Up to [cvs.NetBSD.org] / pkgsrc / mail / fetchmail
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
fetchmail, fetchmailconf: update to 6.4.35. On 2023-01-04, fetchmail 6.4.35 has been released. It updates translations and bumps SSL/TLS library version requirements. OpenSSL 1.1.1s and 3.0.7 and wolfSSL 5.5.1 (or newer on the respective compatible branches - note that OpenSSL 1.1.1q and 3.0.6 were withdrawn) remain supported.
fetchmail: Update to 6.4.34 upstream changes: ----------------- fetchmail-6.4.34 (released 2022-10-15, 31701 LoC): # CRITICAL BUG FIXES: * When an SMTP receiver refuses delivery, a message would be deleted from the mail store in spite of a softbounce option that is enabled. Bug report, analysis and patch by Horváth Zsolt. Gitlab, fixes #50. # BUILD NOTE: * If you are reusing config.cache from prior builds, this may cause issues with finding Python or some libraries. In case of trouble, remove config.cache and retry. # TRANSLATIONS: language translations were updated by this fine person: * sr: Мирослав Николић (Miroslav Nikolić) [Serbian]
fetchmail: Update to 6.4.33 upstream changes: ----------------- fetchmail-6.4.33 (released 2022-08-27, 31696 LoC): # TRANSLATIONS: language translations were updated by this fine person: * fr: Frédéric Marchal [French] # CONTRIBUTED SCRIPT CHANGES: * contrib/fetchsetup improvements by Matěj Cepl * contrib/runfetchmail improvements by Matěj Cepl -------------------------------------------------------------------------------- fetchmail-6.4.32 (released 2022-07-30, 31696 LoC): # FIXES: * Use configure to find rst2html, some systems install it only with .py suffix, others only without, and some install both. * Update README.maintainer # TRANSLATIONS: language translations were updated by these fine people: (in alphabetical order of language codes so as not to prefer people): * cs: Petr Pisar [Czech] * es: Cristian Othón Martínez Vera [Spanish] * ja: Takeshi Hamasaki [Japanese] * pl: Jakub Bogusz [Polish] * ro: Remus-Gabriel Chelu [Romanian] * sq: Besnik Bleta [Albanian] * sv: Göran Uddeborg [Swedish] -------------------------------------------------------------------------------- fetchmail-6.4.31 (released 2022-07-16, 31694 LoC): # BUG FIXES: * Try to fix ./configure --with-ssl=... for systems that have multiple OpenSSL versions installed. Issues reported by Dennis Putnam. * The netrc parser now reports its errors to syslog or logfile when appropriate, previously it would always log to stderr. * Add error checking to .netrc parser. # CHANGES: * manpage: use .UR/.UE macros instead of .URL for URIs. * manpage: fix contractions. Found with FreeBSD's igor tool. * manpage: HTML now built with pandoc -> python-docutils (manServer.pl was dropped)
fetchmail: Update to 6.4.30 upstream changes: ----------------- fetchmail-6.4.30 (released 2022-04-26, 31666 LoC): # BREAKING CHANGES: * Bump wolfSSL minimum required version to 5.2.0 to pull in security fix. # CHANGES: * Using OpenSSL 1.* before 1.1.1n elicits a compile-time warning. * Using OpenSSL 3.* before 3.0.2 elicits a compile-time warning. * configure.ac was tweaked in order to hopefully fix cross-compilation issues report, and different patch suggested, by Fabrice Fontaine, https://gitlab.com/fetchmail/fetchmail/-/merge_requests/42 # TRANSLATIONS: language translations were updated by this fine person: * ro: Remus-Gabriel Chelu [Romanian] -------------------------------------------------------------------------------- fetchmail-6.4.29 (released 2022-03-20, 31661 LoC): # TRANSLATIONS: language translations were updated by this fine person: * vi: Trần Ngọc Quân [Vietnamese] -------------------------------------------------------------------------------- fetchmail-6.4.28 (released 2022-03-05, 31661 LoC): # DOCUMENTATION: * Fix a typo in the manual page, courtesy of Jeremy Petch. # TRANSLATIONS: language translations were updated by this fine person: * es: Cristian Othón Martínez Vera [Spanish]
fetchmail: Update to 6.4.27 upstream changes: ----------------- fetchmail-6.4.27 (released 2022-01-26, 31661 LoC): # BREAKING CHANGES: * Bump wolfSSL minimum required version to 5.1.1 to pull in security fix. # TRANSLATIONS: language translations were updated by this fine person: * ro: Remus-Gabriel Chelu [Romanian]
fetchmail: Update to 6.4.26 upstream changes: ----------------- fetchmail-6.4.26 (released 2021-12-26, 31661 LoC): # FIXES: * When using wolfSSL 5.0.0, work around a bug that appears to hit wolfSSL when receiving handshake records while still in SSL_peek(). Workaround is to read 1 byte and cache it, then call SSL_peek() again. This affects only some servers. https://github.com/wolfSSL/wolfssl/issues/4593 # TRANSLATIONS: language translations were updated by this fine person: * sr: Мирослав Николић (Miroslav Nikolić) [Serbian]
fetchmail: Update to 6.1.25 upstream changes: ----------------- fetchmail-6.4.25 (released 2021-12-10, 31653 LoC): # BREAKING CHANGES: * Since distributions continue patching for LibreSSL use, which cannot be linked legally, block out LibreSSL in configure.ac and socket.c, and refer to COPYING, unless on OpenBSD (which ships it in the base system). OpenSSL and wolfSSL 5 can be used. SSL-related documentation was updated, do re-read COPYING, INSTALL, README, README.packaging, README.SSL. * Bump OpenSSL version requirement to 1.0.2f in order to safely remove the obsolete OpenSSL flag SSL_OP_SINGLE_DH_USE. This blocks out 1.0.2e and older 1.0.2 versions. 1.0.2f was a security fix release, and 1.0.2u is publicly available from https://www.openssl.org/source/old/1.0.2/ * Some of the configure.ac fiddling MIGHT have broken cross-compilation again. The maintainer does not test cross-compiling fetchmail; if you have difficulties, try setting PKG_CONFIG_LIBDIR to the pkg-config path containing your target/host libraries, or see if --with-ssl-prefix or --with-wolfssl-prefix, or overriding LDFLAGS/LIBS/CPPFLAGS, can help. Feedback solicited on compliant systems that are before end-of-life. # BUG FIXES: * 6.4.24's workaround for OpenSSL 1.0.2's X509_V_FLAG_TRUSTED_FIRST flag contained a typo and would not kick in properly. * Library and/or rpath setting from configure.ac was fixed. # ADDITIONS: * Added an example systemd unit file and instructions to contrib/systemd/ which runs fetchmail as a daemon with 5-minute poll intervals. Courteously contributed by Barak A. Pearlmutter, Debian Bug#981464. * fetchmail can now be used with wolfSSL 5's OpenSSL compatibility layer, see INSTALL and README.SSL. This is considered experimental. Feedback solicited. # CHANGES: * The getstats.py dist-tool now counts lines of .ac and .am files. * ./configure --with-ssl now supports pkg-config module names, too. See INSTALL. # TRANSLATIONS: language translations were updated by these fine people: (in reverse alphabetical order of language codes so as not to prefer people): * sv: Göran Uddeborg [Swedish] * sq: Besnik Bleta [Albanian] * pl: Jakub Bogusz [Polish] * ja: Takeshi Hamasaki [Japanese] * fr: Frédéric Marchal [French] * eo: Keith Bowes [Esperanto] * cs: Petr Pisar [Czech] # CREDITS: * Thanks to Corey Halpin for testing release candidates. -------------------------------------------------------------------------------- fetchmail-6.4.24 (released 2021-11-20, 30218 LoC): # OPENSSL AND LICENSING NOTE: > see fetchmail-6.4.22 below, and the file COPYING. Note that distribution of packages linked with LibreSSL is not feasible due to a missing GPLv2 clause 2(b) exception. # COMPATIBILITY: * Bison 3.8 dropped yytoknum altogether, breaking compilation due to a warning workaround. Remove the cast of yytoknum to void. This may cause a compiler warning to reappear with older Bison versions. * OpenSSL 1.0.2: Workaround for systems that keep the expired DST Root CA X3 certificate in its trust store because OpenSSL by default prefers the untrusted certificate and fails. Fetchmail now sets the X509_V_FLAG_TRUSTED_FIRST flag (on OpenSSL 1.0.2 only). This is workaround #2 from the OpenSSL Blog. For details, see both: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ NOTE: OpenSSL 1.0.2 is end of life, it is assumed that the OpenSSL library is kept up to date by a distributor or via OpenSSL support contract. Where this is not the case, please upgrade to a supported OpenSSL version. # DOCUMENTATION: * The manual page was revised after re-checking with mandoc -Tlint, aspell, igor. Some more revisions were made for clarity. # TRANSLATIONS: language translations were updated by these fine people: * sv: Göran Uddeborg [Swedish] * pl: Jakub Bogusz [Polish] * fr: Frédéric Marchal [French] * cs: Petr Pisar [Czech] * eo: Keith Bowes [Esperanto] * ja: Takeshi Hamasaki [Japanese] -------------------------------------------------------------------------------- fetchmail-6.4.23 (released 2021-10-31, 30206 LoC): # USABILITY: * For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin - no matter its contents - and that set auth ssh), change the STARTTLS error message to suggest sslproto '' instead. This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22. Fixes Redhat Bugzilla 2008160. Fixes GitLab #39. # TRANSLATIONS: language translations were updated by these fine people: * ja: Takeshi Hamasaki [Japanese] * sr: Мирослав Николић (Miroslav Nikolić) [Serbian] -------------------------------------------------------------------------------- fetchmail-6.4.22 (released 2021-09-13, 30201 LoC): # OPENSSL AND LICENSING NOTE: * fetchmail 6.4.22 is compatible with OpenSSL 1.1.1 and 3.0.0. OpenSSL's licensing changed between these releases from dual OpenSSL/SSLeay license to Apache License v2.0, which is considered incompatible with GPL v2 by the FSF. For implications and details, see the file COPYING. # SECURITY FIXES: * CVE-2021-39272: fetchmail-SA-2021-02: On IMAP connections, without --ssl and with nonempty --sslproto, meaning that fetchmail is to enforce TLS, and when the server or an attacker sends a PREAUTH greeting, fetchmail used to continue an unencrypted connection. Now, log the error and abort the connection. --Recommendation for servers that support SSL/TLS-wrapped or "implicit" mode on a dedicated port (default 993): use --ssl, or the ssl user option in an rcfile. --Reported by: Andrew C. Aitchison, based on the USENIX Security 21 paper "Why TLS is better without STARTTLS - A Security Analysis of STARTTLS in the Email Context" by Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel. The paper did not mention fetchmail. * On IMAP and POP3 connections, --auth ssh no longer prevents STARTTLS negotiation. * On IMAP connections, fetchmail does not permit overriding a server-side LOGINDISABLED with --auth password any more. * On POP3 connections, the possibility for RPA authentication (by probing with an AUTH command without arguments) no longer prevents STARTTLS negotiation. * For POP3 connections, only attempt RPA if the authentication type is "any". # BUG FIXES: * On IMAP connections, when AUTHENTICATE EXTERNAL fails and we have received the tagged (= final) response, do not send "*". * On IMAP connections, AUTHENTICATE EXTERNAL without username will properly send a "=" for protocol compliance. * On IMAP connections, AUTHENTICATE EXTERNAL will now check if the server advertised SASL-IR (RFC-4959) support and otherwise refuse (fetchmail <= 6.4 has not supported and does not support the separate challenge/response with command continuation) * On IMAP connections, when --auth external is requested but not advertised by the server, log a proper error message. * Fetchmail no longer crashes when attempting a connection with --plugin "" or --plugout "". * Fetchmail no longer leaks memory when processing the arguments of --plugin or --plugout on connections. * On POP3 connections, the CAPAbilities parser is now caseblind. * Fix segfault on configurations with "defaults ... no envelope". Reported by Bjørn Mork. Fixes Debian Bug#992400. This is a regression in fetchmail 6.4.3 and happened when plugging memory leaks, which did not account for that the envelope parameter is special when set as "no envelope". The segfault happens in a constant strlen(-1), triggered by trusted local input => no vulnerability. * Fix program abort (SIGABRT) with "internal error" when invalid sslproto is given with OpenSSL 1.1.0 API compatible SSL implementations. # CHANGES: * IMAP: When fetchmail is in not-authenticated state and the server volunteers CAPABILITY information, use it and do not re-probe. (After STARTTLS, fetchmail must and will re-probe explicitly.) * For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option do not match, emit a warning and continue. Closes Gitlab #31. (cherry-picked from 6.5 beta branch "legacy_6x") * fetchmail.man and README.SSL were updated in line with RFC-8314/8996/8997 recommendations to prefer Implicit TLS (--ssl/ssl) and TLS v1.2 or newer, placing --sslproto tls1.2+ more prominently. The defaults shall not change between 6.4.X releases for compatibility. # TRANSLATIONS: language translations were updated by these fine people: * sq: Besnik Bleta [Albanian] * cs: Petr Pisar [Czech] * eo: Keith Bowes [Esperanto] * fr: Frédéric Marchal [French] * pl: Jakub Bogusz [Polish] * sv: Göran Uddeborg [Swedish] # CREDITS: * Thanks for testing the release candidates and bug reports to: Corey Halpin, Stefan Eßer.CVS: ----------------------------------------------------------------------
mail: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes The following distfiles were unfetchable (possibly fetched conditionally?): ./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
mail: Remove SHA1 hashes for distfiles
fetchmail: Update to 6.4.21 upstream changes: ----------------- fetchmail-6.4.21 (released 2021-08-09, 30042 LoC): # REGRESSION FIX: * The new security fix in 6.4.20 for CVE-2021-36386 caused truncation of messages logged to buffered outputs, predominantly --logfile. This also caused lines in the logfile to run into one another because the fragment containing the '\n' line-end character was usually lost. Reason is that on all modern systems (with <stdarg.h> header and vsnprintf() interface), the length of log message fragments was added up twice, so that these ended too deep into a freshly allocated buffer, after the '\0' byte. Unbuffered outputs flushed the fragments right away, which masked the bug. Reported by: Jürgen Edner, Erik Christiansen. -------------------------------------------------------------------------------- fetchmail-6.4.20 (released 2021-07-28, 30042 LoC): # SECURITY FIX: * When a log message exceeds c. 2 kByte in size, for instance, with very long header contents, and depending on verbosity option, fetchmail can crash or misreport each first log message that requires a buffer reallocation. fetchmail then reallocates memory and re-runs vsnprintf() without another call to va_start(), so it reads garbage. The exact impact depends on many factors around the compiler and operating system configurations used and the implementation details of the stdarg.h interfaces of the two functions mentioned before. To fix CVE-2021-36386. Reported by Christian Herdtweck of Intra2net AG, Tübingen, Germany. He also offered a patch, which I could not take for fetchmail 6.4 because it required a C99 system and I'd promised earlier that 6.4 would remain compatible with C89 systems.
