| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin
- no matter its contents - and that set auth ssh), change the STARTTLS
error message to suggest sslproto '' instead.
|
|
|
|
|
| |
This recently printed 'we've run out of authentication methods'
instead of the actual authentication failure.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fetchmail 6.4.22.rc1 clobbered its IMAP state too late, and lost
information on the protocol version in many circumstances.
Consequently, it tried to talk IMAP4 to IMAP4rev1 servers, which failed.
This fix the clear_sessiondata() out to the new constructor and
destructor, such that imap_getauth() only needs to call it after
STARTTLS, when it must re-probe CAPABILITY anyways.
This was the same bug for POP3, which however does not collect state
from the greeting, so that the bug was without effect for POP3.
Reported by: Corey Halpin, FreeBSD port maintainer.
|
|
|
|
|
| |
We need to lose all state after STARTTLS to safeguard
from attacks against the clear-text part of the session.
|
| |
|
|
|
|
| |
Saves one or two (STARTTLS) application-level round-trips.
|
|
|
|
| |
...after successful STARTTLS, to show the logical order of events.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
to make code more correct or readable; to64frombits does not overflow its buffer
|
|
|
|
| |
...i. e. after receiving tagged response.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
On --sslproto auto (or other nonempty values), when
receiving IMAP PREAUTH state, abort the connection,
rather than continuing with cleartext.
--ssl is unaffected because it always negotiates TLS.
See fetchmail-SA-2021-02.txt for details.
|
|
|
|
| |
buffer is used for LOGIN
|
|
|
|
|
| |
...which uses siglongjmp() so that gen_transact() will not return.
Note, just in case, this uses local static buffers and is not thread-safe.
|
|
|
|
|
|
| |
* Normalize include order.
* Backport missed bug fixes.
* Remove dead code.
|
| |
|
|
|
|
|
|
| |
Reported against 6.3.26 by minorwiping@vfemail.net when polling
from imap.yandex.com and it looped on "* BYE Autologout; idle for too long"
in response to a A0001 CAPABILITY request.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removes SSLv2, enables TLSv1.1 and v1.2 more easily,
permits SSLv3 (only if specified) and newer TLSv1.1+ for STLS/STARTTLS.
Only negotiates TLSv1 and newer by default, SSLv3 must now be specified
explicitly, as a consequence of the POODLE attack.
This is meant to be a minimally upgraded version, and cannot be usefully
done as a 6.3.X release.
It is strongly recommended that users review their configuration -
especially --sslproto - per instructions in the NEWS file and manual
page. It has changed semantics and in many cases --sslproto auto or
perhaps --sslproto tls1.2+ should be used now.
|
|
|
|
|
|
|
| |
treat missing header in response to a FETCH command as a transient error
(Reported by John Connett)
if there are too many transient errors, log it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Zimbra occasionally returns this response:
fetchmail: IMAP> A0007 FETCH 1 RFC822.HEADER
fetchmail: IMAP< * 1 FETCH ()
fetchmail: IMAP< A0007 OK FETCH completed
It happens when there is a corrupted message without a header in the
database. (I don't know how this message could be created, I just see it
there).
When fetchmail encounters such resonse, it gives up and disconnects.
This patch changes it so that PS_TRANSIENT is returned in this
case and fetchmail continues to fetch following messages correctly.
|
| |
|
|
|
|
| |
Reported missing by Thomas Jarosch.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add gen_recv_split() to split long protocol messages when the message prefix matches
Order of search commands:
IMAP> A010 SEARCH UNSEEN UNDELETED (IMAP4 or higher)
IMAP> A011 SEARCH UNSEEN
IMAP> A012 FETCH 1:n FLAGS
|
|
|
|
|
| |
Requested by Jonathan Buschmann, to suppress read-notifications on
servers such as MS Exchange or HP OpenMail.
|
|
|
|
|
| |
This is seen on Yahoo in * 123 FETCH (BODY[TEXT] ""), reported by
Yasin Malli.
|
|
|
|
| |
capabilities
|
|
|
|
|
|
| |
during upgradation to TLS.
Send a NOOP only after a failed STARTTLS in IMAP.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
but rather note how much input was consumed, stop short of the string, and
use strncasecmp to match explicitly.
|
|
|
|
| |
remove for loop in imap_fetch_headers()
|
|
|
|
|
|
|
|
|
| |
Exchange 2007 wedges if we try GSSAPI authentication and fail for lack of
suitable credentails (for instance, because the user did not run kinit).
Only try GSSAPI automatically if we have credentials.
Reported by Patrick Rynhart, Debian Bug #568455,
and Alan Murrell, to the fetchmail-users list.
|
|
|
|
| |
and always load the default X.509 trust stores, unless the latter is set.
|
|
|
|
|
|
|
| |
...that were converted to char* when they should have been converted to
const char *.
Use braces for empty if/else statements.
|
|
|
|
| |
svn path=/branches/BRANCH_6-3/; revision=5477
|
|
|
|
| |
svn path=/branches/BRANCH_6-3/; revision=5469
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH UNSEEN NOT
DELETED" again on IMAP2, to fix a regression in fetchmail 6.2.5 reported by
Will Stringer in June 2004. (Sunil Shetye)
* The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4 and IMAP4r1
servers (Sunil Shetye).
* Workaround: The IMAP client now falls back to "FETCH n:m FLAGS" if the server
does not support "SEARCH". (Sunil Shetye)
* The IMAP client now requests message numbers in batches of 1,000 to avoid
problems if there are more than 1860 unseen messages. (Sunil Shetye)
Note that this wasn't security relevant because fetchmail would only read up
to the maximum buffer size and leave the remainder of the string unread, going
out of synch afterwards.
svn path=/branches/BRANCH_6-3/; revision=5468
|
|
|
|
| |
svn path=/branches/BRANCH_6-3/; revision=5462
|