]>
Pileus Git - ~andy/fetchmail/log
Matthias Andree [Wed, 15 Aug 2012 21:41:03 +0000 (23:41 +0200)]
GSSAPI build fix.
The GSSAPI-related autoconf code now matches gssapi.c better, and uses
a different check to look for GSS_C_NT_HOSTBASED_SERVICE.
This fixes the GSSAPI-enabled build on NetBSD 6 Beta.
Matthias Andree [Wed, 15 Aug 2012 20:12:44 +0000 (22:12 +0200)]
Update translations.
Matthias Andree [Tue, 14 Aug 2012 23:19:47 +0000 (01:19 +0200)]
Correct title/topic, remove dates (6.3.22 isn't out yet), and re-sign.
Matthias Andree [Tue, 14 Aug 2012 20:53:04 +0000 (22:53 +0200)]
Fix compiler warnings.
Matthias Andree [Tue, 14 Aug 2012 20:52:46 +0000 (22:52 +0200)]
Fix compiler aliasing warning.
Matthias Andree [Tue, 14 Aug 2012 20:38:55 +0000 (22:38 +0200)]
Fix length argument to memset().
Matthias Andree [Tue, 14 Aug 2012 18:47:22 +0000 (20:47 +0200)]
Validate NTLM challenge fields.
This is to avoid reading from bad locations, and possibly conveying
confidential data. Credit to Nico Golde.
Matthias Andree [Tue, 14 Aug 2012 05:46:22 +0000 (07:46 +0200)]
Add CVE-Id and sign.
Matthias Andree [Mon, 13 Aug 2012 20:05:52 +0000 (22:05 +0200)]
reword
Matthias Andree [Mon, 13 Aug 2012 20:04:34 +0000 (22:04 +0200)]
Add new Swedish translation, by Göran Uddeborg.
Matthias Andree [Mon, 13 Aug 2012 19:27:37 +0000 (21:27 +0200)]
Fix advisory no. in header.
Matthias Andree [Mon, 13 Aug 2012 19:25:34 +0000 (21:25 +0200)]
Reformat, inserting blank line.
Matthias Andree [Mon, 13 Aug 2012 19:23:41 +0000 (21:23 +0200)]
Document fix for NTLM crash, + Security advisory (draft).
Matthias Andree [Mon, 13 Aug 2012 19:05:23 +0000 (21:05 +0200)]
Update German translation.
Matthias Andree [Mon, 13 Aug 2012 18:48:12 +0000 (20:48 +0200)]
Fix crash: Handle invalid base64 in NTLM challenge.
Some servers, for instance the MS Exchange servers deployed by the
US-American National Aeronautics and Space Administration (NASA),
aborted the NTLM protocol exchange after receiving the initial request.
Fetchmail did not detect that there was an error message, rather than
NTLM protocol exchange, and caught a segmentation fault while reading
from a bad location.
Detect base64 decoding errors, and return PS_AUTHFAIL in this case.
Reported by J[ames] Porter Clark.
Matthias Andree [Thu, 2 Aug 2012 18:35:32 +0000 (20:35 +0200)]
Document license change in CHANGES.
Matthias Andree [Thu, 31 May 2012 06:47:20 +0000 (08:47 +0200)]
Properly erase MD5Context in MD5Final.
Found by clang.
Sunil Shetye [Wed, 9 May 2012 08:10:12 +0000 (13:40 +0530)]
fetchmail workaround for a bug in Microsoft Exchange
treat missing header in response to a FETCH command as a transient error
(Reported by John Connett)
if there are too many transient errors, log it.
Matthias Andree [Fri, 6 Apr 2012 21:39:56 +0000 (23:39 +0200)]
Relicense security/errata notices as CC BY-ND 3.0.
Removing the NC/noncommercial clause, to ease redistribution.
Matthias Andree [Fri, 6 Apr 2012 21:20:34 +0000 (23:20 +0200)]
Add fetchmail-SA-2012-01.txt.
Matthias Andree [Fri, 6 Apr 2012 19:34:18 +0000 (21:34 +0200)]
Bump version to 6.3.22.
Matthias Andree [Fri, 6 Apr 2012 19:31:53 +0000 (21:31 +0200)]
Fix CVE-2011-3389 by clearing SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS...
...from SSL options, unless FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE
is a non-empty environment variable.
Suggested by Apple.
Matthias Andree [Sun, 1 Apr 2012 13:33:49 +0000 (15:33 +0200)]
Validate XHTML 1.0 stuff even when skipping 1.1.
