aboutsummaryrefslogtreecommitdiffstats
path: root/NEWS
Commit message (Collapse)AuthorAgeFilesLines
* Fix up line count.Matthias Andree2019-09-281-1/+1
|
* Regression fix for realpath() buffer.Matthias Andree2019-09-281-5/+6
| | | | | | | | Let the system allocate realpath() buffers intead of trying to portably derive a buffer size. This was found with default GCC fortify settings on Ubuntu 18.04 and showed with -D_FORTIFY_SOURCE=2 on Fedora, too.
* Cheat release note generator to include 6.4.0 notes in 6.4.1.Matthias Andree2019-09-281-1/+1
| | | | | dist-tools/makerelease.pl looks for lines matching ^fetchmail- to extract from NEWS, so make fetchmail 6.4.0 not match that regex.
* 6.4.1, regression fix for default file locations.Matthias Andree2019-09-281-0/+10
| | | | | | | | The fix between 6.4.0-rc4 and 6.4.0 for Debian Bug#941129 caused a regression in the default file locations, some files were looked for without dot (.fetchmail.pid, .fetchmailrc). Reported by Cy Schubert.
* Prepare for 6.4.0 release.Matthias Andree2019-09-271-1/+1
| | | | This entails recording new line numbers in po/*.po files.
* env.c: make FETCHMAILHOME (fmhome) absolute.Matthias Andree2019-09-271-0/+3
| | | | | | | | If FETCHMAILHOME is specified as relative path, then it can become the victim of a chdir("/") that happens in daemon mode, so that switching to daemon mode will change behaviour of FETCHMAILHOME. Reported by Alex Andreotti, Debian Bug #941129.
* Mention MDA single-quote fix safety check.Matthias Andree2019-08-251-0/+2
|
* Align with legacy_6x.Matthias Andree2019-08-251-0/+11
| | | | | | * Normalize include order. * Backport missed bug fixes. * Remove dead code.
* mimedecode: Fix multipart/mixed detection.Matthias Andree2019-08-251-0/+4
| | | | | | | Fixes a regression introduced in release 5.0.0 in March 1999 that was attributed to Henrik Storner. (cherry-pick from master, e45e718a80379391f8ba457e64e19f75f061741a)
* Revise deprecation warning intro.Matthias Andree2019-08-231-2/+2
|
* fetchmailconf: Permit editing the first item from a list, and more updates.Matthias Andree2019-08-211-0/+2
| | | | | | | * Remove a bogus check that would prevent editing the first items from list boxes. * Require Python 2.3. * Convert apply() call to function(*(tuple,)) syntax * string.atoi() -> int() on select[0], to continue where it's not a string
* Disable installing el fi gl pt_BR sk tr translations.Matthias Andree2019-08-191-0/+3
| | | | These have < 500 translated messages each.
* Update documentation.Matthias Andree2019-08-191-0/+1
|
* Documentation updates.Matthias Andree2019-08-181-10/+19
|
* fetchmail no longer reports System error during SSL_connect(): Success.Matthias Andree2019-08-051-0/+2
| | | | Fixes Debian Bug#928916, reported by Paul Kimoto.
* Mention full translation updates of cs,eo,fr,jp,pl,sv...Matthias Andree2019-05-301-0/+8
| | | | | | | | | * CS: Petr Pisar <petr.pisar@atlas.cz> [Czech] * EO: Felipe Castro <fefcas@gmail.com> [Esperanto] * FR: Frédéric Marchal <fmarchal@perso.be> [French] * JP: Takeshi Hamasaki <hmatrjp@users.sourceforge.jp> [Japanese] * PL: Jakub Bogusz <qboosh@pld-linux.org> [Polish] * SV: Göran Uddeborg <goeran@uddeborg.se> [Swedish]
* Document recent changes.Matthias Andree2019-05-141-4/+28
|
* Set umask properly before writing the .fetchids file,Matthias Andree2018-06-241-0/+2
| | | | | to avoid failing the security check on the next run. Reported by Fabian Raab, Debian Bug#831611.
* Prevent buffer overruns in do_gssauth() with long user names.Matthias Andree2018-04-141-0/+4
| | | | Reported in private by Greg Hudson.
* GSSAPI: Do not add gratuitious NUL byte to username.Matthias Andree2018-04-141-0/+3
| | | | Greg Hudson reported this broke Exchange 2013 authentication.
* Mention tls1.3 and + option in NEWS.Matthias Andree2017-02-111-2/+3
|
* Mention import of P-Tree O(n log n) code for UIDL.Matthias Andree2016-12-111-0/+8
|
* Bump OpenSSL requirement to v1.0.2.Matthias Andree2016-12-111-1/+1
|
* Accept more options with a running daemon.Matthias Andree2016-07-061-1/+4
| | | | (Cherry-picked from master's 1a92b2909610096a11d26f7a7317d32819354be3.)
* Fix a few inconsistencies.Matthias Andree2016-05-261-5/+6
|
* Flip the switch and configure OpenSSL by default.Matthias Andree2016-01-301-0/+1
|
* Document minimum OpenSSL 1.0.1 requirement.Matthias Andree2016-01-301-0/+1
|
* Enable --sslcertck by default.Matthias Andree2015-11-151-8/+15
| | | | | | | | | | There are no sslcertck (rcfile) and --nosslcertck (command line) options that can be combined with [--]sslfingerprint if so desired. The documentation is deliberately not updated everywhere, so that recommendations to use --sslcertck stand, this is for the benefit of users that read fetchmail v6.4.0 manuals to configure a fetchmail v6.3.X implementation.
