(The `lines' figures total .c, .h, .l, and .y files under version control.)
+* Updated Spanish, Turkish, and German translation files.
+* Matthew Gregan's patch to handle garbage lengths from dbmail;
+ closes Debian bug #207919.
+* Fix IMAP query so new-message count doesn't include deleted messages.
+* Man page typo fix, closes Debian bug #205892.
+* OpenSSL cleanup patches fro levinedl@acm.org.
+* Benjamin Drieu's patch to fix Debian bug #212240, no oversized-nmessage
+ flushing if both "flush" and "limit" were specified.
+* rfc822.c fixes for CAN-2003-0790 and CAN-2003-0792 potential
+ remote DOS attack vulnerabilities.
+
fetchmail-6.2.4 (Wed Aug 13 04:27:35 EDT 2003), 22625 lines:
* Updated German, Spanish, Catalan, and Turkish translations.
### In Red Hat 9, this file includes a reference to <krb5.h>, so we
### force the Kerberos direcory onto the include path so it will build.
echo "Enabling OpenSSL support in $with_ssl"
- CEFLAGS="$CEFLAGS -I$with_ssl/include/openssl -I/usr/kerberos/include"
+ CEFLAGS="$CEFLAGS -I$with_ssl/include -I/usr/kerberos/include"
### OpenBSD comes with ssl headers
elif test -r /usr/include/ssl/ssl.h
then
Page</a></td>
<td width="30%" align="center">To <a href="/~esr/sitemap.html">Site
Map</a></td>
-<td width="30%" align="right">$Date: 2003/08/06 04:31:10 $</td>
+<td width="30%" align="right">$Date: 2003/10/10 09:39:55 $</td>
</tr>
</table>
messages seen or delete them. The solution is to either (a) wait
for the other client to finish, or (b) terminate it.</p>
-<p>James Stevens <James.Stevens@kyzo.com> writes:</p>
+<p>James Stevens <James.Stevens at kyzo.com> writes:</p>
<p><em>We had a Linux box dialing the Net and collecting mail from
an NT POP3 server. Fetchmail was correctly collecting and deleting
Page</a></td>
<td width="30%" align="center">To <a href="/~esr/sitemap.html">Site
Map</a></td>
-<td width="30%" align="right">$Date: 2003/08/06 04:31:10 $</td>
+<td width="30%" align="right">$Date: 2003/10/10 09:39:55 $</td>
</tr>
</table>
.TP
.B \-s | \-\-silent
Silent mode. Suppresses all progress/status messages that are
-normally echoed to standard error during a fetch (but does not
+normally echoed to standard output during a fetch (but does not
suppress actual error messages). The --verbose option overrides this.
.TP
.B \-v | \-\-verbose
\&\fI.fetchmailrc\fR. This option is forced on with ETRN and ODMR.
.TP
.B \-F | \-\-flush
-POP3/IMAP only. Delete old (previously retrieved) messages from the mailserver
-before retrieving new messages. This option does not work with ETRN or
-ODMR. In combination with the --limit option, --flush can be used to
-delete oversized messages waiting on the server.
-Warning: if your local MTA hangs and fetchmail is aborted, the next
-time you run fetchmail, it will delete mail that was never delivered to you.
-What you probably want is the default setting: if you don't specify `-k', then
-fetchmail will automatically delete messages after successful delivery.
+POP3/IMAP only. Delete old (previously retrieved) messages from the
+mailserver before retrieving new messages. This option does not work
+with ETRN or ODMR. Warning: if your local MTA hangs and fetchmail is
+aborted, the next time you run fetchmail, it will delete mail that was
+never delivered to you. What you probably want is the default
+setting: if you don't specify `-k', then fetchmail will automatically
+delete messages after successful delivery.
.SS Protocol and Query Options
.TP
.B \-p <proto> | \-\-protocol <proto>
#if defined(STDC_HEADERS)
#include <stdlib.h>
#include <limits.h>
+#include <errno.h>
#endif
#include "fetchmail.h"
#include "socket.h"
memset(unseen_messages, 0, count * sizeof(unsigned int));
unseen = 0;
- gen_send(sock, "SEARCH UNSEEN");
+ /* don't count deleted messages, in case user enabled keep last time */
+ gen_send(sock, "SEARCH UNSEEN NOT DELETED");
do {
ok = gen_recv(sock, buf, sizeof(buf));
if (ok != 0)
/*
* Try to extract a length from the FETCH response. RFC2060 requires
* it to be present, but at least one IMAP server (Novell GroupWise)
- * botches this.
+ * botches this. The overflow check is needed because of a broken
+ * server called dbmail that returns huge garbage lengths.
*/
- if ((cp = strchr(buf, '{')))
- *lenp = atoi(cp + 1);
+ if ((cp = strchr(buf, '{'))) {
+ errno = 0;
+ *lenp = (int)strtol(cp + 1, (char **)NULL, 10);
+ if (errno == ERANGE && (*lenp == LONG_MAX || *lenp == LONG_MIN))
+ *lenp = -1; /* length is too big/small for us to handle */
+ }
else
*lenp = -1; /* missing length part in FETCH reponse */
char *fingerprint, char *servercname, char *label)
{
SSL *ssl;
+ struct stat randstat;
+ int i;
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
+#ifdef SSL_ENABLE
+ if (stat("/dev/random", &randstat) &&
+ stat("/dev/urandom", &randstat)) {
+ /* Neither /dev/random nor /dev/urandom are present, so add
+ entropy to the SSL PRNG a hard way. */
+ for (i = 0; i < 10000 && ! RAND_status (); ++i) {
+ char buf[4];
+ struct timeval tv;
+ gettimeofday (&tv, 0);
+ buf[0] = tv.tv_usec & 0xF;
+ buf[2] = (tv.tv_usec & 0xF0) >> 4;
+ buf[3] = (tv.tv_usec & 0xF00) >> 8;
+ buf[1] = (tv.tv_usec & 0xF000) >> 12;
+ RAND_add (buf, sizeof buf, 0.1);
+ }
+ }
+#endif /* SSL_ENABLE */
+
+
if( sock < 0 || sock > FD_SETSIZE ) {
report(stderr, GT_("File descriptor out of range for SSL") );
return( -1 );