aboutsummaryrefslogtreecommitdiffstats
path: root/NEWS
Commit message (Collapse)AuthorAgeFilesLines
* Enable --sslcertck by default.Matthias Andree2015-11-151-8/+15
| | | | | | | | | | There are no sslcertck (rcfile) and --nosslcertck (command line) options that can be combined with [--]sslfingerprint if so desired. The documentation is deliberately not updated everywhere, so that recommendations to use --sslcertck stand, this is for the benefit of users that read fetchmail v6.4.0 manuals to configure a fetchmail v6.3.X implementation.
* Mark Debian Bug #804604 as fixed.Matthias Andree2015-11-151-1/+1
|
* Update documentation.Matthias Andree2015-04-111-1/+1
|
* Detect/report server hang-up in SSL_connect().Matthias Andree2015-04-081-1/+4
| | | | | | This condition does not leave traces in the SSL error queue, and must be checked explicitly. Result from debugging Jerry Seibert's issue with outlook.com/pop3.live.com.
* TLS overhaul, bumping version to 6.4Matthias Andree2015-01-261-9/+29
| | | | | | | | | | | | | | | Removes SSLv2, enables TLSv1.1 and v1.2 more easily, permits SSLv3 (only if specified) and newer TLSv1.1+ for STLS/STARTTLS. Only negotiates TLSv1 and newer by default, SSLv3 must now be specified explicitly, as a consequence of the POODLE attack. This is meant to be a minimally upgraded version, and cannot be usefully done as a 6.3.X release. It is strongly recommended that users review their configuration - especially --sslproto - per instructions in the NEWS file and manual page. It has changed semantics and in many cases --sslproto auto or perhaps --sslproto tls1.2+ should be used now.
* Also recognize OPENSSL_NO_SSLx.Matthias Andree2015-01-161-2/+5
| | | | | These are the macros OpenSSL defines when configured with no-ssl2 or no-ssl3, the actual macro names are OPENSSL_NO_SSL2 and OPENSSL_NO_SSL3.
* Permit build on SSLv3-disabled OpenSSL,Matthias Andree2015-01-161-0/+6
| | | | | | | providing that these also omit the declaration of SSLv3_client_method(). Related to Debian Bug#775255. Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method(). Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method().
* More warnings on idle vs. multiple mailboxes.Matthias Andree2014-11-221-0/+3
| | | | In response to Jeremy Chadwick's trouble 2014-11-19, fetchmail-users.
* Error out if user combines --idle with multiple mailboxes.Matthias Andree2014-11-221-0/+2
|
* Convert most references from berlios.de to sourceforge.net.Matthias Andree2014-05-211-0/+1
| | | | Re-sign EN and SAs because that broke signatures.
* Do not translate header tags such as "Subject:".Matthias Andree2014-05-201-19/+21
| | | | Reported by Gonzalo Pérez de Olaguer Córdoba, Debian Bug#744907.
* Fix typo in 'you could [end] up' in FAQ.Matthias Andree2013-05-111-0/+6
| | | | Fixes Debian Bug#706776, submitted by David Lawyer.
* Mark release date.Matthias Andree2013-04-231-21/+25
|
* Update info on the mimedecode fix.Matthias Andree2013-04-231-9/+14
|
* Fix mimedecode last-line omission.Matthias Andree2013-04-231-0/+8
| | | | | | | | | | | | The mimedecode feature failed to ship the last line of the body if it was encoded as quoted-printable and had a MIME soft line break in the very last line. Reported by Lars Hecking in June 2011. Bug introduced on 1998-03-20 when the mimedecode support was added by ESR before release 4.4.1 through code contributed by Henrik Storner, in driver.c. Workaround for older releases: do not use mimedecode feature.
* Prepare 6.3.25 release.Matthias Andree2013-03-191-1/+1
|
* Update current translation state as of 2013-03-18Matthias Andree2013-03-191-27/+30
|
* Make SMTP error handling point to --softbounce.Matthias Andree2013-03-071-0/+2
| | | | | The fetchmail manual page now refers the user to --softbounce from the SMTP/ESMTP ERROR HANDLING section. Reported by Anton Shterenlikht.
* Remove obsolete "OpenSSL default fingerprint is MD5" claim.Matthias Andree2013-03-061-0/+3
| | | | | | | The fetchmail manual page no longer claims that MD5 were the default OpenSSL hash format (for use with --sslfingerprint). Reported by Jakob Wilk, PARTIAL fix for Debian Bug#700266.
* Add Esperanto translation.Matthias Andree2013-02-191-0/+3
|
* Credit John Beck's fixes.Matthias Andree2013-02-181-0/+7
|
* Improve X.509 certificate validation reporting.Matthias Andree2013-02-061-0/+8
| | | | | | | | | * Improved reporting when SSL/TLS X.509 certificate validation has failed, working around a not-so-recent swapping of two OpenSSL error codes, and a practical impossibility to distinguish broken certification chains from missing trust anchors (root certificates). * OpenSSL decoded errors are now reported through report(), rather than dumped to stderr, so that they should show up in logfiles and/or syslog.
