* More fixes for SMTP bugs and others
## BUGFIXES:
* When authenticating to an SMTP server, the AUTH LOGIN method (which didn't
become a proposed standard, and is only the third method fetchmail would try,
if CRAM-MD5 and PLAIN weren't offered) required that the server returned
a 334 code followed by a blank and by a decodable base64 challenge we ignored
anyways. This is in line with RFC 4952.
However, to improve compatibility, fetchmail now accepts anything that
starts with "334 " and disregards the remainder of the line.
At the same time, AUTH LOGIN was deprecated. AUTH PLAIN should be available
everywhere AUTH LOGIN is, and is specified in IETF RFC 4616.
* When authenticating to an SMTP server, i. e. esmtpname/esmtppassword are
defined, check for errors, and skip servers that do not understand EHLO,
because we cannot negotiate supported authentication schemes with them.
This should avoid attempting to send a lot of messages and see them rejected.
* When authenticating to an SMTP server, do not send client abort "*" when
we receive any other server reply but 334.
* Extend 6.5.6's RFC-5321 address-literal fix to MAIL FROM. This might
apply when we only have a server's IP address and need to quality
addresses without domain. Fixes Debian Bug#1080025.
* SMTP AUTH can now look up passwords from the .netrc file - for that,
fetchmail's esmtpname setting must match the login for the given host in
.netrc. Fixes Debian Bug#1056651 by Ticker Berkin.
* Improve the GSSAPI (Kerberos V) build, which was pretty hard to get working.
This was improved. Recommendation:
- For autoconf builds (./configure), be sure to have the desired krb5-config
executable early on $PATH before running ./configure.
- For meson builds, be sure to list the path to your krb5-gssapi.pc file on
PKG_CONFIG_PATH. (meson will fall back to krb5-config, so if that's on PATH,
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=167
* Rebased fetchmail-add-passwordfile-and-passwordfd-options.patch
* Rebased fetchmail-add-query_to64_outsize-utility-function.patch
* Rebased fetchmail-bump-max-passwordlen-to-1bytes.patch
* Rebased fetchmail-give-each-ctl-it-s-own-copy-of-password.patch
* Rebased fetchmail-increase-max-password-length-to-handle-oauth-tokens.patch
* Rebased fetchmail-re-read-passwordfile-on-every-poll.patch
* Rebased fetchmail-support-oauthbearer-xoauth2-with-pop3.patch
* SECURITY BUGFIX:
* fetchmail-SA-2025-01.txt: CVE pending assignment by MITRE
An SMTP server advertising EHLO and AUTH, and if fetchmail is configured to
authenticate (esmtpname and esmtppassword given and non-empty), the server
might crash fetchmail by sending a "334" response without further blank to
fetchmail's AUTH request. This is in violation of applicable RFC-4952 though.
Fetchmail now detects this situation and reports it separately as
malformed server reply.
Fetchmail 6.5.6 has been released without waiting for translation updates
or CVE identifier, these will be provided in followup releases.
* BUGFIXES:
* RFC-5321: When the --smtpaddress, --smtphost, --smtpname, -D or -S argument
is an numeric address literal such as 192.0.2.2 or 2001:0DB8::4321, properly
format that as such in the SMTP RCPT command as user@[192.0.2.2] or
user@[IPv6:2001:0DB8::4321].
* When printing output on the console while fetching mail, do not intersperse
another copy of our program name and date in the middle of a log line.
Workaround for older versions: --logfile /dev/tty (might also use
--logfile /dev/stderr) - but note this changes buffering behavior and may
output to appear later and without ticker marks.
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=165
* BUGFIXES:
* socket: avoid crash when writing to a socket without SSL/TLS fails.
Reported by Andrea Venturoli via mailing list, fixes#71.
* wolfSSL support: avoid fetchmail.c compilation failure in certain
configurations of wolfSSL (for instance, on FreeBSD's wolfssl-5.8.0_1
package), OpenSSL_version enables a newer 1.1.x compat API that passes its
argument to a wolfSSL API, with OPENSSL_DIR and OPENSSL_ENGINES_DIR, causing
related compiler failures.
See <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287435>.
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=163
- Upgrade to 6.5.1
* Drop two wolfSSL compile-time checks that were for older 6.4 or for future
7.0 releases and broke compilation with wolfSSL 5.7.4.
Fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282413#c4
* Use %p instead of non-portable %#p for one wolfSSL-related diagnostic message
(FreeBSD defines %#p to be %p, on many other platforms it's undefined
behavior).
* Add regex_helper.c to list of files that contain translatable strings,
which contains two strings we missed to translate.
* Simplify EVP_MD_fetch API detection ("like OpenSSL 3" vs. "like OpenSSL 1")
for version switch and base it on the claimed OpenSSL version of the crypto
SSL, which works for LibreSSL (claims OpenSSL 2) and wolfSSL alike.
* Several translations added
- Rebased fetchmail-6.3.8-smtp_errors.patch
- Rebased fetchmail-FAQ-list-gmail-options-including-oauthbearer-and-app.patch
- Rebased fetchmail-add-contrib-fetchnmail-oauth2.py-token-acquisition-u.patch
- Rebased fetchmail-add-imap-oauthbearer-support.patch
- Rebased fetchmail-add-passwordfile-and-passwordfd-options.patch
- Rebased fetchmail-add-query_to64_outsize-utility-function.patch
- Rebased fetchmail-bump-max-passwordlen-to-1bytes.patch
- Rebased fetchmail-give-each-ctl-it-s-own-copy-of-password.patch
- Rebased fetchmail-increase-max-password-length-to-handle-oauth-tokens.patch
- Rebased fetchmail-re-read-passwordfile-on-every-poll.patch
- Rebased fetchmail-support-oauthbearer-xoauth2-with-pop3.patch
- Rebased fetchmailconf-no-more-future.patch
OBS-URL: https://build.opensuse.org/request/show/1227336
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=159
- update to 6.4.38:
* Tighten OpenSSL and wolfSSL version requirements again. See
README.SSL.
* Distributors providing older versions that they backport
security fixes for may want to patch socket.c but remember
to redirect support to your distribution's support channels.
The fetchmail maintainer only supports functionally
unmodified builds with publicly available SSL/TLS library
versions.
* fetchmail will refuse to build against OpenSSL 1.0.2 older
than 1.0.2u, or wolfSSL older than 5.6.2. It will warn about
OpenSSL older than 3.0.9, or between 3.1.0 and 3.1.4,
or wolfSSL older than 5.6.6.
- Update to 6.4.37:
- Update to 6.4.36:
- disable opie support
- When an SMTP receiver refuses delivery, a message would be
in /etc and restoring them while an RPM update.
- Try to fix ./configure --with-ssl=... for systems that have
multiple OpenSSL versions installed. Issues reported by
- The netrc parser now reports its errors to syslog or logfile
- Bump wolfSSL minimum required version to 5.2.0 to pull in
- Using OpenSSL 1.* before 1.1.1n elicits a compile-time
- Using OpenSSL 3.* before 3.0.2 elicits a compile-time
- configure.ac was tweaked in order to hopefully fix
cross-compilation issues report, and different patch
* Bump wolfSSL minimum required version to 5.1.1 to pull in
* Always create fetchmail group, even if the user is already
present, as a leftover from Leap 15.2 upgrade. This may happen
OBS-URL: https://build.opensuse.org/request/show/1164526
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=157
- update to 6.4.31
* Bugfixes:
- Try to fix ./configure --with-ssl=... for systems that have
multiple OpenSSL versions installed. Issues reported by
Dennis Putnam.
- The netrc parser now reports its errors to syslog or logfile
when appropriate, previously it would always log to stderr.
- Add error checking to .netrc parser.
* Changes:
- manpage: use .UR/.UE macros instead of .URL for URIs.
- manpage: fix contractions. Found with FreeBSD's igor tool.
- manpage: HTML now built with pandoc -> python-docutils
(manServer.pl was dropped)
OBS-URL: https://build.opensuse.org/request/show/989820
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=135
- update to 6.4.30:
* Breaking changes:
- Bump wolfSSL minimum required version to 5.2.0 to pull in
security fix.
* Changes:
- Using OpenSSL 1.* before 1.1.1n elicits a compile-time
warning.
- Using OpenSSL 3.* before 3.0.2 elicits a compile-time
warning.
- configure.ac was tweaked in order to hopefully fix
cross-compilation issues report, and different patch
suggested
* Translations.:
- ro: Updated Romanian translation.
OBS-URL: https://build.opensuse.org/request/show/973653
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=131
