* The monitor and interface options may be removed from a future fetchmail
version as they are not reasonably portable across operating systems.
* POP2 is obsolete, support will be removed from a future fetchmail version.
+* IMAP2 and IMAP4 (not IMAP4r1) are obsolete, support may be removed from a
+ future fetchmail version.
* RPOP is obsolete, support will be removed from a future fetchmail release.
* --sslcertck will become a default setting in a future fetchmail version.
* The multidrop To/Cc guessing code along with the fragile duplicate suppressor
* The "protocol auto" default inside fetchmail may be removed from a future
fetchmail release. Explicit configuration of the protocol is recommended.
* Kerberos IV support may be removed from a future fetchmail release.
+* The --principal option may be removed from a future fetchmail release.
* SIGHUP wakeup support may be removed from a future fetchmail release and
cause fetchmail to terminate - it was broken for many years.
* Support for operating systems that are not sufficiently POSIX compliant may be
* The maintainer may migrate fetchmail to C++ with STL or C#, and impose further
requirements (dependencies), such as Boost or other class libraries.
* The softbounce option default will change to "false" in the next release.
+* The --bsmtp - mode of operation may be removed in a future release.
+* Given that OpenSSL is severely underdocumented, and needs license exceptions,
+ fetchmail may switch to a different SSL library.
--------------------------------------------------------------------------------
-fetchmail 6.3.11 (released XXXX-XX-XX - i. e. not yet):
+fetchmail-6.3.18 (not yet released):
+
+# SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE
+* Fetchmail now only accepts wildcard certificate common names and subject
+ alternative names if they start with "*.". Previous versions would accept
+ wildcards even if no period followed immediately.
+* Fetchmail now disallows wildcards in certificates to match domain literals
+ (such as 10.9.8.7), or wildcards in domain literals ("*.168.23.23").
+ The test is overly picky and triggers if the pattern (after skipping the
+ initial wildcard "*") or domain consists solely of digits and dots, and thus
+ matches more than needed.
+* Fetchmail now disallows wildcarding top-level domains.
+
+# BUG FIXES
+* Fetchmail would warn about insecure SSL/TLS connections even if a matching
+ --sslfingerprint was specified. This is an omission from an SSL usability
+ change made in 6.3.17. Fixes Debian Bug#580796 reported by Roland Stigge.
+* Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to obtain MD5*
+ functions, as an effect of an undocumented Solaris MD5 fix.
+ This fails if, for instance, libmd5.so was installed on other operating
+ systems as part of libwww on machines where long isn't 32-bits. Fixes Gentoo
+ Bug #319283, reported - including the hint to libwww - by Karl Hakimian.
+ Side effect: fetchmail will now use -lmd on Solaris rather than -lmd5.
+* Fetchmail will no longer print connection attempts and errors for one host
+ in "silent" and "normal" logging modes, unless all connections fail. This
+ should reduce irritation around refused-connection logging if services are
+ only on an IPv4 socket if the host also supports IPv6. Often observed as
+ connections refused to ::1/25 when the subsequent connection to 127.0.0.1/25
+ then - silently - succeeds. Fetchmail, unless in verbose mode, will collect
+ all connect errors and only report them if all of them fail.
+* Fetchmail will now apply timeouts to the authentication stage. This stage
+ encompasses STARTTLS/STLS negotiation in IMAP/POP3.
+ Reported missing by Thomas Jarosch.
+* Fetchmail will not try GSSAPI authentication automatically unless it has GSS
+ credentials. This avoids getting servers such as Exchange 2007 wedged if
+ GSSAPI authentication fails. Reported by Patrick Rynhart, Debian Bug #568455,
+ and Alan Murrell, to the fetchmail-users list.
+ Note that if GSSAPI fails for other reasons, you can use the --auth option to
+ work around that.
+* Fetchmail now parses response to "FETCH n:m RFC822.SIZE" and "FETCH n
+ RFC822.HEADER" in a more flexible manner. (Sunil Shetye)
+* Fetchmail now cancels GSSAPI authentication properly when encountering GSS
+ errors. It now sends an asterisk on a line by its own, as required in SASL.
+ This should fix protocol synchronization issues that cause Authentication
+ failure, particularly with Exchange 2007 and Exchange 2010 servers, when
+ Kerberos authentication was offered by the server and attempted by fetchmail.
