Based on pr pkg/22650 by Adrian Portelli.
Changes since 6.2.3:
* Updated German, Spanish, Catalan, and Turkish translations.
* IDLE is now supported using no-ops even if the server doesn't support
the IMAP IDLE extension.
* Sunil Shetye's patch to do better password shrouding.
* Sunil Shetye's bug-fix rollup patch.
* Introduce a translation item for the word "seen".
* Back out the hack to deal with lack of byte stuffing on some POP3 servers.
* Thomas Steudten's patch to improve SMTP handling of 550 errors.
Changes since 6.2.2:
* German, Danish, Spanish, and Turkish translations updated.
* Brian Sammon's patch to deal with malformed message lines containiing NULs.
* Fai's patch to ignore all but the first Return-Path (some spams have
more than one of these).
* Benjamin Drieu's ptch to properly byte-stuff when talking to BSNTP.
Fixes Debian bug #184469.
* Benjamin Drieu's patch to enable auth=cram-md5.
Fixes Debian bug #185232.
* Sunil Shetye's configure.in patch to avoid spurious search order messages
from GCC.
* Header-reading code now copes better with lines ending in \n only.
* Elias Israel's patches for POP3 NTLM support and dealing with byte-
stuffing failures at socket level.
Changes since last version:
* Sunil Shetye's patch to improve behavior in empty messages.
* Conform to RFC2595; reissue capability probes after successful
STARTTLS negotiation.
* Sunil's patch to make handling of failed STARTTLS more graceful.
* Sunil's JF2 fix patch for .fetchmailrc security fix.
* Christophe GIAUME <christophe@giaume.com> finished the implementation
of RFC2177 IDLE.
* Jason Tishler's fix patch for Cygwin.
* Support ssh-style authentication in POP3
* Fix for Debian bug #108977, clean up config file evaluation,
by Benjamin Drieu.
* Updated German, Turkish, Spanish, and Danish translation files.
* Integrated Sunil Shetye's patch to make mark_seen an explicit method.
* Removed FAQ warning about GMX and associated fetchmailconf check,
we have a report that its servers are conformant now.
* Another Sunil patch to fix a minor bug in bouncemail generation.
Changes since version 6.1.2:
- Applied Steffen Esser's fix for a buffer-overflow bug in rfc822.c
- Updated Danish, German, and Turkish translation files.
- Sunil Sheye's SMTP timeout patch.
- Updated Turkish, Danish, German, Spanish, Catalan po files.
- Added Slovak support.
- Configure.in update for autoconf 2.5 (Art Haas).
- Be case-insensitive when looking for IMAP responses.
- Fix logout-after-idle-delivery bug (Sunil Shetye).
- Sunil Shetye's patch to bulletproof end-of-header detection.
- Sunil's fix for the STARTTLS problem -- repoll if TLS nabdshake
fails. The attenmpt to set up STARTTLS can be suppressed with 'sslproto ""'.
This is needed so fetchmail properly detects shark and cats as arm boxen.
Note it does mean that we now give warnings about missing, but there's no
glue in mk/bsd.pkg.mk to link the gnu-config/missing into a package.
Maybe there should be.
Tested on shark, cats and i386.
changes since 6.1.0:
fetchmail-6.1.2 (Thu Oct 31 11:41:02 EST 2002), 22135 lines:
* Jan Klaverstijn's verbosity-lowering patch.
* Updated Turkish, German, Catalan, and Danish translation files.
* Fix processing of POP3 messages with missing bodies.
* Minor fixes by Sunil Shetye: fix generation of auth fail note, handle
unexpected SIGALRM, plug memory leak, handle lines beginning with '\0',
try to bulletproof error handling against read failures.
fetchmail-6.1.1 (Fri Oct 18 14:53:51 EDT 2002), 22087 lines:
* OTP fix patches from Stanislav Brabec <utx@penguin.cz>
* fix patch for writing antispam capability correctly in conf.c.
* Fix patches for Debian bugs #162571, #156592.
* Correction to manpage re -b and qmail.
* Patch to disable use of STLS if auth passwd is specified.
* Fix specfile generation to handle SSL correctly.
* New Danish, Turkish, and Catalan translation files.
* Improved ODMR debug messages.
* IMAP efficiency hack; don't fetch sizes unless needed.
* Detect and rewrite invalid return paths beginning with @.
* Fix for subtle freeing bug that suppressed information in some bounce msgs.
* Newline fix patches for internationalization files.
* Fix reversed test guarding authentication-failure warnings.
* Fix POP3 breakage starting at 5.9.14.
