<meta name="description" content="The Fetchmail Project">
<meta name="keywords" content="fetchmail, pop3, imap, email, mail">
<meta name="MSSmartTagsPreventParsing" content="TRUE">
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Fetchmail</title>
</head>
<body>
<table width="100%" cellpadding="0" summary="Canned page header">
<tr>
<td>Fetchmail</td>
-<td align="right"><!-- update date -->2008-06-17</td>
+<td align="right"><!-- update date -->2012-12-23</td>
</tr>
</table>
</div>
<div id="Menu">
- <hr/>
- <a href="index.html" title="Main">Main</a><br />
- <a href="fetchmail-features.html">Features</a><br />
- <a href="fetchmail-man.html">Manual</a><br />
- <a href="fetchmail-FAQ.html" title="Fetchmail FAQ">FAQ</a><br />
- <a href="fetchmail-FAQ.pdf" title="Fetchmail FAQ as PDF">FAQ (PDF)</a><br />
- <a href="design-notes.html">Design Notes</a><br />
- <a href="http://developer.berlios.de/project/showfiles.php?group_id=1824">Download</a><br />
- <a href="http://mknod.org/svn/fetchmail/">Development Code</a><br />
- <a href="http://developer.berlios.de/projects/fetchmail/">Project Page</a><br />
- <hr/>
+ <hr>
+ <a href="index.html" title="Main">Main</a><br>
+ <a href="fetchmail-features.html">Features</a><br>
+ <a href="fetchmail-man.html">Manual</a><br>
+ <a href="fetchmail-FAQ.html" title="Fetchmail FAQ">FAQ</a><br>
+ <a href="fetchmail-FAQ.pdf" title="Fetchmail FAQ as PDF">FAQ (PDF)</a><br>
+ <a href="design-notes.html">Design Notes</a><br>
+ <a href="http://developer.berlios.de/project/showfiles.php?group_id=1824">Download</a><br>
+ <a href="security.html">Security/Errata</a><br>
+ <a href="http://gitorious.org/fetchmail/fetchmail/">Development</a><br>
+ <a href="http://developer.berlios.de/projects/fetchmail/">Project Page</a><br>
+ <hr>
</div>
<div id="Content">
-<img src="bighand.png" width="100" height="71" alt="logo: a hand presenting an envelope" align="right" />
+<img src="bighand.png" width="100" height="71" alt="logo: a hand presenting an envelope" align="right">
<h1>Fetchmail</h1>
-<!--
-<div style="background-color:#ffffff;color:#008000;"> <h1>fetchmail 6.3.6 release candidate #5</h1>
-<p>On 2006-12-19, <a
-href="http://mandree.home.pages.de/fetchmail/">fetchmail-6.3.6-rc5 was released</a>, fixing several annoying bugs. <a href="http://mandree.home.pages.de/fetchmail/NEWS-6.3.6-rc5.txt">Click here for details.</a></p> </div>
--->
-<div style="background-color:#80ff80;color:#000000;">
-<h1>ADDITIONAL FIXES FOR FETCHMAIL 6.3.8 RELEASE</h1>
-<p>New 2008-06-17: After the fetchmail-6.3.8 release described below,
-two denial-of-service vulnerabilities (<a href="#cve-2007-4565">CVE-2007-4565</a>) were discovered, but a new
-release is not yet available. Patches are parts of the security announcements:</p>
-<ul>
- <li><a href="#cve-2008-2711">CVE-2008-2711:</a> <a
- href="fetchmail-SA-2008-01.txt">fetchmail-SA-2008-01.txt</a></li>
- <li><a href="#cve-2007-4565">CVE-2007-4565:</a> <a
- href="fetchmail-SA-2007-02.txt">fetchmail-SA-2007-02.txt</a></li>
-</ul>
-<p>On 2008-04-24, the <a href="fetchmail-FAQ.html">FAQ</a> <a
- href="fetchmail-FAQ.pdf">(also available as PDF)</a>, <a
- href="fetchmail-man.html">manual page</a> and <a href="fetchmail-SA-2007-01.txt">fetchmail-SA-2007-01.txt (CVE-2007-1558)</a> have been revised.</p>
-<p>On 2007-04-06, <a href="http://developer.berlios.de/project/showfiles.php?group_id=1824">fetchmail-6.3.8
-was released (this is the download link),</a> fixing up further fallout from the CVE-2006-5867 fix, fixing long-standing bugs, and strengthening the APOP client in response to CVE-2007-1558. <a href="https://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=12610">Click here to see the change details.</a></p> </div>
-
-<div style="background-color:#ffff80;color:#000000;font-size:80%;"> <h1>FETCHMAIL 6.2.X UNSUPPORTED AND VULNERABLE - USE 6.3.X INSTEAD</h1>
-<p>fetchmail 6.2.X versions are susceptible to CVE-2006-5867 and CVE-2007-1558 and should be replaced by the most current 6.3.X version. Support has been discontinued as of 2006-01-22.</p>
-
-<!--
-<p>On 2006-01-22, fetchmail 6.2.X has reached end of its support life. No
-further releases of 6.2.X versions will be made and no bug reports for 6.2.X
-will be accepted unless the bug persists in the 6.3.X releases. Users are asked
-to upgrade to the most current 6.3.X release; care was taken to keep 6.3.X as
-compatible as possible with 6.2.X to ensure a smooth upgrade experience. See
-above for 6.3.X release news.</p>
--->
+<div style="background-color:#c0ffc0;color:#000000;">
+ <h1>NEWS: FETCHMAIL 6.3.24 RELEASE</h1>
+ <p>On 2012-12-23, <a
+ href="http://developer.berlios.de/project/showfiles.php?group_id=1824&release_id=19227">fetchmail-6.3.24
+ has been released (this is the download link),</a> fixing a
+ minor regression and a memory leak.