+* The manual page clearly states that --principal is for Kerberos 4 only, not
+ for Kerberos 5 or GSSAPI. Found by Thomas Voigtmann.
+
+# CHANGES
+* When encountering incorrect headers, fetchmail will refer to the bad-header
+ option in the manpage. BerliOS Bug #17272, change suggested by Björn Voigt.
+* Fetchmail now decodes and reports GSSAPI status codes upon errors.
+
+# TRANSLATION UPDATES
+ [zh_CN] Chinese/simplified (Ji Zheng-Yu)
+ [cs] Czech (Petr Pisar)
+ [nl] Dutch (Erwin Poeze)
+ [fr] French (Frédéric Marchal)
+ [de] German
+ [it] Italian (Vincenzo Campanella)
+ [ja] Japanese (Takeshi Hamasaki)
+ [pl] Polish (Jakub Bogusz)
+ [sk] Slovak (Marcel Telka)
+
+# KNOWN BUGS AND WORKAROUNDS:
+ (this section floats upwards through the NEWS file so it stays with the
+ current release information - however, it was stuck with 6.3.8 for a while)
+* fetchmail does not handle messages without Message-ID header well
+ (See sourceforge.net bug #780933)
+* BSMTP is mostly untested and errors can cause corrupt output.
+* Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
+ 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit
+ fetchmail. Note that fetchmail doesn't take advantage of 64-bit code,
+ so compiling 32-bit SPARC code should not cause any difficulties.
+* fetchmail does not track pending deletes over crashes
+* the command line interface is sometimes a bit stubborn, for instance,
+ fetchmail -s doesn't work with a daemon running
+* Linux may return duplicates of an IP address in some circumstances if no or
+ no global IPv6 addresses are configured. (No workaround. Ubuntu Bug#582585,
+ Novell Bug#606980.)
+
+
+fetchmail-6.3.17 (released 2010-05-06, 25767 LoC):
+
+# SECURITY FIX
+* CVE-2010-1167: Fetchmail before release 6.3.17 did not properly sanitize
+ external input (mail headers and UID). When a multi-character locale (such as
+ UTF-8) was in use, this could cause memory exhaustion and thus a denial of
+ service, because fetchmail's report.c functions assumed that non-success of
+ [v]snprintf was due to insufficient buffer size allocation. It would then
+ repeatedly reallocate a larger buffer and fail formatting again.
+ See fetchmail-SA-2010-02.txt.
+
+# FEATURES
+* Fetchmail now supports a --sslcertfile <file> option to specify a "CA bundle"
+ file (a file that contains trusted CA certificates). Since these bundled CA
+ files do not require c_rehash to be run, they are easier to use and immune to
+ OpenSSL library updates that affect the hash function.
+* Fetchmail now supports a FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS
+ environment variable to force loading the default SSL CA certificate
+ locations even if --sslcertfile or --sslcertpath is used.
+ If neither option is in effect, fetchmail loads the default locations.
+
+# REGRESSION FIX
+* Fix string handling in rcfile scanner, which caused fetchmail to misparse a
+ run control file in certain circumstances. Fixes BerliOS bug #14257.
+ Patch by Michael Banack. This fixes a regression introduced before 6.3.0.
+
+# BUG FIXES
+* Plug memory leak when using a "defaults" entry in the run control file.
+* Do not print SSL certificate mismatches unless verbose or --sslcertck is
+ enabled.
+* Do not lose "set invisible" in fetchmailconf. (Michael Barnack)
+
+# CHANGES
+* Usability: SSL certificate chains are fully printed in -v -v mode, and there
+ are now helpful pointers to --sslcertpath and c_rehash for "unable to get
+ local issuer certificate" and self-signed certificates -- these usually hint
+ to missing root signing CAs in the certs directory.
+* Several fixes for compiler (GCC, Intel C++, CLang) and autotools warnings
+* Memory allocation failures will now cause abnormal program abort (SIGABRT),
+ no longer an exit with unspecified code.
+* Print a warning if certificate verification failed and the user did not
+ specify --sslcertck.
