Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

fetchmailconf-6.4.38-lp160.1.1 RPM for ppc64le

From OpenSuSE Leap 16.0 for ppc64le

Name: fetchmailconf Distribution: openSUSE Leap 16.0
Version: 6.4.38 Vendor: openSUSE
Release: lp160.1.1 Build date: Thu Apr 4 11:01:54 2024
Group: Unspecified Build host: reproducible
Size: 211412 Source RPM: fetchmail-6.4.38-lp160.1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.fetchmail.info/
Summary: Fetchmail Configuration Utility
A GUI configuration utility for generating fetchmail configuration
files (.fetchmailrc).

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Thu Apr 04 2024 Dirk Müller <[email protected]>
  - update to 6.4.38:
    * Tighten OpenSSL and wolfSSL version requirements again. See
      README.SSL.
    * Distributors providing older versions that they backport
      security fixes for may want to patch socket.c but remember
      to redirect support to your distribution's support channels.
      The fetchmail maintainer only supports functionally
      unmodified builds with publicly available SSL/TLS library
      versions.
    * fetchmail will refuse to build against OpenSSL 1.0.2 older
      than 1.0.2u, or wolfSSL older than 5.6.2. It will warn about
      OpenSSL older than 3.0.9, or between 3.1.0 and 3.1.4,
      or wolfSSL older than 5.6.6.
* Wed Jan 17 2024 Steve Kowalik <[email protected]>
  - Add patch fetchmailconf-no-more-future.patch:
    * Drop requirement for python-future from fetchmailconf.
* Wed Mar 01 2023 David Anes <[email protected]>
  - Update to 6.4.37:
    * TRANSLATIONS: language translations were updated:
    - sr [Serbian]
* Tue Feb 07 2023 David Anes <[email protected]>
  - Update to 6.4.36:
    * TRANSLATIONS: language translations were updated:
    - cs, es, fr, ja, pl, ro, sq, sv
* Sat Jan 21 2023 Dirk Müller <[email protected]>
  - disable opie support
* Thu Jan 05 2023 David Anes <[email protected]>
  - Update to 6.4.35:
    * BREAKING CHANGES:
    - Fetchmail now warns about OpenSSL before 1.1.1s or 3.0.7,
      and rejects wolfSSL older than 5.5.0.
    * Updated Swedish and Esperanto translations.
* Fri Oct 21 2022 David Anes <[email protected]>
  - Remove stale requires to python-rpm-macros.
* Mon Oct 17 2022 David Anes <[email protected]>
  - Update to 6.4.34:
    * Bugfixes:
    - When an SMTP receiver refuses delivery, a message would be
      deleted from the mail store in spite of a softbounce option
      that is enabled.
    * Translations:
    - Updated Serbian translation
* Thu Sep 01 2022 Matej Cepl <[email protected]>
  - Update to 6.4.33:
    - Turns out the snapd version of HTMLDOC 1.9.16 is broken, so I
      have added a wrapper script that uses the flatpak version of
      HTMLDOC, for the benefit of rebuilding on distros that do not
      ship HTMLDOC natively.
  - Remove upstreamed 44-uncorrupt_runfetchmail.patch
* Wed Aug 31 2022 Stefan Schubert <[email protected]>
  - Migration to /usr/etc: Saving user changed configuration files
    in /etc and restoring them while an RPM update.
* Sat Jul 30 2022 Matej Cepl <[email protected]>
  - Update to 6.4.32:
    * Use configure to find rst2html, some systems install it only
      with .py suffix, others only without, and some install both.
    * Update README.maintainer
    * Translations updated.
  - Reapplied patches
  - Add 44-uncorrupt_runfetchmail.patch to clean up some contrib/
    scripts (gl#fetchmail/fetchmail#44).
* Mon Jul 18 2022 David Anes <[email protected]>
  - update to 6.4.31
    * Bugfixes:
    - Try to fix ./configure --with-ssl=... for systems that have
      multiple OpenSSL versions installed.  Issues reported by
      Dennis Putnam.
