* The "protocol auto" default inside fetchmail may be removed from a future
fetchmail release. Explicit configuration of the protocol is recommended.
* Kerberos IV support may be removed from a future fetchmail release.
+* Kerberos 5 support may be removed from a future fetchmail release.
* The --principal option may be removed from a future fetchmail release.
* SIGHUP wakeup support may be removed from a future fetchmail release and
cause fetchmail to terminate - it was broken for many years.
--------------------------------------------------------------------------------
-fetchmail-6.3.18 (not yet released):
+fetchmail-6.3.20 (not yet released):
+
+# CHANGES
+* fetchmail now always uses its own MD5 implementation. The library and header
+ variants are too diverse, and we've been bitten before -- and configure
+ complains noisily on Cyrus-SASL's RFC1321 md5.h.
+
+# TRANSLATION UPDATES
+ [ja] Japanese (Takeshi Hamasaki)
+
+
+fetchmail-6.3.19 (released 2010-12-10, 25945 LoC):
+
+# ERRATUM NOTICE ISSUED
+* fetchmail 6.3.18 contains several bug fixes that were considered sufficiently
+ grave to warrant the issue of an erratum notice, fetchmail-EN-2010-03.txt.
+
+# BUG FIXES
+* When specifying multiple local multidrop lists, do not lose wildcard flag.
+ (Affects "user foo is bar baz * is joe here")
+* In multidrop configurations, an asterisk can now appear anywhere in the list
+ of local users, not just at the end.
+* In multidrop mode, header parsing is now more verbose in -vv mode, so that it
+ becomes possible to see which header is used.
+* Make --antispam work from command line (these used to work in rcfiles).
+ Reported by Kees Bakker, BerliOS Bug #17599. (Sunil Shetye)
+* Smoke test XHTML 1.1 validation, and if it fails, skip validating HTML
+ documents. Skip validating Mailbox-Names-UTF7.html. Several systems have
+ broken XHTML 1.1 DTD installations that jeopardize the build.
+ Reported by Mihail Nechkin against FreeBSD port.
+ Workaround for 6.3.18: build in a separate directory, i. e:
+ mkdir build && cd build && ../configure --options-go-here
+* Send a NOOP only after a failed STARTTLS in IMAP. (Sunil Shetye)
+* Demote GSSAPI verbose/debug syslog to INFO severity. Requested by Carlos E. R.
+ and Derek Simkowiak via the fetchmail-users@ mailing list.
+* Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory even if the
+ server capabilities do not show support for upgradation to TLS.
+ To use this, configure --sslproto tls1. (Sunil Shetye)
+* IMAP: Understand empty strings as FETCH response, seen on Yahoo. Reported by
+ Yasin Malli to fetchmail-users@ 2010-12-10.
+ Note that fetchmail continues to expect literals as FETCH response for now.
+
+# DOCUMENTATION
+* The manual page now links to IANA for GSSAPI service names.
+
+# TRANSLATION UPDATES
+ [cs] Czech (Petr Pisar)
+ [fr] French (Frédéric Marchal)
+ [de] German
+ [it] Italian (Vincenzo Campanella)
+ [pl] Polish (Jakub Bogusz)
+
+# KNOWN BUGS AND WORKAROUNDS
+ (this section floats upwards through the NEWS file so it stays with the
+ current release information - however, it was stuck with 6.3.8 for a while)
+* fetchmail does not handle messages without Message-ID header well
+ (See sourceforge.net bug #780933)
+* BSMTP is mostly untested and errors can cause corrupt output.
+* Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
+ 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit
+ fetchmail. Note that fetchmail doesn't take advantage of 64-bit code,
+ so compiling 32-bit SPARC code should not cause any difficulties.
+* fetchmail does not track pending deletes over crashes.
+* the command line interface is sometimes a bit stubborn, for instance,
+ fetchmail -s doesn't work with a daemon running.
+* Linux systems may return duplicates of an IP address in some circumstances if
+ no or no global IPv6 addresses are configured.
+ (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
+* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
+ messages. This will not be fixed, because the maintainer has no Kerberos 5
+ server to test against. Use GSSAPI.
+
+
+fetchmail-6.3.18 (released 2010-10-09, 25936 LoC):
# SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE
* Fetchmail now only accepts wildcard certificate common names and subject
matches more than needed.
* Fetchmail now disallows wildcarding top-level domains.
-# BUG FIXES
-* Fetchmail would warn about insecure SSL/TLS connections even if a matching
- --sslfingerprint was specified. This is an omission from an SSL usability
- change made in 6.3.17. Fixes Debian Bug#580796 reported by Roland Stigge.
+# CRITICAL BUG FIXES AND REGRESSION FIXES
* Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to obtain MD5*
functions, as an effect of an undocumented Solaris MD5 fix.
- This fails if, for instance, libmd5.so was installed on other operating
- systems as part of libwww on machines where long isn't 32-bits. Fixes Gentoo
- Bug #319283, reported - including the hint to libwww - by Karl Hakimian.
