Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update SSL configure instructions and license info. | Matthias Andree | 2021-11-21 | 1 | -2/+4 |
| | |||||
* | getstats.py: count .am/.ac files. | Matthias Andree | 2021-11-21 | 1 | -0/+1 |
| | |||||
* | wolfSSL: support 5.0.0+. | Matthias Andree | 2021-11-21 | 1 | -0/+4 |
| | |||||
* | configure.ac: fix rpath, and duplicate library setting | Matthias Andree | 2021-11-20 | 1 | -0/+1 |
| | |||||
* | Fix X509_V_FLAG_TRUSTED_FIRST OpenSSL 1.0.2 workaround | Matthias Andree | 2021-11-20 | 1 | -0/+4 |
| | | | | | | | | The original comparison contained a typo, 0x1000200fL == (ver & 0xfffff000L) and could never match. Fix, and also match at compile time to not even reference this flag on other OpenSSL versions. | ||||
* | OpenSSL: bump minimum required version to 1.0.2f | Matthias Andree | 2021-11-20 | 1 | -1/+5 |
| | | | | | ...in order to safely remove the obsolete OpenSSL flag SSL_OP_SINGLE_DH_USE. | ||||
* | LibreSSL: block, due to licensing issue. | Matthias Andree | 2021-11-20 | 1 | -0/+8 |
| | | | | See COPYING or NEWS. | ||||
* | NEWS: Fix capitalization of CLAUSE. | Matthias Andree | 2021-11-20 | 1 | -1/+1 |
| | |||||
* | NEWS: add a licensing note about LibreSSL. | Matthias Andree | 2021-11-20 | 1 | -0/+6 |
| | |||||
* | NEWS: Credit fr, cs, eo, ja translators. | Matthias Andree | 2021-11-20 | 1 | -0/+4 |
| | |||||
* | fetchmail.man: fix mandoc -Tlint, igor, aspell issues | Matthias Andree | 2021-11-20 | 1 | -0/+4 |
| | |||||
* | Version bump to 6.4.24. | Matthias Andree | 2021-11-20 | 1 | -1/+1 |
| | |||||
* | TLS: OpenSSL 1.0.2 workaround Let's Encrypt Expiry | Matthias Andree | 2021-11-01 | 1 | -0/+11 |
| | | | | ...of cross-signed certificate. | ||||
* | NEWS: credit translators for sv and pl | Matthias Andree | 2021-11-01 | 1 | -0/+2 |
| | |||||
* | Mention Bison build fix. | Matthias Andree | 2021-10-31 | 1 | -0/+10 |
| | |||||
* | Get ready for 6.4.23. | Matthias Andree | 2021-10-31 | 1 | -1/+1 |
| | |||||
* | IMAP: improve STARTTLS error message for ssh-plugin case | Matthias Andree | 2021-10-31 | 1 | -0/+7 |
| | | | | | | For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin - no matter its contents - and that set auth ssh), change the STARTTLS error message to suggest sslproto '' instead. | ||||
* | NEWS: mention Мирослав Николић/Miroslav Nikolić as translator. | Matthias Andree | 2021-10-31 | 1 | -0/+1 |
| | |||||
* | NEWS: Mention Takeshi Hamasaki as translator. | Matthias Andree | 2021-09-20 | 1 | -0/+6 |
| | |||||
* | Get ready for 6.4.22. | Matthias Andree | 2021-09-13 | 1 | -7/+8 |
| | |||||
* | Note OpenSSL 3.0.0 support and licensing change. | Matthias Andree | 2021-09-13 | 1 | -0/+6 |
| | | | | | While here, rearrange COPYING a little bit and add a few paragraphs. Zeilen, | ||||
* | NEWS: fix spelink of Stefan Eßer's last name | Matthias Andree | 2021-09-01 | 1 | -1/+1 |
| | |||||
* | NEWS: Credit Petr Pisar for Czech translation. | Matthias Andree | 2021-09-01 | 1 | -0/+1 |
| | |||||
* | NEWS: Credit RC testers. | Matthias Andree | 2021-08-29 | 1 | -0/+4 |
| | |||||
* | NEWS: credit translators. | Matthias Andree | 2021-08-29 | 1 | -1/+3 |
| | | | | | | Göran Uddeborg (Swedish) was credited in a5a961e7c45fb4d1cdc700e7dcd2ff55ab2b1b51, without explicit mention in the header. credit Jakub Bogusz (Polish) and Besnik Bleta (Albanian). | ||||
* | socket.c: invalid sslproto no longer abort()s | Matthias Andree | 2021-08-28 | 1 | -1/+4 |
| | |||||
* | Credit fr/eo translators. | Matthias Andree | 2021-08-27 | 1 | -0/+4 |
| | |||||
* | imap.c, pop3.c: fix protocol regression of 6.4.22.rc1 | Matthias Andree | 2021-08-27 | 1 | -0/+4 |
| | | | | | | | | | | | | | | | fetchmail 6.4.22.rc1 clobbered its IMAP state too late, and lost information on the protocol version in many circumstances. Consequently, it tried to talk IMAP4 to IMAP4rev1 servers, which failed. This fix the clear_sessiondata() out to the new constructor and destructor, such that imap_getauth() only needs to call it after STARTTLS, when it must re-probe CAPABILITY anyways. This was the same bug for POP3, which however does not collect state from the greeting, so that the bug was without effect for POP3. Reported by: Corey Halpin, FreeBSD port maintainer. | ||||
* | NEWS: fix typo. | Matthias Andree | 2021-08-27 | 1 | -1/+1 |
| | |||||
