Fetchmail - приложение, организующее доставку почты на машину клиента по любому из протоколов POP2, POP3, RPOP, APOP, KPOP, всем типам IMAP, ETRN и ODMR, поддерживая IPv6 и IPSEC. Обнаруживая новые почтовые сообщения на удалённом почтовом сервере, Fetchmail переправляет их по SMTP, после чего ими могут воспользоваться любые обычные клиенты вроде mutt, elm или BSD Mail... Впрочем, слово специалистам - о Fetchmail Вы можете почитать на русском подробно, например, у ярославцев. Home_http://catb.org/~esr/fetchmail/ Downloads (~1,2 Mb)_http://catb.org/~esr/...l-6.2.5.tar.gz
scorpio, 16.12.2007 - 3:10
Fetchmail 6.3.8
Changes:
# SECURITY STRENGTHENING: * Make the APOP challenge parser more distrustful and have it reject challenges that do not conform to RFC-822 msg-id format, in the hope to make mounting man-in-the-middle attacks (MITM) against APOP a bit more difficult. (CVE-2007-1558, reported by Gaлtan Leurent, published 2007-04-02 on Bugtraq)
APOP is claimed insecure by Gaлtan Leurent for MITM scenarios for typical setups: based on MD5 collisions, it is purportedly possible to recover the first three characters of the shared secret (password), which would then make recovery of the shared secret a matter of hours or minutes; this would then enable the attacker to impersonate the client vis-а-vis the server.
For further details, check * Gaлtan Leurent, "Message Freedom in MD4 and MD5 Collisions: Application to APOP", Fast Software Encryption 2007, Luxembourg. (Proceedings to appear in Springer's Lecture Notes on Computer Science.) * The mailing list discussion thread at
BUG FIXES:
* Fix pluralization of oversized-message warning mails. * Fix manual page: --sslcheck -> --sslcertck, and do not set trailing "recommended:" in bold. Fixes Debian Bug #413059, reported by Rafal Czlonka. * Repoll immediately if a protocol error happens during the authentication attempt after a failed opportunistic TLS upgrade. Fixes comment #9 in Gentoo Bug #163782, reported by Takuto Matsuu. * Fix rendering of the "24 - 26, 28, 29" paragraph in the exit codes section. Reported by Nico Golde. * If SOCKS support was compiled in, add 'socks' to the feature_options Python list emitted in --configdump. Reported by Rob MacGregor. * Do not crash with a null pointer dereference when opening the BSMTP file fails. Improve error checking and reporting. Reported by Reto Schьttel, Debian Bug#416625. Fix based on a patch by Nico Golde. * Make BSMTP output actually work, it would persistently fail with SOCKET error after writing the first header. Bug independently found and reported in excellent detail by Reto Schьttel, Debian Bug#416812.
fetchmail 6.3.9 (2008-11-16): (Changes, unless otherwise noted, made by Matthias Andree.)
# ADVANCE WARNING OF FEATURES TO BE REMOVED OR CHANGED IN FUTURE VERSIONS (There are no plans to remove these features from a 6.3.X release, but they may be removed from a 6.4.0 or newer release.) * The MX and host alias DNS lookups that fetchmail performs in multidrop mode are based on assumptions that are rarely met in practice, somewhat defective, deprecated and may be removed from a future fetchmail version. They have never supported IPv6 (including IPv6-mapped IPv4). Non-DNS based alias keywords such as "aka" will remain in fetchmail. * The monitor and interface options may be removed from a future fetchmail version as they are not reasonably portable. * POP2 is obsolete, support will be removed from a future fetchmail version. * RPOP is obsolete, support will be removed from a future fetchmail release. * --sslcertck will become a default setting in a future fetchmail version. * The multidrop To/Cc guessing code along with the fragile duplicate suppressor is deprecated and may be removed from a future release. * The "envelope Received" option may be removed from a future release, because the Received header was never meant to be machine-readable, the format varies widely, and various other differences in behavior make parsing Received an unreliable undertaking. The envelope option as such will remain though, in order to support Delivered-To, X-Envelope-To, X-Original-To and similar. See also . * The --enable-fallback (fall back to MDA if MTA unavailable) will be removed from a future fetchmail release, because it makes fetchmail's behavior inconsistent and confusing. * The "protocol auto" default inside fetchmail may be removed from a future fetchmail release. Explicit configuration of the protocol is recommended. * Kerberos IV support may be removed from a future fetchmail release. * SIGHUP wakeup support may be removed from a future fetchmail release and cause fetchmail to terminate - it was broken for many years. * Support for operating systems that are not sufficiently POSIX compliant may be removed or operation on such systems may be suboptimal for future releases.