+
+# DOCUMENTATION
+* Fix table of global option to read "set softbounce" where there used to be a
+ 2nd copy of "set spambounce". Patch by Michael Banack, BerliOS Bug #17067.
+* In the --sslcertpath description, mention that OpenSSL upgrade (and a 0.9.X
+ to 1.0.0 upgrade in particular) may require running c_rehash.
+
+# TRANSLATION UPDATES
+ [zh_CN] Chinese/simplified (Ji Zheng-Yu)
+ [cs] Czech (Petr Pisar)
+ [nl] Dutch (Erwin Poeze)
+ [fr] French (Frédéric Marchal)
+ [de] German
+ [id] Indonesian (Andhika Padmawan)
+ [it] Italian (Vincenzo Campanella)
+ [ja] Japanese (Takeshi Hamasaki)
+ [pl] Polish (Jakub Bogusz)
+ [sk] Slovak (Marcel Telka)
+ [vi] Vietnamese (Clytie Siddall)
+
+
+fetchmail-6.3.16 (released 2010-04-06, 25574 LoC):
+
+# BUG FIX
+* Fix --interface option, broken in 6.3.15. Reported by Vladmimir Stavrinov.
+ Fixes Debian Bug #576717.
+
+# CHANGE
+* Call OpenSSL_add_all_algorithms(). This is needed to support non-mandatory
+ and non-standard algorithms in certificates.
+ Sjoerd Simons, to fix Debian Bug #576430.
+ OpenSSL 0.9.8* does not load - for instance - the SHA256 digest by default.
+ Reported as OpenSSL RT#2224.
+
+
+fetchmail-6.3.15 (released 2010-03-28, 25572 LoC):
+
+# FEATURE
+* Fetchmail now supports a bad-header command line or rcfile option that takes
+ exactly one argument, accept or reject (default). This specifies how messages
+ with bad headers retrieved from the current server are to be treated.
+
+# BUG FIXES
+* In the rcfile, recognize "local" as abbreviation for "localdomains", as
+ documented. The short form has not ever worked since this feature was added in
+ January 1997. Reported by Frédéric Marchal.
+* Do not close stdout when using mda and "bsmtp -" at the same time.
+* Log operating system errors when BSMTP writes fail.
+* Fix verbose mode progress formatting regression from 6.3.10; SMTP trace lines
+ were no longer on a line of their own. Reported by Melchior Franz.
+* Check seteuid() return value and abort running MDA if switch fails.
+* Set global flags in a consistent manner. Make --nosoftbounce and
+ --nobounce work from command line (these used to work in rcfiles).
+ Reported and fix confirmed working by N.J. Mann. (Sunil Shetye)
+* Properly import h_errno declarations, even on systems where h_errno isn't a
+ macro. (Adds ./configure check, fixes Cygwin dllimport warnings.)
+
+# CHANGES
+* The repository has been converted and moved from the Subversion (SVN) format
+ kindly hosted by Graham Wilson over the past years to Git format hosted on
+ Gitorious.org. My deepest thanks to Graham Wilson for this service that
+ kept us going when BerliOS's Subversion service was faulty in its early days.
+* This opportunity was used to convert BRANCH_6-2 and BRANCH_1-9-9 to
+ GnuPG-signed tags, as a sign that these are now closed.
+* The outdated SVN trunk is now called "oldtrunk" in Git just to save the work
+ for future reference. All development in the past few years was on BRANCH_6-3.
+* master was branched from BRANCH_6-3. BRANCH_6-3 is now obsolete (and in fact
+ was also converted to a tag to record where the conversion from SVN to Git
+ took place).
+* "make check" now skips HTML validation if xmllint or XHTML DTD are missing.
+
+# DOCUMENTATION
+* Web site and documentation were adjusted to reflect the SVN->Git move.
+* The fetchmail manual page is now much clearer on the user id switching
+ (seteuid) when using --mda while running as the super user.
