./mail/fetchmail, Batch mail retrieval/forwarding utility for pop2, pop3, apop, imap

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 6.4.27, Package name: fetchmail-6.4.27, Maintainer: pkgsrc-users

Fetchmail is a full-featured IMAP/POP2/POP3/APOP/KPOP client with easy
configuration, daemon mode, forwarding via SMTP or local MDA, superior
reply handling. Not a mail user agent, rather a pipe-fitting that
seamlessly forwards fetched mail to your local delivery system. Your
one-stop solution for intermittent email connections. This is the
lineal descendant of and replacement for the old popclient program.

Required to run:

Required to build:

Package options: ssl

Master sites:

Filesize: 1295.574 KB

Version history: (Expand)

CVS history: (Expand)

   2022-01-31 15:12:59 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (5) | Package updated
Log message:
fetchmail: Update to 6.4.27

upstream changes:
fetchmail-6.4.27 (released 2022-01-26, 31661 LoC):

* Bump wolfSSL minimum required version to 5.1.1 to pull in security fix.

# TRANSLATIONS: language translations were updated by this fine person:
* ro:    Remus-Gabriel Chelu [Romanian]
   2022-01-24 12:56:59 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (2) | Package updated
Log message:
fetchmail: Update to 6.4.26

upstream changes:
fetchmail-6.4.26 (released 2021-12-26, 31661 LoC):

* When using wolfSSL 5.0.0, work around a bug that appears to hit wolfSSL when
  receiving handshake records while still in SSL_peek(). Workaround is to read
  1 byte and cache it, then call SSL_peek() again.
  This affects only some servers. https://github.com/wolfSSL/wolfssl/issues/4593

# TRANSLATIONS: language translations were updated by this fine person:
* sr:    Мирослав Николић (Miroslav Nikolić) [Serbian]
   2021-12-26 16:28:10 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (2) | Package updated
Log message:
fetchmail: Update to 6.1.25

upstream changes:
fetchmail-6.4.25 (released 2021-12-10, 31653 LoC):

* Since distributions continue patching for LibreSSL use, which cannot be
  linked legally, block out LibreSSL in configure.ac and socket.c, and
  refer to COPYING, unless on OpenBSD (which ships it in the base system).
  OpenSSL and wolfSSL 5 can be used.  SSL-related documentation was updated, do
* Bump OpenSSL version requirement to 1.0.2f in order to safely remove
  the obsolete OpenSSL flag SSL_OP_SINGLE_DH_USE. This blocks out 1.0.2e and
  older 1.0.2 versions. 1.0.2f was a security fix release, and 1.0.2u is
  publicly available from https://www.openssl.org/source/old/1.0.2/
* Some of the configure.ac fiddling MIGHT have broken cross-compilation
  again. The maintainer does not test cross-compiling fetchmail; if you
  have difficulties, try setting PKG_CONFIG_LIBDIR to the pkg-config path
  containing your target/host libraries, or see if --with-ssl-prefix or
  --with-wolfssl-prefix, or overriding LDFLAGS/LIBS/CPPFLAGS, can help.
  Feedback solicited on compliant systems that are before end-of-life.

* 6.4.24's workaround for OpenSSL 1.0.2's X509_V_FLAG_TRUSTED_FIRST flag
  contained a typo and would not kick in properly.
* Library and/or rpath setting from configure.ac was fixed.

* Added an example systemd unit file and instructions to contrib/systemd/
  which runs fetchmail as a daemon with 5-minute poll intervals.
  Courteously contributed by Barak A. Pearlmutter, Debian Bug#981464.
* fetchmail can now be used with wolfSSL 5's OpenSSL compatibility layer,
  see INSTALL and README.SSL. This is considered experimental.
  Feedback solicited.

* The getstats.py dist-tool now counts lines of .ac and .am files.
* ./configure --with-ssl now supports pkg-config module names, too. See INSTALL.

