--------------------------------------------------------------------------------
-fetchmail 6.3.10 (not yet released):
+fetchmail 6.3.13 (released 2009-10-30, 25333 LoC):
+
+# REGRESSION FIXES
+* The multiline SMTP error fix in release 6.3.12 caused fetchmail to lose
+ message codes 400..599 and treat all of these as temporary error. This would
+ cause messages to be left on the server even if softbounce was turned off.
+ Reported by Thomas Jarosch.
+
+# TRANSLATION UPDATES
+* [cs] Czech, by Petr Pisar
+* [zh_CN] Chinese (simplified), by Ji ZhengYu
+* [nl] Dutch, by Erwin Poeze
+* [id] Indonesian, by Andhika Padmawan
+* [ja] Japanese, by Takeshi Hamasaki
+* [pl] Polish, by Jakub Bogusz
+* [es] Spanish (Castilian), by Franciso Molinero
+* [vi] Vietnamese, by Clytie Siddall
+
+
+fetchmail 6.3.12 (released 2009-10-05):
+
+# REGRESSION FIXES
+* The CVS-2009-2666 fix in fetchmail release 6.3.11 caused a free() of
+ unallocated memory on SSL connections, which caused crashes or program aborts
+ on some systems (depending on how initialization and free() of unallocated
+ memory is handled in compiler and libc).
+ Workaround for older versions: run in verbose mode.
+ Patch courtesy of Thomas Heinz, fixes Gentoo Bug #280760.
+ This regression affected only the 6.3.11 release, but not the patch that was
+ part of the security announcement fetchmail-SA-2009-01.
+
+# BUG FIXES
+* Fix error reporting for GSSAPI on Heimdal (h5l) Kerberos.
+* Look for MD5_Init in libcrypto rather than libssl, fixes Gentoo Kerberos
+ builds; fixes upstream parts of Gentoo Bugs #231400 and #185652, and fixes
+ BerliOS Bug #16134.
+* Report multiline SMTP errors properly, reported by Earl Chew; fixes Debian Bug
+ #569899, reported by Akihiro Terasaki.
+ Note: This fix introduced a regression, fixed in 6.3.13.
+* Replace control characters in SMTP replies by '?'.
+* Fetchmailconf: Fix descriptions for smtpaddress and smtpname options;
+ smtpaddress is for RCPT TO, not MAIL FROM. Found by Gerard Seibert.
+
+# TRANSLATION UPDATES AND ADDITIONS (ordered by language name):
+* [ca] Catalan (Ernest Adrogué Calveras)
+* [zh_CN] Chinese/Simplified (Ji ZhengYu)
+* [cs] Czech (Petr Pisar)
+* [ja] Japanese (Takeshi Hamasaki)
+* [pl] Polish (Jakub Bogusz)
+* [es] Spanish/Castilian (Francisco Molinero)
+* [vi] Vietnamese (Clytie Siddall)
+
+
+fetchmail 6.3.11 (released 2009-08-06):
+
+# SECURITY BUGFIXES
+* CVE-2009-2666: SSL NUL prefix impersonation attack through NULs in a
+ part of a X.509 certificate's CommonName and subjectAltName fields. These
+ fields use opaque strings with a separate length field, so that the NUL
+ character isn't a special character inside the certificate. Fetchmail, being
+ written in the C language, used to treat these strings as C strings
+ nonetheless, so that the domain comparison would end at the first embedded NUL
+ character, rather than at the real end of the string.
+ Fetchmail will now abort certificate verification as failed if NULs are
+ encountered inside either of these fields regardless of their position, and
+ drop the connection even if --sslcertck is not used, because NUL is not a
+ valid character in legitimate DNS names.
+ See fetchmail-SA-2009-01.txt for details, including a minimal patch.
+
+# BUGFIXES
+* Remove the spurious message "message delimiter found while scanning headers".
+ RFC-5322 syntax states that the delimiter is part of the body, and the body is
+ optional.
+* Convert all non-printable characters in certificate Subject/Issuer
+ Common Name or Subject Alternative Name fields to ANSI-C hex escapes (\xnn,
+ where nn are hex digits).
+ Note that this change introduces a regression, fixed in 6.3.12.
+ See the 6.3.12 documentation above for details and a workaround.
+
+# TRANSLATION UPDATES AND ADDITIONS (ordered by language name):
+* [zh_CN] Chinese/Simplified (Ji ZhengYu)
+* [es] Spanish/Castilian (Francisco Molinero)
+
+
+fetchmail 6.3.10 (released 2009-07-02):
# INCOMPATIBLE BUGFIXES AND CHANGES
* Fetchmail no longer drops permanently undelivered messages by default, to
# CHANGES
* Make the comparison of the SSL fingerprints case insensitive, to
ease its use. Suggested by Daniel Richard G.
+* Proper precedence ordering for the syslog and logfile options. If the logfile
+ option is effective (i. e. we're in daemon mode and nodetach isn't used),
+ reset the syslog option. If logfile is ineffective (we're not in daemon mode,
+ or nodetach is set), syslog takes precedence.
+* The sleeping at/awakened at messages appear in logfiles and syslog only if
+ verbose mode is enabled. On the console, they will still appear without
+ verbose mode. Fixes Debian Bug#282259.
+* fetchmail only requests IPv6 addresses via name service if at least one is
+ configured on the local host, likewise for IPv4. (AI_ADDRCONFIG flag to
+ getaddrinfo()) Extended version of Redhat's patch.
+* If the server name contains "yahoo.com", offers the "ID" capability, and we're
+ polling via IMAP, send an ID ("guid" "1") transaction first, ignoring its
+ result. This appears needed to be able to log into Yahoo's Zimbra servers, but
+ there are open issues (such as being only able to download one message and
+ server certificate mismatches).
# CHANGES TO CONTRIB
* Fix bashism in contrib/fetchsetup. Fixes Debian Bug#530081.
* A document, README.SSL-SERVER, was added to describe server-side requirements
for proper SSL and/or TLS service offerings. These are not specific to
fetchmail.
+* Documentation on how to make "NOMAIL" (exit code 1) not treated an error has
+ been added to the EXIT CODES section of the manpage and to the FAQ as item C8.
+ The suggested solution uses a tiny POSIX shell script fragment.
+ Fixes Debian Bug #530749, filed by Reuben Thomas.
# TRANSLATION UPDATES AND ADDITIONS (ordered by language name):
-* [cs] Czech (Petr Pisar)
+* [cs] Czech (Petr Pisar)
* [en_GB] English/British
* [de] German
* [id] Indonesian (Andhika Padmawan)
* [it] Italian (Vincenzo Campanella)
-* [ja] Japanese (Takeshi Hamasaki)
+* [ja] Japanese (Takeshi Hamasaki)
+* [pl] Polish (Jakub Bogusz)
+* [ru] Russian (Pavel Maryanov), fixing Debian Bug #531925
* [es] Spanish/Castilian (Francisco Molinero)
* [zh_CN] Chinese/Simplified (Ji ZhengYu)
-fetchmail 6.3.9 (2008-11-16):
+fetchmail 6.3.9 (released 2008-11-16):
# SECURITY AND CRITICAL BUG FIXES:
* CVE-2007-4565: Denial of service: When fetchmail tries to inject a warning