    - The netrc parser now reports its errors to syslog or logfile
      when appropriate, previously it would always log to stderr.
    - Add error checking to .netrc parser.
    * Changes:
    - manpage: use .UR/.UE macros instead of .URL for URIs.
    - manpage: fix contractions. Found with FreeBSD's igor tool.
    - manpage: HTML now built with pandoc -> python-docutils
      (manServer.pl was dropped)
* Tue Jun 21 2022 Stefan Schubert <[email protected]>
  - Moved logrotate files from user specific directory /etc/logrotate.d
    to vendor specific directory /usr/etc/logrotate.d.
* Thu Apr 28 2022 David Anes <[email protected]>
  - update to 6.4.30:
    * Breaking changes:
    - Bump wolfSSL minimum required version to 5.2.0 to pull in
      security fix.
    * Changes:
    - Using OpenSSL 1.* before 1.1.1n elicits a compile-time
      warning.
    - Using OpenSSL 3.* before 3.0.2  elicits a compile-time
      warning.
    - configure.ac was tweaked in order to hopefully fix
      cross-compilation issues  report, and different patch
      suggested
    * Translations.:
    - ro: Updated Romanian translation.
* Sat Apr 09 2022 Dirk Müller <[email protected]>
  - update to 6.4.29:
    * Updated vi [Vietnamese] translation.
* Thu Mar 10 2022 David Anes <[email protected]>
  - update to 6.4.28:
    * Updated spanish translation.
  - fix typos in changelog.
* Fri Feb 25 2022 David Anes <[email protected]>
  - update to 6.4.27:
    * Bump wolfSSL minimum required version to 5.1.1 to pull in
      security fix.
    * Updated romanian translation.
* Wed Jan 12 2022 David Anes <[email protected]>
  - fix [bsc#1194203]:
    * Always create fetchmail group, even if the user is already
      present, as a leftover from Leap 15.2 upgrade. This may happen
      also if user is messing with groups/users directly or upgrading
      from even an older fetchmail versions.
* Mon Dec 27 2021 David Anes <[email protected]>
  - update to 6.4.26:
    * When using wolfSSL 5.0.0, work around a bug that appears to hit
      wolfSSL when receiving handshake records while still in
      SSL_peek(). Workaround is to read 1 byte and cache it, then
      call SSL_peek() again. This affects only some servers.
    * New serbian translation.
* Sat Dec 11 2021 Dirk Müller <[email protected]>
  - update to 6.4.25:
    * 6.4.24's workaround for OpenSSL 1.0.2's X509_V_FLAG_TRUSTED_FIRST flag
      contained a typo and would not kick in properly.
    * Library and/or rpath setting from configure.ac was fixed.
    * Added an example systemd unit file and instructions to contrib/systemd/
      which runs fetchmail as a daemon with 5-minute poll intervals.
    * fetchmail can now be used with wolfSSL 5's OpenSSL compatibility layer,
      see INSTALL and README.SSL. This is considered experimental.
      Feedback solicited.
    * Bison 3.8 dropped yytoknum altogether, breaking compilation due to a
      warning workaround. Remove the cast of yytoknum to void.  This may cause
      a compiler warning to reappear with older Bison versions.
    * OpenSSL 1.0.2: Workaround for systems that keep the expired DST Root CA X3
      certificate in its trust store because OpenSSL by default prefers the
      untrusted certificate and fails.
    * For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin
    - no matter its contents - and that set auth ssh), change the STARTTLS
      error message to suggest sslproto '' instead.
      This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22.
  - drop fetchmail-bison-3.8.patch (upstream)
  - Rebased patches:
    * fetchmail-add-imap-oauthbearer-support.patch
    * fetchmail-support-oauthbearer-xoauth2-with-pop3.patch
* Tue Nov 09 2021 Dominique Leuenberger <[email protected]>
  - Add fetchmail-bison-3.8.patch: Fix build with bison 3.8.
