Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | SECURITY: imap.c, pop3.c: STARTTLS drops state | Matthias Andree | 2021-08-26 | 1 | -35/+28 |
| | | | | | We need to lose all state after STARTTLS to safeguard from attacks against the clear-text part of the session. | ||||
* | POP3: make CAPA parser caseblind. | Matthias Andree | 2021-08-26 | 1 | -0/+3 |
| | |||||
* | SECURITY: POP3: changes for --auth ssh and RPA | Matthias Andree | 2021-08-26 | 1 | -31/+43 |
| | | | | | These no longer defeat STARTTLS negotiation, and RPA is only attempted with --auth any. | ||||
* | Align with legacy_6x. | Matthias Andree | 2019-08-25 | 1 | -57/+1 |
| | | | | | | * Normalize include order. * Backport missed bug fixes. * Remove dead code. | ||||
* | Fix potential SIGSEGV in pop3_delete. | Matthias Andree | 2018-11-25 | 1 | -2/+3 |
| | | | | Reported by Paul Kinsler. | ||||
* | Fix GCC8 ?: operator type promotion warning. | Matthias Andree | 2018-04-14 | 1 | -2/+2 |
| | |||||
* | Add one comment to pop3_fastuidl(). | Matthias Andree | 2017-02-11 | 1 | -0/+2 |
| | |||||
* | Drop unused variable. | Matthias Andree | 2016-12-12 | 1 | -1/+0 |
| | |||||
* | Fix portability to C90 and C++. | Matthias Andree | 2016-12-11 | 1 | -1/+0 |
| | |||||
* | Fix crash on --flush. | Rainer Weikusat | 2016-12-11 | 1 | -2/+5 |
| | |||||
* | UIDL database speedup with Patricia trees. | Matthias Andree | 2016-12-11 | 1 | -50/+67 |
| | | | | | | | Import Rainer Weikusat's code that uses Patricia trees instead of linear lists. Snapshot Rainer's patch 2010-05-24 19:30:42 | ||||
* | TLS overhaul, bumping version to 6.4 | Matthias Andree | 2015-01-26 | 1 | -21/+21 |
| | | | | | | | | | | | | | | | Removes SSLv2, enables TLSv1.1 and v1.2 more easily, permits SSLv3 (only if specified) and newer TLSv1.1+ for STLS/STARTTLS. Only negotiates TLSv1 and newer by default, SSLv3 must now be specified explicitly, as a consequence of the POODLE attack. This is meant to be a minimally upgraded version, and cannot be usefully done as a 6.3.X release. It is strongly recommended that users review their configuration - especially --sslproto - per instructions in the NEWS file and manual page. It has changed semantics and in many cases --sslproto auto or perhaps --sslproto tls1.2+ should be used now. | ||||
* | Make Maillennium POP3 workarounds less specific, | Matthias Andree | 2012-10-14 | 1 | -2/+2 |
| | | | | | to encompass Maillennium POP3/UNIBOX (Maillennium V05.00c++). Reported by Eddie via fetchmail-users mailing list, 2012-10-13. | ||||
* | Run S(TART)TLS negotiation under timeout alarm. | Matthias Andree | 2011-05-26 | 1 | -2/+5 |
| | | | | Reported missing by Thomas Jarosch. | ||||
* | Reduce complexity of adding UIDs in fastuidl. | Matthias Andree | 2010-12-14 | 1 | -2/+3 |
| | |||||
* | Reduce complexity for parsing UIDL response to linear. | Matthias Andree | 2010-12-14 | 1 | -2/+3 |
| | |||||
* | Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory ignoring server ↵ | Sunil Shetye | 2010-11-19 | 1 | -5/+2 |
| | | | | capabilities | ||||
* | Distinguish between server not advertising TLS capability and server failing ↵ | Sunil Shetye | 2010-11-10 | 1 | -7/+5 |
| | | | | | | during upgradation to TLS. Send a NOOP only after a failed STARTTLS in IMAP. | ||||
* | POP3: autoprobe NTLM. | Matthias Andree | 2010-10-09 | 1 | -17/+36 |
| | |||||
* | Factor out common NTLM code. | Matthias Andree | 2010-10-09 | 1 | -48/+5 |
| | |||||
* | Fix dead assignments. | Matthias Andree | 2010-10-09 | 1 | -1/+1 |
| | |||||
* | Avoid wedging Exchange 2007 with GSSAPI. | Matthias Andree | 2010-08-21 | 1 | -1/+2 |
| | | | | | | | | | Exchange 2007 wedges if we try GSSAPI authentication and fail for lack of suitable credentails (for instance, because the user did not run kinit). Only try GSSAPI automatically if we have credentials. Reported by Patrick Rynhart, Debian Bug #568455, and Alan Murrell, to the fetchmail-users list. | ||||
* | Fix a few Intel C++ remarks and warnings. | Matthias Andree | 2010-04-27 | 1 | -2/+2 |
| | |||||
* | Validate STAT response more strictly. | Matthias Andree | 2010-04-24 | 1 | -3/+7 |
| | |||||
* | Add --sslcertfile option and FETCHMAIL_NO_DEFAULT_X509_PATHS env var, | Matthias Andree | 2010-04-18 | 1 | -1/+1 |
| | | | | and always load the default X.509 trust stores, unless the latter is set. | ||||
* | Fix MD5Digest prototype and remove unneeded type casts. | Matthias Andree | 2010-04-18 | 1 | -1/+1 |
| | |||||
* | Fix xmalloc type casts in SDPS mode. | Matthias Andree | 2010-04-01 | 1 | -2/+2 |
| | |||||
* | Further type fixes. | Matthias Andree | 2010-03-18 | 1 | -1/+1 |
| | |||||
* | Remove unused assignments/initializations found with llvm-clang. | Matthias Andree | 2010-02-28 | 1 | -4/+4 |
| | |||||