+ <br>It is a recommended update for all users and distributors. <a
+ href="http://developer.berlios.de/project/shownotes.php?group_id=1824&release_id=19227">Click
+ here to see the change details.</a> Note that 6.3.22 fixed
+ security bugs, and is the oldest version that should be used.
+ </p>
+
+ <h1>SSL issues after upgrade to OpenSSL 1.0.0?</h1>
+ <p>If your fetchmail upgrade entails an upgrade of the OpenSSL
+ library to 1.0.0, remember to re-run <kbd>c_rehash
+ /path/to/certs</kbd>, where the last part is whatever argument
+ you give to fetchmail's <code>sslcertpath</code> option. Details:
+ please <a
+ href="fetchmail-FAQ.html#R14">see fetchmail's FAQ item
+ R14.</a>.</p>
</div>
-<div style="background-color:#ff8080;color:#000000;font-size:85%"> <h1>SECURITY ALERTS</h1>
-<p><strong>NEW</strong> <a name="cve-2008-2711" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711">CVE-2008-2711:</a> Fetchmail can <a href="fetchmail-SA-2008-01.txt">crash in verbose mode when logging long message headers.</a> This bug will be fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2008-01.txt">patch contained in the security announcement.</a></p>
-<p><a name="cve-2007-4565" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565">CVE-2007-4565:</a> Fetchmail can <a href="fetchmail-SA-2007-02.txt">crash when the SMTP server refuses a warning message generated by fetchmail.</a> This bug was introduced in fetchmail 4.6.8 and will be fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2007-02.txt">patch contained in this security announcement.</a></p>
-<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558">CVE-2007-1558:</a> Fetchmail's APOP client was found to <a href="fetchmail-SA-2007-01.txt">validate APOP challenges insufficiently, making man-in-the-middle attacks on APOP secrets unnecessarily easier than need be.</a> This bug was long-standing, fetchmail 6.3.8 validates the APOP challenge stricter.</p>
-<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974">CVE-2006-5974:</a> Fetchmail was found to <a href="fetchmail-SA-2006-03.txt">crash when refusing a message that was bound to be delivered by an MDA.</a> This bug was introduced into fetchmail 6.3.5 and fixed in 6.3.6.</p>
-<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867">CVE-2006-5867:</a> Fetchmail was found to <a href="fetchmail-SA-2006-02.txt">omit TLS or send the password in clear text despite the configuration stating otherwise.</a> This was a long-standing bug reported by Isaac Wilcox, fixed in fetchmail 6.3.6. There will be no 6.2.X releases to fix this bug in 6.2.X.</p>
-<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321">CVE-2006-0321:</a> Fetchmail was found to <a href="fetchmail-SA-2006-01.txt">crash after bouncing a message with bad addresses. This bug was introduced with fetchmail 6.3.0 and fixed in fetchmail 6.3.2.</a></p>
-<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348">CVE-2005-4348:</a> Fetchmail was found to contain <a href="fetchmail-SA-2005-03.txt">a bug (null pointer dereference) that can be exploited to a denial of service attack</a> when fetchmail runs in multidrop mode. 6.2.5.5 and 6.3.1 have this bug fixed.</p>
-<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088">CVE-2005-3088:</a> Fetchmailconf was found to <a href="fetchmail-SA-2005-02.txt">open the configuration files world-readable, writing data to them, and only then tightening up permissions</a>, which may cause password information to be visible to other users. This bug affected fetchmail 6.2.0, 6.2.5 and 6.2.5.2. The bug is fixed in fetchmail 6.2.5.4 and 6.3.0.</p>
-<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2335">CVE-2005-2335:</a> Fetchmail was found to contain a <a href="fetchmail-SA-2005-01.txt">remotely exploitable code injection vulnerability (potentially privileged code)</a> in the POP3 code, affecting both the 6.2.0 and 6.2.5 releases. 6.2.5.2, 6.2.5.4 and 6.3.0 have got this bug fixed. (Other versions have not been checked if they contain this bug.)</p>
+<div style="background-color:#ffe0c0;color:#000000;font-size:85%"> <h1>SECURITY ALERTS</h1>
+ <p>These have been moved <a href="security.html">to a separate
+ page (click here for security information)</a> to unclutter the
+ front page.
