Update documentation.

8 files changed, 40 insertions, 46 deletions

diff --git a/INSTALL b/INSTALL
index a0b75204..9ac5208e 100644
--- a/INSTALL
+++ b/INSTALL
@@ -66,11 +66,6 @@ configure option '--with-included-gettext'.
 
 Installing fetchmail is easy.  From within this directory, type:
 
-	./configure --with-ssl
-
-if you have OpenSSL (and its developer packages, if separate) installed
-on your system, or if you don't or do not need SSL/TLS support:
-
 	./configure
 
 The autoconfiguration script will spend a bit of time figuring out the
@@ -80,7 +75,7 @@ variable CC before you run configure.
 
 The configure script accepts certain standard configuration options.
 These include --prefix, --exec-prefix, --bindir, --infodir, --mandir,
-and --srcdir.  Do 'configure --help' for more.
+and --srcdir.  Run 'configure --help' for more.
 
 POP2 support is no longer compiled in by default, as POP2 is way obsolete
 and there don't seem to be any live servers for it anymore.  You can
@@ -102,15 +97,14 @@ locations (/usr, /usr/local).  If you set --with-GSSAPI=DIR
 you can direct the build to look for GSSAPI support under DIR.
 
 Hooks for the OpenSSL library (see http://www.openssl.org/) are
-included in the distribution.  To enable these, configure with
---with-ssl; they are not included in the standard build. Fetchmail's
-configure script will probe some default locations for the
-include/openssl/ssl.h file. If this doesn't work (i. e. configure prints
-"SSL support enabled, but OpenSSL not found" and aborts), you need to
-give the explicit prefix of your OpenSSL installation (specify the
-directory that contains OpenSSL's "include" subdirectory), for instance:
-"--with-ssl=/example/path" would assume that you have an
-/example/path/include/openssl/ssl.h header file.
+included in the distribution.  Fetchmail 6.4 enables these by default.
+Fetchmail's configure script will query pkg-config (pkgconf) or failing that,
+probe some default locations for the include/openssl/ssl.h file. If this
+doesn't work (i. e. configure prints "SSL support enabled, but OpenSSL not
+found" and aborts), you need to give the explicit prefix of your OpenSSL
+installation (specify the directory that contains OpenSSL's "include"
+subdirectory), for instance: "--with-ssl=/example/path" would assume that you
+have an /example/path/include/openssl/ssl.h header file.
 
 2.2 Advanced options
 
@@ -142,6 +136,13 @@ Run
 This should compile fetchmail for your system.  If fetchmail fails to build
 properly, see the FAQ section B on build-time problems.
 
+On multi-core computers, run
+
+	make -j8
+
+on a computer that supports 8 CPU threads at the same time (for instance,
+Octocore computers or Quad-core computers supporting two threads per core).
+
 
 4. INSTALL
 
diff --git a/NEWS b/NEWS
index a36bc39e..577cc5a0 100644
--- a/NEWS
+++ b/NEWS
@@ -59,6 +59,7 @@ removed from a 6.4.0 or newer release.)
   fetchmail may switch to a different SSL library.
 * SSLv3 support may be removed from a future fetchmail release. It has been
   obsolete for many years and found insecure. Use TLS.
+* Fetchmailconf is deprecated and will be removed from a future release.
 
 --------------------------------------------------------------------------------
 
diff --git a/README b/README
index dadc0538..a33a791c 100644
--- a/README
+++ b/README
@@ -22,9 +22,10 @@ Internet's SDPS, or CRAM-MD5 authentication a la RFC2195.
 
 Fetchmail supports end-to-end encryption with OpenSSL, do read README.SSL for 
 details on fetchmail's configuration and README.SSL-SERVER for server-side 
-requirements.  NOTE! To be compatible with earlier releases, fetchmail 6.3's 
-default behaviour is more relaxed than dictated by the standard - add options 
-such as --sslcertck to tighten certificate checking.
+requirements.  NOTE! To be compatible with earlier releases, fetchmail 6.4
+default behaviour is more relaxed than dictated by recommendations - while it
+does away with SSLv2, only negotiates SSLv3 if forced to, it will by default
+still negotiate TLS v1.0.
 
 Portability
 -----------
@@ -33,10 +34,10 @@ The fetchmail code was developed under Linux, but has also been extensively
 tested under the BSD variants, AIX, HP-UX versions 9 and 10, SunOS, Solaris, 
 NEXTSTEP, OSF 3.2, IRIX, and Rhapsody once upon a time.
 
-The maintainer no longer has acess to these systems, and assumes that
-the system is at least Single-Unix-Specification V2 compatible, yet will
-permit a C89 compiler. It currently ships with a copy of the trio library
-for systems that lack snprintf().
+The current maintainer does not have access to these systems, and assumes that
+the system is at least Single-Unix-Specification V2 compatible, yet fetchmaiil
+should be compilable by a C89 compiler. It currently ships with a copy of the
+trio library for systems that lack snprintf().
 
 Fetchmail should be able to be compiled with C89, C99, C11, C++98, C++03,
 C++11, C++14 compilers, but not C++17 because the "register" keyword is
diff --git a/README.packaging b/README.packaging
index 08d115d0..d4f8bf47 100644
--- a/README.packaging
+++ b/README.packaging
@@ -1,25 +1,21 @@
 README.packaging
 ================
 
-fetchmail 6.3 changes relevant for packagers
+fetchmail 6.4 changes relevant for packagers
 --------------------------------------------
 
 Greetings, dear packager!
 