* | Fix format string bugs. | Matthias Andree | 2009-05-04 | 1 | -1/+1 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=5291 | ||||
* | Fix a few compiler warnings around implicit conversion or extra ";". | Matthias Andree | 2009-01-14 | 1 | -1/+1 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=5261 | ||||
* | Merge Daniel Richard G.'s --sslcommonname option. | Matthias Andree | 2008-03-07 | 1 | -5/+12 |
| | | | | | | | | Exception from no-features policy on 6.3.X is made to keep people away from doing more dangerous things in order to get rid of CommonName mismatch warnings. svn path=/branches/BRANCH_6-3/; revision=5165 | ||||
* | Undocumented and untested hack: setting FETCHMAIL_POP3_FORCE_RETR in the | Matthias Andree | 2008-01-11 | 1 | -0/+6 |
| | | | | | | environment forces fetchmail to use RETR instead of TOP for POP3. svn path=/branches/BRANCH_6-3/; revision=5151 | ||||
* | No longer complain about invalid sslproto "" when POP3 CAPA probe fails. | Matthias Andree | 2007-06-10 | 1 | -2/+2 |
| | | | | | | | Fixes Debian Bug#421446 (Holger Leskien), Novell Bug #247233 (Jon Nelson). Thanks to Matthias Strauß for a configuration to reproduce the issue. svn path=/branches/BRANCH_6-3/; revision=5109 | ||||
* | Strengthen APOP a bit (validate RFC-822 syntax) in order to fend off | Matthias Andree | 2007-03-18 | 1 | -0/+14 |
| | | | | | | Leurent-style MITM attacks which are based on MD5 and APOP weaknesses. svn path=/branches/BRANCH_6-3/; revision=5057 | ||||
* | Repoll immediately if a protocol error happens during the authentication | Matthias Andree | 2007-03-02 | 1 | -1/+2 |
| | | | | | | | attempt after a failed opportunistic TLS upgrade. Gentoo Bug #163782 comment #9, reported by Takuto Matsuu. svn path=/branches/BRANCH_6-3/; revision=5044 | ||||
* | Fix 6.3.6 regression: repoll upon socket error after STLS failure. | Matthias Andree | 2007-02-03 | 1 | -11/+12 |
| | | | | | | Berlios Bug #10133, reported by Andrej Kacian. svn path=/branches/BRANCH_6-3/; revision=5022 | ||||
* | Do not send the real password with KPOP. | Matthias Andree | 2007-02-02 | 1 | -5/+15 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=5021 | ||||
* | Add Miloslav Trmac's patch to fix KPOP regression in 6.3.6. | Matthias Andree | 2007-02-02 | 1 | -1/+5 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=5020 | ||||
* | Fix bogus authentication failure with --auth password when CAPA fails. | Matthias Andree | 2006-11-29 | 1 | -9/+13 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=4976 | ||||
* | - mark CAPA as done even if it fails | Matthias Andree | 2006-11-27 | 1 | -24/+46 |
| | | | | | | | | | | | - do not override strong authenticators to PASSWORD if CAPA fails - let TLS code cater for failing CAPA (and break the connection if TLS is mandatory, but CAPA fails) - prevent USER/PASS authentication if other authenticators are configured - trash shroud store after use svn path=/branches/BRANCH_6-3/; revision=4970 | ||||
* | Plug a tiny memory leak when recovering from TLS-related socket errors. | Matthias Andree | 2006-11-27 | 1 | -0/+1 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=4969 | ||||
* | Enshroud RPOP password in local logs. | Matthias Andree | 2006-11-27 | 1 | -1/+5 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=4967 | ||||
* | Be sure that CAPA is probed before TLS. | Matthias Andree | 2006-11-26 | 1 | -1/+15 |
| | | | | | | | Needed to avoid bogus login failures if the upstream offers STLS. Patch by Isaac Wilcox. svn path=/branches/BRANCH_6-3/; revision=4963 | ||||
* | First step towards really fixing TLS vuln, CVE-2006-5867, still incomplete. | Matthias Andree | 2006-11-26 | 1 | -52/+52 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=4962 | ||||
* | Fix TLS issue: fail if sslfingerprint, sslproto tls1 or sslcertck are ↵ | Matthias Andree | 2006-11-12 | 1 | -53/+58 |
| | | | | | | configured and STARTTLS fails. Only by omitting all of these options, fetchmail will try opportunistic TLS. svn path=/branches/BRANCH_6-3/; revision=4929 | ||||
* | Snapshot 6.3.6-rc1. | Matthias Andree | 2006-11-01 | 1 | -3/+11 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=4925 | ||||
* | Add IMAP AUTH=EXTERNAL support. BerliOS Patch #1095. | Matthias Andree | 2006-08-14 | 1 | -2/+2 |
| | | | | | | | Courtesy of Götz 'nimrill' Babin-Ebell. This patch also makes --sslproto arguments case insensitive. svn path=/branches/BRANCH_6-3/; revision=4896 | ||||
* | Log opportunistic TLS upgrades in verbose mode. | Matthias Andree | 2006-08-07 | 1 | -7/+11 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=4881 | ||||
* | POP3: some UID flags may not be set properly on UIDL lists. (Sunil Shetye) | Matthias Andree | 2006-05-24 | 1 | -1/+2 |
| | | | | svn path=/branches/BRANCH_6-3/; revision=4852 |