# SECURITY AND CRITICAL BUG FIXES: * CVE-2007-4565: Denial of service: When fetchmail tries to inject a warning message it created itself, and the message is refused by the SMTP listener, fetchmail dereferences a NULL pointer and crashes. Report & fix by Earl Chew. Note while this is theoretically a remote denial of service attack vector, fetchmail by default talks SMTP to the localhost, so the overall risk is rather low. This bug was apparently introduced on 1998-11-27 when the bouncemail facility was modularized. The bug then made its appearance in fetchmail release 4.6.8. See also fetchmail-SA-2007-02.txt. * CVE-2008-2711: Denial of service: When fetchmail logs data blobs (for instance, a To: header in -v -v verbose mode) in excess of 2048 bytes, it will crash, because it hands an uninitialized argument pointer (not the format string though) to vsnprintf and reads a random memory location (it calls va_arg() too often without resetting it with va_start()). Based on a patch (BerliOS patch #2492) by Petr Uzel, fixes Novell Bug #354291. Note 6.3.9-rc1 did not completely fix this issue, so it was redrawn a few hours after its release. See also fetchmail-SA-2008-01.txt. * When expunging, mark the right messages as seen to avoid message loss in "keep flush" configurations. Workaround for previous versions: "expunge 0". Report and patch by Alexander Cherepanov - thanks a lot, Berlios Bug #11797, "imap_mark_seen doesn't consider expunged messages". * SSL fix: close memory leak when SSL connection fails; fetchmail used to forget calling SSL_free() on the SSL context, leaking in excess of 500 kB RAM on a x86_64 system per failed SSL connection attempt. Bug reported and patch provided by Seiichi Ikarashi, Fujitsu.
# BUG FIXES: * The configure script will additionally check for 'dn_skipname', to fix build failures with µClibc. The new check still recognizes the resolver libraries on Ubuntu 7.04, openSUSE 10.2, Solaris 8, NetBSD 4.0_BETA2 and FreeBSD 6.2. Fixes Gentoo bug #134187. NOTE: this is a bit of a hack, since we twist the HAVE_RES_SEARCH result, but res_search() and dn_skipname() are only used together and scheduled for removal in future versions, so this is probably fine. * No longer complain about invalid sslproto "" when POP3 CAPA probe fails. Fixes Debian Bug#421446 (Holger Leskien), Novell Bug #247233 (Jon Nelson). Thanks to Matthias StrauЯ for a configuration to reproduce the issue. * Allow .fetchmailrc and .fetchids to be symlinks, as the manpage does not document they aren't allowed - fixes Debian Bug #452907 (Roger Leigh). TOCTOU race persists. * fetchmailconf quotes mailbox (folder) names when writing the configuration. Fixes BerliOS Bug #13207 (reported + fix suggested by Terry Brown). * Only print "Deleting fetchids file" if there actually is one. Fixes Debian Bug#374514, reported by Dan Jacobson. * SSL fix: check and report if SSL_set_fd fails.
# CHANGES: * autoconf 2.60 is now required to build fetchmail; it uses AC_USE_SYSTEM_EXTENSIONS to replace AC_AIX, AC_MINIX, and the like. * Removed dead FETCHMAIL_DEBUG code from fetchmail.h that was disabled by default with no switches in configure to enable it. However, the macro would have been prone to a symlink attack. Found by Nico Golde. * Removed dead FORCE_STUFFING code from socket.c that was disabled by default with no switches in configure to enable it. * Include the typedef for int16 in the #ifndef _AIX in smbencrypt.c (Peter O'Gorman) * Correct check for u_int32_t in configure.ac (seems to be typedef'ed in namser.h on some platforms.) (Peter O'Gorman) * In configure.ac change all CPFLAGS to CPPFLAGS, CEFLAGS to CFLAGS and LDEFLAGS to LDFLAGS otherwise the results of some tests (additional -L and -I flags) do not get used for later tests causing incorrect configure results. Makefile.am was also changed to reflect this. (Peter O'Gorman) * m4/gethostbyname_r.m4 does AC_TRY_COMPILE, which unfortunately can pass even if there is no gethostbyname_r. Changed to AC_TRY_LINK. (Peter O'Gorman) * Revise getnameinfo check to ensure NULL is defined and the result is properly evaluated, to avoid bogus results on for instance FreeBSD and redefinitions of NI_* at compile time. (Matthias Andree). * __attribute__ ((unused)) is a gccism, removed from libesmtp/gethostbyname.c. (Peter O'Gorman) * In KAME/getnameinfo.c it's best to use the correct argument to inet_ntoa. (Peter O'Gorman) * In verbose mode, log if --check mode is enabled. * Add sslcommonname option (rcfile and commandline) as a way to work around misconfigured upstream SSL servers that use the wrong certificate name. It specifies which CommonName fetchmail expects and logs. (Daniel Richard G.) * Changed CRLF to LF line endings in contrib/delete-later (reporter: Petr Uzel) * SSL change: enable all workarounds with SSL_CTX_set_options(ctx,SSL_OP_ALL) * All translations have been re-enabled, in an attempt to rekindle translator or user interest.
