aboutsummaryrefslogtreecommitdiffstats
path: root/NEWS
Commit message (Collapse)AuthorAgeFilesLines
* Get ready for 6.4.25.rc2.Matthias Andree2021-11-271-7/+9
|
* NEWS: Mention contrib/systemd additionMatthias Andree2021-11-271-0/+5
|
* NEWS: Credit fr, eo translators.Matthias Andree2021-11-271-1/+4
|
* NEWS: Credit sv, sq, ja, pl translators.Matthias Andree2021-11-221-0/+6
|
* Bump version to 6.4.25.rc1Matthias Andree2021-11-211-1/+1
|
* Update SSL configure instructions and license info.Matthias Andree2021-11-211-2/+4
|
* getstats.py: count .am/.ac files.Matthias Andree2021-11-211-0/+1
|
* wolfSSL: support 5.0.0+.Matthias Andree2021-11-211-0/+4
|
* configure.ac: fix rpath, and duplicate library settingMatthias Andree2021-11-201-0/+1
|
* Fix X509_V_FLAG_TRUSTED_FIRST OpenSSL 1.0.2 workaroundMatthias Andree2021-11-201-0/+4
| | | | | | | | The original comparison contained a typo, 0x1000200fL == (ver & 0xfffff000L) and could never match. Fix, and also match at compile time to not even reference this flag on other OpenSSL versions.
* OpenSSL: bump minimum required version to 1.0.2fMatthias Andree2021-11-201-1/+5
| | | | | ...in order to safely remove the obsolete OpenSSL flag SSL_OP_SINGLE_DH_USE.
* LibreSSL: block, due to licensing issue.Matthias Andree2021-11-201-0/+8
| | | | See COPYING or NEWS.
* NEWS: Fix capitalization of CLAUSE.Matthias Andree2021-11-201-1/+1
|
* NEWS: add a licensing note about LibreSSL.Matthias Andree2021-11-201-0/+6
|
* NEWS: Credit fr, cs, eo, ja translators.Matthias Andree2021-11-201-0/+4
|
* fetchmail.man: fix mandoc -Tlint, igor, aspell issuesMatthias Andree2021-11-201-0/+4
|
* Version bump to 6.4.24.Matthias Andree2021-11-201-1/+1
|
* TLS: OpenSSL 1.0.2 workaround Let's Encrypt ExpiryMatthias Andree2021-11-011-0/+11
| | | | ...of cross-signed certificate.
* NEWS: credit translators for sv and plMatthias Andree2021-11-011-0/+2
|
* Mention Bison build fix.Matthias Andree2021-10-311-0/+10
|
* Get ready for 6.4.23.Matthias Andree2021-10-311-1/+1
|
* IMAP: improve STARTTLS error message for ssh-plugin caseMatthias Andree2021-10-311-0/+7
| | | | | | For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin - no matter its contents - and that set auth ssh), change the STARTTLS error message to suggest sslproto '' instead.
* NEWS: mention Мирослав Николић/Miroslav Nikolić as translator.Matthias Andree2021-10-311-0/+1
|
* NEWS: Mention Takeshi Hamasaki as translator.Matthias Andree2021-09-201-0/+6
|
* Get ready for 6.4.22.Matthias Andree2021-09-131-7/+8
|
* Note OpenSSL 3.0.0 support and licensing change.Matthias Andree2021-09-131-0/+6
| | | | | While here, rearrange COPYING a little bit and add a few paragraphs. Zeilen,
* NEWS: fix spelink of Stefan Eßer's last nameMatthias Andree2021-09-011-1/+1
|
* NEWS: Credit Petr Pisar for Czech translation.Matthias Andree2021-09-011-0/+1
|
* NEWS: Credit RC testers.Matthias Andree2021-08-291-0/+4
|
* NEWS: credit translators.Matthias Andree2021-08-291-1/+3
| | | | | | Göran Uddeborg (Swedish) was credited in a5a961e7c45fb4d1cdc700e7dcd2ff55ab2b1b51, without explicit mention in the header. credit Jakub Bogusz (Polish) and Besnik Bleta (Albanian).