fetchmail: Update to 6.4.19 upstream changes: ----------------- fetchmail-6.4.19 (released 2021-04-24, 30026 LoC): # CHANGE: * fetchmailconf: properly catch and report option parsing errors # BUG FIX: * LMTP: do not try to validate the last component of a UNIX-domain LMTP socket as though it were a TCP port. Reported by Christoph Heitkamp, Gitlab issue #33. # TRANSLATION UPDATE: This fine person has contributed an updated translation: * sr: Мирослав Николић (Miroslav Nikolić) [Serbian] -------------------------------------------------------------------------------- fetchmail-6.4.18 (released 2021-03-27, 30011 LoC): # REGRESSION FIX: * fetchmailconf: fetchmail 6.4.16 added --sslcertfile to the configuration dump, but fetchmailconf support was incomplete in Git 7349f124 and it could not parse sslcertfile, thus the user settings editor came up empty with console errors printed. Fix configuration parser in fetchmailconf. # ROBUSTNESS FIXES: * fetchmailconf: do not require fetchmail for -V. do not require Tk (Tkinter) for -d option. This is to fail more gracefully on incomplete installs. * TLS code: remove OPENSSL_NO_DEPRECATED macros to avoid portability issues with OpenSSL v3 - these are for development purposes, not production. * TLS futureproofing: use SSL_use_PrivateKey_file instead of SSL_use_RSAPrivateKey_file, the latter will be deprecated with OpenSSL v3, and the user's key file might be something else than RSA. # TRANSLATION UPDATE: This fine person has contributed an updated translation: * fi: Lauri Nurmi [Finnish] -------------------------------------------------------------------------------- fetchmail-6.4.17 (released 2021-03-07, 29998 LoC): # BUG FIXES * IMAP client: it used to leak memory for username and password when trying the LOGIN (password-based) authentication and encountered a timeout situation. * dist-tools/getstats.py: also counts lines in *.py files, shown above. # CHANGES * fetchmail.man: now mentions that you may need to add --ssl when specifying a TLS-wrapped port. * fetchmailconf: --version (-V) now prints the Python version in use. # TRANSLATION UPDATE: This fine person has contributed an updated translation: * ja: Takeshi Hamasaki [Japanese] -------------------------------------------------------------------------------- fetchmail-6.4.16 (released 2021-02-08, 27707 LoC): # BUG FIXES * fetchmail's --configdump, and fetchmailconf, lacked support for the sslcertfile option. --configdump support added by Earl Chew, Gitlab issue #25, merge request !28. * fetchmail's manual page was never updated to reflect 6.2.5's change about the duplicate-killer code for multidrop mode, which read "* Dup-killer code now keys on an MD5 hash of the raw headers." ...instead of just the Message-ID. [commit 9dd8400, 2003-10-10 by esr] The manual page was now updated accordingly and documents historic behaviour: start to 5.0.7 no duplicate suppression; 5.0.8 to 6.2.4 duplicate suppression only by Message-ID; 6.2.5 to 6.4.X duplicate suppression by entire raw header. Manpage bug found by Julian Bane debugging "duplicate message" behaviour. * ./configure no longer runs AC_LIB_LINKFLAGS (how to link) checks when called --without-ssl # FEATURES * fetchmail --version [fetchmail -V] now queries and prints the SSL/TLS library's "SSL default trusted certificate" file or directory (mind the word "default"), where the OpenSSL-compatible TLS implementation will look for trusted root, meaning certification authority (CA), certificates. NOTE 1: watch the output carefully if the line prints the defaults or the configured path (without "default"). NOTE 2: SSL_CERT_DIR and SSL_CERT_FILE are documented environment variables for OpenSSL 1.1.1 to override the *default* locations (those compiled into OpenSSL or possibly in its configuration file). This was added when Gene Heskett was debugging his setup and the information "where does OpenSSL look" was missing. * fetchmail --version now prints version of the OpenSSL library that it was compiled against, and that it is using at runtime, and also the OPENSSL_DIR and OPENSSL_ENGINES_DIR (if available). # TRANSLATION UPDATES These fine people have contributed updated translations for fetchmail, in no particular order: * sq: Besnik Bleta [Albanian] * eo: Keith Bowes [Esperanto] * cs: Petr Pisar [Czech] * pl: Jakub Bogusz [Polish] * sv: Göran Uddeborg [Swedish] * fr: Frédéric Marchal [French]
fetchmail: Update to 6.4.15 upstream changes: ----------------- fetchmail-6.4.15 (released 2021-01-03, 27614 LoC): # BUG FIXES * Fix a typo in the manual page reported by David McKelvie. * Fix cross-compilation with openssl, by Fabrice Fontaine. Merge request !23. * Fix truncation of SMTP PLAIN AUTH with ^ in credentials, by Earl Chew. Gitlab issue #23, merge request !25. fetchmail-6.4.14 (released 2020-11-26, 27608 LoC): # TRANSLATION UPDATES were made by these fine people: * sr: Мирослав Николић (Miroslav Nikolić) [Serbian]
mail/fetchmail: fix build on Darwin with gssapi or kerberos options Darwin doesn't install include files in ${KRB5BASE} (They are in the SDK instead) therefore let fetchmail use krb5-config to determine how to link against kerberos
fetchmail: Update to 6.4.12 pkgsrc changes: --------------- * Remove a conditional test for very old and unmaintained releases of NetBSD. The variable defined is this test seems to be absent from the pkgsrc tree and pkglint warns about its use. * Add a LICENSE to fetchmailconf upstream changes: ----------------- fetchmail-6.4.12 (released 2020-09-04, 27596 LoC): # BUG FIXES: * The README file is now the one from Git again. The makerelease.pl script used to roll and upload the tarball sometimes clobbered the README file and replaced its contents by a part of the NEWS file. --------------------------------------------------------------------------------- fetchmail-6.4.11 (released 2020-08-28, 27596 LoC): # REGRESSION FIX: * configure: fetchmail 6.4.9 and 6.4.10 would miss checking for TLS v1.2 and TLS v1.3 support if AC_LIB_LINKFLAGS came up with something such as /path/to/libssl.so, rather than -lssl. (For instance on FreeBSD) # KNOWN BUGS AND WORKAROUNDS (This section floats upwards through the NEWS file so it stays with the current release information) * Fetchmail does not handle messages without Message-ID header well (See sourceforge.net bug #780933) * Fetchmail currently uses 31-bit signed integers in several places where unsigned and/or wider types should have been used, for instance, for mailbox sizes, and misreports sizes of 2 GibiB and beyond. Fixing this requires C89 compatibility to be relinquished. * BSMTP is mostly untested and errors can cause corrupt output. * Fetchmail does not track pending deletes across crashes. * The command line interface is sometimes a bit stubborn, for instance, fetchmail -s doesn't work with a daemon running. * Linux systems may return duplicates of an IP address in some circumstances if no or no global IPv6 addresses are configured. (No workaround. Ubuntu Bug#582585, Novell Bug#606980.) * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error messages. This will not be fixed, because the maintainer has no Kerberos 5 server to test against. Use GSSAPI. --------------------------------------------------------------------------------- fetchmail-6.4.10 (released 2020-08-27, 27596 LoC): # REGRESSION FIX: * configure: fetchmail 6.4.9's configure was unable to pick up OpenSSL if it wasn't announced by pkg-config, for instance, on FreeBSD. --------------------------------------------------------------------------------- fetchmail-6.4.9: (not announced by e-mail, withdrawn) ## DOCUMENTATION UPDATE: * manpage: mention that the SSL/TLS certificate fingerprint uses an MD5 hash. ## CHANGES: * configure: try to use AC_LIB_LINKFLAGS to obtain proper link flags for libcrypto and libssl if pkg-config failed. This is an attempt to fix borderline issues when users building on systems with obsolete OpenSSL try to use a local newer OpenSSL from a separate directory. ## NEW TRANSLATION, with thanks to the translator: * ro: Florentina Mușat [Romanian]
fetchmail: Update to 6.4.8 upstream changes: ----------------- fetchmail-6.4.8 (released 2020-06-14, 27596 LoC): ## NEW TRANSLATION, with thanks to the translator: * sr: Мирослав Николић (Miroslav Nikolić) [Serbian] - Sorry, this was missed earlier because my translation scripts did not properly report new translations. # KNOWN BUGS AND WORKAROUNDS (This section floats upwards through the NEWS file so it stays with the current release information) * Fetchmail does not handle messages without Message-ID header well (See sourceforge.net bug #780933) * Fetchmail currently uses 31-bit signed integers in several places where unsigned and/or wider types should have been used, for instance, for mailbox sizes, and misreports sizes of 2 GibiB and beyond. Fixing this requires C89 compatibility to be relinquished. * BSMTP is mostly untested and errors can cause corrupt output. * Fetchmail does not track pending deletes across crashes. * The command line interface is sometimes a bit stubborn, for instance, fetchmail -s doesn't work with a daemon running. * Linux systems may return duplicates of an IP address in some circumstances if no or no global IPv6 addresses are configured. (No workaround. Ubuntu Bug#582585, Novell Bug#606980.) * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error messages. This will not be fixed, because the maintainer has no Kerberos 5 server to test against. Use GSSAPI. --------------------------------------------------------------------------------- fetchmail-6.4.7 (released 2020-06-14, 27596 LoC): ## TRANSLATION UPDATE, with thanks to the translator: * sv: Göran Uddeborg [Swedish] ------------------------------------------------------------------------------- fetchmail-6.4.6 (released 2020-05-29, 27596 LoC): ## TRANSLATION UPDATE, with thanks to the translator: * eo: Felipe Castro [Esperanto] -------------------------------------------------------------------------------- fetchmail-6.4.5 (released 2020-05-07, 27596 LoC): ## REGRESSION FIX: * fetchmail 6.4.0 and 6.4.1 changed the resolution of the home directory in a way that requires SUSv4 semantics of realpath(), which leads to 'Cannot find absolute path for... directory' error messages followed by aborts on systems where realpath() follows strict SUSv2 semantics and returns EINVAL if the 2nd argument is NULL. On such systems, for instance, Solaris 10, fetchmail requires PATH_MAX to be defined, and will then work again. Regression reported by David Hough. On systems that neither provide auto-allocation semantics for realpath(), nor PATH_MAX, fetchmail will print this error and abort. Such systems are unsupported, see README. ## CHANGES: * Add a test program fm_realpath, and a t.realpath script, neither to be installed. These will test resolution of the current working directory. ## TRANSLATION UPDATES in reverse alphabetical order of language codes, ## with my thanks to the translators: * zh_CN: Boyuan Yang [Chinese (simplified)] * sv: Göran Uddeborg [Swedish] * sq: Besnik Bleta [Albanian] * pl: Jakub Bogusz [Polish] * ja: Takeshi Hamasaki [Japanese] * fr: Frédéric Marchal [French] * cs: Petr Pisar [Czech] -------------------------------------------------------------------------------- fetchmail-6.4.4 (released 2020-04-26, 27530 LoC): ## UPDATED TRANSLATIONS - WITH THANKS TO THE TRANSLATOR: * ja: Takeshi Hamasaki [Japanese] -------------------------------------------------------------------------------- fetchmail-6.4.3 (released 2020-04-05, 27530 LoC): ## BUGFIXES: * Plug memory leaks when parts of the configuration (defaults, rcfile, command line) override one another. * fetchmail terminated the placeholder command string too late and included garbage from the heap at the end of the string. Workaround: don't use place- holders %h or %p in the --plugin string. Bug added in 6.4.0 when merging Gitlab merge request !5 in order to fix an input buffer overrun. Faulty commit 418cda65f752e367fa663fd13884a45fcbc39ddd. Reported by Stefan Thurner, Gitlab issue #16. * Fetchmail now checks for errors when trying to read the .idfile, Gitlab issue #3. * Fetchmail's error messages that reports that the defaults entry isn't the first was made more precise. It could be misleading if there was a poll or skip statement before the defaults. ## CHANGES: * Fetchmail documentation was updated to require OpenSSL 1.1.1. OpenSSL 1.0.2 reached End Of Life status at the end of the year 2019. Fetchmail will tolerate, but warn about, 1.0.2 for now on the assumption that distributors backport security fixes as the need arises. Fetchmail will also warn if another SSL library that is API-compatible with OpenSSL lacks TLS v1.3 support. * If the trust anchor is missing, fetchmail refers the user to README.SSL. ## INTERNAL CHANGES: * The AC_DECLS(getenv) check was removed, its only user was broken and not accounting for that AC_DECLS always defines HAVE_DECL_... to 0 or 1, so fetchmail never declared a missing getenv() symbol (it was testing with #ifdef). Remove the backup declaration. getenv is mandated by SUSv2 anyways. ## UPDATED TRANSLATIONS - WITH THANKS TO THE TRANSLATORS: * sq: Besnik Bleta [Albanian] * zh_CN: Boyuan Yang [Chinese (simplified)] * pl: Jakub Bogusz [Polish] * cs: Petr Pisar [Czech] * fr: Frédéric Marchal [French] * sv: Göran Uddeborg [Swedish] * eo: Felipe Castro [Esperanto]
fetchmail: update to 6.4.2 upstream changes: ----------------- fetchmail-6.4.2 (released 2020-02-14, 27473 LoC): ## BREAKING CHANGES: * fetchmailconf now supports Python 3 and currently requires the "future" package, see https://pypi.org/project/future/. * fetchmailconf: The minimum supported version is now Python 2.7.13, but it is recommended to use at least 2.7.16 (due to its massive SSL updates). Older Python versions may check SSL certificates not strictly enough, which may cause fetchmail to complain later, if the certificate verify fails. * fetchmailconf now autoprobes SSL-wrapped connections (ports 993 and 995 for IMAP and POP3) as well and by preference. * fetchmailconf now defaults newly created users to "ssl" if either of the existing users sets ssl, or if the server has freshly been probed and found supporting ssl. There is a caveat: adding a user to an existing server without probing it again may skip adding ssl. (This does not prevent STARTTLS.) ## BUG FIXES: * Fix three bugs in fetchmail.man (one unterminated string to .IP macro, one line that ran into a .PP macro, .TH date format), and remove one .br request from inside the table, which is unsupported by FreeBSD 12's mandoc(1) formatter. FreeBSD Bug#241032, reported by Helge Oldach. * Further man page fixes and additions by Chris Mayo and Gregor Zattler. * When evaluating the need for STARTTLS in non-default configurations (SSL certificate validation turned off), fetchmail would only consider --sslproto tls1 as requiring STARTTLS, now all non-empty protocol versions do. * fetchmailconf now properly writes "no sslcertck" if sslcertck is disabled. * fetchmailconf now catches and reports OS errors (including DNS errors) when autoprobing. Reported as Gitlab issue #12 by Sergey Alirzaev. * fetchmailconf received a host of other bugfixes, see the Git commit log. ## CHANGES: * Make t.smoke more robust and use temporary directory as FETCHMAILHOME, to make sure that the home directory resolves for the user running the test suite even if the environment isn't perfect. Reported by Konstantin Belousov, analysed by Corey Halpin, FreeBSD Bug#240914. ## UPDATED TRANSLATION - THANKS TO: * zh_CN: Boyuan Yang [Chinese (simplified)]
