchmail 6.2.5 reported by
  Will Stringer in June 2004. (Sunil Shetye)
* The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4 and IMAP4r1
  servers (Sunil Shetye).
* Workaround: The IMAP client now falls back to "FETCH n:m FLAGS" if the server
  does not support "SEARCH". (Sunil Shetye)
* The IMAP client now requests message numbers in batches of 1,000 to avoid
  problems if there are more than 1860 unseen messages. (Sunil Shetye)
    Note that this wasn't security relevant because fetchmail would only read up
  to the maximum buffer size and leave the remainder of the string unread, going
  out of synch afterwards.
* Stricter validation of IMAP responses containing byte or message counts.

# CHANGES
* Only include gssapi.h if we're not including gssapi/gssapi.h, to fix a FreeBSD
  compiler warning about gssapi.h being obsolete.

# DOCUMENTATION
* The README.SSL document was revised for grammar, spelling, and clarity.
  Courtesy of Robert Mullin.

fetchmail 6.3.13 (released 2009-10-30, 25333 LoC):

# REGRESSION FIXES
* The multiline SMTP error fix in release 6.3.12 caused fetchmail to lose
  message codes 400..599 and treat all of these as temporary error. This would
  cause messages to be left on the server even if softbounce was turned off.
  Reported by Thomas Jarosch.

fetchmail 6.3.12 (released 2009-10-05):

# REGRESSION FIXES
* The CVS-2009-2666 fix in fetchmail release 6.3.11 caused a free() of
  unallocated memory on SSL connections, which caused crashes or program aborts
  on some systems (depending on how initialization and free() of unallocated
  memory is handled in compiler and libc).
  Workaround for older versions: run in verbose mode.
  Patch courtesy of Thomas Heinz, fixes Gentoo Bug #280760.
  This regression affected only the 6.3.11 release, but not the patch that was
  part of the security announcement fetchmail-SA-2009-01.

# BUG FIXES
* Fix error reporting for GSSAPI on Heimdal (h5l) Kerberos.
* Look for MD5_Init in libcrypto rather than libssl, fixes Gentoo Kerberos
  builds; fixes upstream parts of Gentoo Bugs #231400 and #185652, and fixes
  BerliOS Bug #16134.
* Report multiline SMTP errors properly, reported by Earl Chew; fixes Debian Bug
  #529899, reported by Akihiro Terasaki.
  Note: This fix introduced a regression, fixed in 6.3.13.
* Replace control characters in SMTP replies by '?'.
* Fetchmailconf: Fix descriptions for smtpaddress and smtpname options;
  smtpaddress is for RCPT TO, not MAIL FROM. Found by Gerard Seibert.

...as well as translation updates in all three releases.

Revision 1.39.14.1 / (download) - annotate - [select for diffs], Fri Aug 14 18:45:44 2009 UTC (12 years, 5 months ago) by salo
Branch: pkgsrc-2009Q2
Changes since 1.39: +4 -6 lines
Diff to previous 1.39 (colored) next main 1.40 (colored)

Pullup ticket #2859 - requested by tron
fetchmail: security update
fetchmailconf: security update

Revisions pulled up:
- pkgsrc/mail/fetchmail/Makefile		1.169
- pkgsrc/mail/fetchmail/PLIST			1.13
- pkgsrc/mail/fetchmail/distinfo		1.40
- pkgsrc/mail/fetchmail/patches/patch-aa	removed
- pkgsrc/mail/fetchmail/patches/patch-aa	removed
- pkgsrc/mail/fetchmailconf/Makefile		1.75

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Mon Aug 10 08:46:30 UTC 2009

   Modified Files:
   	pkgsrc/mail/fetchmail: Makefile PLIST distinfo
   	pkgsrc/mail/fetchmailconf: Makefile
   Removed Files:
   	pkgsrc/mail/fetchmail/patches: patch-aa patch-ab

   Log Message:
   Update "fetchmail" package to version 6.3.11. Changes since version 6.3.8:
   - Security fixes for CVE-2009-2666, CVE-2007-4565 and CVE-2008-2711.
   - Fetchmail no longer drops permanently undelivered messages by default,
     to match historic documentation.  It does this by adding a new
     "softbounce" option.
   - A lot bug fixes and improvements.

Revision 1.40 / (download) - annotate - [select for diffs], Mon Aug 10 08:46:30 2009 UTC (12 years, 5 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base, pkgsrc-2009Q3-base, pkgsrc-2009Q3
Branch point for: pkgsrc-2009Q4
Changes since 1.39: +4 -6 lines
Diff to previous 1.39 (colored)

Update "fetchmail" package to version 6.3.11. Changes since version 6.3.8:
- Security fixes for CVE-2009-2666, CVE-2007-4565 and CVE-2008-2711.
- Fetchmail no longer drops permanently undelivered messages by default,
  to match historic documentation.  It does this by adding a new
  "softbounce" option.
- A lot bug fixes and improvements.

Revision 1.38.6.1 / (download) - annotate - [select for diffs], Thu Jun 19 16:45:15 2008 UTC (13 years, 7 months ago) by ghen
Branch: pkgsrc-2008Q1
Changes since 1.38: +2 -1 lines
Diff to previous 1.38 (colored) next main 1.39 (colored)

Pullup ticket 2431 - requested by obache
security fix for fetchmail

- pkgsrc/mail/fetchmail/Makefile			1.167
- pkgsrc/mail/fetchmail/distinfo			1.39
- pkgsrc/mail/fetchmail/patches/patch-ab		1.18

   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Thu Jun 19 11:29:49 UTC 2008

   Modified Files:
	   pkgsrc/mail/fetchmail: Makefile distinfo
   Added Files:
	   pkgsrc/mail/fetchmail/patches: patch-ab

   Log Message:
   Add patch for CVE-2008-2711.
   Taken from http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt

   Bump PKGREVISION.

Revision 1.39 / (download) - annotate - [select for diffs], Thu Jun 19 11:29:49 2008 UTC (13 years, 7 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base, pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, cwrapper, cube-native-xorg-base, cube-native-xorg
Branch point for: pkgsrc-2009Q2
Changes since 1.38: +2 -1 lines
Diff to previous 1.38 (colored)

Add patch for CVE-2008-2711.
Taken from http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt

Bump PKGREVISION.

Revision 1.37.2.1 / (download) - annotate - [select for diffs], Sun Sep 23 14:35:05 2007 UTC (14 years, 4 months ago) by ghen
Branch: pkgsrc-2007Q2
Changes since 1.37: +2 -1 lines
Diff to previous 1.37 (colored) next main 1.38 (colored)

Pullup ticket 2192 - requested by tron
security fix for fetchmail

- pkgsrc/mail/fetchmail/Makefile			1.163
- pkgsrc/mail/fetchmail/distinfo			1.38
- pkgsrc/mail/fetchmail/patches/patch-aa		1.6

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Sun Sep 23 12:48:46 UTC 2007

   Modified Files:
	   pkgsrc/mail/fetchmail: Makefile distinfo
   Added Files:
	   pkgsrc/mail/fetchmail/patches: patch-aa

   Log Message:
   Add fix for security vulnerability reported in CVE-2007-4565.
   Bump package revision.