+
+# TRANSLATION UPDATES, by language name
+* [zh_CN] Chinese (Simplified), by Ji Zheng-Yu
+* [cs] Czech, by Petr Pisar
+* [nl] Dutch, by Erwin Poeze
+* [fr] French, by Frédéric Marchal
+* [de] German
+* [id] Indonesian, by Andhika Padmawan
+* [it] Italian, by Vincenzo Campanella
+* [ja] Japanese, by Takeshi Hamasaki
+* [pl] Polish, by Jakub Bogusz
+* [vi] Vietnamese, by Clytie Siddall
+
+
+fetchmail 6.3.14 (released 2010-02-05, 25487 LoC):
+
+# SECURITY FIXES
+* CVE-2010-0562: SSL/TLS certificate information is now also reported properly
+ on computers that consider the "char" type signed. Fixes malloc() buffer
+ overrun. Workaround for older versions: do not use verbose mode.
+ See fetchmail-SA-2010-01.txt for details, including a minimal patch.
+
+# BUG FIXES
+* The IMAP client no longer skips messages from several IMAP servers including
+ Dovecot if fetchmail's "idle" is in use. Causes were that fetchmail (a)
+ ignored some untagged responses when it should not (b) relied on EXISTS
+ messages in response to EXPUNGE, which aren't mandated by RFC-3501 (the IMAP
+ standard) and aren't sent by Dovecot either.
+ Fix by Sunil Shetye (the fix also consolidates IMAP response handling,
+ improving overall robustness of the IMAP client), bug report and testing by
+ Matt Doran, with further hints from Timo Sirainen.
+* The SMTP client now recovers from errors (such as servers dropping the
+ connection after errors) when sending an RSET command.
+ Fix by Sunil Shetye. Report by James Moe.
+* The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH UNSEEN NOT
+ DELETED" again on IMAP2, to fix a regression in fetchmail 6.2.5 reported by
+ Will Stringer in June 2004. (Sunil Shetye)
+* The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4 and IMAP4r1
+ servers (Sunil Shetye).
+* Workaround: The IMAP client now falls back to "FETCH n:m FLAGS" if the server
+ does not support "SEARCH". (Sunil Shetye)
+* The IMAP client now requests message numbers in batches of 1,000 to avoid
+ problems if there are more than 1860 unseen messages. (Sunil Shetye)
+ Note that this wasn't security relevant because fetchmail would only read up
+ to the maximum buffer size and leave the remainder of the string unread, going
+ out of synch afterwards.
+* Stricter validation of IMAP responses containing byte or message counts.
+
+# CHANGES
+* Only include gssapi.h if we're not including gssapi/gssapi.h, to fix a FreeBSD
+ compiler warning about gssapi.h being obsolete.
+
+# DOCUMENTATION
+* The README.SSL document was revised for grammar, spelling, and clarity.
+ Courtesy of Robert Mullin.
+
+# TRANSLATION UPDATES
+* [it] Italian, by Vincenzo Campanella
+
+
+
+fetchmail 6.3.13 (released 2009-10-30, 25333 LoC):
+
+# REGRESSION FIXES
+* The multiline SMTP error fix in release 6.3.12 caused fetchmail to lose
+ message codes 400..599 and treat all of these as temporary error. This would
+ cause messages to be left on the server even if softbounce was turned off.
+ Reported by Thomas Jarosch.
+
+# TRANSLATION UPDATES
+* [cs] Czech, by Petr Pisar
+* [zh_CN] Chinese (simplified), by Ji ZhengYu
+* [nl] Dutch, by Erwin Poeze
+* [id] Indonesian, by Andhika Padmawan
+* [ja] Japanese, by Takeshi Hamasaki
+* [pl] Polish, by Jakub Bogusz
+* [es] Spanish (Castilian), by Franciso Molinero
+* [vi] Vietnamese, by Clytie Siddall
+
+
+fetchmail 6.3.12 (released 2009-10-05):
+
+# REGRESSION FIXES
+* The CVE-2009-2666 fix in fetchmail release 6.3.11 caused a free() of
+ unallocated memory on SSL connections, which caused crashes or program aborts
+ on some systems (depending on how initialization and free() of unallocated
+ memory is handled in compiler and libc).
+ Workaround for older versions: run in verbose mode.
+ Patch courtesy of Thomas Heinz, fixes Gentoo Bug #280760.
+ This regression affected only the 6.3.11 release, but not the patch that was
+ part of the security announcement fetchmail-SA-2009-01.
+
+# BUG FIXES
+* Fix error reporting for GSSAPI on Heimdal (h5l) Kerberos.
