diff options
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | TODO.txt | 3 | ||||
| -rw-r--r-- | rcfile_y.y | 2 |
3 files changed, 5 insertions, 3 deletions
@@ -66,6 +66,9 @@ fetchmail 6.3.9 (not yet released): * No longer complain about invalid sslproto "" when POP3 CAPA probe fails. Fixes Debian Bug#421446 (Holger Leskien), Novell Bug #247233 (Jon Nelson). Thanks to Matthias Strauß for a configuration to reproduce the issue. +* Allow .fetchmailrc and .fetchids to be symlinks, as the manpage does not + document they aren't allowed - fixes Debian Bug #452907 (Roger Leigh). + TOCTOU race persists. # CHANGES: * Removed dead FETCHMAIL_DEBUG code from fetchmail.h that was disabled by @@ -6,8 +6,6 @@ soon - MUST: Earl Chew, 2007-07-30T02:28) - publish SA-2007-02 after release - Peter O'Gorman 2007-10-31 fetchmail-6.3.8 portability patches [-devel list] -- Debian Bug #452907 .fetchmailrc not permitted to be a symlink - (restriction not mentioned in manpage, also affects .idfile) soon - SHOULD: - BerliOS Bug #11576, thread on fetchmail users "Invalid SSL certificate" by @@ -18,6 +16,7 @@ soon - SHOULD: - add To: header to warning mails (authfail for instance) - Debian Bug#449179, smbutil.c:90: unicodeToString: Assertion `len+1 < sizeof buf' failed, from Stepan Golosunov <stepan@golosunov.pp.ru> +- Fix TOCTOU race around prc_filecheck* soon - MAY: - https://bugzilla.novell.com/show_bug.cgi?id=246829 - fetchmail lost some mail @@ -404,7 +404,7 @@ int prc_filecheck(const char *pathname, process, it must have permissions no greater than 600, and it must not be a symbolic link. We check these conditions here. */ - if (lstat(pathname, &statbuf) < 0) { + if (stat(pathname, &statbuf) < 0) { if (errno == ENOENT) return(PS_SUCCESS); else { |