fetchmail 6.3.14 (released 2010-02-05, 25487 LoC):
# SECURITY FIXES
* SSL/TLS certificate information is now also reported properly on computers
that consider the "char" type signed. Fixes malloc() buffer overrun.
Workaround for older versions: do not use verbose mode.
See fetchmail-SA-2010-01.txt for details, including a minimal patch.
# BUG FIXES
* The IMAP client no longer skips messages from several IMAP servers including
Dovecot if fetchmail's "idle" is in use. Causes were that fetchmail (a)
ignored some untagged responses when it should not (b) relied on EXISTS
messages in response to EXPUNGE, which aren't mandated by RFC-3501 (the IMAP
standard) and aren't sent by Dovecot either.
Fix by Sunil Shetye (the fix also consolidates IMAP response handling,
improving overall robustness of the IMAP client), bug report and testing by
Matt Doran, with further hints from Timo Sirainen.
* The SMTP client now recovers from errors (such as servers dropping the
connection after errors) when sending an RSET command.
Fix by Sunil Shetye. Report by James Moe.
* The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH UNSEEN NOT
DELETED" again on IMAP2, to fix a regression in fetchmail 6.2.5 reported by
Will Stringer in June 2004. (Sunil Shetye)
* The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4 and IMAP4r1
servers (Sunil Shetye).
* Workaround: The IMAP client now falls back to "FETCH n:m FLAGS" if the server
does not support "SEARCH". (Sunil Shetye)
* The IMAP client now requests message numbers in batches of 1,000 to avoid
problems if there are more than 1860 unseen messages. (Sunil Shetye)
Note that this wasn't security relevant because fetchmail would only read up
to the maximum buffer size and leave the remainder of the string unread, going
out of synch afterwards.
* Stricter validation of IMAP responses containing byte or message counts.
# CHANGES
* Only include gssapi.h if we're not including gssapi/gssapi.h, to fix a FreeBSD
compiler warning about gssapi.h being obsolete.
# DOCUMENTATION
* The README.SSL document was revised for grammar, spelling, and clarity.
Courtesy of Robert Mullin.
fetchmail 6.3.13 (released 2009-10-30, 25333 LoC):
# REGRESSION FIXES
* The multiline SMTP error fix in release 6.3.12 caused fetchmail to lose
message codes 400..599 and treat all of these as temporary error. This would
cause messages to be left on the server even if softbounce was turned off.
Reported by Thomas Jarosch.
fetchmail 6.3.12 (released 2009-10-05):
# REGRESSION FIXES
* The CVS-2009-2666 fix in fetchmail release 6.3.11 caused a free() of
unallocated memory on SSL connections, which caused crashes or program aborts
on some systems (depending on how initialization and free() of unallocated
memory is handled in compiler and libc).
Workaround for older versions: run in verbose mode.
Patch courtesy of Thomas Heinz, fixes Gentoo Bug #280760.
This regression affected only the 6.3.11 release, but not the patch that was
part of the security announcement fetchmail-SA-2009-01.
# BUG FIXES
* Fix error reporting for GSSAPI on Heimdal (h5l) Kerberos.
* Look for MD5_Init in libcrypto rather than libssl, fixes Gentoo Kerberos
builds; fixes upstream parts of Gentoo Bugs #231400 and #185652, and fixes
BerliOS Bug #16134.
* Report multiline SMTP errors properly, reported by Earl Chew; fixes Debian Bug
#529899, reported by Akihiro Terasaki.
Note: This fix introduced a regression, fixed in 6.3.13.
* Replace control characters in SMTP replies by '?'.
* Fetchmailconf: Fix descriptions for smtpaddress and smtpname options;
smtpaddress is for RCPT TO, not MAIL FROM. Found by Gerard Seibert.
...as well as translation updates in all three releases.
IMAP (Internet Message Access Protocol) is an Internet standards-track
protocol for accessing messages (mail, bboards, news, etc). The Cyrus
IMAP server differs from other IMAP server implementations in that it
is generally intended to be run on "sealed" servers, where normal users
are not permitted to log in. The mailbox database is stored in parts of
the filesystem that are private to the Cyrus IMAP system. All user
access to mail is through the IMAP, POP3, or KPOP protocols.
Collection.
The Perl 5 module Mail::Alias can read various formats of mail
alias. Once an object has been created it can be used to expand
aliases and output in another format.
Provides a class to deal with the decoding and interpreting of mime messages.
This package used to be part of the Mail_Mime package, but has been split off.
