aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* SECURITY: POP3: changes for --auth ssh and RPAMatthias Andree2021-08-263-43/+69
| | | | | These no longer defeat STARTTLS negotiation, and RPA is only attempted with --auth any.
* NEWS: Deprecate RPA and other nonstandard auth' schemes.Matthias Andree2021-08-261-0/+4
|
* socket.c: plugin/plugout SIGSEGV and memleak fixesMatthias Andree2021-08-262-12/+30
|
* IMAP: record server's CAPABILITY data in pre-auth state.Matthias Andree2021-08-262-7/+47
| | | | Saves one or two (STARTTLS) application-level round-trips.
* IMAP: report 'upgrade to TLS succeeded' before CAPA probeMatthias Andree2021-08-261-4/+4
| | | | ...after successful STARTTLS, to show the logical order of events.
* SECURITY: IMAP: no longer permit LOGIN with LOGINDISABLED.Matthias Andree2021-08-262-35/+43
|
* fetchmail.c: fix typo in comment.Matthias Andree2021-08-261-1/+1
|
* IMAP: log error if --auth external requested but server does not advertise it.Matthias Andree2021-08-263-35/+56
|
* imap.c: one FIXME for command continuation requestsMatthias Andree2021-08-261-0/+3
|
* IMAP: two more AUTHENTICATE EXTERNAL fixesMatthias Andree2021-08-262-2/+17
|
* IMAP: fix base64 length calc. for AUTH=EXTERNALMatthias Andree2021-08-263-1/+7
| | | | to make code more correct or readable; to64frombits does not overflow its buffer
* IMAP: don't send * after failed AUTHENTICATE EXTERNALMatthias Andree2021-08-262-2/+4
| | | | ...i. e. after receiving tagged response.
* IMAP: rename misnamed function and variableMatthias Andree2021-08-261-5/+5
|
* Bump version to 6.4.22.rc1Matthias Andree2021-08-262-2/+2
|
* manpage: Fix indentation under --sslprotoMatthias Andree2021-08-261-3/+3
| | | | The 2nd and 3rd paragraph used .PP, fix this to use .IP.
* SECURITY: IMAP: --auth ssh no longer prevents STARTTLSMatthias Andree2021-08-263-18/+27
|
* SECURITY: IMAP: PREAUTH->abort if STARTTLS neededMatthias Andree2021-08-265-64/+230
| | | | | | | | | | On --sslproto auto (or other nonempty values), when receiving IMAP PREAUTH state, abort the connection, rather than continuing with cleartext. --ssl is unaffected because it always negotiates TLS. See fetchmail-SA-2021-02.txt for details.
* 6.5.0.beta5: mention regression fix and idle timeout.Matthias Andree2021-08-091-1/+2
|
* Announce 6.4.21 and 6.5.0.beta5.Matthias Andree2021-08-091-10/+12
|
* Bump version to 6.4.21.Matthias Andree2021-08-092-2/+2
|
* Update fetchmail-SA-2021-01.txt with info on regression fix. v1.3.Matthias Andree2021-08-091-22/+40
|
* NEWS/6.4.20: Fix typo in CVE number.Matthias Andree2021-08-091-1/+1
|
* Fix --logfile and message truncation issue.Matthias Andree2021-08-092-1/+20
| | | | | | | | | | | | | | | | | Regression in 6.4.20's security fix (Git commit c546c829). We doubly incremented partial_message_size_used on modern systems (stdard.h/vsnprintf), once in report_vbuild() and then again in report_build(), so the 2nd and subsequent report_build() fragments landed too late in the buffer. This will not cause overruns due to the reallocation prior to the vsnprintf/sprintf, but it write starts behind the '\0' byte, instead of right over it, so the string also gets truncated to the first fragment written with report_vbuild(). Fix by moving the increment back into the #else...#endif part that does not use report_vbuild(). Reported by: Jürgen Edner, Erik Christiansen
* fetchmail-SA-2021-01.txt: Replace copy by symlinkMatthias Andree2021-08-031-119/+1
| | | | for website, for consistency with other fetchmail security announcements
* update fetchmail-SA-2021-01Matthias Andree2021-08-031-40/+51
| | | | and reference fetchmail-SA-2008-01/CVE-2008-2711
* website: ext. link updates for openssh, getmail6Matthias Andree2021-08-031-2/+4
|
* Update website for 6.5.0.beta4 release.Matthias Andree2021-08-033-13/+141
|
* update Git commit hash for CVE-2021-36386 correctionMatthias Andree2021-07-281-15/+16
|
* fetchmail-SA-2021-01: GnuPG clearsign.Matthias Andree2021-07-281-0/+19
|
* Get ready for 6.4.20.Matthias Andree2021-07-284-6/+6
|
* Add fetchmail-SA-2021-01.txt. CVE-2021-36386.Matthias Andree2021-07-282-0/+100
|
* Fix SIGSEGV when resizing report*() buffer.Matthias Andree2021-07-282-61/+95
| | | | | | | | | | | | | | Reported (with a different patch suggestion) by Christian Herdtweck <christian.herdtweck@intra2net.com>. Note that vsnprintf() calls va_arg(), and depending on operating system, compiler, configuration, this will invalidate the va_list argument pointer, so that va_start has to be called again before a subsequent vsnprintf(). However, it is better to do away with the loop and the trial-and-error, and leverage the return value of vsnprintf instead for a direct one-off resizing, whilst taking into account that on SUSv2 systems, the return value can be useless if the size argument to vsnprintf is 0.
* website: Announce 6.5.0-beta3.Matthias Andree2021-04-241-3/+3
|
* Announce 6.4.19 on website.Matthias Andree2021-04-241-4/+4
|
* Checkin what's in the 6.4.19 tarballs.Matthias Andree2021-04-242-771/+527
|
* Get ready for 6.4.19.Matthias Andree2021-04-243-3/+3
|
* fetchmailconf: properly catch and report option parsing errorsMatthias Andree2021-04-242-10/+27
|
* NEWS: credit Miroslav Nikolić for updating translation.Matthias Andree2021-03-311-0/+4
|
* Update <sr> Serbian translation to fetchmail-6.4.16-rc1Мирослав Николић2021-03-311-451/+723
|
* fetchmail.c: LMTP don't validate "port" on UNIX-domain socketsMatthias Andree2021-03-292-3/+11
| | | | | | (those with a file path). Closes: #33
* Update K6 again and format in <code> tags.Matthias Andree2021-03-291-4/+7
|
* Improve SSL/TLS documentation, and rearrange manualMatthias Andree2021-03-293-92/+113
| | | | | Move SSL subsection up under AUTHENTICATION and ENCRYPTION, where it belongs.
* Merge remote-tracking branch 'origin/legacy_64' into legacy_64Matthias Andree2021-03-271-1/+1
|\ | | | | | | | | * origin/legacy_64: COPYING: fix typo
| * COPYING: fix typoMatthias Andree2021-03-251-1/+1
| |
* | website: Announce 6.4.18Matthias Andree2021-03-271-4/+4
| |
* | NEWS: Fix LoC and release date.Matthias Andree2021-03-271-1/+1
| |
* | Record what's in the 6.4.18 tarball.Matthias Andree2021-03-271-1/+1
| |
* | Prepare for 6.4.18.Matthias Andree2021-03-272-4/+7
| |
* | Update <fi> Finnish translation to fetchmail 6.4.16-rc1Lauri Nurmi2021-03-271-1279/+1767
|/
* Freeze 6.4.18-rc1.Matthias Andree2021-03-1320-15407/+8819
|