Dirk Mueller
689ab2ae78
- update to 6.3,25 # CRITICAL AND REGRESSION FIXES * Plug a memory leak in OpenSSL's certificate verification callback. This would affect fetchmail configurations running with SSL in daemon mode more than one-shot runs. Reported by Erik Thiele, and pinned by Dominik Heeg, fixes Debian Bug #688015. This bug was introduced into fetchmail 6.3.0 (committed 2005-10-29) when support for subjectAltName was added through a patch by Roland Stigge, submitted as Debian Bug#201113. * The --logfile option now works again outside daemon mode, reported by Heinz Diehl. The documentation that I had been reading was inconsistent with the code, and only parts of the manual page claimed that --logfile was only effective in daemon mode. # BUG FIXES * Fix a memory leak in out-of-memory error condition while handling plugins. Report and patch by John Beck (found with Parfait static code analyzer). * Fix a NULL pointer dereference in out-of-memory error condition while handling plugins. Report and patch by John Beck (found with Parfait static code analyzer). # CHANGES * Improved reporting when SSL/TLS X.509 certificate validation has failed, working around a not-so-recent swapping of two OpenSSL error codes, and a practical impossibility to distinguish broken certification chains from missing trust anchors (root certificates). * OpenSSL decoded errors are now reported through report(), rather than dumped to stderr, so that they should show up in logfiles and/or syslog. * The fetchmail manual page no longer claims that MD5 were the default OpenSSL hash format (for use with --sslfingerprint). Reported by Jakob Wilk, PARTIAL fix for Debian Bug#700266. OBS-URL: https://build.opensuse.org/request/show/159960 OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=48