# TRANSLATIONS: language translations were updated by these fine people:
(in reverse alphabetical order of language codes so as not to prefer people):
* sv:    Göran Uddeborg [Swedish]
* sq:    Besnik Bleta [Albanian]
* pl:    Jakub Bogusz [Polish]
* ja:    Takeshi Hamasaki [Japanese]
* fr:    Frédéric Marchal [French]
* eo:    Keith Bowes [Esperanto]
* cs:    Petr Pisar [Czech]

* Thanks to Corey Halpin for testing release candidates.

fetchmail-6.4.24 (released 2021-11-20, 30218 LoC):

> see fetchmail-6.4.22 below, and the file COPYING.

  Note that distribution of packages linked with LibreSSL is not feasible
  due to a missing GPLv2 clause 2(b) exception.

* Bison 3.8 dropped yytoknum altogether, breaking compilation due to a
  warning workaround. Remove the cast of yytoknum to void.  This may cause
  a compiler warning to reappear with older Bison versions.
* OpenSSL 1.0.2: Workaround for systems that keep the expired DST Root CA X3
  certificate in its trust store because OpenSSL by default prefers the
  untrusted certificate and fails.  Fetchmail now sets the
  X509_V_FLAG_TRUSTED_FIRST flag (on OpenSSL 1.0.2 only).
  This is workaround #2 from the OpenSSL Blog.  For details, see both:

  NOTE: OpenSSL 1.0.2 is end of life, it is assumed that the OpenSSL library
  is kept up to date by a distributor or via OpenSSL support contract.
  Where this is not the case, please upgrade to a supported OpenSSL version.

* The manual page was revised after re-checking with mandoc -Tlint, aspell,
  igor. Some more revisions were made for clarity.

# TRANSLATIONS: language translations were updated by these fine people:
* sv:    Göran Uddeborg [Swedish]
* pl:    Jakub Bogusz [Polish]
* fr:    Frédéric Marchal [French]
* cs:    Petr Pisar [Czech]
* eo:    Keith Bowes [Esperanto]
* ja:    Takeshi Hamasaki [Japanese]

fetchmail-6.4.23 (released 2021-10-31, 30206 LoC):

* For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin
  - no matter its contents - and that set auth ssh), change the STARTTLS
  error message to suggest sslproto '' instead.
  This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22.
  Fixes Redhat Bugzilla 2008160. Fixes GitLab #39.

# TRANSLATIONS: language translations were updated by these fine people:
* ja:    Takeshi Hamasaki [Japanese]
* sr:	 Мирослав Николић (Miroslav Nikolić) [Serbian]

fetchmail-6.4.22 (released 2021-09-13, 30201 LoC):

* fetchmail 6.4.22 is compatible with OpenSSL 1.1.1 and 3.0.0.
  OpenSSL's licensing changed between these releases from dual OpenSSL/SSLeay
  license to Apache License v2.0, which is considered incompatible with GPL v2
  by the FSF.  For implications and details, see the file COPYING.

* CVE-2021-39272: fetchmail-SA-2021-02: On IMAP connections, without --ssl and
  with nonempty --sslproto, meaning that fetchmail is to enforce TLS, and when
  the server or an attacker sends a PREAUTH greeting, fetchmail used to continue
  an unencrypted connection.  Now, log the error and abort the connection.
  --Recommendation for servers that support SSL/TLS-wrapped or \ 
"implicit" mode on
  a dedicated port (default 993): use --ssl, or the ssl user option in an rcfile.
  --Reported by: Andrew C. Aitchison, based on the USENIX Security 21 paper "Why
  TLS is better without STARTTLS - A Security Analysis of STARTTLS in the Email
  Context" by Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian
  Schinzel.  The paper did not mention fetchmail.