Matthias Andree [Tue, 22 Nov 2011 00:47:29 +0000 (01:47 +0100)]
Mention Zimbra FETCH () workaround by Mikulas Patocka
Mikulas Patocka [Fri, 18 Nov 2011 23:43:11 +0000 (18:43 -0500)]
fetchmail workaround for a bug in Zimbra
Zimbra occasionally returns this response:
fetchmail: IMAP> A0007 FETCH 1 RFC822.HEADER
fetchmail: IMAP< * 1 FETCH ()
fetchmail: IMAP< A0007 OK FETCH completed
It happens when there is a corrupted message without a header in the
database. (I don't know how this message could be created, I just see it
there).
When fetchmail encounters such resonse, it gives up and disconnects.
This patch changes it so that PS_TRANSIENT is returned in this
case and fetchmail continues to fetch following messages correctly.
Matthias Andree [Tue, 25 Oct 2011 22:30:32 +0000 (00:30 +0200)]
Fix build on SSLv2-disabled OpenSSL setups
On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer
Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to
fix the build) and print a run-time error that the OS does not support SSLv2.
Fixes Debian Bug #622054, but note that that bug report has a more thorough
patch that does away with SSLv2 altogether.
Matthias Andree [Tue, 6 Sep 2011 19:10:38 +0000 (21:10 +0200)]
Mention that user@server must be unique.
Matthias Andree [Tue, 6 Sep 2011 19:08:16 +0000 (21:08 +0200)]
Add items.
Matthias Andree [Tue, 30 Aug 2011 16:15:15 +0000 (18:15 +0200)]
Print Server certificate: banner on stdout rather than stderr.
Reported by Henry Jensen, fixes Debian Bug #639807.
Matthias Andree [Sun, 21 Aug 2011 13:49:42 +0000 (15:49 +0200)]
Update website for 6.3.21.
Matthias Andree [Sun, 21 Aug 2011 13:16:27 +0000 (15:16 +0200)]
Import translations.
Matthias Andree [Sun, 21 Aug 2011 13:14:42 +0000 (15:14 +0200)]
Bump version to 6.3.21, mark release date.
Matthias Andree [Sun, 21 Aug 2011 09:55:05 +0000 (11:55 +0200)]
Mention rawlog.patch in NEWS.
Matthias Andree [Sun, 21 Aug 2011 13:08:54 +0000 (15:08 +0200)]
Drop obsolete file TODO-6.3.20.
Matthias Andree [Sun, 21 Aug 2011 13:07:48 +0000 (15:07 +0200)]
Critical fix: don't embed NUL in unterminated last IMAP line.
Found by Antoine Levitt.
Matthias Andree [Mon, 6 Jun 2011 22:26:37 +0000 (00:26 +0200)]
Revert SO_???TIMEO-based STARTTLS timeout handling.
This reverts commits
47c05b10018f5ec7493e4bd9f521aaa18d96f1e2
and
72ce8bce8dd655b6aefa33d0a74e883dad5202b5 , the code isn't portable,
for instance, Solaris does not support SO_RCVTIMEO/SO_SNDTIMEO.
These socket-level options are known, but Solaris returns EAFNOSUPPORT.
Reported by Jonathan Buschmann.
Conflicts:
NEWS
socket.c
Matthias Andree [Sun, 21 Aug 2011 09:55:05 +0000 (11:55 +0200)]
Add rawlog.patch.
Matthias Andree [Tue, 16 Aug 2011 15:37:09 +0000 (17:37 +0200)]
Drop vendor-sec@lst.de, defunct.
Thomas Jarosch [Tue, 2 Aug 2011 11:22:55 +0000 (13:22 +0200)]
Remove redundant double A_OTP check.
Matthias Andree [Fri, 17 Jun 2011 16:06:29 +0000 (18:06 +0200)]
Fix function signature to match prototype.
Found by Lars Hecking.
Matthias Andree [Mon, 6 Jun 2011 22:21:47 +0000 (00:21 +0200)]
Merge branch 'legacy_63' of gitorious.org:fetchmail/fetchmail into legacy_63
Matthias Andree [Mon, 6 Jun 2011 22:21:22 +0000 (00:21 +0200)]
Merge branch 'common-6x' into legacy_63
Matthias Andree [Mon, 6 Jun 2011 22:20:05 +0000 (00:20 +0200)]
Synch NEWS/CVE-2011-1947 with release 6.3.20 + Credit
Matthias Andree [Mon, 6 Jun 2011 22:07:07 +0000 (00:07 +0200)]
Merge branch 'common-6x' into legacy_63
Matthias Andree [Mon, 6 Jun 2011 12:33:07 +0000 (14:33 +0200)]
Update website.
