aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update <sv> Swedish translation to fetchmail 6.4.22.rc1Göran Uddeborg2021-08-281-474/+765
|
* Get ready for 6.4.22.rc2.Matthias Andree2021-08-277-1256/+721
|
* Credit fr/eo translators.Matthias Andree2021-08-271-0/+4
|
* Update <fr> French translation to fetchmail-6.4.22.rc1Frédéric Marchal2021-08-271-524/+906
|
* Update <eo> Esperanto translation to fetchmail 6.4.22.rc1Keith Bowes2021-08-271-465/+737
|
* imap.c, pop3.c: fix protocol regression of 6.4.22.rc1Matthias Andree2021-08-273-68/+82
| | | | | | | | | | | | | | | fetchmail 6.4.22.rc1 clobbered its IMAP state too late, and lost information on the protocol version in many circumstances. Consequently, it tried to talk IMAP4 to IMAP4rev1 servers, which failed. This fix the clear_sessiondata() out to the new constructor and destructor, such that imap_getauth() only needs to call it after STARTTLS, when it must re-probe CAPABILITY anyways. This was the same bug for POP3, which however does not collect state from the greeting, so that the bug was without effect for POP3. Reported by: Corey Halpin, FreeBSD port maintainer.
* etrn.c, odmr.c, pop2.c: declare NULL con-/destructorsMatthias Andree2021-08-273-1/+7
|
* struct method: introduce con-/destructorsMatthias Andree2021-08-272-0/+13
| | | | | | | These can be used before setting up or after closing down a socket for protocol-specific initialisiation or cleanup, and are required to cleanly fix up the IMAP-loses-protocol-version regression without too many temporary hacks in the code.
* NEWS: fix typo.Matthias Andree2021-08-271-1/+1
|
* README.SSL-SERVER: require TLS 1.2/1.3Matthias Andree2021-08-271-0/+5
|
* get ready for 6.4.22.rc1.Matthias Andree2021-08-273-20/+32
|
* Doxyfile: updatesMatthias Andree2021-08-271-53/+122
|
* Add CVE ID; revise TLS docs & fetchmail-SA-2021-02Matthias Andree2021-08-274-87/+94
|
* fetchmail.c: Fix SIGSEGV optmerge()ing "no envelope"Matthias Andree2021-08-273-2/+7
| | | | | | | | Reported by Bjørn Mork, fixes Debian Bug#992400. Crash happens inside xstrdup() on a strlen((char *)-1) where the argument is constant and the trigger is a local trusted configuration file, so not deemed a vulnerability.
* po/de.po: Update German translation.Matthias Andree2021-08-271-274/+333
|
* Misc POP3 cleanups.Matthias Andree2021-08-261-5/+6
|
* SECURITY: imap.c, pop3.c: STARTTLS drops stateMatthias Andree2021-08-262-35/+43
| | | | | We need to lose all state after STARTTLS to safeguard from attacks against the clear-text part of the session.
* NEWS: reword 6.4.21 regression fix to include --syslogMatthias Andree2021-08-261-1/+1
|
* fetchmail.c: reword port/--ssl checks to nudge user towards --sslMatthias Andree2021-08-261-2/+2
|
* sanity check well-known POP3/IMAP ports vs. SSLMatthias Andree2021-08-262-0/+13
| | | | | Gitlab: Closes #31. (cherry picked from commit da6eb347af326912560f56081d603a0a78c3d56d)
* lock.c: fix unused-value warning in unlockit().Matthias Andree2021-08-261-2/+5
|
* POP3: make CAPA parser caseblind.Matthias Andree2021-08-262-0/+4
|
* xmalloc.h: Add GCC malloc attribute to xmalloc().Matthias Andree2021-08-261-1/+5
|
* imap.c, report.c: remove or comment dead stores.Matthias Andree2021-08-262-3/+6
|
* SECURITY: POP3: changes for --auth ssh and RPAMatthias Andree2021-08-263-43/+69
| | | | | These no longer defeat STARTTLS negotiation, and RPA is only attempted with --auth any.
