X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=NEWS;h=bcf2537bc1deebf1256081b462c07c2430b8bd47;hb=aee0a1be4163b06ae8d32dff93d13a87668423b3;hp=3b698e7f191e3174a7905b34c7513224c14cc190;hpb=bf62e6236f6c82871e493b65d56c1fe7680f74ad;p=~andy%2Ffetchmail diff --git a/NEWS b/NEWS index 3b698e7f..bcf2537b 100644 --- a/NEWS +++ b/NEWS @@ -19,6 +19,8 @@ removed from a 6.4.0 or newer release.) * The monitor and interface options may be removed from a future fetchmail version as they are not reasonably portable across operating systems. * POP2 is obsolete, support will be removed from a future fetchmail version. +* IMAP2 and IMAP4 (not IMAP4r1) are obsolete, support may be removed from a + future fetchmail version. * RPOP is obsolete, support will be removed from a future fetchmail release. * --sslcertck will become a default setting in a future fetchmail version. * The multidrop To/Cc guessing code along with the fragile duplicate suppressor @@ -35,6 +37,8 @@ removed from a 6.4.0 or newer release.) * The "protocol auto" default inside fetchmail may be removed from a future fetchmail release. Explicit configuration of the protocol is recommended. * Kerberos IV support may be removed from a future fetchmail release. +* Kerberos 5 support may be removed from a future fetchmail release. +* The --principal option may be removed from a future fetchmail release. * SIGHUP wakeup support may be removed from a future fetchmail release and cause fetchmail to terminate - it was broken for many years. * Support for operating systems that are not sufficiently POSIX compliant may be @@ -45,10 +49,255 @@ removed from a 6.4.0 or newer release.) requirements (dependencies), such as Boost or other class libraries. * The softbounce option default will change to "false" in the next release. * The --bsmtp - mode of operation may be removed in a future release. +* Given that OpenSSL is severely underdocumented, and needs license exceptions, + fetchmail may switch to a different SSL library. +* SSLv2 support will be removed from a future fetchmail release. It has been + obsolete for more than a decade. -------------------------------------------------------------------------------- -fetchmail 6.3.15 (not yet released): +fetchmail-6.3.20 (not yet released): + +# CHANGES +* fetchmail now always uses its own MD5 implementation. The library and header + variants are too diverse, and we've been bitten before -- and configure + complains noisily on Cyrus-SASL's RFC1321 md5.h. +* fetchmail now supports an environment variable to suppress marking deleted + messages as seen at the same time, FETCHMAIL_IMAP_DELETED_REMAINS_UNSEEN. + See the manual page for details. Requested by Jonathan Buschmann. +* fetchmail sets Internet domain sockets to "keepalive" mode now. Note that + there is no portable way to configure actual timeouts for this mode, and some + systems only support a system-wide timeout setting. + +# BUG FIXES +* Call strlen() only once when removing CRLF from a line. (Sunil Shetye) +* Do not search for UNSEEN messages in ranges. Usually, there are very few new + messages and most of the range searches result in nothing. Instead, split the + long response to make the IMAP driver think that there are multiple lines of + response. (Sunil Shetye) +* Do not print "skipping message" for old messages even in verbose mode. If + there are too many old messages, the logs just get filled without any real + activity. (Sunil Shetye) (suggested by Yunfan Jiang) + +# TRANSLATION UPDATES + [ja] Japanese (Takeshi Hamasaki) + + +fetchmail-6.3.19 (released 2010-12-10, 25945 LoC): + +# ERRATUM NOTICE ISSUED +* fetchmail 6.3.18 contains several bug fixes that were considered sufficiently + grave to warrant the issue of an erratum notice, fetchmail-EN-2010-03.txt. + +# BUG FIXES +* When specifying multiple local multidrop lists, do not lose wildcard flag. + (Affects "user foo is bar baz * is joe here") +* In multidrop configurations, an asterisk can now appear anywhere in the list + of local users, not just at the end. +* In multidrop mode, header parsing is now more verbose in -vv mode, so that it + becomes possible to see which header is used. +* Make --antispam work from command line (these used to work in rcfiles). + Reported by Kees Bakker, BerliOS Bug #17599. (Sunil Shetye) +* Smoke