* On IMAP and POP3 connections, --auth ssh no longer prevents STARTTLS
* On IMAP connections, fetchmail does not permit overriding a server-side
  LOGINDISABLED with --auth password any more.
* On POP3 connections, the possibility for RPA authentication (by probing with
  an AUTH command without arguments) no longer prevents STARTTLS negotiation.
* For POP3 connections, only attempt RPA if the authentication type is \ 

* On IMAP connections, when AUTHENTICATE EXTERNAL fails and we have received the
  tagged (= final) response, do not send "*".
* On IMAP connections, AUTHENTICATE EXTERNAL without username will properly send
  a "=" for protocol compliance.
* On IMAP connections, AUTHENTICATE EXTERNAL will now check if the server
  advertised SASL-IR (RFC-4959) support and otherwise refuse (fetchmail <= 6.4
  has not supported and does not support the separate challenge/response with
  command continuation)
* On IMAP connections, when --auth external is requested but not advertised by
  the server, log a proper error message.
* Fetchmail no longer crashes when attempting a connection with --plugin \ 
"" or
  --plugout "".
* Fetchmail no longer leaks memory when processing the arguments of --plugin or
  --plugout on connections.
* On POP3 connections, the CAPAbilities parser is now caseblind.
* Fix segfault on configurations with "defaults ... no envelope". \ 
Reported by
  Bjørn Mork. Fixes Debian Bug#992400.  This is a regression in fetchmail 6.4.3
  and happened when plugging memory leaks, which did not account for that the
  envelope parameter is special when set as "no envelope". The \ 
segfault happens
  in a constant strlen(-1), triggered by trusted local input => no vulnerability.
* Fix program abort (SIGABRT) with "internal error" when invalid \ 
sslproto is
  given with OpenSSL 1.1.0 API compatible SSL implementations.

* IMAP: When fetchmail is in not-authenticated state and the server volunteers
  CAPABILITY information, use it and do not re-probe. (After STARTTLS, fetchmail
  must and will re-probe explicitly.)
* For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option
  do not match, emit a warning and continue. Closes Gitlab #31.
  (cherry-picked from 6.5 beta branch "legacy_6x")
* fetchmail.man and README.SSL were updated in line with RFC-8314/8996/8997
  recommendations to prefer Implicit TLS (--ssl/ssl) and TLS v1.2 or newer,
  placing --sslproto tls1.2+ more prominently.
  The defaults shall not change between 6.4.X releases for compatibility.

# TRANSLATIONS: language translations were updated by these fine people:
* sq:    Besnik Bleta [Albanian]
* cs:    Petr Pisar [Czech]
* eo:    Keith Bowes [Esperanto]
* fr:    Frédéric Marchal [French]
* pl:    Jakub Bogusz [Polish]
* sv:    Göran Uddeborg [Swedish]

* Thanks for testing the release candidates and bug reports to:
  Corey Halpin, Stefan Eßer.CVS: \ 
   2021-11-10 20:24:53 by Pierre Pronchery | Files touched by this commit (2)
Log message:
fetchmail: let the RC script work unprivileged

This takes advantage of the introduction of the SYSCONFBASE variable.
Tested on NetBSD/amd64.

   2021-10-26 12:54:34 by Nia Alarie | Files touched by this commit (356)
Log message:
mail: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles were unfetchable (possibly fetched

./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
   2021-10-21 09:46:39 by Thomas Klausner | Files touched by this commit (77)
Log message:
*: recursive bump for heimdal 7.7.0

its buildlink3.mk now includes openssl's buildlink3.mk
   2021-10-07 16:25:52 by Nia Alarie | Files touched by this commit (357)
Log message:
mail: Remove SHA1 hashes for distfiles
   2021-05-25 13:59:47 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (2) | Package updated
Log message:
fetchmail: Update to 6.4.19

upstream changes:
fetchmail-6.4.19 (released 2021-04-24, 30026 LoC):

* fetchmailconf: properly catch and report option parsing errors

* LMTP: do not try to validate the last component of a UNIX-domain LMTP socket
  as though it were a TCP port.  Reported by Christoph Heitkamp, Gitlab issue #33.