* NEWS: Deprecate RPA and other nonstandard auth' schemes.Matthias Andree2021-08-261-0/+4
|
* socket.c: plugin/plugout SIGSEGV and memleak fixesMatthias Andree2021-08-262-12/+30
|
* IMAP: record server's CAPABILITY data in pre-auth state.Matthias Andree2021-08-262-7/+47
| | | | Saves one or two (STARTTLS) application-level round-trips.
* IMAP: report 'upgrade to TLS succeeded' before CAPA probeMatthias Andree2021-08-261-4/+4
| | | | ...after successful STARTTLS, to show the logical order of events.
* SECURITY: IMAP: no longer permit LOGIN with LOGINDISABLED.Matthias Andree2021-08-262-35/+43
|
* fetchmail.c: fix typo in comment.Matthias Andree2021-08-261-1/+1
|
* IMAP: log error if --auth external requested but server does not advertise it.Matthias Andree2021-08-263-35/+56
|
* imap.c: one FIXME for command continuation requestsMatthias Andree2021-08-261-0/+3
|
* IMAP: two more AUTHENTICATE EXTERNAL fixesMatthias Andree2021-08-262-2/+17
|
* IMAP: fix base64 length calc. for AUTH=EXTERNALMatthias Andree2021-08-263-1/+7
| | | | to make code more correct or readable; to64frombits does not overflow its buffer
* IMAP: don't send * after failed AUTHENTICATE EXTERNALMatthias Andree2021-08-262-2/+4
| | | | ...i. e. after receiving tagged response.
* IMAP: rename misnamed function and variableMatthias Andree2021-08-261-5/+5
|
* Bump version to 6.4.22.rc1Matthias Andree2021-08-262-2/+2
|
* manpage: Fix indentation under --sslprotoMatthias Andree2021-08-261-3/+3
| | | | The 2nd and 3rd paragraph used .PP, fix this to use .IP.
* SECURITY: IMAP: --auth ssh no longer prevents STARTTLSMatthias Andree2021-08-263-18/+27
|
* SECURITY: IMAP: PREAUTH->abort if STARTTLS neededMatthias Andree2021-08-265-64/+230
| | | | | | | | | | On --sslproto auto (or other nonempty values), when receiving IMAP PREAUTH state, abort the connection, rather than continuing with cleartext. --ssl is unaffected because it always negotiates TLS. See fetchmail-SA-2021-02.txt for details.
* 6.5.0.beta5: mention regression fix and idle timeout.Matthias Andree2021-08-091-1/+2
|
* Announce 6.4.21 and 6.5.0.beta5.Matthias Andree2021-08-091-10/+12
|
* Bump version to 6.4.21.Matthias Andree2021-08-092-2/+2
|
* Update fetchmail-SA-2021-01.txt with info on regression fix. v1.3.Matthias Andree2021-08-091-22/+40
|
* NEWS/6.4.20: Fix typo in CVE number.Matthias Andree2021-08-091-1/+1
|
* Fix --logfile and message truncation issue.Matthias Andree2021-08-092-1/+20
| | | | | | | | | | | | | | | | | Regression in 6.4.20's security fix (Git commit c546c829). We doubly incremented partial_message_size_used on modern systems (stdard.h/vsnprintf), once in report_vbuild() and then again in report_build(), so the 2nd and subsequent report_build() fragments landed too late in the buffer. This will not cause overruns due to the reallocation prior to the vsnprintf/sprintf, but it write starts behind the '\0' byte, instead of right over it, so the string also gets truncated to the first fragment written with report_vbuild(). Fix by moving the increment back into the #else...#endif part that does not use report_vbuild(). Reported by: Jürgen Edner, Erik Christiansen
* fetchmail-SA-2021-01.txt: Replace copy by symlinkMatthias Andree2021-08-031-119/+1
| | | | for website, for consistency with other fetchmail security announcements
* update fetchmail-SA-2021-01Matthias Andree2021-08-031-40/+51
| | | | and reference fetchmail-SA-2008-01/CVE-2008-2711
* website: ext. link updates for openssh, getmail6Matthias Andree2021-08-031-2/+4
|