Matthias Andree [Mon, 6 Jun 2011 12:32:42 +0000 (14:32 +0200)]
Sign SA 2011-01/CVE-2011-1947.
Matthias Andree [Mon, 6 Jun 2011 11:07:52 +0000 (13:07 +0200)]
Freeze strings for release.
Matthias Andree [Mon, 6 Jun 2011 11:07:43 +0000 (13:07 +0200)]
Fix one fuzzy translation.
Matthias Andree [Mon, 6 Jun 2011 11:07:25 +0000 (13:07 +0200)]
Finish for release.
Matthias Andree [Mon, 6 Jun 2011 11:06:58 +0000 (13:06 +0200)]
Bump version to 6.3.20.
Matthias Andree [Wed, 1 Jun 2011 08:52:50 +0000 (10:52 +0200)]
Credit Thomas Jarosch.
Matthias Andree [Tue, 31 May 2011 20:40:58 +0000 (22:40 +0200)]
Merge branch 'common-6x' into legacy_63
Conflicts:
NEWS
fetchmail-SA-2011-01.txt
Matthias Andree [Tue, 31 May 2011 20:39:36 +0000 (22:39 +0200)]
Add CVE name.
Matthias Andree [Mon, 30 May 2011 10:09:20 +0000 (12:09 +0200)]
Add fetchmail-SA-2011-01.txt
Matthias Andree [Mon, 30 May 2011 10:09:20 +0000 (12:09 +0200)]
Add fetchmail-SA-2011-01.txt
Matthias Andree [Mon, 30 May 2011 10:08:18 +0000 (12:08 +0200)]
Move 'KNOWN BUGS AND WORKAROUNDS' section up.
Matthias Andree [Mon, 30 May 2011 09:30:35 +0000 (11:30 +0200)]
Correct branch designation in Doxygen output.
Matthias Andree [Sun, 29 May 2011 17:33:44 +0000 (19:33 +0200)]
Get 6.3.20 change documentation fit for release.
Matthias Andree [Sun, 29 May 2011 17:20:03 +0000 (19:20 +0200)]
Bump version - hopefully final release candidate.
Matthias Andree [Sun, 29 May 2011 16:35:34 +0000 (18:35 +0200)]
Freeze updated .po files for -rc3.
Matthias Andree [Fri, 27 May 2011 18:45:37 +0000 (20:45 +0200)]
Merge branch 'common-6x' into legacy_63
Matthias Andree [Fri, 27 May 2011 18:45:29 +0000 (20:45 +0200)]
Bump copyright.
Matthias Andree [Thu, 26 May 2011 21:25:22 +0000 (23:25 +0200)]
Merge branch 'common-6x' into legacy_63
Conflicts:
po/de.po
Matthias Andree [Thu, 26 May 2011 00:06:39 +0000 (02:06 +0200)]
Bump automake requirement to 1.11, add dist-xz option.
Matthias Andree [Thu, 26 May 2011 20:24:52 +0000 (22:24 +0200)]
Drop FETCHMAIL_IMAP_DELETED_REMAINS_UNSEEN dud again.
Matthias Andree [Thu, 26 May 2011 12:48:49 +0000 (14:48 +0200)]
Drop revived but unneeded file.
Matthias Andree [Wed, 25 May 2011 23:46:19 +0000 (01:46 +0200)]
Update NEWS, mention STARTTLS timeout fix, ...
Swap bug fixes and changes. Mark Czech/French/German/Polish translations
updated. Mark strlen() optimization as a change, rather than a bug fix.
Matthias Andree [Wed, 25 May 2011 23:47:41 +0000 (01:47 +0200)]
Run S(TART)TLS negotiation under timeout alarm.
Reported missing by Thomas Jarosch.
Matthias Andree [Wed, 25 May 2011 23:47:11 +0000 (01:47 +0200)]
Fix missed disabling of alarm when SSL-wrapped connect failed.
Matthias Andree [Mon, 23 May 2011 18:44:55 +0000 (20:44 +0200)]
Update German translation.
Matthias Andree [Sun, 22 May 2011 21:14:01 +0000 (23:14 +0200)]
Handle socket errors on CAPABILITY probes.
Matthias Andree [Sun, 22 May 2011 20:45:48 +0000 (22:45 +0200)]
Reindent.
Matthias Andree [Thu, 26 May 2011 00:06:39 +0000 (02:06 +0200)]
Bump automake requirement to 1.11, add dist-xz option.
Matthias Andree [Thu, 26 May 2011 20:24:52 +0000 (22:24 +0200)]
Drop FETCHMAIL_IMAP_DELETED_REMAINS_UNSEEN dud again.
Matthias Andree [Thu, 26 May 2011 12:48:49 +0000 (14:48 +0200)]
Drop revived but unneeded file.
