Abbreviations in parentheses are the maintainers who committed the respective
change. MA = Matthias Andree, ESR = Eric S. Raymond, RF = Rob Funk.)
-# DEPRECATED FEATURES AND MAJOR INCOMPATIBLE CHANGE ADVANCE WARNINGS
+# ADVANCE WARNING OF FEATURES TO BE REMOVED OR CHANGED IN FUTURE VERSIONS
+(There are no plans to remove these features from a 6.3.X release, but they may
+be removed from a 6.4.0 or newer release.)
* The MX and host alias DNS lookups that fetchmail performs in multidrop mode
- are obsolete, deprecated and may be removed from a future fetchmail version.
- They have never supported IPv6 (including IPv6-mapped IPv4) anyhow.
+ are based on assumptions that are rarely met in practice, somewhat defective,
+ deprecated and may be removed from a future fetchmail version. They have
+ never supported IPv6 (including IPv6-mapped IPv4).
Non-DNS based alias keywords such as "aka" will remain in fetchmail.
* The monitor and interface options may be removed from a future fetchmail
- version as they are not sufficiently portable.
-* POP2 is obsolete.
- Support for POP2 may be removed from a future fetchmail version.
-* RPOP is obsolete, support may be removed from a future fetchmail release.
-* --sslcertck may become a default setting in a future fetchmail version.
+ version as they are not reasonably portable.
+* POP2 is obsolete, support will be removed from a future fetchmail version.
+* RPOP is obsolete, support will be removed from a future fetchmail release.
+* --sslcertck will become a default setting in a future fetchmail version.
* The multidrop To/Cc guessing code along with the fragile duplicate suppressor
is deprecated and may be removed from a future release.
* The "envelope Received" option may be removed from a future release, because
the Received header was never meant to be machine-readable, the format varies
widely, and various other differences in behavior make parsing Received an
- unreliable undertaking. The enveloper option as such will remain though, in
+ unreliable undertaking. The envelope option as such will remain though, in
order to support Delivered-To, X-Envelope-To, X-Original-To and similar.
See also <http://home.pages.de/~mandree/mail/multidrop>.
-* The --enable-fallback (fall back to MDA if MTA unavailable) may be removed
- from a future fetchmail release.
+* The --enable-fallback (fall back to MDA if MTA unavailable) will be removed
+ from a future fetchmail release, because it makes fetchmail's behavior
+ inconsistent and confusing.
* The "protocol auto" default inside fetchmail may be removed from a future
fetchmail release. Explicit configuration of the protocol is recommended.
* Kerberos IV support may be removed from a future fetchmail release.
-* SIGHUP wakeup may be removed from a future fetchmail release and cause it
- to terminate.
+* SIGHUP wakeup support may be removed from a future fetchmail release and
+ cause fetchmail to terminate - it was broken for many years.
* Support for operating systems that are not sufficiently POSIX compliant may be
removed or operation on such systems may be suboptimal for future releases.
--------------------------------------------------------------------------------
-fetchmail 6.3.6 (not yet released):
+fetchmail 6.3.7 (not yet released):
-# SECURITY FIXES (CHANGE BEHAVIOUR):
+# FIXES FOR REGRESSIONS IN 6.3.6
+* Fix KPOP. Patch by Miloslav Trmac.
+* Fix repoll when server disconnects after opportunistic TLS failed for POP3.
+ Berlios Bug #10133, reported by Andrej Kacian.
+
+# TRANSLATION UPDATES
+* Japanese (Takeshi Hamasaki), Polish (Jakub Bogusz)
+
+# KNOWN BUGS AND WORKAROUNDS:
+ (this section floats upwards through the NEWS file so it stays with the
+ current release information)
+* fetchmail does not handle messages without Message-ID header well
+ (See sourceforge.net bug #780933)
+* Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
+ 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit
+ fetchmail. Note that fetchmail doesn't take advantage of 64-bit code,
+ so compiling 32-bit SPARC code should not cause any difficulties.