test XHTML 1.1 validation, and if it fails, skip validating HTML + documents. Skip validating Mailbox-Names-UTF7.html. Several systems have + broken XHTML 1.1 DTD installations that jeopardize the build. + Reported by Mihail Nechkin against FreeBSD port. + Workaround for 6.3.18: build in a separate directory, i. e: + mkdir build && cd build && ../configure --options-go-here +* Send a NOOP only after a failed STARTTLS in IMAP. (Sunil Shetye) +* Demote GSSAPI verbose/debug syslog to INFO severity. Requested by Carlos E. R. + and Derek Simkowiak via the fetchmail-users@ mailing list. +* Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory even if the + server capabilities do not show support for upgradation to TLS. + To use this, configure --sslproto tls1. (Sunil Shetye) +* IMAP: Understand empty strings as FETCH response, seen on Yahoo. Reported by + Yasin Malli to fetchmail-users@ 2010-12-10. + Note that fetchmail continues to expect literals as FETCH response for now. + +# DOCUMENTATION +* The manual page now links to IANA for GSSAPI service names. + +# TRANSLATION UPDATES + [cs] Czech (Petr Pisar) + [fr] French (Frédéric Marchal) + [de] German + [it] Italian (Vincenzo Campanella) + [pl] Polish (Jakub Bogusz) + +# KNOWN BUGS AND WORKAROUNDS + (this section floats upwards through the NEWS file so it stays with the + current release information - however, it was stuck with 6.3.8 for a while) +* fetchmail does not handle messages without Message-ID header well + (See sourceforge.net bug #780933) +* BSMTP is mostly untested and errors can cause corrupt output. +* Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in + 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit + fetchmail. Note that fetchmail doesn't take advantage of 64-bit code, + so compiling 32-bit SPARC code should not cause any difficulties. +* fetchmail does not track pending deletes over crashes. +* the command line interface is sometimes a bit stubborn, for instance, + fetchmail -s doesn't work with a daemon running. +* Linux systems may return duplicates of an IP address in some circumstances if + no or no global IPv6 addresses are configured. + (No workaround. Ubuntu Bug#582585, Novell Bug#606980.) +* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error + messages. This will not be fixed, because the maintainer has no Kerberos 5 + server to test against. Use GSSAPI. + + +fetchmail-6.3.18 (released 2010-10-09, 25936 LoC): + +# SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE +* Fetchmail now only accepts wildcard certificate common names and subject + alternative names if they start with "*.". Previous versions would accept + wildcards even if no period followed immediately. +* Fetchmail now disallows wildcards in certificates to match domain literals + (such as 10.9.8.7), or wildcards in domain literals ("*.168.23.23"). + The test is overly picky and triggers if the pattern (after skipping the + initial wildcard "*") or domain consists solely of digits and dots, and thus + matches more than needed. +* Fetchmail now disallows wildcarding top-level domains. + +# CRITICAL BUG FIXES AND REGRESSION FIXES +* Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to obtain MD5* + functions, as an effect of an undocumented Solaris MD5 fix. + This caused all MD5-related functions to malfunction if, for instance, + libmd5.so was installed on other operating systems as part of libwww on + machines where long isn't 32-bits, i. e. usually on 64-bit computers. + Fixes Gentoo Bug #319283, reported, including libwww hint, by Karl Hakimian. + Side effect: fetchmail will now use -lmd on Solaris rather than -lmd5. +* Fetchmail 6.3.17 warned about insecure SSL/TLS connections even if a matching + --sslfingerprint was specified. This is an omission from an SSL usability + change made in 6.3.17. + Fixes Debian Bug#580796 reported by Roland Stigge. +* Fetchmail will now apply timeouts to the authentication stage. + This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3. + Reported missing by Thomas Jarosch. +* Fetchmail now cancels GSSAPI authentication properly when encountering GSS + errors, such as no or unsuitable credentials. + It now sends an asterisk on a line by its own, as required in SASL. + This fixes protocol synchronization issues that cause Authentication + failures, often observed with kerberized MS Exchange servers. + Fixes Debian Bug #568455 reported by Patrick Rynhart, and Alan Murrell, to the + fetchmail-users list. Fix verified by Thomas Voigtmann and Patrick Rynhart. + +# BUG FIXES +* Fetchmail will no longer print connection attempts and errors for one host + in "silent" and "normal" logging modes, unless all connections fail. This + should reduce irritation around refused-connection logging if services are + only on an IPv4 socket if the host also supports IPv6. Often observed as + connections refused to ::1/25 when the subsequent connection to 127.0.0.1/25 + then - silently - succeeds. Fetchmail, unless in verbose mode, will collect + all connect errors and only report them if all of them fail. +* Fetchmail will not try GSSAPI authentication automatically, unless it has GSS + credentials. However, if GSSAPI authentication is requested explicitly, + fetchmail will always try it. +* Fetchmail now parses response to "FETCH n:m RFC822.SIZE" and "FETCH n + RFC822.HEADER" in a more flexible manner. (Sunil Shetye) +* The manual page clearly states that --principal is for Kerberos 4 only, not + for Kerberos 5 or GSSAPI. Found by Thomas Voigtmann. + +# CHANGES +* When encountering incorrect headers, fetchmail will refer to the bad-header + option in the manpage. + Fixes BerliOS Bug #17272, change suggested by Björn Voigt. +* Fetchmail now decodes and reports GSSAPI status codes upon errors. +* Fetchmail now autoprobes NTLM also for POP3. +* The Fetchmail FAQ has a new item #R15 on authentication failures. + +# INTERNAL CHANGES +* The common NTLM authentication code was factored out from pop3.c and imap.c. + +# TRANSLATION UPDATES + [zh_CN] Chinese/simplified (Ji Zheng-Yu) + [cs] Czech (Petr Pisar) + [nl] Dutch (Erwin Poeze) + [fr] French (Frédéric Marchal) + [de] German + [it] Italian (Vincenzo Campanella) + [ja] Japanese (Takeshi Hamasaki) + [pl] Polish (Jakub Bogusz) + [sk] Slovak (Marcel Telka) + + +fetchmail-6.3.17 (released 2010-05-06, 25767 LoC): + +# SECURITY FIX +* CVE-2010-1167: Fetchmail before release 6.3.17 did not properly sanitize + external input (mail headers and UID). When a multi-character locale (such as + UTF-8) was in use, this could cause memory exhaustion and thus a denial of + service, because fetchmail's report.c functions assumed that non-success of + [v]snprintf was due to insufficient buffer size allocation. It would then + repeatedly reallocate a larger buffer and fail formatting again. + See fetchmail-SA-2010-02.txt. + +# FEATURES +* Fetchmail now supports a --sslcertfile option to specify a "CA bundle" + file (a file that contains trusted CA certificates). Since these bundled CA + files do not require c_rehash to be run, they are easier to use and immune to + OpenSSL library updates that affect the hash function. +* Fetchmail now supports a FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS + environment variable to force loading the default SSL CA certificate + locations even if --sslcertfile or --sslcertpath is used. + If neither option is in effect, fetchmail loads the default locations. + +# REGRESSION FIX +* Fix string handling in rcfile scanner, which caused fetchmail to misparse a + run control file in certain circumstances. Fixes BerliOS bug #14257. + Patch by Michael Banack. This fixes a regression introduced before 6.3.0. + +# BUG FIXES +* Plug memory leak when using a "defaults" entry in the run control file. +* Do not print SSL certificate mismatches unless verbose or --sslcertck is + enabled. +* Do not lose "set invisible" in fetchmailconf. (Michael Barnack) + +# CHANGES +* Usability: SSL certificate chains are fully printed in -v -v mode, and there + are now helpful pointers to --sslcertpath and c_rehash for "unable to get + local issuer certificate" and self-signed certificates -- these usually hint + to missing root signing CAs in the certs directory. +* Several fixes for compiler (GCC, Intel C++, CLang) and autotools warnings +* Memory allocation failures will now cause abnormal program abort (SIGABRT), + no longer an exit with unspecified code. +* Print a warning if certificate verification failed and the user did not + specify --sslcertck. + +# DOCUMENTATION +* Fix table of global option to read "set softbounce" where there used to be a + 2nd