fetchmail: update to 6.4.1 upstream cheanges: ------------------ fetchmail-6.4.1 (released 2019-09-28, 27473 LoC): ## REGRESSION FIXES: * The bug fix Debian Bug#941129 was incomplete and caused + a regression in the default file locations, so that fetchmail was no longer able to find its configuration files in some situations. Reported by Cy Schubert. + a regression under _FORTIFY_SOURCE where PATH_MAX > minimal _POSIX_PATH_MAX. -------------------------------------------------------------------------------- fetchmail 6.4.0 (released 2019-09-27, 27429 LoC): # NOTE THAT FETCHMAIL IS NO LONGER PUBLISHED THROUGH IBIBLIO. * They have stopped accepting submissions and consider themselves an archive. ## SECURITY FIXES THAT AFFECT BEHAVIOUR AND MAY REQUIRE RECONFIGURATION * Fetchmail no longer supports SSLv2. * Fetchmail no longer attempts to negotiate SSLv3 by default, even with --sslproto ssl23. Fetchmail can now use SSLv3, or TLSv1.1 or a newer TLS version, with STLS/STARTTLS (it would previously force TLSv1.0 with STARTTLS). If the OpenSSL version used at build and run-time supports these versions, --sslproto ssl3 and --sslproto ssl3+ can be used to re-enable SSLv3. Doing so is discouraged because the SSLv3 protocol is broken. Along the lines suggested - as patch - by Kurt Roeckx, Debian Bug #768843. While this change is supposed to be compatible with common configurations, users may have to and are advised to change all explicit --sslproto ssl2 (change to newer protocols required), --sslproto ssl3, --sslproto tls1 to --sslproto auto, so that they can benefit from TLSv1.1 and TLSv1.2 where supported by the server. The --sslproto option now understands the values auto, ssl3+, tls1+, tls1.1, tls1.1+, tls1.2, tls1.2+, tls1.3, tls1.3+ (case insensitively), see CHANGES below for details. * Fetchmail defaults to --sslcertck behaviour. A new option --nosslcertck to override this has been added, but may be removed in future fetchmail versions in favour of another configuration option that makes the insecurity in using this option clearer. ## SECURITY FIXES * Fetchmail prevents buffer overruns in GSSAPI authentication with user names beyond c. 6000 characters in length. Reported by Greg Hudson. ## CHANGED REQUIREMENTS * fetchmail 6.4.0 is written in C99 and requires a SUSv3 (Single Unix Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with XSI extension) compliant system. For now, a C89 compiler should also work if the system is SUSv3 compliant. In particular, older fetchmail versions had workaround for several functions standardized in the Single Unix Specification v3, these have been removed. The trio/ library has been removed from the distribution. ## CHANGES * fetchmail 6.3.X is unsupported. * fetchmail now configures OpenSSL support by default. * fetchmail now requires OpenSSL v1.0.2 or newer. * Fetchmail now supports --sslproto auto and --sslproto tls1+ (same as ssl23). * --sslproto tls1.1+, tls1.2+, and tls1.3+ are now supported for auto-negotiation with a minimum specified TLS protocol version, and --sslproto tls1.1, --sslproto tls1.2 and --sslproto tls1.3 to force the specified TLS protocol version. Note that tls1.3 requires OpenSSL v1.1.1 or newer. * Fetchmail now detects if the server hangs up prematurely during SSL_connect() and reports this condition as such, and not just as SSL connection failure. (OpenSSL 1.0.2 reported incompatible with pop3.live.com by Jerry Seibert). * A foreground fetchmail can now accept a few more options while another copy is running in the background. * fetchmail now handles POP3 --keep UID lists more efficiently, by using Rainer Weikusat's P-Tree implementation. This reduces the complexity for handling a large UIDL from O(n^2) to O(n log n) and becomes noticably faster with thousands of kept messages. (IMAP does not currently track UIDs and is unaffected.) At the same time, the UIDL emulation code for deficient servers has been removed. It never worked really well. Servers that do not implement the optional UIDL command only work with --fetchall option set, which in itself is incompatible with the --keep option (it would cause message duplication). * fetchmail, when setting up TLS connections, now uses SSL_set_tlsext_host_name() to set up the SNI (Server Name Indication). Some servers (for instance googlemail) require SNI when using newer SSL protocols. * Fetchmail now sets the expected hostname through OpenSSL 1.0.2's new X509_VERIFY_PARAM_set1_host() function to enable OpenSSL's native certificate verification features. * fetchmail will drop the connection when fetching with IMAP and receiving an unexpected untagged "* BYE" response, to work around certain faulty servers. * The FETCHMAIL_POP3_FORCE_RETR environment variable is now documented, it forces fetchmail, when talking POP3, to always use the RETR command, even if it would otherwise use the TOP command. * Fetchmail's configure stage will try to query pkg-config or pkgconf for libssl and libcrypto, in case other system use .pc files to document specific library dependencies. (contributed by Fabrice Fontaine, GitLab merge request !14.) * The gethostbyname() API calls and compatibility functions have been removed. * These translations are shipped but not installed by default because they have less than 500 translated messages out of 714: el fi gl pt_BR sk tr -> Greek, Finnish, Galician, Brazilian Portuguese, Slovak, Turkish. * Fetchmail now refuses delivery if the MDA option contains single-quoted expansions. ## FIXES * Fix a typo in the FAQ. Submitted by David Lawyer, Debian Bug#706776. * Do not translate header tags such as "Subject:". Reported by Gonzalo Pérez de Olaguer Córdoba, Debian Bug#744907. * Convert most links from berlios.de to sourceforge.net. * Report error to stderr, and exit, if --idle is combined with multiple accounts. * Point to --idle from GENERAL OPERATION to clarify --idle and multiple mailboxes do not mix. In response to Jeremy Chadwick's trouble 2014-11-19, fetchmail-users mailing list. * Fix SSL-enabled build on systems that do not declare SSLv3_client_method(), or that #define OPENSSL_NO_SSL3 inside #include <openssl/ssl.h> Related to Debian Bug#775255. Fixes Debian Bug #804604. * Version report lists -SSLv3 on SSL-enabled no-ssl3 builds. * Fetchmail no longer adds a NUL byte to the username in GSSAPI authentication. This was reported to break Kerberos-based authentication with Microsoft Exchange 2013 by Greg Hudson. * Set umask properly before writing the .fetchids file, to avoid failing the security check on the next run. Reported by Fabian Raab, Fixes Debian Bug#831611. * When forwarding by LMTP, also check antispam response code when collecting the responses after the CR LF . CR LF sequence at the end of the DATA phase. (Contributed by Evil.2000, GitLab merge request !12.) * fetchmail will not try other protocols after a socket error. This avoids mismatches of how different prococols see messages as "seen" and re-fetches of known mail. (Fix contributed by Lauri Nurmi, GitLab Merge Request !10.) * fetchmail no longer reports "System error during SSL_connect(): Success." Fixes Debian Bug#928916, reported by Paul Kimoto. * fetchmailconf would ignore Edit or Delete actions on the first (topmost) item in a list (no matter if server list, user list, ...). * The mimedecode feature now properly detects multipart/mixed-type matches, so that quoted-printable-encoded multipart messages can get decoded. (Regression in 5.0.0 on 1999-03-27, as a side effect of a PGP-mimedecode fix attributed to Henrik Storner.) * FETCHMAILHOME can now safely be a relative path, which will be qualified through realpath(). Previously, it had to be absolute in daemon mode. Reported by Alex Andreotti, Debian Bug#941129.
fetchmail: update to 6.3.26 * add licenses * remove kerberos conditional pre-configure rule (fixed in upstream) Changes: fetchmail-6.3.26 (released 2013-04-23, 26180 LoC): # NOTE THAT FETCHMAIL IS NO LONGER PUBLISHED THROUGH IBIBLIO. * They have stopped accepting submissions and consider themselves an archive. # CRITICAL BUG FIX for setups using "mimedecode": * The mimedecode feature failed to ship the last line of the body if it was encoded as quoted-printable and had a MIME soft line break in the very last line. Reported by Lars Hecking in June 2011. Bug introduced on 1998-03-20 when the mimedecode support was added by ESR before release 4.4.1 through code contributed by Henrik Storner. Workaround for older releases: do not use mimedecode feature. Earlier versions of this NEWS file claimed this bug fixed in fetchmail-6.3.23, but it was not. Fixes Launchpad Bug#1171818. fetchmail-6.3.25 (released 2013-03-18, 26149 LoC): # NOTE THAT FETCHMAIL IS NO LONGER PUBLISHED THROUGH IBIBLIO. * They have stopped accepting submissions and consider themselves an archive. # BUG FIXES * Fix a memory leak in out-of-memory error condition while handling plugins. Report and patch by John Beck (found with Parfait static code analyzer). * Fix a NULL pointer dereference in out-of-memory error condition while handling plugins. Report and patch by John Beck (found with Parfait static code analyzer). # CHANGES * Improved reporting when SSL/TLS X.509 certificate validation has failed, working around a not-so-recent swapping of two OpenSSL error codes, and a practical impossibility to distinguish broken certification chains from missing trust anchors (root certificates). * OpenSSL decoded errors are now reported through report(), rather than dumped to stderr, so that they should show up in logfiles and/or syslog. * The fetchmail manual page no longer claims that MD5 were the default OpenSSL hash format (for use with --sslfingerprint). Reported by Jakob Wilk, PARTIAL fix for Debian Bug#700266. * The fetchmail manual page now refers the user to --softbounce from the SMTP/ESMTP ERROR HANDLING section. Reported by Anton Shterenlikht. # WORKAROUNDS * Older systems that provide the older RFC-2553 implementation of getaddrinfo, rather than the current RFC-3493, and systems that do not provide this getaddrinfo() interface at all and thus use the replacement functions from libesmtp/getaddrinfo.?, might return EAI_NODATA when a host is registered in DNS as MX or similar, but without A or AAAA records. Handle this situation when checking for multidrop aliases and treat EAI_NODATA the same as EAI_NONAME, i. e. name cannot be resolved. The proper fix, however, is to upgrade the operating system. # TRANSLATION UPDATES [cs] Czech, by Petr Pisar [da] Danish, by Joe Hansen [de] German [eo] Esperanto, by Sian Mountbatten and Felipe Castro [fr] French, by Frédéric Marchal [ja] Japanese, by Takeshi Hamasaki [pl] Polish, by Jakub Bogusz [sv] Swedish, by Göran Uddeborg [vi] Vietnamese, by Trần Ngọc Quân
fetchmail: fix build with openssl-1.1. Bump PKGREVISION.
Add SHA512 digests for distfiles for mail category Problems found locating distfiles: Package mutt: missing distfile patch-1.5.24.rr.compressed.gz Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz Package pine: missing distfile fancy.patch.gz Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch Package qmail: missing distfile badrcptto.patch Package qmail: missing distfile outgoingip.patch Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Correct typo. Noted by Bug Hunting.
Pullup ticket #3958 - requested by morr mail/fetchmail: security update Revisions pulled up: - mail/fetchmail/Makefile 1.180 - mail/fetchmail/PLIST 1.14 - mail/fetchmail/distinfo 1.47 - mail/fetchmail/patches/patch-Makefile.in 1.1 - mail/fetchmail/patches/patch-ntlmsubr.c deleted - mail/fetchmailconf/Makefile 1.85 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: morr Date: Sat Nov 3 22:50:23 UTC 2012 Modified Files: pkgsrc/mail/fetchmail: Makefile PLIST distinfo pkgsrc/mail/fetchmailconf: Makefile Added Files: pkgsrc/mail/fetchmail/patches: patch-Makefile.in Removed Files: pkgsrc/mail/fetchmail/patches: patch-ntlmsubr.c Log Message: Update fetchmail and fetchmailconf to version 6.3.22. # SECURITY FIXES * for CVE-2012-3482: NTLM: fetchmail mistook an error message that the server sent in response to an NTLM request for protocol exchange, tried to decode it, and crashed while reading from a bad memory location. Also, with a carefully crafted NTLM challenge packet sent from the server, it would be possible that fetchmail conveyed confidential data not meant for the server through the NTLM response packet. Fix: Detect base64 decoding errors, validate the NTLM challenge, and abort NTLM authentication in case of error. See fetchmail-SA-2012-02.txt for further details. Reported by J. Porter Clark. * for CVE-2011-3389: SSL/TLS (wrapped and STARTTLS): fetchmail used to disable a countermeasure against a certain kind of attack against cipher block chaining initialization vectors (SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS). Whether this creates an exploitable situation, depends on the server and the negotiated ciphers. As a precaution, fetchmail 6.3.22 enables the countermeasure, by clearing SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS. NOTE that this can cause connections to certain non-conforming servers to fail, in which case you can set the environment variable FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE to any non-empty value when starting fetchmail to re-instate the compatibility option at the expense of security. Reported by Apple Product Security. For technical details, refer to <http://www.openssl.org/~bodo/tls-cbc.txt>. See fetchmail-SA-2012-01.txt for further details. # BUG FIX * The Server certificate: message in verbose mode now appears on stdout like the remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807. * The GSSAPI-related autoconf code now matches gssapi.c better, and uses a different check to look for GSS_C_NT_HOSTBASED_SERVICE. This fixes the GSSAPI-enabled build on NetBSD 6 Beta. # CHANGES * On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to fix the build) and if configured, print a run-time error that the OS does not support SSLv2. Fixes Debian Bug #622054, but note that that bug report has a more thorough patch that does away with SSLv2 altogether. * The security and errata notices fetchmail-{EN,SA}-20??-??.txt are now under the more relaxed CC BY-ND 3.0 license (the noncommercial clause was dropped). The Creative Commons address was updated. * The Python-related Makefile.am parts were simplified to avoid an automake 1.11.X bug around noinst_PYTHON, Automake Bug #10995. * Configuring fetchmail without SSL now triggers a configure warning, and asks the user to consider running configure --with-ssl. # WORKAROUNDS * Some servers, notably Zimbra, return A1234 987 FETCH () in response to a header request, in the face of message corruption. fetchmail now treats these as temporary errors. Report and Patch by Mikulas Patocka, Red Hat. * Some servers, notably Microsoft Exchange, return "A0009 OK FETCH completed." without any header in response to a header request for meeting reminder messages (with a "meeting.ics" attachment). fetchmail now treats these as transient errors. Report by John Connett, Patch by Sunil Shetye. # TRANSLATION UPDATES * [cs] Czech, by Petr Pisar * [de] German * [fr] French, by Frédéric Marchal * [ja] Japanese, by Takeshi Hamasaki * [pl] Polish, by Jakub Bogusz * [sv] Swedish, by Göran Uddeborg --- NEW TRANSLATION - Thank you! * [vi] Vietnamese, by Trần Ngọc Quân To generate a diff of this commit: cvs rdiff -u -r1.179 -r1.180 pkgsrc/mail/fetchmail/Makefile cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/fetchmail/PLIST cvs rdiff -u -r1.46 -r1.47 pkgsrc/mail/fetchmail/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/mail/fetchmail/patches/patch-Makefile.in cvs rdiff -u -r1.1 -r0 pkgsrc/mail/fetchmail/patches/patch-ntlmsubr.c cvs rdiff -u -r1.84 -r1.85 pkgsrc/mail/fetchmailconf/Makefile
Update fetchmail and fetchmailconf to version 6.3.22. # SECURITY FIXES * for CVE-2012-3482: NTLM: fetchmail mistook an error message that the server sent in response to an NTLM request for protocol exchange, tried to decode it, and crashed while reading from a bad memory location. Also, with a carefully crafted NTLM challenge packet sent from the server, it would be possible that fetchmail conveyed confidential data not meant for the server through the NTLM response packet. Fix: Detect base64 decoding errors, validate the NTLM challenge, and abort NTLM authentication in case of error. See fetchmail-SA-2012-02.txt for further details. Reported by J. Porter Clark. * for CVE-2011-3389: SSL/TLS (wrapped and STARTTLS): fetchmail used to disable a countermeasure against a certain kind of attack against cipher block chaining initialization vectors (SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS). Whether this creates an exploitable situation, depends on the server and the negotiated ciphers. As a precaution, fetchmail 6.3.22 enables the countermeasure, by clearing SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS. NOTE that this can cause connections to certain non-conforming servers to fail, in which case you can set the environment variable FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE to any non-empty value when starting fetchmail to re-instate the compatibility option at the expense of security. Reported by Apple Product Security. For technical details, refer to <http://www.openssl.org/~bodo/tls-cbc.txt>. See fetchmail-SA-2012-01.txt for further details. # BUG FIX * The Server certificate: message in verbose mode now appears on stdout like the remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807. * The GSSAPI-related autoconf code now matches gssapi.c better, and uses a different check to look for GSS_C_NT_HOSTBASED_SERVICE. This fixes the GSSAPI-enabled build on NetBSD 6 Beta. # CHANGES * On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to fix the build) and if configured, print a run-time error that the OS does not support SSLv2. Fixes Debian Bug #622054, but note that that bug report has a more thorough patch that does away with SSLv2 altogether. * The security and errata notices fetchmail-{EN,SA}-20??-??.txt are now under the more relaxed CC BY-ND 3.0 license (the noncommercial clause was dropped). The Creative Commons address was updated. * The Python-related Makefile.am parts were simplified to avoid an automake 1.11.X bug around noinst_PYTHON, Automake Bug #10995. * Configuring fetchmail without SSL now triggers a configure warning, and asks the user to consider running configure --with-ssl. # WORKAROUNDS * Some servers, notably Zimbra, return A1234 987 FETCH () in response to a header request, in the face of message corruption. fetchmail now treats these as temporary errors. Report and Patch by Mikulas Patocka, Red Hat. * Some servers, notably Microsoft Exchange, return "A0009 OK FETCH completed." without any header in response to a header request for meeting reminder messages (with a "meeting.ics" attachment). fetchmail now treats these as transient errors. Report by John Connett, Patch by Sunil Shetye. # TRANSLATION UPDATES * [cs] Czech, by Petr Pisar * [de] German * [fr] French, by Frédéric Marchal * [ja] Japanese, by Takeshi Hamasaki * [pl] Polish, by Jakub Bogusz * [sv] Swedish, by Göran Uddeborg --- NEW TRANSLATION - Thank you! * [vi] Vietnamese, by Trần Ngọc Quân
Fix CVE-2012-3482 patch from http://gitorious.org/fetchmail/fetchmail/commit/3fbc7cd331602c76f882d1b507cd05c1d824ba8b/diffs
Pullup ticket #3512 - requested by tron mail/fetchmail critical bug fix Revisions pulled up: - mail/fetchmail/Makefile 1.177 - mail/fetchmail/distinfo 1.45 - mail/fetchmailconf/Makefile 1.81 --- Module Name: pkgsrc Committed By: tron Date: Fri Aug 26 07:19:25 UTC 2011 Modified Files: pkgsrc/mail/fetchmail: Makefile distinfo pkgsrc/mail/fetchmailconf: Makefile Log Message: Update "fetchmail" and "fetchmailconf" package to version 6.3.21. Changes since version 6.3.20: - The IMAP client no longer inserts NUL bytes into the last line of a message when it is not closed with a LF or CRLF sequence. Reported by Antoine Levitt. As a side effect of the fix, and in order to avoid a full rewrite, fetchmail will now CRLF-terminate the last line fetched through IMAP, even if it is originally not terminated by LF or CRLF. This bears no relevance if your messages end up in mbox, but adds line termination for storages (like Maildir) that do not require that the last line be LF- or CRLF-terminated.