# DOCUMENTATION: * Add fetchmail-SA-2007-02.txt and fetchmail-SA-2008-01.txt. * Re-add two lines to the manual page that had accidentally become comments to nroff. One was part of the --sslproto documentation, and one in the "Awakening the background daemon" section. * The manual page no longer asserts that .fetchids were for exclusive POP3 use, since it is planned to use the file with IMAP4 later. * Add grammar fixes from Dan Jacobson to fetchmail.man. Debian Bug #461642. * The manual page now mentions that user descriptions need to come before user options. Reported by Francensco Pontortм, to fix Debian Bug #467010. * The manual page no longer hints that multi-user declarations per server were only useful in daemon mode running as root, to avoid hinting people to doing that. * Several manual page rcfile examples now include "ssl". * The manual page hints that option arguments beginning with numbers can be enclosed in quotes. * The manual page now mentions that the --logfile must already exist before fetchmail is run. * The FAQ now recommends (#I9) not to use Google Mail for their disregard to the protocols they claim to support. * Documentation and program output now /consistently/ claim that the rcfile must not have more than 0700 (u=rwx,g=,o=) permissions, but fetchmail will still silently accept additional g=x permissions for compatibility with previous 6.2.X and 6.3.X versions. Inconsistency (program 0710, manpage 0600) reported by Petr Uzel. * The --logfile documentation is now clearer about requiring detached daemon mode.
# TRANSLATION UPDATES AND ADDITIONS (ordered by language name): * [sq] Albanian (Besnik Bleta) * [zh_CN] Chinese, simplified (Ji Zheng-Yu) * [cs] Czech (Petr Pisar) * [da] Danish (Byrial Ole Jensen) - outdated, but newer than in 6.3.8 * [nl] Dutch (Tony Vroon, Benno Schulenberg) * [en_GB] English, British * [fi] Finnish (Lauri Nurmi) * [de] German * [id] Indonesian (Andhika Padmawan) * [ja] Japanese (Takeshi Hamasaki) * [pl] Polish (Jakub Bogusz) * [ru] Russian (Pavel Maryanov) * [es] Spanish (Javier Fernбndez-Sanguino Peсa, Matthias Andree) * [tr] Turkish (Engin Gьndьz) - outdated, but newer than in 6.3.8 * [vi] Vietnamese (Clytie Siddall)
Changes: # INCOMPATIBLE BUGFIXES AND CHANGES * Fetchmail no longer drops permanently undelivered messages by default, to match historic documentation. It does this by adding a new "softbounce" option, see below. Fixes Debian Bug#471283, demotes Debian Bug#494418 to wishlist. * There is a new "softbounce" global option that prevents the deletion of messages that have not been forwarded. It defaults to "true" for fetchmail 6.3.X in order to match historic documentation. This may change its default in the next major release.