+* fetchmail expects Received: headers in a particular, but undocumented, format
+ when parsing envelopes.
+* fetchmail does not track pending deletes over crashes
+* the command line interface is a bit narrow-minded sometimes, for instance,
+ fetchmail -s doesn't work with a running daemon
+* some of the logging output is not very helpful
+* some of the documentation is still not up to date
+
+
+fetchmail 6.3.6 (released 2007-01-04):
+
+# SECURITY FIXES:
* CVE-2006-5867, fetchmail-SA-2006-02.txt:
- Password disclosure vulnerability. This has several aspects:
+ Password disclosure vulnerability fixed. This has several aspects:
- Fetchmail now implies sslproto 'tls1' if the sslfingerprint or sslcertck
- options are used, to be sure there is a certificate to check against.
+ options are used and the ssl option is not used, in order to be sure that
+ fetchmail gets a certificate from the mail server.
- Fetchmail breaks the connection if the TLS negotiation (or verification, if
- requested) fails with sslproto 'tls1' (also applies if this is implicit).
+ requested) fails with sslproto 'tls1', sslfingerprint or sslcheck enabled.
- - POP3 connections ignored STLS altogether in many circumstances, because
- fetchmail did not probe server capabilities in all situations where it
- should have done that.
+ - POP3 connections now use STLS reliably. They used to ignore STLS altogether
+ for serveral values of the "auth" option, when fetchmail forget to probe
+ server capabilities - see fetchmail-SA-2006-02.txt for details.
- - POP3 connections could retry USER/PASS authentication even if strong
- challenge-response schemes such as CRAM-MD5 had explicitly been requested,
- if these were not advertised in the CAPA response.
+ - POP3 connections will no longer fall back USER/PASS authentication if
+ strong challenge-response authenticators such as CRAM-MD5 are configured
+ but the server does not advertise these in its CAPA response.
- POP2 is obsolete and does not support STLS or anything beyond password-based
- authentication. The attempt to use STLS or stronger authenticators causes
+ authentication. The attempt to use STLS or strong authenticators now causes
connection abort.
- Configurations using --ssl --sslcertck however have been semi-safe in that
- they would not expose the password over the wire.
+ Configurations using both ssl and sslcertck however have been semi-safe in
+ that they would send the password in the clear. The USER/PASS fallback
+ problem however applies to these too, so that the password was only safe on
+ trustworthy servers.
-# SECURITY FIX:
* CVE-2006-5974, fetchmail-SA-2006-03.txt:
- Repair regression in 6.3.5 that crashes fetchmail when a message with invalid
- headers is found while fetchmail's mda option is in use. BerliOS bugs #9364,
- #9412, #9449. Stack backtrace provided by Neil Hoggarth - thanks.
+ Repairs a regression in 6.3.5 that crashes fetchmail when a message with
+ invalid headers is found while fetchmail's mda option is in use. BerliOS bugs
+ #9364, #9412, #9449. Stack backtrace provided by Neil Hoggarth - thanks.
-# BUG FIXES:
+# REGRESSION FIXES (recently introduced bugs)
* Repair --logfile, broken in 6.3.5. BerliOS Bug #9059,
reported by Brian Harring.
-* POP3: Probe capabilities when Kerberos V5 is attempted.
-* RPOP: The password is now shrouded in the local logs.
-* Robustness: If a stale lockfile cannot be deleted, truncate it to avoid
- trouble later if the PID is recycled by a non-fetchmail process.
+* Repair --user, broken in 6.3.5 (as a side effect of the authenticate external
+ patch): using SSL certificate/key authentication overrode the --user option.
+ Now the latter takes precedence, and only defaults to the certificate's common
+ name. Debian Bug #400950, reported by Jorgen Schaefer <forcer@debian.org>.
+
+# BUG FIXES (long-standing bugs):
+* RPOP: used to log the password locally rather than an asterisk as the other
+ protocols do. The password is now shrouded in the local logs.