Update "fetchmail" and "fetchmailconf" package to version 6.3.21. Changes since version 6.3.20: - The IMAP client no longer inserts NUL bytes into the last line of a message when it is not closed with a LF or CRLF sequence. Reported by Antoine Levitt. As a side effect of the fix, and in order to avoid a full rewrite, fetchmail will now CRLF-terminate the last line fetched through IMAP, even if it is originally not terminated by LF or CRLF. This bears no relevance if your messages end up in mbox, but adds line termination for storages (like Maildir) that do not require that the last line be LF- or CRLF-terminated.
Pullup ticket #3454 - requested by tron mail/fetchmail security update Revisions pulled up: - mail/fetchmail/Makefile 1.176 - mail/fetchmail/distinfo 1.44 - mail/fetchmail/patches/patch-aa removed - mail/fetchmailconf/Makefile 1.80 --- Module Name: pkgsrc Committed By: obache Date: Thu Jun 9 11:52:34 UTC 2011 Modified Files: pkgsrc/mail/fetchmail: Makefile distinfo pkgsrc/mail/fetchmailconf: Makefile Removed Files: pkgsrc/mail/fetchmail/patches: patch-aa Log Message: Update fetchmail to 6.3.20. Requested by PR#45030. fetchmail-6.3.20 (released 2011-06-06, 26005 LoC): # SECURITY BUG FIXES * CVE-2011-1947: STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the set timeout (default five minutes) now. This was reported missing, with observed fetchmail freezes beyond a week, by Thomas Jarosch. SSL-wrapped connections were unaffected by this timeout, so users of older versions can force ssl-wrapped connections -- if supported by the server -- with the --ssl command line or ssl rcfile option. See fetchmail-SA-2011-01.txt for further details. # BUG FIXES * IMAP: Do not search for UNSEEN messages in ranges. Usually, there are very few new messages and most of the range searches result in nothing. Instead, split the long response to make the IMAP driver think that there are multiple lines of response. (Sunil Shetye) * Do not print "skipping message" for old messages even in verbose mode. If there are too many old messages, the logs just get filled without any real activity. (Sunil Shetye) (suggested by Yunfan Jiang) * Build: fetchmail now always uses its own MD5 implementation rather than trying to find a system library with matched header. The library and header variants found on systems are too diverse, and the code size saving is not worth any more wasted user or programmer time. # CHANGES * Call strlen() only once when removing CRLF from a line. (Sunil Shetye) * fetchmail sets Internet domain sockets to "keepalive" mode now. Note that there is no portable way to configure actual timeouts for this mode, and some systems only support a system-wide timeout setting. fetchmail does not attempt to tune the time spans of keepalive mode. # TRANSLATION UPDATES [cs] Chech (Petr Pisar) [nl] Dutch (Erwin Poeze) [fr] French (Frdric Marchal) [de] German (Matthias Andree) [ja] Japanese (Takeshi Hamasaki) [pl] Polish (Jakub Bogusz) [sk] Slovak (Marcel Telka) # KNOWN BUGS AND WORKAROUNDS (this section floats upwards through the NEWS file so it stays with the current release information - however, it was stuck with 6.3.8 for a while) * fetchmail does not handle messages without Message-ID header well (See sourceforge.net bug #780933) * BSMTP is mostly untested and errors can cause corrupt output. * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit fetchmail. Note that fetchmail doesn't take advantage of 64-bit code, so compiling 32-bit SPARC code should not cause any difficulties. * fetchmail does not track pending deletes over crashes. * the command line interface is sometimes a bit stubborn, for instance, fetchmail -s doesn't work with a daemon running. * Linux systems may return duplicates of an IP address in some circumstances if no or no global IPv6 addresses are configured. (No workaround. Ubuntu Bug#582585, Novell Bug#606980.) * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error messages. This will not be fixed, because the maintainer has no Kerberos 5 server to test against. Use GSSAPI. fetchmail-6.3.19 (released 2010-12-10, 25945 LoC): # ERRATUM NOTICE ISSUED * fetchmail 6.3.18 contains several bug fixes that were considered sufficiently grave to warrant the issue of an erratum notice, fetchmail-EN-2010-03.txt. # BUG FIXES * When specifying multiple local multidrop lists, do not lose wildcard flag. (Affects "user foo is bar baz * is joe here") * In multidrop configurations, an asterisk can now appear anywhere in the list of local users, not just at the end. * In multidrop mode, header parsing is now more verbose in -vv mode, so that it becomes possible to see which header is used. * Make --antispam work from command line (these used to work in rcfiles). Reported by Kees Bakker, BerliOS Bug #17599. (Sunil Shetye) * Smoke test XHTML 1.1 validation, and if it fails, skip validating HTML documents. Skip validating Mailbox-Names-UTF7.html. Several systems have broken XHTML 1.1 DTD installations that jeopardize the build. Reported by Mihail Nechkin against FreeBSD port. Workaround for 6.3.18: build in a separate directory, i. e: mkdir build && cd build && ../configure --options-go-here * Send a NOOP only after a failed STARTTLS in IMAP. (Sunil Shetye) * Demote GSSAPI verbose/debug syslog to INFO severity. Requested by Carlos E. R. and Derek Simkowiak via the fetchmail-users@ mailing list. * Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory even if the server capabilities do not show support for upgradation to TLS. To use this, configure --sslproto tls1. (Sunil Shetye) * IMAP: Understand empty strings as FETCH response, seen on Yahoo. Reported by Yasin Malli to fetchmail-users@ 2010-12-10. Note that fetchmail continues to expect literals as FETCH response for now. # DOCUMENTATION * The manual page now links to IANA for GSSAPI service names. # TRANSLATION UPDATES [cs] Czech (Petr Pisar) [fr] French (Frdric Marchal) [de] German [it] Italian (Vincenzo Campanella) [pl] Polish (Jakub Bogusz) fetchmail-6.3.18 (released 2010-10-09, 25936 LoC): # SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE * Fetchmail now only accepts wildcard certificate common names and subject alternative names if they start with "*.". Previous versions would accept wildcards even if no period followed immediately. * Fetchmail now disallows wildcards in certificates to match domain literals (such as 10.9.8.7), or wildcards in domain literals ("*.168.23.23"). The test is overly picky and triggers if the pattern (after skipping the initial wildcard "*") or domain consists solely of digits and dots, and thus matches more than needed. * Fetchmail now disallows wildcarding top-level domains. # CRITICAL BUG FIXES AND REGRESSION FIXES * Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to obtain MD5* functions, as an effect of an undocumented Solaris MD5 fix. This caused all MD5-related functions to malfunction if, for instance, libmd5.so was installed on other operating systems as part of libwww on machines where long isn't 32-bits, i. e. usually on 64-bit computers. Fixes Gentoo Bug #319283, reported, including libwww hint, by Karl Hakimian. Side effect: fetchmail will now use -lmd on Solaris rather than -lmd5. * Fetchmail 6.3.17 warned about insecure SSL/TLS connections even if a matching --sslfingerprint was specified. This is an omission from an SSL usability change made in 6.3.17. Fixes Debian Bug#580796 reported by Roland Stigge. * Fetchmail will now apply timeouts to the authentication stage. This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3. Reported missing by Thomas Jarosch. * Fetchmail now cancels GSSAPI authentication properly when encountering GSS errors, such as no or unsuitable credentials. It now sends an asterisk on a line by its own, as required in SASL. This fixes protocol synchronization issues that cause Authentication failures, often observed with kerberized MS Exchange servers. Fixes Debian Bug #568455 reported by Patrick Rynhart, and Alan Murrell, to the fetchmail-users list. Fix verified by Thomas Voigtmann and Patrick Rynhart. # BUG FIXES * Fetchmail will no longer print connection attempts and errors for one host in "silent" and "normal" logging modes, unless all connections fail. This should reduce irritation around refused-connection logging if services are only on an IPv4 socket if the host also supports IPv6. Often observed as connections refused to ::1/25 when the subsequent connection to 127.0.0.1/25 then - silently - succeeds. Fetchmail, unless in verbose mode, will collect all connect errors and only report them if all of them fail. * Fetchmail will not try GSSAPI authentication automatically, unless it has GSS credentials. However, if GSSAPI authentication is requested explicitly, fetchmail will always try it. * Fetchmail now parses response to "FETCH n:m RFC822.SIZE" and "FETCH n RFC822.HEADER" in a more flexible manner. (Sunil Shetye) * The manual page clearly states that --principal is for Kerberos 4 only, not for Kerberos 5 or GSSAPI. Found by Thomas Voigtmann. # CHANGES * When encountering incorrect headers, fetchmail will refer to the bad-header option in the manpage. Fixes BerliOS Bug #17272, change suggested by Bjrn Voigt. * Fetchmail now decodes and reports GSSAPI status codes upon errors. * Fetchmail now autoprobes NTLM also for POP3. * The Fetchmail FAQ has a new item #R15 on authentication failures. # INTERNAL CHANGES * The common NTLM authentication code was factored out from pop3.c and imap.c. # TRANSLATION UPDATES [zh_CN] Chinese/simplified (Ji Zheng-Yu) [cs] Czech (Petr Pisar) [nl] Dutch (Erwin Poeze) [fr] French (Frdric Marchal) [de] German [it] Italian (Vincenzo Campanella) [ja] Japanese (Takeshi Hamasaki) [pl] Polish (Jakub Bogusz) [sk] Slovak (Marcel Telka)
Update fetchmail to 6.3.20. Requested by PR#45030. fetchmail-6.3.20 (released 2011-06-06, 26005 LoC): # SECURITY BUG FIXES * CVE-2011-1947: STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the set timeout (default five minutes) now. This was reported missing, with observed fetchmail freezes beyond a week, by Thomas Jarosch. SSL-wrapped connections were unaffected by this timeout, so users of older versions can force ssl-wrapped connections -- if supported by the server -- with the --ssl command line or ssl rcfile option. See fetchmail-SA-2011-01.txt for further details. # BUG FIXES * IMAP: Do not search for UNSEEN messages in ranges. Usually, there are very few new messages and most of the range searches result in nothing. Instead, split the long response to make the IMAP driver think that there are multiple lines of response. (Sunil Shetye) * Do not print "skipping message" for old messages even in verbose mode. If there are too many old messages, the logs just get filled without any real activity. (Sunil Shetye) (suggested by Yunfan Jiang) * Build: fetchmail now always uses its own MD5 implementation rather than trying to find a system library with matched header. The library and header variants found on systems are too diverse, and the code size saving is not worth any more wasted user or programmer time. # CHANGES * Call strlen() only once when removing CRLF from a line. (Sunil Shetye) * fetchmail sets Internet domain sockets to "keepalive" mode now. Note that there is no portable way to configure actual timeouts for this mode, and some systems only support a system-wide timeout setting. fetchmail does not attempt to tune the time spans of keepalive mode. # TRANSLATION UPDATES [cs] Chech (Petr Pisar) [nl] Dutch (Erwin Poeze) [fr] French (Frédéric Marchal) [de] German (Matthias Andree) [ja] Japanese (Takeshi Hamasaki) [pl] Polish (Jakub Bogusz) [sk] Slovak (Marcel Telka) # KNOWN BUGS AND WORKAROUNDS (this section floats upwards through the NEWS file so it stays with the current release information - however, it was stuck with 6.3.8 for a while) * fetchmail does not handle messages without Message-ID header well (See sourceforge.net bug #780933) * BSMTP is mostly untested and errors can cause corrupt output. * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit fetchmail. Note that fetchmail doesn't take advantage of 64-bit code, so compiling 32-bit SPARC code should not cause any difficulties. * fetchmail does not track pending deletes over crashes. * the command line interface is sometimes a bit stubborn, for instance, fetchmail -s doesn't work with a daemon running. * Linux systems may return duplicates of an IP address in some circumstances if no or no global IPv6 addresses are configured. (No workaround. Ubuntu Bug#582585, Novell Bug#606980.) * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error messages. This will not be fixed, because the maintainer has no Kerberos 5 server to test against. Use GSSAPI. fetchmail-6.3.19 (released 2010-12-10, 25945 LoC): # ERRATUM NOTICE ISSUED * fetchmail 6.3.18 contains several bug fixes that were considered sufficiently grave to warrant the issue of an erratum notice, fetchmail-EN-2010-03.txt. # BUG FIXES * When specifying multiple local multidrop lists, do not lose wildcard flag. (Affects "user foo is bar baz * is joe here") * In multidrop configurations, an asterisk can now appear anywhere in the list of local users, not just at the end. * In multidrop mode, header parsing is now more verbose in -vv mode, so that it becomes possible to see which header is used. * Make --antispam work from command line (these used to work in rcfiles). Reported by Kees Bakker, BerliOS Bug #17599. (Sunil Shetye) * Smoke test XHTML 1.1 validation, and if it fails, skip validating HTML documents. Skip validating Mailbox-Names-UTF7.html. Several systems have broken XHTML 1.1 DTD installations that jeopardize the build. Reported by Mihail Nechkin against FreeBSD port. Workaround for 6.3.18: build in a separate directory, i. e: mkdir build && cd build && ../configure --options-go-here * Send a NOOP only after a failed STARTTLS in IMAP. (Sunil Shetye) * Demote GSSAPI verbose/debug syslog to INFO severity. Requested by Carlos E. R. and Derek Simkowiak via the fetchmail-users@ mailing list. * Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory even if the server capabilities do not show support for upgradation to TLS. To use this, configure --sslproto tls1. (Sunil Shetye) * IMAP: Understand empty strings as FETCH response, seen on Yahoo. Reported by Yasin Malli to fetchmail-users@ 2010-12-10. Note that fetchmail continues to expect literals as FETCH response for now. # DOCUMENTATION * The manual page now links to IANA for GSSAPI service names. # TRANSLATION UPDATES [cs] Czech (Petr Pisar) [fr] French (Frédéric Marchal) [de] German [it] Italian (Vincenzo Campanella) [pl] Polish (Jakub Bogusz) fetchmail-6.3.18 (released 2010-10-09, 25936 LoC): # SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE * Fetchmail now only accepts wildcard certificate common names and subject alternative names if they start with "*.". Previous versions would accept wildcards even if no period followed immediately. * Fetchmail now disallows wildcards in certificates to match domain literals (such as 10.9.8.7), or wildcards in domain literals ("*.168.23.23"). The test is overly picky and triggers if the pattern (after skipping the initial wildcard "*") or domain consists solely of digits and dots, and thus matches more than needed. * Fetchmail now disallows wildcarding top-level domains. # CRITICAL BUG FIXES AND REGRESSION FIXES * Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to obtain MD5* functions, as an effect of an undocumented Solaris MD5 fix. This caused all MD5-related functions to malfunction if, for instance, libmd5.so was installed on other operating systems as part of libwww on machines where long isn't 32-bits, i. e. usually on 64-bit computers. Fixes Gentoo Bug #319283, reported, including libwww hint, by Karl Hakimian. Side effect: fetchmail will now use -lmd on Solaris rather than -lmd5. * Fetchmail 6.3.17 