# BUGFIXES * Fix misuse of canonical autoconf target as _TARGET when it should have been _HOST. Report and patch courtesy of Diego E. "Flameeyes" Pettenò. Details: http://blog.flameeyes...nonical-target * Do not lose PS_MAXFETCH (13) exit status when hitting maxpoll. Reported by Michelle Konzack, Debian Bug#508667. * Do not overlap source and destination fields in snprintf() in interface.c. Courtesy of Nico Golde, Debian. * When a pre- or post-connect command fails, now report the exit status or termination signal properly through sys/wait.h macros. * When acquiring a body, understand NIL ("no such data item"), as returned by some MS Exchange versions. Fixes BerliOS Bug #11980 by KB Sriram. * Make progress tickers (-v/--showdots) consistent, and update documentation accordingly ("." for each 1024 octets read, "#" for a header written, and "*" for each body line written.) The conditions under which these had been printed were inconsistent, illogical, and documentation hadn't matched real behaviour for long. * For NTLM authentication, use dynamically allocated buffers. Fixes Debian Bug#449179, reported by Stepan Golosunov. * Non-delivery notice ("bounce mail") now mentions the original reason again, before the address list. This fixes a regression introduced in 6.3.0. * Several compiler warnings were fixed. * The minimum recommended SMTP (RFC-5321) timeouts are enforced to leave sufficient time for the listener to respond. Some synchronous listeners, particularly when used with spam filtering and other policy enforcement services, take extended amounts of time to process messages after the sender, recipient, or data block and EOM line. This can cause fetchmail to not wait long enough for the "250 Ok" and make fetchmail believe the message wasn't properly delivered when in fact it was; fetchmail would then retry the download next time and never make progress. Fixes Berlios Bug #10972, reported by Viktor Binzberger. * The ESMTP/LMTP client will now apply an application-specific timeout while waiting for the EHLO/LHLO response, rather than wait for the server or TCP connection timeout. * Treat 530 errors as temporary, so as not to delete messages on configuration errors. Partially taken from Petr Cerny's patch in Novell Bugzilla #246829. The 501 part of said patch was not added, as the maintainer is not convinced 501 is a temporary condition, and softbounce takes care of this anyways.
# CHANGES * Make the comparison of the SSL fingerprints case insensitive, to ease its use. Suggested by Daniel Richard G. * Proper precedence ordering for the syslog and logfile options. If the logfile option is effective (i. e. we're not in daemon mode and nodetach isn't used), reset the syslog option. If logfile is ineffective (we're not in daemon mode, or nodetach is set), syslog takes precedence. * The sleeping at/awakened at messages appear in logfiles and syslog only if verbose mode is enabled. On the console, they will still appear without verbose mode. Fixes Debian Bug#282259. * fetchmail only requests IPv6 addresses via name service if at least one is configured on the local host, likewise for IPv4. (AI_ADDRCONFIG flag to getaddrinfo()) Extended version of Redhat's patch. * UNSUPPORTED/EXPERIMENTAL: If the server name contains "yahoo.com", offers the "ID" capability, and we're polling via IMAP, send an ID ("guid" "1") transaction first, ignoring its result. This appears needed to be able to log into Yahoo's Zimbra servers, but there are open issues (such as being only able to download one message and server certificate mismatches).
# CHANGES TO CONTRIB * Fix bashism in contrib/fetchsetup. Fixes Debian Bug#530081.
# DOCUMENTATION * Some parts of the the manual page were revised for clarity, accuracy, and updated recommendations (particularly SSL/TLS) and formatting conventions from man-pages(7). * The README and README.SSL documents were updated. * A document, README.SSL-SERVER, was added to describe server-side requirements for proper SSL and/or TLS service offerings. These are not specific to fetchmail. * Documentation on how to make "NOMAIL" (exit code 1) not treated an error has been added to the EXIT CODES section of the manpage and to the FAQ as item C8. The suggested solution uses a tiny POSIX shell script fragment. Fixes Debian Bug #530749, filed by Reuben Thomas.
# TRANSLATION UPDATES AND ADDITIONS (ordered by language name): * [cs] Czech (Petr Pisar) * [en_GB] English/British * [de] German * [id] Indonesian (Andhika Padmawan) * [it] Italian (Vincenzo Campanella) * [ja] Japanese (Takeshi Hamasaki) * [pl] Polish (Jakub Bogusz) * [ru] Russian (Pavel Maryanov), fixing Debian Bug #531925 * [es] Spanish/Castilian (Francisco Molinero) * [zh_CN] Chinese/Simplified (Ji ZhengYu)
# REGRESSION FIXES * The CVS-2009-2666 fix in fetchmail release 6.3.11 caused a free() of unallocated memory on SSL connections, which caused crashes or program aborts on some systems (depending on how initialization and free() of unallocated memory is handled in compiler and libc). Workaround for older versions: run in verbose mode. Patch courtesy of Thomas Heinz, fixes Gentoo Bug #280760. This regression affected only the 6.3.11 release, but not the patch that was part of the security announcement fetchmail-SA-2009-01.