Revision 1.38 / (download) - annotate - [select for diffs], Sun Sep 23 12:48:46 2007 UTC (14 years, 4 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base, pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3
Branch point for: pkgsrc-2008Q1
Changes since 1.37: +2 -1 lines
Diff to previous 1.37 (colored)

Add fix for security vulnerability reported in CVE-2007-4565.
Bump package revision.

Revision 1.36.2.1 / (download) - annotate - [select for diffs], Sun Apr 15 11:33:38 2007 UTC (14 years, 9 months ago) by ghen
Branch: pkgsrc-2007Q1
Changes since 1.36: +4 -4 lines
Diff to previous 1.36 (colored) next main 1.37 (colored)

Pullup ticket 2065 - requested by tron
security update for fetchmail

- pkgsrc/mail/fetchmail/Makefile			1.162
- pkgsrc/mail/fetchmail/distinfo			1.37
- pkgsrc/mail/fetchmailconf/Makefile			1.72

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Sat Apr 14 22:14:29 UTC 2007

   Modified Files:
	   pkgsrc/mail/fetchmail: Makefile distinfo
	   pkgsrc/mail/fetchmailconf: Makefile

   Log Message:
   Update "fetchmail" and "fetchmailconf" packages to version 6.3.8.
   Changes since version 6.3.6:
   - Make the APOP challenge parser more distrustful and have it reject
     challenges that do not conform to RFC-822 msg-id format, in the hope
     to make mounting man-in-the-middle attacks (MITM) against APOP a bit
     more difficult. (CVE-2007-1558)
   - Fix pluralization of oversized-message warning mails.
   - Fix manual page: --sslcheck -> --sslcertck, and do not set trailing
     "recommended:" in bold.
   - Repoll immediately if a protocol error happens during the authentication
     attempt after a failed opportunistic TLS upgrade.
   - Fix rendering of the "24 - 26, 28, 29" paragraph in the exit codes
     section.
   - If SOCKS support was compiled in, add 'socks' to the feature_options
     Python list emitted in --configdump.
   - Do not crash with a null pointer dereference when opening the BSMTP file
     fails. Improve error checking and reporting.
   - Make BSMTP output actually work, it would persistently fail with SOCKET
     error after writing the first header.
   - Fix KPOP.
   - Fix repoll when server disconnects after opportunistic TLS failed for
     POP3.

Revision 1.37 / (download) - annotate - [select for diffs], Sat Apr 14 22:14:29 2007 UTC (14 years, 9 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base
Branch point for: pkgsrc-2007Q2
Changes since 1.36: +4 -4 lines
Diff to previous 1.36 (colored)

Update "fetchmail" and "fetchmailconf" packages to version 6.3.8.
Changes since version 6.3.6:
- Make the APOP challenge parser more distrustful and have it reject
  challenges that do not conform to RFC-822 msg-id format, in the hope
  to make mounting man-in-the-middle attacks (MITM) against APOP a bit
  more difficult. (CVE-2007-1558)
- Fix pluralization of oversized-message warning mails.
- Fix manual page: --sslcheck -> --sslcertck, and do not set trailing
  "recommended:" in bold.
- Repoll immediately if a protocol error happens during the authentication
  attempt after a failed opportunistic TLS upgrade.
- Fix rendering of the "24 - 26, 28, 29" paragraph in the exit codes
  section.
- If SOCKS support was compiled in, add 'socks' to the feature_options
  Python list emitted in --configdump.
- Do not crash with a null pointer dereference when opening the BSMTP file
  fails. Improve error checking and reporting.
- Make BSMTP output actually work, it would persistently fail with SOCKET
  error after writing the first header.
- Fix KPOP.
- Fix repoll when server disconnects after opportunistic TLS failed for
  POP3.

Revision 1.36 / (download) - annotate - [select for diffs], Wed Jan 17 19:18:01 2007 UTC (15 years ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base
Branch point for: pkgsrc-2007Q1
Changes since 1.35: +1 -2 lines
Diff to previous 1.35 (colored)

Use documented trick to disable Python detection instead of patching
"Makefile.in". Hint provided by Matthias Andree in private e-mail.

Revision 1.34.10.1 / (download) - annotate - [select for diffs], Wed Jan 17 17:52:01 2007 UTC (15 years ago) by salo
Branch: pkgsrc-2006Q4
Changes since 1.34: +5 -13 lines
Diff to previous 1.34 (colored) next main 1.35 (colored)

Pullup ticket 1997 - requested by tron
security update for fetchmail

Revisions pulled up:
- pkgsrc/mail/fetchmail/Makefile			1.159
- pkgsrc/mail/fetchmail/PLIST				1.11
- pkgsrc/mail/fetchmail/distinfo			1.35
- pkgsrc/mail/fetchmail/patches/patch-aa		removed
- pkgsrc/mail/fetchmail/patches/patch-ab		1.16
- pkgsrc/mail/fetchmail/patches/patch-ac		removed
- pkgsrc/mail/fetchmail/patches/patch-ad		removed
- pkgsrc/mail/fetchmail/patches/patch-ae		removed
- pkgsrc/mail/fetchmail/patches/patch-ah		removed
- pkgsrc/mail/fetchmail/patches/patch-ai		removed
- pkgsrc/mail/fetchmail/patches/patch-aj		removed
- pkgsrc/mail/fetchmail/patches/patch-al		removed
- pkgsrc/mail/fetchmailconf/Makefile			1.69, 1.70
- pkgsrc/mail/fetchmailconf/PLIST			1.2

   Module Name:		pkgsrc
   Committed By:	rillig
   Date:		Sun Jan  7 09:14:16 UTC 2007

   Modified Files:
   	pkgsrc/mail/fetchmailconf: Makefile

   Log Message:
   Mechanically replaced man/* with ${PKGMANDIR}/* in the definition of
   INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with
   ${PREFIX}/${PKGMANDIR}.

   Fixes PR 35265, although I did not use the patch provided therein.
---
   Module Name:		pkgsrc
   Committed By:	tron
   Date:		Wed Jan 17 14:29:12 UTC 2007

   Modified Files:
   	pkgsrc/mail/fetchmail: Makefile PLIST distinfo
   	pkgsrc/mail/fetchmail/patches: patch-ab
   	pkgsrc/mail/fetchmailconf: Makefile PLIST
   Removed Files:
   	pkgsrc/mail/fetchmail/patches: patch-aa patch-ac patch-ad patch-ae
   	    patch-ah patch-ai patch-aj patch-al

   Log Message:
   Update "fetchmail" and "fetchmailconf" packages to version 6.3.6.
   The list of changes since version 6.2.5.5 is too large to mention here.
   The new version provides a fix for the vulnerability reported in the
   fetchmail-SA-2006-02.txt advisory.

Revision 1.35 / (download) - annotate - [select for diffs], Wed Jan 17 14:29:11 2007 UTC (15 years ago) by tron
Branch: MAIN
Changes since 1.34: +5 -13 lines
Diff to previous 1.34 (colored)

Update "fetchmail" and "fetchmailconf" packages to version 6.3.6.
The list of changes since version 6.2.5.5 is too large to mention here.
The new version provides a fix for the vulnerability reported in the
fetchmail-SA-2006-02.txt advisory.