1.6.0
Bugs Fixed:
* Don't break specified headers folding [alec]
* Bug #17025: Wrong headers() result for long unwrapable header value [alec]
Implemented Features:
* Allow setting Content-ID for HTML Images [alec]
* Added one setParam() in place of many set*() functions [alec]
* Added getParam(), getTXTBody(), getHTMLBody() [alec]
* Skip RFC2231's charset if filename contains only ASCII characters [alec]
* Make sure that Received: headers are returned on the top [alec]
* Added saveMessageBody() and getMessageBody() functions [alec]
1.6.0RC2
Fixed Bugs:
* Bug #7561: _encodeQuotedPrintable() with mbstring function overloading
broken in 1.6.0RC1 [alec]
* Fixed quoted-printable encoding of characters with ord(char) < 10 [alec]
1.6.0RC1
Fixed Bugs:
* Bug #13444: Problem in multipart mail with txt, html and images. Reverted
fix for #9725 [alec]
* Bug #14780: Content-Type is not set correctly when calling headers() before
get() [alec]
Implemented Features:
* Feature #10884: Provide easy way to set build params [alec]
* Feature #13962: Multiple header support [alec]
* Use class (private) variables instead of MAIL_MIME_CRLF and
MAIL_MIMEPART_CRLF constants [alec]
* Feature #12411: Support both RFC2047 and RFC2231 for attachments filenames
encoding [alec]
* Optimized memory usage in quoted-printable encoding function [alec]
* Feature #13969: Big attachments support [alec]
* Changed default value of text_encoding to quoted-printable [alec]
1.5.3
Fixed bugs:
* Fix Bug #14678: srand() lowers security [clockwerx]
* Fix Bug #12921: _file2str not binary safe [walter]
* Fix Bug #12385: Bad regex when replacing css style attachments [cipri]
* Fix Bug #16911: Excessive semicolon in MIME header [alec]
* Fix Bug #15320: Attachment charset is not set in Content-Type header [alec]
* Fix Bug #16911: Lack of semicolon separator for MIME header parameters [alec]
* Fix Bug #16846: Use preg_replace_callback() instead of /e modifier [alec]
* Fix Bug #14779: Problem with an empty attachment [alec]
* Fix Bug #15913: Optimize the memory used by Mail_mimePart::encode.
Avoid having attachments data duplicated in memory [alec]
* Fix Bug #16539: Headers longer than 998 characters aren't wrapped [alec]
* Fix Bug #11238: Wrong encoding of structured headers [alec]
* Fix Bug #13641: iconv_mime_encode() seems to work different/errorious than
the build in logic. Removed 'ignore_iconv' param. [alec]
* Fix Bug #16706: Incorrect double-quotes RFC 2231-encoded parameter values
[alec]
* Fix Bug #14232: RFC2231: tspecials encoding in _buildHeaderParam() [alec]
Implemented Features:
* Implement Feature #10438: Function (encodeHeader) for encoding of given
header [alec]
1.5.2
* Fix Bug #11381: domain name is attached to content-id, trailing greater-than
sign is not remove [cipri]
1.5.1
* Fix Bug #11344: Error at line 644 in mime.php [cipri]
1.5.0
Split off Mail_MimeDecode
1.5.0RC2
Fixed accidental characters included in mime.php
QA release
* Move SVN to proper directory structure [cweiske]
* Fix Bug #8775: Error in package.xml
* Fix Bug #14671: Security issue due to seeding random number generator
[cweiske]
Release 2.67 adds the following features since 2.65 (there was no public
2.66 release):
* The ability for mimedefang-multiplexor to use poll rather than select.
This removes the FD_SETSIZE limit on the number of file descriptors
the multiplexor can handle.
* Support for FPROTD version 6 daemonized virus scanner.
2.65
There is only one change since 2.64: An error in the way the embedded
perl interpreter was initialized has been fixed. This fixes problems
on the Debian HPPA architecture and possibly others.
2.64
This is a minor bugfix release;
* Add support for NOD32 command-line scanner
* Add support for Sophos "savscan" scanner
2010-01-30 Jeffrey Stedfast <fejj@novell.com>
* README: Bumped version
* configure.in: Bumped version to 2.2.25
* configure.in: Disabled strict-aliasing to work around subtle
bugs generated by gcc 4.4 when optimizations are enabled.
version 3.23: Fri Jan 29 00:39:27 EST 2010
- new beta idle_data() method to retrieve untagged messages during idle
similar to method suggested by Daniel Richard G
- added/updated documentation for idle, idle_data, and done
- rt.cpan.org#53998: fix NTLM auth: call ntlm with challenge string
[Dragoslav Mlakar]
- report the return value from select/_read_more on errors
- logout() again returns the success/failure of the LOGOUT command
- set/return error when $response->() returns undef in authenticate()
- new internal method _load_module() centralizing some 'require' calls
- localize use $@ in several places to avoid stomping on global val
- refactor code calling _read_more() to centralize error handling
version 3.22: Thu Jan 21 15:25:54 EST 2010
- rt.cpan.org#52313: Getting read errors if Fast_io is set to 1
[Jukka Huhta]
- updated Maxttemperrors docs related to EAGAIN handling
- new starttls() method and Starttls attribute to support STARTTLS
- update parse_headers to try harder to find UID in fetch response
version 3.21: Tue Sep 22 19:45:13 EDT 2009
- rt.cpan.org#49691: rewrite of fetch_hash to resolve several issues
[Robert Norris]
includes new tests via t/fetch_hash.t
- rt.cpan.org#48980: (enhancement) add support for XLIST extension
[Robert Norris]
- rt.cpan.org#49024: NIL personal name returned by *_addresses methods
[Dmitry Bigunyak]
- rt.cpan.org#49401: IMAPClient expunge fails (unless folder arg used)
[Gary Baluha]
- update/clarify close and expunge documentation a little
version 3.20: Fri Aug 21 17:40:40 EDT 2009
- added file/tests in t/simple.t
- added methods Rfc3501_date/Rfc3501_datetime
used by deprecated methods Rfc2060_date/Rfc2060_datetime
rt.cpan.org#48510: Rfc3501_date/Rfc3501_datetime methods do
not exist [sedmonds]
- login() hack to quote an empty password
rt.cpan.org#48107: Cannot LOGIN with empty password [skunk]
* gmime/gmime-encodings.h (GMIME_UUENCODE_LEN): Fixed to prevent
possible buffer overflows.
