aboutsummaryrefslogtreecommitdiffstats
path: root/NEWS
Commit message (Collapse)AuthorAgeFilesLines
* Validate NTLM challenge fields.Matthias Andree2012-08-141-3/+7
| | | | | This is to avoid reading from bad locations, and possibly conveying confidential data. Credit to Nico Golde.
* Add new Swedish translation, by Göran Uddeborg.Matthias Andree2012-08-131-0/+3
|
* Reformat, inserting blank line.Matthias Andree2012-08-131-0/+1
|
* Document fix for NTLM crash, + Security advisory (draft).Matthias Andree2012-08-131-1/+8
|
* Document license change in CHANGES.Matthias Andree2012-08-021-1/+5
|
* fetchmail workaround for a bug in Microsoft ExchangeSunil Shetye2012-05-101-0/+5
| | | | | | | treat missing header in response to a FETCH command as a transient error (Reported by John Connett) if there are too many transient errors, log it.
* Fix CVE-2011-3389 by clearing SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS...Matthias Andree2012-05-031-3/+26
| | | | | | | ...from SSL options, unless FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE is a non-empty environment variable. Suggested by Apple.
* Mention Zimbra FETCH () workaround by Mikulas PatockaMatthias Andree2011-11-221-0/+5
|
* Fix build on SSLv2-disabled OpenSSL setupsMatthias Andree2011-10-261-0/+7
| | | | | | | | On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to fix the build) and print a run-time error that the OS does not support SSLv2. Fixes Debian Bug #622054, but note that that bug report has a more thorough patch that does away with SSLv2 altogether.
* Print Server certificate: banner on stdout rather than stderr.Matthias Andree2011-08-301-0/+5
| | | | Reported by Henry Jensen, fixes Debian Bug #639807.
* Bump version to 6.3.21, mark release date.Matthias Andree2011-08-211-1/+1
|
* Mention rawlog.patch in NEWS.Matthias Andree2011-08-211-0/+5
|
* Critical fix: don't embed NUL in unterminated last IMAP line.Matthias Andree2011-08-211-0/+12
| | | | Found by Antoine Levitt.
* Finish for release.Matthias Andree2011-06-061-1/+1
|
* Merge branch 'common-6x' into legacy_63Matthias Andree2011-05-311-1/+2
|\ | | | | | | | | | | Conflicts: NEWS fetchmail-SA-2011-01.txt
| * Add CVE name.Matthias Andree2011-05-311-1/+2
| |
| * Add fetchmail-SA-2011-01.txtMatthias Andree2011-05-311-0/+1
| |
| * Drop FETCHMAIL_IMAP_DELETED_REMAINS_UNSEEN dud again.Matthias Andree2011-05-261-3/+0
| |
| * Update NEWS, mention STARTTLS timeout fix, ...Matthias Andree2011-05-261-15/+24
| | | | | | | | | | Swap bug fixes and changes. Mark Czech/French/German/Polish translations updated. Mark strlen() optimization as a change, rather than a bug fix.
* | Add fetchmail-SA-2011-01.txtMatthias Andree2011-05-301-0/+1
| |
* | Move 'KNOWN BUGS AND WORKAROUNDS' section up.Matthias Andree2011-05-301-20/+20
| |
* | Get 6.3.20 change documentation fit for release.Matthias Andree2011-05-291-12/+15
| |
* | Drop FETCHMAIL_IMAP_DELETED_REMAINS_UNSEEN dud again.Matthias Andree2011-05-261-3/+0
| |
* | Update NEWS, mention STARTTLS timeout fix, ...Matthias Andree2011-05-261-11/+24
| | | | | | | | | | Swap bug fixes and changes. Mark Czech/French/German/Polish translations updated. Mark strlen() optimization as a change, rather than a bug fix.
* | Revert SO_???TIMEO-based STARTTLS timeout handling.Matthias Andree2011-05-261-8/+0
| | | | | | | | | | | | | | | | | | This reverts commits 47c05b10018f5ec7493e4bd9f521aaa18d96f1e2 and 72ce8bce8dd655b6aefa33d0a74e883dad5202b5, the code isn't portable, for instance, Solaris does not support SO_RCVTIMEO/SO_SNDTIMEO. These socket-level options are known, but Solaris returns EAFNOSUPPORT. Reported by Jonathan Buschmann.
