~andy/fetchmail
6 years agoFix typo around forcecr documentation. master
Matthias Andree [Fri, 21 Jun 2013 08:00:12 +0000 (10:00 +0200)]
Fix typo around forcecr documentation.

6 years agoAdd another better logging entry to TODO.txt.
Matthias Andree [Fri, 17 May 2013 16:54:48 +0000 (18:54 +0200)]
Add another better logging entry to TODO.txt.

6 years agoMerge branch 'legacy_63'
Matthias Andree [Sat, 11 May 2013 11:23:01 +0000 (13:23 +0200)]
Merge branch 'legacy_63'

6 years agoRemove comment that confuses splint.
Matthias Andree [Sat, 11 May 2013 11:21:23 +0000 (13:21 +0200)]
Remove comment that confuses splint.

6 years agoFix typo in 'you could [end] up' in FAQ.
Matthias Andree [Sat, 11 May 2013 11:17:10 +0000 (13:17 +0200)]
Fix typo in 'you could [end] up' in FAQ.

Fixes Debian Bug#706776, submitted by David Lawyer.

6 years agoRename SSL token to SSL_ to resolve clash with OpenSSL's type.
Matthias Andree [Thu, 25 Apr 2013 23:56:25 +0000 (01:56 +0200)]
Rename SSL token to SSL_ to resolve clash with OpenSSL's type.

6 years agoC++ compatibility fix for socket.c.
Matthias Andree [Thu, 25 Apr 2013 19:50:04 +0000 (21:50 +0200)]
C++ compatibility fix for socket.c.

6 years agoUpdate to gettext 0.18.
Matthias Andree [Thu, 25 Apr 2013 19:44:39 +0000 (21:44 +0200)]
Update to gettext 0.18.

6 years agoMake SSL_verify callback data local.
Matthias Andree [Thu, 25 Apr 2013 19:29:46 +0000 (21:29 +0200)]
Make SSL_verify callback data local.

Use SSL_set_ex_data() to store a pointer to a local SSL verify state and
config, to avoid global variables.

Call SSL initialization only on first use of SSLOpen().

6 years agoupdate
Matthias Andree [Thu, 25 Apr 2013 07:03:51 +0000 (09:03 +0200)]
update

6 years agoupdate
Matthias Andree [Thu, 25 Apr 2013 06:57:40 +0000 (08:57 +0200)]
update

6 years agoMerge branch 'legacy_63'
Matthias Andree [Wed, 24 Apr 2013 22:32:55 +0000 (00:32 +0200)]
Merge branch 'legacy_63'

Conflicts:
configure.ac
fetchmail.man

6 years agoUpdate for 6.3.26 release.
Matthias Andree [Tue, 23 Apr 2013 21:47:42 +0000 (23:47 +0200)]
Update for 6.3.26 release.

6 years agoMark release date.
Matthias Andree [Tue, 23 Apr 2013 21:36:19 +0000 (23:36 +0200)]
Mark release date.

6 years agoUpdate German translation.
Matthias Andree [Tue, 23 Apr 2013 21:34:00 +0000 (23:34 +0200)]
Update German translation.

6 years agoBump version.
Matthias Andree [Tue, 23 Apr 2013 20:51:25 +0000 (22:51 +0200)]
Bump version.

6 years agoUpdate info on the mimedecode fix.
Matthias Andree [Tue, 23 Apr 2013 20:14:25 +0000 (22:14 +0200)]
Update info on the mimedecode fix.

6 years agoFix mimedecode last-line omission.
Matthias Andree [Fri, 17 Jun 2011 01:11:39 +0000 (03:11 +0200)]
Fix mimedecode last-line omission.

The mimedecode feature failed to ship the last line of the body if it
was encoded as quoted-printable and had a MIME soft line break in the
very last line.  Reported by Lars Hecking in June 2011.

Bug introduced on 1998-03-20 when the mimedecode support was added by
ESR before release 4.4.1 through code contributed by Henrik Storner,
in driver.c.

Workaround for older releases: do not use mimedecode feature.

6 years agoUpdate German translation.
Matthias Andree [Mon, 22 Apr 2013 23:13:11 +0000 (01:13 +0200)]
Update German translation.

6 years agoCleanup: remove dead delflags code.
Matthias Andree [Mon, 22 Apr 2013 22:56:27 +0000 (00:56 +0200)]
Cleanup: remove dead delflags code.