Revision 1.34 / (download) - annotate - [select for diffs], Tue Dec 20 14:27:53 2005 UTC (16 years, 1 month ago) by frueauf
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base, pkgsrc-2006Q3-base, pkgsrc-2006Q3, pkgsrc-2006Q2-base, pkgsrc-2006Q2, pkgsrc-2006Q1-base, pkgsrc-2006Q1, pkgsrc-2005Q4-base, pkgsrc-2005Q4
Branch point for: pkgsrc-2006Q4
Changes since 1.33: +6 -8 lines
Diff to previous 1.33 (colored)

Update fetchmail to 6.2.5.5.

Change homepage to http://fetchmail.berlios.de/ and update MASTER_SITES.

Changes introduced since 6.2.5:

fetchmail-6.2.5.X is a security fix branch that forked off
fetchmail-6.2.5. It does not change for anything but security and the
most severe bug fixes. Note that no 6.2.5.X security audits are planned
except when a particular bug is reported, and that 6.2.5.X is unsafe to
use on some systems, particularly those that lack a *working and secure*
snprintf implementation.

The fetchmail 6.2.5.X branch will be discontinued early in 2006.

fetchmail-6.2.5.5  2005-12-19  Matthias Andree

* SECURITY FIX CVE-2005-4348: fix null pointer dereference in
  multidrop mode when the message is empty. Reported by Daniel Drake
  <http://article.gmane.org/gmane.mail.fetchmail.user/7573> and others
  (Debian Bug #343836). Fix by Sunil Shetye.
* Fix Debian bug #301964, fetchmail leaks sockets when SSL negotiation
  fails. Fix suggested by Goswin Brederlow.
* Add fetchmail-SA-2005-{01,02,03}.txt

fetchmail-6.2.5.4  2005-11-13  Matthias Andree

* Also ship pre-built rcfile_y.[ch] for systems that don't have flex,
  yacc or bison.
* On FreeBSD, add /usr/local/include to CPPFLAGS so that libintl.h is found.
* Avoid automatically picking up HESIOD implementations that lack
  hesiod_getmailhost, such as the one in FreeBSD's base system.
* Fix makedepend for separated build (where the build is not run from
  the source directory), but prevent packaging from separated build, it
  yields bogus results.
* Fix resolv.h autodetection.
* Add +HESIOD to version printout if appropriate.

fetchmail-6.2.5.3  2005-11-12  Matthias Andree

* SECURITY FIX CVE-2005-3088: fetchmailconf: fix password exposure: use
  umask 077 before opening output file and restore umask later.
* Critical fix: fix IMAP timeouts, counting message count down on
  servers that do not send EXISTS counts after EXPUNGE. Debian Bug#314509.
* Ship pre-built rcfile_l.c for systems that don't have flex.
* Build environment: Update included gettext. Fix
  --with-included-gettext. Fix parallel build (make -j). Fix "always
  rebuild fetchmail" syndrome.
* Do not link against -ll or -lfl (not needed).

fetchmail-6.2.5.2
(patch Fri Jul 22 01:52 GMT 2005,
 tarball Sat Jul 23 21:34 GMT 2005)

* README: Added a note about release status - READ IT!
* Note: Due to a Makefile.in bug, you may need to use GNU make.
* SECURITY FIX CVE-2005-2335: truncate UIDL replies, lest malicious or
  compromised POP3 servers overflow fetchmail's stack. Debian bug
  #212762.  This is a remote root exploit.
  Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy.
  Thanks: Ludwig Nussel for a much simpler fix.
* Critical fix: omit blank between MAIL FROM: and <user@example.org>,
  as this causes mail loss with some listeners.
* Fix: POP2 driver wouldn't properly check authentication failure.
* Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.

Revision 1.31.2.1 / (download) - annotate - [select for diffs], Tue Nov 1 21:51:26 2005 UTC (16 years, 2 months ago) by salo
Branch: pkgsrc-2005Q3
Changes since 1.31: +5 -1 lines
Diff to previous 1.31 (colored) next main 1.32 (colored)

Pullup ticket 877 - requested by Adrian Portelli
security fix for fetchmailconf, portability fixes for fetchmail

Revisions pulled up:
- pkgsrc/mail/fetchmail/Makefile		1.154
- pkgsrc/mail/fetchmail/distinfo		1.32, 1.33
- pkgsrc/mail/fetchmail/options.mk		1.12, 1.13
- pkgsrc/mail/fetchmail/patches/patch-ah	1.1
- pkgsrc/mail/fetchmail/patches/patch-ai	1.1
- pkgsrc/mail/fetchmail/patches/patch-aj	1.1
- pkgsrc/mail/fetchmail/patches/patch-ak	1.1
- pkgsrc/mail/fetchmailconf/Makefile		1.65

   Module Name:		pkgsrc
   Committed By:	rillig
   Date:		Wed Sep 28 21:55:32 UTC 2005

   Modified Files:
   	pkgsrc/mail/fetchmail: options.mk

   Log Message:
   Replaced "# defined" with "yes" in Makefile variables like GNU_CONFIGURE,
   NO_BUILD, USE_LIBTOOL.
---
   Module Name:		pkgsrc
   Committed By:	scottr
   Date:		Tue Oct 25 17:52:38 UTC 2005

   Modified Files:
   	pkgsrc/mail/fetchmail: options.mk

   Log Message:
   Add SOCKS4/SOCKS5 support.
---
   Module Name:		pkgsrc
   Committed By:	tonio
   Date:		Fri Oct 21 20:56:50 UTC 2005

   Modified Files:
   	pkgsrc/mail/fetchmail: Makefile distinfo
   Added Files:
   	pkgsrc/mail/fetchmail/patches: patch-ah patch-ai patch-aj

   Log Message:
   Fix mail/fetchmail under darwin (PR 28543).
   The added patches add a prefix "fm_" to lock related finctions, to avoid
   name clash with darwin lock functions. Link with -lresolv under darwin.
   (thanks scole_at_sdf.lonestar.org for the patches)
   Bump PKGREVISION
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Tue Nov  1 19:16:52 UTC 2005

   Modified Files:
   	pkgsrc/mail/fetchmail: distinfo
   Added Files:
   	pkgsrc/mail/fetchmail/patches: patch-ak

   Log Message:
   Add patch-ak for a fetchmailconf security issue.  This patch does
   not impact the fetchmail package so no version bump is required.
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Tue Nov  1 19:17:41 UTC 2005

   Modified Files:
   	pkgsrc/mail/fetchmailconf: Makefile

   Log Message:
   Bump to nb3 for security patch

Revision 1.33 / (download) - annotate - [select for diffs], Tue Nov 1 19:16:52 2005 UTC (16 years, 2 months ago) by adrianp
Branch: MAIN
Changes since 1.32: +2 -1 lines
Diff to previous 1.32 (colored)

Add patch-ak for a fetchmailconf security issue.  This patch does
not impact the fetchmail package so no version bump is required.

