diff options
| -rw-r--r-- | .gitignore | 4 | ||||
| -rw-r--r-- | Makefile.am | 2 | ||||
| -rw-r--r-- | NEWS | 9 | ||||
| -rw-r--r-- | TODO.txt | 8 | ||||
| -rw-r--r-- | base64.c | 10 | ||||
| -rw-r--r-- | configure.ac | 44 | ||||
| -rw-r--r-- | cram.c | 2 | ||||
| -rwxr-xr-x | dist-tools/makerelease.pl | 2 | ||||
| -rw-r--r-- | env.c | 2 | ||||
| -rw-r--r-- | fetchmail.c | 2 | ||||
| -rw-r--r-- | fetchmail.h | 5 | ||||
| -rw-r--r-- | fetchmail.man | 6 | ||||
| -rw-r--r-- | gettext.h | 292 | ||||
| -rw-r--r-- | gssapi.c | 23 | ||||
| -rw-r--r-- | i18n.h | 75 | ||||
| -rw-r--r-- | imap.c | 15 | ||||
| -rw-r--r-- | kerberos.c | 6 | ||||
| -rw-r--r-- | ntlmsubr.c | 4 | ||||
| -rw-r--r-- | opie.c | 10 | ||||
| -rw-r--r-- | po/Makevars | 25 | ||||
| -rw-r--r-- | po/de.po | 350 | ||||
| -rw-r--r-- | pop3.c | 9 | ||||
| -rw-r--r-- | sink.c | 17 | ||||
| -rw-r--r-- | smbutil.c | 14 | ||||
| -rw-r--r-- | smtp.c | 11 | ||||
| -rw-r--r-- | socket.c | 33 | ||||
| -rw-r--r-- | transact.c | 6 | ||||
| -rw-r--r-- | uid.c | 3 |
28 files changed, 665 insertions, 324 deletions
@@ -65,3 +65,7 @@ x509_name_match ylwrap \#*# .settings/ +.vscode/ +_build* +ANNOUNCE.EMAIL +ar-lib diff --git a/Makefile.am b/Makefile.am index af9dfeaa..e0fb5c75 100644 --- a/Makefile.am +++ b/Makefile.am @@ -62,7 +62,7 @@ TESTS+= t.regression endif fetchmail_SOURCES= fetchmail.h getopt.h \ - i18n.h kerberos.h fm_md5.h mx.h netrc.h smtp.h \ + gettext.h i18n.h kerberos.h fm_md5.h mx.h netrc.h smtp.h \ socket.h tunable.h \ socket.c getpass.c \ fetchmail.c env.c idle.c options.c daemon.c \ @@ -88,6 +88,10 @@ fetchmail-6.4.0 (not yet released): in favour of another configuration option that makes the insecurity in using this option clearer. +## SECURITY FIXES +* Fetchmail prevents buffer overruns in GSSAPI authentication with user names + beyond c. 6000 characters in length. Reported by Greg Hudson. + ## CHANGES * fetchmail 6.3.X is unsupported. * fetchmail now requires OpenSSL v1.0.2 or newer. @@ -124,6 +128,11 @@ fetchmail-6.4.0 (not yet released): or that #define OPENSSL_NO_SSL3 inside #include <openssl/ssl.h> Related to Debian Bug#775255. Fixes Debian Bug #804604. * Version report lists -SSLv3 on SSL-enabled no-ssl3 builds. +* Fetchmail no longer adds a NUL byte to the username in GSSAPI authentication. + This was reported to break Kerberos-based authentication with Microsoft + Exchange 2013 by Greg Hudson. +* Set umask properly before writing the .fetchids file, to avoid failing the + security check on the next run. Reported by Fabian Raab, Debian Bug#831611. # KNOWN BUGS AND WORKAROUNDS (This section floats upwards through the NEWS file so it stays with the @@ -7,6 +7,7 @@ Note that there is a separate todo.html with different content than this. + optionally spawn a shell out with a pre-set environment so that users can check their finger prints or certificates in arbitrary ways (grarpamp) ++ modified UTF-7 (RFC-3501 5.1.3) for mailbox names soon - MUST: - blacklist DigiNotar/Comodo/Türktrust hacks/certs, possibly with Chrome's serial# @@ -88,10 +89,6 @@ questionable: command terminates with a signal, we should report PS_PROTOCOL. - revisit maximum allowed rcfile permissions, fix inconsistency (silently allowing g+x). -- make UID code more efficient, parsing is O(n^2), should be no worse - than O(n log n), lookup is O(n), should be O(log n). - * Idea for C: use <search.h> tfind/tsearch. Need to split idlist up - so it only keeps the ids, and use an array to track status. - help systematic debugging - by making logging more strict (Postfix's msg_* as example??) - by adding a --loggingtest or something that emits @@ -118,9 +115,7 @@ questionable: but we should abandon that anyways). - CRYPTO: perhaps port to NSS? Check license and features and required procedure changes. - Redhat Bugs #333741 (crypto consolidation), #346891 (port fetchmail to NSS) -- CRYPTO: make the SSL default v3 (rather than v23). - CRYPTO: remove sslfingerprint? too easily abused (see NEWS) -- CRYPTO: force sslcertck - CRYPTO: by default forbid cleartext or other compromising password schemes over insecure connections? - put more hints to the FAQ (should we call it FGA?) as first support place @@ -154,7 +149,6 @@ questionable: - add code to allow safe authentication schemes if TLS fails - make APOP an authenticator, integrate with regular auto authentication but stuff it at the end -- allow forcing RETR (RETR vs. TOP, fetchmail-users, drbob 2008-01-11) - CRYPTO: use SASL? - make logfile more useful (redirect not only in daemon mode) - close/reopen logfile on certain signals (for newsyslog/logrotate @@ -27,23 +27,27 @@ static const char base64val[] = { }; #define DECODE64(c) (isascii((unsigned char)(c)) ? base64val[c] : BAD) -void to64frombits(char *out, const void *in_, int inlen) +int to64frombits(char *out, const void *in_, int inlen, size_t outlen) /* raw bytes in quasi-big-endian order to base 64 string (NUL-terminated) */ { + int rc = 0; const unsigned char *in = (const unsigned char *)in_; for (; inlen >= 3; inlen -= 3) { + if (outlen < 5) { rc = -1; goto fail; } /* buffer too small */ *out++ = base64digits[in[0] >> 2]; *out++ = base64digits[((in[0] << 4) & 0x30) | (in[1] >> 4)]; *out++ = base64digits[((in[1] << 2) & 0x3c) | (in[2] >> 6)]; *out++ = base64digits[in[2] & 0x3f]; in += 3; + outlen -= 4; } if (inlen > 0) { unsigned char fragment; + if (outlen < 5) { rc = -1; goto fail; } /* buffer too small */ *out++ = base64digits[in[0] >> 2]; fragment = (in[0] << 4) & 0x30; if (inlen > 1) @@ -52,7 +56,9 @@ void to64frombits(char *out, const void *in_, int inlen) *out++ = (inlen < 2) ? '=' : base64digits[(in[1] << 2) & 0x3c]; *out++ = '='; } +fail: *out = '\0'; + return rc; } int from64tobits(void *out_, const char *in, int maxlen) @@ -103,7 +109,7 @@ int from64tobits(void *out_, const char *in, int maxlen) } while (*in && *in != '\r' && digit4 != '='); - return (len); + return len; } /* base64.c ends here */ diff --git a/configure.ac b/configure.ac index 0bbb30ad..59a90392 100644 --- a/configure.ac +++ b/configure.ac @@ -9,7 +9,7 @@ dnl Process this file with autoconf to produce a configure script. dnl dnl XXX - if bumping version here, check fetchmail.man, too! -AC_INIT([fetchmail],[6.4.0.beta3],[fetchmail-users@lists.sourceforge.net]) +AC_INIT([fetchmail],[6.4.0.beta4],[fetchmail-users@lists.sourceforge.net]) AC_CONFIG_SRCDIR([fetchmail.h]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_LIBOBJ_DIR([.]) @@ -71,7 +71,6 @@ AC_HEADER_STDC AC_HEADER_TIME AC_TYPE_SIZE_T AC_TYPE_PID_T -AC_TYPE_SIGNAL AC_CHECK_HEADERS([unistd.h termios.h termio.h sgtty.h stdarg.h \ sys/itimer.h fcntl.h sys/fcntl.h memory.h sys/wait.h \ arpa/inet.h arpa/nameser.h netinet/in.h net/socket.h netdb.h \ @@ -141,7 +140,7 @@ AC_CACHE_SAVE dnl i18n AM_GNU_GETTEXT([external], [need-ngettext]) -AM_GNU_GETTEXT_VERSION([0.18.3]) +AM_GNU_GETTEXT_VERSION([0.19.8]) dnl end i18n # Under sysV68, socket and friends are provided by the C library. @@ -778,25 +777,28 @@ then else AC_MSG_ERROR([SSL support enabled, but OpenSSL not found]) fi - LDFLAGS="$LDFLAGS -L$with_ssl/lib" - LIBS="$LIBS -lssl -lcrypto" - dnl check if -ldl is needed - AC_MSG_CHECKING([for additional library dependencies of SSL]) - found=0 - save_LIBS="$LIBS" - for i in "" "-ldl" ; do - LIBS="$LDFLAGS $save_LIBS $i" - AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>],[SSL_library_init()])],[found=1; break]) - done - if test $found = 0 ; then - AC_MSG_RESULT([error]) - AC_MSG_ERROR([cannot link with SSL - check config.log]) - fi - LIBS="$save_LIBS $i" - if test "$i" = "" ; then i="(none)" ; fi - AC_MSG_RESULT($i) - dnl XXX FIXME: use pkg-config if available! + PKG_CHECK_MODULES([SSL],[libssl libcrypto],[LIBS="$LIBS $SSL_LIBS"],[ + AS_MESSAGE([SSL-check: pkg-config check failed, using traditional probe]) + LDFLAGS="$LDFLAGS -L$with_ssl/lib" + LIBS="$LIBS -lssl -lcrypto" + dnl check if -ldl is needed + AC_MSG_CHECKING([for additional library dependencies of SSL]) + found=0 + save_LIBS="$LIBS" + for i in "" "-ldl" ; do + LIBS="$LDFLAGS $save_LIBS $i" + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>],[SSL_connect((SSL *)0)])],[found=1; break]) + done + if test $found = 0 ; then + AC_MSG_RESULT([error]) + AC_MSG_ERROR([cannot link with SSL - check config.log]) + fi + LIBS="$save_LIBS $i" + if test "$i" = "" ; then i="(none)" ; fi + AC_MSG_RESULT($i) + ]) AC_DEFINE(SSL_ENABLE, 1, [Define if you want SSL support compiled in]) + AS_MESSAGE(Enabling SSL support.) else AC_MSG_WARN(Disabling SSL support.) AC_MSG_WARN(Consider re-running configure --with-ssl.) @@ -122,7 +122,7 @@ int do_cram_md5 (int sock, const char *command, struct query *ctl, const char *s response[8], response[9], response[10], response[11], response[12], response[13], response[14], response[15]); - to64frombits (buf1, reply, strlen(reply)); + to64frombits (buf1, reply, strlen(reply), sizeof buf1); /* ship the authentication back, accept the server's responses */ /* PMDF5.2 IMAP has a bug that requires this to be a single write */ diff --git a/dist-tools/makerelease.pl b/dist-tools/makerelease.pl index d7a49cfc..1cb686e8 100755 --- a/dist-tools/makerelease.pl +++ b/dist-tools/makerelease.pl @@ -64,7 +64,7 @@ my $tmp = $ENV{TMPDIR} || $ENV{TMP} || $ENV{TEMP} || "/tmp"; # extract version from source my $version =`grep 'AC_INIT' configure.ac`; -$version =~ /AC_INIT\([^,]*,\[?