| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fetchmail 6.4.22.rc1 clobbered its IMAP state too late, and lost
information on the protocol version in many circumstances.
Consequently, it tried to talk IMAP4 to IMAP4rev1 servers, which failed.
This fix the clear_sessiondata() out to the new constructor and
destructor, such that imap_getauth() only needs to call it after
STARTTLS, when it must re-probe CAPABILITY anyways.
This was the same bug for POP3, which however does not collect state
from the greeting, so that the bug was without effect for POP3.
Reported by: Corey Halpin, FreeBSD port maintainer.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Reported by Bjørn Mork, fixes Debian Bug#992400.
Crash happens inside xstrdup() on a strlen((char *)-1) where
the argument is constant and the trigger is a local trusted
configuration file, so not deemed a vulnerability.
|
| |
|
|
|
|
|
| |
Gitlab: Closes #31.
(cherry picked from commit da6eb347af326912560f56081d603a0a78c3d56d)
|
| |
|
|
|
|
|
| |
These no longer defeat STARTTLS negotiation,
and RPA is only attempted with --auth any.
|
| |
|
| |
|
|
|
|
| |
Saves one or two (STARTTLS) application-level round-trips.
|
| |
|
| |
|
| |
|
|
|
|
| |
...i. e. after receiving tagged response.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
On --sslproto auto (or other nonempty values), when
receiving IMAP PREAUTH state, abort the connection,
rather than continuing with cleartext.
--ssl is unaffected because it always negotiates TLS.
See fetchmail-SA-2021-02.txt for details.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Regression in 6.4.20's security fix (Git commit c546c829).
We doubly incremented partial_message_size_used on modern systems
(stdard.h/vsnprintf), once in report_vbuild() and then again in
report_build(), so the 2nd and subsequent report_build() fragments
landed too late in the buffer. This will not cause overruns due to the
reallocation prior to the vsnprintf/sprintf, but it write starts behind
the '\0' byte, instead of right over it, so the string also gets
truncated to the first fragment written with report_vbuild().
Fix by moving the increment back into the #else...#endif part that does
not use report_vbuild().
Reported by: Jürgen Edner, Erik Christiansen
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported (with a different patch suggestion) by
Christian Herdtweck <christian.herdtweck@intra2net.com>.
Note that vsnprintf() calls va_arg(), and depending on operating system,
compiler, configuration, this will invalidate the va_list argument
pointer, so that va_start has to be called again before a subsequent
vsnprintf(). However, it is better to do away with the loop and the
trial-and-error, and leverage the return value of vsnprintf instead for
a direct one-off resizing, whilst taking into account that on SUSv2
systems, the return value can be useless if the size argument to
vsnprintf is 0.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
(those with a file path).
Closes: #33
|
| |
|
| |
|
|
|
|
|
| |
the latter is deprecated in OpenSSL 3, and the user might use some
other key than RSA.
|
|
|
|
| |
to avoid compatibility issues with new OpenSSL versions later on.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
...which uses siglongjmp() so that gen_transact() will not return.
Note, just in case, this uses local static buffers and is not thread-safe.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
When Gene Heskett was updating his OpenSSL on Debian oldstable, we figured
that it might be helpful to print where OpenSSL goes look for the trusted
certificate. Add this information.
Also add documentation of OpenSSL's SSL_CERT_DIR/SSL_CERT_FILE environment
variables.
|
|
|
|
|
|
|
|
|
| |
This was found by Julian Bane debugging a situation where duplicate
suppression did not kick in (due to envelope-recording headers,
X-Original-To, Delivered-To). Historic behavior now documented in
fetchmail.man and NEWS in order to reduce confusion.
Gitlab, fixes issue #29.
|
|
|
|
| |
(cherry picked from commit 204541b6d2ccdbd2111e346f47fd69316ed3ef7d)
|
|
|
|
|
|
|
| |
Mention 6.4.3 esmtpname/esmtppassword fix.
Found while reviewing Earl Chew's same fix on 'next' branch.
Reference MDA single-quoting issue by Debian Bug#347909 id.
|
| |
|
|
|
|
| |
Cherry-picked from 'next' branch, 895b4748.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since commit ca372c2c4fd4fa18cf035087203069e412adfa00, cross-compilation
fails on:
/data/buildroot-test/instance-0/output-1/host/bin/powerpc-linux-gcc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -I/data/buildroot-test/instance-0/output-1/host/powerpc-buildroot-linux-uclibc/sysroot/usr/include -I/usr/kerberos/include -L/data/buildroot-test/instance-0/output-1/host/powerpc-buildroot-linux-uclibc/sysroot/usr/lib -o fetchmail socket.o getpass.o fetchmail.o env.o idle.o options.o daemon.o driver.o transact.o sink.o smtp.o idlist.o uid.o mxget.o md5ify.o cram.o gssapi.o opie.o interface.o netrc.o unmime.o conf.o checkalias.o uid_db.o lock.o rcfile_l.o rcfile_y.o ucs/norm_charmap.o fm_realpath.o pop3.o imap.o etrn.o odmr.o libfm.a -lintl -L/data/buildroot-test/instance-0/output-1/host/bin/../powerpc-buildroot-linux-uclibc/sysroot/usr/lib -lssl -lcrypto /usr/lib/libssl.so /usr/lib/libcrypto.so /usr/lib/libcrypto.so
/data/buildroot-test/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/8.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: /usr/lib/libssl.so: error adding symbols: file in wrong format
This build failure is raised because pkg-config values are overriden by
AC_LIB_LINKFLAGS which can pull libraries from the host. So, don't
unconditionally call AC_LIB_LINKFLAGS when cross-compiling. It should be
noted that AC_LIB_LINKFLAGS is used as a fallback of case pkg-config
since commit c92eb3c1895f10a9a4d3229ac883071b62db3920.
Fixes:
- http://autobuild.buildroot.org/results/1b24f0ada47ca1913321d148981364ce513465ac
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Merge request !23.
|
|
|
|
| |
Reported by David McKelvie on fetchmail-users today.
|