Revision 1.32 / (download) - annotate - [select for diffs], Fri Oct 21 20:56:50 2005 UTC (16 years, 3 months ago) by tonio
Branch: MAIN
Changes since 1.31: +4 -1 lines
Diff to previous 1.31 (colored)

Fix mail/fetchmail under darwin (PR 28543).
The added patches add a prefix "fm_" to lock related finctions, to avoid name
clash with darwin lock functions. Link with -lresolv under darwin.
(thanks scole_at_sdf.lonestar.org for the patches)
Bump PKGREVISION

Revision 1.30.2.1 / (download) - annotate - [select for diffs], Sun Jul 24 22:12:21 2005 UTC (16 years, 6 months ago) by snj
Branch: pkgsrc-2005Q2
Changes since 1.30: +2 -1 lines
Diff to previous 1.30 (colored) next main 1.31 (colored)

Pullup ticket 623 - requested by Thorsten Frueauf
security fix for fetchmail

Revisions pulled up:
- pkgsrc/mail/fetchmail/Makefile		1.153
- pkgsrc/mail/fetchmail/distinfo		1.31
- pkgsrc/mail/fetchmail/patches/patch-ag	1.3

    Include patch for fetchmail 6.2.5.2 because of CAN-2005-2335.
    For more details have a look at
    http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt

    Changes listed within the NEWS file since 6.2.5:

    fetchmail-6.2.5.2 (Fri Jul 22 01:52 GMT 2005):

    * NOTE: Due to a Makefile.in bug, you may need to use GNU make.
    * SECURITY FIX: truncate UIDL replies, lest malicious or compromised
      POP3 servers overflow fetchmail's stack. Debian bug #212762.
      This is a remote root exploit. CVE Name: CAN-2005-2335.
      Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy.
      Thanks: Ludwig Nussel for a much simpler fix.
    * Critical fix: omit blank between MAIL FROM: and <user@example.org>,
      as this causes mail loss with some listeners.
    * Fix: POP2 driver wouldn't properly check authentication failure.
    * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.

Revision 1.31 / (download) - annotate - [select for diffs], Fri Jul 22 14:27:52 2005 UTC (16 years, 6 months ago) by frueauf
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base
Branch point for: pkgsrc-2005Q3
Changes since 1.30: +2 -1 lines
Diff to previous 1.30 (colored)

Include patch for fetchmail 6.2.5.2 because of CAN-2005-2335.
For more details have a look at
http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt

Changes listed within the NEWS file since 6.2.5:

fetchmail-6.2.5.2 (Fri Jul 22 01:52 GMT 2005):

* NOTE: Due to a Makefile.in bug, you may need to use GNU make.
* SECURITY FIX: truncate UIDL replies, lest malicious or compromised
  POP3 servers overflow fetchmail's stack. Debian bug #212762.
  This is a remote root exploit. CVE Name: CAN-2005-2335.
  Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy.
  Thanks: Ludwig Nussel for a much simpler fix.
* Critical fix: omit blank between MAIL FROM: and <user@example.org>,
  as this causes mail loss with some listeners.
* Fix: POP2 driver wouldn't properly check authentication failure.
* Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.

Revision 1.30 / (download) - annotate - [select for diffs], Thu Apr 21 11:13:18 2005 UTC (16 years, 9 months ago) by frueauf
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base
Branch point for: pkgsrc-2005Q2
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored)

update this since patch-ae changed.

Revision 1.29 / (download) - annotate - [select for diffs], Thu Feb 24 09:59:22 2005 UTC (16 years, 10 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base, pkgsrc-2005Q1
Changes since 1.28: +2 -1 lines
Diff to previous 1.28 (colored)

Add RMD160 digests.

Revision 1.28 / (download) - annotate - [select for diffs], Fri Jan 21 15:46:39 2005 UTC (17 years ago) by frueauf
Branch: MAIN
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)

Rework kerberos V support:
	- use kerberos instead of kerberos5 as PKG_SUPPORTED_OPTIONS
	  to keep compliance with other kerberos aware packages in pkgsrc
	- use the krb5 buildlink environment
Introduce support for gssapi which was also requested in pr pkg/26170 with
the according PKG_SUPPORTED_OPTIONS. gssapi will imply kerberos5.

Revision 1.27 / (download) - annotate - [select for diffs], Thu Jan 20 12:59:11 2005 UTC (17 years ago) by frueauf
Branch: MAIN
Changes since 1.26: +2 -1 lines
Diff to previous 1.26 (colored)

Add option for kerberos5 like suggested in pr pkg/26170.
Since I have no kerberos server I just verified it compiled.

Revision 1.26 / (download) - annotate - [select for diffs], Wed Nov 5 05:20:36 2003 UTC (18 years, 2 months ago) by itojun
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base, pkgsrc-2004Q4, pkgsrc-2004Q3-base, pkgsrc-2004Q3, pkgsrc-2004Q2-base, pkgsrc-2004Q2, pkgsrc-2004Q1-base, pkgsrc-2004Q1, pkgsrc-2003Q4-base, pkgsrc-2003Q4
Changes since 1.25: +3 -5 lines
Diff to previous 1.25 (colored)

upgrade to 6.2.5.  incorporates security patch (was in patches/patch-ag).
IMAP and some other improvements.

Revision 1.25 / (download) - annotate - [select for diffs], Wed Oct 8 20:23:56 2003 UTC (18 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.24: +2 -1 lines
Diff to previous 1.24 (colored)

update patchsum

Revision 1.24 / (download) - annotate - [select for diffs], Tue Sep 2 12:27:46 2003 UTC (18 years, 4 months ago) by frueauf
Branch: MAIN
Changes since 1.23: +4 -4 lines
Diff to previous 1.23 (colored)

Update fetchmail{conf} to 6.2.4.

Based on pr pkg/22650 by Adrian Portelli.

Changes since 6.2.3:
* Updated German, Spanish, Catalan, and Turkish translations.
* IDLE is now supported using no-ops even if the server doesn't support
  the IMAP IDLE extension.
* Sunil Shetye's patch to do better password shrouding.
* Sunil Shetye's bug-fix rollup patch.
* Introduce a translation item for the word "seen".
* Back out the hack to deal with lack of byte stuffing on some POP3 servers.
* Thomas Steudten's patch to improve SMTP handling of 550 errors.

Revision 1.23 / (download) - annotate - [select for diffs], Sun Jul 20 14:52:45 2003 UTC (18 years, 6 months ago) by frueauf
Branch: MAIN
Changes since 1.22: +4 -4 lines
Diff to previous 1.22 (colored)

Update fetchmail{conf} to 6.2.3.

Changes since 6.2.2:
* German, Danish, Spanish, and Turkish translations updated.
* Brian Sammon's patch to deal with malformed message lines containiing NULs.
* Fai's patch to ignore all but the first Return-Path (some spams have
  more than one of these).
* Benjamin Drieu's ptch to properly byte-stuff when talking to BSNTP.
  Fixes Debian bug #184469.
* Benjamin Drieu's patch to enable auth=cram-md5.
  Fixes Debian bug #185232.
* Sunil Shetye's configure.in patch to avoid spurious search order messages
  from GCC.
* Header-reading code now copes better with lines ending in \n only.
* Elias Israel's patches for POP3 NTLM support and dealing with byte-
  stuffing failures at socket level.

Revision 1.22 / (download) - annotate - [select for diffs], Sat Mar 22 05:18:42 2003 UTC (18 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.21: +4 -4 lines
Diff to previous 1.21 (colored)

Update to 6.2.2, from Quentin Garnier in PR 20790.
Changes since last version:
* Sunil Shetye's patch to improve behavior in empty messages.
* Conform to RFC2595; reissue capability probes after successful
  STARTTLS negotiation.
* Sunil's patch to make handling of failed STARTTLS more graceful.
* Sunil's JF2 fix patch for .fetchmailrc security fix.
* Christophe GIAUME <christophe@giaume.com> finished the implementation
  of RFC2177 IDLE.
* Jason Tishler's fix patch for Cygwin.
* Support ssh-style authentication in POP3
* Fix for Debian bug #108977, clean up config file evaluation,
  by Benjamin Drieu.