6 years agoAdd Esperanto-language translation.
Matthias Andree [Mon, 22 Apr 2013 22:52:33 +0000 (00:52 +0200)]
Add Esperanto-language translation.

6 years agoMerge branch 'legacy_63'
Matthias Andree [Mon, 22 Apr 2013 22:45:47 +0000 (00:45 +0200)]
Merge branch 'legacy_63'

Conflicts:
.gitignore
checkalias.c
configure.ac
contrib/README
fetchmail.c
fetchmail.man
socket.c

6 years agoUpdate website for 6.3.25 release.
Matthias Andree [Tue, 19 Mar 2013 00:04:10 +0000 (01:04 +0100)]
Update website for 6.3.25 release.

6 years agoPrepare 6.3.25 release.
Matthias Andree [Mon, 18 Mar 2013 23:42:48 +0000 (00:42 +0100)]
Prepare 6.3.25 release.

6 years agoUpdate current translation state as of 2013-03-18
Matthias Andree [Mon, 18 Mar 2013 23:35:45 +0000 (00:35 +0100)]
Update current translation state as of 2013-03-18

6 years agoMake SMTP error handling point to --softbounce.
Matthias Andree [Thu, 7 Mar 2013 19:09:35 +0000 (20:09 +0100)]
Make SMTP error handling point to --softbounce.

The fetchmail manual page now refers the user to --softbounce from the
SMTP/ESMTP ERROR HANDLING section.  Reported by Anton Shterenlikht.

6 years agoRemove obsolete "OpenSSL default fingerprint is MD5" claim.
Matthias Andree [Wed, 6 Mar 2013 14:48:39 +0000 (15:48 +0100)]
Remove obsolete "OpenSSL default fingerprint is MD5" claim.

The fetchmail manual page no longer claims that MD5 were the default OpenSSL
hash format (for use with --sslfingerprint).

Reported by Jakob Wilk, PARTIAL fix for Debian Bug#700266.

6 years agoAdd Esperanto translation.
Matthias Andree [Tue, 19 Feb 2013 00:17:26 +0000 (01:17 +0100)]
Add Esperanto translation.

6 years agoUpdate German translation.
Matthias Andree [Tue, 19 Feb 2013 00:14:29 +0000 (01:14 +0100)]
Update German translation.

6 years agoBump copyright.
Matthias Andree [Tue, 19 Feb 2013 00:08:33 +0000 (01:08 +0100)]
Bump copyright.

6 years agoCredit John Beck's fixes.
Matthias Andree [Mon, 18 Feb 2013 22:30:38 +0000 (23:30 +0100)]
Credit John Beck's fixes.

6 years agoMinor bug fixes for socket.c
John Beck [Mon, 18 Feb 2013 22:25:01 +0000 (23:25 +0100)]
Minor bug fixes for socket.c

While running a static code analysis tool (Parfait) on fetchmail, it found some
bugs:

Error: Memory leak (CWE 401)
   Memory leak of pointer 'plugin_copy' allocated with malloc((plugin_copy_len + 1))
        at line 137 of components/fetchmail/fetchmail-6.3.22/socket.c in function 'parse_plugin'.
          'plugin_copy' allocated at line 107 with malloc((plugin_copy_len + 1)).
          plugin_copy leaks when plugin_copy_offset >= plugin_copy_len at line 114.

Error: Null pointer dereference (CWE 476)
   Read from null pointer 'argvec'
        at line 189 of components/fetchmail/fetchmail-6.3.22/socket.c in function 'handle_plugin'.
          Function 'parse_plugin' may return constant 'NULL' at line 137, called at line 188.
          Null pointer introduced at line 137 in function 'parse_plugin'.
        at line 190 of components/fetchmail/fetchmail-6.3.22/socket.c in function 'handle_plugin'.
          Function 'parse_plugin' may return constant 'NULL' at line 137, called at line 188.
          Null pointer introduced at line 137 in function 'parse_plugin'.

(I realize these are on 6.3.22; I checked and verified that this portion of
the code is the same in 6.3.24.)

The attached patch fixes each of these.

(Note by Matthias Andree:
The NULL pointer dereference fix does not require error reporting,
because parse_plugin() will already have reported the out-of-memory
error that causes the NULL to be returned.)

6 years agoImprove X.509 certificate validation reporting.
Matthias Andree [Wed, 6 Feb 2013 21:25:42 +0000 (22:25 +0100)]
Improve X.509 certificate validation reporting.

