- update to 6.4.18:
* fetchmailconf: fetchmail 6.4.16 added --sslcertfile to the configuration dump,
but fetchmailconf support was incomplete in Git 7349f124 and it could not
parse sslcertfile, thus the user settings editor came up empty with console
errors printed. Fix configuration parser in fetchmailconf.
* fetchmailconf: do not require fetchmail for -V. do not require Tk (Tkinter)
for -d option. This is to fail more gracefully on incomplete installs.
* TLS code: remove OPENSSL_NO_DEPRECATED macros to avoid portability issues
with OpenSSL v3 - these are for development purposes, not production.
* TLS futureproofing: use SSL_use_PrivateKey_file instead of
SSL_use_RSAPrivateKey_file, the latter will be deprecated with OpenSSL v3,
and the user's key file might be something else than RSA.
* IMAP client: it used to leak memory for username and password when trying
the LOGIN (password-based) authentication and encountered a timeout situation.
* dist-tools/getstats.py: also counts lines in *.py files, shown above.
* fetchmail.man: now mentions that you may need to add --ssl when specifying
a TLS-wrapped port.
* fetchmailconf: --version (-V) now prints the Python version in use.
OBS-URL: https://build.opensuse.org/request/show/883119
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=109
- update to 6.4.16:
* fetchmail's --configdump, and fetchmailconf, lacked support for
the sslcertfile option.
* fetchmail --version [fetchmail -V] now queries and prints the
SSL/TLS library's "SSL default trusted certificate" file or
directory (mind the word "default"), where the OpenSSL-compatible
TLS implementation will look for trusted root, meaning
certification authority (CA), certificates.
* fetchmail --version now prints version of the OpenSSL library
that it was compiled against, and that it is using at runtime,
and also the OPENSSL_DIR and OPENSSL_ENGINES_DIR (if available).
OBS-URL: https://build.opensuse.org/request/show/876575
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=107
- update to 6.4.14:
* sr: Мирослав Николић (Miroslav Nikolić) [Serbian]
* Errors about lock file (= pidfile) creation could be lost in daemon
configurations (-d option, or set daemon) when using syslog. Now they are also
logged to syslog. Found verifying a pidfile creation issue on 6.4.12 that was
previously reported by Alex Hall of Automatic Distributors.
* If the lock file cannot be removed (no write permission on directory), try
to truncate it, and if that fails, report error.
* If the pidfile was non-default, fetchmail -q or --quit would malfunction and
claim no other fetchmail were running, because it did not read the
configuration files or merge the command line options, thus it would look for
the PID in the wrong file.
OBS-URL: https://build.opensuse.org/request/show/856963
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=103
- update to 6.4.12:
# REGRESSION FIX:
* configure: fetchmail 6.4.9 and 6.4.10 would miss checking for TLS v1.2 and
TLS v1.3 support if AC_LIB_LINKFLAGS came up with something such as
/path/to/libssl.so, rather than -lssl. (For instance on FreeBSD)
* configure: fetchmail 6.4.9's configure was unable to pick up OpenSSL
if it wasn't announced by pkg-config, for instance, on FreeBSD
OBS-URL: https://build.opensuse.org/request/show/832383
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=100
- Update fetchmail.keyring file
- Use %{_prefix}/lib instead of %{_libexecdir}
- update to 6.4.8:
* Add a test program fm_realpath, and a t.realpath script, neither to be
installed. These will test resolution of the current working directory.
* TRANSLATION UPDATES
* Plug memory leaks when parts of the configuration (defaults, rcfile, command
line) override one another.
* fetchmail terminated the placeholder command string too late and included
garbage from the heap at the end of the string. Workaround: don't use place-
holders %h or %p in the --plugin string. Bug added in 6.4.0 when merging
Gitlab merge request !5 in order to fix an input buffer overrun.
Faulty commit 418cda65f752e367fa663fd13884a45fcbc39ddd.
* Fetchmail now checks for errors when trying to read the .idfile
* Fetchmail's error messages that reports that the defaults entry isn't the
first was made more precise. It could be misleading if there was a poll or
skip statement before the defaults.