Revision 1.21 / (download) - annotate - [select for diffs], Fri Feb 21 11:22:03 2003 UTC (18 years, 11 months ago) by mycroft
Branch: MAIN
Changes since 1.20: +3 -3 lines
Diff to previous 1.20 (colored)

Update from 6.2.0 to 6.2.1.

* Updated German, Turkish, Spanish, and Danish translation files.
* Integrated Sunil Shetye's patch to make mark_seen an explicit method.
* Removed FAQ warning about GMX and associated fetchmailconf check,
  we have a report that its servers are conformant now.
* Another Sunil patch to fix a minor bug in bouncemail generation.

Revision 1.20 / (download) - annotate - [select for diffs], Fri Dec 13 14:38:52 2002 UTC (19 years, 1 month ago) by tron
Branch: MAIN
CVS Tags: netbsd-1-6-1-base, netbsd-1-6-1
Changes since 1.19: +3 -3 lines
Diff to previous 1.19 (colored)

Update "fetchmail" and "fetchmailconf" packages to version 6.2.0.
Changes since version 6.1.2:
- Applied Steffen Esser's fix for a buffer-overflow bug in rfc822.c
- Updated Danish, German, and Turkish translation files.
- Sunil Sheye's SMTP timeout patch.
- Updated Turkish, Danish, German, Spanish, Catalan po files.
- Added Slovak support.
- Configure.in update for autoconf 2.5 (Art Haas).
- Be case-insensitive when looking for IMAP responses.
- Fix logout-after-idle-delivery bug (Sunil Shetye).
- Sunil Shetye's patch to bulletproof end-of-header detection.
- Sunil's fix for the STARTTLS problem -- repoll if TLS nabdshake
  fails.  The attenmpt to set up STARTTLS can be suppressed with 'sslproto ""'.

Revision 1.19 / (download) - annotate - [select for diffs], Wed Nov 6 18:39:54 2002 UTC (19 years, 2 months ago) by frueauf
Branch: MAIN
Changes since 1.18: +4 -4 lines
Diff to previous 1.18 (colored)

Update fetchmail{conf} to 6.1.2.

changes since 6.1.0:

fetchmail-6.1.2 (Thu Oct 31 11:41:02 EST 2002), 22135 lines:
* Jan Klaverstijn's verbosity-lowering patch.
* Updated Turkish, German, Catalan, and Danish translation files.
* Fix processing of POP3 messages with missing bodies.
* Minor fixes by Sunil Shetye: fix generation of auth fail note, handle
  unexpected SIGALRM, plug memory leak, handle lines beginning with '\0',
  try to bulletproof error handling against read failures.

fetchmail-6.1.1 (Fri Oct 18 14:53:51 EDT 2002), 22087 lines:
* OTP fix patches from Stanislav Brabec <utx@penguin.cz>
* fix patch for writing antispam capability correctly in conf.c.
* Fix patches for Debian bugs #162571, #156592.
* Correction to manpage re -b and qmail.
* Patch to disable use of STLS if auth passwd is specified.
* Fix specfile generation to handle SSL correctly.
* New Danish, Turkish, and Catalan translation files.
* Improved ODMR debug messages.
* IMAP efficiency hack; don't fetch sizes unless needed.
* Detect and rewrite invalid return paths beginning with @.
* Fix for subtle freeing bug that suppressed information in some bounce msgs.
* Newline fix patches for internationalization files.
* Fix reversed test guarding authentication-failure warnings.
* Fix POP3 breakage starting at 5.9.14.

Revision 1.17.6.1 / (download) - annotate - [select for diffs], Mon Oct 14 10:42:49 2002 UTC (19 years, 3 months ago) by agc
Branch: netbsd-1-6
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored) next main 1.18 (colored)

Update fetchmail and fetchmailconf to version 6.1.0 on the pkgsrc
netbsd-1-6 branch for a security issue.

Files pulled up:
fetchmail/Makefile 1.118 and 1.119
fetchmail/distinfo 1.18

Requested by Manuel Bouyer.

and

fetchmailconf/Makefile 1.42

Original log message:

> Because of the recent vulnerability, it is strongly encouraged to update
> (http://security.e-matters.de/advisories/032002.html).
>
> Thanx to Alan Post <apost@interwoven.com> for giving me a note.
>
> fetchmail-6.1.0 (Sun Sep 22 18:31:23 EDT 2002), 21999 lines:
>
> * Updated French translation.
> * Stefan Esser's fix for potential remote vulnerability in multidrop mode.
>   This is an important security fix!
>
> fetchmail-6.0.0 (Tue Sep 17 19:48:25 EDT 2002), 21972 lines:
>
> * Applied Matt Kraai's fix for minor Debian bug #144539.
> * Nerijus Baliunas's patch to support STARTTLS over IMAP.
> * More cleanups and minor bugfixes from Sunil Shetye.
> * Default antispam-response list is now empty.
> * Updated de and po translations,
>
> fetchmail-5.9.14 (Fri Sep  6 05:03:25 EDT 2002), 21932 lines:
>
> * Sunil Shetye's patch to eliminate multiple bounces.
> * Moritz Jodeit <moritz@jodeit.org>'s patch for re-exec with no args.
> * Sunil Shetye's patch to solve the re-exec problem with relative files.
> * Cygwin portability patch (use ROOT_UID) from Jason Tishler.
> * Workaround for the CAPA error problem is documented in the FAQ.
> * Updated Polish, Danish, and Catalan translations.
> * Sunil Shetye's patch to improve CAPA error handling.
> * Sunil Shetye's patch to improve handling of unreadable boxes in POP3.
> * Berkeley port fix for Kerberos IV.

Revision 1.18 / (download) - annotate - [select for diffs], Mon Sep 30 20:51:03 2002 UTC (19 years, 3 months ago) by frueauf
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored)

Update fetchmail{conf} to 6.1.0.

Because of the recent vulnerability, it is strongly encouraged to update
(http://security.e-matters.de/advisories/032002.html).

Thanx to Alan Post <apost@interwoven.com> for giving me a note.

fetchmail-6.1.0 (Sun Sep 22 18:31:23 EDT 2002), 21999 lines:

* Updated French translation.
* Stefan Esser's fix for potential remote vulnerability in multidrop mode.
  This is an important security fix!

fetchmail-6.0.0 (Tue Sep 17 19:48:25 EDT 2002), 21972 lines:

* Applied Matt Kraai's fix for minor Debian bug #144539.
* Nerijus Baliunas's patch to support STARTTLS over IMAP.
* More cleanups and minor bugfixes from Sunil Shetye.
* Default antispam-response list is now empty.
* Updated de and po translations,

fetchmail-5.9.14 (Fri Sep  6 05:03:25 EDT 2002), 21932 lines:

* Sunil Shetye's patch to eliminate multiple bounces.
* Moritz Jodeit <moritz@jodeit.org>'s patch for re-exec with no args.
* Sunil Shetye's patch to solve the re-exec problem with relative files.
* Cygwin portability patch (use ROOT_UID) from Jason Tishler.
* Workaround for the CAPA error problem is documented in the FAQ.
* Updated Polish, Danish, and Catalan translations.
* Sunil Shetye's patch to improve CAPA error handling.
* Sunil Shetye's patch to improve handling of unreadable boxes in POP3.
* Berkeley port fix for Kerberos IV.

