]>
Pileus Git - ~andy/fetchmail/log
Matthias Andree [Mon, 13 Aug 2012 20:04:34 +0000 (22:04 +0200)]
Add new Swedish translation, by Göran Uddeborg.
Matthias Andree [Mon, 13 Aug 2012 19:27:37 +0000 (21:27 +0200)]
Fix advisory no. in header.
Matthias Andree [Mon, 13 Aug 2012 19:25:34 +0000 (21:25 +0200)]
Reformat, inserting blank line.
Matthias Andree [Mon, 13 Aug 2012 19:23:41 +0000 (21:23 +0200)]
Document fix for NTLM crash, + Security advisory (draft).
Matthias Andree [Mon, 13 Aug 2012 19:05:23 +0000 (21:05 +0200)]
Update German translation.
Matthias Andree [Mon, 13 Aug 2012 18:48:12 +0000 (20:48 +0200)]
Fix crash: Handle invalid base64 in NTLM challenge.
Some servers, for instance the MS Exchange servers deployed by the
US-American National Aeronautics and Space Administration (NASA),
aborted the NTLM protocol exchange after receiving the initial request.
Fetchmail did not detect that there was an error message, rather than
NTLM protocol exchange, and caught a segmentation fault while reading
from a bad location.
Detect base64 decoding errors, and return PS_AUTHFAIL in this case.
Reported by J[ames] Porter Clark.
Matthias Andree [Thu, 2 Aug 2012 18:35:32 +0000 (20:35 +0200)]
Document license change in CHANGES.
Matthias Andree [Thu, 2 Aug 2012 16:59:44 +0000 (18:59 +0200)]
Add preconnect/postconnect interface PS_SYNTAX -> PS_ERROR.
Matthias Andree [Sun, 24 Jun 2012 13:45:44 +0000 (15:45 +0200)]
Feature request: other finger print algorithms than MD5 (by grarpamp).
Matthias Andree [Thu, 31 May 2012 23:02:28 +0000 (01:02 +0200)]
Add one TODO item.
Matthias Andree [Sat, 26 May 2012 01:27:46 +0000 (03:27 +0200)]
State that we don't want to access internal OpenSSL structures.
Requires OpenSSL 1.0.1, but compatible with older releases, too.
Matthias Andree [Thu, 31 May 2012 06:47:20 +0000 (08:47 +0200)]
Properly erase MD5Context in MD5Final.
Found by clang.
Matthias Andree [Thu, 31 May 2012 06:47:20 +0000 (08:47 +0200)]
Properly erase MD5Context in MD5Final.
Found by clang.
Matthias Andree [Tue, 15 May 2012 06:45:46 +0000 (08:45 +0200)]
Mention cherry-pick.
Sunil Shetye [Wed, 9 May 2012 08:10:12 +0000 (13:40 +0530)]
fetchmail workaround for a bug in Microsoft Exchange
treat missing header in response to a FETCH command as a transient error
(Reported by John Connett)
if there are too many transient errors, log it.
Sunil Shetye [Wed, 9 May 2012 08:10:12 +0000 (13:40 +0530)]
fetchmail workaround for a bug in Microsoft Exchange
treat missing header in response to a FETCH command as a transient error
(Reported by John Connett)
if there are too many transient errors, log it.
Matthias Andree [Fri, 6 Apr 2012 21:39:56 +0000 (23:39 +0200)]
Relicense security/errata notices as CC BY-ND 3.0.
Removing the NC/noncommercial clause, to ease redistribution.
Matthias Andree [Fri, 6 Apr 2012 21:20:34 +0000 (23:20 +0200)]
Add fetchmail-SA-2012-01.txt.
Matthias Andree [Fri, 6 Apr 2012 19:34:18 +0000 (21:34 +0200)]
Bump version to 6.3.22.
Matthias Andree [Fri, 6 Apr 2012 19:31:53 +0000 (21:31 +0200)]
Fix CVE-2011-3389 by clearing SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS...
...from SSL options, unless FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE
is a non-empty environment variable.
Suggested by Apple.
Matthias Andree [Sun, 1 Apr 2012 13:33:49 +0000 (15:33 +0200)]
Validate XHTML 1.0 stuff even when skipping 1.1.
Matthias Andree [Sun, 1 Apr 2012 13:33:49 +0000 (15:33 +0200)]
Validate XHTML 1.0 stuff even when skipping 1.1.
Matthias Andree [Tue, 22 Nov 2011 00:47:29 +0000 (01:47 +0100)]
Mention Zimbra FETCH () workaround by Mikulas Patocka
Mikulas Patocka [Fri, 18 Nov 2011 23:43:11 +0000 (18:43 -0500)]
fetchmail workaround for a bug in Zimbra
Zimbra occasionally returns this response:
fetchmail: IMAP> A0007 FETCH 1 RFC822.HEADER
fetchmail: IMAP< * 1 FETCH ()
fetchmail: IMAP< A0007 OK FETCH completed
It happens when there is a corrupted message without a header in the
database. (I don't know how this message could be created, I just see it
there).