copy of "set spambounce". Patch by Michael Banack, BerliOS Bug #17067. +* In the --sslcertpath description, mention that OpenSSL upgrade (and a 0.9.X + to 1.0.0 upgrade in particular) may require running c_rehash. + +# TRANSLATION UPDATES + [zh_CN] Chinese/simplified (Ji Zheng-Yu) + [cs] Czech (Petr Pisar) + [nl] Dutch (Erwin Poeze) + [fr] French (Frédéric Marchal) + [de] German + [id] Indonesian (Andhika Padmawan) + [it] Italian (Vincenzo Campanella) + [ja] Japanese (Takeshi Hamasaki) + [pl] Polish (Jakub Bogusz) + [sk] Slovak (Marcel Telka) + [vi] Vietnamese (Clytie Siddall) + + +fetchmail-6.3.16 (released 2010-04-06, 25574 LoC): + +# BUG FIX +* Fix --interface option, broken in 6.3.15. Reported by Vladmimir Stavrinov. + Fixes Debian Bug #576717. + +# CHANGE +* Call OpenSSL_add_all_algorithms(). This is needed to support non-mandatory + and non-standard algorithms in certificates. + Sjoerd Simons, to fix Debian Bug #576430. + OpenSSL 0.9.8* does not load - for instance - the SHA256 digest by default. + Reported as OpenSSL RT#2224. + + +fetchmail-6.3.15 (released 2010-03-28, 25572 LoC): # FEATURE * Fetchmail now supports a bad-header command line or rcfile option that takes @@ -64,8 +313,9 @@ fetchmail 6.3.15 (not yet released): * Fix verbose mode progress formatting regression from 6.3.10; SMTP trace lines were no longer on a line of their own. Reported by Melchior Franz. * Check seteuid() return value and abort running MDA if switch fails. -* Set global flags in a consistent manner. Make --nosoftbounce work. Reported by - N.J. Mann. (Sunil Shetye) +* Set global flags in a consistent manner. Make --nosoftbounce and + --nobounce work from command line (these used to work in rcfiles). + Reported and fix confirmed working by N.J. Mann. (Sunil Shetye) * Properly import h_errno declarations, even on systems where h_errno isn't a macro. (Adds ./configure check, fixes Cygwin dllimport warnings.) @@ -78,7 +328,10 @@ fetchmail 6.3.15 (not yet released): GnuPG-signed tags, as a sign that these are now closed. * The outdated SVN trunk is now called "oldtrunk" in Git just to save the work for future reference. All development in the past few years was on BRANCH_6-3. -* master was branched from BRANCH_6-3 for user convenience. +* master was branched from BRANCH_6-3. BRANCH_6-3 is now obsolete (and in fact + was also converted to a tag to record where the conversion from SVN to Git + took place). +* "make check" now skips HTML validation if xmllint or XHTML DTD are missing. # DOCUMENTATION * Web site and documentation were adjusted to reflect the SVN->Git move. @@ -368,7 +621,8 @@ fetchmail 6.3.9 (released 2008-11-16): res_search() and dn_skipname() are only used together and scheduled for removal in future versions, so this is probably fine. * No longer complain about invalid sslproto "" when POP3 CAPA probe fails. - Fixes Debian Bug#421446 (Holger Leskien), Novell Bug #247233 (Jon Nelson). + Fixes Debian Bug#421446 (Holger Leskien), Novell Bug #247233 (Jon Nelson), + Red Hat Bug#503881. Thanks to Matthias Strauß for a configuration to reproduce the issue. * Allow .fetchmailrc and .fetchids to be symlinks, as the manpage does not document they aren't allowed - fixes Debian Bug #452907 (Roger Leigh). @@ -518,23 +772,6 @@ fetchmail 6.3.8 (released 2007-04-06): a MySQL/Tcl-based client-side "delete-after" feature. Kindly donated by Yoo GmbH, Großvoigtsberg, Germany (Carsten Ralle). -# KNOWN BUGS AND WORKAROUNDS: - (this section floats upwards through the NEWS file so it stays with the - current release information) -* fetchmail does not handle messages without Message-ID header well - (See sourceforge.net bug #780933) -* BSMTP is mostly untested and errors can cause corrupt output. -* Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in - 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit - fetchmail. Note that fetchmail doesn't take advantage of 64-bit code, - so compiling 32-bit SPARC code should not cause any difficulties. -* fetchmail does not track pending deletes over crashes -* the command line interface is a bit narrow-minded sometimes, for instance, - fetchmail -s doesn't work with a running daemon -* some of the logging output is not very helpful -* some of the documentation is still not up to date - - fetchmail 6.3.7 (released 2007-02-18):