diff options
-rw-r--r-- | NEWS | 11 | ||||
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | fetchmail-FAQ.html | 6 | ||||
-rw-r--r-- | fetchmail.man | 17 | ||||
-rw-r--r-- | imap.c | 15 | ||||
-rw-r--r-- | socket.c | 21 |
6 files changed, 55 insertions, 17 deletions
@@ -2,6 +2,17 @@ (The `lines' figures total .c, .h, .l, and .y files under version control.) +* Updated Spanish, Turkish, and German translation files. +* Matthew Gregan's patch to handle garbage lengths from dbmail; + closes Debian bug #207919. +* Fix IMAP query so new-message count doesn't include deleted messages. +* Man page typo fix, closes Debian bug #205892. +* OpenSSL cleanup patches fro levinedl@acm.org. +* Benjamin Drieu's patch to fix Debian bug #212240, no oversized-nmessage + flushing if both "flush" and "limit" were specified. +* rfc822.c fixes for CAN-2003-0790 and CAN-2003-0792 potential + remote DOS attack vulnerabilities. + fetchmail-6.2.4 (Wed Aug 13 04:27:35 EDT 2003), 22625 lines: * Updated German, Spanish, Catalan, and Turkish translations. diff --git a/configure.in b/configure.in index d2b57ae9..a13bdf6c 100644 --- a/configure.in +++ b/configure.in @@ -603,7 +603,7 @@ then ### In Red Hat 9, this file includes a reference to <krb5.h>, so we ### force the Kerberos direcory onto the include path so it will build. echo "Enabling OpenSSL support in $with_ssl" - CEFLAGS="$CEFLAGS -I$with_ssl/include/openssl -I/usr/kerberos/include" + CEFLAGS="$CEFLAGS -I$with_ssl/include -I/usr/kerberos/include" ### OpenBSD comes with ssl headers elif test -r /usr/include/ssl/ssl.h then diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index 21f2346e..a7a1d9a7 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -16,7 +16,7 @@ content="Frequently asked questions about fetchmail."/> Page</a></td> <td width="30%" align="center">To <a href="/~esr/sitemap.html">Site Map</a></td> -<td width="30%" align="right">$Date: 2003/08/06 04:31:10 $</td> +<td width="30%" align="right">$Date: 2003/10/10 09:39:55 $</td> </tr> </table> @@ -3392,7 +3392,7 @@ is write-locked by the other instance yours can neither mark messages seen or delete them. The solution is to either (a) wait for the other client to finish, or (b) terminate it.</p> -<p>James Stevens <James.Stevens@kyzo.com> writes:</p> +<p>James Stevens <James.Stevens at kyzo.com> writes:</p> <p><em>We had a Linux box dialing the Net and collecting mail from an NT POP3 server. Fetchmail was correctly collecting and deleting @@ -3476,7 +3476,7 @@ does something like "date >> $HOME/Procmail/fetchmail.log".</p> Page</a></td> <td width="30%" align="center">To <a href="/~esr/sitemap.html">Site Map</a></td> -<td width="30%" align="right">$Date: 2003/08/06 04:31:10 $</td> +<td width="30%" align="right">$Date: 2003/10/10 09:39:55 $</td> </tr> </table> diff --git a/fetchmail.man b/fetchmail.man index 7a596e77..522de040 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -125,7 +125,7 @@ not work with POP2, and may occasionally flake out under POP3. .TP .B \-s | \-\-silent Silent mode. Suppresses all progress/status messages that are -normally echoed to standard error during a fetch (but does not +normally echoed to standard output during a fetch (but does not suppress actual error messages). The --verbose option overrides this. .TP .B \-v | \-\-verbose @@ -162,14 +162,13 @@ you have specified a default of \fBkeep\fR in your \&\fI.fetchmailrc\fR. This option is forced on with ETRN and ODMR. .TP .B \-F | \-\-flush -POP3/IMAP only. Delete old (previously retrieved) messages from the mailserver -before retrieving new messages. This option does not work with ETRN or -ODMR. In combination with the --limit option, --flush can be used to -delete oversized messages waiting on the server. -Warning: if your local MTA hangs and fetchmail is aborted, the next -time you run fetchmail, it will delete mail that was never delivered to you. -What you probably want is the default setting: if you don't specify `-k', then -fetchmail will automatically delete messages after successful delivery. +POP3/IMAP only. Delete old (previously retrieved) messages from the +mailserver before retrieving new messages. This option does not work +with ETRN or ODMR. Warning: if your local MTA hangs and fetchmail is +aborted, the next time you run fetchmail, it will delete mail that was +never delivered to you. What you probably want is the default +setting: if you don't specify `-k', then fetchmail will automatically +delete messages after successful delivery. .SS Protocol and Query Options .TP .B \-p <proto> | \-\-protocol <proto> @@ -12,6 +12,7 @@ #if defined(STDC_HEADERS) #include <stdlib.h> #include <limits.h> +#include <errno.h> #endif #include "fetchmail.h" #include "socket.h" @@ -724,7 +725,8 @@ static int imap_getrange(int sock, memset(unseen_messages, 0, count * sizeof(unsigned int)); unseen = 0; - gen_send(sock, "SEARCH UNSEEN"); + /* don't count deleted messages, in case user enabled keep last time */ + gen_send(sock, "SEARCH UNSEEN NOT DELETED"); do { ok = gen_recv(sock, buf, sizeof(buf)); if (ok != 0) @@ -999,10 +1001,15 @@ static int imap_fetch_body(int sock, struct query *ctl, int number, int *lenp) /* * Try to extract a length from the FETCH response. RFC2060 requires * it to be present, but at least one IMAP server (Novell GroupWise) - * botches this. + * botches this. The overflow check is needed because of a broken + * server called dbmail that returns huge garbage lengths. */ - if ((cp = strchr(buf, '{'))) - *lenp = atoi(cp + 1); + if ((cp = strchr(buf, '{'))) { + errno = 0; + *lenp = (int)strtol(cp + 1, (char **)NULL, 10); + if (errno == ERANGE && (*lenp == LONG_MAX || *lenp == LONG_MIN)) + *lenp = -1; /* length is too big/small for us to handle */ + } else *lenp = -1; /* missing length part in FETCH reponse */ @@ -901,10 +901,31 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char char *fingerprint, char *servercname, char *label) { SSL *ssl; + struct stat randstat; + int i; SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); +#ifdef SSL_ENABLE + if (stat("/dev/random", &randstat) && + stat("/dev/urandom", &randstat)) { + /* Neither /dev/random nor /dev/urandom are present, so add + entropy to the SSL PRNG a hard way. */ + for (i = 0; i < 10000 && ! RAND_status (); ++i) { + char buf[4]; + struct timeval tv; + gettimeofday (&tv, 0); + buf[0] = tv.tv_usec & 0xF; + buf[2] = (tv.tv_usec & 0xF0) >> 4; + buf[3] = (tv.tv_usec & 0xF00) >> 8; + buf[1] = (tv.tv_usec & 0xF000) >> 12; + RAND_add (buf, sizeof buf, 0.1); + } + } +#endif /* SSL_ENABLE */ + + if( sock < 0 || sock > FD_SETSIZE ) { report(stderr, GT_("File descriptor out of range for SSL") ); return( -1 ); |