* Improved reporting when SSL/TLS X.509 certificate validation has failed,
  working around a not-so-recent swapping of two OpenSSL error codes, and
  a practical impossibility to distinguish broken certification chains from
  missing trust anchors (root certificates).
* OpenSSL decoded errors are now reported through report(), rather than dumped
  to stderr, so that they should show up in logfiles and/or syslog.

6 years agoUpdate
Matthias Andree [Sun, 3 Feb 2013 15:25:58 +0000 (16:25 +0100)]
Update

6 years agoBump version.
Matthias Andree [Sun, 3 Feb 2013 15:25:38 +0000 (16:25 +0100)]
Bump version.

6 years agoIgnore Netbeans data.
Matthias Andree [Sun, 3 Feb 2013 14:57:15 +0000 (15:57 +0100)]
Ignore Netbeans data.

6 years agoWork around systems returning obsolete EAI_NODATA.
Matthias Andree [Sun, 3 Feb 2013 14:54:58 +0000 (15:54 +0100)]
Work around systems returning obsolete EAI_NODATA.

Older systems that provide the older RFC-2553 implementation of
getaddrinfo, rather than the current RFC-3493, and systems that do not
provide this getaddrinfo() interface at all and thus use the replacement
functions from libesmtp/getaddrinfo.?, might return EAI_NODATA when a
host is registered in DNS as MX or similar, but without A or AAAA
records.  Handle this situation when checking for multidrop aliases and
treat EAI_NODATA the same as EAI_NONAME, i. e. name cannot be resolved.

The proper fix, however, is to upgrade the operating system.

6 years agoMake compatible with FreeBSD.
Matthias Andree [Sun, 3 Feb 2013 14:15:52 +0000 (15:15 +0100)]
Make compatible with FreeBSD.

6 years agoAdd new gai.c debug source.
Matthias Andree [Sun, 3 Feb 2013 14:12:07 +0000 (15:12 +0100)]
Add new gai.c debug source.

6 years agoLet distcheck call configure --with-ssl.
Matthias Andree [Fri, 4 Jan 2013 01:40:36 +0000 (02:40 +0100)]
Let distcheck call configure --with-ssl.

6 years agoVersion alpha4.
Matthias Andree [Wed, 2 Jan 2013 23:21:27 +0000 (00:21 +0100)]
Version alpha4.

6 years agoVersion alpha4.
Matthias Andree [Wed, 2 Jan 2013 23:20:22 +0000 (00:20 +0100)]
Version alpha4.

6 years agoAttempt merging from 6.3.24.
Matthias Andree [Wed, 2 Jan 2013 23:11:10 +0000 (00:11 +0100)]
Attempt merging from 6.3.24.

6 years agoUpdate website for 6.3.24.
Matthias Andree [Sun, 23 Dec 2012 17:31:49 +0000 (18:31 +0100)]
Update website for 6.3.24.

6 years agoSign .xz; upload to sf.net; upload .xz to local site.
Matthias Andree [Sun, 23 Dec 2012 16:43:10 +0000 (17:43 +0100)]
Sign .xz; upload to sf.net; upload .xz to local site.

6 years agoUpdate for 6.3.24 release.
Matthias Andree [Sun, 23 Dec 2012 15:47:12 +0000 (16:47 +0100)]
Update for 6.3.24 release.

6 years agoRemove LSM-related stuff from the distribution.
Matthias Andree [Sun, 23 Dec 2012 15:45:59 +0000 (16:45 +0100)]
Remove LSM-related stuff from the distribution.

IBiblio no longer accepts submissions, and considers itself an archive.
There is no point in our carrying forward any related material, if
needed for reference purposes, it can be fetched from older versions in
the Git repository.

6 years agoFix version to 6.3.0.
Matthias Andree [Fri, 14 Dec 2012 00:33:17 +0000 (01:33 +0100)]
Fix version to 6.3.0.

6 years agoComplete Dominik's name.
Matthias Andree [Fri, 14 Dec 2012 00:03:49 +0000 (01:03 +0100)]
Complete Dominik's name.

6 years agoPlug a memory leak in OpenSSL's certificate verification callback.
Matthias Andree [Thu, 13 Dec 2012 22:44:37 +0000 (23:44 +0100)]
Plug a memory leak in OpenSSL's certificate verification callback.

This would affect fetchmail configurations running with SSL in daemon mode
more than one-shot runs.

Reported by Erik Thiele, and pinned by Dominik, Debian Bug #688015.

