aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix: combination of --plugin and -f - failsAlexander Zangerl2012-09-031-1/+2
| | | | | | | | | | | | | | | | | | | | | | scenario: you want to remote-control fetchmail, but you don't want to write passwords into files, so you feed fetchmail a minimal rcfile via stdin with -f -. this by itself works fine. if you also want or need to use a --plugin (eg. socat for socks), then things fail badly: the plugin is run without a stdin fd, hence can't take input from fetchmail, lots of fun ensues. plugins without -f - work fine, it's just the combination that fails. explanation: the root cause is rcfile_y.y, line 493, which closes whatever fd carried the rcfile. with -f - this closes fetchmail's stdin - and so far that's unproblematic. however, in socket.c lines 166ff things go wrong: fetchmail sets up the plugin with a socketpair, which will likely include the first unused fd - and fd zero is now indeed unused. in line 180ff a dup2 replumbing from "that fd" (=zero) to zero is performed - and then "that fd" is closed. and hey presto, we've got no fd zero = stdin for the plugin. solution: the simplest solution (patch attached) is to make the fclose of the rcfile conditional, ie. don't close if it's stdin. in the long run the dup2+close code might be made more robust by not doing a dup2+close if fd[0] is already 0 or 1.
* Note Earl's regression fix for SSL_CTX_clear_options() on older OpenSSL.Matthias Andree2012-09-031-0/+9
|
* Clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS without SSL_CTX_clear_options()Earl Chew2012-09-031-3/+4
| | | | | | | | | | | | A patch to clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS was added recently: http://gitorious.org/fetchmail/fetchmail/commit/48809c5b9f6c9081f4031fa938dd63b060c18a4b?format=patch Older implementations of OpenSSL do not support SSL_CTX_clear_options(). This patch reworks the previous change to avoid the use of SL_CTX_clear_options() and instead clears the corresponding bit in SSL_OP_ALL before calling SSL_CTX_set_options().
* Update security info on web site.Matthias Andree2012-08-303-1/+15
|
* Update copyright and SecAnn' version.Matthias Andree2012-08-303-7/+7
|
* Update.Matthias Andree2012-08-291-4/+4
|
* Get ready for 6.3.22 release.Matthias Andree2012-08-2921-2086/+2100
|
* Update translations and NEWS.Matthias Andree2012-08-204-998/+1194
|
* Warn if SSL is disabled, suggest --with-ssl.Matthias Andree2012-08-172-1/+5
|
* Fix installation when PYTHON is enabled.Matthias Andree2012-08-172-7/+4
| | | | | | The Python-related Makefile.am parts were simplified to avoid an automake 1.11.X bug around noinst_PYTHON, Automake Bug #10995. http://lists.gnu.org/archive/html/automake-patches/2012-03/txtbYNp7SPawU.txt
* GSSAPI build fix.Matthias Andree2012-08-153-6/+19
| | | | | | The GSSAPI-related autoconf code now matches gssapi.c better, and uses a different check to look for GSS_C_NT_HOSTBASED_SERVICE. This fixes the GSSAPI-enabled build on NetBSD 6 Beta.
* Update translations.Matthias Andree2012-08-154-483/+517
|
* Correct title/topic, remove dates (6.3.22 isn't out yet), and re-sign.Matthias Andree2012-08-151-9/+9
|
* Fix compiler warnings.Matthias Andree2012-08-141-4/+8
|
* Fix compiler aliasing warning.Matthias Andree2012-08-142-16/+19
|
* Fix length argument to memset().Matthias Andree2012-08-141-1/+1
|
* Validate NTLM challenge fields.Matthias Andree2012-08-144-18/+47
| | | | | This is to avoid reading from bad locations, and possibly conveying confidential data. Credit to Nico Golde.
* Add CVE-Id and sign.Matthias Andree2012-08-141-1/+12
|
* rewordMatthias Andree2012-08-131-2/+3
|
* Add new Swedish translation, by Göran Uddeborg.Matthias Andree2012-08-133-1/+3182
|
* Fix advisory no. in header.Matthias Andree2012-08-131-1/+1
|
* Reformat, inserting blank line.Matthias Andree2012-08-131-0/+1
|
* Document fix for NTLM crash, + Security advisory (draft).Matthias Andree2012-08-133-1/+109
|
* Update German translation.Matthias Andree2012-08-131-84/+93
|
* Fix crash: Handle invalid base64 in NTLM challenge.Matthias Andree2012-08-131-1/+8
| | | | | | | | | | | | | | Some servers, for instance the MS Exchange servers deployed by the US-American National Aeronautics and Space Administration (NASA), aborted the NTLM protocol exchange after receiving the initial request. Fetchmail did not detect that there was an error message, rather than NTLM protocol exchange, and caught a segmentation fault while reading from a bad location. Detect base64 decoding errors, and return PS_AUTHFAIL in this case. Reported by J[ames] Porter Clark.