([0-9.rc-]+)\]?\,.*\)/; +$version =~ /AC_INIT\([^,]*,\[?([0-9.rcbeta-]+)\]?\,.*\)/; $version = $1; die "cannot determine version" unless defined $1; my $tag = "RELEASE_$version"; @@ -243,7 +243,7 @@ char *rfc822timestamp(void) #if defined(HAVE_SETLOCALE) && defined(ENABLE_NLS) setlocale (LC_TIME, ""); #endif - strncpy(strstr(buf, "XXXXX"), tzoffset(&now), 5); + memcpy(strstr(buf, "XXXXX"), tzoffset(&now), 5); #else /* * This is really just a portability fallback, as the diff --git a/fetchmail.c b/fetchmail.c index a8a2dc29..cca131c2 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -142,7 +142,7 @@ static void printcopyright(FILE *fp) { "Copyright (C) 2004 Matthias Andree, Eric S. Raymond,\n" " Robert M. Funk, Graham Wilson\n" "Copyright (C) 2005 - 2012 Sunil Shetye\n" - "Copyright (C) 2005 - 2017 Matthias Andree\n" + "Copyright (C) 2005 - 2018 Matthias Andree\n" )); fprintf(fp, GT_("Fetchmail comes with ABSOLUTELY NO WARRANTY. This is free software, and you\n" "are welcome to redistribute it under certain conditions. For details,\n" diff --git a/fetchmail.h b/fetchmail.h index 98f07742..6a224cae 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -640,8 +640,8 @@ int prc_parse_file(const char *, const flag); int prc_filecheck(const char *, const flag); /* base64.c */ -void to64frombits(char *, const void *, int); -int from64tobits(void *, const char *, int maxlen); +int to64frombits(char *, const void *, int inlen, size_t outlen); +int from64tobits(void *, const char *, int mxoutlen); /* unmime.c */ /* Bit-mask returned by MimeBodyType */ @@ -685,6 +685,7 @@ char *prependdir (const char *, const char *); char *MD5Digest (unsigned const char *); void hmac_md5 (const unsigned char *, size_t, const unsigned char *, size_t, unsigned char *, size_t); int POP3_auth_rpa(char *, char *, int socket); +#define RETSIGTYPE void typedef RETSIGTYPE (*SIGHANDLERTYPE) (int); void deal_with_sigchld(void); RETSIGTYPE null_signal_handler(int sig); diff --git a/fetchmail.man b/fetchmail.man index 5ec054a1..2855eacb 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -2875,6 +2875,12 @@ See fetchmail's NEWS file and fetchmail-SA-2012-01.txt for details. Earlier fetchmail versions (v6.3.21 and older) used to disable this countermeasure, but v6.3.22 no longer does that as a safety precaution. +.IP \fBFETCHMAIL_POP3_FORCE_RETR\fP +(since v6.3.9): +If this environment variable is defined at all (even if empty), fetchmail +will forgo the POP3 TOP command and always use RETR. This can be +used as a workaround when TOP does not work properly. + .IP \fBFETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS\fP (since v6.3.17): If this environment variable is set and not empty, fetchmail will always load diff --git a/gettext.h b/gettext.h new file mode 100644 index 00000000..841b072b --- /dev/null +++ b/gettext.h @@ -0,0 +1,292 @@ +/* Convenience header for conditional use of GNU <libintl.h>. + Copyright (C) 1995-1998, 2000-2002, 2004-2006, 2009-2016 Free Software + Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. */ + +#ifndef _LIBGETTEXT_H +#define _LIBGETTEXT_H 1 + +/* NLS can be disabled through the configure --disable-nls option. */ +#if ENABLE_NLS + +/* Get declarations of GNU message catalog functions. */ +# include <libintl.h> + +/* You can set the DEFAULT_TEXT_DOMAIN macro to specify the domain used by + the gettext() and ngettext() macros. This is an alternative to calling + textdomain(), and is useful for libraries. */ +# ifdef DEFAULT_TEXT_DOMAIN +# undef gettext +# define gettext(Msgid) \ + dgettext (DEFAULT_TEXT_DOMAIN, Msgid) +# undef ngettext +# define ngettext(Msgid1, Msgid2, N) \ + dngettext (DEFAULT_TEXT_DOMAIN, Msgid1, Msgid2, N) +# endif + +#else + +/* Solaris /usr/include/locale.h includes /usr/include/libintl.h, which + chokes if dcgettext is defined as a macro. So include it now, to make + later inclusions of <locale.h> a NOP. We don't include <libintl.h> + as well because people using "gettext.h" will not include <libintl.h>, + and also including <libintl.h> would fail on SunOS 4, whereas <locale.h> + is OK. */ +#if defined(__sun) +# include <locale.h> +#endif + +/* Many header files from the libstdc++ coming with g++ 3.3 or newer include + <libintl.h>, which chokes if dcgettext is defined as a macro. So include + it now, to make later inclusions of <libintl.h> a NOP. */ +#if defined(__cplusplus) && defined(__GNUG__) && (__GNUC__ >= 3) +# include <cstdlib> +# if (__GLIBC__ >= 2 && !defined __UCLIBC__) || _GLIBCXX_HAVE_LIBINTL_H +# include <libintl.h> +# endif +#endif + +/* Disabled NLS. + The casts to 'const char *' serve the purpose of producing warnings + for invalid uses of the value returned from these functions. + On pre-ANSI systems without 'const', the config.h file is supposed to + contain "#define const". */ +# undef gettext +# define gettext(Msgid) ((const char *) (Msgid)) +# undef dgettext +# define dgettext(Domainname, Msgid) ((void) (Domainname), gettext (Msgid)) +# undef dcgettext +# define dcgettext(Domainname, Msgid, Category) \ + ((void) (Category), dgettext (Domainname, Msgid)) +# undef ngettext +# define ngettext(Msgid1, Msgid2, N) \ + ((N) == 1 \ + ? ((void) (Msgid2), (const char *) (Msgid1)) \ + : ((void) (Msgid1), (const char *) (Msgid2))) +# undef dngettext +# define dngettext(Domainname, Msgid1, Msgid2, N) \ + ((void) (Domainname), ngettext (Msgid1, Msgid2, N)) +# undef dcngettext +# define dcngettext(Domainname, Msgid1, Msgid2, N, Category) \ + ((void) (Category), dngettext (Domainname, Msgid1, Msgid2, N)) +# undef textdomain +# define textdomain(Domainname) ((const char *) (Domainname)) +# undef bindtextdomain +# define bindtextdomain(Domainname, Dirname) \ + ((void) (Domainname), (const char *) (Dirname)) +# undef bind_textdomain_codeset +# define bind_textdomain_codeset(Domainname, Codeset) \ + ((void) (Domainname), (const char *) (Codeset)) + +#endif + +/* Prefer gnulib's setlocale override over libintl's setlocale override. */ +#ifdef GNULIB_defined_setlocale +# undef setlocale +# define setlocale rpl_setlocale +#endif + +/* A pseudo function call that serves as a marker for the automated + extraction of messages, but does not call gettext(). The run-time + translation is done at a different place in the code. + The argument, String, should be a literal string. Concatenated strings + and other string expressions won't work. + The macro's expansion is not parenthesized, so that it is suitable as + initializer for static 'char[]' or 'const char[]' variables. */ +#define gettext_noop(String) String + +/* The separator between msgctxt and msgid in a .mo file. */ +#define GETTEXT_CONTEXT_GLUE "\004" + +/* Pseudo function calls, taking a MSGCTXT and a MSGID instead of just a + MSGID. MSGCTXT and MSGID must be string literals. MSGCTXT should be + short and rarely need to change. + The letter 'p' stands for 'particular' or 'special'. */ +#ifdef DEFAULT_TEXT_DOMAIN +# define pgettext(Msgctxt, Msgid) \ + pgettext_aux (DEFAULT_TEXT_DOMAIN, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES) +#else +# define pgettext(Msgctxt, Msgid) \ + pgettext_aux (NULL, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES) +#endif +#define dpgettext(Domainname, Msgctxt, Msgid) \ + pgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES) +#define dcpgettext(Domainname, Msgctxt, Msgid, Category) \ + pgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, Category) +#ifdef DEFAULT_TEXT_DOMAIN +# define npgettext(Msgctxt, Msgid, MsgidPlural, N) \ + npgettext_aux (DEFAULT_TEXT_DOMAIN, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES) +#else +# define npgettext(Msgctxt, Msgid, MsgidPlural, N) \ + npgettext_aux (NULL, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES) +#endif +#define dnpgettext(Domainname, Msgctxt, Msgid, MsgidPlural, N) \ + npgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES) +#define dcnpgettext(Domainname, Msgctxt, Msgid, MsgidPlural, N, Category) \ + npgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, Category) + +#ifdef __GNUC__ +__inline +#else +#ifdef __cplusplus +inline +#endif +#endif +static const char * +pgettext_aux (const char *domain, + const char *msg_ctxt_id, const char *msgid, + int category) +{ + const char *translation = dcgettext (domain, msg_ctxt_id, category); + if (translation == msg_ctxt_id) + return msgid; + else + return translation; +} + +#ifdef __GNUC__ +__inline +#else +#ifdef __cplusplus +inline +#endif +#endif +static const char * +npgettext_aux (const char *domain, + const char *msg_ctxt_id, const char *msgid, + const char *msgid_plural, unsigned long int n, + int category) +{ + const char *translation = + dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); + if (translation == msg_ctxt_id || translation == msgid_plural) + return (n == 1 ? msgid : msgid_plural); + else + return translation; +} + +/* The same thing extended for non-constant arguments. Here MSGCTXT and MSGID + can be arbitrary expressions. But for string literals these macros are + less efficient than those above. */ + +#include <string.h> + +#if (((__GNUC__ >= 3 || __GNUG__ >= 2) && !defined __STRICT_ANSI__) \ + /* || __STDC_VERSION__ >= 199901L */ ) +# define _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS 1 +#else +# define _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS 0 +#endif + +#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS +#include <stdlib.h> +#endif + +#define pgettext_expr(Msgctxt, Msgid) \ + dcpgettext_expr (NULL, Msgctxt, Msgid, LC_MESSAGES) +#define dpgettext_expr(Domainname, Msgctxt, Msgid) \ + dcpgettext_expr (Domainname, Msgctxt, Msgid, LC_MESSAGES) + +#ifdef __GNUC__ +__inline +#else +#ifdef __cplusplus +inline +#endif +#endif +static const char * +dcpgettext_expr (const char *domain, + const char *msgctxt, const char *msgid, + int category) +{ + size_t msgctxt_len = strlen (msgctxt) + 1; + size_t msgid_len = strlen (msgid) + 1; + const char *translation; +#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS + char msg_ctxt_id[msgctxt_len + msgid_len]; +#else + char buf[1024]; + char *msg_ctxt_id = + (msgctxt_len + msgid_len <= sizeof (buf) + ? buf + : (char *) malloc (msgctxt_len + msgid_len)); + if (msg_ctxt_id != NULL) +#endif + { + int found_translation; + memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); + msg_ctxt_id[msgctxt_len - 1] = '\004'; + memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); + translation = dcgettext (domain, msg_ctxt_id, category); + found_translation = (translation != msg_ctxt_id); +#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS + if (msg_ctxt_id != buf) + free (msg_ctxt_id); +#endif + if (found_translation) + return translation; + } + return msgid; +} + +#define npgettext_expr(Msgctxt, Msgid, MsgidPlural, N) \ + dcnpgettext_expr (NULL, Msgctxt, Msgid, MsgidPlural, N, LC_MESSAGES) +#define dnpgettext_expr(Domainname, Msgctxt, Msgid, MsgidPlural, N) \ + dcnpgettext_expr (Domainname, Msgctxt, Msgid, MsgidPlural, N, LC_MESSAGES) + +#ifdef __GNUC__ +__inline +#else +#ifdef __cplusplus +inline +#endif +#endif +static const char * +dcnpgettext_expr (const char *domain, + const char *msgctxt, const char *msgid, + const char *msgid_plural, unsigned long int n, + int category) +{ + size_t msgctxt_len = strlen (msgctxt) + 1; + size_t msgid_len = strlen (msgid) + 1; + const char *translation; +#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS + char msg_ctxt_id[msgctxt_len + msgid_len]; +#else + char buf[1024]; + char *msg_ctxt_id = + (msgctxt_len + msgid_len <= sizeof (buf) + ? buf + : (char *) malloc (msgctxt_len + msgid_len)); + if (msg_ctxt_id != NULL) +#endif + { + int found_translation; + memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); + msg_ctxt_id[msgctxt_len - 1] = '\004'; + memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); + translation = dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); + found_translation = !(translation == msg_ctxt_id || translation == msgid_plural); +#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS + if (msg_ctxt_id != buf) + free (msg_ctxt_id); +#endif + if (found_translation) + return translation; + } + return (n == 1 ? msgid : msgid_plural); +} + +#endif /* _LIBGETTEXT_H */ @@ -202,7 +202,7 @@ cancelfail: return result; return PS_AUTHFAIL; } - to64frombits(buf1, send_token.value, send_token.length); + to64frombits(buf1, send_token.value, send_token.length, sizeof buf1); gss_release_buffer(&min_stat, &send_token); suppress_tags = TRUE; @@ -241,7 +241,7 @@ cancelfail: decode_status("gss_unwrap", maj_stat, min_stat, stderr); report(stderr, GT_("Couldn't unwrap security level data\n")); gss_release_buffer(&min_stat, &send_token); - return PS_AUTHFAIL; + goto cancelfail; } if (outlevel >= O_DEBUG) report(stdout, GT_("Credential exchange complete\n")); @@ -250,7 +250,7 @@ cancelfail: if ( !(((char *)send_token.value)[0] & GSSAUTH_P_NONE) ) { report(stderr, GT_("Server requires integrity and/or privacy\n")); gss_release_buffer(&min_stat, &send_token); - return PS_AUTHFAIL; + goto cancelfail; } ((char *)send_token.value)[0] = 0; buf_size = ntohl(*((long *)send_token.value)); @@ -268,16 +268,25 @@ cancelfail: buf_size = htonl(buf_size); /* do as they do... only matters if we do enc */ memcpy(buf1, &buf_size, 4); buf1[0] = GSSAUTH_P_NONE; - strlcpy(buf1+4, username, sizeof(buf1) - 4); /* server decides if princ is user */ - request_buf.length = 4 + strlen(username) + 1; + if (strlcpy(buf1 + 4, username, sizeof(buf1) - 4) >= sizeof(buf1) - 4) + { + report(stderr, GT_("GSSAPI username too long for static buffer.\n")); + goto cancelfail; + } + /* server decides if princ is user */ + request_buf.length = 4 + strlen(username); request_buf.value = buf1; maj_stat = gss_wrap(&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf, &cflags, &send_token); if (maj_stat != GSS_S_COMPLETE) { report(stderr, GT_("Error creating security level request\n")); - return PS_AUTHFAIL; + goto cancelfail; + } + if ((send_token.length + 3) * 4/3 >= sizeof(buf1) - 1) { + report(stderr, GT_("GSSAPI send_token too large (%lu) while sending username.\n"), (unsigned long)send_token.length); + goto cancelfail; } - to64frombits(buf1, send_token.value, send_token.length); + to64frombits(buf1, send_token.value, send_token.length, sizeof buf1); suppress_tags = TRUE; result = gen_transact(sock, "%s", buf1); @@ -1,72 +1,11 @@ -/* Convenience header for conditional use of GNU <libintl.h>. - Copyright (C) 1995-1998, 2000-2002 Free Software Foundation, Inc. +#ifndef _I18N_H +#define _I18N_H 42 - This program is free software; you can redistribute it and/or modify it - under the terms of the GNU Library General Public License as published - by the Free Software Foundation; either version 2, or (at your option) - any later version. +/* gettext.h is a regular GNU gettext header now */ +#include "gettext.h" - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. +/* local modifications */ +#define GT_(s) gettext(s) +#define N_(s) gettext_noop(s) - You should have received a copy of the GNU Library General Public - License along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, - USA. */ - -#ifndef _LIBGETTEXT_H -#define _LIBGETTEXT_H 1 - -/* NLS can be disabled through the configure --disable-nls option. */ -#ifdef ENABLE_NLS - -/* Get declarations of GNU message catalog functions. */ -# include <libintl.h> - -#else - -/* Solaris /usr/include/locale.h includes /usr/include/libintl.h, which - chokes if dcgettext is defined as a macro. So include it now, to make - later inclusions of <locale.h> a NOP. We don't include <libintl.h> - as well because people using "gettext.h" will not include <libintl.h>, - and also including <libintl.h> would fail on SunOS 4, whereas <locale.h> - is OK. */ -#if defined(__sun) -# include <locale.h> #endif - -/* Disabled NLS. - The casts to 'const char *' serve the purpose of producing warnings - for invalid uses of the value returned from these functions. - On pre-ANSI systems without 'const', the config.h file is supposed to - contain "#define const". */ -# define gettext(Msgid) ((const char *) (Msgid)) -# define dgettext(Domainname, Msgid) ((const char *) (Msgid)) -# define dcgettext(Domainname, Msgid, Category) ((const char *) (Msgid)) -# define ngettext(Msgid1, Msgid2, N) \ - ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2)) -# define dngettext(Domainname, Msgid1, Msgid2, N) \ - ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2)) -# define dcngettext(Domainname, Msgid1, Msgid2, N, Category) \ - ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2)) -# define textdomain(Domainname) ((const char *) (Domainname)) -# define bindtextdomain(Domainname, Dirname) ((const char *) (Dirname)) -# define bind_textdomain_codeset(Domainname, Codeset) ((const char *) (Codeset)) - -#endif - -/* A pseudo function call that serves as a marker for the automated - extraction of messages, but does not call gettext(). The run-time - translation is done at a different place in the code. - The argument, String, should be a literal string. Concatenated strings - and other string expressions won't work. - The macro's expansion is not parenthesized, so that it is suitable as - initializer for static 'char[]' or 'const char[]' variables. */ -#define gettext_noop(String) String - -#define GT_(String) gettext(String) -#define N_(String) gettext_noop(String) - -#endif /* _LIBGETTEXT_H */ @@ -71,7 +71,11 @@ static int imap_untagged_response(int sock, const char *buf) /* log the unexpected bye from server as we expect the * connection to be cut-off after this */ if (outlevel > O_SILENT) - report(stderr, GT_("Received BYE response from IMAP server: %s"), buf + 5); + report(stderr, GT_("Received BYE response from IMAP server: %s\n"), buf + 5); + return PS_SOCKET; /* tell caller to not touch the socket any longer. + Note this is under stage != STAGE_LOGOUT, so when + we are logging out properly, we will complete the + protocol exchange. */ } else if (strstr(buf, " EXISTS")) { @@ -392,7 +396,7 @@ static int do_authcert (int sock, const char *command, const char *name) { size_t len = strlen(name); if ((len / 3) + ((len % 3) ? 4 : 0) < sizeof(buf)) - to64frombits (buf, name, strlen(name)); + to64frombits (buf, name, strlen(name), sizeof buf); else return PS_AUTHFAIL; /* buffer too small. */ } @@ -1301,12 +1305,7 @@ static int imap_delete(int sock, struct query *ctl, int number) { int ok; /* Select which flags to set on message deletion: */ - const char delflags_seen[] = "\\Seen \\Deleted"; - static const char *delflags; - /* Which environment variable to look for: */ - - /* DEFAULT since many fetchmail versions <= 6.3.X */ - delflags = delflags_seen; + static const char delflags[] = "\\Seen \\Deleted"; (void)ctl; /* expunges change the fetch numbers */ @@ -93,16 +93,14 @@ int do_rfc1731(int sock, const char *command, const char *truename) * 32-bit number in network byte order. */ - strncpy(srvinst, truename, (sizeof srvinst)-1); - srvinst[(sizeof srvinst)-1] = '\0'; + strlcpy(srvinst, truename, sizeof srvinst); for (p = srvinst; *p; p++) { if (isupper((unsigned char)*p)) { *p = tolower((unsigned char)*p); } } - strncpy(srvrealm, (char *)krb_realmofhost(srvinst), (sizeof srvrealm)-1); - srvrealm[(sizeof srvrealm)-1] = '\0'; + strlcpy(srvrealm, (char *)krb_realmofhost(srvinst), sizeof srvrealm); if ((p = strchr(srvinst, '.')) != NULL) { *p = '\0'; } @@ -44,7 +44,7 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto) dumpSmbNtlmAuthRequest(stdout, &request); memset(msgbuf,0,sizeof msgbuf); - to64frombits (msgbuf, &request, SmbLength(&request)); + to64frombits (msgbuf, &request, SmbLength(&request), sizeof msgbuf); if (outlevel >= O_MONITOR) report(stdout, "%s> %s\n", proto, msgbuf); @@ -95,7 +95,7 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto) dumpSmbNtlmAuthResponse(stdout, &response); memset(msgbuf,0,sizeof msgbuf); - to64frombits (msgbuf, &response, SmbLength(&response)); + to64frombits (msgbuf, &response, SmbLength(&response), sizeof msgbuf); if (outlevel >= O_MONITOR) report(stdout, "%s> %s\n", proto, msgbuf); @@ -38,12 +38,12 @@ int do_otp(int sock, const char *command, struct query *ctl) if ((rval = gen_recv(sock, buffer, sizeof(buffer)))) return rval; - if (strncmp(buffer, "+", 1)) { + if (strncmp(buffer, "+", 1)) { report(stderr, GT_("server recv fatal\n")); return PS_AUTHFAIL; - } + } - to64frombits(buffer, ctl->remotename, strlen(ctl->remotename)); + to64frombits(buffer, ctl->remotename, strlen(ctl->remotename), sizeof buffer); suppress_tags = TRUE; gen_send(sock, "%s", buffer); suppress_tags = FALSE; @@ -51,7 +51,7 @@ int do_otp(int sock, const char *command, struct query *ctl) if ((rval = gen_recv(sock, buffer, sizeof(buffer)))) return rval; - memset(challenge, '\0', sizeof(challenge)); + memset(challenge, '\0', sizeof(challenge)); if ((i = from64tobits(challenge, buffer+2, sizeof(challenge))) < 0) { report(stderr, GT_("Could not decode OTP challenge\n")); return PS_AUTHFAIL; @@ -70,7 +70,7 @@ int do_otp(int sock, const char *command, struct query *ctl) if (rval) return(PS_AUTHFAIL); - to64frombits(buffer, response, strlen(response)); + to64frombits(buffer, response, strlen(response), sizeof buffer); suppress_tags = TRUE; gen_send(sock, "%s", buffer); suppress_tags = FALSE; diff --git a/po/Makevars b/po/Makevars index 7b1d5df7..70005958 100644 --- a/po/Makevars +++ b/po/Makevars @@ -27,6 +27,13 @@ XGETTEXT_OPTIONS = --keyword=GT_ --keyword=N_ \ # their copyright. COPYRIGHT_HOLDER = Eric S. Raymond +# This tells whether or not to prepend "GNU " prefix to the package +# name that gets inserted into the header of the $(DOMAIN).pot file. +# Possible values are "yes", "no", or empty. If it is empty, try to +# detect it automatically by scanning the files in $(top_srcdir) for +# "GNU packagename" string. +PACKAGE_GNU = + # This is the email address or URL to which the translators shall report # bugs in the untranslated strings: # - Strings which are not entire sentences, see the maintainer guidelines @@ -58,3 +65,21 @@ USE_MSGCTXT = no # --previous to keep previous msgids of translated messages, # --quiet to reduce the verbosity. MSGMERGE_OPTIONS = + +# These options get passed to msginit. +# If you want to disable line wrapping when writing PO files, add +# --no-wrap to MSGMERGE_OPTIONS, XGETTEXT_OPTIONS, and +# MSGINIT_OPTIONS. +MSGINIT_OPTIONS = + +# This tells whether or not to regenerate a PO file when $(DOMAIN).pot +# has changed. Possible values are "yes" and "no". Set this to no if +# the POT file is checked in the repository and the version control +# program ignores timestamps. +PO_DEPENDS_ON_POT = yes + +# This tells whether or not to forcibly update $(DOMAIN).pot and +# regenerate PO files on "make dist". Possible values are "yes" and +# "no". Set this to no if the POT file and PO files are maintained +# externally. +DIST_DEPENDS_ON_UPDATE_PO = yes @@ -8,8 +8,8 @@ msgid "" msgstr "" "Project-Id-Version: fetchmail 6.4.0\n" "Report-Msgid-Bugs-To: fetchmail-devel@lists.sourceforge.net\n" -"POT-Creation-Date: 2017-04-22 23:12+0200\n" -"PO-Revision-Date: 2016-12-12 02:51+0100\n" +"POT-Creation-Date: 2019-05-12 11:07+0200\n" +"PO-Revision-Date: 2019-05-12 11:13+0200\n" "Last-Translator: Matthias Andree <matthias.andree@gmx.de>\n" "Language-Team: Deutsch <de@li.org>\n" "Language: de\n" @@ -578,9 +578,9 @@ msgid "%s: can't determine your host!" msgstr "%s: kann Ihren Host nicht bestimmen!" #: env.c:172 -#, fuzzy, c-format +#, c-format msgid "getaddrinfo failed for %s\n" -msgstr "gethostbyname fehlgeschlagen für %s\n" +msgstr "getaddrinfo fehlgeschlagen für %s\n" #: env.c:174 msgid "Cannot find my own host in hosts database to qualify it!\n" @@ -670,13 +670,13 @@ msgid "" "Copyright (C) 2004 Matthias Andree, Eric S. Raymond,\n" " Robert M. Funk, Graham Wilson\n" "Copyright (C) 2005 - 2012 Sunil Shetye\n" -"Copyright (C) 2005 - 2017 Matthias Andree\n" +"Copyright (C) 2005 - 2018 Matthias Andree\n" msgstr "" "Copyright © 2002, 2003 Eric S. Raymond\n" "Copyright © 2004 Matthias Andree, Eric S. Raymond,\n" " Robert M. Funk, Graham Wilson\n" "Copyright © 2005 - 2012 Sunil Shetye\n" -"Copyright © 2005 - 2017 Matthias Andree\n" +"Copyright © 2005 - 2018 Matthias Andree\n" #: fetchmail.c:147 msgid "" @@ -1781,15 +1781,24 @@ msgstr "Ermittelte Sicherheitsstufen-Flags: %s%s%s\n" msgid "Maximum GSS token size is %ld\n" msgstr "Maximale GSS-Tokengröße ist %ld\n" -#: gssapi.c:277 +#: gssapi.c:273 +msgid "GSSAPI username too long for static buffer.