* Wed Oct 06 2021 Pedro Monreal <[email protected]>
  - Update to 6.4.22: [bsc#1190069, CVE-2021-39272]
    * OPENSSL AND LICENSING NOTE:
    - fetchmail 6.4.22 is compatible with OpenSSL 1.1.1 and 3.0.0.
      OpenSSL's licensing changed between these releases from dual
      OpenSSL/SSLeay license to Apache License v2.0, which is
      considered incompatible with GPL v2 by the FSF. For
      implications and details, see the file COPYING.
    * SECURITY FIXES:
    - CVE-2021-39272: fetchmail-SA-2021-02: On IMAP connections,
      without --ssl and with nonempty --sslproto, meaning that
      fetchmail is to enforce TLS, and when the server or an attacker
      sends a PREAUTH greeting, fetchmail used to continue an
      unencrypted connection. Now, log the error and abort the
      connection. --Recommendation for servers that support
      SSL/TLS-wrapped or "implicit" mode on a dedicated port
      (default 993): use --ssl, or the ssl user option in an rcfile.
    - On IMAP and POP3 connections, --auth ssh no longer prevents
      STARTTLS negotiation.
    - On IMAP connections, fetchmail does not permit overriding
      a server-side LOGINDISABLED with --auth password any more.
    - On POP3 connections, the possibility for RPA authentication
      (by probing with an AUTH command without arguments) no longer
      prevents STARTTLS negotiation.
    - For POP3 connections, only attempt RPA if the authentication
      type is "any".
    * BUG FIXES:
    - On IMAP connections, when AUTHENTICATE EXTERNAL fails and we
      have received the tagged (= final) response, do not send "*".
    - On IMAP connections, AUTHENTICATE EXTERNAL without username
      will properly send a "=" for protocol compliance.
    - On IMAP connections, AUTHENTICATE EXTERNAL will now check if
      the server advertised SASL-IR (RFC-4959) support and otherwise
      refuse (fetchmail <= 6.4 has not supported and does not support
      the separate challenge/response with command continuation)
    - On IMAP connections, when --auth external is requested but not
      advertised by the server, log a proper error message.
    - Fetchmail no longer crashes when attempting a connection with
    - -plugin "" or --plugout "".
    - Fetchmail no longer leaks memory when processing the arguments
      of --plugin or --plugout on connections.
    - On POP3 connections, the CAPAbilities parser is now caseblind.
    - Fix segfault on configurations with "defaults ... no envelope".
      This is a regression in fetchmail 6.4.3 and happened when
      plugging memory leaks, which did not account for that the
      envelope parameter is special when set as "no envelope". The
      segfault happens in a constant strlen(-1), triggered by trusted
      local input => no vulnerability.
    - Fix program abort (SIGABRT) with "internal error" when invalid
      sslproto is given with OpenSSL 1.1.0 API compatible SSL
      implementations.
    * CHANGES:
    - IMAP: When fetchmail is in not-authenticated state and the server
      volunteers CAPABILITY information, use it and do not re-probe.
      (After STARTTLS, fetchmail must and will re-probe explicitly.)
    - For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl
      option do not match, emit a warning and continue.
    - fetchmail.man and README.SSL were updated in line with
      RFC-8314/8996/8997 recommendations to prefer Implicit TLS
      (--ssl/ssl) and TLS v1.2 or newer, placing --sslproto tls1.2+
      more prominently. The defaults shall not change between 6.4.X
      releases for compatibility.
    * Rebase patches:
      fetchmail-add-imap-oauthbearer-support.patch
      fetchmail-add-query_to64_outsize-utility-function.patch
      fetchmail-support-oauthbearer-xoauth2-with-pop3.patch
* Tue Sep 14 2021 Johannes Segitz <[email protected]>
  - Added hardening to systemd service(s) (bsc#1181400). Modified:
    * fetchmail.service
* Tue Aug 24 2021 Pedro Monreal <[email protected]>
  - Update to 6.4.21:
    * REGRESSION FIX: The new security fix in 6.4.20 for
      CVE-2021-36386 caused truncation of messages logged to
      buffered outputs, predominantly --logfile.