This bug was introduced into fetchmail 6.2.9 (committed 2005-10-29)
when support for subjectAltName was added through a patch by Roland
Stigge, submitted as Debian Bug#201113.

6 years agoRepair --logfile regression of 6.3.23,
Matthias Andree [Thu, 13 Dec 2012 21:46:32 +0000 (22:46 +0100)]
Repair --logfile regression of 6.3.23,

reported by Heinz Diehl.

6 years agoUpdate for new release.
Matthias Andree [Mon, 10 Dec 2012 21:14:49 +0000 (22:14 +0100)]
Update for new release.

6 years agoRelease 6.3.23.
Matthias Andree [Mon, 10 Dec 2012 21:07:28 +0000 (22:07 +0100)]
Release 6.3.23.

6 years agoPull in translation updates for 6.3.23,
Matthias Andree [Mon, 10 Dec 2012 20:57:50 +0000 (21:57 +0100)]
Pull in translation updates for 6.3.23,

dubbed 6.3.22.2 for translation purposes.

6 years agoMove forward to prepare a 6.3.23 release and request translation.
Matthias Andree [Wed, 5 Dec 2012 21:54:27 +0000 (22:54 +0100)]
Move forward to prepare a 6.3.23 release and request translation.

6 years agoUpdate German translation.
Matthias Andree [Wed, 5 Dec 2012 21:54:27 +0000 (22:54 +0100)]
Update German translation.

6 years agoFix typo in R15, and clarify.
Matthias Andree [Tue, 6 Nov 2012 07:44:50 +0000 (08:44 +0100)]
Fix typo in R15, and clarify.

6 years agoFix typo in R15, and clarify.
Matthias Andree [Tue, 6 Nov 2012 07:44:50 +0000 (08:44 +0100)]
Fix typo in R15, and clarify.

6 years agoFix typo repsonsible -> responsible.
Matthias Andree [Tue, 6 Nov 2012 07:30:50 +0000 (08:30 +0100)]
Fix typo repsonsible -> responsible.

6 years agoFix typo repsonsible -> responsible.
Matthias Andree [Tue, 6 Nov 2012 07:30:50 +0000 (08:30 +0100)]
Fix typo repsonsible -> responsible.

6 years agoMake Maillennium POP3 workarounds less specific,
Matthias Andree [Sat, 13 Oct 2012 22:10:11 +0000 (00:10 +0200)]
Make Maillennium POP3 workarounds less specific,

to encompass Maillennium POP3/UNIBOX (Maillennium V05.00c++). Reported
by Eddie via fetchmail-users mailing list, 2012-10-13.

6 years agoMerge logfile/syslog cleanup from legacy_63 branch.
Matthias Andree [Sun, 23 Sep 2012 12:58:06 +0000 (14:58 +0200)]
Merge logfile/syslog cleanup from legacy_63 branch.

6 years agoClean up logfile vs. syslog handling.
Matthias Andree [Sun, 23 Sep 2012 12:44:25 +0000 (14:44 +0200)]
Clean up logfile vs. syslog handling.

In case logfile overrides syslog, send a message to the latter stating
where logging goes.  Also revise manual page.

6 years agoMention fetchmail-mda-fork.patch on TODO.
Matthias Andree [Thu, 6 Sep 2012 23:51:40 +0000 (01:51 +0200)]
Mention fetchmail-mda-fork.patch on TODO.

6 years agoPark Fabio Rossi's contribution, needs review.
Matthias Andree [Thu, 6 Sep 2012 23:44:39 +0000 (01:44 +0200)]
Park Fabio Rossi's contribution, needs review.

At first glance, it needs to be rediffed/wiggled/updated (it was against 6.3.21
rather than 7.0.0-alpha); and it uses non-portable syscalls - perhaps
waitpit is better.

6 years agoMake APOP timestamp complaint less obtrusive.
Matthias Andree [Thu, 6 Sep 2012 00:06:32 +0000 (02:06 +0200)]
Make APOP timestamp complaint less obtrusive.

6 years agoRevert "Reinstate SSLv2 support on legacy_63 branch."
Matthias Andree [Wed, 5 Sep 2012 23:59:15 +0000 (01:59 +0200)]
Revert "Reinstate SSLv2 support on legacy_63 branch."

This reverts commit aee0a1be4163b06ae8d32dff93d13a87668423b3.

It was inadvertently merged from 6.3.20-6.3.21 changes.