+ This caused all MD5-related functions to malfunction if, for instance,
+ libmd5.so was installed on other operating systems as part of libwww on
+ machines where long isn't 32-bits, i. e. usually on 64-bit computers.
+ Fixes Gentoo Bug #319283, reported, including libwww hint, by Karl Hakimian.
Side effect: fetchmail will now use -lmd on Solaris rather than -lmd5.
+* Fetchmail 6.3.17 warned about insecure SSL/TLS connections even if a matching
+ --sslfingerprint was specified. This is an omission from an SSL usability
+ change made in 6.3.17.
+ Fixes Debian Bug#580796 reported by Roland Stigge.
+* Fetchmail will now apply timeouts to the authentication stage.
+ This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3.
+ Reported missing by Thomas Jarosch.
+* Fetchmail now cancels GSSAPI authentication properly when encountering GSS
+ errors, such as no or unsuitable credentials.
+ It now sends an asterisk on a line by its own, as required in SASL.
+ This fixes protocol synchronization issues that cause Authentication
+ failures, often observed with kerberized MS Exchange servers.
+ Fixes Debian Bug #568455 reported by Patrick Rynhart, and Alan Murrell, to the
+ fetchmail-users list. Fix verified by Thomas Voigtmann and Patrick Rynhart.
+
+# BUG FIXES
* Fetchmail will no longer print connection attempts and errors for one host
in "silent" and "normal" logging modes, unless all connections fail. This
should reduce irritation around refused-connection logging if services are
connections refused to ::1/25 when the subsequent connection to 127.0.0.1/25
then - silently - succeeds. Fetchmail, unless in verbose mode, will collect
all connect errors and only report them if all of them fail.
-* Fetchmail will now apply timeouts to the authentication stage. This stage
- encompasses STARTTLS/STLS negotiation in IMAP/POP3.
- Reported missing by Thomas Jarosch.
-* Fetchmail will not try GSSAPI authentication automatically unless it has GSS
- credentials. This avoids getting servers such as Exchange 2007 wedged if
- GSSAPI authentication fails. Reported by Patrick Rynhart, Debian Bug #568455,
- and Alan Murrell, to the fetchmail-users list.
- Note that if GSSAPI fails for other reasons, you can use the --auth option to
- work around that.
+* Fetchmail will not try GSSAPI authentication automatically, unless it has GSS
+ credentials. However, if GSSAPI authentication is requested explicitly,
+ fetchmail will always try it.
* Fetchmail now parses response to "FETCH n:m RFC822.SIZE" and "FETCH n
RFC822.HEADER" in a more flexible manner. (Sunil Shetye)
-* Fetchmail now cancels GSSAPI authentication properly when encountering GSS
- errors. It now sends an asterisk on a line by its own, as required in SASL.
- This should fix protocol synchronization issues that cause Authentication
- failure, particularly with Exchange 2007 and Exchange 2010 servers, when
- Kerberos authentication was offered by the server and attempted by fetchmail.
* The manual page clearly states that --principal is for Kerberos 4 only, not
for Kerberos 5 or GSSAPI. Found by Thomas Voigtmann.
# CHANGES
* When encountering incorrect headers, fetchmail will refer to the bad-header
- option in the manpage. BerliOS Bug #17272, change suggested by Björn Voigt.
+ option in the manpage.
+ Fixes BerliOS Bug #17272, change suggested by Björn Voigt.
* Fetchmail now decodes and reports GSSAPI status codes upon errors.
+* Fetchmail now autoprobes NTLM also for POP3.
+* The Fetchmail FAQ has a new item #R15 on authentication failures.
+
+# INTERNAL CHANGES
+* The common NTLM authentication code was factored out from pop3.c and imap.c.
# TRANSLATION UPDATES
[zh_CN] Chinese/simplified (Ji Zheng-Yu)
[cs] Czech (Petr Pisar)
+ [nl] Dutch (Erwin Poeze)
[fr] French (Frédéric Marchal)
[de] German
[it] Italian (Vincenzo Campanella)
[ja] Japanese (Takeshi Hamasaki)
[pl] Polish (Jakub Bogusz)
-
-# KNOWN BUGS AND WORKAROUNDS:
- (this section floats upwards through the NEWS file so it stays with the
- current release information - however, it was stuck with 6.3.8 for a while)
-* fetchmail does not handle messages without Message-ID header well
- (See sourceforge.net bug #780933)
-* BSMTP is mostly untested and errors can cause corrupt output.
-* Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
- 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit
- fetchmail. Note that fetchmail doesn't take advantage of 64-bit code,
- so compiling 32-bit SPARC code should not cause any difficulties.
-* fetchmail does not track pending deletes over crashes
-* the command line interface is sometimes a bit stubborn, for instance,
- fetchmail -s doesn't work with a daemon running
-* Linux may return duplicates of an IP address in some circumstances if no or
- no global IPv6 addresses are configured. (No workaround. Ubuntu Bug#582585,
- Novell Bug#606980.)
+ [sk] Slovak (Marcel Telka)
fetchmail-6.3.17 (released 2010-05-06, 25767 LoC):