+* Look for MD5_Init in libcrypto rather than libssl, fixes Gentoo Kerberos
+ builds; fixes upstream parts of Gentoo Bugs #231400 and #185652, and fixes
+ BerliOS Bug #16134.
+* Report multiline SMTP errors properly, reported by Earl Chew; fixes Debian Bug
+ #529899, reported by Akihiro Terasaki.
+ Note: This fix introduced a regression, fixed in 6.3.13.
+* Replace control characters in SMTP replies by '?'.
+* Fetchmailconf: Fix descriptions for smtpaddress and smtpname options;
+ smtpaddress is for RCPT TO, not MAIL FROM. Found by Gerard Seibert.
+
+# TRANSLATION UPDATES AND ADDITIONS (ordered by language name):
+* [ca] Catalan (Ernest Adrogué Calveras)
+* [zh_CN] Chinese/Simplified (Ji ZhengYu)
+* [cs] Czech (Petr Pisar)
+* [ja] Japanese (Takeshi Hamasaki)
+* [pl] Polish (Jakub Bogusz)
+* [es] Spanish/Castilian (Francisco Molinero)
+* [vi] Vietnamese (Clytie Siddall)
+
+
+fetchmail 6.3.11 (released 2009-08-06):
+
+# SECURITY BUGFIXES
+* CVE-2009-2666: SSL NUL prefix impersonation attack through NULs in a
+ part of a X.509 certificate's CommonName and subjectAltName fields. These
+ fields use opaque strings with a separate length field, so that the NUL
+ character isn't a special character inside the certificate. Fetchmail, being
+ written in the C language, used to treat these strings as C strings
+ nonetheless, so that the domain comparison would end at the first embedded NUL
+ character, rather than at the real end of the string.
+ Fetchmail will now abort certificate verification as failed if NULs are
+ encountered inside either of these fields regardless of their position, and
+ drop the connection even if --sslcertck is not used, because NUL is not a
+ valid character in legitimate DNS names.
+ See fetchmail-SA-2009-01.txt for details, including a minimal patch.
# BUGFIXES
* Remove the spurious message "message delimiter found while scanning headers".
RFC-5322 syntax states that the delimiter is part of the body, and the body is
optional.
+* Convert all non-printable characters in certificate Subject/Issuer
+ Common Name or Subject Alternative Name fields to ANSI-C hex escapes (\xnn,
+ where nn are hex digits).
+ Note that this change introduces a regression, fixed in 6.3.12.
+ See the 6.3.12 documentation above for details and a workaround.
# TRANSLATION UPDATES AND ADDITIONS (ordered by language name):
* [zh_CN] Chinese/Simplified (Ji ZhengYu)
res_search() and dn_skipname() are only used together and scheduled for
removal in future versions, so this is probably fine.
* No longer complain about invalid sslproto "" when POP3 CAPA probe fails.
- Fixes Debian Bug#421446 (Holger Leskien), Novell Bug #247233 (Jon Nelson).
+ Fixes Debian Bug#421446 (Holger Leskien), Novell Bug #247233 (Jon Nelson),
+ Red Hat Bug#503881.
Thanks to Matthias Strauß for a configuration to reproduce the issue.
* Allow .fetchmailrc and .fetchids to be symlinks, as the manpage does not
document they aren't allowed - fixes Debian Bug #452907 (Roger Leigh).
a MySQL/Tcl-based client-side "delete-after" feature.
Kindly donated by Yoo GmbH, Großvoigtsberg, Germany (Carsten Ralle).
-# KNOWN BUGS AND WORKAROUNDS:
- (this section floats upwards through the NEWS file so it stays with the
- current release information)
-* fetchmail does not handle messages without Message-ID header well
- (See sourceforge.net bug #780933)
-* BSMTP is mostly untested and errors can cause corrupt output.
-* Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
- 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit
- fetchmail. Note that fetchmail doesn't take advantage of 64-bit code,
- so compiling 32-bit SPARC code should not cause any difficulties.
-* fetchmail does not track pending deletes over crashes
-* the command line interface is a bit narrow-minded sometimes, for instance,
- fetchmail -s doesn't work with a running daemon
-* some of the logging output is not very helpful
-* some of the documentation is still not up to date
-
-
fetchmail 6.3.7 (released 2007-02-18):