warned about insecure SSL/TLS connections even if a matching --sslfingerprint was specified. This is an omission from an SSL usability change made in 6.3.17. Fixes Debian Bug#580796 reported by Roland Stigge. * Fetchmail will now apply timeouts to the authentication stage. This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3. Reported missing by Thomas Jarosch. * Fetchmail now cancels GSSAPI authentication properly when encountering GSS errors, such as no or unsuitable credentials. It now sends an asterisk on a line by its own, as required in SASL. This fixes protocol synchronization issues that cause Authentication failures, often observed with kerberized MS Exchange servers. Fixes Debian Bug #568455 reported by Patrick Rynhart, and Alan Murrell, to the fetchmail-users list. Fix verified by Thomas Voigtmann and Patrick Rynhart. # BUG FIXES * Fetchmail will no longer print connection attempts and errors for one host in "silent" and "normal" logging modes, unless all connections fail. This should reduce irritation around refused-connection logging if services are only on an IPv4 socket if the host also supports IPv6. Often observed as connections refused to ::1/25 when the subsequent connection to 127.0.0.1/25 then - silently - succeeds. Fetchmail, unless in verbose mode, will collect all connect errors and only report them if all of them fail. * Fetchmail will not try GSSAPI authentication automatically, unless it has GSS credentials. However, if GSSAPI authentication is requested explicitly, fetchmail will always try it. * Fetchmail now parses response to "FETCH n:m RFC822.SIZE" and "FETCH n RFC822.HEADER" in a more flexible manner. (Sunil Shetye) * The manual page clearly states that --principal is for Kerberos 4 only, not for Kerberos 5 or GSSAPI. Found by Thomas Voigtmann. # CHANGES * When encountering incorrect headers, fetchmail will refer to the bad-header option in the manpage. Fixes BerliOS Bug #17272, change suggested by Björn Voigt. * Fetchmail now decodes and reports GSSAPI status codes upon errors. * Fetchmail now autoprobes NTLM also for POP3. * The Fetchmail FAQ has a new item #R15 on authentication failures. # INTERNAL CHANGES * The common NTLM authentication code was factored out from pop3.c and imap.c. # TRANSLATION UPDATES [zh_CN] Chinese/simplified (Ji Zheng-Yu) [cs] Czech (Petr Pisar) [nl] Dutch (Erwin Poeze) [fr] French (Frédéric Marchal) [de] German [it] Italian (Vincenzo Campanella) [ja] Japanese (Takeshi Hamasaki) [pl] Polish (Jakub Bogusz) [sk] Slovak (Marcel Telka)
Pullup ticket 3108 - requested by tez and tron security update Revisions pulled up: - pkgsrc/mail/fetchmail/Makefile 1.173 - pkgsrc/mail/fetchmail/distinfo 1.43 - pkgsrc/mail/fetchmailconf/Makefile 1.79 Files added: pkgsrc/mail/fetchmail/MESSAGE pkgsrc/mail/fetchmail/patches/patch-aa ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tez Date: Sat May 8 15:34:59 UTC 2010 Modified Files: pkgsrc/mail/fetchmail: Makefile distinfo Added Files: pkgsrc/mail/fetchmail: MESSAGE Log Message: Update to 6.3.17 per PR#43269 fetchmail-6.3.17 (released 2010-05-06, 25767 LoC): # SECURITY FIX * CVE-2010-1167: Fetchmail before release 6.3.17 did not properly sanitize external input (mail headers and UID). When a multi-character locale (such as # FEATURES * Fetchmail now supports a --sslcertfile <file> option to specify a "CA bundle" file (a file that contains trusted CA certificates). Since these bundled CA files do not require c_rehash to be run, they are easier to use and immune to OpenSSL library updates that affect the hash function. * Fetchmail now supports a FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS environment variable to force loading the default SSL CA certificate locations even if --sslcertfile or --sslcertpath is used. If neither option is in effect, fetchmail loads the default locations. # REGRESSION FIX * Fix string handling in rcfile scanner, which caused fetchmail to misparse a run control file in certain circumstances. Fixes BerliOS bug #14257. Patch by Michael Banack. This fixes a regression introduced before 6.3.0. # BUG FIXES * Plug memory leak when using a "defaults" entry in the run control file. * Do not print SSL certificate mismatches unless verbose or --sslcertck is enabled. * Do not lose "set invisible" in fetchmailconf. (Michael Barnack) # CHANGES * Usability: SSL certificate chains are fully printed in -v -v mode, and there are now helpful pointers to --sslcertpath and c_rehash for "unable to get local issuer certificate" and self-signed certificates -- these usually hint to missing root signing CAs in the certs directory. * Several fixes for compiler (GCC, Intel C++, CLang) and autotools warnings * Memory allocation failures will now cause abnormal program abort (SIGABRT), no longer an exit with unspecified code. # DOCUMENTATION * Fix table of global option to read "set softbounce" where there used to be a 2nd copy of "set spambounce". Patch by Michael Banack, BerliOS Bug #17067. * In the --sslcertpath description, mention that OpenSSL upgrade (and a 0.9.X to 1.0.0 upgrade in particular) may require running c_rehash. # TRANSLATION UPDATES [zh_CN] Chinese/simplified (Ji Zheng-Yu) [cs] Czech (Petr Pisar) [nl] Dutch (Erwin Poeze) [fr] French (Fr\xc3<A9>d\xc3<A9>ric Marchal) [de] German [id] Indonesian (Andhika Padmawan) [it] Italian (Vincenzo Campanella) [ja] Japanese (Takeshi Hamasaki) [pl] Polish (Jakub Bogusz) [sk] Slovak (Marcel Telka) [vi] Vietnamese (Clytie Siddall) # KNOWN BUGS AND WORKAROUNDS: (this section floats upwards through the NEWS file so it stays with the current release information - however, it was stuck with 6.3.8 for a while) * fetchmail does not handle messages without Message-ID header well (See sourceforge.net bug #780933) * BSMTP is mostly untested and errors can cause corrupt output. * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit fetchmail. Note that fetchmail doesn't take advantage of 64-bit code, so compiling 32-bit SPARC code should not cause any difficulties. * fetchmail does not track pending deletes over crashes * the command line interface is sometimes a bit stubborn, for instance, fetchmail -s doesn't work with a daemon running fetchmail-6.3.16 (released 2010-04-06, 25574 LoC): # BUG FIX * Fix --interface option, broken in 6.3.15. Reported by Vladmimir Stavrinov. Fixes Debian Bug #576717. # CHANGE * Call OpenSSL_add_all_algorithms(). This is needed to support non-mandatory and non-standard algorithms in certificates. Sjoerd Simons, to fix Debian Bug #576430. OpenSSL 0.9.8* does not load - for instance - the SHA256 digest by default. Reported as OpenSSL RT#2224. fetchmail-6.3.15 (released 2010-03-28, 25572 LoC): # FEATURE * Fetchmail now supports a bad-header command line or rcfile option that takes exactly one argument, accept or reject (default). This specifies how messages with bad headers retrieved from the current server are to be treated. # BUG FIXES * In the rcfile, recognize "local" as abbreviation for "localdomains", as documented. The short form has not ever worked since this feature was added in January 1997. Reported by Fr\xc3<A9>d\xc3<A9>ric Marchal. * Do not close stdout when using mda and "bsmtp -" at the same time. * Log operating system errors when BSMTP writes fail. * Fix verbose mode progress formatting regression from 6.3.10; SMTP trace lines were no longer on a line of their own. Reported by Melchior Franz. * Check seteuid() return value and abort running MDA if switch fails. * Set global flags in a consistent manner. Make --nosoftbounce and --nobounce work from command line (these used to work in rcfiles). Reported and fix confirmed working by N.J. Mann. (Sunil Shetye) * Properly import h_errno declarations, even on systems where h_errno isn't a macro. (Adds ./configure check, fixes Cygwin dllimport warnings.) # CHANGES * The repository has been converted and moved from the Subversion (SVN) format kindly hosted by Graham Wilson over the past years to Git format hosted on Gitorious.org. My deepest thanks to Graham Wilson for this service that kept us going when BerliOS's Subversion service was faulty in its early days. * This opportunity was used to convert BRANCH_6-2 and BRANCH_1-9-9 to GnuPG-signed tags, as a sign that these are now closed. * The outdated SVN trunk is now called "oldtrunk" in Git just to save the work for future reference. All development in the past few years was on BRANCH_6-3. * master was branched from BRANCH_6-3. BRANCH_6-3 is now obsolete (and in fact was also converted to a tag to record where the conversion from SVN to Git took place). * "make check" now skips HTML validation if xmllint or XHTML DTD are missing. # DOCUMENTATION * Web site and documentation were adjusted to reflect the SVN->Git move. * The fetchmail manual page is now much clearer on the user id switching (seteuid) when using --mda while running as the super user. # TRANSLATION UPDATES, by language name * [zh_CN] Chinese (Simplified), by Ji Zheng-Yu * [cs] Czech, by Petr Pisar * [nl] Dutch, by Erwin Poeze * [fr] French, by Fr\xc3<A9>d\xc3<A9>ric Marchal * [de] German * [id] Indonesian, by Andhika Padmawan * [it] Italian, by Vincenzo Campanella * [ja] Japanese, by Takeshi Hamasaki * [pl] Polish, by Jakub Bogusz * [vi] Vietnamese, by Clytie Siddall To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 pkgsrc/mail/fetchmail/MESSAGE cvs rdiff -u -r1.171 -r1.172 pkgsrc/mail/fetchmail/Makefile cvs rdiff -u -r1.41 -r1.42 pkgsrc/mail/fetchmail/distinfo ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Sun May 9 11:45:28 UTC 2010 Modified Files: pkgsrc/mail/fetchmail: Makefile distinfo Added Files: pkgsrc/mail/fetchmail/patches: patch-aa Log Message: Add patch by Matthias Andree to avoid warnings about insecure connections if SSL fingerprints are used. To generate a diff of this commit: cvs rdiff -u -r1.172 -r1.173 pkgsrc/mail/fetchmail/Makefile cvs rdiff -u -r1.42 -r1.43 pkgsrc/mail/fetchmail/distinfo cvs rdiff -u -r0 -r1.8 pkgsrc/mail/fetchmail/patches/patch-aa ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Sun May 9 11:54:21 UTC 2010 Modified Files: pkgsrc/mail/fetchmailconf: Makefile Log Message: Unbreak "fetchmailconf" package by updating it to version 6.3.17 as well. Changes since version 6.3.14: # BUG FIXES * Do not lose "set invisible" in fetchmailconf. (Michael Barnack) To generate a diff of this commit: cvs rdiff -u -r1.78 -r1.79 pkgsrc/mail/fetchmailconf/Makefile
Add patch by Matthias Andree to avoid warnings about insecure connections if SSL fingerprints are used.
Update to 6.3.17 per PR#43269 fetchmail-6.3.17 (released 2010-05-06, 25767 LoC): # SECURITY FIX * CVE-2010-1167: Fetchmail before release 6.3.17 did not properly sanitize external input (mail headers and UID). When a multi-character locale (such as # FEATURES * Fetchmail now supports a --sslcertfile <file> option to specify a "CA bundle" file (a file that contains trusted CA certificates). Since these bundled CA files do not require c_rehash to be run, they are easier to use and immune to OpenSSL library updates that affect the hash function. * Fetchmail now supports a FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS environment variable to force loading the default SSL CA certificate locations even if --sslcertfile or --sslcertpath is used. If neither option is in effect, fetchmail loads the default locations. # REGRESSION FIX * Fix string handling in rcfile scanner, which caused fetchmail to misparse a run control file in certain circumstances. Fixes BerliOS bug #14257. Patch by Michael Banack. This fixes a regression introduced before 6.3.0. # BUG FIXES * Plug memory leak when using a "defaults" entry in the run control file. * Do not print SSL certificate mismatches unless verbose or --sslcertck is enabled. * Do not lose "set invisible" in fetchmailconf. (Michael Barnack) # CHANGES * Usability: SSL certificate chains are fully printed in -v -v mode, and there are now helpful pointers to --sslcertpath and c_rehash for "unable to get local issuer certificate" and self-signed certificates -- these usually hint to missing root signing CAs in the certs directory. * Several fixes for compiler (GCC, Intel C++, CLang) and autotools warnings * Memory allocation failures will now cause abnormal program abort (SIGABRT), no longer an exit with unspecified code. # DOCUMENTATION * Fix table of global option to read "set softbounce" where there used to be a 2nd copy of "set spambounce". Patch by Michael Banack, BerliOS Bug #17067. * In the --sslcertpath description, mention that OpenSSL upgrade (and a 0.9.X to 1.0.0 upgrade in particular) may require running c_rehash. # TRANSLATION UPDATES [zh_CN] Chinese/simplified (Ji Zheng-Yu) [cs] Czech (Petr Pisar) [nl] Dutch (Erwin Poeze) [fr] French (Fr\xc3<A9>d\xc3<A9>ric Marchal) [de] German [id] Indonesian (Andhika Padmawan) [it] Italian (Vincenzo Campanella) [ja] Japanese (Takeshi Hamasaki) [pl] Polish (Jakub Bogusz) [sk] Slovak (Marcel Telka) [vi] Vietnamese (Clytie Siddall) # KNOWN BUGS AND WORKAROUNDS: (this section floats upwards through the NEWS file so it stays with the current release information - however, it was stuck with 6.3.8 for a while) * fetchmail does not handle messages without Message-ID header well (See sourceforge.net bug #780933) * BSMTP is mostly untested and errors can cause corrupt output. * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit fetchmail. Note that fetchmail doesn't take advantage of 64-bit code, so compiling 32-bit SPARC code should not cause any difficulties. * fetchmail does not track pending deletes over crashes * the command line interface is sometimes a bit stubborn, for instance, fetchmail -s doesn't work with a daemon running fetchmail-6.3.16 (released 2010-04-06, 25574 LoC): # BUG FIX * Fix --interface option, broken in 6.3.15. Reported by Vladmimir Stavrinov. Fixes Debian Bug #576717. # CHANGE * Call OpenSSL_add_all_algorithms(). This is needed to support non-mandatory and non-standard algorithms in certificates. Sjoerd Simons, to fix Debian Bug #576430. OpenSSL 0.9.8* does not load - for instance - the SHA256 digest by default. Reported as OpenSSL RT#2224. fetchmail-6.3.15 (released 2010-03-28, 25572 LoC): # FEATURE * Fetchmail now supports a bad-header command line or rcfile option that takes exactly one argument, accept or reject (default). This specifies how messages with bad headers retrieved from the current server are to be treated. # BUG FIXES * In the rcfile, recognize "local" as abbreviation for "localdomains", as documented. The short form has not ever worked since this feature was added in January 1997. Reported by Fr\xc3<A9>d\xc3<A9>ric Marchal. * Do not close stdout when using mda and "bsmtp -" at the same time. * Log operating system errors when BSMTP writes fail. * Fix verbose mode progress formatting regression from 6.3.10; SMTP trace lines were no longer on a line of their own. Reported by Melchior Franz. * Check seteuid() return value and abort running MDA if switch fails. * Set global flags in a consistent manner. Make --nosoftbounce and --nobounce work from command line (these used to work in rcfiles). Reported and fix confirmed working by N.J. Mann. (Sunil Shetye) * Properly import h_errno declarations, even on systems where h_errno isn't a macro. (Adds ./configure check, fixes Cygwin dllimport warnings.) # CHANGES * The repository has been converted and moved from the Subversion (SVN) format kindly hosted by Graham Wilson over the past years to Git format hosted on Gitorious.org. My deepest thanks to Graham Wilson for this service that kept us going when BerliOS's Subversion service was faulty in its early days. * This opportunity was used to convert BRANCH_6-2 and BRANCH_1-9-9 to GnuPG-signed tags, as a sign that these are now closed. * The outdated SVN trunk is now called "oldtrunk" in Git just to save the work for future reference. All development in the past few years was on BRANCH_6-3. * master was branched from BRANCH_6-3. BRANCH_6-3 is now obsolete (and in fact was also converted to a tag to record where the conversion from SVN to Git took place). * "make check" now skips HTML validation if xmllint or XHTML DTD are missing. # DOCUMENTATION * Web site and documentation were adjusted to reflect the SVN->Git move. * The fetchmail manual page is now much clearer on the user id switching (seteuid) when using --mda while running as the super user. # TRANSLATION UPDATES, by language name * [zh_CN] Chinese (Simplified), by Ji Zheng-Yu * [cs] Czech, by Petr Pisar * [nl] Dutch, by Erwin Poeze * [fr] French, by Fr\xc3<A9>d\xc3<A9>ric Marchal * [de] German * [id] Indonesian, by Andhika Padmawan * [it] Italian, by Vincenzo Campanella * [ja] Japanese, by Takeshi Hamasaki * [pl] Polish, by Jakub Bogusz * [vi] Vietnamese, by Clytie Siddall