 The bullet points below mention a few useful hints for package(r)s:
 
-- Please use OpenSSL and add --with-ssl to the ./configure command line.  
-  SSL/TLS support hasn't been enabled in the default build in order to maintain 
-  fetchmail 6.2 compatibility as far as possible.  SSL/TLS however is a highly 
-  recommended compilation option.
+- Fetchmail requires a somewhat recent OpenSSL v1.0.2.
 
 - Fetchmail now uses automake and supports all common automake targets and 
   overrides such as "make install-strip" or "DESTDIR=..." for staging areas.
 
-- The fetchmailconf script has been renamed to fetchmailconf.py, automake will 
-  install it into Python's top-level site-packages directory and byte-compile 
-  it (so you need to package or remove fetchmailconf.pyc and fetchmailconf.pyo 
-  as well).
+- The fetchmailconf script is named fetchmailconf.py, automake will install it
+  into Python's top-level site-packages directory and byte-compile it (so you
+  need to package or remove fetchmailconf.pyc and fetchmailconf.pyo as well).
 
 - If you want to defeat Python byte-code compilation and would rather like to 
   install fetchmailconf.py yourself, you can add
diff --git a/RELEASE-INSTRUCTIONS b/RELEASE-INSTRUCTIONS
index 8fbb23ea..5523418b 100644
--- a/RELEASE-INSTRUCTIONS
+++ b/RELEASE-INSTRUCTIONS
@@ -18,5 +18,3 @@ To do a release:
 
 - Update the fetchmail website for version, link to release nodes
   (update release_id) and last update, commit, and upload.
-
-- Announce on freshmeat.
diff --git a/RELEASEVERSIONS b/RELEASEVERSIONS
index 99814c80..aa8113f4 100644
--- a/RELEASEVERSIONS
+++ b/RELEASEVERSIONS
@@ -1,5 +1,7 @@
 Note that this file is kept for historic reference.
 It will no longer be updated or maintained.
+The recent release history can be obtained by looking
+at the Git tags.
 
 -- Matthias Andree, 2010-02-06
 
diff --git a/TODO.txt b/TODO.txt
index fcbc9005..8839b017 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -1,6 +1,6 @@
 Note that there is a separate todo.html with different content than this.
 
-6.4 MUST:
+soon - MUST:
 + multiple certs
 + check alternative passed checks, fingerprints... for interactions
 + do we support CRLs?
@@ -8,8 +8,6 @@ Note that there is a separate todo.html with different content than this.
 can check their finger prints or certificates in arbitrary ways
 (grarpamp)
 + modified UTF-7 (RFC-3501 5.1.3) for mailbox names
-
-soon - MUST:
 - blacklist DigiNotar/Comodo/Türktrust hacks/certs, possibly with Chrome's serial#
   list?
 - check if wildcards from X.509 are handled as strictly as required by
@@ -47,7 +45,6 @@ soon - SHOULD:
 - CRYPTO: log configured server name on certificate mismatch (perhaps pay
   attention to via entries and stuff like that)
 - CRYPTO: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432618
-  * write a table of combinations of TLS/SSL options
 - add To: header to warning mails (authfail for instance)
 - Fix TOCTOU race around prc_filecheck*
 - Read CAPABILITY from greeting if present, saves one round trip.
@@ -75,8 +72,8 @@ questionable:
 - fetch IMAP message in one go (fetchmail-devel by Adam Simpkins
   <simpkins@cisco.com> around Nov 2nd)?
 
-6.4:
-- Properly free host/user entries (through C++ class instantiation and destructors...)
+- Properly free host/user entries (through C++ class instantiation and 
+  destructors...)
 - Remove stupid options, such as spambounce, or deferred bounces for anything
   but wrong addresses
 - Do not ever guess envelope from content headers such as To:/Cc:/Resent-To: or
diff --git a/design-notes.html b/design-notes.html
index 4aaba5cb..fc4a2c3b 100644
--- a/design-notes.html
+++ b/design-notes.html
@@ -26,7 +26,8 @@
 
 <h2>Introduction</h2>
 
-<p>This document is supposed to complement <a
+<p>This document's contents were last updated in 2006, around fetchmail 6.3.4/6.3.5 time.
+It is supposed to complement <a
     href="esrs-design-notes.html">Eric S. Raymond's (ESR's)
     design notes.</a> The new maintainers don't agree with some of the decisions
 ESR made previously, and the differences and new directions will be laid
@@ -35,12 +36,9 @@ the necessary code revisions have been made.</p>
 
 <h2>Security</h2>
 
-<p>Fetchmail was handed over in a pretty poor shape, security-wise. It will
-happily talk to the network with root privileges, use sscanf() to read
-remotely received data into fixed-length stack-based buffers without
-length limitation and so on. A full audit is required and security
-concepts will have to be applied. Random bits are:</p>
-
+        <p>
+                Fetchmail 6.2.x was handed over in a pretty poor shape, security-wise. It would happily talk to the network with root privileges, used sscanf() to read remotely received data into fixed-length stack-based buffers without length limitation and so on. A full audit is required and security concepts will have to be applied. Random bits are:
+        </p>
 <ul>
     <li>code talking to the network does not require root privileges and
     needs to run without root permissions</li>