Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update security info on web site. | Matthias Andree | 2012-08-30 | 3 | -1/+15 |
| | |||||
* | Update copyright and SecAnn' version. | Matthias Andree | 2012-08-30 | 3 | -7/+7 |
| | |||||
* | Update. | Matthias Andree | 2012-08-29 | 1 | -4/+4 |
| | |||||
* | Get ready for 6.3.22 release. | Matthias Andree | 2012-08-29 | 21 | -2086/+2100 |
| | |||||
* | Update translations and NEWS. | Matthias Andree | 2012-08-20 | 4 | -998/+1194 |
| | |||||
* | Warn if SSL is disabled, suggest --with-ssl. | Matthias Andree | 2012-08-17 | 2 | -1/+5 |
| | |||||
* | Fix installation when PYTHON is enabled. | Matthias Andree | 2012-08-17 | 2 | -7/+4 |
| | | | | | | The Python-related Makefile.am parts were simplified to avoid an automake 1.11.X bug around noinst_PYTHON, Automake Bug #10995. http://lists.gnu.org/archive/html/automake-patches/2012-03/txtbYNp7SPawU.txt | ||||
* | GSSAPI build fix. | Matthias Andree | 2012-08-15 | 3 | -6/+19 |
| | | | | | | The GSSAPI-related autoconf code now matches gssapi.c better, and uses a different check to look for GSS_C_NT_HOSTBASED_SERVICE. This fixes the GSSAPI-enabled build on NetBSD 6 Beta. | ||||
* | Update translations. | Matthias Andree | 2012-08-15 | 4 | -483/+517 |
| | |||||
* | Correct title/topic, remove dates (6.3.22 isn't out yet), and re-sign. | Matthias Andree | 2012-08-15 | 1 | -9/+9 |
| | |||||
* | Fix compiler warnings. | Matthias Andree | 2012-08-14 | 1 | -4/+8 |
| | |||||
* | Fix compiler aliasing warning. | Matthias Andree | 2012-08-14 | 2 | -16/+19 |
| | |||||
* | Fix length argument to memset(). | Matthias Andree | 2012-08-14 | 1 | -1/+1 |
| | |||||
* | Validate NTLM challenge fields. | Matthias Andree | 2012-08-14 | 4 | -18/+47 |
| | | | | | This is to avoid reading from bad locations, and possibly conveying confidential data. Credit to Nico Golde. | ||||
* | Add CVE-Id and sign. | Matthias Andree | 2012-08-14 | 1 | -1/+12 |
| | |||||
* | reword | Matthias Andree | 2012-08-13 | 1 | -2/+3 |
| | |||||
* | Add new Swedish translation, by Göran Uddeborg. | Matthias Andree | 2012-08-13 | 3 | -1/+3182 |
| | |||||
* | Fix advisory no. in header. | Matthias Andree | 2012-08-13 | 1 | -1/+1 |
| | |||||
* | Reformat, inserting blank line. | Matthias Andree | 2012-08-13 | 1 | -0/+1 |
| | |||||
* | Document fix for NTLM crash, + Security advisory (draft). | Matthias Andree | 2012-08-13 | 3 | -1/+109 |
| | |||||
* | Update German translation. | Matthias Andree | 2012-08-13 | 1 | -84/+93 |
| | |||||
* | Fix crash: Handle invalid base64 in NTLM challenge. | Matthias Andree | 2012-08-13 | 1 | -1/+8 |
| | | | | | | | | | | | | | | Some servers, for instance the MS Exchange servers deployed by the US-American National Aeronautics and Space Administration (NASA), aborted the NTLM protocol exchange after receiving the initial request. Fetchmail did not detect that there was an error message, rather than NTLM protocol exchange, and caught a segmentation fault while reading from a bad location. Detect base64 decoding errors, and return PS_AUTHFAIL in this case. Reported by J[ames] Porter Clark. | ||||
* | Document license change in CHANGES. | Matthias Andree | 2012-08-02 | 1 | -1/+5 |
| | |||||
* | Properly erase MD5Context in MD5Final. | Matthias Andree | 2012-05-31 | 1 | -1/+1 |
| | | | | Found by clang. | ||||
* | fetchmail workaround for a bug in Microsoft Exchange | Sunil Shetye | 2012-05-10 | 4 | -4/+31 |
| | | | | | | | treat missing header in response to a FETCH command as a transient error (Reported by John Connett) if there are too many transient errors, log it. | ||||
* | Relicense security/errata notices as CC BY-ND 3.0. | Matthias Andree | 2012-05-03 | 15 | -136/+232 |
| | | | | Removing the NC/noncommercial clause, to ease redistribution. | ||||