When fetchmail encounters such resonse, it gives up and disconnects.
This patch changes it so that PS_TRANSIENT is returned in this
case and fetchmail continues to fetch following messages correctly.
Matthias Andree [Tue, 25 Oct 2011 22:30:32 +0000 (00:30 +0200)]
Fix build on SSLv2-disabled OpenSSL setups
On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer
Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to
fix the build) and print a run-time error that the OS does not support SSLv2.
Fixes Debian Bug #622054, but note that that bug report has a more thorough
patch that does away with SSLv2 altogether.
Matthias Andree [Tue, 27 Sep 2011 10:04:37 +0000 (12:04 +0200)]
Disable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.
Note: this can cause compilation issues on outdated OpenSSL versions.
In such situations, use a newer OpenSSL version.
Matthias Andree [Tue, 6 Sep 2011 19:10:38 +0000 (21:10 +0200)]
Mention that user@server must be unique.
Matthias Andree [Tue, 6 Sep 2011 19:08:16 +0000 (21:08 +0200)]
Add items.
Matthias Andree [Tue, 30 Aug 2011 16:15:15 +0000 (18:15 +0200)]
Print Server certificate: banner on stdout rather than stderr.
Reported by Henry Jensen, fixes Debian Bug #639807.
Matthias Andree [Sun, 21 Aug 2011 13:07:48 +0000 (15:07 +0200)]
Critical fix: don't embed NUL in unterminated last IMAP line.
Found by Antoine Levitt.
Matthias Andree [Tue, 30 Aug 2011 16:15:15 +0000 (18:15 +0200)]
Print Server certificate: banner on stdout rather than stderr.
Reported by Henry Jensen, fixes Debian Bug #639807.
Matthias Andree [Fri, 26 Aug 2011 09:23:48 +0000 (11:23 +0200)]
Fixup last patch from Thomas, return void rather than NULL.
Thomas Jarosch [Fri, 26 Aug 2011 08:07:03 +0000 (10:07 +0200)]
Protect against possible NULL pointer
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Thomas Jarosch [Fri, 26 Aug 2011 07:58:14 +0000 (09:58 +0200)]
Remove unused variable
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Thomas Jarosch [Fri, 26 Aug 2011 07:57:08 +0000 (09:57 +0200)]
Fix small memory leak on error
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Matthias Andree [Sun, 21 Aug 2011 14:18:42 +0000 (16:18 +0200)]
Mention need to forward-port NUL-injection fix from 6.3.21.
Matthias Andree [Sun, 21 Aug 2011 13:49:42 +0000 (15:49 +0200)]
Update website for 6.3.21.
Matthias Andree [Sun, 21 Aug 2011 13:16:27 +0000 (15:16 +0200)]
Import translations.
Matthias Andree [Sun, 21 Aug 2011 13:14:42 +0000 (15:14 +0200)]
Bump version to 6.3.21, mark release date.
Matthias Andree [Sun, 21 Aug 2011 09:55:05 +0000 (11:55 +0200)]
Mention rawlog.patch in NEWS.
Matthias Andree [Sun, 21 Aug 2011 13:08:54 +0000 (15:08 +0200)]
Drop obsolete file TODO-6.3.20.
Matthias Andree [Sun, 21 Aug 2011 13:07:48 +0000 (15:07 +0200)]
Critical fix: don't embed NUL in unterminated last IMAP line.
Found by Antoine Levitt.
Matthias Andree [Mon, 6 Jun 2011 22:26:37 +0000 (00:26 +0200)]
Revert SO_???TIMEO-based STARTTLS timeout handling.
This reverts commits
47c05b10018f5ec7493e4bd9f521aaa18d96f1e2
and
72ce8bce8dd655b6aefa33d0a74e883dad5202b5 , the code isn't portable,
for instance, Solaris does not support SO_RCVTIMEO/SO_SNDTIMEO.
These socket-level options are known, but Solaris returns EAFNOSUPPORT.
Reported by Jonathan Buschmann.
Conflicts:
NEWS
socket.c
Matthias Andree [Sun, 21 Aug 2011 09:55:05 +0000 (11:55 +0200)]
Add rawlog.patch.
Matthias Andree [Tue, 16 Aug 2011 15:37:09 +0000 (17:37 +0200)]
Drop vendor-sec@lst.de, defunct.
Matthias Andree [Tue, 16 Aug 2011 15:37:09 +0000 (17:37 +0200)]
Drop vendor-sec@lst.de, defunct.