* Document license change in CHANGES.Matthias Andree2012-08-021-1/+5
|
* Properly erase MD5Context in MD5Final.Matthias Andree2012-05-311-1/+1
| | | | Found by clang.
* fetchmail workaround for a bug in Microsoft ExchangeSunil Shetye2012-05-104-4/+31
| | | | | | | treat missing header in response to a FETCH command as a transient error (Reported by John Connett) if there are too many transient errors, log it.
* Relicense security/errata notices as CC BY-ND 3.0.Matthias Andree2012-05-0315-136/+232
| | | | Removing the NC/noncommercial clause, to ease redistribution.
* Add fetchmail-SA-2012-01.txt.Matthias Andree2012-05-032-0/+112
|
* Bump version to 6.3.22.Matthias Andree2012-05-032-3/+3
|
* Fix CVE-2011-3389 by clearing SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS...Matthias Andree2012-05-033-3/+42
| | | | | | | ...from SSL options, unless FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE is a non-empty environment variable. Suggested by Apple.
* Validate XHTML 1.0 stuff even when skipping 1.1.Matthias Andree2012-04-013-10/+31
|
* Mention Zimbra FETCH () workaround by Mikulas PatockaMatthias Andree2011-11-221-0/+5
|
* fetchmail workaround for a bug in ZimbraMikulas Patocka2011-11-221-1/+2
| | | | | | | | | | | | | | | | | Zimbra occasionally returns this response: fetchmail: IMAP> A0007 FETCH 1 RFC822.HEADER fetchmail: IMAP< * 1 FETCH () fetchmail: IMAP< A0007 OK FETCH completed It happens when there is a corrupted message without a header in the database. (I don't know how this message could be created, I just see it there). When fetchmail encounters such resonse, it gives up and disconnects. This patch changes it so that PS_TRANSIENT is returned in this case and fetchmail continues to fetch following messages correctly.
* Fix build on SSLv2-disabled OpenSSL setupsMatthias Andree2011-10-264-1/+19
| | | | | | | | On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to fix the build) and print a run-time error that the OS does not support SSLv2. Fixes Debian Bug #622054, but note that that bug report has a more thorough patch that does away with SSLv2 altogether.
* Mention that user@server must be unique.Matthias Andree2011-09-061-1/+5
|
* Add items.Matthias Andree2011-09-061-0/+4
|
* Print Server certificate: banner on stdout rather than stderr.Matthias Andree2011-08-302-1/+6
| | | | Reported by Henry Jensen, fixes Debian Bug #639807.
* Update website for 6.3.21.Matthias Andree2011-08-211-5/+5
|
* Import translations.Matthias Andree2011-08-2122-74/+75
|
* Bump version to 6.3.21, mark release date.Matthias Andree2011-08-213-3/+3
|
* Mention rawlog.patch in NEWS.Matthias Andree2011-08-211-0/+5
|
* Drop obsolete file TODO-6.3.20.Matthias Andree2011-08-211-11/+0
|
* Critical fix: don't embed NUL in unterminated last IMAP line.Matthias Andree2011-08-212-0/+20
| | | | Found by Antoine Levitt.
* Revert SO_???TIMEO-based STARTTLS timeout handling.Matthias Andree2011-08-211-0/+11
| | | | | | | | | | | | | | This reverts commits 47c05b10018f5ec7493e4bd9f521aaa18d96f1e2 and 72ce8bce8dd655b6aefa33d0a74e883dad5202b5, the code isn't portable, for instance, Solaris does not support SO_RCVTIMEO/SO_SNDTIMEO. These socket-level options are known, but Solaris returns EAFNOSUPPORT. Reported by Jonathan Buschmann. Conflicts: NEWS socket.c
* Add rawlog.patch.Matthias Andree2011-08-211-0/+114
|
* Drop vendor-sec@lst.de, defunct.Matthias Andree2011-08-161-2/+1
|
* Remove redundant double A_OTP check.Thomas Jarosch2011-08-021-2/+0
|
* Fix function signature to match prototype.Matthias Andree2011-06-171-1/+1
| | | | Found by Lars Hecking.