diff --git a/fetchmail-6.3.17.tar.bz2 b/fetchmail-6.3.17.tar.bz2 deleted file mode 100644 index eddfe1a..0000000 --- a/fetchmail-6.3.17.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d7a01ceac184c7ebde9a42982e310beec467deb5b3d05c4e413e48cd2619ca24 -size 1642598 diff --git a/fetchmail-6.3.18.tar.bz2 b/fetchmail-6.3.18.tar.bz2 new file mode 100644 index 0000000..6858606 --- /dev/null +++ b/fetchmail-6.3.18.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cd916c8409bfbf6c869a2892b429f6d6cc6270072a138356c091c2992474faaf +size 1683949 diff --git a/fetchmail.changes b/fetchmail.changes index ee8a638..674831c 100644 --- a/fetchmail.changes +++ b/fetchmail.changes @@ -1,3 +1,40 @@ +------------------------------------------------------------------- +Mon Oct 11 08:37:09 UTC 2010 - puzel@novell.com + +- update to fetchmail-6.3.18 + # SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE + * Fetchmail now only accepts wildcard certificate common names + and subject alternative names if they start with "*.". Previous + versions would accept wildcards even if no period followed + immediately. + * Fetchmail now disallows wildcards in certificates to match + domain literals (such as 10.9.8.7), or wildcards in domain + literals ("*.168.23.23"). The test is overly picky and + triggers if the pattern (after skipping the initial wildcard + "*") or domain consists solely of digits and dots, and thus + matches more than needed. + * Fetchmail now disallows wildcarding top-level domains. + # CRITICAL BUG FIXES AND REGRESSION FIXES + * Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to + obtain MD5* functions, as an effect of an undocumented Solaris + MD5 fix. This caused all MD5-related functions to malfunction + if, for instance, libmd5.so was installed on other operating + systems as part of libwww on machines where long isn't + 32-bits, i. e. usually on 64-bit computers. + * Fetchmail 6.3.17 warned about insecure SSL/TLS connections + even if a matching --sslfingerprint was specified. This is an + omission from an SSL usability change made in 6.3.17. + * Fetchmail will now apply timeouts to the authentication stage. + This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3. + Reported missing by Thomas Jarosch. + * Fetchmail now cancels GSSAPI authentication properly when + encountering GSS errors, such as no or unsuitable credentials. + It now sends an asterisk on a line by its own, as required in + SASL. This fixes protocol synchronization issues that cause + Authentication failures, often observed with kerberized MS + Exchange servers. + * Other fixes. + ------------------------------------------------------------------- Tue Aug 17 14:20:47 UTC 2010 - puzel@novell.com diff --git a/fetchmail.spec b/fetchmail.spec index 06359f1..04bd522 100644 --- a/fetchmail.spec +++ b/fetchmail.spec @@ -1,5 +1,5 @@ # -# spec file for package fetchmail (Version 6.3.17) +# spec file for package fetchmail (Version 6.3.18) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -29,7 +29,7 @@ BuildRequires: krb5-devel License: GPLv2+ ; Other uncritical OpenSource License ; Public Domain, Freeware Group: Productivity/Networking/Email/Utilities AutoReqProv: on -Version: 6.3.17 +Version: 6.3.18 Release: 1 Source: %{name}-%{version}.tar.bz2 Source1: %{name}.init