Pullup ticket 3006 - requested by tron security update Revisions pulled up: - pkgsrc/mail/fetchmail/Makefile 1.170 - pkgsrc/mail/fetchmail/distinfo 1.41 - pkgsrc/mail/fetchmailconf/Makefile 1.78 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Sun Feb 14 09:46:00 UTC 2010 Modified Files: pkgsrc/mail/fetchmail: Makefile distinfo Log Message: Update to 6.3.14: fetchmail 6.3.14 (released 2010-02-05, 25487 LoC): # SECURITY FIXES * SSL/TLS certificate information is now also reported properly on computers that consider the "char" type signed. Fixes malloc() buffer overrun. Workaround for older versions: do not use verbose mode. See fetchmail-SA-2010-01.txt for details, including a minimal patch. # BUG FIXES * The IMAP client no longer skips messages from several IMAP servers including Dovecot if fetchmail's "idle" is in use. Causes were that fetchmail (a) ignored some untagged responses when it should not (b) relied on EXISTS messages in response to EXPUNGE, which aren't mandated by RFC-3501 (the IMAP standard) and aren't sent by Dovecot either. Fix by Sunil Shetye (the fix also consolidates IMAP response handling, improving overall robustness of the IMAP client), bug report and testing by Matt Doran, with further hints from Timo Sirainen. * The SMTP client now recovers from errors (such as servers dropping the connection after errors) when sending an RSET command. Fix by Sunil Shetye. Report by James Moe. * The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH UNSEEN NOT DELETED" again on IMAP2, to fix a regression in fetchmail 6.2.5 reported by Will Stringer in June 2004. (Sunil Shetye) * The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4 and IMAP4r1 servers (Sunil Shetye). * Workaround: The IMAP client now falls back to "FETCH n:m FLAGS" if the server does not support "SEARCH". (Sunil Shetye) * The IMAP client now requests message numbers in batches of 1,000 to avoid problems if there are more than 1860 unseen messages. (Sunil Shetye) Note that this wasn't security relevant because fetchmail would only read up to the maximum buffer size and leave the remainder of the string unread, going out of synch afterwards. * Stricter validation of IMAP responses containing byte or message counts. # CHANGES * Only include gssapi.h if we're not including gssapi/gssapi.h, to fix a FreeBSD compiler warning about gssapi.h being obsolete. # DOCUMENTATION * The README.SSL document was revised for grammar, spelling, and clarity. Courtesy of Robert Mullin. fetchmail 6.3.13 (released 2009-10-30, 25333 LoC): # REGRESSION FIXES * The multiline SMTP error fix in release 6.3.12 caused fetchmail to lose message codes 400..599 and treat all of these as temporary error. This would cause messages to be left on the server even if softbounce was turned off. Reported by Thomas Jarosch. fetchmail 6.3.12 (released 2009-10-05): # REGRESSION FIXES * The CVS-2009-2666 fix in fetchmail release 6.3.11 caused a free() of unallocated memory on SSL connections, which caused crashes or program aborts on some systems (depending on how initialization and free() of unallocated memory is handled in compiler and libc). Workaround for older versions: run in verbose mode. Patch courtesy of Thomas Heinz, fixes Gentoo Bug #280760. This regression affected only the 6.3.11 release, but not the patch that was part of the security announcement fetchmail-SA-2009-01. # BUG FIXES * Fix error reporting for GSSAPI on Heimdal (h5l) Kerberos. * Look for MD5_Init in libcrypto rather than libssl, fixes Gentoo Kerberos builds; fixes upstream parts of Gentoo Bugs #231400 and #185652, and fixes BerliOS Bug #16134. * Report multiline SMTP errors properly, reported by Earl Chew; fixes Debian Bug #529899, reported by Akihiro Terasaki. Note: This fix introduced a regression, fixed in 6.3.13. * Replace control characters in SMTP replies by '?'. * Fetchmailconf: Fix descriptions for smtpaddress and smtpname options; smtpaddress is for RCPT TO, not MAIL FROM. Found by Gerard Seibert. ..as well as translation updates in all three releases. To generate a diff of this commit: cvs rdiff -u -r1.169 -r1.170 pkgsrc/mail/fetchmail/Makefile cvs rdiff -u -r1.40 -r1.41 pkgsrc/mail/fetchmail/distinfo ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tnn Date: Sun Feb 14 13:06:32 UTC 2010 Modified Files: pkgsrc/mail/fetchmailconf: Makefile Log Message: catch up w/ fetchmail To generate a diff of this commit: cvs rdiff -u -r1.77 -r1.78 pkgsrc/mail/fetchmailconf/Makefile
Update to 6.3.14: fetchmail 6.3.14 (released 2010-02-05, 25487 LoC): # SECURITY FIXES * SSL/TLS certificate information is now also reported properly on computers that consider the "char" type signed. Fixes malloc() buffer overrun. Workaround for older versions: do not use verbose mode. See fetchmail-SA-2010-01.txt for details, including a minimal patch. # BUG FIXES * The IMAP client no longer skips messages from several IMAP servers including Dovecot if fetchmail's "idle" is in use. Causes were that fetchmail (a) ignored some untagged responses when it should not (b) relied on EXISTS messages in response to EXPUNGE, which aren't mandated by RFC-3501 (the IMAP standard) and aren't sent by Dovecot either. Fix by Sunil Shetye (the fix also consolidates IMAP response handling, improving overall robustness of the IMAP client), bug report and testing by Matt Doran, with further hints from Timo Sirainen. * The SMTP client now recovers from errors (such as servers dropping the connection after errors) when sending an RSET command. Fix by Sunil Shetye. Report by James Moe. * The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH UNSEEN NOT DELETED" again on IMAP2, to fix a regression in fetchmail 6.2.5 reported by Will Stringer in June 2004. (Sunil Shetye) * The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4 and IMAP4r1 servers (Sunil Shetye). * Workaround: The IMAP client now falls back to "FETCH n:m FLAGS" if the server does not support "SEARCH". (Sunil Shetye) * The IMAP client now requests message numbers in batches of 1,000 to avoid problems if there are more than 1860 unseen messages. (Sunil Shetye) Note that this wasn't security relevant because fetchmail would only read up to the maximum buffer size and leave the remainder of the string unread, going out of synch afterwards. * Stricter validation of IMAP responses containing byte or message counts. # CHANGES * Only include gssapi.h if we're not including gssapi/gssapi.h, to fix a FreeBSD compiler warning about gssapi.h being obsolete. # DOCUMENTATION * The README.SSL document was revised for grammar, spelling, and clarity. Courtesy of Robert Mullin. fetchmail 6.3.13 (released 2009-10-30, 25333 LoC): # REGRESSION FIXES * The multiline SMTP error fix in release 6.3.12 caused fetchmail to lose message codes 400..599 and treat all of these as temporary error. This would cause messages to be left on the server even if softbounce was turned off. Reported by Thomas Jarosch. fetchmail 6.3.12 (released 2009-10-05): # REGRESSION FIXES * The CVS-2009-2666 fix in fetchmail release 6.3.11 caused a free() of unallocated memory on SSL connections, which caused crashes or program aborts on some systems (depending on how initialization and free() of unallocated memory is handled in compiler and libc). Workaround for older versions: run in verbose mode. Patch courtesy of Thomas Heinz, fixes Gentoo Bug #280760. This regression affected only the 6.3.11 release, but not the patch that was part of the security announcement fetchmail-SA-2009-01. # BUG FIXES * Fix error reporting for GSSAPI on Heimdal (h5l) Kerberos. * Look for MD5_Init in libcrypto rather than libssl, fixes Gentoo Kerberos builds; fixes upstream parts of Gentoo Bugs #231400 and #185652, and fixes BerliOS Bug #16134. * Report multiline SMTP errors properly, reported by Earl Chew; fixes Debian Bug #529899, reported by Akihiro Terasaki. Note: This fix introduced a regression, fixed in 6.3.13. * Replace control characters in SMTP replies by '?'. * Fetchmailconf: Fix descriptions for smtpaddress and smtpname options; smtpaddress is for RCPT TO, not MAIL FROM. Found by Gerard Seibert. ...as well as translation updates in all three releases.
Pullup ticket #2859 - requested by tron fetchmail: security update fetchmailconf: security update Revisions pulled up: - pkgsrc/mail/fetchmail/Makefile 1.169 - pkgsrc/mail/fetchmail/PLIST 1.13 - pkgsrc/mail/fetchmail/distinfo 1.40 - pkgsrc/mail/fetchmail/patches/patch-aa removed - pkgsrc/mail/fetchmail/patches/patch-aa removed - pkgsrc/mail/fetchmailconf/Makefile 1.75 Module Name: pkgsrc Committed By: tron Date: Mon Aug 10 08:46:30 UTC 2009 Modified Files: pkgsrc/mail/fetchmail: Makefile PLIST distinfo pkgsrc/mail/fetchmailconf: Makefile Removed Files: pkgsrc/mail/fetchmail/patches: patch-aa patch-ab Log Message: Update "fetchmail" package to version 6.3.11. Changes since version 6.3.8: - Security fixes for CVE-2009-2666, CVE-2007-4565 and CVE-2008-2711. - Fetchmail no longer drops permanently undelivered messages by default, to match historic documentation. It does this by adding a new "softbounce" option. - A lot bug fixes and improvements.
Update "fetchmail" package to version 6.3.11. Changes since version 6.3.8: - Security fixes for CVE-2009-2666, CVE-2007-4565 and CVE-2008-2711. - Fetchmail no longer drops permanently undelivered messages by default, to match historic documentation. It does this by adding a new "softbounce" option. - A lot bug fixes and improvements.
Pullup ticket 2431 - requested by obache security fix for fetchmail - pkgsrc/mail/fetchmail/Makefile 1.167 - pkgsrc/mail/fetchmail/distinfo 1.39 - pkgsrc/mail/fetchmail/patches/patch-ab 1.18 Module Name: pkgsrc Committed By: obache Date: Thu Jun 19 11:29:49 UTC 2008 Modified Files: pkgsrc/mail/fetchmail: Makefile distinfo Added Files: pkgsrc/mail/fetchmail/patches: patch-ab Log Message: Add patch for CVE-2008-2711. Taken from http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt Bump PKGREVISION.
Add patch for CVE-2008-2711. Taken from http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt Bump PKGREVISION.
Pullup ticket 2192 - requested by tron security fix for fetchmail - pkgsrc/mail/fetchmail/Makefile 1.163 - pkgsrc/mail/fetchmail/distinfo 1.38 - pkgsrc/mail/fetchmail/patches/patch-aa 1.6 Module Name: pkgsrc Committed By: tron Date: Sun Sep 23 12:48:46 UTC 2007 Modified Files: pkgsrc/mail/fetchmail: Makefile distinfo Added Files: pkgsrc/mail/fetchmail/patches: patch-aa Log Message: Add fix for security vulnerability reported in CVE-2007-4565. Bump package revision.
Add fix for security vulnerability reported in CVE-2007-4565. Bump package revision.
Pullup ticket 2065 - requested by tron security update for fetchmail - pkgsrc/mail/fetchmail/Makefile 1.162 - pkgsrc/mail/fetchmail/distinfo 1.37 - pkgsrc/mail/fetchmailconf/Makefile 1.72 Module Name: pkgsrc Committed By: tron Date: Sat Apr 14 22:14:29 UTC 2007 Modified Files: pkgsrc/mail/fetchmail: Makefile distinfo pkgsrc/mail/fetchmailconf: Makefile Log Message: Update "fetchmail" and "fetchmailconf" packages to version 6.3.8. Changes since version 6.3.6: - Make the APOP challenge parser more distrustful and have it reject challenges that do not conform to RFC-822 msg-id format, in the hope to make mounting man-in-the-middle attacks (MITM) against APOP a bit more difficult. (CVE-2007-1558) - Fix pluralization of oversized-message warning mails. - Fix manual page: --sslcheck -> --sslcertck, and do not set trailing "recommended:" in bold. - Repoll immediately if a protocol error happens during the authentication attempt after a failed opportunistic TLS upgrade. - Fix rendering of the "24 - 26, 28, 29" paragraph in the exit codes section. - If SOCKS support was compiled in, add 'socks' to the feature_options Python list emitted in --configdump. - Do not crash with a null pointer dereference when opening the BSMTP file fails. Improve error checking and reporting. - Make BSMTP output actually work, it would persistently fail with SOCKET error after writing the first header. - Fix KPOP. - Fix repoll when server disconnects after opportunistic TLS failed for POP3.
Update "fetchmail" and "fetchmailconf" packages to version 6.3.8. Changes since version 6.3.6: - Make the APOP challenge parser more distrustful and have it reject challenges that do not conform to RFC-822 msg-id format, in the hope to make mounting man-in-the-middle attacks (MITM) against APOP a bit more difficult. (CVE-2007-1558) - Fix pluralization of oversized-message warning mails. - Fix manual page: --sslcheck -> --sslcertck, and do not set trailing "recommended:" in bold. - Repoll immediately if a protocol error happens during the authentication attempt after a failed opportunistic TLS upgrade. - Fix rendering of the "24 - 26, 28, 29" paragraph in the exit codes section. - If SOCKS support was compiled in, add 'socks' to the feature_options Python list emitted in --configdump. - Do not crash with a null pointer dereference when opening the BSMTP file fails. Improve error checking and reporting. - Make BSMTP output actually work, it would persistently fail with SOCKET error after writing the first header. - Fix KPOP. - Fix repoll when server disconnects after opportunistic TLS failed for POP3.
Use documented trick to disable Python detection instead of patching "Makefile.in". Hint provided by Matthias Andree in private e-mail.
Pullup ticket 1997 - requested by tron security update for fetchmail Revisions pulled up: - pkgsrc/mail/fetchmail/Makefile 1.159 - pkgsrc/mail/fetchmail/PLIST 1.11 - pkgsrc/mail/fetchmail/distinfo 1.35 - pkgsrc/mail/fetchmail/patches/patch-aa removed - pkgsrc/mail/fetchmail/patches/patch-ab 1.16 - pkgsrc/mail/fetchmail/patches/patch-ac removed - pkgsrc/mail/fetchmail/patches/patch-ad removed - pkgsrc/mail/fetchmail/patches/patch-ae removed - pkgsrc/mail/fetchmail/patches/patch-ah removed - pkgsrc/mail/fetchmail/patches/patch-ai removed - pkgsrc/mail/fetchmail/patches/patch-aj removed - pkgsrc/mail/fetchmail/patches/patch-al removed - pkgsrc/mail/fetchmailconf/Makefile 1.69, 1.70 - pkgsrc/mail/fetchmailconf/PLIST 1.2 Module Name: pkgsrc Committed By: rillig Date: Sun Jan 7 09:14:16 UTC 2007 Modified Files: pkgsrc/mail/fetchmailconf: Makefile Log Message: Mechanically replaced man/* with ${PKGMANDIR}/* in the definition of INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with ${PREFIX}/${PKGMANDIR}. Fixes PR 35265, although I did not use the patch provided therein. --- Module Name: pkgsrc Committed By: tron Date: Wed Jan 17 14:29:12 UTC 2007 Modified Files: pkgsrc/mail/fetchmail: Makefile PLIST distinfo pkgsrc/mail/fetchmail/patches: patch-ab pkgsrc/mail/fetchmailconf: Makefile PLIST Removed Files: pkgsrc/mail/fetchmail/patches: patch-aa patch-ac patch-ad patch-ae patch-ah patch-ai patch-aj patch-al Log Message: Update "fetchmail" and "fetchmailconf" packages to version 6.3.6. The list of changes since version 6.2.5.5 is too large to mention here. The new version provides a fix for the vulnerability reported in the fetchmail-SA-2006-02.txt advisory.