\n" +msgstr "GSSAPI-Benutzername für statischen Puffer zu lang.\n" + +#: gssapi.c:282 msgid "Error creating security level request\n" msgstr "Fehler beim Erstellen der Sicherheitsstufenanfrage\n" -#: gssapi.c:288 +#: gssapi.c:286 +#, c-format +msgid "GSSAPI send_token too large (%lu) while sending username.\n" +msgstr "GSSAPI send_token zu groß (%lu) beim Senden des Benutzernamens.\n" + +#: gssapi.c:297 msgid "Releasing GSS credentials\n" msgstr "Gebe GSS-Beglaubigungen frei\n" -#: gssapi.c:292 +#: gssapi.c:301 msgid "Error releasing credentials\n" msgstr "Fehler beim Freigeben der Beglaubigungen\n" @@ -1800,132 +1809,132 @@ msgstr "fetchmail: Thread schläft für %d Sek.\n" #: imap.c:74 #, c-format -msgid "Received BYE response from IMAP server: %s" -msgstr "\"BYE\"-Antwort vom IMAP-Server erhalten: %s" +msgid "Received BYE response from IMAP server: %s\n" +msgstr "\"BYE\"-Antwort vom IMAP-Server erhalten: %s\n" -#: imap.c:92 +#: imap.c:96 #, c-format msgid "bogus message count in \"%s\"!" msgstr "ungültige Nachrichtenanzahl in \"%s\"!" -#: imap.c:139 +#: imap.c:143 #, c-format msgid "bogus EXPUNGE count in \"%s\"!" msgstr "ungültige Zahl für EXPUNGE in \"%s\"!" -#: imap.c:348 +#: imap.c:352 msgid "Protocol identified as IMAP4 rev 1\n" msgstr "Protokoll identifiziert als IMAP4 rev 1\n" -#: imap.c:354 +#: imap.c:358 msgid "Protocol identified as IMAP4 rev 0\n" msgstr "Protokoll identifiziert als IMAP4 rev 0\n" -#: imap.c:361 +#: imap.c:365 msgid "Protocol identified as IMAP2 or IMAP2BIS\n" msgstr "Protokoll identifiziert als IMAP2 oder IMAP2BIS\n" -#: imap.c:378 +#: imap.c:382 msgid "will idle after poll\n" msgstr "werde nach Abfrage untätig sein\n" -#: imap.c:469 pop3.c:473 +#: imap.c:473 pop3.c:473 #, c-format msgid "%s: upgrade to TLS succeeded.\n" msgstr "%s: Upgrade auf TLS erfolgreich.\n" -#: imap.c:475 pop3.c:479 +#: imap.c:479 pop3.c:479 #, c-format msgid "%s: upgrade to TLS failed.\n" msgstr "%s: Upgrade auf TLS fehlgeschlagen.\n" -#: imap.c:480 +#: imap.c:484 #, c-format msgid "%s: opportunistic upgrade to TLS failed, trying to continue\n" msgstr "" "%s: opportunistisches Upgrade auf TLS fehlgeschlagen, versuche Fortsetzung.\n" -#: imap.c:495 +#: imap.c:499 #, c-format msgid "%s: WARNING: server offered STARTTLS but sslproto '' given.\n" msgstr "" "%s: WARNUNG: Server hat STARTTLS angeboten, aber sslproto '' ist angegeben.\n" -#: imap.c:600 +#: imap.c:604 msgid "Required OTP capability not compiled into fetchmail\n" msgstr "Benötigte OTP-Fähigkeit nicht in fetchmail einkompiliert\n" -#: imap.c:620 pop3.c:559 +#: imap.c:624 pop3.c:559 msgid "Required NTLM capability not compiled into fetchmail\n" msgstr "Benötigte NTLM-Fähigkeit nicht in fetchmail einkompiliert\n" -#: imap.c:629 +#: imap.c:633 msgid "Required LOGIN capability not supported by server\n" msgstr "Benötigte LOGIN-Fähigkeit nicht vom Server unterstützt\n" -#: imap.c:693 +#: imap.c:697 #, c-format msgid "mail expunge mismatch (%d actual != %d expected)\n" msgstr "unerwartete Expunge-Bestätigung (%d tatsächlich != %d erwartet)\n" -#: imap.c:820 +#: imap.c:824 #, c-format msgid "%lu is unseen\n" msgstr "%lu ist ungesehen\n" -#: imap.c:870 pop3.c:846 pop3.c:858 pop3.c:1103 pop3.c:1110 +#: imap.c:874 pop3.c:846 pop3.c:858 pop3.c:1103 pop3.c:1110 #, c-format msgid "%u is unseen\n" msgstr "%u ist ungesehen\n" -#: imap.c:905 imap.c:964 +#: imap.c:909 imap.c:968 msgid "re-poll failed\n" msgstr "erneute Abfrage fehlgeschlagen\n" -#: imap.c:913 imap.c:969 +#: imap.c:917 imap.c:973 #, c-format msgid "%d message waiting after re-poll\n" msgid_plural "%d messages waiting after re-poll\n" msgstr[0] "%d Nachricht wartet nach erneuter Abfrage\n" msgstr[1] "%d Nachrichten warten nach erneuter Abfrage\n" -#: imap.c:930 +#: imap.c:934 msgid "mailbox selection failed\n" msgstr "Postfach-Auswahl fehlgeschlagen\n" -#: imap.c:934 +#: imap.c:938 #, c-format msgid "%d message waiting after first poll\n" msgid_plural "%d messages waiting after first poll\n" msgstr[0] "%d Nachricht wartet nach der ersten Abfrage\n" msgstr[1] "%d Nachrichten warten nach der ersten Abfrage\n" -#: imap.c:948 +#: imap.c:952 msgid "expunge failed\n" msgstr "Säubern fehlgeschlagen\n" -#: imap.c:952 +#: imap.c:956 #, c-format msgid "%d message waiting after expunge\n" msgid_plural "%d messages waiting after expunge\n" msgstr[0] "%d Nachricht wartet nach dem Löschen\n" msgstr[1] "%d Nachrichten warten nach dem Löschen\n" -#: imap.c:991 +#: imap.c:995 msgid "search for unseen messages failed\n" msgstr "Suche nach ungesehenen Nachrichten fehlgeschlagen\n" -#: imap.c:996 pop3.c:867 +#: imap.c:1000 pop3.c:867 #, c-format msgid "%u is first unseen\n" msgstr "%u ist erste ungesehene\n" -#: imap.c:1080 +#: imap.c:1084 msgid "" "Warning: ignoring bogus data for message sizes returned by the server.\n" msgstr "Warnung: ignoriere falsche Größendaten vom Server.\n" -#: imap.c:1179 imap.c:1186 +#: imap.c:1183 imap.c:1190 #, c-format msgid "Incorrect FETCH response: %s.\n" msgstr "Unpassende Antwort auf FETCH: %s.\n" @@ -2014,21 +2023,21 @@ msgstr "Aktivität auf %s war %d, ist %d\n" msgid "could not decode initial BASE64 challenge\n" msgstr "konnte anfängliche BASE64-Herausforderung nicht dekodieren\n" -#: kerberos.c:139 +#: kerberos.c:137 #, c-format msgid "principal %s in ticket does not match -u %s\n" msgstr "Prinzipal %s im Ticket stimmt nicht überein mit -u %s\n" -#: kerberos.c:147 +#: kerberos.c:145 #, c-format msgid "non-null instance (%s) might cause strange behavior\n" msgstr "Nicht-Null-Instanz (%s) könnte merkwürdiges Verhalten hervorrufen\n" -#: kerberos.c:213 +#: kerberos.c:211 msgid "could not decode BASE64 ready response\n" msgstr "konnte BASE64-Bestätigungs-Erwiderung nicht dekodieren\n" -#: kerberos.c:220 +#: kerberos.c:218 msgid "challenge mismatch\n" msgstr "Herausforderung stimmt nicht überein\n" @@ -2564,7 +2573,7 @@ msgstr "Protokollfehler beim Holen der UIDL\n" msgid "id=%s (num=%d) was deleted, but is still present!\n" msgstr "id=%s (num=%d) wurde gelöscht, ist aber immer noch da!\n" -#: pop3.c:1444 +#: pop3.c:1445 msgid "Option --folder is not supported with POP3\n" msgstr "Option --folder wird mit POP3 nicht unterstützt\n" @@ -2829,114 +2838,114 @@ msgstr "Bitte geben sie den Dienst als dezimale Portnummer an.\n" msgid "forwarding to %s\n" msgstr "weitergeleitet an %s\n" -#: sink.c:318 +#: sink.c:319 msgid "SMTP: (bounce-message body)\n" msgstr "SMTP: (Körper der Umleitungs-Nachricht)\n" -#: sink.c:321 +#: sink.c:322 #, c-format msgid "mail from %s bounced to %s\n" msgstr "Post von %s umgeleitet zu %s\n" -#: sink.c:456 +#: sink.c:457 #, c-format msgid "Saved error is still %d\n" msgstr "Gespeicherter Fehler ist immer noch %d\n" -#: sink.c:508 sink.c:607 +#: sink.c:509 sink.c:608 #, c-format msgid "%cMTP error: %s\n" msgstr "%cMTP-Fehler: %s\n" -#: sink.c:552 +#: sink.c:553 msgid "SMTP server requires STARTTLS, keeping message.\n" msgstr "SMTP-Server erfordert STARTTLS, behalte Nachricht.\n" -#: sink.c:735 +#: sink.c:736 #, c-format msgid "BSMTP file open failed: %s\n" msgstr "Öffnen der BSMTP-Datei fehlgeschlagen: %s\n" -#: sink.c:781 +#: sink.c:782 #, c-format msgid "BSMTP preamble write failed: %s.\n" msgstr "Schreiben der BSMTP-Präambel fehlgeschlagen: %s.\n" -#: sink.c:995 +#: sink.c:996 #, c-format msgid "%cMTP listener doesn't like recipient address `%s'\n" msgstr "%cMTP-Server mag Empfängeradresse „%s“ nicht\n" -#: sink.c:1002 +#: sink.c:1003 #, c-format msgid "%cMTP listener doesn't really like recipient address `%s'\n" msgstr "%cMTP-Server mag Empfänger-Adresse „%s“ irgendwie nicht\n" -#: sink.c:1048 +#: sink.c:1049 msgid "no address matches; no postmaster set.\n" msgstr "keine Adressen stimmten überein; kein Postmaster gesetzt.\n" -#: sink.c:1060 +#: sink.c:1061 #, c-format msgid "can't even send to %s!\n" msgstr "kann noch nicht einmal an %s senden!\n" -#: sink.c:1066 +#: sink.c:1067 #, c-format msgid "no address matches; forwarding to %s.\n" msgstr "keine Adressen stimmten überein; leite an %s weiter.