Revision 1.17 / (download) - annotate - [select for diffs], Fri Jul 12 18:48:20 2002 UTC (19 years, 6 months ago) by mycroft
Branch: MAIN
CVS Tags: pkgviews-base, pkgviews, netbsd-1-6-RELEASE-base
Branch point for: netbsd-1-6
Changes since 1.16: +3 -3 lines
Diff to previous 1.16 (colored)

Update to fetchmail 5.9.13.  Miscellaneous bug fixes, including a remote
crash.

Revision 1.16 / (download) - annotate - [select for diffs], Sat Apr 6 16:53:02 2002 UTC (19 years, 9 months ago) by frueauf
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH003, buildlink2-base, buildlink2
Changes since 1.15: +4 -3 lines
Diff to previous 1.15 (colored)

Update fetchmail{conf} to 5.9.11.

Changes since 5.9.6:

fetchmail-5.9.11 (Mon Apr  1 17:09:13 EST 2002), 21597 lines:

* Updated Turkish and Japanese translations.
* Added warning about auth failures on the GMX server.
* HMH's Debian 5.9.10 patches:
1. Fix minor typo in FAQ
2. Fix partial implementation of ESMTP auth, and some minor
   fetchmailconf stuff
3. Add proper error reporting to bad logfile creation.
   patch by Sunil Shetye <shetye@bombay.retortsoft.com>
4. Fix incredible aggravating bug that caused dataloss
   risks if 4xx errors were returned by the MTA
5. Corrected version of the fix-timeouts-for-ssl and descriptor
   leaking patches from Sylvain Benoist <sylvainb@whitepj.com>
   Also fix outdated comments in driver.c
6. Sunil Shetye's patch to stop fetchmail from trying to fetch
   twice with IMAP
7. Stop stupid complaint about turning off SSL being illegal
   without SSL support.
8. Byrial Jensen <byrial@image.dk> i18n fixes
* Sunil Shetye's attribute patch.
* HMH's revised but untested SMTP authentication patch.


fetchmail-5.9.10 (Sun Mar 10 15:09:57 EST 2002), 21529 lines:

* Security fix: don't trust the message count passed back by the server.


fetchmail-5.9.9 (Sat Mar  9 08:54:28 EST 2002), 21508 lines:

* Renamed misnamed tr.po and da.po files
* Jakub Ulanowski's patch to fix SSL fingerprint handling.
* Matt Kraai's patch for supporting STLS over POP3.
* French translation updated.
* Debian fixes merged.
* Added maildrop (MDA shipped with courier) as fallback after procmail
  and sendmail (thanks to Alexander Lazic <al-fetchmail@none.at>).
* ESMTP AUTH support from Wojciech Polak <polak@lodz.pdi.net>.


fetchmail-5.9.8 (Thu Feb 14 23:47:31 EST 2002), 21358 lines:

* Added de translation catalog; updated da and tr catalogs.
* vsprintf underflow fixes by Sunil Shetye.
* Added warning about IMS POP3 server.
* Mattyhias Andree's fix for a longstanding SSL hang bug.
* Fix yacc syntax bug when building with SSL.
* Sunil Shetye's patch for idle timeout during poll.
* Applied HMH's fix for the "message delimiter found in headers" code path
  (Debian bug #128672).


fetchmail-5.9.7 (Sat Feb  2 00:33:40 EST 2002), 21330 lines:

* Minor fixes by HMH.
* Properly guard some transaction reporting in the SSL code.
* Updated German (de) po file.  Added Turkish (tr) po file.
* Expunge edge case fix by Sunil Shetye.
* Fixes for some odd IMAP and SMTP edge cases by Sunil Shetye.
* UIDL bug fix by Matthias Andree.
* Use smtpaddress, if present, to set the return path on warning mail.
* Tell parser to object when SSL keyboard is used with SSL not compiled.
* GSSAPI and ODMR fixes by Tom Hughes.

Revision 1.15 / (download) - annotate - [select for diffs], Tue Jan 22 20:41:00 2002 UTC (20 years ago) by jdolecek
Branch: MAIN
Changes since 1.14: +2 -1 lines
Diff to previous 1.14 (colored)

patch-ae added, regenerate

Revision 1.14 / (download) - annotate - [select for diffs], Sun Dec 30 12:05:12 2001 UTC (20 years ago) by frueauf
Branch: MAIN
Changes since 1.13: +3 -3 lines
Diff to previous 1.13 (colored)

Update fetchmail{conf} to 5.9.6.

fetchmail-5.9.6 (Fri Dec 14 04:03:50 EST 2001), 21247 lines:

* OPIE bug fixes by Jun Miyoshi <usako@omnisci.co.jp>.
* Documented known IDLE bug in the todo.html file.
* Sunil Shetye's fix for a timeout/reconnect bug.
* LMTP fix from Toshiro HIKITA <toshi@sodan.org>.
* The duplicate-killer doesn't try to operate if we can get an actual
  recipient address from the trace headers.

Revision 1.13 / (download) - annotate - [select for diffs], Mon Nov 12 17:33:42 2001 UTC (20 years, 2 months ago) by frueauf
Branch: MAIN
Changes since 1.12: +3 -4 lines
Diff to previous 1.12 (colored)

Update fetchmail{conf} to 5.9.5.

fetchmail-5.9.5 (Thu Nov  8 14:14:35 EST 2001), 21162 lines:

* Changed the logging logic along lines suggested by Jan Klaverstijn,
* fetchmailconf looks first in the directory it's running from to find
  fetchmail.
* Make sure we vet a success status correctly from open_smtp_sink()
  and open_bsmtp_sink().
* Matthias Andree's env.c patch to refuse service when QMAILINJECT is defined.
* Immediately abort if a non-empty QMAILINJECT environment variable is
  found. If it is set and contains f or i, qmail-inject or qmail's
  sendmail `compatibility' wrapper will rewrite From: or Message-ID:
  headers, respectively. En passant, fix the bug that program_name was
  not filled in before used when the user's ID had no PW entry, leading
  to (null) or crash when printing the error message. Patch by Matthias
  Andree.
* NextStep and OpenStep port patch from Eric Sunshine.
* Block signals during SockConnect() so we don't get a socket descriptor
  leak if we're hit by an alarm signal during connect(2).
* Set queryname even when server is inactive; avoids a core-dump bug in
  the fetchids code.

Revision 1.12 / (download) - annotate - [select for diffs], Sat Oct 6 17:59:29 2001 UTC (20 years, 3 months ago) by mycroft
Branch: MAIN
Changes since 1.11: +2 -1 lines
Diff to previous 1.11 (colored)

Patch a typo that causes Kerberos support to not compile.