Because of the recent vulnerability, it is strongly encouraged to update
(http://security.e-matters.de/advisories/032002.html).
Thanx to Alan Post <apost@interwoven.com> for giving me a note.
fetchmail-6.1.0 (Sun Sep 22 18:31:23 EDT 2002), 21999 lines:
* Updated French translation.
* Stefan Esser's fix for potential remote vulnerability in multidrop mode.
This is an important security fix!
fetchmail-6.0.0 (Tue Sep 17 19:48:25 EDT 2002), 21972 lines:
* Applied Matt Kraai's fix for minor Debian bug #144539.
* Nerijus Baliunas's patch to support STARTTLS over IMAP.
* More cleanups and minor bugfixes from Sunil Shetye.
* Default antispam-response list is now empty.
* Updated de and po translations,
fetchmail-5.9.14 (Fri Sep 6 05:03:25 EDT 2002), 21932 lines:
* Sunil Shetye's patch to eliminate multiple bounces.
* Moritz Jodeit <moritz@jodeit.org>'s patch for re-exec with no args.
* Sunil Shetye's patch to solve the re-exec problem with relative files.
* Cygwin portability patch (use ROOT_UID) from Jason Tishler.
* Workaround for the CAPA error problem is documented in the FAQ.
* Updated Polish, Danish, and Catalan translations.
* Sunil Shetye's patch to improve CAPA error handling.
* Sunil Shetye's patch to improve handling of unreadable boxes in POP3.
* Berkeley port fix for Kerberos IV.
which the basesrc USE_KERBEROS variable. Discussed on packages@
This fixes PR#17182 from Takahiro Kambe. The problem was pointed out by
FUKAUMI Naoki on a Japanese NetBSD mailing list.
Changes since 5.9.6:
fetchmail-5.9.11 (Mon Apr 1 17:09:13 EST 2002), 21597 lines:
* Updated Turkish and Japanese translations.
* Added warning about auth failures on the GMX server.
* HMH's Debian 5.9.10 patches:
1. Fix minor typo in FAQ
2. Fix partial implementation of ESMTP auth, and some minor
fetchmailconf stuff
3. Add proper error reporting to bad logfile creation.
patch by Sunil Shetye <shetye@bombay.retortsoft.com>
4. Fix incredible aggravating bug that caused dataloss
risks if 4xx errors were returned by the MTA
5. Corrected version of the fix-timeouts-for-ssl and descriptor
leaking patches from Sylvain Benoist <sylvainb@whitepj.com>
Also fix outdated comments in driver.c
6. Sunil Shetye's patch to stop fetchmail from trying to fetch
twice with IMAP
7. Stop stupid complaint about turning off SSL being illegal
without SSL support.
8. Byrial Jensen <byrial@image.dk> i18n fixes
* Sunil Shetye's attribute patch.
* HMH's revised but untested SMTP authentication patch.
fetchmail-5.9.10 (Sun Mar 10 15:09:57 EST 2002), 21529 lines:
* Security fix: don't trust the message count passed back by the server.
fetchmail-5.9.9 (Sat Mar 9 08:54:28 EST 2002), 21508 lines:
* Renamed misnamed tr.po and da.po files
* Jakub Ulanowski's patch to fix SSL fingerprint handling.
* Matt Kraai's patch for supporting STLS over POP3.
* French translation updated.
* Debian fixes merged.
* Added maildrop (MDA shipped with courier) as fallback after procmail
and sendmail (thanks to Alexander Lazic <al-fetchmail@none.at>).
* ESMTP AUTH support from Wojciech Polak <polak@lodz.pdi.net>.
fetchmail-5.9.8 (Thu Feb 14 23:47:31 EST 2002), 21358 lines:
* Added de translation catalog; updated da and tr catalogs.
* vsprintf underflow fixes by Sunil Shetye.
* Added warning about IMS POP3 server.
* Mattyhias Andree's fix for a longstanding SSL hang bug.
* Fix yacc syntax bug when building with SSL.
* Sunil Shetye's patch for idle timeout during poll.
* Applied HMH's fix for the "message delimiter found in headers" code path
(Debian bug #128672).
fetchmail-5.9.7 (Sat Feb 2 00:33:40 EST 2002), 21330 lines:
* Minor fixes by HMH.
* Properly guard some transaction reporting in the SSL code.
* Updated German (de) po file. Added Turkish (tr) po file.
* Expunge edge case fix by Sunil Shetye.
* Fixes for some odd IMAP and SMTP edge cases by Sunil Shetye.
* UIDL bug fix by Matthias Andree.
* Use smtpaddress, if present, to set the return path on warning mail.