\n" -#: sink.c:1222 +#: sink.c:1223 #, c-format msgid "about to deliver with: %s\n" msgstr "werde mit %s ausliefern\n" -#: sink.c:1233 +#: sink.c:1234 #, c-format msgid "Cannot switch effective user id to %ld: %s\n" msgstr "Kann nicht zur User-ID %ld umschalten: %s\n" -#: sink.c:1245 +#: sink.c:1246 #, c-format msgid "Cannot switch effective user id back to original %ld: %s\n" msgstr "Kann nicht zur ursprünglichen User-ID %ld zurückschalten: %s\n" -#: sink.c:1252 +#: sink.c:1253 msgid "MDA open failed\n" msgstr "MDA Öffnen fehlgeschlagen\n" -#: sink.c:1291 +#: sink.c:1292 #, c-format msgid "%cMTP connect to %s failed\n" msgstr "%cMTP-Verbindung zu %s fehlgeschlagen\n" -#: sink.c:1315 +#: sink.c:1316 #, c-format msgid "can't raise the listener; falling back to %s" msgstr "kann SMTP/LMTP-Server nicht erreichen; falle zurück auf %s" -#: sink.c:1373 +#: sink.c:1374 #, c-format msgid "Message termination or close of BSMTP file failed: %s\n" msgstr "" "Nachrichtenbeendigung oder Schließen der BSMTP-Datei fehlgeschlagen: %s\n" -#: sink.c:1398 +#: sink.c:1399 #, c-format msgid "Error writing to MDA: %s\n" msgstr "Fehler beim Transport an den MDA: %s\n" -#: sink.c:1401 +#: sink.c:1402 #, c-format msgid "MDA died of signal %d\n" msgstr "MDA starb durch Signal %d\n" -#: sink.c:1404 +#: sink.c:1405 #, c-format msgid "MDA returned nonzero status %d\n" msgstr "MDA gab Status %d ungleich Null zurück\n" -#: sink.c:1407 +#: sink.c:1408 #, c-format msgid "" "Strange: MDA pclose returned %d and errno %d/%s, cannot handle at %s:%d\n" @@ -2944,20 +2953,20 @@ msgstr "" "Merkwürdig: MDA pclose gab %d und errno %d/%s zurück, kann das nicht " "behandeln bei %s:%d\n" -#: sink.c:1432 +#: sink.c:1433 msgid "SMTP listener refused delivery\n" msgstr "SMTP-Server verweigerte Auslieferung\n" -#: sink.c:1462 +#: sink.c:1463 msgid "LMTP delivery error on EOM\n" msgstr "LMTP-Auslieferungsfehler bei EOM\n" -#: sink.c:1465 +#: sink.c:1466 #, c-format msgid "Unexpected non-503 response to LMTP EOM: %s\n" msgstr "Unerwartete Nicht-503-Erwiderung auf LMTP EOM: %s\n" -#: sink.c:1623 +#: sink.c:1632 msgid "The Fetchmail Daemon" msgstr "Der Fetchmail-Dämon" @@ -2986,84 +2995,84 @@ msgstr "ESMTP-PLAIN-Authentifikation...\n" msgid "ESMTP LOGIN Authentication...\n" msgstr "ESMTP-LOGIN-Authentifikation...\n" -#: smtp.c:349 smtp.c:377 +#: smtp.c:348 smtp.c:376 msgid "smtp listener protocol error\n" msgstr "Protokollfehler im SMTP-Server\n" -#: socket.c:110 socket.c:137 +#: socket.c:110 socket.c:139 msgid "fetchmail: malloc failed\n" msgstr "fetchmail: malloc fehlgeschlagen\n" -#: socket.c:169 +#: socket.c:171 msgid "fetchmail: socketpair failed\n" msgstr "fetchmail socketpair fehlgeschlagen\n" -#: socket.c:175 +#: socket.c:177 msgid "fetchmail: fork failed\n" msgstr "fetchmail: fork fehlgeschlagen\n" -#: socket.c:182 +#: socket.c:184 msgid "dup2 failed\n" msgstr "dup2 fehlgeschlagen\n" -#: socket.c:188 +#: socket.c:190 #, c-format msgid "running %s (host %s service %s)\n" msgstr "benutze %s (Host %s, Service %s)\n" -#: socket.c:193 +#: socket.c:195 #, c-format msgid "execvp(%s) failed\n" msgstr "execvp(%s) fehlgeschlagen\n" -#: socket.c:268 +#: socket.c:270 #, c-format msgid "getaddrinfo(\"%s\",\"%s\") error: %s\n" msgstr "getaddrinfo(\"%s\",\"%s\")-Fehler: %s\n" -#: socket.c:271 +#: socket.c:273 msgid "Try adding the --service option (see also FAQ item R12).\n" msgstr "Geben Sie die --service-Option an (siehe auch FAQ-Punkt R12).\n" -#: socket.c:285 socket.c:288 +#: socket.c:287 socket.c:290 #, c-format msgid "unknown (%s)" msgstr "unbekannt (%s)" -#: socket.c:291 +#: socket.c:293 #, c-format msgid "Trying to connect to %s/%s..." msgstr "Versuche, mit %s/%s zu verbinden..." -#: socket.c:300 +#: socket.c:302 #, c-format msgid "cannot create socket: %s\n" msgstr "kann Socket nicht erzeugen: %s\n" -#: socket.c:302 +#: socket.c:304 #, c-format msgid "name %d: cannot create socket family %d type %d: %s\n" msgstr "Name %d: kann Socket in Familie %d Typ %d nicht erzeugen: %s\n" -#: socket.c:320 +#: socket.c:322 msgid "connection failed.\n" msgstr "Verbindung fehlgeschlagen.\n" -#: socket.c:322 +#: socket.c:324 #, c-format msgid "connection to %s:%s [%s/%s] failed: %s.\n" msgstr "Verbindung zu %s:%s [%s/%s] fehlgeschlagen: %s.\n" -#: socket.c:323 +#: socket.c:325 #, c-format msgid "name %d: connection to %s:%s [%s/%s] failed: %s.\n" msgstr "Name %d: Verbindung zu %s:%s [%s/%s] fehlgeschlagen: %s.\n" -#: socket.c:329 +#: socket.c:331 msgid "connected.\n" msgstr "verbunden.\n" -#: socket.c:342 +#: socket.c:344 #, c-format msgid "" "Connection errors for this poll:\n" @@ -3072,132 +3081,137 @@ msgstr "" "Verbindungsfehler für diesen Abruf:\n" "%s" -#: socket.c:404 +#: socket.c:406 #, c-format msgid "OpenSSL reported: %s\n" msgstr "OpenSSL berichtete: %s\n" -#: socket.c:639 +#: socket.c:641 +#, c-format +msgid "SSL verify callback depth %d: preverify_ok == %d, err = %d, %s\n" +msgstr "SSL-Prüfung-Rückruf bei Tiefe %d: preverify_ok == %d, err = %d, %s\n" + +#: socket.c:647 msgid "Server certificate:\n" msgstr "Server-Zertifikat:\n" -#: socket.c:644 +#: socket.c:652 #, c-format msgid "Certificate chain, from root to peer, starting at depth %d:\n" msgstr "Zertifizierungskette, von der Wurzel zum Server, ab Tiefe %d:\n" -#: socket.c:647 +#: socket.c:655 #, c-format msgid "Certificate at depth %d:\n" msgstr "Zertifikat bei Baumtiefe %d:\n" -#: socket.c:653 +#: socket.c:661 #, c-format msgid "Issuer Organization: %s\n" msgstr "Herausgeber-Organisation: %s\n" -#: socket.c:656 +#: socket.c:664 msgid "Warning: Issuer Organization Name too long (possibly truncated).\n" msgstr "" "Warnung: Herausgeber-Organisations-Name zu lang (möglicherweise " "beschnitten).\n" -#: socket.c:658 +#: socket.c:666 msgid "Unknown Organization\n" msgstr "Unbekannte Organisation\n" -#: socket.c:660 +#: socket.c:668 #, c-format msgid "Issuer CommonName: %s\n" msgstr "Herausgeber-CommonName: %s\n" -#: socket.c:663 +#: socket.c:671 msgid "Warning: Issuer CommonName too long (possibly truncated).\n" msgstr "" "Warnung: Herausgeber-CommonName zu lang (möglicherweise beschnitten).\n" -#: socket.c:665 +#: socket.c:673 msgid "Unknown Issuer CommonName\n" msgstr "Unbekannter Herausgeber-CommonName\n" -#: socket.c:671 +#: socket.c:679 #, c-format msgid "Subject CommonName: %s\n" msgstr "Subjekt-CommonName: %s\n" -#: socket.c:677 +#: socket.c:685 msgid "Bad certificate: Subject CommonName too long!\n" msgstr "Ungültiges Zertifikat: Server-CommonName zu lang!\n" -#: socket.c:683 +#: socket.c:691 msgid "Bad certificate: Subject CommonName contains NUL, aborting!\n" msgstr "Ungültiges Zertifikat: Subject-CommonName enthält NUL, breche ab!\n" -#: socket.c:711 +#: socket.c:719 #, c-format msgid "Subject Alternative Name: %s\n" msgstr "Subject Alternative Name: %s\n" -#: socket.c:717 +#: socket.c:725 msgid "Bad certificate: Subject Alternative Name contains NUL, aborting!\n" msgstr "" "Ungültiges Zertifikat: Subject-Alternative-Name enthält NUL, breche ab!\n" -#: socket.c:734 +#: socket.c:742 #, c-format msgid "Server CommonName mismatch: %s != %s\n" msgstr "Server-CommonName stimmt nicht überein: %s != %s\n" -#: socket.c:741 +#: socket.c:749 msgid "Server name not set, could not verify certificate!\n" msgstr "Server-Name nicht gesetzt, konnte Zertifikat nicht verifizieren!\n" -#: socket.c:746 +#: socket.c:754 msgid "Unknown Server CommonName\n" msgstr "Unbekannter Server-CommonName\n" -#: socket.c:748 +#: socket.c:756 msgid "Server name not specified in certificate!\n" msgstr "Server-Name nicht in Zertifikat spezifiziert!\n" -#: socket.c:760 +#: socket.c:768 msgid "EVP_md5() failed!\n" msgstr "EVP_md5() fehlgeschlagen!\n" -#: socket.c:764 +#: socket.c:772 msgid "Out of memory!\n" msgstr "Kein Speicher mehr frei!\n" -#: socket.c:772 +#: socket.c:780 msgid "Digest text buffer too small!\n" msgstr "Textpuffer für Digest zu klein!\n" -#: socket.c:778 +#: socket.c:786 #, c-format msgid "%s key fingerprint: %s\n" msgstr "%s-Schlüssel-Fingerabdruck: %s\n" -#: socket.c:782 +#: socket.c:790 #, c-format msgid "%s fingerprints match.\n" msgstr "%s-Fingerabdrücke stimmen überein.\n" -#: socket.c:784 +#: socket.c:792 #, c-format msgid "%s fingerprints do not match!\n" msgstr "%s-Fingerabdrücke stimmen nicht überein!\n" -#: socket.c:796 +#: socket.c:804 #, c-format msgid "Server certificate verification error: %s\n" msgstr "Fehler bei Server-Zertifikat-Überprüfung: %s\n" -#: socket.c:811 +#: socket.c:819 #, c-format msgid "Broken certification chain at: %s\n" msgstr "Unterbrochene Zertifizierungskette bei: %s\n" -#: socket.c:813 +#: socket.c:821 msgid "" "This could mean that the server did not provide the intermediate CA's " "certificate(s), which is nothing fetchmail could do anything about. For " @@ -3209,12 +3223,12 @@ msgstr "" "nichts ändern. Für weitere Information, siehe das mit Fetchmail " "ausgelieferte Dokument README.SSL-SERVER.