rpm/fetchmail
SHA256
1
0
Fork 0
forked from pool/fetchmail
Code Pull Requests Activity
114 Commits 1 Branch 0 Tags 890 KiB
da873517b9
Commit Graph

3 Commits

Author SHA256 Message Date
Pedro Monreal Gonzalez
d748927d55 Accepting request 940000 from home:dirkmueller:Factory 
- update to 6.5.25:
  * 6.4.24's workaround for OpenSSL 1.0.2's X509_V_FLAG_TRUSTED_FIRST flag
    contained a typo and would not kick in properly.
  * Library and/or rpath setting from configure.ac was fixed.
  * Added an example systemd unit file and instructions to contrib/systemd/
    which runs fetchmail as a daemon with 5-minute poll intervals.
  * fetchmail can now be used with wolfSSL 5's OpenSSL compatibility layer,
    see INSTALL and README.SSL. This is considered experimental.
    Feedback solicited.
  * Bison 3.8 dropped yytoknum altogether, breaking compilation due to a
    warning workaround. Remove the cast of yytoknum to void.  This may cause
    a compiler warning to reappear with older Bison versions.
  * OpenSSL 1.0.2: Workaround for systems that keep the expired DST Root CA X3 
    certificate in its trust store because OpenSSL by default prefers the 
    untrusted certificate and fails.
  * For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin
    - no matter its contents - and that set auth ssh), change the STARTTLS 
    error message to suggest sslproto '' instead.
    This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22.
- drop fetchmail-bison-3.8.patch (upstream)

OBS-URL: https://build.opensuse.org/request/show/940000
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=122
 2021-12-20 09:50:29 +00:00
Dirk Stoecker
21432f8641 Accepting request 923570 from home:pmonrealgonzalez:branches:server:mail 
- Update to 6.4.22: [bsc#1190069, CVE-2021-39272]
  * OPENSSL AND LICENSING NOTE:
    - fetchmail 6.4.22 is compatible with OpenSSL 1.1.1 and 3.0.0.
      OpenSSL's licensing changed between these releases from dual
      OpenSSL/SSLeay license to Apache License v2.0, which is
      considered incompatible with GPL v2 by the FSF. For
      implications and details, see the file COPYING.
  * SECURITY FIXES:
    - CVE-2021-39272: fetchmail-SA-2021-02: On IMAP connections,
      without --ssl and with nonempty --sslproto, meaning that
      fetchmail is to enforce TLS, and when the server or an attacker
      sends a PREAUTH greeting, fetchmail used to continue an
      unencrypted connection. Now, log the error and abort the
      connection. --Recommendation for servers that support
      SSL/TLS-wrapped or "implicit" mode on a dedicated port
      (default 993): use --ssl, or the ssl user option in an rcfile.
    - On IMAP and POP3 connections, --auth ssh no longer prevents
      STARTTLS negotiation.
    - On IMAP connections, fetchmail does not permit overriding
      a server-side LOGINDISABLED with --auth password any more.
    - On POP3 connections, the possibility for RPA authentication
      (by probing with an AUTH command without arguments) no longer
      prevents STARTTLS negotiation.
    - For POP3 connections, only attempt RPA if the authentication
      type is "any".
  * BUG FIXES:
    - On IMAP connections, when AUTHENTICATE EXTERNAL fails and we
      have received the tagged (= final) response, do not send "*".
    - On IMAP connections, AUTHENTICATE EXTERNAL without username
      will properly send a "=" for protocol compliance.

OBS-URL: https://build.opensuse.org/request/show/923570
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=120
 2021-10-12 09:48:34 +00:00
Pedro Monreal Gonzalez
fe4b96277c Accepting request 892934 from home:jeff_mahoney:branches:server:mail 
- Backported support for OAUTH2 authentication from Fetchmail 7.0.
  - add imap oauthbearer support
  - support oauthbearer/xoauth2 with pop3
  - add passwordfile and passwordfd options
  - add contrib/fetchnmail-oauth2.py token acquisition utility
  - FAQ: list gmail options including oauthbearer and app password
  - give each ctl it's own copy of password
  - re-read passwordfile on every poll
  - add query_to64_outsize() utility function
  - Chase and integrate interface change.
  - oauth2.c: calculate and pass in correct buffer size to to64frombits()
  - Increase max password length to handle oauth tokens
  - Bump max. passwordlen to 10000 bytes.
  - Add README.OAUTH2
- Added patches:
  * fetchmail-add-imap-oauthbearer-support.patch
  * fetchmail-support-oauthbearer-xoauth2-with-pop3.patch
  * fetchmail-add-passwordfile-and-passwordfd-options.patch
  * fetchmail-add-contrib-fetchnmail-oauth2.py-token-acquisition-u.patch
  * fetchmail-FAQ-list-gmail-options-including-oauthbearer-and-app.patch
  * fetchmail-give-each-ctl-it-s-own-copy-of-password.patch
  * fetchmail-re-read-passwordfile-on-every-poll.patch
  * fetchmail-add-query_to64_outsize-utility-function.patch
  * fetchmail-chase-and-integrate-interface-change.patch
  * fetchmail-oauth2-c-calculate-and-pass-in-correct-buffer-size-to-to64frombits.patch
  * fetchmail-increase-max-password-length-to-handle-oauth-tokens.patch
  * fetchmail-bump-max-passwordlen-to-1bytes.patch
  * fetchmail-add-readme-oauth2-issue-27.patch

OBS-URL: https://build.opensuse.org/request/show/892934
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=113
 2021-06-04 12:09:36 +00:00