Matthias Andree [Wed, 25 May 2011 23:54:27 +0000 (01:54 +0200)]
Freeze strings for -rc2.
Matthias Andree [Wed, 25 May 2011 23:46:19 +0000 (01:46 +0200)]
Update NEWS, mention STARTTLS timeout fix, ...
Swap bug fixes and changes. Mark Czech/French/German/Polish translations
updated. Mark strlen() optimization as a change, rather than a bug fix.
Matthias Andree [Wed, 25 May 2011 23:47:41 +0000 (01:47 +0200)]
Run S(TART)TLS negotiation under timeout alarm.
Reported missing by Thomas Jarosch.
Matthias Andree [Wed, 25 May 2011 23:47:11 +0000 (01:47 +0200)]
Fix missed disabling of alarm when SSL-wrapped connect failed.
Matthias Andree [Wed, 25 May 2011 23:46:39 +0000 (01:46 +0200)]
Bump version to -rc2.
Matthias Andree [Wed, 25 May 2011 23:29:34 +0000 (01:29 +0200)]
Revert SO_???TIMEO-based STARTTLS timeout handling.
This reverts commits
47c05b10018f5ec7493e4bd9f521aaa18d96f1e2
and
72ce8bce8dd655b6aefa33d0a74e883dad5202b5 , the code isn't portable,
for instance, Solaris does not support SO_RCVTIMEO/SO_SNDTIMEO.
These socket-level options are known, but Solaris returns EAFNOSUPPORT.
Reported by Jonathan Buschmann.
Matthias Andree [Mon, 23 May 2011 18:45:16 +0000 (20:45 +0200)]
Freeze line numbers in .po files.
Matthias Andree [Mon, 23 May 2011 18:44:55 +0000 (20:44 +0200)]
Update German translation.
Matthias Andree [Mon, 23 May 2011 18:44:44 +0000 (20:44 +0200)]
Fix error string.
Matthias Andree [Mon, 23 May 2011 18:42:14 +0000 (20:42 +0200)]
Bump version.
Matthias Andree [Sun, 22 May 2011 21:14:01 +0000 (23:14 +0200)]
Handle socket errors on CAPABILITY probes.
Matthias Andree [Sun, 22 May 2011 20:50:58 +0000 (22:50 +0200)]
Fix socket timeout handling.
Fixes STARTTLS hangs reported by Thomas Jarosch.
Matthias Andree [Sun, 22 May 2011 20:45:48 +0000 (22:45 +0200)]
Reindent.
Matthias Andree [Tue, 17 May 2011 16:00:56 +0000 (18:00 +0200)]
Reinstate SSLv2 support on legacy_63 branch.
Revert "Remove support for SSLv2 (fixes Debian Bug #622054)."
This reverts commit
c22a3afca46c83ee6d53a6ee58deb122f309c460 .
Matthias Andree [Tue, 17 May 2011 17:42:48 +0000 (19:42 +0200)]
Reword FETCHMAIL_IMAP_DELETED_REMAINS_UNSEEN, ...
mentioning that some MS Exchange versions send a "deleted without being read"
notification in this situation.
Matthias Andree [Tue, 17 May 2011 17:36:50 +0000 (19:36 +0200)]
Mention impending SSLv2 removal.
Matthias Andree [Wed, 6 Apr 2011 19:17:17 +0000 (21:17 +0200)]
Drop broken test code.
Matthias Andree [Tue, 17 May 2011 16:46:22 +0000 (18:46 +0200)]
Fix opie.h error handling.
Properly quote AC_MSG_ERROR argument.
Matthias Andree [Fri, 13 May 2011 11:15:03 +0000 (13:15 +0200)]
SockOpen(): set SO_KEEPALIVE.
Matthias Andree [Wed, 11 May 2011 11:47:44 +0000 (13:47 +0200)]
Correct call arguments to gen_transact().
Sunil Shetye [Wed, 4 May 2011 17:51:11 +0000 (23:21 +0530)]
Do not print "skipping message" for old messages even in verbose mode.
Matthias Andree [Sat, 7 May 2011 09:56:49 +0000 (11:56 +0200)]
Take note of immediate 6.3.20 release plans
Matthias Andree [Wed, 4 May 2011 13:56:27 +0000 (15:56 +0200)]
Add .mailmap file.
Sunil Shetye [Wed, 4 May 2011 09:43:16 +0000 (15:13 +0530)]
correct call to gen_send()
Matthias Andree [Wed, 4 May 2011 10:23:30 +0000 (12:23 +0200)]
Use proper branch name, provide stddef.h to Doxygen.