* | Add fetchmail-SA-2012-01.txt. | Matthias Andree | 2012-05-03 | 2 | -0/+112 |
| | |||||
* | Bump version to 6.3.22. | Matthias Andree | 2012-05-03 | 2 | -3/+3 |
| | |||||
* | Fix CVE-2011-3389 by clearing SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS... | Matthias Andree | 2012-05-03 | 3 | -3/+42 |
| | | | | | | | ...from SSL options, unless FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE is a non-empty environment variable. Suggested by Apple. | ||||
* | Validate XHTML 1.0 stuff even when skipping 1.1. | Matthias Andree | 2012-04-01 | 3 | -10/+31 |
| | |||||
* | Mention Zimbra FETCH () workaround by Mikulas Patocka | Matthias Andree | 2011-11-22 | 1 | -0/+5 |
| | |||||
* | fetchmail workaround for a bug in Zimbra | Mikulas Patocka | 2011-11-22 | 1 | -1/+2 |
| | | | | | | | | | | | | | | | | | Zimbra occasionally returns this response: fetchmail: IMAP> A0007 FETCH 1 RFC822.HEADER fetchmail: IMAP< * 1 FETCH () fetchmail: IMAP< A0007 OK FETCH completed It happens when there is a corrupted message without a header in the database. (I don't know how this message could be created, I just see it there). When fetchmail encounters such resonse, it gives up and disconnects. This patch changes it so that PS_TRANSIENT is returned in this case and fetchmail continues to fetch following messages correctly. | ||||
* | Fix build on SSLv2-disabled OpenSSL setups | Matthias Andree | 2011-10-26 | 4 | -1/+19 |
| | | | | | | | | On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to fix the build) and print a run-time error that the OS does not support SSLv2. Fixes Debian Bug #622054, but note that that bug report has a more thorough patch that does away with SSLv2 altogether. | ||||
* | Mention that user@server must be unique. | Matthias Andree | 2011-09-06 | 1 | -1/+5 |
| | |||||
* | Add items. | Matthias Andree | 2011-09-06 | 1 | -0/+4 |
| | |||||
* | Print Server certificate: banner on stdout rather than stderr. | Matthias Andree | 2011-08-30 | 2 | -1/+6 |
| | | | | Reported by Henry Jensen, fixes Debian Bug #639807. | ||||
* | Update website for 6.3.21. | Matthias Andree | 2011-08-21 | 1 | -5/+5 |
| | |||||
* | Import translations. | Matthias Andree | 2011-08-21 | 22 | -74/+75 |
| | |||||
* | Bump version to 6.3.21, mark release date. | Matthias Andree | 2011-08-21 | 3 | -3/+3 |
| | |||||
* | Mention rawlog.patch in NEWS. | Matthias Andree | 2011-08-21 | 1 | -0/+5 |
| | |||||
* | Drop obsolete file TODO-6.3.20. | Matthias Andree | 2011-08-21 | 1 | -11/+0 |
| | |||||
* | Critical fix: don't embed NUL in unterminated last IMAP line. | Matthias Andree | 2011-08-21 | 2 | -0/+20 |
| | | | | Found by Antoine Levitt. | ||||
* | Revert SO_???TIMEO-based STARTTLS timeout handling. | Matthias Andree | 2011-08-21 | 1 | -0/+11 |
| | | | | | | | | | | | | | | This reverts commits 47c05b10018f5ec7493e4bd9f521aaa18d96f1e2 and 72ce8bce8dd655b6aefa33d0a74e883dad5202b5, the code isn't portable, for instance, Solaris does not support SO_RCVTIMEO/SO_SNDTIMEO. These socket-level options are known, but Solaris returns EAFNOSUPPORT. Reported by Jonathan Buschmann. Conflicts: NEWS socket.c | ||||
* | Add rawlog.patch. | Matthias Andree | 2011-08-21 | 1 | -0/+114 |
| | |||||
* | Drop vendor-sec@lst.de, defunct. | Matthias Andree | 2011-08-16 | 1 | -2/+1 |
| | |||||
* | Remove redundant double A_OTP check. | Thomas Jarosch | 2011-08-02 | 1 | -2/+0 |
| | |||||
* | Fix function signature to match prototype. | Matthias Andree | 2011-06-17 | 1 | -1/+1 |
| | | | | Found by Lars Hecking. | ||||
* | Merge branch 'legacy_63' of gitorious.org:fetchmail/fetchmail into legacy_63 | Matthias Andree | 2011-06-07 | 4 | -26/+26 |
|\ | |||||
| * | Update website. | Matthias Andree | 2011-06-06 | 3 | -26/+16 |
| | | |||||
| * | Sign SA 2011-01/CVE-2011-1947. | Matthias Andree | 2011-06-06 | 1 | -0/+10 |
| | |