* Work around systems returning obsolete EAI_NODATA.Matthias Andree2013-02-031-0/+14
| | | | | | | | | | | | Older systems that provide the older RFC-2553 implementation of getaddrinfo, rather than the current RFC-3493, and systems that do not provide this getaddrinfo() interface at all and thus use the replacement functions from libesmtp/getaddrinfo.?, might return EAI_NODATA when a host is registered in DNS as MX or similar, but without A or AAAA records. Handle this situation when checking for multidrop aliases and treat EAI_NODATA the same as EAI_NONAME, i. e. name cannot be resolved. The proper fix, however, is to upgrade the operating system.
* Remove LSM-related stuff from the distribution.Matthias Andree2012-12-231-1/+4
| | | | | | | IBiblio no longer accepts submissions, and considers itself an archive. There is no point in our carrying forward any related material, if needed for reference purposes, it can be fetched from older versions in the Git repository.
* Fix version to 6.3.0.Matthias Andree2012-12-141-1/+1
|
* Complete Dominik's name.Matthias Andree2012-12-141-1/+2
|
* Plug a memory leak in OpenSSL's certificate verification callback.Matthias Andree2012-12-131-1/+9
| | | | | | | | | | | This would affect fetchmail configurations running with SSL in daemon mode more than one-shot runs. Reported by Erik Thiele, and pinned by Dominik, Debian Bug #688015. This bug was introduced into fetchmail 6.2.9 (committed 2005-10-29) when support for subjectAltName was added through a patch by Roland Stigge, submitted as Debian Bug#201113.
* Repair --logfile regression of 6.3.23,Matthias Andree2012-12-131-22/+31
| | | | reported by Heinz Diehl.
* Release 6.3.23.Matthias Andree2012-12-101-21/+31
|
* Move forward to prepare a 6.3.23 release and request translation.Matthias Andree2012-12-051-0/+4
|
* Make Maillennium POP3 workarounds less specific,Matthias Andree2012-10-141-0/+5
| | | | | to encompass Maillennium POP3/UNIBOX (Maillennium V05.00c++). Reported by Eddie via fetchmail-users mailing list, 2012-10-13.
* Clean up logfile vs. syslog handling.Matthias Andree2012-09-231-0/+2
| | | | | In case logfile overrides syslog, send a message to the latter stating where logging goes. Also revise manual page.
* Obsoletion warning.Matthias Andree2012-09-031-0/+5
|
* Mention Alexander's fix for -f - with --plugin.Matthias Andree2012-09-031-0/+4
|
* Note Earl's regression fix for SSL_CTX_clear_options() on older OpenSSL.Matthias Andree2012-09-031-0/+9
|
* Get ready for 6.3.22 release.Matthias Andree2012-08-291-1/+1
|
* Update translations and NEWS.Matthias Andree2012-08-201-21/+27
|
* Warn if SSL is disabled, suggest --with-ssl.Matthias Andree2012-08-171-0/+3
|
* Fix installation when PYTHON is enabled.Matthias Andree2012-08-171-0/+3
| | | | | | The Python-related Makefile.am parts were simplified to avoid an automake 1.11.X bug around noinst_PYTHON, Automake Bug #10995. http://lists.gnu.org/archive/html/automake-patches/2012-03/txtbYNp7SPawU.txt
* GSSAPI build fix.Matthias Andree2012-08-151-0/+4
| | | | | | The GSSAPI-related autoconf code now matches gssapi.c better, and uses a different check to look for GSS_C_NT_HOSTBASED_SERVICE. This fixes the GSSAPI-enabled build on NetBSD 6 Beta.
* Validate NTLM challenge fields.Matthias Andree2012-08-141-3/+7
| | | | | This is to avoid reading from bad locations, and possibly conveying confidential data. Credit to Nico Golde.
* Add new Swedish translation, by Göran Uddeborg.Matthias Andree2012-08-131-0/+3
|
* Reformat, inserting blank line.Matthias Andree2012-08-131-0/+1
|
* Document fix for NTLM crash, + Security advisory (draft).Matthias Andree2012-08-131-1/+8
|
* Document license change in CHANGES.Matthias Andree2012-08-021-1/+5
|
* fetchmail workaround for a bug in Microsoft ExchangeSunil Shetye2012-05-101-0/+5
| | | | | | | treat missing header in response to a FETCH command as a transient error (Reported by John Connett) if there are too many transient errors, log it.
* Fix CVE-2011-3389 by clearing SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS...Matthias Andree2012-05-031-3/+26
| | | | | | | ...from SSL options, unless FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE is a non-empty environment variable. Suggested by Apple.
* Mention Zimbra FETCH () workaround by Mikulas PatockaMatthias Andree2011-11-221-0/+5
|
* Fix build on SSLv2-disabled OpenSSL setupsMatthias Andree2011-10-261-0/+7
| | | | | | | | On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to fix the build) and print a run-time error that the OS does not support SSLv2. Fixes Debian Bug #622054, but note that that bug report has a more thorough patch that does away with SSLv2 altogether.
* Print Server certificate: banner on stdout rather than stderr.Matthias Andree2011-08-301-0/+5
| | | | Reported by Henry Jensen, fixes Debian Bug #639807.