Conflicts:

NEWS
fetchmail.man
po/de.po
socket.c

6 years agoMerge completed - remove from TODO.
Matthias Andree [Wed, 5 Sep 2012 20:43:41 +0000 (22:43 +0200)]
Merge completed - remove from TODO.

6 years agoRevert parallel-tests, breaks on FreeBSD.
Matthias Andree [Wed, 5 Sep 2012 01:57:56 +0000 (03:57 +0200)]
Revert parallel-tests, breaks on FreeBSD.

6 years agoUpdate.
Matthias Andree [Wed, 5 Sep 2012 01:44:36 +0000 (03:44 +0200)]
Update.

6 years agoRemove dead variable.
Matthias Andree [Wed, 5 Sep 2012 01:31:54 +0000 (03:31 +0200)]
Remove dead variable.

6 years agoExploit newer automake/autoconf features.
Matthias Andree [Wed, 5 Sep 2012 01:27:41 +0000 (03:27 +0200)]
Exploit newer automake/autoconf features.

The self-tests now run in parallel, and use coloured output in terminals.

Users can now request a more concise compile with V=0 or by running
./configure --enable-silent-rules. This defaults to off.

6 years agoSimplify copyright.
Matthias Andree [Wed, 5 Sep 2012 01:16:21 +0000 (03:16 +0200)]
Simplify copyright.

6 years agoRediff patch.
Matthias Andree [Wed, 5 Sep 2012 01:07:32 +0000 (03:07 +0200)]
Rediff patch.

6 years agoRebuild po/
Matthias Andree [Wed, 5 Sep 2012 01:06:26 +0000 (03:06 +0200)]
Rebuild po/

6 years agoFix up merge.
Matthias Andree [Wed, 5 Sep 2012 00:59:05 +0000 (02:59 +0200)]
Fix up merge.

6 years agoMerge branch 'legacy_63'
Matthias Andree [Wed, 5 Sep 2012 00:53:54 +0000 (02:53 +0200)]
Merge branch 'legacy_63'

Conflicts:
Makefile.am
NEWS
conf.c
configure.ac
contrib/rawlog.patch
fetchmail-SA-2011-01.txt
fetchmail.man
fm_md5.h
kerberos.c
socket.c
socket.h

6 years agofix another typo, point one URL to CVE.
Matthias Andree [Tue, 4 Sep 2012 20:55:55 +0000 (22:55 +0200)]
fix another typo, point one URL to CVE.

6 years agoFix typo in CVE URLs that rendered two new links useless.
Matthias Andree [Tue, 4 Sep 2012 20:49:42 +0000 (22:49 +0200)]
Fix typo in CVE URLs that rendered two new links useless.

6 years agoObsoletion warning.
Matthias Andree [Mon, 3 Sep 2012 21:12:39 +0000 (23:12 +0200)]
Obsoletion warning.

6 years agoMention Alexander's fix for -f - with --plugin.
Matthias Andree [Mon, 3 Sep 2012 21:08:53 +0000 (23:08 +0200)]
Mention Alexander's fix for -f - with --plugin.

6 years agoFix: combination of --plugin and -f - fails
Alexander Zangerl [Mon, 3 Sep 2012 21:07:47 +0000 (23:07 +0200)]
Fix: combination of --plugin and -f - fails

scenario: you want to remote-control fetchmail, but you don't want to write
passwords into files, so you feed fetchmail a minimal rcfile via stdin with -f
-. this by itself works fine. if you also want or need to use a --plugin (eg.
socat for socks), then things fail badly: the plugin is run without a stdin fd,
hence can't take input from fetchmail, lots of fun ensues.  plugins without -f
- work fine, it's just the combination that fails.

explanation: the root cause is rcfile_y.y, line 493, which closes whatever fd
carried the rcfile. with -f - this closes fetchmail's stdin - and so far that's
unproblematic.  however, in socket.c lines 166ff things go wrong: fetchmail
sets up the plugin with a socketpair, which will likely include the first
unused fd - and fd zero is now indeed unused.  in line 180ff a dup2 replumbing
from "that fd" (=zero) to zero is performed - and then "that fd" is closed.
and hey presto, we've got no fd zero = stdin for the plugin.

solution: the simplest solution (patch attached) is to make the fclose of the
rcfile conditional, ie. don't close if it's stdin. in the long run the
dup2+close code might be made more robust by not doing a dup2+close if fd[0] is
already 0 or 1.