* | Add CVE ID; revise TLS docs & fetchmail-SA-2021-02 | Matthias Andree | 2021-08-27 | 1 | -8/+10 |
| | |||||
* | fetchmail.c: Fix SIGSEGV optmerge()ing "no envelope" | Matthias Andree | 2021-08-27 | 1 | -0/+5 |
| | | | | | | | | Reported by Bjørn Mork, fixes Debian Bug#992400. Crash happens inside xstrdup() on a strlen((char *)-1) where the argument is constant and the trigger is a local trusted configuration file, so not deemed a vulnerability. | ||||
* | NEWS: reword 6.4.21 regression fix to include --syslog | Matthias Andree | 2021-08-26 | 1 | -1/+1 |
| | |||||
* | sanity check well-known POP3/IMAP ports vs. SSL | Matthias Andree | 2021-08-26 | 1 | -0/+3 |
| | | | | | Gitlab: Closes #31. (cherry picked from commit da6eb347af326912560f56081d603a0a78c3d56d) | ||||
* | POP3: make CAPA parser caseblind. | Matthias Andree | 2021-08-26 | 1 | -0/+1 |
| | |||||
* | SECURITY: POP3: changes for --auth ssh and RPA | Matthias Andree | 2021-08-26 | 1 | -1/+5 |
| | | | | | These no longer defeat STARTTLS negotiation, and RPA is only attempted with --auth any. | ||||
* | NEWS: Deprecate RPA and other nonstandard auth' schemes. | Matthias Andree | 2021-08-26 | 1 | -0/+4 |
| | |||||
* | socket.c: plugin/plugout SIGSEGV and memleak fixes | Matthias Andree | 2021-08-26 | 1 | -0/+4 |
| | |||||
* | IMAP: record server's CAPABILITY data in pre-auth state. | Matthias Andree | 2021-08-26 | 1 | -0/+5 |
| | | | | Saves one or two (STARTTLS) application-level round-trips. | ||||
* | SECURITY: IMAP: no longer permit LOGIN with LOGINDISABLED. | Matthias Andree | 2021-08-26 | 1 | -1/+3 |
| | |||||
* | IMAP: log error if --auth external requested but server does not advertise it. | Matthias Andree | 2021-08-26 | 1 | -0/+2 |
| | |||||
* | IMAP: two more AUTHENTICATE EXTERNAL fixes | Matthias Andree | 2021-08-26 | 1 | -1/+7 |
| | |||||
* | IMAP: don't send * after failed AUTHENTICATE EXTERNAL | Matthias Andree | 2021-08-26 | 1 | -0/+4 |
| | | | | ...i. e. after receiving tagged response. | ||||
* | SECURITY: IMAP: --auth ssh no longer prevents STARTTLS | Matthias Andree | 2021-08-26 | 1 | -0/+1 |
| | |||||
* | SECURITY: IMAP: PREAUTH->abort if STARTTLS needed | Matthias Andree | 2021-08-26 | 1 | -0/+17 |
| | | | | | | | | | | On --sslproto auto (or other nonempty values), when receiving IMAP PREAUTH state, abort the connection, rather than continuing with cleartext. --ssl is unaffected because it always negotiates TLS. See fetchmail-SA-2021-02.txt for details. | ||||
* | NEWS/6.4.20: Fix typo in CVE number. | Matthias Andree | 2021-08-09 | 1 | -1/+1 |
| | |||||
* | Fix --logfile and message truncation issue. | Matthias Andree | 2021-08-09 | 1 | -0/+18 |
| | | | | | | | | | | | | | | | | | Regression in 6.4.20's security fix (Git commit c546c829). We doubly incremented partial_message_size_used on modern systems (stdard.h/vsnprintf), once in report_vbuild() and then again in report_build(), so the 2nd and subsequent report_build() fragments landed too late in the buffer. This will not cause overruns due to the reallocation prior to the vsnprintf/sprintf, but it write starts behind the '\0' byte, instead of right over it, so the string also gets truncated to the first fragment written with report_vbuild(). Fix by moving the increment back into the #else...#endif part that does not use report_vbuild(). Reported by: Jürgen Edner, Erik Christiansen | ||||
* | Get ready for 6.4.20. | Matthias Andree | 2021-07-28 | 1 | -1/+1 |
| | |||||
* | Fix SIGSEGV when resizing report*() buffer. | Matthias Andree | 2021-07-28 | 1 | -0/+18 |
| | | | | | | | | | | | | | | Reported (with a different patch suggestion) by Christian Herdtweck <christian.herdtweck@intra2net.com>. Note that vsnprintf() calls va_arg(), and depending on operating system, compiler, configuration, this will invalidate the va_list argument pointer, so that va_start has to be called again before a subsequent vsnprintf(). However, it is better to do away with the loop and the trial-and-error, and leverage the return value of vsnprintf instead for a direct one-off resizing, whilst taking into account that on SUSv2 systems, the return value can be useless if the size argument to vsnprintf is 0. | ||||
* | Get ready for 6.4.19. | Matthias Andree | 2021-04-24 | 1 | -1/+1 |
| | |||||
* | fetchmailconf: properly catch and report option parsing errors | Matthias Andree | 2021-04-24 | 1 | -0/+3 |
| |