Ready to ship.

svn path=/trunk/; revision=3452

diff --git a/NEWS b/NEWS
index a9e4678e70627fcc294e779c717a0808cf46f220..4b202247cfe986b92fcedeef6ae1f619996c9136 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,12 +2,15 @@
 
 (The `lines' figures total .c, .h, .l, and .y files under version control.)
 
+* Blush...# characters now go to stdout, same place as the dots.
+* Matthias Andree's patch to correct parsing of spaces in quoted usernames.
+
 fetchmail-5.8.17 (Tue Aug  7 20:05:36 EDT 2001), 21056 lines:
 
-* SECURITY FIX: Fixed a security hole that is exploitable if fetchmail is
-  running as root and the attacker can either subvert the mailserver or
-  redirect to a fake one using DNS spoofing.  Bugtraq announcement to follow
-  soon.  Thanks to Salvatore Sanfilippo <antirez@invece.org>.
+* SECURITY FIX: Fixed a security hole that is exploitable if the attacker can 
+  either subvert the mailserver or redirect to a fake one using DNS spoofing.
+  Bugtraq announcement to follow soon.  Thanks to Salvatore Sanfilippo 
+  <antirez@invece.org>.
 * Eliminated second bounce on failed RCPT TO address.
 * Always use fetchmail host's FQDN to identify the daemon when
   sending bounce messages.

diff --git a/rfc822.c b/rfc822.c
index 031b99730c08d3e94e01ec00b8f2b6f7882194b3..7e110707ce9510d2b2ef691bb356214ffbbc290d 100644 (file)
--- a/rfc822.c
+++ b/rfc822.c
@@ -315,6 +315,12 @@ const unsigned char *hdr;  /* header to be parsed, NUL to continue previous hdr *
                state = INSIDE_BRACKETS;
                tp = 0;
            }
+           else if (*hp == '"')        /* quoted word, copy verbatim */
+           {
+               oldstate = state;
+               state = INSIDE_DQUOTE;
+                address[NEXTTP()] = *hp;
+            }
            else if (!isspace(*hp))     /* just take it, ignoring whitespace */
                address[NEXTTP()] = *hp;
            break;

diff --git a/todo.html b/todo.html
index 4137d51fe520cfbc9922ea17f3fad9574ab4496c..4b8957cd7ad01b45244da925265c45f21e97dcaa 100644 (file)
--- a/todo.html
+++ b/todo.html
@@ -10,7 +10,7 @@
 <table width="100%" cellpadding=0><tr>
 <td width="30%">Back to <a href="/~esr">Eric's Home Page</a>
 <td width="30%" align=center>Up to <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 2001/07/31 05:48:06 $
+<td width="30%" align=right>$Date: 2001/08/10 19:03:23 $
 </table>
 <HR>
 <H1 ALIGN=CENTER>Fetchmail Bugs and To-Do Items</H1>
@@ -58,6 +58,10 @@ lock file."
 can get rid of ENABLE_INET6 everywhere but in SockOpen (this will get
 rid of the kluge in rcfile_y.y).
 
+<p>John Summerfield suggests that specifying a localname containing @
+ought to be treated as an smtpname option, with the domain part
+removed for other purposes such as local-address matching.
+
 <p>The <a
 href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=fetchmail&archive=no">Debian
 bug-tracking page for fetchmail</a> lists other bug reports.
@@ -66,7 +70,7 @@ bug-tracking page for fetchmail</a> lists other bug reports.
 <table width="100%" cellpadding=0><tr>
 <td width="30%">Back to <a href="/~esr">Eric's Home Page</a>
 <td width="30%" align=center>Up to <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 2001/07/31 05:48:06 $
+<td width="30%" align=right>$Date: 2001/08/10 19:03:23 $
 </table>
 
 <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com">&lt;esr@thyrsus.com&gt;</A></ADDRESS>