* | Fix socket timeout handling.Matthias Andree2011-05-221-0/+8
| | | | | | | | Fixes STARTTLS hangs reported by Thomas Jarosch.
* | Reinstate SSLv2 support on legacy_63 branch.Matthias Andree2011-05-171-4/+0
|/ | | | | Revert "Remove support for SSLv2 (fixes Debian Bug #622054)." This reverts commit c22a3afca46c83ee6d53a6ee58deb122f309c460.
* Mention impending SSLv2 removal.Matthias Andree2011-05-171-0/+2
|
* SockOpen(): set SO_KEEPALIVE.Matthias Andree2011-05-131-0/+3
|
* Do not print "skipping message" for old messages even in verbose mode.Sunil Shetye2011-05-111-0/+3
|
* Do not search for UNSEEN messages in ranges.Sunil Shetye2011-05-041-0/+4
| | | | | | | | | | Add gen_recv_split() to split long protocol messages when the message prefix matches Order of search commands: IMAP> A010 SEARCH UNSEEN UNDELETED (IMAP4 or higher) IMAP> A011 SEARCH UNSEEN IMAP> A012 FETCH 1:n FLAGS
* Add FETCHMAIL_IMAP_DELETED_REMAINS_UNSEEN env' var.Matthias Andree2011-05-031-0/+3
| | | | | Requested by Jonathan Buschmann, to suppress read-notifications on servers such as MS Exchange or HP OpenMail.
* Call strlen() only once when removing CRLF from a lineSunil Shetye2011-05-031-0/+3
|
* Remove support for SSLv2 (fixes Debian Bug #622054).Matthias Andree2011-04-111-0/+4
| | | | | | | | | | | | | SSLv2 has been deprecated since 1996, and is insecure. Remove --sslproto SSL2 support. Set SSL_OP_NO_SSLvSSL_CTX 2 option so that the SSLv23 multi-version client no longer negotiates SSLv2. Note that some distributions (such as Debian) build OpenSSL 1.0.0 without SSLv2 support, so on those, the build would fail. Fixes Debian Bug #622054 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622054
* Unconditionally use our own MD5 code. Gets linked only as needed.Matthias Andree2010-12-141-1/+6
|
* Update Japanese translation, courtesy of Takeshi Hamasaki.Matthias Andree2010-12-111-0/+6
|
* Get ready for 6.3.19 release.Matthias Andree2010-12-101-1/+1
|
* Hack: support quoted string in imap_fetch_body()Matthias Andree2010-12-101-0/+3
| | | | | This is seen on Yahoo in * 123 FETCH (BODY[TEXT] ""), reported by Yasin Malli.
* Import first translation updates: cs fr it pl.Matthias Andree2010-12-091-3/+10
|
* Add configuration hint to STLS/STARTTLS change.Matthias Andree2010-11-191-1/+2
|
* Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory ignoring server ↵Sunil Shetye2010-11-191-0/+2
| | | | capabilities
* Demote GSSAPI verbose/debug syslog to INFO severity.Matthias Andree2010-11-121-0/+2
| | | | Requested by Carlos E. R. and Derek Simkowiak via fetchmail-users@.
* Distinguish between server not advertising TLS capability and server failing ↵Sunil Shetye2010-11-101-0/+1
| | | | | | during upgradation to TLS. Send a NOOP only after a failed STARTTLS in IMAP.
* Document XHTML 1.1 issue and workaround for 6.3.18.Matthias Andree2010-11-091-0/+6
|
* The manual page now links to IANA for GSSAPI service names.Matthias Andree2010-10-221-0/+3
|
* Fix "antispam does not work"Sunil Shetye2010-10-211-0/+2
| | | | | | | | This appears to be similar to the recent --nosoftbounce and --nobounce issue where command line options are not handled exactly the same way as the rcfile parser handles them. Reported by Kees Bakker, BerliOS bug #17599.
* Mention reporter confirmed fix of GSSAPI issue.Matthias Andree2010-10-191-1/+1
|
* Add fetchmail-EN-2010-03 (erratum notice).Matthias Andree2010-10-161-0/+4
|
* Multidrop: Do not lose wildcard flag, allow asterisk anywhere.Matthias Andree2010-10-121-20/+31
|
* Add release date.Matthias Andree2010-10-101-1/+1
|