* Mark Debian Bug #804604 as fixed.Matthias Andree2015-11-151-1/+1
|
* Update documentation.Matthias Andree2015-04-111-1/+1
|
* Detect/report server hang-up in SSL_connect().Matthias Andree2015-04-081-1/+4
| | | | | | This condition does not leave traces in the SSL error queue, and must be checked explicitly. Result from debugging Jerry Seibert's issue with outlook.com/pop3.live.com.
* TLS overhaul, bumping version to 6.4Matthias Andree2015-01-261-9/+29
| | | | | | | | | | | | | | | Removes SSLv2, enables TLSv1.1 and v1.2 more easily, permits SSLv3 (only if specified) and newer TLSv1.1+ for STLS/STARTTLS. Only negotiates TLSv1 and newer by default, SSLv3 must now be specified explicitly, as a consequence of the POODLE attack. This is meant to be a minimally upgraded version, and cannot be usefully done as a 6.3.X release. It is strongly recommended that users review their configuration - especially --sslproto - per instructions in the NEWS file and manual page. It has changed semantics and in many cases --sslproto auto or perhaps --sslproto tls1.2+ should be used now.
* Also recognize OPENSSL_NO_SSLx.Matthias Andree2015-01-161-2/+5
| | | | | These are the macros OpenSSL defines when configured with no-ssl2 or no-ssl3, the actual macro names are OPENSSL_NO_SSL2 and OPENSSL_NO_SSL3.
* Permit build on SSLv3-disabled OpenSSL,Matthias Andree2015-01-161-0/+6
| | | | | | | providing that these also omit the declaration of SSLv3_client_method(). Related to Debian Bug#775255. Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method(). Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method().
* More warnings on idle vs. multiple mailboxes.Matthias Andree2014-11-221-0/+3
| | | | In response to Jeremy Chadwick's trouble 2014-11-19, fetchmail-users.
* Error out if user combines --idle with multiple mailboxes.Matthias Andree2014-11-221-0/+2
|
* Convert most references from berlios.de to sourceforge.net.Matthias Andree2014-05-211-0/+1
| | | | Re-sign EN and SAs because that broke signatures.
* Do not translate header tags such as "Subject:".Matthias Andree2014-05-201-19/+21
| | | | Reported by Gonzalo Pérez de Olaguer Córdoba, Debian Bug#744907.
* Fix typo in 'you could [end] up' in FAQ.Matthias Andree2013-05-111-0/+6
| | | | Fixes Debian Bug#706776, submitted by David Lawyer.
* Mark release date.Matthias Andree2013-04-231-21/+25
|
* Update info on the mimedecode fix.Matthias Andree2013-04-231-9/+14
|
* Fix mimedecode last-line omission.Matthias Andree2013-04-231-0/+8
| | | | | | | | | | | | The mimedecode feature failed to ship the last line of the body if it was encoded as quoted-printable and had a MIME soft line break in the very last line. Reported by Lars Hecking in June 2011. Bug introduced on 1998-03-20 when the mimedecode support was added by ESR before release 4.4.1 through code contributed by Henrik Storner, in driver.c. Workaround for older releases: do not use mimedecode feature.
* Prepare 6.3.25 release.Matthias Andree2013-03-191-1/+1
|
* Update current translation state as of 2013-03-18Matthias Andree2013-03-191-27/+30
|
* Make SMTP error handling point to --softbounce.Matthias Andree2013-03-071-0/+2
| | | | | The fetchmail manual page now refers the user to --softbounce from the SMTP/ESMTP ERROR HANDLING section. Reported by Anton Shterenlikht.
* Remove obsolete "OpenSSL default fingerprint is MD5" claim.Matthias Andree2013-03-061-0/+3
| | | | | | | The fetchmail manual page no longer claims that MD5 were the default OpenSSL hash format (for use with --sslfingerprint). Reported by Jakob Wilk, PARTIAL fix for Debian Bug#700266.
* Add Esperanto translation.Matthias Andree2013-02-191-0/+3
|
* Credit John Beck's fixes.Matthias Andree2013-02-181-0/+7
|
* Improve X.509 certificate validation reporting.Matthias Andree2013-02-061-0/+8
| | | | | | | | | * Improved reporting when SSL/TLS X.509 certificate validation has failed, working around a not-so-recent swapping of two OpenSSL error codes, and a practical impossibility to distinguish broken certification chains from missing trust anchors (root certificates). * OpenSSL decoded errors are now reported through report(), rather than dumped to stderr, so that they should show up in logfiles and/or syslog.
* Work around systems returning obsolete EAI_NODATA.Matthias Andree2013-02-031-0/+14
| | | | | | | | | | | | Older systems that provide the older RFC-2553 implementation of getaddrinfo, rather than the current RFC-3493, and systems that do not provide this getaddrinfo() interface at all and thus use the replacement functions from libesmtp/getaddrinfo.?, might return EAI_NODATA when a host is registered in DNS as MX or similar, but without A or AAAA records. Handle this situation when checking for multidrop aliases and treat EAI_NODATA the same as EAI_NONAME, i. e. name cannot be resolved. The proper fix, however, is to upgrade the operating system.