Update "fetchmail" and "fetchmailconf" packages to version 6.3.6. The list of changes since version 6.2.5.5 is too large to mention here. The new version provides a fix for the vulnerability reported in the fetchmail-SA-2006-02.txt advisory.
Update fetchmail to 6.2.5.5. Change homepage to http://fetchmail.berlios.de/ and update MASTER_SITES. Changes introduced since 6.2.5: fetchmail-6.2.5.X is a security fix branch that forked off fetchmail-6.2.5. It does not change for anything but security and the most severe bug fixes. Note that no 6.2.5.X security audits are planned except when a particular bug is reported, and that 6.2.5.X is unsafe to use on some systems, particularly those that lack a *working and secure* snprintf implementation. The fetchmail 6.2.5.X branch will be discontinued early in 2006. fetchmail-6.2.5.5 2005-12-19 Matthias Andree * SECURITY FIX CVE-2005-4348: fix null pointer dereference in multidrop mode when the message is empty. Reported by Daniel Drake <http://article.gmane.org/gmane.mail.fetchmail.user/7573> and others (Debian Bug #343836). Fix by Sunil Shetye. * Fix Debian bug #301964, fetchmail leaks sockets when SSL negotiation fails. Fix suggested by Goswin Brederlow. * Add fetchmail-SA-2005-{01,02,03}.txt fetchmail-6.2.5.4 2005-11-13 Matthias Andree * Also ship pre-built rcfile_y.[ch] for systems that don't have flex, yacc or bison. * On FreeBSD, add /usr/local/include to CPPFLAGS so that libintl.h is found. * Avoid automatically picking up HESIOD implementations that lack hesiod_getmailhost, such as the one in FreeBSD's base system. * Fix makedepend for separated build (where the build is not run from the source directory), but prevent packaging from separated build, it yields bogus results. * Fix resolv.h autodetection. * Add +HESIOD to version printout if appropriate. fetchmail-6.2.5.3 2005-11-12 Matthias Andree * SECURITY FIX CVE-2005-3088: fetchmailconf: fix password exposure: use umask 077 before opening output file and restore umask later. * Critical fix: fix IMAP timeouts, counting message count down on servers that do not send EXISTS counts after EXPUNGE. Debian Bug#314509. * Ship pre-built rcfile_l.c for systems that don't have flex. * Build environment: Update included gettext. Fix --with-included-gettext. Fix parallel build (make -j). Fix "always rebuild fetchmail" syndrome. * Do not link against -ll or -lfl (not needed). fetchmail-6.2.5.2 (patch Fri Jul 22 01:52 GMT 2005, tarball Sat Jul 23 21:34 GMT 2005) * README: Added a note about release status - READ IT! * Note: Due to a Makefile.in bug, you may need to use GNU make. * SECURITY FIX CVE-2005-2335: truncate UIDL replies, lest malicious or compromised POP3 servers overflow fetchmail's stack. Debian bug #212762. This is a remote root exploit. Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy. Thanks: Ludwig Nussel for a much simpler fix. * Critical fix: omit blank between MAIL FROM: and <user@example.org>, as this causes mail loss with some listeners. * Fix: POP2 driver wouldn't properly check authentication failure. * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.
Pullup ticket 877 - requested by Adrian Portelli security fix for fetchmailconf, portability fixes for fetchmail Revisions pulled up: - pkgsrc/mail/fetchmail/Makefile 1.154 - pkgsrc/mail/fetchmail/distinfo 1.32, 1.33 - pkgsrc/mail/fetchmail/options.mk 1.12, 1.13 - pkgsrc/mail/fetchmail/patches/patch-ah 1.1 - pkgsrc/mail/fetchmail/patches/patch-ai 1.1 - pkgsrc/mail/fetchmail/patches/patch-aj 1.1 - pkgsrc/mail/fetchmail/patches/patch-ak 1.1 - pkgsrc/mail/fetchmailconf/Makefile 1.65 Module Name: pkgsrc Committed By: rillig Date: Wed Sep 28 21:55:32 UTC 2005 Modified Files: pkgsrc/mail/fetchmail: options.mk Log Message: Replaced "# defined" with "yes" in Makefile variables like GNU_CONFIGURE, NO_BUILD, USE_LIBTOOL. --- Module Name: pkgsrc Committed By: scottr Date: Tue Oct 25 17:52:38 UTC 2005 Modified Files: pkgsrc/mail/fetchmail: options.mk Log Message: Add SOCKS4/SOCKS5 support. --- Module Name: pkgsrc Committed By: tonio Date: Fri Oct 21 20:56:50 UTC 2005 Modified Files: pkgsrc/mail/fetchmail: Makefile distinfo Added Files: pkgsrc/mail/fetchmail/patches: patch-ah patch-ai patch-aj Log Message: Fix mail/fetchmail under darwin (PR 28543). The added patches add a prefix "fm_" to lock related finctions, to avoid name clash with darwin lock functions. Link with -lresolv under darwin. (thanks scole_at_sdf.lonestar.org for the patches) Bump PKGREVISION --- Module Name: pkgsrc Committed By: adrianp Date: Tue Nov 1 19:16:52 UTC 2005 Modified Files: pkgsrc/mail/fetchmail: distinfo Added Files: pkgsrc/mail/fetchmail/patches: patch-ak Log Message: Add patch-ak for a fetchmailconf security issue. This patch does not impact the fetchmail package so no version bump is required. --- Module Name: pkgsrc Committed By: adrianp Date: Tue Nov 1 19:17:41 UTC 2005 Modified Files: pkgsrc/mail/fetchmailconf: Makefile Log Message: Bump to nb3 for security patch
Add patch-ak for a fetchmailconf security issue. This patch does not impact the fetchmail package so no version bump is required.
Fix mail/fetchmail under darwin (PR 28543). The added patches add a prefix "fm_" to lock related finctions, to avoid name clash with darwin lock functions. Link with -lresolv under darwin. (thanks scole_at_sdf.lonestar.org for the patches) Bump PKGREVISION
Pullup ticket 623 - requested by Thorsten Frueauf security fix for fetchmail Revisions pulled up: - pkgsrc/mail/fetchmail/Makefile 1.153 - pkgsrc/mail/fetchmail/distinfo 1.31 - pkgsrc/mail/fetchmail/patches/patch-ag 1.3 Include patch for fetchmail 6.2.5.2 because of CAN-2005-2335. For more details have a look at http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt Changes listed within the NEWS file since 6.2.5: fetchmail-6.2.5.2 (Fri Jul 22 01:52 GMT 2005): * NOTE: Due to a Makefile.in bug, you may need to use GNU make. * SECURITY FIX: truncate UIDL replies, lest malicious or compromised POP3 servers overflow fetchmail's stack. Debian bug #212762. This is a remote root exploit. CVE Name: CAN-2005-2335. Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy. Thanks: Ludwig Nussel for a much simpler fix. * Critical fix: omit blank between MAIL FROM: and <user@example.org>, as this causes mail loss with some listeners. * Fix: POP2 driver wouldn't properly check authentication failure. * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.
Include patch for fetchmail 6.2.5.2 because of CAN-2005-2335. For more details have a look at http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt Changes listed within the NEWS file since 6.2.5: fetchmail-6.2.5.2 (Fri Jul 22 01:52 GMT 2005): * NOTE: Due to a Makefile.in bug, you may need to use GNU make. * SECURITY FIX: truncate UIDL replies, lest malicious or compromised POP3 servers overflow fetchmail's stack. Debian bug #212762. This is a remote root exploit. CVE Name: CAN-2005-2335. Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy. Thanks: Ludwig Nussel for a much simpler fix. * Critical fix: omit blank between MAIL FROM: and <user@example.org>, as this causes mail loss with some listeners. * Fix: POP2 driver wouldn't properly check authentication failure. * Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.
update this since patch-ae changed.
Add RMD160 digests.
Rework kerberos V support: - use kerberos instead of kerberos5 as PKG_SUPPORTED_OPTIONS to keep compliance with other kerberos aware packages in pkgsrc - use the krb5 buildlink environment Introduce support for gssapi which was also requested in pr pkg/26170 with the according PKG_SUPPORTED_OPTIONS. gssapi will imply kerberos5.
Add option for kerberos5 like suggested in pr pkg/26170. Since I have no kerberos server I just verified it compiled.
upgrade to 6.2.5. incorporates security patch (was in patches/patch-ag). IMAP and some other improvements.
update patchsum
Update fetchmail{conf} to 6.2.4. Based on pr pkg/22650 by Adrian Portelli. Changes since 6.2.3: * Updated German, Spanish, Catalan, and Turkish translations. * IDLE is now supported using no-ops even if the server doesn't support the IMAP IDLE extension. * Sunil Shetye's patch to do better password shrouding. * Sunil Shetye's bug-fix rollup patch. * Introduce a translation item for the word "seen". * Back out the hack to deal with lack of byte stuffing on some POP3 servers. * Thomas Steudten's patch to improve SMTP handling of 550 errors.
Update fetchmail{conf} to 6.2.3. Changes since 6.2.2: * German, Danish, Spanish, and Turkish translations updated. * Brian Sammon's patch to deal with malformed message lines containiing NULs. * Fai's patch to ignore all but the first Return-Path (some spams have more than one of these). * Benjamin Drieu's ptch to properly byte-stuff when talking to BSNTP. Fixes Debian bug #184469. * Benjamin Drieu's patch to enable auth=cram-md5. Fixes Debian bug #185232. * Sunil Shetye's configure.in patch to avoid spurious search order messages from GCC. * Header-reading code now copes better with lines ending in \n only. * Elias Israel's patches for POP3 NTLM support and dealing with byte- stuffing failures at socket level.
Update to 6.2.2, from Quentin Garnier in PR 20790. Changes since last version: * Sunil Shetye's patch to improve behavior in empty messages. * Conform to RFC2595; reissue capability probes after successful STARTTLS negotiation. * Sunil's patch to make handling of failed STARTTLS more graceful. * Sunil's JF2 fix patch for .fetchmailrc security fix. * Christophe GIAUME <christophe@giaume.com> finished the implementation of RFC2177 IDLE. * Jason Tishler's fix patch for Cygwin. * Support ssh-style authentication in POP3 * Fix for Debian bug #108977, clean up config file evaluation, by Benjamin Drieu.
Update from 6.2.0 to 6.2.1. * Updated German, Turkish, Spanish, and Danish translation files. * Integrated Sunil Shetye's patch to make mark_seen an explicit method. * Removed FAQ warning about GMX and associated fetchmailconf check, we have a report that its servers are conformant now. * Another Sunil patch to fix a minor bug in bouncemail generation.
Update "fetchmail" and "fetchmailconf" packages to version 6.2.0. Changes since version 6.1.2: - Applied Steffen Esser's fix for a buffer-overflow bug in rfc822.c - Updated Danish, German, and Turkish translation files. - Sunil Sheye's SMTP timeout patch. - Updated Turkish, Danish, German, Spanish, Catalan po files. - Added Slovak support. - Configure.in update for autoconf 2.5 (Art Haas). - Be case-insensitive when looking for IMAP responses. - Fix logout-after-idle-delivery bug (Sunil Shetye). - Sunil Shetye's patch to bulletproof end-of-header detection. - Sunil's fix for the STARTTLS problem -- repoll if TLS nabdshake fails. The attenmpt to set up STARTTLS can be suppressed with 'sslproto ""'.
Update fetchmail{conf} to 6.1.2. changes since 6.1.0: fetchmail-6.1.2 (Thu Oct 31 11:41:02 EST 2002), 22135 lines: * Jan Klaverstijn's verbosity-lowering patch. * Updated Turkish, German, Catalan, and Danish translation files. * Fix processing of POP3 messages with missing bodies. * Minor fixes by Sunil Shetye: fix generation of auth fail note, handle unexpected SIGALRM, plug memory leak, handle lines beginning with '\0', try to bulletproof error handling against read failures. fetchmail-6.1.1 (Fri Oct 18 14:53:51 EDT 2002), 22087 lines: * OTP fix patches from Stanislav Brabec <utx@penguin.cz> * fix patch for writing antispam capability correctly in conf.c. * Fix patches for Debian bugs #162571, #156592. * Correction to manpage re -b and qmail. * Patch to disable use of STLS if auth passwd is specified. * Fix specfile generation to handle SSL correctly. * New Danish, Turkish, and Catalan translation files. * Improved ODMR debug messages. * IMAP efficiency hack; don't fetch sizes unless needed. * Detect and rewrite invalid return paths beginning with @. * Fix for subtle freeing bug that suppressed information in some bounce msgs. * Newline fix patches for internationalization files. * Fix reversed test guarding authentication-failure warnings. * Fix POP3 breakage starting at 5.9.14.
Update fetchmail and fetchmailconf to version 6.1.0 on the pkgsrc netbsd-1-6 branch for a security issue. Files pulled up: fetchmail/Makefile 1.118 and 1.119 fetchmail/distinfo 1.18 Requested by Manuel Bouyer. and fetchmailconf/Makefile 1.42 Original log message: > Because of the recent vulnerability, it is strongly encouraged to update > (http://security.e-matters.de/advisories/032002.html). > > Thanx to Alan Post <apost@interwoven.com> for giving me a note. > > fetchmail-6.1.0 (Sun Sep 22 18:31:23 EDT 2002), 21999 lines: > > * Updated French translation. > * Stefan Esser's fix for potential remote vulnerability in multidrop mode. > This is an important security fix! > > fetchmail-6.0.0 (Tue Sep 17 19:48:25 EDT 2002), 21972 lines: > > * Applied Matt Kraai's fix for minor Debian bug #144539. > * Nerijus Baliunas's patch to support STARTTLS over IMAP. > * More cleanups and minor bugfixes from Sunil Shetye. > * Default antispam-response list is now empty. > * Updated de and po translations, > > fetchmail-5.9.14 (Fri Sep 6 05:03:25 EDT 2002), 21932 lines: > > * Sunil Shetye's patch to eliminate multiple bounces. > * Moritz Jodeit <moritz@jodeit.org>'s patch for re-exec with no args. > * Sunil Shetye's patch to solve the re-exec problem with relative files. > * Cygwin portability patch (use ROOT_UID) from Jason Tishler. > * Workaround for the CAPA error problem is documented in the FAQ. > * Updated Polish, Danish, and Catalan translations. > * Sunil Shetye's patch to improve CAPA error handling. > * Sunil Shetye's patch to improve handling of unreadable boxes in POP3. > * Berkeley port fix for Kerberos IV.
Update fetchmail{conf} to 6.1.0. Because of the recent vulnerability, it is strongly encouraged to update (http://security.e-matters.de/advisories/032002.html). Thanx to Alan Post <apost@interwoven.com> for giving me a note. fetchmail-6.1.0 (Sun Sep 22 18:31:23 EDT 2002), 21999 lines: * Updated French translation. * Stefan Esser's fix for potential remote vulnerability in multidrop mode. This is an important security fix! fetchmail-6.0.0 (Tue Sep 17 19:48:25 EDT 2002), 21972 lines: * Applied Matt Kraai's fix for minor Debian bug #144539. * Nerijus Baliunas's patch to support STARTTLS over IMAP. * More cleanups and minor bugfixes from Sunil Shetye. * Default antispam-response list is now empty. * Updated de and po translations, fetchmail-5.9.14 (Fri Sep 6 05:03:25 EDT 2002), 21932 lines: * Sunil Shetye's patch to eliminate multiple bounces. * Moritz Jodeit <moritz@jodeit.org>'s patch for re-exec with no args. * Sunil Shetye's patch to solve the re-exec problem with relative files. * Cygwin portability patch (use ROOT_UID) from Jason Tishler. * Workaround for the CAPA error problem is documented in the FAQ. * Updated Polish, Danish, and Catalan translations. * Sunil Shetye's patch to improve CAPA error handling. * Sunil Shetye's patch to improve handling of unreadable boxes in POP3. * Berkeley port fix for Kerberos IV.
Update to fetchmail 5.9.13. Miscellaneous bug fixes, including a remote crash.
