From b2e8fd732ce5e827b86f659bf7f93c5543c8ad78 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Fri, 10 Aug 2001 19:03:23 +0000
Subject: Ready to ship.

svn path=/trunk/; revision=3452
---
 NEWS      | 11 +++++++----
 rfc822.c  |  6 ++++++
 todo.html |  8 ++++++--
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/NEWS b/NEWS
index a9e4678e..4b202247 100644
--- a/NEWS
+++ b/NEWS
@@ -2,12 +2,15 @@
 
 (The `lines' figures total .c, .h, .l, and .y files under version control.)
 
+* Blush...# characters now go to stdout, same place as the dots.
+* Matthias Andree's patch to correct parsing of spaces in quoted usernames.
+
 fetchmail-5.8.17 (Tue Aug  7 20:05:36 EDT 2001), 21056 lines:
 
-* SECURITY FIX: Fixed a security hole that is exploitable if fetchmail is
-  running as root and the attacker can either subvert the mailserver or
-  redirect to a fake one using DNS spoofing.  Bugtraq announcement to follow
-  soon.  Thanks to Salvatore Sanfilippo <antirez@invece.org>.
+* SECURITY FIX: Fixed a security hole that is exploitable if the attacker can 
+  either subvert the mailserver or redirect to a fake one using DNS spoofing.
+  Bugtraq announcement to follow soon.  Thanks to Salvatore Sanfilippo 
+  <antirez@invece.org>.
 * Eliminated second bounce on failed RCPT TO address.
 * Always use fetchmail host's FQDN to identify the daemon when
   sending bounce messages.
diff --git a/rfc822.c b/rfc822.c
index 031b9973..7e110707 100644
--- a/rfc822.c
+++ b/rfc822.c
@@ -315,6 +315,12 @@ const unsigned char *hdr;	/* header to be parsed, NUL to continue previous hdr *
 		state = INSIDE_BRACKETS;
 		tp = 0;
 	    }
+	    else if (*hp == '"')        /* quoted word, copy verbatim */
+	    {
+	        oldstate = state;
+		state = INSIDE_DQUOTE;
+                address[NEXTTP()] = *hp;
+            }
 	    else if (!isspace(*hp)) 	/* just take it, ignoring whitespace */
 		address[NEXTTP()] = *hp;
 	    break;
diff --git a/todo.html b/todo.html
index 4137d51f..4b8957cd 100644
--- a/todo.html
+++ b/todo.html
@@ -10,7 +10,7 @@
 <table width="100%" cellpadding=0><tr>
 <td width="30%">Back to <a href="/~esr">Eric's Home Page</a>
 <td width="30%" align=center>Up to <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 2001/07/31 05:48:06 $
+<td width="30%" align=right>$Date: 2001/08/10 19:03:23 $
 </table>
 <HR>
 <H1 ALIGN=CENTER>Fetchmail Bugs and To-Do Items</H1>
@@ -58,6 +58,10 @@ lock file."
 can get rid of ENABLE_INET6 everywhere but in SockOpen (this will get
 rid of the kluge in rcfile_y.y).
 
+<p>John Summerfield suggests that specifying a localname containing @
+ought to be treated as an smtpname option, with the domain part
+removed for other purposes such as local-address matching.
+
 <p>The <a
 href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=fetchmail&archive=no">Debian
 bug-tracking page for fetchmail</a> lists other bug reports.
@@ -66,7 +70,7 @@ bug-tracking page for fetchmail</a> lists other bug reports.
 <table width="100%" cellpadding=0><tr>
 <td width="30%">Back to <a href="/~esr">Eric's Home Page</a>
 <td width="30%" align=center>Up to <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 2001/07/31 05:48:06 $
+<td width="30%" align=right>$Date: 2001/08/10 19:03:23 $
 </table>
 
 <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com">&lt;esr@thyrsus.com&gt;</A></ADDRESS>
-- 
cgit v1.2.3