update to fetchmail-6.3.18

OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=26

fetchmail-6.3.17.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d7a01ceac184c7ebde9a42982e310beec467deb5b3d05c4e413e48cd2619ca24
-size 1642598

fetchmail-6.3.18.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cd916c8409bfbf6c869a2892b429f6d6cc6270072a138356c091c2992474faaf
+size 1683949

fetchmail.changes

@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Mon Oct 11 08:37:09 UTC 2010 - puzel@novell.com
+
+- update to fetchmail-6.3.18 
+ # SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE
+  * Fetchmail now only accepts wildcard certificate common names
+    and subject alternative names if they start with "*.". Previous
+    versions would accept wildcards even if no period followed
+    immediately.
+  * Fetchmail now disallows wildcards in certificates to match
+    domain literals (such as 10.9.8.7), or wildcards in domain
+    literals ("*.168.23.23").  The test is overly picky and
+    triggers if the pattern (after skipping the initial wildcard
+    "*") or domain consists solely of digits and dots, and thus
+    matches more than needed.
+  * Fetchmail now disallows wildcarding top-level domains.
+ # CRITICAL BUG FIXES AND REGRESSION FIXES
+  * Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to
+    obtain MD5* functions, as an effect of an undocumented Solaris
+    MD5 fix.  This caused all MD5-related functions to malfunction
+    if, for instance, libmd5.so was installed on other operating
+    systems as part of libwww on machines where long isn't
+    32-bits, i. e.  usually on 64-bit computers.
+  * Fetchmail 6.3.17 warned about insecure SSL/TLS connections
+    even if a matching --sslfingerprint was specified. This is an
+    omission from an SSL usability change made in 6.3.17.
+  * Fetchmail will now apply timeouts to the authentication stage.
+    This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3.
+    Reported missing by Thomas Jarosch.
+  * Fetchmail now cancels GSSAPI authentication properly when
+    encountering GSS errors, such as no or unsuitable credentials.
+    It now sends an asterisk on a line by its own, as required in
+    SASL.  This fixes protocol synchronization issues that cause
+    Authentication failures, often observed with kerberized MS
+    Exchange servers.
+  * Other fixes.
+
 -------------------------------------------------------------------
 Tue Aug 17 14:20:47 UTC 2010 - puzel@novell.com
 

fetchmail.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package fetchmail (Version 6.3.17)
+# spec file for package fetchmail (Version 6.3.18)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -29,7 +29,7 @@ BuildRequires:  krb5-devel
 License:        GPLv2+ ; Other uncritical OpenSource License ; Public Domain, Freeware
 Group:          Productivity/Networking/Email/Utilities
 AutoReqProv:    on
-Version:        6.3.17
+Version:        6.3.18
 Release:        1
 Source:         %{name}-%{version}.tar.bz2
 Source1:        %{name}.init