* Fetchmail documentation was updated to require OpenSSL 1.1.1.
OpenSSL 1.0.2 reached End Of Life status at the end of the year 2019.
Fetchmail will tolerate, but warn about, 1.0.2 for now on the assumption that
distributors backport security fixes as the need arises.
Fetchmail will also warn if another SSL library that is API-compatible
with OpenSSL lacks TLS v1.3 support.
* If the trust anchor is missing, fetchmail refers the user to README.SSL.
* The AC_DECLS(getenv) check was removed, its only user was broken and not
accounting for that AC_DECLS always defines HAVE_DECL_... to 0 or 1, so
fetchmail never declared a missing getenv() symbol (it was testing with
#ifdef). Remove the backup declaration. getenv is mandated by SUSv2 anyways.
* fetchmailconf now supports Python 3 and currently requires the "future"
OBS-URL: https://build.opensuse.org/request/show/829815
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=96
- Update to 6.4.1 [bsc#1152964]
## REGRESSION FIXES:
* The bug fix Debian Bug#941129 was incomplete and caused
- a regression in the default file locations, so that fetchmail was
no longer able to find its configuration files in some situations.
- a regression under _FORTIFY_SOURCE where PATH_MAX > minimal _POSIX_PATH_MAX.
- Update to 6.4.0
## SECURITY FIXES THAT AFFECT BEHAVIOUR AND MAY REQUIRE RECONFIGURATION
* Fetchmail no longer supports SSLv2.
* Fetchmail no longer attempts to negotiate SSLv3 by default,
even with --sslproto ssl23. Fetchmail can now use SSLv3, or TLSv1.1 or a newer
TLS version, with STLS/STARTTLS (it would previously force TLSv1.0 with
STARTTLS). If the OpenSSL version used at build and run-time supports these
versions, --sslproto ssl3 and --sslproto ssl3+ can be used to re-enable SSLv3.
Doing so is discouraged because the SSLv3 protocol is broken.
While this change is supposed to be compatible with common configurations,
users may have to and are advised to change all explicit --sslproto ssl2
(change to newer protocols required), --sslproto ssl3, --sslproto tls1 to
--sslproto auto, so that they can benefit from TLSv1.1 and TLSv1.2 where
supported by the server.
The --sslproto option now understands the values auto, ssl3+, tls1+, tls1.1,
tls1.1+, tls1.2, tls1.2+, tls1.3, tls1.3+ (case insensitively), see CHANGES
below for details.
* Fetchmail defaults to --sslcertck behaviour. A new option --nosslcertck to
override this has been added, but may be removed in future fetchmail versions
in favour of another configuration option that makes the insecurity in using
this option clearer.
## SECURITY FIXES
* Fetchmail prevents buffer overruns in GSSAPI authentication with user names
beyond c. 6000 characters in length. Reported by Greg Hudson.
OBS-URL: https://build.opensuse.org/request/show/737166
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=88
conversion that ignored the file altogether (bsc#905673)
- Removed the FETCHMAIL_USER setting in favor of editing the
systemd service file (which should be copied to the respective
location in /etc, and not edited in-place)
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=65
- added offline gpg verification
- update to 6.3.26
# CRITICAL BUG FIX for setups using "mimedecode":
* The mimedecode feature failed to ship the last line of the body if it was
encoded as quoted-printable and had a MIME soft line break in the very last
line. Reported by Lars Hecking in June 2011.
* Bug introduced on 1998-03-20 when the mimedecode support was added by ESR
before release 4.4.1 through code contributed by Henrik Storner.
Workaround for older releases: do not use mimedecode feature.
* Earlier versions of this NEWS file claimed this bug fixed in fetchmail-6.3.23,
but it was not.
* Fixes Launchpad Bug#1171818.
OBS-URL: https://build.opensuse.org/request/show/173762
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=50
- update to 6.3,25
# CRITICAL AND REGRESSION FIXES
* Plug a memory leak in OpenSSL's certificate verification callback.