Matthias Andree [Tue, 16 Aug 2011 13:52:44 +0000 (15:52 +0200)]
Enable SSL by default.
Matthias Andree [Fri, 12 Aug 2011 07:54:46 +0000 (09:54 +0200)]
Mention Debian Bug fix 345788 (we always use POP3 UIDL).
Matthias Andree [Fri, 12 Aug 2011 07:53:31 +0000 (09:53 +0200)]
Detect single quotes in MDA % expansions and refuse delivery.
Fixes Debian Bug#347909.
Matthias Andree [Fri, 5 Aug 2011 21:57:30 +0000 (23:57 +0200)]
Update TODO.
Thomas Jarosch [Tue, 2 Aug 2011 11:22:55 +0000 (13:22 +0200)]
Remove redundant double A_OTP check.
Matthias Andree [Sat, 2 Jul 2011 22:05:23 +0000 (00:05 +0200)]
Update TODO.
Matthias Andree [Wed, 22 Jun 2011 22:09:37 +0000 (00:09 +0200)]
Doxygen cleanups.
Matthias Andree [Wed, 22 Jun 2011 21:35:44 +0000 (23:35 +0200)]
No longer search for trio documentation.
Matthias Andree [Wed, 22 Jun 2011 18:31:48 +0000 (20:31 +0200)]
Make P_* and A_* proto/auth macros enums.
Matthias Andree [Wed, 22 Jun 2011 18:18:40 +0000 (20:18 +0200)]
Update version to 7.0.0-alpha2, and update TODO.
Matthias Andree [Wed, 22 Jun 2011 18:07:07 +0000 (20:07 +0200)]
Make APOP an authenticator, rather than a protocol.
Incidentally also offers cram-md5 as authenticator in fetchmailconf.
Matthias Andree [Wed, 22 Jun 2011 18:08:32 +0000 (20:08 +0200)]
Remove dead waiting code.
Matthias Andree [Wed, 22 Jun 2011 18:08:14 +0000 (20:08 +0200)]
Assorted fetchmailconf fixes and cleanups
- fix syntax error around ServerDefaults.dns
- mention Lotus Domino MIME was broken until 5.0.2 (not 4.6.2a)
- Remove IMAP2bis help text. No longer supported.
Matthias Andree [Wed, 22 Jun 2011 16:31:40 +0000 (18:31 +0200)]
Mention Exchange 2003 SP2 mime boundary trashing.
Matthias Andree [Mon, 20 Jun 2011 23:00:41 +0000 (01:00 +0200)]
Update TODO-6.4.
Matthias Andree [Sun, 19 Jun 2011 19:48:45 +0000 (21:48 +0200)]
Fixup leftover from SockTimeout removal.
Matthias Andree [Sun, 19 Jun 2011 18:30:25 +0000 (20:30 +0200)]
Note that some moldy stuff from contrib/ got removed.
Matthias Andree [Sun, 19 Jun 2011 18:27:45 +0000 (20:27 +0200)]
Remove zsh-completion. Way outdated.
Matthias Andree [Sun, 19 Jun 2011 18:27:08 +0000 (20:27 +0200)]
Remove toprocmail, which does not check for errors properly.
Matthias Andree [Sun, 19 Jun 2011 18:24:45 +0000 (20:24 +0200)]
Remove start_dynamic_ppp, a script that encourages unsafe practices.
Matthias Andree [Sun, 19 Jun 2011 18:23:42 +0000 (20:23 +0200)]
Remove sm-hybrid, outdated: sendmail is way past release 8.11.0.
Matthias Andree [Sun, 19 Jun 2011 18:22:55 +0000 (20:22 +0200)]
Remove redhat_rc, this is up to the distributors, and Fedora uses systemd these days anyways.
Matthias Andree [Sun, 19 Jun 2011 18:22:01 +0000 (20:22 +0200)]
Remove preauth-harness, non-SSL-aware.
Matthias Andree [Sun, 19 Jun 2011 18:20:58 +0000 (20:20 +0200)]
Remove poptest, underdocumented, non-SSL-aware.
Matthias Andree [Sun, 19 Jun 2011 18:18:41 +0000 (20:18 +0200)]
Remove multidrop, a dangerous workaround for broken upstream multidrop setups.
Matthias Andree [Sun, 19 Jun 2011 18:12:30 +0000 (20:12 +0200)]
Remove getfetchmail*, outdated.
Matthias Andree [Sun, 19 Jun 2011 18:11:13 +0000 (20:11 +0200)]
Remove fetchspool, a software working around configuration errors.
People should fix their MTA configuration instead.
Matthias Andree [Sun, 19 Jun 2011 18:09:38 +0000 (20:09 +0200)]
Remove fetchmaildistrib. Makes undocumented assumptions about /etc/fetchmailrc layout.