+* POP3: Probes capabilities now when Kerberos V5 is enabled, so that we can
+ actually detect if the server supports it.
+* Robustness: If a stale lockfile cannot be deleted, truncate it so that
+ fetchmail doesn't later believe itself to be running if the PID is recycled
+ by a non-fetchmail process.
+* DNS: Detect /etc/resolv.conf changes: On systems that have res_search(),
+ assume we also have res_init() and call it (suggested by Ulrich Drepper,
+ glibc bug #3675) in order to make libc or libresolv reread the resolver
+ configuration at the beginning of a poll cycle. This is important when
+ fetchmail is in daemon mode and /etc/resolv.conf is changed later by dhcpcd,
+ dhclient, pppd, openvpn or other ip-up/ipchange scripts. Should fix Debian
+ Bug#389270, Bug#391698.
+* Robustness: Fix crash on systems that do not provide strdup(), the crash
+ happens only in out-of-memory conditions when fetchmail cannot proceed
+ anyways. Patch by Andreas Krennmair.
+* Robustness: When HOME and FETCHMAILHOME are unset, be sure to copy user
+ database information, so it is not trashed later. Patch by Jim Correia.
+
+# CHANGES:
+* Workaround: Improve handling of IMAP IDLE, some servers do not reset their
+ time counters after sending information asynchronously. Patch by Sunil
+ Shetye, after report from Andrew Baumann.
+* Usability: When requesting Kerberos or GSSAPI, complain and exit with syntax
+ error if any of these requested features has not been compiled in. This is
+ to fail early and with precise error message. Reported by Isaac Wilcox.
+* --version will now add +KRB4 or +KRB5 if Kerberos v4 or v5, respectively, have
+ been compiled in. Reported missing by Isaac Wilcox.
# TRANSLATIONS:
* New en_GB (British English) translation by David Lodge.
* Update Japanese (Takeshi Hamasaki), Polish (Jakub Bogusz), Russian (Pavel
Maryanov) and Vietnamese (Clytie Siddall) translations.
+! Note that not all these translations are complete -- this isn't the
+ translators' fault though, but due to delays at the BerliOS hosting site and
+ the translation project handlers. You may see a few untranslated messages.
-# KNOWN BUGS AND WORKAROUNDS:
- (this section floats upwards through the NEWS to be on top of the list)
-* fetchmail does not handle messages without Message-ID header well
- (See sourceforge.net bug #780933)
-* Sun Workshop 6 (SPARC) is known to miscompile the lexer in 64-bit mode.
- Either compile 32-bit code or use GCC to compile 64-bit fetchmail.
- Note that fetchmail doesn't take advantage of 64-bit code anyways,
- so compiling 32-bit SPARC code should be fine.
-* fetchmail expects Received: headers in a particular format when parsing
- envelopes.
-* fetchmail does not track pending deletes over crashes
-* the command line interface is a bit narrow-minded sometimes, for instance,
- fetchmail -s doesn't work with a running daemon
-* some of the logging output is not very helpful
-* some of the documentation is still not up to date
+# DOCUMENTATION:
+* Dropped exit status 15 from manual page, it's not used by fetchmail.
+ Reported by Isaac Wilcox.
+* Documented exit codes 24 - 29 as internal.
fetchmail 6.3.5 (released 2006-10-09):
* switch setjmp/longjmp to sigsetjmp/siglongjmp
* IMAP now supports the EXTERNAL authentication method, courtesy of
Götz 'nimrill' Babin-Ebell, BerliOS patch #1095 with minor changes.
+ Note that this change causes --sslcert to override --user.
* The sslproto keywords are now case insensitive, courtesy of
Götz 'nimrill' Babin-Ebell, BerliOS patch #1095.
* When going to sleep, log for how long. Suggested by Claudia Ludwig.
projects / ~andy / fetchmail / blobdiff