  This fine person has contributed an updated translation:
* sr:    Мирослав Николић (Miroslav Nikolić) [Serbian]

fetchmail-6.4.18 (released 2021-03-27, 30011 LoC):

* fetchmailconf: fetchmail 6.4.16 added --sslcertfile to the configuration dump,
  but fetchmailconf support was incomplete in Git 7349f124 and it could not
  parse sslcertfile, thus the user settings editor came up empty with console
  errors printed.  Fix configuration parser in fetchmailconf.

* fetchmailconf: do not require fetchmail for -V. do not require Tk (Tkinter)
  for -d option. This is to fail more gracefully on incomplete installs.
* TLS code: remove OPENSSL_NO_DEPRECATED macros to avoid portability issues
  with OpenSSL v3 - these are for development purposes, not production.
* TLS futureproofing: use SSL_use_PrivateKey_file instead of
  SSL_use_RSAPrivateKey_file, the latter will be deprecated with OpenSSL v3,
  and the user's key file might be something else than RSA.

  This fine person has contributed an updated translation:
* fi:    Lauri Nurmi [Finnish]

fetchmail-6.4.17 (released 2021-03-07, 29998 LoC):

* IMAP client: it used to leak memory for username and password when trying
  the LOGIN (password-based) authentication and encountered a timeout situation.
* dist-tools/getstats.py: also counts lines in *.py files, shown above.

* fetchmail.man: now mentions that you may need to add --ssl when specifying
  a TLS-wrapped port.
* fetchmailconf: --version (-V) now prints the Python version in use.

  This fine person has contributed an updated translation:
* ja:    Takeshi Hamasaki [Japanese]

fetchmail-6.4.16 (released 2021-02-08, 27707 LoC):

* fetchmail's --configdump, and fetchmailconf, lacked support for the
  sslcertfile option. --configdump support added by Earl Chew,
  Gitlab issue #25, merge request !28.
* fetchmail's manual page was never updated to reflect 6.2.5's change about the
  duplicate-killer code for multidrop mode, which read
  "* Dup-killer code now keys on an MD5 hash of the raw headers."
  ...instead of just the Message-ID. [commit 9dd8400, 2003-10-10 by esr]
  The manual page was now updated accordingly and documents
  historic behaviour:
  start to 5.0.7 no duplicate suppression;
  5.0.8 to 6.2.4 duplicate suppression only by Message-ID;
  6.2.5 to 6.4.X duplicate suppression by entire raw header.
  Manpage bug found by Julian Bane debugging "duplicate message" behaviour.
* ./configure no longer runs AC_LIB_LINKFLAGS (how to link) checks
  when called --without-ssl

* fetchmail --version [fetchmail -V] now queries and prints the SSL/TLS
  library's "SSL default trusted certificate" file or directory (mind \ 
the word
  "default"), where the OpenSSL-compatible TLS implementation will look for
  trusted root, meaning certification authority (CA), certificates.
  NOTE 1: watch the output carefully if the line prints the defaults
  or the configured path (without "default").
  NOTE 2: SSL_CERT_DIR and SSL_CERT_FILE are documented environment variables
  for OpenSSL 1.1.1 to override the *default* locations (those compiled into
  OpenSSL or possibly in its configuration file).
  This was added when Gene Heskett was debugging his setup and the
  information "where does OpenSSL look" was missing.
* fetchmail --version now prints version of the OpenSSL library that
  it was compiled against, and that it is using at runtime, and also
  the OPENSSL_DIR and OPENSSL_ENGINES_DIR (if available).

  These fine people have contributed updated translations for fetchmail,
  in no particular order:
* sq:    Besnik Bleta [Albanian]
* eo:    Keith Bowes [Esperanto]
* cs:    Petr Pisar [Czech]
* pl:    Jakub Bogusz [Polish]
* sv:    Göran Uddeborg [Swedish]
* fr:    Frédéric Marchal [French]