diff options
| author | Eric S. Raymond <esr@thyrsus.com> | 2001-08-10 19:03:23 +0000 |
|---|---|---|
| committer | Eric S. Raymond <esr@thyrsus.com> | 2001-08-10 19:03:23 +0000 |
| commit | b2e8fd732ce5e827b86f659bf7f93c5543c8ad78 (patch) | |
| tree | 26efb5cca8141ed857dbb2c8320fa4e6ae4d21bc | |
| parent | bc50723b35477d6d8e8305c7180762d89813dccd (diff) | |
| download | fetchmail-b2e8fd732ce5e827b86f659bf7f93c5543c8ad78.tar.gz fetchmail-b2e8fd732ce5e827b86f659bf7f93c5543c8ad78.tar.bz2 fetchmail-b2e8fd732ce5e827b86f659bf7f93c5543c8ad78.zip | |
Ready to ship.
svn path=/trunk/; revision=3452
| -rw-r--r-- | NEWS | 11 | ||||
| -rw-r--r-- | rfc822.c | 6 | ||||
| -rw-r--r-- | todo.html | 8 |
3 files changed, 19 insertions, 6 deletions
@@ -2,12 +2,15 @@ (The `lines' figures total .c, .h, .l, and .y files under version control.) +* Blush...# characters now go to stdout, same place as the dots. +* Matthias Andree's patch to correct parsing of spaces in quoted usernames. + fetchmail-5.8.17 (Tue Aug 7 20:05:36 EDT 2001), 21056 lines: -* SECURITY FIX: Fixed a security hole that is exploitable if fetchmail is - running as root and the attacker can either subvert the mailserver or - redirect to a fake one using DNS spoofing. Bugtraq announcement to follow - soon. Thanks to Salvatore Sanfilippo <antirez@invece.org>. +* SECURITY FIX: Fixed a security hole that is exploitable if the attacker can + either subvert the mailserver or redirect to a fake one using DNS spoofing. + Bugtraq announcement to follow soon. Thanks to Salvatore Sanfilippo + <antirez@invece.org>. * Eliminated second bounce on failed RCPT TO address. * Always use fetchmail host's FQDN to identify the daemon when sending bounce messages. @@ -315,6 +315,12 @@ const unsigned char *hdr; /* header to be parsed, NUL to continue previous hdr * state = INSIDE_BRACKETS; tp = 0; } + else if (*hp == '"') /* quoted word, copy verbatim */ + { + oldstate = state; + state = INSIDE_DQUOTE; + address[NEXTTP()] = *hp; + } else if (!isspace(*hp)) /* just take it, ignoring whitespace */ address[NEXTTP()] = *hp; break; @@ -10,7 +10,7 @@ <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="/~esr">Eric's Home Page</a> <td width="30%" align=center>Up to <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 2001/07/31 05:48:06 $ +<td width="30%" align=right>$Date: 2001/08/10 19:03:23 $ </table> <HR> <H1 ALIGN=CENTER>Fetchmail Bugs and To-Do Items</H1> @@ -58,6 +58,10 @@ lock file." can get rid of ENABLE_INET6 everywhere but in SockOpen (this will get rid of the kluge in rcfile_y.y). +<p>John Summerfield suggests that specifying a localname containing @ +ought to be treated as an smtpname option, with the domain part +removed for other purposes such as local-address matching. + <p>The <a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=fetchmail&archive=no">Debian bug-tracking page for fetchmail</a> lists other bug reports. @@ -66,7 +70,7 @@ bug-tracking page for fetchmail</a> lists other bug reports. <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="/~esr">Eric's Home Page</a> <td width="30%" align=center>Up to <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 2001/07/31 05:48:06 $ +<td width="30%" align=right>$Date: 2001/08/10 19:03:23 $ </table> <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@thyrsus.com></A></ADDRESS> |