Revision 1.11 / (download) - annotate - [select for diffs], Sat Oct 6 17:18:05 2001 UTC (20 years, 3 months ago) by frueauf
Branch: MAIN
Changes since 1.10: +3 -4 lines
Diff to previous 1.10 (colored)

Upgrade fetchmail{conf} to 5.9.4.

fetchmail-5.9.4 (Wed Oct  3 07:47:45 EDT 2001), 21104 lines:

* Finished license cleanup, all licenses in the distribution are now
  officially GPL-compatible.
* Added a length check to from64tobits() after receiving a warning that
  it might create buffer overflows.  No exploitable overflows were found by
  a careful case-by-case audit, and at minimum an exploit would have required
  that the mailserver be subverted.

fetchmail-5.9.3 (Sun Sep 30 12:08:52 EDT 2001), 21075 lines:

* Fix configuration error in handling of long options.
* Thomas Moestl's patch to use querynames in UID files.
* Timeout to deal with long socket closes (Sunil Shetye).
* Move from RSA MD5 code to Colin Plumb's public-domain implementation (BSD
  classic license eliminated)
* Rewrite strcasecmp() (BSD classic license eliminated).
* getopt_long is back for Solaris and HP-UX systems.
* Updated Danish po file.
* Re-enable explicit bounce message on bad address.

fetchmail-5.9.2 (Wed Sep 26 12:47:00 EDT 2001), 21118 lines:

* Enable code to build on Solaris again (long options won't work).
* Move Hesiod lookups to just before DNS lookups.
* Make sure the SICHLD handler is called when we run detached.
* Make kerberos5 in OpenBSD (Federico Schwindt <fgsch@olimpo.com.br>).
* Added FAQ item X8 on why mail sometimes gets an extra ) appended.

fetchmail-5.9.1 (Mon Sep 24 19:01:57 EDT 2001), 21120 lines:

* Make -D short option for --smtpaddress active again.
* Typo fix for Polish translation.
* Make sure IMAP capability checks are caseblind.
* Make sure suffix checks on akalists are properly caseblinded.
* All warning mail now has a generated date stamp.
* getopt.c and getopt1.c removed due to license incompatibility with OpenSSL.
* End of poll cycle is now logged.
* Sanity check now rejects SSL option if SSL support is not compiled in
  (resolves Debian bug #109796).
* HMH's fix for the LMTP localhost/foo problem.
* Mike Warfield's fix for using a combined SSL cert and key in a single file.
* DNS lookups moved to just before the mailserver socket open, so fetchmail
  now works OK even if started up without Internet access.
* Switched from _( to GT_( as a gettext macro, in order to avoid a
  conflict with the SSL library.

Revision 1.10 / (download) - annotate - [select for diffs], Sun Sep 23 10:53:37 2001 UTC (20 years, 4 months ago) by frueauf
Branch: MAIN
Changes since 1.9: +4 -3 lines
Diff to previous 1.9 (colored)

Update fetchmail{conf} to 5.9.0 and apply patch provided in pr 14031
by Xavier HUMBERT <xavier@xavhome.fr.eu.org>.

Revision 1.9 / (download) - annotate - [select for diffs], Fri Aug 10 05:31:40 2001 UTC (20 years, 5 months ago) by tron
Branch: MAIN
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored)

Update 'fetchmail' package to version 5.8.17. Changes since version 5.8.14:
- SECURITY FIX: Fixed a security hole that is exploitable if fetchmail is
  running as root and the attacker can either subvert the mailserver or
  redirect to a fake one using DNS spoofing.  Bugtraq announcement to follow
  soon.  Thanks to Salvatore Sanfilippo <antirez@invece.org>.
- Eliminated second bounce on failed RCPT TO address.
- Always use fetchmail host's FQDN to identify the daemon when
  sending bounce messages.
- Embarrassing bug of the month -- somehow, 'skip' wasn't being interpreted!
- Handle ! in RFC2821 Return-Path addresses properly.
- Better handling of BAD and NO responses to FETCH (thank Justin Guyett).
- Fixed *yet another- build error due to breakage in the i18n code.
- Refuse mail that has no good addresses and can't be sent to postmaster.
- Restore behavior of discarding mail on 550 (Debian bug #105237).
- John Summerfield updated getfetchmail.
- Cleanup patches by HMH.
- Lock-file-name bug reported by Scott Johnson.
- Updated Danish translation by Byrial Jensen.
- Updated French translation by Thierry Vignaud.
- Man page bugs pointed out by Andrew Benham.
- POP3 end of session RSET on keep removed.
- In IMAP, handle BAD and NO responses to FETCH gracefully.
- Parse 'no {syslog|invisible|showdots}' properly.
- Change AC_DEFINE to AC_DEFINE_UNQUOTED appropriately in configure.in
  (Debian bug #104484).
- Fixed bug in fetchmailconf plugin/plugout code (Debian bug #105987).

Revision 1.8 / (download) - annotate - [select for diffs], Sun Jul 29 07:30:59 2001 UTC (20 years, 5 months ago) by tron
Branch: MAIN
Changes since 1.7: +3 -3 lines
Diff to previous 1.7 (colored)

Update "fetchmail" and "fetchmailconf" package to version 5.8.14. Changes
since version 5.8.10:
- Corrected Rob Braun's remote-build change, it broke the build with NLS.
- Found (and killed) a subtle SMTP protocol error that was probably lurking
  behind a lot of the bug reports related to bounce mail, thanks to Quoc Luu.
  (Only manifested when the MTA rejected mail due to a bad RCPT TO address.)
- Correction for backslash-handling patch in rfc822.c.
- Fix for Debian bug Bug#1038222: fetchmail conf fails to write file
  after configuration; move .fetchmailrc to .fetchmailrc.bak before
  overwriting.
- Discard Return-Path headers consisting of a single @.
- Make fetchmailconf dump plugin and plugout options properly.
- Rob Braun's changes for building fetchmail outside its source directory
- Don't depend on having snprintf available.
- Bug fix for envskip.
- ODMR finally seems to be working.
- Handle multiple backslashes within RFC822 address strings correctly.
- Don't exit on a failure to DNS-resolve a mailserver name, just
  make it inactive.  Exit only if all lookups fail.
- Restore code to deal with SMTP error responses at RCPT TO time, but
  without issuing an RSET.  This is intended to fix obscure bugs that
  show up in recent Postfix releases and sendmail configurations that
  delay antispam checks on the MAIL FROM line until RCPT TO time.
- Signal-processing fix for Debian bug #102711.
- More ODMR patches from Matt Armstrong.

Revision 1.7 / (download) - annotate - [select for diffs], Tue Jun 26 07:18:09 2001 UTC (20 years, 7 months ago) by tron
Branch: MAIN
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)

Update "fetchmail" and "fetchmailconf" packages to version 5.8.10.
Changes since version 5.8.8:
- More fixes for the new message-marking code from Thomas Moestl.
- Fixes for ODMR code from Matt Armstrong.
- HMH's snprintf/strncat cleanup patch.
- Fixes for Debian bugs #101792, #101950.
- Updated Danish translation by Byrial Jensen.
- ODMR fixes from Matt Armstrong <matt@lickey.com>.
- The smtphost option has been split. It is no longer overloaded to set
  the list of domains to be queried in ETRN and ODMR modes.  Instead, use
  the `fetchdomains' option.