* Tell parser to object when SSL keyboard is used with SSL not compiled.
* GSSAPI and ODMR fixes by Tom Hughes.
supported on NetBSD, fix entries to better match english original
and be more condense, add couple missing spaces here and there.
Change already submitted to Jiri Pavlovsky, the maintainer of the czech
translation of fetchmail.
fetchmail-5.9.6 (Fri Dec 14 04:03:50 EST 2001), 21247 lines:
* OPIE bug fixes by Jun Miyoshi <usako@omnisci.co.jp>.
* Documented known IDLE bug in the todo.html file.
* Sunil Shetye's fix for a timeout/reconnect bug.
* LMTP fix from Toshiro HIKITA <toshi@sodan.org>.
* The duplicate-killer doesn't try to operate if we can get an actual
recipient address from the trace headers.
fetchmail-5.9.5 (Thu Nov 8 14:14:35 EST 2001), 21162 lines:
* Changed the logging logic along lines suggested by Jan Klaverstijn,
* fetchmailconf looks first in the directory it's running from to find
fetchmail.
* Make sure we vet a success status correctly from open_smtp_sink()
and open_bsmtp_sink().
* Matthias Andree's env.c patch to refuse service when QMAILINJECT is defined.
* Immediately abort if a non-empty QMAILINJECT environment variable is
found. If it is set and contains f or i, qmail-inject or qmail's
sendmail `compatibility' wrapper will rewrite From: or Message-ID:
headers, respectively. En passant, fix the bug that program_name was
not filled in before used when the user's ID had no PW entry, leading
to (null) or crash when printing the error message. Patch by Matthias
Andree.
* NextStep and OpenStep port patch from Eric Sunshine.
* Block signals during SockConnect() so we don't get a socket descriptor
leak if we're hit by an alarm signal during connect(2).
* Set queryname even when server is inactive; avoids a core-dump bug in
the fetchids code.
fetchmail-5.9.4 (Wed Oct 3 07:47:45 EDT 2001), 21104 lines:
* Finished license cleanup, all licenses in the distribution are now
officially GPL-compatible.
* Added a length check to from64tobits() after receiving a warning that
it might create buffer overflows. No exploitable overflows were found by
a careful case-by-case audit, and at minimum an exploit would have required
that the mailserver be subverted.
fetchmail-5.9.3 (Sun Sep 30 12:08:52 EDT 2001), 21075 lines:
* Fix configuration error in handling of long options.
* Thomas Moestl's patch to use querynames in UID files.
* Timeout to deal with long socket closes (Sunil Shetye).
* Move from RSA MD5 code to Colin Plumb's public-domain implementation (BSD
classic license eliminated)
* Rewrite strcasecmp() (BSD classic license eliminated).
* getopt_long is back for Solaris and HP-UX systems.
* Updated Danish po file.
* Re-enable explicit bounce message on bad address.
fetchmail-5.9.2 (Wed Sep 26 12:47:00 EDT 2001), 21118 lines:
* Enable code to build on Solaris again (long options won't work).
* Move Hesiod lookups to just before DNS lookups.
* Make sure the SICHLD handler is called when we run detached.
* Make kerberos5 in OpenBSD (Federico Schwindt <fgsch@olimpo.com.br>).
* Added FAQ item X8 on why mail sometimes gets an extra ) appended.
fetchmail-5.9.1 (Mon Sep 24 19:01:57 EDT 2001), 21120 lines:
* Make -D short option for --smtpaddress active again.
* Typo fix for Polish translation.
* Make sure IMAP capability checks are caseblind.
* Make sure suffix checks on akalists are properly caseblinded.
* All warning mail now has a generated date stamp.
* getopt.c and getopt1.c removed due to license incompatibility with OpenSSL.
* End of poll cycle is now logged.
* Sanity check now rejects SSL option if SSL support is not compiled in
(resolves Debian bug #109796).
* HMH's fix for the LMTP localhost/foo problem.
* Mike Warfield's fix for using a combined SSL cert and key in a single file.
* DNS lookups moved to just before the mailserver socket open, so fetchmail
now works OK even if started up without Internet access.
* Switched from _( to GT_( as a gettext macro, in order to avoid a
conflict with the SSL library.
- SECURITY FIX: Fixed a security hole that is exploitable if fetchmail is
running as root and the attacker can either subvert the mailserver or
redirect to a fake one using DNS spoofing. Bugtraq announcement to follow
soon. Thanks to Salvatore Sanfilippo <antirez@invece.org>.
- Eliminated second bounce on failed RCPT TO address.