Update fetchmail{conf} to 5.9.11. Changes since 5.9.6: fetchmail-5.9.11 (Mon Apr 1 17:09:13 EST 2002), 21597 lines: * Updated Turkish and Japanese translations. * Added warning about auth failures on the GMX server. * HMH's Debian 5.9.10 patches: 1. Fix minor typo in FAQ 2. Fix partial implementation of ESMTP auth, and some minor fetchmailconf stuff 3. Add proper error reporting to bad logfile creation. patch by Sunil Shetye <shetye@bombay.retortsoft.com> 4. Fix incredible aggravating bug that caused dataloss risks if 4xx errors were returned by the MTA 5. Corrected version of the fix-timeouts-for-ssl and descriptor leaking patches from Sylvain Benoist <sylvainb@whitepj.com> Also fix outdated comments in driver.c 6. Sunil Shetye's patch to stop fetchmail from trying to fetch twice with IMAP 7. Stop stupid complaint about turning off SSL being illegal without SSL support. 8. Byrial Jensen <byrial@image.dk> i18n fixes * Sunil Shetye's attribute patch. * HMH's revised but untested SMTP authentication patch. fetchmail-5.9.10 (Sun Mar 10 15:09:57 EST 2002), 21529 lines: * Security fix: don't trust the message count passed back by the server. fetchmail-5.9.9 (Sat Mar 9 08:54:28 EST 2002), 21508 lines: * Renamed misnamed tr.po and da.po files * Jakub Ulanowski's patch to fix SSL fingerprint handling. * Matt Kraai's patch for supporting STLS over POP3. * French translation updated. * Debian fixes merged. * Added maildrop (MDA shipped with courier) as fallback after procmail and sendmail (thanks to Alexander Lazic <al-fetchmail@none.at>). * ESMTP AUTH support from Wojciech Polak <polak@lodz.pdi.net>. fetchmail-5.9.8 (Thu Feb 14 23:47:31 EST 2002), 21358 lines: * Added de translation catalog; updated da and tr catalogs. * vsprintf underflow fixes by Sunil Shetye. * Added warning about IMS POP3 server. * Mattyhias Andree's fix for a longstanding SSL hang bug. * Fix yacc syntax bug when building with SSL. * Sunil Shetye's patch for idle timeout during poll. * Applied HMH's fix for the "message delimiter found in headers" code path (Debian bug #128672). fetchmail-5.9.7 (Sat Feb 2 00:33:40 EST 2002), 21330 lines: * Minor fixes by HMH. * Properly guard some transaction reporting in the SSL code. * Updated German (de) po file. Added Turkish (tr) po file. * Expunge edge case fix by Sunil Shetye. * Fixes for some odd IMAP and SMTP edge cases by Sunil Shetye. * UIDL bug fix by Matthias Andree. * Use smtpaddress, if present, to set the return path on warning mail. * Tell parser to object when SSL keyboard is used with SSL not compiled. * GSSAPI and ODMR fixes by Tom Hughes.
patch-ae added, regenerate
Update fetchmail{conf} to 5.9.6. fetchmail-5.9.6 (Fri Dec 14 04:03:50 EST 2001), 21247 lines: * OPIE bug fixes by Jun Miyoshi <usako@omnisci.co.jp>. * Documented known IDLE bug in the todo.html file. * Sunil Shetye's fix for a timeout/reconnect bug. * LMTP fix from Toshiro HIKITA <toshi@sodan.org>. * The duplicate-killer doesn't try to operate if we can get an actual recipient address from the trace headers.
Update fetchmail{conf} to 5.9.5. fetchmail-5.9.5 (Thu Nov 8 14:14:35 EST 2001), 21162 lines: * Changed the logging logic along lines suggested by Jan Klaverstijn, * fetchmailconf looks first in the directory it's running from to find fetchmail. * Make sure we vet a success status correctly from open_smtp_sink() and open_bsmtp_sink(). * Matthias Andree's env.c patch to refuse service when QMAILINJECT is defined. * Immediately abort if a non-empty QMAILINJECT environment variable is found. If it is set and contains f or i, qmail-inject or qmail's sendmail `compatibility' wrapper will rewrite From: or Message-ID: headers, respectively. En passant, fix the bug that program_name was not filled in before used when the user's ID had no PW entry, leading to (null) or crash when printing the error message. Patch by Matthias Andree. * NextStep and OpenStep port patch from Eric Sunshine. * Block signals during SockConnect() so we don't get a socket descriptor leak if we're hit by an alarm signal during connect(2). * Set queryname even when server is inactive; avoids a core-dump bug in the fetchids code.
Patch a typo that causes Kerberos support to not compile.
Upgrade fetchmail{conf} to 5.9.4. fetchmail-5.9.4 (Wed Oct 3 07:47:45 EDT 2001), 21104 lines: * Finished license cleanup, all licenses in the distribution are now officially GPL-compatible. * Added a length check to from64tobits() after receiving a warning that it might create buffer overflows. No exploitable overflows were found by a careful case-by-case audit, and at minimum an exploit would have required that the mailserver be subverted. fetchmail-5.9.3 (Sun Sep 30 12:08:52 EDT 2001), 21075 lines: * Fix configuration error in handling of long options. * Thomas Moestl's patch to use querynames in UID files. * Timeout to deal with long socket closes (Sunil Shetye). * Move from RSA MD5 code to Colin Plumb's public-domain implementation (BSD classic license eliminated) * Rewrite strcasecmp() (BSD classic license eliminated). * getopt_long is back for Solaris and HP-UX systems. * Updated Danish po file. * Re-enable explicit bounce message on bad address. fetchmail-5.9.2 (Wed Sep 26 12:47:00 EDT 2001), 21118 lines: * Enable code to build on Solaris again (long options won't work). * Move Hesiod lookups to just before DNS lookups. * Make sure the SICHLD handler is called when we run detached. * Make kerberos5 in OpenBSD (Federico Schwindt <fgsch@olimpo.com.br>). * Added FAQ item X8 on why mail sometimes gets an extra ) appended. fetchmail-5.9.1 (Mon Sep 24 19:01:57 EDT 2001), 21120 lines: * Make -D short option for --smtpaddress active again. * Typo fix for Polish translation. * Make sure IMAP capability checks are caseblind. * Make sure suffix checks on akalists are properly caseblinded. * All warning mail now has a generated date stamp. * getopt.c and getopt1.c removed due to license incompatibility with OpenSSL. * End of poll cycle is now logged. * Sanity check now rejects SSL option if SSL support is not compiled in (resolves Debian bug #109796). * HMH's fix for the LMTP localhost/foo problem. * Mike Warfield's fix for using a combined SSL cert and key in a single file. * DNS lookups moved to just before the mailserver socket open, so fetchmail now works OK even if started up without Internet access. * Switched from _( to GT_( as a gettext macro, in order to avoid a conflict with the SSL library.
Update fetchmail{conf} to 5.9.0 and apply patch provided in pr 14031 by Xavier HUMBERT <xavier@xavhome.fr.eu.org>.
Update 'fetchmail' package to version 5.8.17. Changes since version 5.8.14: - SECURITY FIX: Fixed a security hole that is exploitable if fetchmail is running as root and the attacker can either subvert the mailserver or redirect to a fake one using DNS spoofing. Bugtraq announcement to follow soon. Thanks to Salvatore Sanfilippo <antirez@invece.org>. - Eliminated second bounce on failed RCPT TO address. - Always use fetchmail host's FQDN to identify the daemon when sending bounce messages. - Embarrassing bug of the month -- somehow, 'skip' wasn't being interpreted! - Handle ! in RFC2821 Return-Path addresses properly. - Better handling of BAD and NO responses to FETCH (thank Justin Guyett). - Fixed *yet another- build error due to breakage in the i18n code. - Refuse mail that has no good addresses and can't be sent to postmaster. - Restore behavior of discarding mail on 550 (Debian bug #105237). - John Summerfield updated getfetchmail. - Cleanup patches by HMH. - Lock-file-name bug reported by Scott Johnson. - Updated Danish translation by Byrial Jensen. - Updated French translation by Thierry Vignaud. - Man page bugs pointed out by Andrew Benham. - POP3 end of session RSET on keep removed. - In IMAP, handle BAD and NO responses to FETCH gracefully. - Parse 'no {syslog|invisible|showdots}' properly. - Change AC_DEFINE to AC_DEFINE_UNQUOTED appropriately in configure.in (Debian bug #104484). - Fixed bug in fetchmailconf plugin/plugout code (Debian bug #105987).
Update "fetchmail" and "fetchmailconf" package to version 5.8.14. Changes since version 5.8.10: - Corrected Rob Braun's remote-build change, it broke the build with NLS. - Found (and killed) a subtle SMTP protocol error that was probably lurking behind a lot of the bug reports related to bounce mail, thanks to Quoc Luu. (Only manifested when the MTA rejected mail due to a bad RCPT TO address.) - Correction for backslash-handling patch in rfc822.c. - Fix for Debian bug Bug#1038222: fetchmail conf fails to write file after configuration; move .fetchmailrc to .fetchmailrc.bak before overwriting. - Discard Return-Path headers consisting of a single @. - Make fetchmailconf dump plugin and plugout options properly. - Rob Braun's changes for building fetchmail outside its source directory - Don't depend on having snprintf available. - Bug fix for envskip. - ODMR finally seems to be working. - Handle multiple backslashes within RFC822 address strings correctly. - Don't exit on a failure to DNS-resolve a mailserver name, just make it inactive. Exit only if all lookups fail. - Restore code to deal with SMTP error responses at RCPT TO time, but without issuing an RSET. This is intended to fix obscure bugs that show up in recent Postfix releases and sendmail configurations that delay antispam checks on the MAIL FROM line until RCPT TO time. - Signal-processing fix for Debian bug #102711. - More ODMR patches from Matt Armstrong.
Update "fetchmail" and "fetchmailconf" packages to version 5.8.10. Changes since version 5.8.8: - More fixes for the new message-marking code from Thomas Moestl. - Fixes for ODMR code from Matt Armstrong. - HMH's snprintf/strncat cleanup patch. - Fixes for Debian bugs #101792, #101950. - Updated Danish translation by Byrial Jensen. - ODMR fixes from Matt Armstrong <matt@lickey.com>. - The smtphost option has been split. It is no longer overloaded to set the list of domains to be queried in ETRN and ODMR modes. Instead, use the `fetchdomains' option.
Update fetchmail{conf} to 5.8.8. This should fix pr 13269 submitted by Emmanuel Dreyfus. fetchmail-5.8.8 (Wed Jun 20 17:22:26 EDT 2001), 20782 lines: * Fix bug that prevented messages from being marked oversized unless -v was on. * Byrial Jensen made the tracepoll information RFC822-conformant. * Reorder code to avoid accessing line buffers after they have been freed. * Steven Krings's patch to deal with over-long header lines. * Fix for Debian bug #101500. * Updated Danish translation by Byrial Jensen. * Chris Maio's patch for POP3 with BSMTP. * Patch from HMH resolves DEbian bug #101530. fetchmail-5.8.7 (Sun Jun 17 12:02:17 EDT 2001), 20749 lines: * Make fetchmailconf work properly again by fixing tracepolls mismatch. * HMH's fix for Debian bug #98127. * driver.c refactoring in preparation for streaming mode.
upgrade to 5.8.6. fetchmail-5.8.6 (Tue Jun 12 08:16:54 EDT 2001), 20676 lines: * Reject candidate headers for the MAIL FROM address that have \n in them. * Add capability to insert poll trace data in the Received line. * HMH's patch to prevent buffer overflow due to long headers. Addresses Debian bug #100394. * Brendan Kehoe's patch to avoid doing DNS lookups on skip entries. There are 347 people on fetchmail-friends and 592 on fetchmail-announce. fetchmail-5.8.5 (Tue May 29 20:01:39 EDT 2001), 20650 lines: * Interface option fix from Alexander Kourakos. * Fixes for i18n glitches and new Danish translation from Byrial Jensen. * Attempted fix for Harry McGavran's problems with the Kerberos V build. * Added fetchmailnochda.pl to the contrib directory. * Sunil Shetye's patches for the seen count on IMAP and auto protocol. There are 337 people on fetchmail-friends and 583 on fetchmail-announce. fetchmail-5.8.4 (Mon May 21 15:08:03 EDT 2001), 20636 lines: * SSL certificate options from Thomas Moestl <tmoestl@gmx.net>. * Frantisek Brabec's patch for better UIDL error recovery. * Another zombie-leak patch from HMH. * Jorg de Jong's patch attempts to handle spaces in the ID part of UIDLs. * Eliminate use of -C in Makefile. There are 334 people on fetchmail-friends and 583 on fetchmail-announce.
Update "fetchmail" and "fetchmailconf" package to version 5.8.3. Changes since version 5.8.1: - The `localhost' special case of `via' is gone. Use `plugin %h' for talking to ssh instead. - Prevent POP3 code from authenticating multiple times on success. - Fixed IMAP password shrouding. - GCC warning cleanups from ahaas@neosoft.com. - Plug another hole that was letting zombies through. - SA_RESTART portability fix for SunOS. - Ignore Sender and Resent-Sender headers unless they contain @. - HH's patches fixing Debian bug #90966 and addressing Debian bug #92554. - GSSAPI portability patch by Peter Fales. - Updated cs.po by Jiri Pavlovsky. - Michael Kjorling's patch to add server ID to authentication success/failure bugmail. - Kerberos build patch by HH. - Don't cough and die from failure to resolve a skipped host. Resolves Debian bug #92530 - Do aka suffix match even if DNS checking is enabled (Johannes Stille's bug). - SIGCHLD handler now sets SA_RESTART explicitly in order to avoid zombies from interrupted system calls. Debian bug #95659.
Update fetchmail{conf} to 5.8.1. Changes since fetchmail 5.7.2: fetchmail-5.8.1 (Tue Apr 10 09:32:04 EDT 2001), 20511 lines: * Nalin Dahyabai's password parse and authentication fixe. * Vitezslav Samel's patch to Makefile.in to make parallel makes work. fetchmail-5.8.0 (Mon Apr 2 15:18:33 EDT 2001), 20459 lines: * Documentation update for gold release. fetchmail-5.7.7 (Wed Mar 28 20:24:48 EST 2001), 20459 lines: * More configure fixes -- include missing stub script in the distribution. fetchmail-5.7.6 (Thu Mar 22 16:22:48 EST 2001), 20456 lines: * Fix POP2 and POP3 password shrouding. * Don't remove UIDL scratchlist on query completion (Frantisek Brabec's bug). * IMAP: don't just quit if GSSAPI or Kerberos IV fail, but try other methods. * Document the fact the IDLE and multiple folders don't play well together. Closes Debian bug#89908. fetchmail-5.7.5 (Sat Mar 17 23:24:41 EST 2001), 20440 lines: * Nalin Dahyabhai's patch to make IPv6 build on older systems. * Restrict shrouding to just the password send so it won't leak info. * Move an #ifdef INET6_ENABLE to deal with libc5 headers. * Only DNS-probe entries that are active on this run. * Fix `nospambounce' recognition. * Updated French translation. * Yoshihiko SARUMARU's patch to keep kanji out of Received headers. * Include aclocal.m4 in the tarball (solves some build problems). * Added HMH's patch to support configuring a specific fallback MUA. fetchmail-5.7.4 (Mon Mar 12 00:02:23 EST 2001), 20323 lines: * SECURITY FIX: unsecure tempfile creation bug in fetchmailconf, thanks to Colin Phipps <cph@cph.demon.co.uk> for pointing this out. * Configure cleanup from HMH. * Documentation refresh. fetchmail-5.7.3 (Sun Mar 11 17:01:56 EST 2001), 20323 lines: * Incorporate SA_LEN patch from Red Hat. * HMH's "no spambounce" patch for fetchmailconf. * John Bartlett's patch to make the driver code more tolerant of flaky POP3 servers (better handling of timeout at session start). * Make `fetchmail --configdump' work when there's a defaults entry. * Incorporated HMH's build fixes. * Added FALLBACK_MDA; fetchmail now looks for procmail or sendmail at build time and uses it if it can't open port 25 for local delivery. * Incorporated Red Hat fixes for GSSAPI, configure.in. * Bailing out on read-only messages breaks fetchmail -c. To avoid this, use EXAMINE rather than SELECT in that case.
Move to sha1 digests, and add distfile sizes.
+ move the distfile digest/checksum value from files/md5 to distinfo + move the patch digest/checksum values from files/patch-sum to distinfo