\n" -#: socket.c:823 +#: socket.c:831 #, c-format msgid "Missing trust anchor certificate: %s\n" msgstr "Fehlendes Zertifikat als Vertrauensquelle: %s\n" -#: socket.c:826 +#: socket.c:834 msgid "" "This could mean that the root CA's signing certificate is not in the trusted " "CA certificate location, or that c_rehash needs to be run on the certificate " @@ -3226,31 +3240,30 @@ msgstr "" "Verzeichnis ausgeführt werden muss. Details sind in der fetchmail-" "Handbuchseite im bei --sslcertpath beschrieben.\n" -#: socket.c:899 socket.c:975 +#: socket.c:907 socket.c:985 msgid "Your OpenSSL version does not support SSLv3.\n" msgstr "Ihre OpenSSL-Version unterstützt SSLv3 nicht.\n" -#: socket.c:917 socket.c:993 +#: socket.c:925 socket.c:1003 msgid "Your OpenSSL version does not support TLS v1.1.\n" msgstr "Ihre OpenSSL-Version unterstützt TLS v1.1 nicht.\n" -#: socket.c:928 socket.c:1004 +#: socket.c:936 socket.c:1014 msgid "Your OpenSSL version does not support TLS v1.2.\n" msgstr "Ihre OpenSSL-Version unterstützt TLS v1.2 nicht.\n" -#: socket.c:939 socket.c:1015 -#, fuzzy +#: socket.c:947 socket.c:1025 msgid "Your OpenSSL version does not support TLS v1.3.\n" -msgstr "Ihre OpenSSL-Version unterstützt TLS v1.1 nicht.\n" +msgstr "Ihre OpenSSL-Version unterstützt TLS v1.3 nicht.\n" -#: socket.c:948 socket.c:1025 +#: socket.c:956 socket.c:1035 #, c-format msgid "Invalid SSL protocol '%s' specified, using default autoselect (auto).\n" msgstr "" "Ungültiges SSL-Protokoll „%s“ angegeben, benutze Voreinstellung automatische " "Wahl (auto).\n" -#: socket.c:1055 +#: socket.c:1070 #, c-format msgid "" "Loaded OpenSSL library %#lx older than headers %#lx, refusing to work.\n" @@ -3258,7 +3271,7 @@ msgstr "" "Geladene OpenSSL-Bibliothek %#lx is älter als Header %#lx, verweigere " "Arbeit.\n" -#: socket.c:1060 +#: socket.c:1075 #, c-format msgid "" "Loaded OpenSSL library %#lx newer than headers %#lx, trying to continue.\n" @@ -3266,11 +3279,11 @@ msgstr "" "Geladene OpenSSL-Bibliothek %#lx neuer als Header %#lx, versuche, " "weiterzumachen.\n" -#: socket.c:1080 +#: socket.c:1095 msgid "File descriptor out of range for SSL" msgstr "Datei-Deskriptor außerhalb des Bereichs für SSL" -#: socket.c:1100 +#: socket.c:1115 msgid "" "Note that some distributions disable older protocol versions in weird non-" "standard ways. Try a newer protocol version.\n" @@ -3279,38 +3292,47 @@ msgstr "" "nicht-standardisierte Weisen abschalten. Versuchen Sie eine neuere " "Protokollversion.\n" -#: socket.c:1168 +#: socket.c:1183 #, c-format msgid "" "Warning: SSL_set_tlsext_host_name(%p, \"%s\") failed (code %#lx), trying to " "continue.\n" msgstr "" +"Warnung: SSL_set_tlsext_host_name(%p, \\\"%s\\\") fehlgeschlagen (code " +"%#lx), versuche fortzusetzen.\n" -#: socket.c:1202 +#: socket.c:1198 +#, c-format +msgid "" +"Warning: X509_VERIFY_PARAM_set1_host(%p, \"%s\") failed (code %#x), trying " +"to continue.\n" +msgstr "Warnung: X509_VERIFY_PARAM_set1_host(%p, \\\"%s\\\") fehlgeschlagen (code %#x), versuche fortzusetzen.\n" + +#: socket.c:1233 msgid "Server shut down connection prematurely during SSL_connect().\n" msgstr "" "Der Server hat die Verbindung bei SSL_connect() vorzeitig geschlossen.\n" -#: socket.c:1204 +#: socket.c:1235 #, c-format msgid "System error during SSL_connect(): %s\n" msgstr "Systemfehler während SSL_connect(): %s\n" -#: socket.c:1224 +#: socket.c:1255 msgid "Cannot obtain current SSL/TLS cipher - no session established?\n" msgstr "" "Kann aktuelle SSL/TLS-Chiffre nicht ermitteln - keine Sitzung aufgebaut?\n" -#: socket.c:1227 +#: socket.c:1258 #, c-format msgid "SSL/TLS: using protocol %s, cipher %s, %d/%d secret/processed bits\n" msgstr "SSL/TLS: Protokoll %s, Chiffre %s, %d/%d geheime/verarbeitete bits\n" -#: socket.c:1234 +#: socket.c:1265 msgid "Certificate/fingerprint verification was somehow skipped!\n" msgstr "Zertifikat-/Fingerabdruck-Überprüfung wurde irgendwie übersprungen!\n" -#: socket.c:1251 +#: socket.c:1282 msgid "" "Warning: the connection is insecure, continuing anyways. (Better use --" "sslcertck!)\n" @@ -3318,11 +3340,11 @@ msgstr "" "Warnung: Die Verbindung ist unsicher, mache trotzdem weiter. (Nehmen Sie " "lieber --sslcertck!)\n" -#: socket.c:1293 +#: socket.c:1324 msgid "Cygwin socket read retry\n" msgstr "Cygwin-Socket-Lese-Wiederholung\n" -#: socket.c:1296 +#: socket.c:1327 msgid "Cygwin socket read retry failed!\n" msgstr "Cygwin-Socket-Lese-Wiederholung fehlgeschlagen!\n" @@ -3378,88 +3400,87 @@ msgstr "inkorrekte Kopfzeile gefunden - siehe Handbuch unter bad-header\n" msgid "line: %s" msgstr "Zeile: %s" -#: transact.c:1107 transact.c:1117 +#: transact.c:1105 transact.c:1115 #, c-format msgid "Parsing envelope \"%s\" names \"%-.*s\"\n" msgstr "Analysiere Umschlag \"%s\" Namen \"%-.*s\"\n" -#: transact.c:1132 +#: transact.c:1130 #, c-format msgid "Parsing Received names \"%-.*s\"\n" msgstr "Received-Kopfzeile \"%-.*s\" wird analysiert\n" -#: transact.c:1144 +#: transact.c:1142 msgid "No envelope recipient found, resorting to header guessing.\n" msgstr "" "Kein Empfänger auf dem Umschlag gefunden, muss anhand der Kopfzeilen raten.\n" -#: transact.c:1162 +#: transact.c:1160 #, c-format msgid "Guessing from header \"%-.*s\".\n" msgstr "Rate anhand der Kopfzeile \"%-.*s\".\n" -#: transact.c:1177 +#: transact.c:1175 #, c-format msgid "no local matches, forwarding to %s\n" msgstr "keine lokalen Übereinstimmungen, Weiterleitung an %s\n" -#: transact.c:1192 +#: transact.c:1190 msgid "forwarding and deletion suppressed due to DNS errors\n" msgstr "Weiterleiten und Löschen wegen DNS-Fehlern unterdrückt\n" -#: transact.c:1303 +#: transact.c:1301 msgid "writing RFC822 msgblk.headers\n" msgstr "schreibe RFC822 msgblk.headers\n" -#: transact.c:1322 +#: transact.c:1320 msgid "no recipient addresses matched declared local names" msgstr "keine Empfängeradresse stimmt mit deklarierten lokalen Namen überein" -#: transact.c:1329 +#: transact.c:1327 #, c-format msgid "recipient address %s didn't match any local name" msgstr "Empfängeradresse %s stimmt mit keinem lokalen Namen überein" -#: transact.c:1338 +#: transact.c:1336 msgid "message has embedded NULs" msgstr "Nachricht hat eingebettete NUL-Zeichen" -#: transact.c:1346 +#: transact.c:1344 msgid "SMTP listener rejected local recipient addresses: " msgstr "SMTP-Server lehnte Adressen mit lokalem Empfänger ab: " -#: transact.c:1396 +#: transact.c:1394 msgid "error writing message text\n" msgstr "Fehler beim Schreiben des Nachrichtentextes\n" -#: transact.c:1672 +#: transact.c:1670 #, c-format msgid "Buffer too small. This is a bug in the caller of %s:%lu.\n" msgstr "Der Puffer ist zu klein. Dies ist ein Fehler im Aufrufer von %s:%lu.\n" #: uid.c:262 -#, fuzzy, c-format +#, c-format msgid "Old UID list from %s:\n" -msgstr "Alte UID-Liste aus %s:" +msgstr "Alte UID-Liste aus %s:\n" #: uid.c:266 uid.c:275 uid.c:343 msgid " <empty>" msgstr " <leer>" #: uid.c:273 -#, fuzzy msgid "Scratch list of UIDs:\n" -msgstr "Leere UID-Liste:" +msgstr "UID-Kritzelliste:\n" #: uid.c:357 uid.c:401 -#, fuzzy, c-format +#, c-format msgid "Merged UID list from %s:\n" -msgstr "Vereinigte UID-Liste aus %s:" +msgstr "Vereinigte UID-Liste aus %s:\n" #: uid.c:360 -#, fuzzy, c-format +#, c-format msgid "New UID list from %s:\n" -msgstr "Neue UID-Liste aus %s:" +msgstr "Neue UID-Liste aus %s:\n" #: uid.c:390 msgid "not swapping UID lists, no UIDs seen this query\n" @@ -3479,26 +3500,26 @@ msgstr "Datei fetchids wird gelöscht.\n" msgid "Error deleting %s: %s\n" msgstr "Fehler beim Löschen von %s: %s\n" -#: uid.c:475 +#: uid.c:476 msgid "Writing fetchids file.\n" msgstr "Datei fetchids wird geschrieben.\n" -#: uid.c:488 uid.c:497 +#: uid.c:490 uid.c:499 #, c-format msgid "Write error on fetchids file %s: %s\n" msgstr "Fehler beim Schreiben der fetchids Datei %s: %s\n" -#: uid.c:509 +#: uid.c:511 #, c-format msgid "Error writing to fetchids file %s, old file left in place.\n" msgstr "Fehler beim Schreiben in die UID-Datei %s, alte Datei belassen.