aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove obsolete "OpenSSL default fingerprint is MD5" claim.Matthias Andree2013-03-062-4/+7
| | | | | | | The fetchmail manual page no longer claims that MD5 were the default OpenSSL hash format (for use with --sslfingerprint). Reported by Jakob Wilk, PARTIAL fix for Debian Bug#700266.
* Add Esperanto translation.Matthias Andree2013-02-193-1/+3208
|
* Update German translation.Matthias Andree2013-02-191-85/+80
|
* Bump copyright.Matthias Andree2013-02-192-4/+4
|
* Credit John Beck's fixes.Matthias Andree2013-02-181-0/+7
|
* Minor bug fixes for socket.cJohn Beck2013-02-181-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While running a static code analysis tool (Parfait) on fetchmail, it found some bugs: Error: Memory leak (CWE 401) Memory leak of pointer 'plugin_copy' allocated with malloc((plugin_copy_len + 1)) at line 137 of components/fetchmail/fetchmail-6.3.22/socket.c in function 'parse_plugin'. 'plugin_copy' allocated at line 107 with malloc((plugin_copy_len + 1)). plugin_copy leaks when plugin_copy_offset >= plugin_copy_len at line 114. Error: Null pointer dereference (CWE 476) Read from null pointer 'argvec' at line 189 of components/fetchmail/fetchmail-6.3.22/socket.c in function 'handle_plugin'. Function 'parse_plugin' may return constant 'NULL' at line 137, called at line 188. Null pointer introduced at line 137 in function 'parse_plugin'. at line 190 of components/fetchmail/fetchmail-6.3.22/socket.c in function 'handle_plugin'. Function 'parse_plugin' may return constant 'NULL' at line 137, called at line 188. Null pointer introduced at line 137 in function 'parse_plugin'. (I realize these are on 6.3.22; I checked and verified that this portion of the code is the same in 6.3.24.) The attached patch fixes each of these. (Note by Matthias Andree: The NULL pointer dereference fix does not require error reporting, because parse_plugin() will already have reported the out-of-memory error that causes the NULL to be returned.)
* Improve X.509 certificate validation reporting.Matthias Andree2013-02-062-13/+50
| | | | | | | | | * Improved reporting when SSL/TLS X.509 certificate validation has failed, working around a not-so-recent swapping of two OpenSSL error codes, and a practical impossibility to distinguish broken certification chains from missing trust anchors (root certificates). * OpenSSL decoded errors are now reported through report(), rather than dumped to stderr, so that they should show up in logfiles and/or syslog.
* UpdateMatthias Andree2013-02-031-1/+1
|
* Bump version.Matthias Andree2013-02-032-2/+2
|
* Ignore Netbeans data.Matthias Andree2013-02-031-0/+1
|
* Work around systems returning obsolete EAI_NODATA.Matthias Andree2013-02-032-0/+23
| | | | | | | | | | | | Older systems that provide the older RFC-2553 implementation of getaddrinfo, rather than the current RFC-3493, and systems that do not provide this getaddrinfo() interface at all and thus use the replacement functions from libesmtp/getaddrinfo.?, might return EAI_NODATA when a host is registered in DNS as MX or similar, but without A or AAAA records. Handle this situation when checking for multidrop aliases and treat EAI_NODATA the same as EAI_NONAME, i. e. name cannot be resolved. The proper fix, however, is to upgrade the operating system.
* Make compatible with FreeBSD.Matthias Andree2013-02-031-0/+2
|
* Add new gai.c debug source.Matthias Andree2013-02-032-0/+47
|
* Let distcheck call configure --with-ssl.Matthias Andree2013-01-041-0/+3
|
* Update website for 6.3.24.Matthias Andree2012-12-231-8/+7
|
* Sign .xz; upload to sf.net; upload .xz to local site.Matthias Andree2012-12-231-3/+25
|
* Update for 6.3.24 release.Matthias Andree2012-12-2323-4738/+4738
|
* Remove LSM-related stuff from the distribution.Matthias Andree2012-12-237-48/+6
| | | | | | | IBiblio no longer accepts submissions, and considers itself an archive. There is no point in our carrying forward any related material, if needed for reference purposes, it can be fetched from older versions in the Git repository.
* Fix version to 6.3.0.Matthias Andree2012-12-141-1/+1
|
* Complete Dominik's name.Matthias Andree2012-12-141-1/+2
|
* Plug a memory leak in OpenSSL's certificate verification callback.Matthias Andree2012-12-132-2/+10
| | | | | | | | | | | This would affect fetchmail configurations running with SSL in daemon mode more than one-shot runs. Reported by Erik Thiele, and pinned by Dominik, Debian Bug #688015. This bug was introduced into fetchmail 6.2.9 (committed 2005-10-29) when support for subjectAltName was added through a patch by Roland Stigge, submitted as Debian Bug#201113.
* Repair --logfile regression of 6.3.23,Matthias Andree2012-12-134-30/+40
| | | | reported by Heinz Diehl.