This would affect fetchmail configurations running with SSL in daemon mode
more than one-shot runs.
Reported by Erik Thiele, and pinned by Dominik Heeg,
fixes Debian Bug #688015.
This bug was introduced into fetchmail 6.3.0 (committed 2005-10-29)
when support for subjectAltName was added through a patch by Roland
Stigge, submitted as Debian Bug#201113.
* The --logfile option now works again outside daemon mode, reported by Heinz
Diehl. The documentation that I had been reading was inconsistent with the
code, and only parts of the manual page claimed that --logfile was only
effective in daemon mode.
# BUG FIXES
* Fix a memory leak in out-of-memory error condition while handling plugins.
Report and patch by John Beck (found with Parfait static code analyzer).
* Fix a NULL pointer dereference in out-of-memory error condition while handling
plugins.
Report and patch by John Beck (found with Parfait static code analyzer).
# CHANGES
* Improved reporting when SSL/TLS X.509 certificate validation has failed,
working around a not-so-recent swapping of two OpenSSL error codes, and
a practical impossibility to distinguish broken certification chains from
missing trust anchors (root certificates).
* OpenSSL decoded errors are now reported through report(), rather than dumped
to stderr, so that they should show up in logfiles and/or syslog.
* The fetchmail manual page no longer claims that MD5 were the default OpenSSL
hash format (for use with --sslfingerprint). Reported by Jakob Wilk,
PARTIAL fix for Debian Bug#700266.
OBS-URL: https://build.opensuse.org/request/show/159960
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=48
- update to 6.3.23
# REGRESSION FIXES
* Fix compilation with OpenSSL implementations before 0.9.8m that lack
SSL_CTX_clear_options. Patch by Earl Chew.
Note that the use of older OpenSSL versions with fetchmail is unsupported and
*not* recommended.
# BUG FIXES
* Fix combination of --plugin and -f -. Patch by Alexander Zangerl,
to fix Debian Bug#671294.
* Clean up logfile vs. syslog handling, and in case logfile overrides
syslog, send a message to the latter stating where logging goes.
# CHANGES
* The build process can now be made a bit more silent and concise through
./configure --enable-silent-rules, or by adding "V=0" to the make command.
# WORKAROUNDS
* Make Maillennium POP3 workarounds less specific, to encompass
Maillennium POP3/UNIBOX (Maillennium V05.00c++). Reported by Eddie
via fetchmail-users mailing list, 2012-10-13.
# TRANSLATION UPDATES
OBS-URL: https://build.opensuse.org/request/show/145066
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=46
- update to 6.3.22
# SECURITY FIXES
* CVE-2012-3482 (bnc#775988)
* CVE-2011-3389
# BUG FIX
* The Server certificate: message in verbose mode now appears on stdout like the
remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807.
* The GSSAPI-related autoconf code now matches gssapi.c better, and uses
a different check to look for GSS_C_NT_HOSTBASED_SERVICE.
This fixes the GSSAPI-enabled build on NetBSD 6 Beta.
# CHANGES
* The security and errata notices fetchmail-{EN,SA}-20??-??.txt are now
under the more relaxed CC BY-ND 3.0 license (the noncommercial clause
was dropped). The Creative Commons address was updated.
* The Python-related Makefile.am parts were simplified to avoid an automake
1.11.X bug around noinst_PYTHON, Automake Bug #10995.
* Configuring fetchmail without SSL now triggers a configure warning,
and asks the user to consider running configure --with-ssl.
# WORKAROUNDS
* Some servers, notably Zimbra, return A1234 987 FETCH () in response to
a header request, in the face of message corruption. fetchmail now treats
these as temporary errors. Report and Patch by Mikulas Patocka, Red Hat.
* Some servers, notably Microsoft Exchange, return "A0009 OK FETCH completed."
without any header in response to a header request for meeting reminder
messages (with a "meeting.ics" attachment). fetchmail now treats these as
transient errors. Report by John Connett, Patch by Sunil Shetye.
OBS-URL: https://build.opensuse.org/request/show/133601
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=42
