diff options
| -rw-r--r-- | INSTALL | 31 | ||||
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | README | 15 | ||||
| -rw-r--r-- | README.packaging | 14 | ||||
| -rw-r--r-- | RELEASE-INSTRUCTIONS | 2 | ||||
| -rw-r--r-- | RELEASEVERSIONS | 2 | ||||
| -rw-r--r-- | TODO.txt | 9 | ||||
| -rw-r--r-- | design-notes.html | 12 |
8 files changed, 40 insertions, 46 deletions
@@ -66,11 +66,6 @@ configure option '--with-included-gettext'. Installing fetchmail is easy. From within this directory, type: - ./configure --with-ssl - -if you have OpenSSL (and its developer packages, if separate) installed -on your system, or if you don't or do not need SSL/TLS support: - ./configure The autoconfiguration script will spend a bit of time figuring out the @@ -80,7 +75,7 @@ variable CC before you run configure. The configure script accepts certain standard configuration options. These include --prefix, --exec-prefix, --bindir, --infodir, --mandir, -and --srcdir. Do 'configure --help' for more. +and --srcdir. Run 'configure --help' for more. POP2 support is no longer compiled in by default, as POP2 is way obsolete and there don't seem to be any live servers for it anymore. You can @@ -102,15 +97,14 @@ locations (/usr, /usr/local). If you set --with-GSSAPI=DIR you can direct the build to look for GSSAPI support under DIR. Hooks for the OpenSSL library (see http://www.openssl.org/) are -included in the distribution. To enable these, configure with ---with-ssl; they are not included in the standard build. Fetchmail's -configure script will probe some default locations for the -include/openssl/ssl.h file. If this doesn't work (i. e. configure prints -"SSL support enabled, but OpenSSL not found" and aborts), you need to -give the explicit prefix of your OpenSSL installation (specify the -directory that contains OpenSSL's "include" subdirectory), for instance: -"--with-ssl=/example/path" would assume that you have an -/example/path/include/openssl/ssl.h header file. +included in the distribution. Fetchmail 6.4 enables these by default. +Fetchmail's configure script will query pkg-config (pkgconf) or failing that, +probe some default locations for the include/openssl/ssl.h file. If this +doesn't work (i. e. configure prints "SSL support enabled, but OpenSSL not +found" and aborts), you need to give the explicit prefix of your OpenSSL +installation (specify the directory that contains OpenSSL's "include" +subdirectory), for instance: "--with-ssl=/example/path" would assume that you +have an /example/path/include/openssl/ssl.h header file. 2.2 Advanced options @@ -142,6 +136,13 @@ Run This should compile fetchmail for your system. If fetchmail fails to build properly, see the FAQ section B on build-time problems. +On multi-core computers, run + + make -j8 + +on a computer that supports 8 CPU threads at the same time (for instance, +Octocore computers or Quad-core computers supporting two threads per core). + 4. INSTALL @@ -59,6 +59,7 @@ removed from a 6.4.0 or newer release.) fetchmail may switch to a different SSL library. * SSLv3 support may be removed from a future fetchmail release. It has been obsolete for many years and found insecure. Use TLS. +* Fetchmailconf is deprecated and will be removed from a future release. -------------------------------------------------------------------------------- @@ -22,9 +22,10 @@ Internet's SDPS, or CRAM-MD5 authentication a la RFC2195. Fetchmail supports end-to-end encryption with OpenSSL, do read README.SSL for details on fetchmail's configuration and README.SSL-SERVER for server-side -requirements. NOTE! To be compatible with earlier releases, fetchmail 6.3's -default behaviour is more relaxed than dictated by the standard - add options -such as --sslcertck to tighten certificate checking. +requirements. NOTE! To be compatible with earlier releases, fetchmail 6.4 +default behaviour is more relaxed than dictated by recommendations - while it +does away with SSLv2, only negotiates SSLv3 if forced to, it will by default +still negotiate TLS v1.0. Portability ----------- @@ -33,10 +34,10 @@ The fetchmail code was developed under Linux, but has also been extensively tested under the BSD variants, AIX, HP-UX versions 9 and 10, SunOS, Solaris, NEXTSTEP, OSF 3.2, IRIX, and Rhapsody once upon a time. -The maintainer no longer has acess to these systems, and assumes that -the system is at least Single-Unix-Specification V2 compatible, yet will -permit a C89 compiler. It currently ships with a copy of the trio library -for systems that lack snprintf(). +The current maintainer does not have access to these systems, and assumes that +the system is at least Single-Unix-Specification V2 compatible, yet fetchmaiil +should be compilable by a C89 compiler. It currently ships with a copy of the +trio library for systems that lack snprintf(). Fetchmail should be able to be compiled with C89, C99, C11, C++98, C++03, C++11, C++14 compilers, but not C++17 because the "register" keyword is diff --git a/README.packaging b/README.packaging index 08d115d0..d4f8bf47 100644 --- a/README.packaging +++ b/README.packaging @@ -1,25 +1,21 @@ README.packaging ================ -fetchmail 6.3 changes relevant for packagers +fetchmail 6.4 changes relevant for packagers -------------------------------------------- Greetings, dear packager! The bullet points below mention a few useful hints for package(r)s: -- Please use OpenSSL and add --with-ssl to the ./configure command line. - SSL/TLS support hasn't been enabled in the default build in order to maintain - fetchmail 6.2 compatibility as far as possible. SSL/TLS however is a highly - recommended compilation option. +- Fetchmail requires a somewhat recent OpenSSL v1.0.2. - Fetchmail now uses automake and supports all common automake targets and overrides such as "make install-strip" or "DESTDIR=..." for staging areas. -- The fetchmailconf script has been renamed to fetchmailconf.py, automake will - install it into Python's top-level site-packages directory and byte-compile - it (so you need to package or remove fetchmailconf.pyc and fetchmailconf.pyo - as well). +- The fetchmailconf script is named fetchmailconf.py, automake will install it + into Python's top-level site-packages directory and byte-compile it (so you + need to package or remove fetchmailconf.pyc and fetchmailconf.pyo as well). - If you want to defeat Python byte-code compilation and would rather like to install fetchmailconf.py yourself, you can add diff --git a/RELEASE-INSTRUCTIONS b/RELEASE-INSTRUCTIONS index 8fbb23ea..5523418b 100644 --- a/RELEASE-INSTRUCTIONS +++ b/RELEASE-INSTRUCTIONS @@ -18,5 +18,3 @@ To do a release: - Update the fetchmail website for version, link to release nodes (update release_id) and last update, commit, and upload. - -- Announce on freshmeat. diff --git a/RELEASEVERSIONS b/RELEASEVERSIONS index 99814c80..aa8113f4 100644 --- a/RELEASEVERSIONS +++ b/RELEASEVERSIONS @@ -1,5 +1,7 @@ Note that this file is kept for historic reference. It will no longer be updated or maintained. +The recent release history can be obtained by looking +at the Git tags. -- Matthias Andree, 2010-02-06 @@ -1,6 +1,6 @@ Note that there is a separate todo.html with different content than this. -6.4 MUST: +soon - MUST: + multiple certs + check alternative passed checks, fingerprints... for interactions + do we support CRLs? @@ -8,8 +8,6 @@ Note that there is a separate todo.html with different content than this. can check their finger prints or certificates in arbitrary ways (grarpamp) + modified UTF-7 (RFC-3501 5.1.3) for mailbox names - -soon - MUST: - blacklist DigiNotar/Comodo/Türktrust hacks/certs, possibly with Chrome's serial# list? - check if wildcards from X.509 are handled as strictly as required by @@ -47,7 +45,6 @@ soon - SHOULD: - CRYPTO: log configured server name on certificate mismatch (perhaps pay attention to via entries and stuff like that) - CRYPTO: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432618 - * write a table of combinations of TLS/SSL options - add To: header to warning mails (authfail for instance) - Fix TOCTOU race around prc_filecheck* - Read CAPABILITY from greeting if present, saves one round trip. @@ -75,8 +72,8 @@ questionable: - fetch IMAP message in one go (fetchmail-devel by Adam Simpkins <simpkins@cisco.com> around Nov 2nd)? -6.4: -- Properly free host/user entries (through C++ class instantiation and destructors...) +- Properly free host/user entries (through C++ class instantiation and + destructors...) - Remove stupid options, such as spambounce, or deferred bounces for anything but wrong addresses - Do not ever guess envelope from content headers such as To:/Cc:/Resent-To: or diff --git a/design-notes.html b/design-notes.html index 4aaba5cb..fc4a2c3b 100644 --- a/design-notes.html +++ b/design-notes.html @@ -26,7 +26,8 @@ <h2>Introduction</h2> -<p>This document is supposed to complement <a +<p>This document's contents were last updated in 2006, around fetchmail 6.3.4/6.3.5 time. +It is supposed to complement <a href="esrs-design-notes.html">Eric S. Raymond's (ESR's) design notes.</a> The new maintainers don't agree with some of the decisions ESR made previously, and the differences and new directions will be laid @@ -35,12 +36,9 @@ the necessary code revisions have been made.</p> <h2>Security</h2> -<p>Fetchmail was handed over in a pretty poor shape, security-wise. It will -happily talk to the network with root privileges, use sscanf() to read -remotely received data into fixed-length stack-based buffers without -length limitation and so on. A full audit is required and security -concepts will have to be applied. Random bits are:</p> - + <p> + Fetchmail 6.2.x was handed over in a pretty poor shape, security-wise. It would happily talk to the network with root privileges, used sscanf() to read remotely received data into fixed-length stack-based buffers without length limitation and so on. A full audit is required and security concepts will have to be applied. Random bits are: + </p> <ul> <li>code talking to the network does not require root privileges and needs to run without root permissions</li> |