|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| | We need to lose all state after STARTTLS to safeguard
from attacks against the clear-text part of the session. | 
| | |  | 
| | 
| 
| 
| | Saves one or two (STARTTLS) application-level round-trips. | 
| | 
| 
| 
| | ...after successful STARTTLS, to show the logical order of events. | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| | to make code more correct or readable; to64frombits does not overflow its buffer | 
| | 
| 
| 
| | ...i. e. after receiving tagged response. | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | On --sslproto auto (or other nonempty values), when
receiving IMAP PREAUTH state, abort the connection,
rather than continuing with cleartext.
--ssl is unaffected because it always negotiates TLS.
See fetchmail-SA-2021-02.txt for details. | 
| | 
| 
| 
| | buffer is used for LOGIN | 
| | 
| 
| 
| 
| | ...which uses siglongjmp() so that gen_transact() will not return.
Note, just in case, this uses local static buffers and is not thread-safe. | 
| | 
| 
| 
| 
| 
| | * Normalize include order.
* Backport missed bug fixes.
* Remove dead code. | 
| | |  | 
| | 
| 
| 
| 
| 
| | Reported against 6.3.26 by minorwiping@vfemail.net when polling
from imap.yandex.com and it looped on "* BYE Autologout; idle for too long"
in response to a A0001 CAPABILITY request. | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Removes SSLv2, enables TLSv1.1 and v1.2 more easily,
permits SSLv3 (only if specified) and newer TLSv1.1+ for STLS/STARTTLS.
Only negotiates TLSv1 and newer by default, SSLv3 must now be specified
explicitly, as a consequence of the POODLE attack.
This is meant to be a minimally upgraded version, and cannot be usefully
done as a 6.3.X release.
It is strongly recommended that users review their configuration -
especially --sslproto - per instructions in the NEWS file and manual
page.  It has changed semantics and in many cases --sslproto auto or
perhaps --sslproto tls1.2+ should be used now. | 
| | 
| 
| 
| 
| 
| 
| | treat missing header in response to a FETCH command as a transient error
(Reported by John Connett)
if there are too many transient errors, log it. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Zimbra occasionally returns this response:
fetchmail: IMAP> A0007 FETCH 1 RFC822.HEADER
fetchmail: IMAP< * 1 FETCH ()
fetchmail: IMAP< A0007 OK FETCH completed
It happens when there is a corrupted message without a header in the
database. (I don't know how this message could be created, I just see it
there).
When fetchmail encounters such resonse, it gives up and disconnects.
This patch changes it so that PS_TRANSIENT is returned in this
case and fetchmail continues to fetch following messages correctly. | 
| | |  | 
| | 
| 
| 
| | Reported missing by Thomas Jarosch. | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | Add gen_recv_split() to split long protocol messages when the message prefix matches
Order of search commands:
IMAP> A010 SEARCH UNSEEN UNDELETED     (IMAP4 or higher)
IMAP> A011 SEARCH UNSEEN
IMAP> A012 FETCH 1:n FLAGS | 
| | 
| 
| 
| 
| | Requested by Jonathan Buschmann, to suppress read-notifications on
servers such as MS Exchange or HP OpenMail. | 
| | 
| 
| 
| 
| | This is seen on Yahoo in * 123 FETCH (BODY[TEXT] ""), reported by
Yasin Malli. | 
| | 
| 
| 
| | capabilities | 
| | 
| 
| 
| 
| 
| | during upgradation to TLS.
Send a NOOP only after a failed STARTTLS in IMAP. | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| | but rather note how much input was consumed, stop short of the string, and
use strncasecmp to match explicitly. | 
| | 
| 
| 
| | remove for loop in imap_fetch_headers() | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Exchange 2007 wedges if we try GSSAPI authentication and fail for lack of
suitable credentails (for instance, because the user did not run kinit).
Only try GSSAPI automatically if we have credentials.
Reported by Patrick Rynhart, Debian Bug #568455,
and Alan Murrell, to the fetchmail-users list. | 
| | 
| 
| 
| | and always load the default X.509 trust stores, unless the latter is set. | 
| | 
| 
| 
| 
| 
| 
| | ...that were converted to char* when they should have been converted to
const char *.
Use braces for empty if/else statements. | 
| | 
| 
| 
| | svn path=/branches/BRANCH_6-3/; revision=5477 | 
| | 
| 
| 
| | svn path=/branches/BRANCH_6-3/; revision=5469 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH UNSEEN NOT
  DELETED" again on IMAP2, to fix a regression in fetchmail 6.2.5 reported by
  Will Stringer in June 2004. (Sunil Shetye)
* The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4 and IMAP4r1
  servers (Sunil Shetye).
* Workaround: The IMAP client now falls back to "FETCH n:m FLAGS" if the server
  does not support "SEARCH". (Sunil Shetye)
* The IMAP client now requests message numbers in batches of 1,000 to avoid
  problems if there are more than 1860 unseen messages. (Sunil Shetye)
    Note that this wasn't security relevant because fetchmail would only read up
  to the maximum buffer size and leave the remainder of the string unread, going
  out of synch afterwards.
svn path=/branches/BRANCH_6-3/; revision=5468 | 
| | 
| 
| 
| | svn path=/branches/BRANCH_6-3/; revision=5462 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The IMAP client no longer skips messages from several IMAP servers including
Dovecot if fetchmail's "idle" is in use.  Causes were that fetchmail (a)
ignored some untagged responses when it should not (b) relied on EXISTS
messages in response to EXPUNGE, which aren't mandated by RFC-3501 (the IMAP
standard) and aren't sent by Dovecot either.
  Fix by Sunil Shetye (the fix also consolidates IMAP response handling,
improving overall robustness of the IMAP client), bug report and testing by
Matt Doran, with further hints from Timo Sirainen.
svn path=/branches/BRANCH_6-3/; revision=5459 | 
| | 
| 
| 
| | svn path=/branches/BRANCH_6-3/; revision=5363 | 
| | 
| 
| 
| | svn path=/branches/BRANCH_6-3/; revision=5269 | 
| | 
| 
| 
| | svn path=/branches/BRANCH_6-3/; revision=5261 |