aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix --logfile and message truncation issue.Matthias Andree2021-08-092-1/+20
| | | | | | | | | | | | | | | | | Regression in 6.4.20's security fix (Git commit c546c829). We doubly incremented partial_message_size_used on modern systems (stdard.h/vsnprintf), once in report_vbuild() and then again in report_build(), so the 2nd and subsequent report_build() fragments landed too late in the buffer. This will not cause overruns due to the reallocation prior to the vsnprintf/sprintf, but it write starts behind the '\0' byte, instead of right over it, so the string also gets truncated to the first fragment written with report_vbuild(). Fix by moving the increment back into the #else...#endif part that does not use report_vbuild(). Reported by: Jürgen Edner, Erik Christiansen
* fetchmail-SA-2021-01.txt: Replace copy by symlinkMatthias Andree2021-08-031-119/+1
| | | | for website, for consistency with other fetchmail security announcements
* update fetchmail-SA-2021-01Matthias Andree2021-08-031-40/+51
| | | | and reference fetchmail-SA-2008-01/CVE-2008-2711
* website: ext. link updates for openssh, getmail6Matthias Andree2021-08-031-2/+4
|
* Update website for 6.5.0.beta4 release.Matthias Andree2021-08-033-13/+141
|
* update Git commit hash for CVE-2021-36386 correctionMatthias Andree2021-07-281-15/+16
|
* fetchmail-SA-2021-01: GnuPG clearsign.Matthias Andree2021-07-281-0/+19
|
* Get ready for 6.4.20.Matthias Andree2021-07-284-6/+6
|
* Add fetchmail-SA-2021-01.txt. CVE-2021-36386.Matthias Andree2021-07-282-0/+100
|
* Fix SIGSEGV when resizing report*() buffer.Matthias Andree2021-07-282-61/+95
| | | | | | | | | | | | | | Reported (with a different patch suggestion) by Christian Herdtweck <christian.herdtweck@intra2net.com>. Note that vsnprintf() calls va_arg(), and depending on operating system, compiler, configuration, this will invalidate the va_list argument pointer, so that va_start has to be called again before a subsequent vsnprintf(). However, it is better to do away with the loop and the trial-and-error, and leverage the return value of vsnprintf instead for a direct one-off resizing, whilst taking into account that on SUSv2 systems, the return value can be useless if the size argument to vsnprintf is 0.
* website: Announce 6.5.0-beta3.Matthias Andree2021-04-241-3/+3
|
* Announce 6.4.19 on website.Matthias Andree2021-04-241-4/+4
|
* Checkin what's in the 6.4.19 tarballs.Matthias Andree2021-04-242-771/+527
|
* Get ready for 6.4.19.Matthias Andree2021-04-243-3/+3
|
* fetchmailconf: properly catch and report option parsing errorsMatthias Andree2021-04-242-10/+27
|
* NEWS: credit Miroslav Nikolić for updating translation.Matthias Andree2021-03-311-0/+4
|
* Update <sr> Serbian translation to fetchmail-6.4.16-rc1Мирослав Николић2021-03-311-451/+723
|
* fetchmail.c: LMTP don't validate "port" on UNIX-domain socketsMatthias Andree2021-03-292-3/+11
| | | | | | (those with a file path). Closes: #33
* Update K6 again and format in <code> tags.Matthias Andree2021-03-291-4/+7
|
* Improve SSL/TLS documentation, and rearrange manualMatthias Andree2021-03-293-92/+113
| | | | | Move SSL subsection up under AUTHENTICATION and ENCRYPTION, where it belongs.
* Merge remote-tracking branch 'origin/legacy_64' into legacy_64Matthias Andree2021-03-271-1/+1
|\ | | | | | | | | * origin/legacy_64: COPYING: fix typo
| * COPYING: fix typoMatthias Andree2021-03-251-1/+1
| |
* | website: Announce 6.4.18Matthias Andree2021-03-271-4/+4
| |
* | NEWS: Fix LoC and release date.Matthias Andree2021-03-271-1/+1
| |
* | Record what's in the 6.4.18 tarball.Matthias Andree2021-03-271-1/+1
| |
* | Prepare for 6.4.18.Matthias Andree2021-03-272-4/+7
| |
* | Update <fi> Finnish translation to fetchmail 6.4.16-rc1Lauri Nurmi2021-03-271-1279/+1767
|/
* Freeze 6.4.18-rc1.Matthias Andree2021-03-1320-15407/+8819
|
* Bump version to 6.4.18-rc1.Matthias Andree2021-03-131-2/+2
|
* socket.c: SSL_use_PrivateKey_file <- SSL_use_RSAPrivateKey_file,Matthias Andree2021-03-132-2/+5
| | | | | the latter is deprecated in OpenSSL 3, and the user might use some other key than RSA.
* OpenSSL: permit deprecated features,Matthias Andree2021-03-132-1/+7
| | | | to avoid compatibility issues with new OpenSSL versions later on.
* fetchmail.man: add missing word (minor change).Matthias Andree2021-03-131-2/+2
|
* .gitignore push.shMatthias Andree2021-03-131-0/+1
|
* Shorten some user setting texts to avoid truncation.Matthias Andree2021-03-131-2/+2
|
* Mention fetchmailconf regression fix.Matthias Andree2021-03-131-0/+13
|
* fetchmailconf: robustness fixesMatthias Andree2021-03-131-13/+22
| | | | | Make sure fetchmailconf -V can complete without finding fetchmail or Tkinter. Make sure fetchmailconf -d can complete without Tkinter.
* fetchmailconf: Add sslcertfile to typemap.Matthias Andree2021-03-131-0/+1
|
* tls-aux.c: Fix comments.Matthias Andree2021-03-071-7/+6
|
* fixupMatthias Andree2021-03-071-4/+4
|
* website: update NEWS for 6.4.17 release.Matthias Andree2021-03-071-4/+4
|
* Record po state for 6.4.17.Matthias Andree2021-03-0720-8605/+14942
|
* Prepare 6.4.17 release.Matthias Andree2021-03-071-1/+1
|
* getstats.py: count *.py files, tooMatthias Andree2021-03-072-1/+2
|
* NEWS: mention fetchmailconf's printing Python version.Matthias Andree2021-03-071-0/+1
|
* fetchmailconf.py: Bump version and copyright.Matthias Andree2021-03-071-2/+2
|
* fetchmailconf --version: print Python version, too.Matthias Andree2021-03-071-0/+1
|
* Mention pkg-config needed.Matthias Andree2021-03-071-1/+2
| | | | | if pkg-config is missing, auto(re)conf emits misleading error messages.
* socket.c clean up code duplication.Matthias Andree2021-02-271-2/+2
|
* imap.c revise comment on timeout memory leak if auto (non-static) password ↵Matthias Andree2021-02-141-1/+1
| | | | buffer is used for LOGIN
* imap.c: fix memory leak in timeout situation for LOGIN authMatthias Andree2021-02-142-3/+9
| | | | | ...which uses siglongjmp() so that gen_transact() will not return. Note, just in case, this uses local static buffers and is not thread-safe.