cause fetchmail to terminate - it was broken for many years.
* The maintainer may migrate fetchmail to C++ with STL or C#, and impose further
requirements (dependencies), such as Boost or other class libraries.
-* The softbounce option default will change to "false" in the next release.
* The --bsmtp - mode of operation may be removed in a future release.
* Given that OpenSSL is severely underdocumented, and needs license exceptions,
fetchmail may switch to a different SSL library.
-* SSLv2 support will be removed from a future fetchmail release. It has been
- obsolete for more than a decade.
--------------------------------------------------------------------------------
-fetchmail-6.4.0 (not yet released):
+fetchmail-7.0.0 (not yet released):
NOTE THIS IS AN ALPHA RELEASE THAT HAS NOT BEEN THOROUGHLY TESTED!
we're down to O(n log n).
Contributed by Rainer Weikusat, MAD Partners Ltd./MSS GmbH.
* The POP3 code now always uses UIDL, except if "fetchall" is in effect.
- Fixes BerliOS Bug #16172.
+ Fixes BerliOS Bug #16172. Fixes Debian Bug#345788.
+* Fetchmail now enables SSL support by default. If this is undesired,
+ ./configure --without-ssl should help.
+* The OpenSSL code now excludes the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option.
+ This can cause interoperability problems with certain buggy servers, but is
+ required to defang chosen-plaintext attacks against AES. While probably hard
+ to mount against fetchmail, let's play it safe rather than be sorry later.
# FEATURES ADDED
* Fetchmail can now retrieve credentials from PWMD. This needs to be enabled at
option will also mark the message with errors as seen.
The default policy is to abort the session whenever a server error occurs.
Contributed by Craig Brown.
+* Fetchmailconf offers cram-md5 and apop authentication.
# REMOVED FEATURES
* IMAP2 protocol support was removed.
--sslproto. SSLv2 is insecure and had been deprecated 15 years ago. fetchmail
will actively forbid SSLv2 negotiation by means of SSL_OP_NO_SSLv2.
To fix Debian Bug#622054.
+* A lot of outdated and/or unsafe-to-use material got dropped from contrib/.
# REGRESSION FIXES
* The mimedecode feature now properly detects multipart/mixed-type matches, so
Bug introduced on 1998-03-20 when the mimedecode support was added by ESR
before release 4.4.1 through code contributed by Henrik Storner.
Workaround for older releases: do not use mimedecode feature.
+* Fetchmail now detects singly-quoted % expansions in the mda option and refuses
+ to deliver for safety reasons. Fixes Debian Bug#347909.
+* The Server certificate: message in verbose mode now appears on stdout like the
+ remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807.
# CHANGES
* A foreground fetchmail can now accept a few more options while another copy is
running in the background.
+* APOP is no longer a protocol, but an authentication method. In order to use
+ it, use protocol POP3 auth APOP, or on the commandline, -p pop3 --auth apop.
+ If no authentication method is specified, APOP is automatically tried if
+ offered by the server before we resort to sending the password as clear text.
--------------------------------------------------------------------------------
+fetchmail-6.3.21 (not yet released):
+
+# CRITICAL BUG FIX
+* The IMAP client no longer inserts NUL bytes into the last line of a message
+ when it is not closed with a LF or CRLF sequence. Reported by Antoine Levitt.
+ As a side effect of the fix, and in order to avoid a full rewrite, fetchmail
+ will now CRLF-terminate the last line fetched through IMAP, even if it is
+ originally not terminated by LF or CRLF. This bears no relevance if your
+ messages end up in mbox, but adds line termination for storages (like Maildir)
+ that do not require that the last line be LF- or CRLF-terminated.
+
+
fetchmail-6.3.20 (released 2011-06-06, 26005 LoC):
# SECURITY BUG FIXES
projects / ~andy / fetchmail / blobdiff