# BUG FIXES * Fix error reporting for GSSAPI on Heimdal (h5l) Kerberos. * Look for MD5_Init in libcrypto rather than libssl, fixes Gentoo Kerberos builds; fixes upstream parts of Gentoo Bugs #231400 and #185652, and fixes BerliOS Bug #16134. * Report multiline SMTP errors properly, reported by Earl Chew; fixes Debian Bug #569899, reported by Akihiro Terasaki. * Replace control characters in SMTP replies by '?'. * Fetchmailconf: Fix descriptions for smtpaddress and smtpname options; smtpaddress is for RCPT TO, not MAIL FROM. Found by Gerard Seibert.
# REGRESSION FIXES * The multiline SMTP error fix in release 6.3.12 caused fetchmail to lose message codes 400..599 and treat all of these as temporary error. This would cause messages to be left on the server even if softbounce was turned off. Reported by Thomas Jarosch.
# TRANSLATION UPDATES * [cs] Czech, by Petr Pisar * [zh_CN] Chinese (simplified), by Ji ZhengYu * [nl] Dutch, by Erwin Poeze * [id] Indonesian, by Andhika Padmawan * [ja] Japanese, by Takeshi Hamasaki * [pl] Polish, by Jakub Bogusz * [es] Spanish (Castilian), by Franciso Molinero * [vi] Vietnamese, by Clytie Siddall Downloads (~1,6 Mb)_http://download.berli...6.3.13.tar.bz2
# SECURITY FIXES * SSL/TLS certificate information is now also reported properly on computers that consider the "char" type signed. Fixes malloc() buffer overrun. Workaround for older versions: do not use verbose mode. See fetchmail-SA-2010-01.txt for details, including a minimal patch.
# BUG FIXES * The IMAP client no longer skips messages from several IMAP servers including Dovecot if fetchmail's "idle" is in use. Causes were that fetchmail (a) ignored some untagged responses when it should not ( relied on EXISTS messages in response to EXPUNGE, which aren't mandated by RFC-3501 (the IMAP standard) and aren't sent by Dovecot either. Fix by Sunil Shetye (the fix also consolidates IMAP response handling, improving overall robustness of the IMAP client), bug report and testing by Matt Doran, with further hints from Timo Sirainen. * The SMTP client now recovers from errors (such as servers dropping the connection after errors) when sending an RSET command. Fix by Sunil Shetye. Report by James Moe. * The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH UNSEEN NOT DELETED" again on IMAP2, to fix a regression in fetchmail 6.2.5 reported by Will Stringer in June 2004. (Sunil Shetye) * The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4 and IMAP4r1 servers (Sunil Shetye). * Workaround: The IMAP client now falls back to "FETCH n:m FLAGS" if the server does not support "SEARCH". (Sunil Shetye) * The IMAP client now requests message numbers in batches of 1,000 to avoid problems if there are more than 1860 unseen messages. (Sunil Shetye) Note that this wasn't security relevant because fetchmail would only read up to the maximum buffer size and leave the remainder of the string unread, going out of synch afterwards. * Stricter validation of IMAP responses containing byte or message counts.
# CHANGES * Only include gssapi.h if we're not including gssapi/gssapi.h, to fix a FreeBSD compiler warning about gssapi.h being obsolete.