- Always use fetchmail host's FQDN to identify the daemon when
sending bounce messages.
- Embarrassing bug of the month -- somehow, 'skip' wasn't being interpreted!
- Handle ! in RFC2821 Return-Path addresses properly.
- Better handling of BAD and NO responses to FETCH (thank Justin Guyett).
- Fixed *yet another- build error due to breakage in the i18n code.
- Refuse mail that has no good addresses and can't be sent to postmaster.
- Restore behavior of discarding mail on 550 (Debian bug #105237).
- John Summerfield updated getfetchmail.
- Cleanup patches by HMH.
- Lock-file-name bug reported by Scott Johnson.
- Updated Danish translation by Byrial Jensen.
- Updated French translation by Thierry Vignaud.
- Man page bugs pointed out by Andrew Benham.
- POP3 end of session RSET on keep removed.
- In IMAP, handle BAD and NO responses to FETCH gracefully.
- Parse 'no {syslog|invisible|showdots}' properly.
- Change AC_DEFINE to AC_DEFINE_UNQUOTED appropriately in configure.in
(Debian bug #104484).
- Fixed bug in fetchmailconf plugin/plugout code (Debian bug #105987).
since version 5.8.10:
- Corrected Rob Braun's remote-build change, it broke the build with NLS.
- Found (and killed) a subtle SMTP protocol error that was probably lurking
behind a lot of the bug reports related to bounce mail, thanks to Quoc Luu.
(Only manifested when the MTA rejected mail due to a bad RCPT TO address.)
- Correction for backslash-handling patch in rfc822.c.
- Fix for Debian bug Bug#1038222: fetchmail conf fails to write file
after configuration; move .fetchmailrc to .fetchmailrc.bak before
overwriting.
- Discard Return-Path headers consisting of a single @.
- Make fetchmailconf dump plugin and plugout options properly.
- Rob Braun's changes for building fetchmail outside its source directory
- Don't depend on having snprintf available.
- Bug fix for envskip.
- ODMR finally seems to be working.
- Handle multiple backslashes within RFC822 address strings correctly.
- Don't exit on a failure to DNS-resolve a mailserver name, just
make it inactive. Exit only if all lookups fail.
- Restore code to deal with SMTP error responses at RCPT TO time, but
without issuing an RSET. This is intended to fix obscure bugs that
show up in recent Postfix releases and sendmail configurations that
delay antispam checks on the MAIL FROM line until RCPT TO time.
- Signal-processing fix for Debian bug #102711.
- More ODMR patches from Matt Armstrong.
Changes since version 5.8.8:
- More fixes for the new message-marking code from Thomas Moestl.
- Fixes for ODMR code from Matt Armstrong.
- HMH's snprintf/strncat cleanup patch.
- Fixes for Debian bugs #101792, #101950.
- Updated Danish translation by Byrial Jensen.
- ODMR fixes from Matt Armstrong <matt@lickey.com>.
- The smtphost option has been split. It is no longer overloaded to set
the list of domains to be queried in ETRN and ODMR modes. Instead, use
the `fetchdomains' option.
by Emmanuel Dreyfus.
fetchmail-5.8.8 (Wed Jun 20 17:22:26 EDT 2001), 20782 lines:
* Fix bug that prevented messages from being marked oversized unless -v was on.
* Byrial Jensen made the tracepoll information RFC822-conformant.
* Reorder code to avoid accessing line buffers after they have been freed.
* Steven Krings's patch to deal with over-long header lines.
* Fix for Debian bug #101500.
* Updated Danish translation by Byrial Jensen.
* Chris Maio's patch for POP3 with BSMTP.
* Patch from HMH resolves DEbian bug #101530.
fetchmail-5.8.7 (Sun Jun 17 12:02:17 EDT 2001), 20749 lines:
* Make fetchmailconf work properly again by fixing tracepolls mismatch.
* HMH's fix for Debian bug #98127.
* driver.c refactoring in preparation for streaming mode.
fetchmail-5.8.6 (Tue Jun 12 08:16:54 EDT 2001), 20676 lines:
* Reject candidate headers for the MAIL FROM address that have \n in them.
* Add capability to insert poll trace data in the Received line.
* HMH's patch to prevent buffer overflow due to long headers. Addresses
Debian bug #100394.
* Brendan Kehoe's patch to avoid doing DNS lookups on skip entries.
There are 347 people on fetchmail-friends and 592 on fetchmail-announce.
fetchmail-5.8.5 (Tue May 29 20:01:39 EDT 2001), 20650 lines:
* Interface option fix from Alexander Kourakos.
* Fixes for i18n glitches and new Danish translation from Byrial Jensen.