* Update for new release.Matthias Andree2012-12-101-9/+9
|
* Release 6.3.23.Matthias Andree2012-12-1025-3314/+3666
|
* Pull in translation updates for 6.3.23,Matthias Andree2012-12-108-1740/+1895
| | | | dubbed 6.3.22.2 for translation purposes.
* Move forward to prepare a 6.3.23 release and request translation.Matthias Andree2012-12-053-3/+8
|
* Update German translation.Matthias Andree2012-12-051-225/+246
|
* Fix typo in R15, and clarify.Matthias Andree2012-11-061-4/+5
|
* Fix typo repsonsible -> responsible.Matthias Andree2012-11-061-1/+1
|
* Make Maillennium POP3 workarounds less specific,Matthias Andree2012-10-142-2/+7
| | | | | to encompass Maillennium POP3/UNIBOX (Maillennium V05.00c++). Reported by Eddie via fetchmail-users mailing list, 2012-10-13.
* Clean up logfile vs. syslog handling.Matthias Andree2012-09-233-14/+48
| | | | | In case logfile overrides syslog, send a message to the latter stating where logging goes. Also revise manual page.
* fix another typo, point one URL to CVE.Matthias Andree2012-09-041-2/+6
|
* Fix typo in CVE URLs that rendered two new links useless.Matthias Andree2012-09-041-2/+2
|
* Obsoletion warning.Matthias Andree2012-09-031-0/+5
|
* Mention Alexander's fix for -f - with --plugin.Matthias Andree2012-09-031-0/+4
|
* Fix: combination of --plugin and -f - failsAlexander Zangerl2012-09-031-1/+2
| | | | | | | | | | | | | | | | | | | | | | scenario: you want to remote-control fetchmail, but you don't want to write passwords into files, so you feed fetchmail a minimal rcfile via stdin with -f -. this by itself works fine. if you also want or need to use a --plugin (eg. socat for socks), then things fail badly: the plugin is run without a stdin fd, hence can't take input from fetchmail, lots of fun ensues. plugins without -f - work fine, it's just the combination that fails. explanation: the root cause is rcfile_y.y, line 493, which closes whatever fd carried the rcfile. with -f - this closes fetchmail's stdin - and so far that's unproblematic. however, in socket.c lines 166ff things go wrong: fetchmail sets up the plugin with a socketpair, which will likely include the first unused fd - and fd zero is now indeed unused. in line 180ff a dup2 replumbing from "that fd" (=zero) to zero is performed - and then "that fd" is closed. and hey presto, we've got no fd zero = stdin for the plugin. solution: the simplest solution (patch attached) is to make the fclose of the rcfile conditional, ie. don't close if it's stdin. in the long run the dup2+close code might be made more robust by not doing a dup2+close if fd[0] is already 0 or 1.
* Note Earl's regression fix for SSL_CTX_clear_options() on older OpenSSL.Matthias Andree2012-09-031-0/+9
|
* Clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS without SSL_CTX_clear_options()Earl Chew2012-09-031-3/+4
| | | | | | | | | | | | A patch to clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS was added recently: http://gitorious.org/fetchmail/fetchmail/commit/48809c5b9f6c9081f4031fa938dd63b060c18a4b?format=patch Older implementations of OpenSSL do not support SSL_CTX_clear_options(). This patch reworks the previous change to avoid the use of SL_CTX_clear_options() and instead clears the corresponding bit in SSL_OP_ALL before calling SSL_CTX_set_options().
* Update security info on web site.Matthias Andree2012-08-303-1/+15
|
* Update copyright and SecAnn' version.Matthias Andree2012-08-303-7/+7
|
* Update.Matthias Andree2012-08-291-4/+4
|
* Get ready for 6.3.22 release.Matthias Andree2012-08-2921-2086/+2100
|
* Update translations and NEWS.Matthias Andree2012-08-204-998/+1194
|
* Warn if SSL is disabled, suggest --with-ssl.Matthias Andree2012-08-172-1/+5
|
* Fix installation when PYTHON is enabled.Matthias Andree2012-08-172-7/+4
| | | | | | The Python-related Makefile.am parts were simplified to avoid an automake 1.11.X bug around noinst_PYTHON, Automake Bug #10995. http://lists.gnu.org/archive/html/automake-patches/2012-03/txtbYNp7SPawU.txt
* GSSAPI build fix.Matthias Andree2012-08-153-6/+19
| | | | | | The GSSAPI-related autoconf code now matches gssapi.c better, and uses a different check to look for GSS_C_NT_HOSTBASED_SERVICE. This fixes the GSSAPI-enabled build on NetBSD 6 Beta.
* Update translations.Matthias Andree2012-08-154-483/+517
|
* Correct title/topic, remove dates (6.3.22 isn't out yet), and re-sign.Matthias Andree2012-08-151-9/+9
|
* Fix compiler warnings.Matthias Andree2012-08-141-4/+8
|
* Fix compiler aliasing warning.Matthias Andree2012-08-142-16/+19
|