# DOCUMENTATION * The README.SSL document was revised for grammar, spelling, and clarity. Courtesy of Robert Mullin.
# ADVANCE WARNING OF FEATURES TO BE REMOVED OR CHANGED IN FUTURE VERSIONS (There are no plans to remove features from a 6.3.X release, but they may be removed from a 6.4.0 or newer release.) * The MX and host alias DNS lookups that fetchmail performs in multidrop mode are based on assumptions that are rarely met in practice, somewhat defective, deprecated and may be removed from a future fetchmail version. They have never supported IPv6 (including IPv6-mapped IPv4). Non-DNS based alias keywords such as "aka" will remain in fetchmail. * The monitor and interface options may be removed from a future fetchmail version as they are not reasonably portable across operating systems. * POP2 is obsolete, support will be removed from a future fetchmail version. * IMAP2 and IMAP4 (not IMAP4r1) are obsolete, support may be removed from a future fetchmail version. * RPOP is obsolete, support will be removed from a future fetchmail release. * --sslcertck will become a default setting in a future fetchmail version. * The multidrop To/Cc guessing code along with the fragile duplicate suppressor is deprecated and may be removed from a future release. * The "envelope Received" option may be removed from a future release, because the Received header was never meant to be machine-readable, the format varies widely, and various other differences in behavior make parsing Received an unreliable undertaking. The envelope option as such will remain though, in order to support Delivered-To, X-Envelope-To, X-Original-To and similar. See also <http://home.pages.de/.../multidrop>. * The --enable-fallback (fall back to MDA if MTA unavailable) will be removed from a future fetchmail release, because it makes fetchmail's behavior inconsistent and confusing. * The "protocol auto" default inside fetchmail may be removed from a future fetchmail release. Explicit configuration of the protocol is recommended. * Kerberos IV support may be removed from a future fetchmail release. * SIGHUP wakeup support may be removed from a future fetchmail release and cause fetchmail to terminate - it was broken for many years. * Support for operating systems that are not sufficiently POSIX compliant may be removed or operation on such systems may be suboptimal for future releases. This means that fetchmail may only continue to work on C99 and POSIX 2001 based systems. * The maintainer may migrate fetchmail to C++ with STL or C#, and impose further requirements (dependencies), such as Boost or other class libraries. * The softbounce option default will change to "false" in the next release. * The --bsmtp - mode of operation may be removed in a future release. Downloads (~1,55 Mb)_http://download.berli...6.3.15.tar.bz2
ЭЖД, 7.04.2010 - 17:47
fetchmail 6.3.16
Changes:
# BUG FIX * Fix --interface option, broken in 6.3.15. Reported by Vladmimir Stavrinov. Fixes Debian Bug #576717.
# CHANGE * Call OpenSSL_add_all_algorithms(). This is needed to support non-mandatory algorithms in certificates. Sjoerd Simons, to fix Debian Bug #576430. OpenSSL 0.9.8* does not load - for instance - the SHA256 digest by default. Reported as OpenSSL RT#2224. Downloads (~1,55 Mb)_http://download.berli...6.3.16.tar.bz2
ЭЖД, 6.05.2010 - 17:27
fetchmail 6.3.17
# SECURITY FIX * CVE-2010-1167: Fetchmail before release 6.3.17 did not properly sanitize external input (mail headers and UID). When a multi-character locale (such as UTF-8) was in use, this could cause memory exhaustion and thus a denial of service, because fetchmail's report.c functions assumed that non-success of [v]snprintf was due to insufficient buffer size allocation. It would then repeatedly reallocate a larger buffer and fail formatting again. See fetchmail-SA-2010-02.txt.
# FEATURES * Fetchmail now supports a --sslcertfile option to specify a "CA bundle" file (a file that contains trusted CA certificates). Since these bundled CA files do not require c_rehash to be run, they are easier to use and immune to OpenSSL library updates that affect the hash function. * Fetchmail now supports a FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS environment variable to force loading the default SSL CA certificate locations even if --sslcertfile or --sslcertpath is used. If neither option is in effect, fetchmail loads the default locations.
# REGRESSION FIX * Fix string handling in rcfile scanner, which caused fetchmail to misparse a run control file in certain circumstances. Fixes BerliOS bug #14257. Patch by Michael Banack. This fixes a regression introduced before 6.3.0.
# BUG FIXES * Plug memory leak when using a "defaults" entry in the run control file. * Do not print SSL certificate mismatches unless verbose or --sslcertck is enabled. * Do not lose "set invisible" in fetchmailconf. (Michael Barnack)
# CHANGES * Usability: SSL certificate chains are fully printed in -v -v mode, and there are now helpful pointers to --sslcertpath and c_rehash for "unable to get local issuer certificate" and self-signed certificates -- these usually hint to missing root signing CAs in the certs directory. * Several fixes for compiler (GCC, Intel C++, CLang) and autotools warnings * Memory allocation failures will now cause abnormal program abort (SIGABRT), no longer an exit with unspecified code.
# DOCUMENTATION * Fix table of global option to read "set softbounce" where there used to be a 2nd copy of "set spambounce". Patch by Michael Banack, BerliOS Bug #17067. * In the --sslcertpath description, mention that OpenSSL upgrade (and a 0.9.X to 1.0.0 upgrade in particular) may require running c_rehash.