* configure.in: Bumped version to 2.4.14 and disabled
strict-aliasing which causes bugs in GMime.
* gmime/gmime-filter-crlf.c (filter_filter): Fixed bug #606875 by
not trying to skip multiple characters per pass thru the loop when
encountering the first '.' of a possible '..' sequence.
* configure.in: Bumped version to 2.4.12
* gmime/gmime-utils.c (g_mime_utils_decode_8bit): Make sure to
always increment inptr as we force-convert it to ascii. Thanks to
Damian Pietras for finding this bug.
* gmime-2.4.pc.in: Moved -lz -lnsl, etc into Libs.private. Fixes
bug #603273.
file cannot run without EXIM_USER being present on the system, so
scripts/exim_install was changed to derive the Exim version from the
pkgsrc package version (see PKGSRC_EXIM_VERSION in the Makefile and patch-ae).
Added LICENSE information.
Ok'd by abs@
Changelog for Dovecot 1.2.10:
+ %variables now support %{host}, %{pid} and %{env:ENVIRONMENT_NAME}
everywhere.
+ LIST-STATUS capability is now advertised
- maildir: Fixed several assert-crashes.
- imap: LIST "" inbox shouldn't crash when using namespace with
"INBOX." prefix.
- lazy_expunge now ignores non-private namespaces.
Changelog for Sieve 0.1.15:
* Enotify extension:
- Adjusted notify method API for addition of new notification
methods.
- Set default importance level to 'normal' (was 'high').
* Include extension: updated implementation towards most recent
specification (all should be backwards compatible):
- Implemented global variables namespace.
- Global command may now appear anywhere in a script.
- Implemented script name checking using the requirements specified
in the ManageSieve draft.
- One issue remains: ManageSieve currently requires included scripts
to be uploaded first, which is not according to specification.
* Changed envelope path parser to allow to and from envelope addresses
that have no domain part.
+ Added preliminary support for Sieve plugins and added support for
installing Sieve development headers.
+ Started work on the implementation of the spamtest, spamtestplus and
virustest extensions (unfinished).
+ Deprecated notify extension: implemented denotify command.
+ Variables extension: added support for variable namespaces.
+ Added configurable script size limit. Compiler will refuse to
compile files larger than sieve_max_script_size.
+ Testsuite changes:
- Added support for changing and testing an extension's
configuration.
- Added a command line parameter for copying errors to stderr.
- Fixed a bug in the i;ascii-numeric comparator. If one of the
strings started with a non-digit character, the comparator would
always yield less-than.
- Imap4flags extension: fixed bug in removeflag: removing a single
flag failed due to off-by-one error (bug report by Julian Cowley).
- Improved EACCES error messages for stat() and lstat() syscalls and
slightly improved error messages that may uccur when saving a
binary.
- Vacation extension: fixed typo in runtime log message (patch by
Julian Cowley).
- Fixed use of minus '-' in man pages; it is now properly escaped.
- Fixed parser recovery. In particular cases it would trigger spurious
errors after an initial valid error and sometimes additional errors
were inappropriately ignored.
Changelog for ManageSieve 0.11.11:
* This release contains adjustments to match changes in the Sieve API.
This means that this release will only compile against Pigeonhole
Sieve v0.1.15.
+ Implemented ManageSieve QUOTA enforcement.
+ Added MAXREDIRECTS capability after login.
+ Implemented new script name rules specified in most recent
ManageSieve draft.
- Fixed assertion failure occuring with challenge-response SASL
mechanisms.
- Made configure complain about trying to compile against installed
Dovecot headers alone.
- Fixed compile warning for compilation against CMUSieve.
version 2.05: Fri Dec 18 22:39:21 CET 2009
Fixes:
- no de-ref error when index out of range in Mail::Header::get()
[Bob Rogers]
- repaired fixed selection of smtp for non-unix systems.
Improvements:
- do not run pod.t in devel environment.
- set default output filename for Mail::Mailer::testfile::PRINT
[Kaare Rasmussen[
- warn when no mailers were found.
rt.cpan.org#52901 [Christoph Zimmermann]