* Attempted fix for Harry McGavran's problems with the Kerberos V build.
* Added fetchmailnochda.pl to the contrib directory.
* Sunil Shetye's patches for the seen count on IMAP and auto protocol.
There are 337 people on fetchmail-friends and 583 on fetchmail-announce.
fetchmail-5.8.4 (Mon May 21 15:08:03 EDT 2001), 20636 lines:
* SSL certificate options from Thomas Moestl <tmoestl@gmx.net>.
* Frantisek Brabec's patch for better UIDL error recovery.
* Another zombie-leak patch from HMH.
* Jorg de Jong's patch attempts to handle spaces in the ID part of UIDLs.
* Eliminate use of -C in Makefile.
There are 334 people on fetchmail-friends and 583 on fetchmail-announce.
since version 5.8.1:
- The `localhost' special case of `via' is gone. Use `plugin %h' for talking
to ssh instead.
- Prevent POP3 code from authenticating multiple times on success.
- Fixed IMAP password shrouding.
- GCC warning cleanups from ahaas@neosoft.com.
- Plug another hole that was letting zombies through.
- SA_RESTART portability fix for SunOS.
- Ignore Sender and Resent-Sender headers unless they contain @.
- HH's patches fixing Debian bug #90966 and addressing Debian bug #92554.
- GSSAPI portability patch by Peter Fales.
- Updated cs.po by Jiri Pavlovsky.
- Michael Kjorling's patch to add server ID to authentication success/failure
bugmail.
- Kerberos build patch by HH.
- Don't cough and die from failure to resolve a skipped host. Resolves
Debian bug #92530
- Do aka suffix match even if DNS checking is enabled (Johannes Stille's bug).
- SIGCHLD handler now sets SA_RESTART explicitly in order to avoid zombies
from interrupted system calls. Debian bug #95659.
Changes since fetchmail 5.7.2:
fetchmail-5.8.1 (Tue Apr 10 09:32:04 EDT 2001), 20511 lines:
* Nalin Dahyabai's password parse and authentication fixe.
* Vitezslav Samel's patch to Makefile.in to make parallel makes work.
fetchmail-5.8.0 (Mon Apr 2 15:18:33 EDT 2001), 20459 lines:
* Documentation update for gold release.
fetchmail-5.7.7 (Wed Mar 28 20:24:48 EST 2001), 20459 lines:
* More configure fixes -- include missing stub script in the distribution.
fetchmail-5.7.6 (Thu Mar 22 16:22:48 EST 2001), 20456 lines:
* Fix POP2 and POP3 password shrouding.
* Don't remove UIDL scratchlist on query completion (Frantisek Brabec's bug).
* IMAP: don't just quit if GSSAPI or Kerberos IV fail, but try other methods.
* Document the fact the IDLE and multiple folders don't play well together.
Closes Debian bug#89908.
fetchmail-5.7.5 (Sat Mar 17 23:24:41 EST 2001), 20440 lines:
* Nalin Dahyabhai's patch to make IPv6 build on older systems.
* Restrict shrouding to just the password send so it won't leak info.
* Move an #ifdef INET6_ENABLE to deal with libc5 headers.
* Only DNS-probe entries that are active on this run.
* Fix `nospambounce' recognition.
* Updated French translation.
* Yoshihiko SARUMARU's patch to keep kanji out of Received headers.
* Include aclocal.m4 in the tarball (solves some build problems).
* Added HMH's patch to support configuring a specific fallback MUA.
fetchmail-5.7.4 (Mon Mar 12 00:02:23 EST 2001), 20323 lines:
* SECURITY FIX: unsecure tempfile creation bug in fetchmailconf, thanks
to Colin Phipps <cph@cph.demon.co.uk> for pointing this out.
* Configure cleanup from HMH.
* Documentation refresh.
fetchmail-5.7.3 (Sun Mar 11 17:01:56 EST 2001), 20323 lines:
* Incorporate SA_LEN patch from Red Hat.
* HMH's "no spambounce" patch for fetchmailconf.
* John Bartlett's patch to make the driver code more tolerant of flaky POP3
servers (better handling of timeout at session start).
* Make `fetchmail --configdump' work when there's a defaults entry.
* Incorporated HMH's build fixes.
* Added FALLBACK_MDA; fetchmail now looks for procmail or sendmail at
build time and uses it if it can't open port 25 for local delivery.
* Incorporated Red Hat fixes for GSSAPI, configure.in.
* Bailing out on read-only messages breaks fetchmail -c. To avoid this,
use EXAMINE rather than SELECT in that case.