Revision 1.6 / (download) - annotate - [select for diffs], Sat Jun 23 10:01:59 2001 UTC (20 years, 7 months ago) by frueauf
Branch: MAIN
Changes since 1.5: +3 -3 lines
Diff to previous 1.5 (colored)

Update fetchmail{conf} to 5.8.8. This should fix pr 13269 submitted
by Emmanuel Dreyfus.

fetchmail-5.8.8 (Wed Jun 20 17:22:26 EDT 2001), 20782 lines:

* Fix bug that prevented messages from being marked oversized unless -v was on.
* Byrial Jensen made the tracepoll information RFC822-conformant.
* Reorder code to avoid accessing line buffers after they have been freed.
* Steven Krings's patch to deal with over-long header lines.
* Fix for Debian bug #101500.
* Updated Danish translation by Byrial Jensen.
* Chris Maio's patch for POP3 with BSMTP.
* Patch from HMH resolves DEbian bug #101530.

fetchmail-5.8.7 (Sun Jun 17 12:02:17 EDT 2001), 20749 lines:

* Make fetchmailconf work properly again by fixing tracepolls mismatch.
* HMH's fix for Debian bug #98127.
* driver.c refactoring in preparation for streaming mode.

Revision 1.5 / (download) - annotate - [select for diffs], Fri Jun 15 11:42:18 2001 UTC (20 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.4: +4 -4 lines
Diff to previous 1.4 (colored)

upgrade to 5.8.6.

fetchmail-5.8.6 (Tue Jun 12 08:16:54 EDT 2001), 20676 lines:

* Reject candidate headers for the MAIL FROM address that have \n in them.
* Add capability to insert poll trace data in the Received line.
* HMH's patch to prevent buffer overflow due to long headers. Addresses
  Debian bug #100394.
* Brendan Kehoe's patch to avoid doing DNS lookups on skip entries.

There are 347 people on fetchmail-friends and 592 on fetchmail-announce.

fetchmail-5.8.5 (Tue May 29 20:01:39 EDT 2001), 20650 lines:

* Interface option fix from Alexander Kourakos.
* Fixes for i18n glitches and new Danish translation from Byrial Jensen.
* Attempted fix for Harry McGavran's problems with the Kerberos V build.
* Added fetchmailnochda.pl to the contrib directory.
* Sunil Shetye's patches for the seen count on IMAP and auto protocol.

There are 337 people on fetchmail-friends and 583 on fetchmail-announce.

fetchmail-5.8.4 (Mon May 21 15:08:03 EDT 2001), 20636 lines:

* SSL certificate options from Thomas Moestl <tmoestl@gmx.net>.
* Frantisek Brabec's patch for better UIDL error recovery.
* Another zombie-leak patch from HMH.
* Jorg de Jong's patch attempts to handle spaces in the ID part of UIDLs.
* Eliminate use of -C in Makefile.

There are 334 people on fetchmail-friends and 583 on fetchmail-announce.

Revision 1.4 / (download) - annotate - [select for diffs], Mon May 14 12:12:47 2001 UTC (20 years, 8 months ago) by tron
Branch: MAIN
Changes since 1.3: +3 -3 lines
Diff to previous 1.3 (colored)

Update "fetchmail" and "fetchmailconf" package to version 5.8.3. Changes
since version 5.8.1:
- The `localhost' special case of `via' is gone.  Use `plugin %h' for talking
  to ssh instead.
- Prevent POP3 code from authenticating multiple times on success.
- Fixed IMAP password shrouding.
- GCC warning cleanups from ahaas@neosoft.com.
- Plug another hole that was letting zombies through.
- SA_RESTART portability fix for SunOS.
- Ignore Sender and Resent-Sender headers unless they contain @.
- HH's patches fixing Debian bug #90966 and addressing Debian bug #92554.
- GSSAPI portability patch by Peter Fales.
- Updated cs.po by Jiri Pavlovsky.
- Michael Kjorling's patch to add server ID to authentication success/failure
  bugmail.
- Kerberos build patch by HH.
- Don't cough and die from failure to resolve a skipped host.  Resolves
  Debian bug #92530
- Do aka suffix match even if DNS checking is enabled (Johannes Stille's bug).
- SIGCHLD handler now sets SA_RESTART explicitly in order to avoid zombies
  from interrupted system calls.  Debian bug #95659.

Revision 1.3 / (download) - annotate - [select for diffs], Sat Apr 21 13:32:07 2001 UTC (20 years, 9 months ago) by frueauf
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH001
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

Update fetchmail{conf} to 5.8.1.

Changes since fetchmail 5.7.2:

fetchmail-5.8.1 (Tue Apr 10 09:32:04 EDT 2001), 20511 lines:
* Nalin Dahyabai's password parse and authentication fixe.
* Vitezslav Samel's patch to Makefile.in to make parallel makes work.

fetchmail-5.8.0 (Mon Apr  2 15:18:33 EDT 2001), 20459 lines:
* Documentation update for gold release.

fetchmail-5.7.7 (Wed Mar 28 20:24:48 EST 2001), 20459 lines:
* More configure fixes -- include missing stub script in the distribution.

fetchmail-5.7.6 (Thu Mar 22 16:22:48 EST 2001), 20456 lines:
* Fix POP2 and POP3 password shrouding.
* Don't remove UIDL scratchlist on query completion (Frantisek Brabec's bug).
* IMAP: don't just quit if GSSAPI or Kerberos IV fail, but try other methods.
* Document the fact the IDLE and multiple folders don't play well together.
  Closes Debian bug#89908.

fetchmail-5.7.5 (Sat Mar 17 23:24:41 EST 2001), 20440 lines:
* Nalin Dahyabhai's patch to make IPv6 build on older systems.
* Restrict shrouding to just the password send so it won't leak info.
* Move an #ifdef INET6_ENABLE to deal with libc5 headers.
* Only DNS-probe entries that are active on this run.
* Fix `nospambounce' recognition.
* Updated French translation.
* Yoshihiko SARUMARU's patch to keep kanji out of Received headers.
* Include aclocal.m4 in the tarball (solves some build problems).
* Added HMH's patch to support configuring a specific fallback MUA.

fetchmail-5.7.4 (Mon Mar 12 00:02:23 EST 2001), 20323 lines:
* SECURITY FIX: unsecure tempfile creation bug in fetchmailconf, thanks
  to Colin Phipps <cph@cph.demon.co.uk> for pointing this out.
* Configure cleanup from HMH.
* Documentation refresh.

fetchmail-5.7.3 (Sun Mar 11 17:01:56 EST 2001), 20323 lines:
* Incorporate SA_LEN patch from Red Hat.
* HMH's "no spambounce" patch for fetchmailconf.
* John Bartlett's patch to make the driver code more tolerant of flaky POP3
  servers (better handling of timeout at session start).
* Make `fetchmail --configdump' work when there's a defaults entry.
* Incorporated HMH's build fixes.
* Added FALLBACK_MDA; fetchmail now looks for procmail or sendmail at
  build time and uses it if it can't open port 25 for local delivery.
* Incorporated Red Hat fixes for GSSAPI, configure.in.
* Bailing out on read-only messages breaks fetchmail -c.  To avoid this,
  use EXAMINE rather than SELECT in that case.

Revision 1.2 / (download) - annotate - [select for diffs], Fri Apr 20 13:09:57 2001 UTC (20 years, 9 months ago) by agc
Branch: MAIN
Changes since 1.1: +2 -1 lines
Diff to previous 1.1 (colored)

Move to sha1 digests, and add distfile sizes.

Revision 1.1 / (download) - annotate - [select for diffs], Tue Apr 17 11:33:52 2001 UTC (20 years, 9 months ago) by agc
Branch: MAIN

+ move the distfile digest/checksum value from files/md5 to distinfo
+ move the patch digest/checksum values from files/patch-sum to distinfo

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>