Matthias Andree [Sun, 19 Jun 2011 18:08:57 +0000 (20:08 +0200)]
Remove domino, a mail mangling script that works around a bug long since fixed.
Matthias Andree [Sun, 19 Jun 2011 18:07:43 +0000 (20:07 +0200)]
Remove fetchsetup, suggests bogus configurations and is way outdated.
Matthias Andree [Sun, 19 Jun 2011 18:06:23 +0000 (20:06 +0200)]
Remove fetchmailnochda.pl, better use runit, systemd, or SysV init, or cron.
Matthias Andree [Sun, 19 Jun 2011 18:03:11 +0000 (20:03 +0200)]
Remove delete-later, non-SSL-aware.
Matthias Andree [Sun, 19 Jun 2011 18:01:46 +0000 (20:01 +0200)]
Drop debian_rc from contrib/, outdated.
Matthias Andree [Sun, 19 Jun 2011 17:59:59 +0000 (19:59 +0200)]
Synch 6.3.20 news section and merge fetchmail-SA-2011-01.
Matthias Andree [Sun, 19 Jun 2011 17:59:38 +0000 (19:59 +0200)]
Update TODO-6.4.
Matthias Andree [Sun, 19 Jun 2011 17:52:20 +0000 (19:52 +0200)]
Revert "Use SO_???TIMEO, to fix hangs during STARTTLS negotiation."
This feature does not work on, for instance, Solaris 10 and older.
This reverts commit
1a794b3b00bd4b2f720f3426a386d5c86cc65ea8 .
Matthias Andree [Fri, 17 Jun 2011 16:06:29 +0000 (18:06 +0200)]
Fix function signature to match prototype.
Found by Lars Hecking.
Matthias Andree [Fri, 17 Jun 2011 16:05:36 +0000 (18:05 +0200)]
Remove unused prototype. Found by Lars Hecking.
Matthias Andree [Fri, 17 Jun 2011 01:11:39 +0000 (03:11 +0200)]
Fix mimedecode last-line omission.
The mimedecode feature failed to ship the last line of the body if it
was encoded as quoted-printable and had a MIME soft line break in the
very last line. Reported by Lars Hecking in June 2011.
Bug introduced on 1998-03-20 when the mimedecode support was added by
ESR before release 4.4.1 through code contributed by Henrik Storner,
in driver.c.
Workaround for older releases: do not use mimedecode feature.
Matthias Andree [Fri, 17 Jun 2011 01:28:51 +0000 (03:28 +0200)]
Document and add rawlog.patch to contrib, as debug tool.
Matthias Andree [Thu, 16 Jun 2011 19:44:42 +0000 (21:44 +0200)]
mimedecode: Fix multipart/mixed detection.
Fixes a regression introduced in release 5.0.0 in March 1999 that was
attributed to Henrik Storner.
Matthias Andree [Mon, 6 Jun 2011 22:21:47 +0000 (00:21 +0200)]
Merge branch 'legacy_63' of gitorious.org:fetchmail/fetchmail into legacy_63
Matthias Andree [Mon, 6 Jun 2011 22:21:22 +0000 (00:21 +0200)]
Merge branch 'common-6x' into legacy_63
Matthias Andree [Mon, 6 Jun 2011 22:20:05 +0000 (00:20 +0200)]
Synch NEWS/CVE-2011-1947 with release 6.3.20 + Credit
Matthias Andree [Mon, 6 Jun 2011 22:07:07 +0000 (00:07 +0200)]
Merge branch 'common-6x' into legacy_63
Matthias Andree [Mon, 6 Jun 2011 12:33:07 +0000 (14:33 +0200)]
Update website.
Matthias Andree [Mon, 6 Jun 2011 12:32:42 +0000 (14:32 +0200)]
Sign SA 2011-01/CVE-2011-1947.
Matthias Andree [Mon, 6 Jun 2011 11:07:52 +0000 (13:07 +0200)]
Freeze strings for release.
Matthias Andree [Mon, 6 Jun 2011 11:07:43 +0000 (13:07 +0200)]
Fix one fuzzy translation.
Matthias Andree [Mon, 6 Jun 2011 11:07:25 +0000 (13:07 +0200)]
Finish for release.
Matthias Andree [Mon, 6 Jun 2011 11:06:58 +0000 (13:06 +0200)]
Bump version to 6.3.20.
Matthias Andree [Wed, 1 Jun 2011 08:52:50 +0000 (10:52 +0200)]
Credit Thomas Jarosch.
Matthias Andree [Tue, 31 May 2011 20:40:58 +0000 (22:40 +0200)]
Merge branch 'common-6x' into legacy_63
Conflicts:
NEWS
fetchmail-SA-2011-01.txt
Matthias Andree [Tue, 31 May 2011 20:39:36 +0000 (22:39 +0200)]
Add CVE name.