* socket.c: invalid sslproto no longer abort()sMatthias Andree2021-08-281-1/+4
|
* Credit fr/eo translators.Matthias Andree2021-08-271-0/+4
|
* imap.c, pop3.c: fix protocol regression of 6.4.22.rc1Matthias Andree2021-08-271-0/+4
| | | | | | | | | | | | | | | fetchmail 6.4.22.rc1 clobbered its IMAP state too late, and lost information on the protocol version in many circumstances. Consequently, it tried to talk IMAP4 to IMAP4rev1 servers, which failed. This fix the clear_sessiondata() out to the new constructor and destructor, such that imap_getauth() only needs to call it after STARTTLS, when it must re-probe CAPABILITY anyways. This was the same bug for POP3, which however does not collect state from the greeting, so that the bug was without effect for POP3. Reported by: Corey Halpin, FreeBSD port maintainer.
* NEWS: fix typo.Matthias Andree2021-08-271-1/+1
|
* Add CVE ID; revise TLS docs & fetchmail-SA-2021-02Matthias Andree2021-08-271-8/+10
|
* fetchmail.c: Fix SIGSEGV optmerge()ing "no envelope"Matthias Andree2021-08-271-0/+5
| | | | | | | | Reported by Bjørn Mork, fixes Debian Bug#992400. Crash happens inside xstrdup() on a strlen((char *)-1) where the argument is constant and the trigger is a local trusted configuration file, so not deemed a vulnerability.
* NEWS: reword 6.4.21 regression fix to include --syslogMatthias Andree2021-08-261-1/+1
|
* sanity check well-known POP3/IMAP ports vs. SSLMatthias Andree2021-08-261-0/+3
| | | | | Gitlab: Closes #31. (cherry picked from commit da6eb347af326912560f56081d603a0a78c3d56d)
* POP3: make CAPA parser caseblind.Matthias Andree2021-08-261-0/+1
|
* SECURITY: POP3: changes for --auth ssh and RPAMatthias Andree2021-08-261-1/+5
| | | | | These no longer defeat STARTTLS negotiation, and RPA is only attempted with --auth any.
* NEWS: Deprecate RPA and other nonstandard auth' schemes.Matthias Andree2021-08-261-0/+4
|
* socket.c: plugin/plugout SIGSEGV and memleak fixesMatthias Andree2021-08-261-0/+4
|
* IMAP: record server's CAPABILITY data in pre-auth state.Matthias Andree2021-08-261-0/+5
| | | | Saves one or two (STARTTLS) application-level round-trips.
* SECURITY: IMAP: no longer permit LOGIN with LOGINDISABLED.Matthias Andree2021-08-261-1/+3
|
* IMAP: log error if --auth external requested but server does not advertise it.Matthias Andree2021-08-261-0/+2
|
* IMAP: two more AUTHENTICATE EXTERNAL fixesMatthias Andree2021-08-261-1/+7
|
* IMAP: don't send * after failed AUTHENTICATE EXTERNALMatthias Andree2021-08-261-0/+4
| | | | ...i. e. after receiving tagged response.
* SECURITY: IMAP: --auth ssh no longer prevents STARTTLSMatthias Andree2021-08-261-0/+1
|
* SECURITY: IMAP: PREAUTH->abort if STARTTLS neededMatthias Andree2021-08-261-0/+17
| | | | | | | | | | On --sslproto auto (or other nonempty values), when receiving IMAP PREAUTH state, abort the connection, rather than continuing with cleartext. --ssl is unaffected because it always negotiates TLS. See fetchmail-SA-2021-02.txt for details.
* NEWS/6.4.20: Fix typo in CVE number.Matthias Andree2021-08-091-1/+1
|