# TRANSLATION UPDATES [zh_CN] Chinese/simplified (Ji Zheng-Yu) [cs] Czech (Petr Pisar) [nl] Dutch (Erwin Poeze) [fr] French (Frédéric Marchal) [de] German [id] Indonesian (Andhika Padmawan) [it] Italian (Vincenzo Campanella) [ja] Japanese (Takeshi Hamasaki) [pl] Polish (Jakub Bogusz) [sk] Slovak (Marcel Telka) [vi] Vietnamese (Clytie Siddall)
# KNOWN BUGS AND WORKAROUNDS: (this section floats upwards through the NEWS file so it stays with the current release information - however, it was stuck with 6.3.8 for a while) * fetchmail does not handle messages without Message-ID header well (See sourceforge.net bug #780933) * BSMTP is mostly untested and errors can cause corrupt output. * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit fetchmail. Note that fetchmail doesn't take advantage of 64-bit code, so compiling 32-bit SPARC code should not cause any difficulties. * fetchmail does not track pending deletes over crashes * the command line interface is sometimes a bit stubborn, for instance, fetchmail -s doesn't work with a daemon running Downloads (~1,56 Mb)_http://download.berli...6.3.17.tar.bz2
ЭЖД, 12.10.2010 - 17:39
fetchmail 6.3.18
Changes:
# SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE * Fetchmail now only accepts wildcard certificate common names and subject alternative names if they start with "*.". Previous versions would accept wildcards even if no period followed immediately. * Fetchmail now disallows wildcards in certificates to match domain literals (such as 10.9.8.7), or wildcards in domain literals ("*.168.23.23"). The test is overly picky and triggers if the pattern (after skipping the initial wildcard "*") or domain consists solely of digits and dots, and thus matches more than needed. * Fetchmail now disallows wildcarding top-level domains.
# CRITICAL BUG FIXES AND REGRESSION FIXES * Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to obtain MD5* functions, as an effect of an undocumented Solaris MD5 fix. This caused all MD5-related functions to malfunction if, for instance, libmd5.so was installed on other operating systems as part of libwww on machines where long isn't 32-bits, i. e. usually on 64-bit computers. Fixes Gentoo Bug #319283, reported, including libwww hint, by Karl Hakimian. Side effect: fetchmail will now use -lmd on Solaris rather than -lmd5. * Fetchmail 6.3.17 warned about insecure SSL/TLS connections even if a matching --sslfingerprint was specified. This is an omission from an SSL usability change made in 6.3.17. Fixes Debian Bug#580796 reported by Roland Stigge. * Fetchmail will now apply timeouts to the authentication stage. This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3. Reported missing by Thomas Jarosch. * Fetchmail now cancels GSSAPI authentication properly when encountering GSS errors, such as no or unsuitable credentials. It now sends an asterisk on a line by its own, as required in SASL. This fixes protocol synchronization issues that cause Authentication failures, often observed with kerberized MS Exchange servers. Fixes Debian Bug #568455 reported by Patrick Rynhart, and Alan Murrell, to the fetchmail-users list. Fix verified by Thomas Voigtmann.
# BUG FIXES * Fetchmail will no longer print connection attempts and errors for one host in "silent" and "normal" logging modes, unless all connections fail. This should reduce irritation around refused-connection logging if services are only on an IPv4 socket if the host also supports IPv6. Often observed as connections refused to ::1/25 when the subsequent connection to 127.0.0.1/25 then - silently - succeeds. Fetchmail, unless in verbose mode, will collect all connect errors and only report them if all of them fail. * Fetchmail will not try GSSAPI authentication automatically, unless it has GSS credentials. However, if GSSAPI authentication is requested explicitly, fetchmail will always try it. * Fetchmail now parses response to "FETCH n:m RFC822.SIZE" and "FETCH n RFC822.HEADER" in a more flexible manner. (Sunil Shetye) * The manual page clearly states that --principal is for Kerberos 4 only, not for Kerberos 5 or GSSAPI. Found by Thomas Voigtmann.
# CHANGES * When encountering incorrect headers, fetchmail will refer to the bad-header option in the manpage. Fixes BerliOS Bug #17272, change suggested by Bjцrn Voigt. * Fetchmail now decodes and reports GSSAPI status codes upon errors. * Fetchmail now autoprobes NTLM also for POP3. * The Fetchmail FAQ has a new item #R15 on authentication failures.