6 years agoNote Earl's regression fix for SSL_CTX_clear_options() on older OpenSSL.
Matthias Andree [Mon, 3 Sep 2012 21:05:37 +0000 (23:05 +0200)]
Note Earl's regression fix for SSL_CTX_clear_options() on older OpenSSL.

6 years agoClear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS without SSL_CTX_clear_options()
Earl Chew [Mon, 3 Sep 2012 21:04:08 +0000 (23:04 +0200)]
Clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS without SSL_CTX_clear_options()

A patch to clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS was added recently:

  http://gitorious.org/fetchmail/fetchmail/commit/48809c5b9f6c9081f4031fa938dd63b060c18a4b?format=patch

Older implementations of OpenSSL do not support SSL_CTX_clear_options().

This patch reworks the previous change to avoid the use of
SL_CTX_clear_options() and instead clears the corresponding bit in
SSL_OP_ALL before calling SSL_CTX_set_options().

6 years agoUpdate security info on web site.
Matthias Andree [Thu, 30 Aug 2012 06:17:53 +0000 (08:17 +0200)]
Update security info on web site.

6 years agoUpdate copyright and SecAnn' version.
Matthias Andree [Wed, 29 Aug 2012 23:03:08 +0000 (01:03 +0200)]
Update copyright and SecAnn' version.

6 years agoUpdate.
Matthias Andree [Wed, 29 Aug 2012 21:36:40 +0000 (23:36 +0200)]
Update.

6 years agoGet ready for 6.3.22 release.
Matthias Andree [Wed, 29 Aug 2012 21:24:14 +0000 (23:24 +0200)]
Get ready for 6.3.22 release.

7 years agoUpdate translations and NEWS.
Matthias Andree [Mon, 20 Aug 2012 18:40:14 +0000 (20:40 +0200)]
Update translations and NEWS.

7 years agoWarn if SSL is disabled, suggest --with-ssl.
Matthias Andree [Fri, 17 Aug 2012 16:23:54 +0000 (18:23 +0200)]
Warn if SSL is disabled, suggest --with-ssl.

7 years agoFix installation when PYTHON is enabled.
Matthias Andree [Fri, 17 Aug 2012 16:15:02 +0000 (18:15 +0200)]
Fix installation when PYTHON is enabled.

The Python-related Makefile.am parts were simplified to avoid an
automake 1.11.X bug around noinst_PYTHON, Automake Bug #10995.
http://lists.gnu.org/archive/html/automake-patches/2012-03/txtbYNp7SPawU.txt

7 years agoGSSAPI build fix.
Matthias Andree [Wed, 15 Aug 2012 21:41:03 +0000 (23:41 +0200)]
GSSAPI build fix.

The GSSAPI-related autoconf code now matches gssapi.c better, and uses
a different check to look for GSS_C_NT_HOSTBASED_SERVICE.
This fixes the GSSAPI-enabled build on NetBSD 6 Beta.

7 years agoUpdate translations.
Matthias Andree [Wed, 15 Aug 2012 20:12:44 +0000 (22:12 +0200)]
Update translations.

7 years agoCorrect title/topic, remove dates (6.3.22 isn't out yet), and re-sign.
Matthias Andree [Tue, 14 Aug 2012 23:19:47 +0000 (01:19 +0200)]
Correct title/topic, remove dates (6.3.22 isn't out yet), and re-sign.

7 years agoFix compiler warnings.
Matthias Andree [Tue, 14 Aug 2012 20:53:04 +0000 (22:53 +0200)]
Fix compiler warnings.

7 years agoFix compiler aliasing warning.
Matthias Andree [Tue, 14 Aug 2012 20:52:46 +0000 (22:52 +0200)]
Fix compiler aliasing warning.

7 years agoFix length argument to memset().
Matthias Andree [Tue, 14 Aug 2012 20:38:55 +0000 (22:38 +0200)]
Fix length argument to memset().

7 years agoValidate NTLM challenge fields.
Matthias Andree [Tue, 14 Aug 2012 18:47:22 +0000 (20:47 +0200)]
Validate NTLM challenge fields.

This is to avoid reading from bad locations, and possibly conveying
confidential data. Credit to Nico Golde.

7 years agoAdd CVE-Id and sign.
Matthias Andree [Tue, 14 Aug 2012 05:46:22 +0000 (07:46 +0200)]
Add CVE-Id and sign.

7 years agoreword
Matthias Andree [Mon, 13 Aug 2012 20:05:52 +0000 (22:05 +0200)]
reword