219026e94b
- Update to 6.6.1 * fixed several bugs in SMTP AUTH ## TRANSLATIONS were updated by these fine people (randomized order): * sr: Мирослав Николић [Serbian] * es: Cristian Othón Martínez Vera [Spanish]
Angel Yankov2025-11-24 09:39:28 +00:00
2eb2a94832
Accepting request 1313355 from server:mail
Ana Guerrero2025-10-24 15:24:07 +00:00
ab8ae9b549
- Update to 6.5.7 * More fixes for SMTP bugs and others ## BUGFIXES: * When authenticating to an SMTP server, the AUTH LOGIN method (which didn't become a proposed standard, and is only the third method fetchmail would try, if CRAM-MD5 and PLAIN weren't offered) required that the server returned a 334 code followed by a blank and by a decodable base64 challenge we ignored anyways. This is in line with RFC 4952. However, to improve compatibility, fetchmail now accepts anything that starts with "334 " and disregards the remainder of the line. At the same time, AUTH LOGIN was deprecated. AUTH PLAIN should be available everywhere AUTH LOGIN is, and is specified in IETF RFC 4616. * When authenticating to an SMTP server, i. e. esmtpname/esmtppassword are defined, check for errors, and skip servers that do not understand EHLO, because we cannot negotiate supported authentication schemes with them. This should avoid attempting to send a lot of messages and see them rejected. * When authenticating to an SMTP server, do not send client abort "*" when we receive any other server reply but 334. * Extend 6.5.6's RFC-5321 address-literal fix to MAIL FROM. This might apply when we only have a server's IP address and need to quality addresses without domain. Fixes Debian Bug#1080025. * SMTP AUTH can now look up passwords from the .netrc file - for that, fetchmail's esmtpname setting must match the login for the given host in .netrc. Fixes Debian Bug#1056651 by Ticker Berkin. * Improve the GSSAPI (Kerberos V) build, which was pretty hard to get working. This was improved. Recommendation: - For autoconf builds (./configure), be sure to have the desired krb5-config executable early on $PATH before running ./configure. - For meson builds, be sure to list the path to your krb5-gssapi.pc file on PKG_CONFIG_PATH. (meson will fall back to krb5-config, so if that's on PATH,
Angel Yankov2025-10-24 07:42:37 +00:00
7e08acdc48
Accepting request 1312356 from server:mail
Ana Guerrero2025-10-21 09:15:48 +00:00
7f7443dc80
- Update to 6.5.6 fixes [bsc#1251194,CVE-2025-61962] * Rebased fetchmail-add-passwordfile-and-passwordfd-options.patch * Rebased fetchmail-add-query_to64_outsize-utility-function.patch * Rebased fetchmail-bump-max-passwordlen-to-1bytes.patch * Rebased fetchmail-give-each-ctl-it-s-own-copy-of-password.patch * Rebased fetchmail-increase-max-password-length-to-handle-oauth-tokens.patch * Rebased fetchmail-re-read-passwordfile-on-every-poll.patch * Rebased fetchmail-support-oauthbearer-xoauth2-with-pop3.patch * SECURITY BUGFIX: * fetchmail-SA-2025-01.txt: CVE pending assignment by MITRE An SMTP server advertising EHLO and AUTH, and if fetchmail is configured to authenticate (esmtpname and esmtppassword given and non-empty), the server might crash fetchmail by sending a "334" response without further blank to fetchmail's AUTH request. This is in violation of applicable RFC-4952 though. Fetchmail now detects this situation and reports it separately as malformed server reply. Fetchmail 6.5.6 has been released without waiting for translation updates or CVE identifier, these will be provided in followup releases.
Angel Yankov2025-10-20 09:53:13 +00:00
944d873851
Accepting request 1289765 from server:mail
Ana Guerrero2025-07-02 16:17:05 +00:00
4a2f1bd65f
- Update to 6.5.4 * BUGFIXES: * socket: avoid crash when writing to a socket without SSL/TLS fails. Reported by Andrea Venturoli via mailing list, fixes#71. * wolfSSL support: avoid fetchmail.c compilation failure in certain configurations of wolfSSL (for instance, on FreeBSD's wolfssl-5.8.0_1 package), OpenSSL_version enables a newer 1.1.x compat API that passes its argument to a wolfSSL API, with OPENSSL_DIR and OPENSSL_ENGINES_DIR, causing related compiler failures. See <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287435>.
Angel Yankov2025-07-02 07:12:04 +00:00
Ana Guerrero
Angel Yankov
Dirk Stoecker
David Anes
Dominique Leuenberger
Dirk Mueller
Richard Brown
Pedro Monreal Gonzalez
Richard Brown
Tomáš Chvátal
Vítězslav Čížek