- Upgrade to 6.5.1
* Drop two wolfSSL compile-time checks that were for older 6.4 or for future
7.0 releases and broke compilation with wolfSSL 5.7.4.
Fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282413#c4
* Use %p instead of non-portable %#p for one wolfSSL-related diagnostic message
(FreeBSD defines %#p to be %p, on many other platforms it's undefined
behavior).
* Add regex_helper.c to list of files that contain translatable strings,
which contains two strings we missed to translate.
* Simplify EVP_MD_fetch API detection ("like OpenSSL 3" vs. "like OpenSSL 1")
for version switch and base it on the claimed OpenSSL version of the crypto
SSL, which works for LibreSSL (claims OpenSSL 2) and wolfSSL alike.
* Several translations added
- Rebased fetchmail-6.3.8-smtp_errors.patch
- Rebased fetchmail-FAQ-list-gmail-options-including-oauthbearer-and-app.patch
- Rebased fetchmail-add-contrib-fetchnmail-oauth2.py-token-acquisition-u.patch
- Rebased fetchmail-add-imap-oauthbearer-support.patch
- Rebased fetchmail-add-passwordfile-and-passwordfd-options.patch
- Rebased fetchmail-add-query_to64_outsize-utility-function.patch
- Rebased fetchmail-bump-max-passwordlen-to-1bytes.patch
- Rebased fetchmail-give-each-ctl-it-s-own-copy-of-password.patch
- Rebased fetchmail-increase-max-password-length-to-handle-oauth-tokens.patch
- Rebased fetchmail-re-read-passwordfile-on-every-poll.patch
- Rebased fetchmail-support-oauthbearer-xoauth2-with-pop3.patch
- Rebased fetchmailconf-no-more-future.patch
OBS-URL: https://build.opensuse.org/request/show/1227336
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=159
- update to 6.4.38:
* Tighten OpenSSL and wolfSSL version requirements again. See
README.SSL.
* Distributors providing older versions that they backport
security fixes for may want to patch socket.c but remember
to redirect support to your distribution's support channels.
The fetchmail maintainer only supports functionally
unmodified builds with publicly available SSL/TLS library
versions.
* fetchmail will refuse to build against OpenSSL 1.0.2 older
than 1.0.2u, or wolfSSL older than 5.6.2. It will warn about
OpenSSL older than 3.0.9, or between 3.1.0 and 3.1.4,
or wolfSSL older than 5.6.6.
- Update to 6.4.37:
- Update to 6.4.36:
- disable opie support
- When an SMTP receiver refuses delivery, a message would be
in /etc and restoring them while an RPM update.
- Try to fix ./configure --with-ssl=... for systems that have
multiple OpenSSL versions installed. Issues reported by
- The netrc parser now reports its errors to syslog or logfile
- Bump wolfSSL minimum required version to 5.2.0 to pull in
- Using OpenSSL 1.* before 1.1.1n elicits a compile-time
- Using OpenSSL 3.* before 3.0.2 elicits a compile-time
- configure.ac was tweaked in order to hopefully fix
cross-compilation issues report, and different patch
* Bump wolfSSL minimum required version to 5.1.1 to pull in
* Always create fetchmail group, even if the user is already
present, as a leftover from Leap 15.2 upgrade. This may happen
OBS-URL: https://build.opensuse.org/request/show/1164526
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=157
- update to 6.4.31
* Bugfixes:
- Try to fix ./configure --with-ssl=... for systems that have
multiple OpenSSL versions installed. Issues reported by
Dennis Putnam.
- The netrc parser now reports its errors to syslog or logfile
when appropriate, previously it would always log to stderr.
- Add error checking to .netrc parser.
* Changes:
- manpage: use .UR/.UE macros instead of .URL for URIs.
- manpage: fix contractions. Found with FreeBSD's igor tool.
- manpage: HTML now built with pandoc -> python-docutils
(manServer.pl was dropped)
OBS-URL: https://build.opensuse.org/request/show/989820
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=135
- update to 6.4.30:
* Breaking changes:
- Bump wolfSSL minimum required version to 5.2.0 to pull in
security fix.
* Changes:
- Using OpenSSL 1.* before 1.1.1n elicits a compile-time
warning.
- Using OpenSSL 3.* before 3.0.2 elicits a compile-time
warning.
- configure.ac was tweaked in order to hopefully fix
cross-compilation issues report, and different patch
suggested
* Translations.:
- ro: Updated Romanian translation.
OBS-URL: https://build.opensuse.org/request/show/973653
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=131
- update to 6.5.25:
* 6.4.24's workaround for OpenSSL 1.0.2's X509_V_FLAG_TRUSTED_FIRST flag
contained a typo and would not kick in properly.
* Library and/or rpath setting from configure.ac was fixed.
* Added an example systemd unit file and instructions to contrib/systemd/
which runs fetchmail as a daemon with 5-minute poll intervals.
* fetchmail can now be used with wolfSSL 5's OpenSSL compatibility layer,
see INSTALL and README.SSL. This is considered experimental.
Feedback solicited.
* Bison 3.8 dropped yytoknum altogether, breaking compilation due to a
warning workaround. Remove the cast of yytoknum to void. This may cause
a compiler warning to reappear with older Bison versions.
* OpenSSL 1.0.2: Workaround for systems that keep the expired DST Root CA X3
certificate in its trust store because OpenSSL by default prefers the
untrusted certificate and fails.
* For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin
- no matter its contents - and that set auth ssh), change the STARTTLS
error message to suggest sslproto '' instead.
This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22.
- drop fetchmail-bison-3.8.patch (upstream)
OBS-URL: https://build.opensuse.org/request/show/940000
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=122
- Update to 6.4.22: [bsc#1190069, CVE-2021-39272]
* OPENSSL AND LICENSING NOTE:
- fetchmail 6.4.22 is compatible with OpenSSL 1.1.1 and 3.0.0.
OpenSSL's licensing changed between these releases from dual
OpenSSL/SSLeay license to Apache License v2.0, which is
considered incompatible with GPL v2 by the FSF. For
implications and details, see the file COPYING.
* SECURITY FIXES:
- CVE-2021-39272: fetchmail-SA-2021-02: On IMAP connections,
without --ssl and with nonempty --sslproto, meaning that
fetchmail is to enforce TLS, and when the server or an attacker
sends a PREAUTH greeting, fetchmail used to continue an
unencrypted connection. Now, log the error and abort the
connection. --Recommendation for servers that support
SSL/TLS-wrapped or "implicit" mode on a dedicated port
(default 993): use --ssl, or the ssl user option in an rcfile.
- On IMAP and POP3 connections, --auth ssh no longer prevents
STARTTLS negotiation.
- On IMAP connections, fetchmail does not permit overriding
a server-side LOGINDISABLED with --auth password any more.
- On POP3 connections, the possibility for RPA authentication
(by probing with an AUTH command without arguments) no longer
prevents STARTTLS negotiation.
- For POP3 connections, only attempt RPA if the authentication
type is "any".
* BUG FIXES:
- On IMAP connections, when AUTHENTICATE EXTERNAL fails and we
have received the tagged (= final) response, do not send "*".
- On IMAP connections, AUTHENTICATE EXTERNAL without username
will properly send a "=" for protocol compliance.
OBS-URL: https://build.opensuse.org/request/show/923570
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=120