# INTERNAL CHANGES * The common NTLM authentication code was factored out from pop3.c and imap.c.
# TRANSLATION UPDATES [zh_CN] Chinese/simplified (Ji Zheng-Yu) [cs] Czech (Petr Pisar) [nl] Dutch (Erwin Poeze) [fr] French (Frйdйric Marchal) [de] German [it] Italian (Vincenzo Campanella) [ja] Japanese (Takeshi Hamasaki) [pl] Polish (Jakub Bogusz) [sk] Slovak (Marcel Telka)
# KNOWN BUGS AND WORKAROUNDS: (this section floats upwards through the NEWS file so it stays with the current release information - however, it was stuck with 6.3.8 for a while) * fetchmail does not handle messages without Message-ID header well (See sourceforge.net bug #780933) * BSMTP is mostly untested and errors can cause corrupt output. * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit fetchmail. Note that fetchmail doesn't take advantage of 64-bit code, so compiling 32-bit SPARC code should not cause any difficulties. * fetchmail does not track pending deletes over crashes. * the command line interface is sometimes a bit stubborn, for instance, fetchmail -s doesn't work with a daemon running. * Linux systems may return duplicates of an IP address in some circumstances if no or no global IPv6 addresses are configured. (No workaround. Ubuntu Bug#582585, Novell Bug#606980.) * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error messages. This will not be fixed, because the maintainer has no Kerberos 5 server to test against. Use GSSAPI. Downloads (~1,6 Mb)_http://download.berli...6.3.18.tar.bz2
ЭЖД, 11.12.2010 - 14:05
fetchmail 6.3.19
# ERRATUM NOTICE ISSUED * fetchmail 6.3.18 contains several bug fixes that were considered sufficiently grave to warrant the issue of an erratum notice, fetchmail-EN-2010-03.txt.
# BUG FIXES * When specifying multiple local multidrop lists, do not lose wildcard flag. (Affects "user foo is bar baz * is joe here") * In multidrop configurations, an asterisk can now appear anywhere in the list of local users, not just at the end. * In multidrop mode, header parsing is now more verbose in -vv mode, so that it becomes possible to see which header is used. * Make --antispam work from command line (these used to work in rcfiles). Reported by Kees Bakker, BerliOS Bug #17599. (Sunil Shetye) * Smoke test XHTML 1.1 validation, and if it fails, skip validating HTML documents. Skip validating Mailbox-Names-UTF7.html. Several systems have broken XHTML 1.1 DTD installations that jeopardize the build. Reported by Mihail Nechkin against FreeBSD port. Workaround for 6.3.18: build in a separate directory, i. e: mkdir build && cd build && ../configure --options-go-here * Send a NOOP only after a failed STARTTLS in IMAP. (Sunil Shetye) * Demote GSSAPI verbose/debug syslog to INFO severity. Requested by Carlos E. R. and Derek Simkowiak via the fetchmail-users@ mailing list. * Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory even if the server capabilities do not show support for upgradation to TLS. To use this, configure --sslproto tls1. (Sunil Shetye) * IMAP: Understand empty strings as FETCH response, seen on Yahoo. Reported by Yasin Malli to fetchmail-users@ 2010-12-10. Note that fetchmail continues to expect literals as FETCH response for now.
# DOCUMENTATION * The manual page now links to IANA for GSSAPI service names.
# TRANSLATION UPDATES [cs] Czech (Petr Pisar) [fr] French (Frйdйric Marchal) [de] German [it] Italian (Vincenzo Campanella) [pl] Polish (Jakub Bogusz)
# KNOWN BUGS AND WORKAROUNDS (this section floats upwards through the NEWS file so it stays with the current release information - however, it was stuck with 6.3.8 for a while) * fetchmail does not handle messages without Message-ID header well (See sourceforge.net bug #780933) * BSMTP is mostly untested and errors can cause corrupt output. * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit fetchmail. Note that fetchmail doesn't take advantage of 64-bit code, so compiling 32-bit SPARC code should not cause any difficulties. * fetchmail does not track pending deletes over crashes. * the command line interface is sometimes a bit stubborn, for instance, fetchmail -s doesn't work with a daemon running. * Linux systems may return duplicates of an IP address in some circumstances if no or no global IPv6 addresses are configured. (No workaround. Ubuntu Bug#582585, Novell Bug#606980.) * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error messages. This will not be fixed, because the maintainer has no Kerberos 5 server to test against. Use GSSAPI. Downloads (~1,62 Mb)_http://download.berli...6.3.19.tar.bz2