\n" -#: uid.c:513 +#: uid.c:515 #, c-format msgid "Cannot rename fetchids file %s to %s: %s\n" msgstr "Kann UID-Datei %s nicht in %s umbennen: %s\n" -#: uid.c:517 +#: uid.c:519 #, c-format msgid "Cannot open fetchids file %s for writing: %s\n" msgstr "Kann UID-Datei %s nicht zum Schreiben öffnen: %s\n" @@ -3510,6 +3531,3 @@ msgstr "malloc fehlgeschlagen\n" #: xmalloc.c:42 msgid "realloc failed\n" msgstr "realloc fehlgeschlagen\n" - -#~ msgid "swapping UID lists\n" -#~ msgstr "UID-Listen werden ausgetauscht\n" @@ -914,7 +914,7 @@ static int pop3_slowuidl( int sock, struct query *ctl, int *countp, int *newp) return ok; rec = last_uid_in_db(&ctl->oldsaved, id); - try_nr = rec ? rec->pos : -1; + try_nr = rec ? (int)rec->pos : -1; } else { try_id = *countp+1; try_nr = -1; @@ -939,7 +939,7 @@ static int pop3_slowuidl( int sock, struct query *ctl, int *countp, int *newp) return ok; rec = find_uid_by_id(&ctl->oldsaved, id); - try_nr = rec ? rec->pos : -1; + try_nr = rec ? (int)rec->pos : -1; } if( try_nr == -1 ) { try_id--; @@ -1370,8 +1370,9 @@ static int pop3_delete(int sock, struct query *ctl, int number) if (ok != PS_SUCCESS) return(ok); - rec = find_uid_by_num(dofastuidl ? &ctl->oldsaved : &ctl->newsaved, number); - rec->status = UID_DELETED; + if ((rec = find_uid_by_num(dofastuidl ? &ctl->oldsaved : &ctl->newsaved, number))) + rec->status = UID_DELETED; + return(PS_SUCCESS); } @@ -245,7 +245,8 @@ static void sanitize(char *s) char *rcpt_address(struct query *ctl, const char *id, int usesmtpname) { - static char addr[HOSTLEN+USERNAMELEN+1]; + static char addr[HOSTLEN+USERNAMELEN+1000]; + if (strchr(id, '@')) { snprintf(addr, sizeof (addr), "%s", id); @@ -844,7 +845,7 @@ static int open_smtp_sink(struct query *ctl, struct msgblk *msg, const char *ap; struct idlist *idp; char options[MSGBUFSIZE]; - char addr[HOSTLEN+USERNAMELEN+1]; + char addr[HOSTLEN+USERNAMELEN+1000]; #ifdef EXPLICIT_BOUNCE_ON_BAD_ADDRESS char **from_responses; #endif /* EXPLICIT_BOUNCE_ON_BAD_ADDRESS */ @@ -1490,8 +1491,16 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) } if (smtp_err != SM_OK) { - responses[errors] = xstrdup(smtp_response); - errors++; + /* + * amavis returns the SMTP code from the recieving + * host after the DATA-DOT. So we need to compare the + * response to the antispam option here instead. + */ + if (handle_smtp_report(ctl, msg) != PS_REFUSED) { + /* Only count an error if the message was not refused */ + responses[errors] = xstrdup(smtp_response); + errors++; + } } } @@ -73,14 +73,14 @@ dumpRaw(fp,((unsigned char*)structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&s static void dumpRaw(FILE *fp, unsigned char *buf, size_t len) - { - size_t i; - - for (i=0; i<len; ++i) - fprintf(fp,"%02x ",buf[i]); - +{ + size_t i; + + for (i=0; i<len; ++i) + fprintf(fp,"%02x ",buf[i]); + fprintf(fp,"\n"); - } +} /* helper macro to destructively resize buffers; assumes that bufsiz * is initialized to 0 if buf is unallocated! */ @@ -106,7 +106,7 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password, digest[9], digest[10], digest[11], digest[12], digest[13], digest[14], digest[15]); - to64frombits(b64buf, tmp, strlen(tmp)); + to64frombits(b64buf, tmp, strlen(tmp), sizeof b64buf); SockPrintf(sock, "%s\r\n", b64buf); SMTP_ok(sock, smtp_mode, TIMEOUT_DEFAULT); } @@ -122,7 +122,7 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password, if (tmp[c] == '^') tmp[c] = '\0'; } - to64frombits(b64buf, tmp, len); + to64frombits(b64buf, tmp, len, sizeof b64buf); SockPrintf(sock, "AUTH PLAIN %s\r\n", b64buf); SMTP_ok(sock, smtp_mode, TIMEOUT_DEFAULT); } @@ -144,7 +144,7 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password, SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n")); return; } - to64frombits(b64buf, username, strlen(username)); + to64frombits(b64buf, username, strlen(username), sizeof b64buf); SockPrintf(sock, "%s\r\n", b64buf); SockRead(sock, smtp_response, sizeof(smtp_response) - 1); strlcpy(tmp, smtp_response, sizeof(tmp)); @@ -159,7 +159,7 @@ static void SMTP_auth(int sock, char smtp_mode, char *username, char *password, SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n")); return; } - to64frombits(b64buf, password, strlen(password)); + to64frombits(b64buf, password, strlen(password), sizeof b64buf); SockPrintf(sock, "%s\r\n", b64buf); SMTP_ok(sock, smtp_mode, TIMEOUT_DEFAULT); } @@ -204,8 +204,7 @@ int SMTP_ehlo(int sock, char smtp_mode, const char *host, char *name, char *pass if (!strncasecmp(hp->name, smtp_response+4, strlen(hp->name))) { *opt |= hp->value; if (strncmp(hp->name, "AUTH ", 5) == 0) - strncpy(auth_response, smtp_response, sizeof(auth_response)); - auth_response[sizeof(auth_response)-1] = '\0'; + strlcpy(auth_response, smtp_response, sizeof(auth_response)); } if ((smtp_response[0] == '1' || smtp_response[0] == '2' || smtp_response[0] == '3') && smtp_response[3] == ' ') { if (*opt & ESMTP_AUTH) @@ -217,7 +217,7 @@ int UnixOpen(const char *path) struct sockaddr_un ad; memset(&ad, 0, sizeof(ad)); ad.sun_family = AF_UNIX; - strncpy(ad.sun_path, path, sizeof(ad.sun_path)-1); + strlcpy(ad.sun_path, path, sizeof(ad.sun_path)); sock = socket( AF_UNIX, SOCK_STREAM, 0 ); if (sock < 0) @@ -636,6 +636,12 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict ) subj = X509_get_subject_name(x509_cert); issuer = X509_get_issuer_name(x509_cert); + if (outlevel >= O_DEBUG) { + if (SSLverbose) + report(stdout, GT_("SSL verify callback depth %d: preverify_ok == %d, err = %d, %s\n"), + depth, ok_return, err, X509_verify_cert_error_string(err)); + } + if (outlevel >= O_VERBOSE) { if (depth == 0 && SSLverbose) report(stdout, GT_("Server certificate:\n")); @@ -954,8 +960,10 @@ static int OSSL10X_proto_version_logic(int sock, const char **myproto, int *avoi return 0; } #define OSSL_proto_version_logic(a,b,c) OSSL10X_proto_version_logic((a),(b),(c)) +#undef OSSL110_API #else /* implementation for OpenSSL 1.1.0 */ +#define OSSL110_API 1 static int OSSL110_proto_version_logic(int sock, const char **myproto, int *avoid_ssl_versions) { @@ -1049,11 +1057,16 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck int ssle_connect = 0; long ver; +#ifndef OSSL110_API SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_algorithms(); /* see Debian Bug#576430 and manpage */ + ver = SSLeay(); +#else + ver = OpenSSL_version_num(); +#endif - if ((ver = SSLeay()) < OPENSSL_VERSION_NUMBER) { + if (ver < OPENSSL_VERSION_NUMBER) { report(stderr, GT_("Loaded OpenSSL library %#lx older than headers %#lx, refusing to work.\n"), (long)ver, (long)(OPENSSL_VERSION_NUMBER)); return -1; } @@ -1172,6 +1185,22 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck } } + /* OpenSSL >= 1.0.2: set host name for verification */ + /* XXX FIXME: do we need to change the function's signature and pass the akalist to + * permit the other hostnames through SSL? */ + /* https://wiki.openssl.org/index.php/Hostname_validation */ + { + int r; + X509_VERIFY_PARAM *param = SSL_get0_param(_ssl_context[sock]); + + X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + if (0 == (r = X509_VERIFY_PARAM_set1_host(param, servercname, strlen(servercname)))) { + report(stderr, GT_("Warning: X509_VERIFY_PARAM_set1_host(%p, \"%s\") failed (code %#x), trying to continue.\n"), + (void *)_ssl_context[sock], servercname, r); + ERR_print_errors_fp(stderr); + } + } + if( mycert || mykey ) { /* Ok... He has a certificate file defined, so lets declare it. If @@ -821,8 +821,7 @@ eoh: already_has_return_path = TRUE; if (cp[0]=='\0') /* nxtaddr() strips the brackets... */ cp=nulladdr; - strncpy(msgblk.return_path, cp, sizeof(msgblk.return_path)); - msgblk.return_path[sizeof(msgblk.return_path)-1] = '\0'; + strlcpy(msgblk.return_path, cp, sizeof(msgblk.return_path)); if (!ctl->mda) { free(line); continue; @@ -1079,8 +1078,7 @@ process_headers: else if (app_from_offs >= 0 && (ap = nxtaddr(msgblk.headers + app_from_offs))) {} /* multi-line MAIL FROM addresses confuse SMTP terribly */ if (ap && !strchr(ap, '\n')) { - strncpy(msgblk.return_path, ap, sizeof(msgblk.return_path)); - msgblk.return_path[sizeof(msgblk.return_path)-1] = '\0'; + strlcpy(msgblk.return_path, ap, sizeof(msgblk.return_path)); } } @@ -469,11 +469,13 @@ void write_saved_lists(struct query *hostlist, const char *idfile) report(stderr, GT_("Error deleting %s: %s\n"), idfile, strerror(errno)); } else { char *newnam = (char *)xmalloc(strlen(idfile) + 2); + mode_t old_umask; strcpy(newnam, idfile); strcat(newnam, "_"); if (outlevel >= O_DEBUG) report(stdout, GT_("Writing fetchids file.\n")); (void)unlink(newnam); /* remove file/link first */ + old_umask = umask(S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH | S_IXOTH); if ((tmpfp = fopen(newnam, "w")) != (FILE *)NULL) { struct write_saved_info info; int errflg = 0; @@ -517,6 +519,7 @@ bailout: report(stderr, GT_("Cannot open fetchids file %s for writing: %s\n"), newnam, strerror(errno)); } free(newnam); + (void)umask(old_umask); } } #endif /* POP3_ENABLE */ |