./mail/fetchmail, Batch mail retrieval/forwarding utility for pop2, pop3, apop, imap

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 6.3.22nb2, Package name: fetchmail-6.3.22nb2, Maintainer: pkgsrc-users

Fetchmail is a full-featured IMAP/POP2/POP3/APOP/KPOP client with easy
configuration, daemon mode, forwarding via SMTP or local MDA, superior
reply handling. Not a mail user agent, rather a pipe-fitting that
seamlessly forwards fetched mail to your local delivery system. Your
one-stop solution for intermittent email connections. This is the
lineal descendant of and replacement for the old popclient program.



Package options: ssl

Master sites:

SHA1: f9411a16d4055669e5cfd89bf38acba6a5cce041
RMD160: b1b4ae20e7fc6d307cf97c697d5e27daddc6bc72
Filesize: 1683.699 KB

Version history: (Expand)

CVS history: (Expand)


   2014-02-13 00:19:49 by Matthias Scheler | Files touched by this commit (1) 
Log message:
Remove work-around for OpenSSL 0.9.9 snapshot distributed with NetBSD 5.*.
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568) 
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2013-02-07 00:24:19 by Jonathan Perkin | Files touched by this commit (1351) | Package updated
Log message:
PKGREVISION bumps for the security/openssl 1.0.1d update.
   2012-11-05 00:06:23 by Matthias Scheler | Files touched by this commit (1) 
Log message:
Force use of "openssl" package from pkgsrc under NetBSD 5.* and older
to fix the build. As the "fetchmail" package doesn't provide any
shared libraries this shouldn't cause problems caused by mixing two
versions of OpenSSL.
   2012-11-04 19:41:47 by Daniel Horecki | Files touched by this commit (2) 
Log message:
Correct typo. Noted by Bug Hunting.
   2012-11-03 23:50:23 by Daniel Horecki | Files touched by this commit (6) | Package updated
Log message:
Update fetchmail and fetchmailconf to version 6.3.22.

# SECURITY FIXES
* for CVE-2012-3482:
  NTLM: fetchmail mistook an error message that the server sent in response to
  an NTLM request for protocol exchange, tried to decode it, and crashed while
  reading from a bad memory location.
  Also, with a carefully crafted NTLM challenge packet sent from the server, it
  would be possible that fetchmail conveyed confidential data not meant for the
  server through the NTLM response packet.
  Fix: Detect base64 decoding errors, validate the NTLM challenge, and abort
  NTLM authentication in case of error.
  See fetchmail-SA-2012-02.txt for further details.
  Reported by J. Porter Clark.
* for CVE-2011-3389:
  SSL/TLS (wrapped and STARTTLS): fetchmail used to disable a countermeasure
  against a certain kind of attack against cipher block chaining initialization
  vectors (SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS).
  Whether this creates an exploitable situation, depends on the server and the
  negotiated ciphers.
  As a precaution, fetchmail 6.3.22 enables the countermeasure, by clearing
  SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.
  NOTE that this can cause connections to certain non-conforming servers to
  fail, in which case you can set the environment variable
  FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE to any non-empty value when starting
  fetchmail to re-instate the compatibility option at the expense of security.
  Reported by Apple Product Security.
  For technical details, refer to <http://www.openssl.org/~bodo/tls-cbc.txt>.
  See fetchmail-SA-2012-01.txt for further details.

# BUG FIX
* The Server certificate: message in verbose mode now appears on stdout like the
  remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807.
* The GSSAPI-related autoconf code now matches gssapi.c better, and uses
  a different check to look for GSS_C_NT_HOSTBASED_SERVICE.
  This fixes the GSSAPI-enabled build on NetBSD 6 Beta.

# CHANGES
* On systems where SSLv2_client_method isn't defined in OpenSSL (such as
  newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't
  reference it (to fix the build) and if configured, print a run-time error
  that the OS does not support SSLv2. Fixes Debian Bug #622054,
  but note that that bug report has a more thorough patch that does away with
  SSLv2 altogether.
* The security and errata notices fetchmail-{EN,SA}-20??-??.txt are now
  under the more relaxed CC BY-ND 3.0 license (the noncommercial clause
  was dropped). The Creative Commons address was updated.
* The Python-related Makefile.am parts were simplified to avoid an automake
  1.11.X bug around noinst_PYTHON, Automake Bug #10995.
* Configuring fetchmail without SSL now triggers a configure warning,
  and asks the user to consider running configure --with-ssl.

# WORKAROUNDS
* Some servers, notably Zimbra, return A1234 987 FETCH () in response to
  a header request, in the face of message corruption.  fetchmail now treats
  these as temporary errors. Report and Patch by Mikulas Patocka, Red Hat.
* Some servers, notably Microsoft Exchange, return "A0009 OK FETCH \ 
completed."
  without any header in response to a header request for meeting reminder
  messages (with a "meeting.ics" attachment). fetchmail now treats these as
  transient errors.  Report by John Connett, Patch by Sunil Shetye.

# TRANSLATION UPDATES
* [cs]    Czech, by Petr Pisar
* [de]    German
* [fr]    French, by Frédéric Marchal
* [ja]    Japanese, by Takeshi Hamasaki
* [pl]    Polish, by Jakub Bogusz
* [sv]    Swedish, by Göran Uddeborg --- NEW TRANSLATION - Thank you!
* [vi]    Vietnamese, by Trần Ngọc Quân
   2012-10-08 14:19:35 by Aleksej Saushev | Files touched by this commit (307) 
Log message:
Drop PKG_DESTDIR_SUPPORT setting, "user-destdir" is default these days.
   2012-08-21 17:49:54 by Tim Zingelman | Files touched by this commit (3) 
Log message:
Fix CVE-2012-3482
patch from \ 
http://gitorious.org/fetchmail/fetchmai … ba8b/diffs