-<p><strong>Please <a href="http://developer.berlios.de/project/showfiles.php?group_id=1824">update to fetchmail version 6.3.8</a> and apply the two patches from the security announcements CVE-2007-4565 and CVE-2008-2711 above.</strong></p>
+<p style="font-size:100%"><strong>Please <a
+ href="http://developer.berlios.de/project/showfiles.php?group_id=1824">update
+ to the newest fetchmail version</a>.</strong></p>
</div>
<p>See the project's <a href="todo.html">To-Do list</a> for indications
of known problems and requested features.</p>
-<p>The developers use <a
-href="http://subversion.tigris.org/">Subversion</a> for revision control.
-To get the latest development version, point your subversion client at <a
-href="http://mknod.org/svn/fetchmail/trunk/">http://mknod.org/svn/fetchmail/trunk/</a>.</p>
+<p>The developers use <a href="http://git-scm.com/">Git</a> for revision
+control. To browse the repository or to get the latest development version,
+find the instructions at <a href="http://gitorious.org/fetchmail/fetchmail">http://gitorious.org/fetchmail/fetchmail</a>.</p>
-<p>See the <a
-href="http://developer.berlios.de/projects/fetchmail/">project
+<p>See the <a href="http://developer.berlios.de/projects/fetchmail/">project
page</a> for more, including <a
-href="http://developer.berlios.de/project/showfiles.php?group_id=1824">downloads</a>.
-(However, note that we no longer use the subversion repository that Berlios provides.)</p>
+href="http://developer.berlios.de/project/showfiles.php?group_id=1824">downloads</a>.</p>
<h1>Getting help with fetchmail:</h1>
-<p>
-There is a fetchmail-users list for help and other user discussion
+<p>Before submitting a question anywhere, <strong>please read the <a
+href="fetchmail-FAQ.html">FAQ</a></strong> (especially item <a
+href="fetchmail-FAQ.html#G3">G3</a> on how to report problems). We tend to get
+the same three newbie questions over and over again. The FAQ covers them like
+a blanket.</p>
+
+<p>There is a fetchmail-users list for help and other user discussion
of fetchmail. It's a MailMan list, which you can sign up for at <a
href="http://lists.berlios.de/mailman/listinfo/fetchmail-users">
-fetchmail-users@lists.berlios.de</a>. There is also a
+fetchmail-users@lists.berlios.de</a>.
+<br>There is also a
fetchmail-devel list for people who want to discuss fixes and
improvements in fetchmail and help co-develop it. That one is at <a
href="http://lists.berlios.de/mailman/listinfo/fetchmail-devel">
fetchmail-devel@lists.berlios.de</a>.
-Finally, there is an announcements-only list, <a
+
<br>Finally, there is an announcements-only list, <a
href="http://lists.berlios.de/mailman/listinfo/fetchmail-announce">
fetchmail-announce@lists.berlios.de</a>.</p>
-<p>Note: before submitting a question to the lists, <strong>please read
-the <a href="fetchmail-FAQ.html">FAQ</a></strong> (especially item <a
-href="fetchmail-FAQ.html#G3">G3</a> on how to report bugs). We
-tend to get the same three newbie questions over and over again. The
-FAQ covers them like a blanket.</p>
-
<h1>Maintainer History</h1>
<p>Fetchmail originated as a program called <i>popclient</i>, written
by Carl Harris. In 1996, <a href="http://www.catb.org/~esr/">Eric
</div>
-<a href="http://developer.berlios.de">
-<img src="http://developer.berlios.de/bslogo.php?group_id=1824&type=1" width="124" height="32" border="0" alt="BerliOS Logo" align="right" /></a>
-
+<p align="right">
+<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.w3.org/Icons/valid-html401-blue" alt="Valid HTML 4.01 Transitional" height="31" width="88"></a>
+<a href="http://jigsaw.w3.org/css-validator/"> <img style="border:0;width:88px;height:31px" src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="Valid CSS"> </a>
+<a href="http://developer.berlios.de"> <img src="http://developer.berlios.de/bslogo.php?group_id=1824&type=1" width="124" height="32" border="0" alt="BerliOS Logo"></a>
+</p>
</body>
</html>
projects / ~andy / fetchmail / blobdiff