* Thu Jul 29 2021 Pedro Monreal <[email protected]>
  - Update to 6.4.20: [bsc#1188875, CVE-2021-36386]
    * CVE-2021-36386: DoS or information disclosure in some configurations.
      When a log message exceeds c. 2 kByte in size, for instance,
      with very long header contents, and depending on verbosity
      option, fetchmail can crash or misreport each first log message
      that requires a buffer reallocation. fetchmail then reallocates
      memory and re-runs vsnprintf() without another call to va_start(),
      so it reads garbage. The exact impact depends on many factors
      around the compiler and operating system configurations used and
      the implementation details of the stdarg.h interfaces of the two
      functions mentioned before.
* Thu May 13 2021 Jeff Mahoney <[email protected]>
  - Backported support for OAUTH2 authentication from Fetchmail 7.0.
    - add imap oauthbearer support
    - support oauthbearer/xoauth2 with pop3
    - add passwordfile and passwordfd options
    - add contrib/fetchnmail-oauth2.py token acquisition utility
    - FAQ: list gmail options including oauthbearer and app password
    - give each ctl it's own copy of password
    - re-read passwordfile on every poll
    - add query_to64_outsize() utility function
    - Chase and integrate interface change.
    - oauth2.c: calculate and pass in correct buffer size to to64frombits()
    - Increase max password length to handle oauth tokens
    - Bump max. passwordlen to 10000 bytes.
    - Add README.OAUTH2
  - Added patches:
    * fetchmail-add-imap-oauthbearer-support.patch
    * fetchmail-support-oauthbearer-xoauth2-with-pop3.patch
    * fetchmail-add-passwordfile-and-passwordfd-options.patch
    * fetchmail-add-contrib-fetchnmail-oauth2.py-token-acquisition-u.patch
    * fetchmail-FAQ-list-gmail-options-including-oauthbearer-and-app.patch
    * fetchmail-give-each-ctl-it-s-own-copy-of-password.patch
    * fetchmail-re-read-passwordfile-on-every-poll.patch
    * fetchmail-add-query_to64_outsize-utility-function.patch
    * fetchmail-chase-and-integrate-interface-change.patch
    * fetchmail-oauth2-c-calculate-and-pass-in-correct-buffer-size-to-to64frombits.patch
    * fetchmail-increase-max-password-length-to-handle-oauth-tokens.patch
    * fetchmail-bump-max-passwordlen-to-1bytes.patch
    * fetchmail-add-readme-oauth2-issue-27.patch
* Sat May 08 2021 Dirk Müller <[email protected]>
  - update to 6.4.19:
    * fetchmailconf: properly catch and report option parsing errors
    * LMTP: do not try to validate the last component of a UNIX-domain LMTP socket
      as though it were a TCP port.
* Tue Apr 06 2021 Dirk Müller <[email protected]>
  - update to 6.4.18:
    * fetchmailconf: fetchmail 6.4.16 added --sslcertfile to the configuration dump,
      but fetchmailconf support was incomplete in Git 7349f124 and it could not
      parse sslcertfile, thus the user settings editor came up empty with console
      errors printed.  Fix configuration parser in fetchmailconf.
    * fetchmailconf: do not require fetchmail for -V. do not require Tk (Tkinter)
      for -d option. This is to fail more gracefully on incomplete installs.
    * TLS code: remove OPENSSL_NO_DEPRECATED macros to avoid portability issues
      with OpenSSL v3 - these are for development purposes, not production.
    * TLS futureproofing: use SSL_use_PrivateKey_file instead of
      SSL_use_RSAPrivateKey_file, the latter will be deprecated with OpenSSL v3,
      and the user's key file might be something else than RSA.
    * IMAP client: it used to leak memory for username and password when trying
      the LOGIN (password-based) authentication and encountered a timeout situation.
    * dist-tools/getstats.py: also counts lines in *.py files, shown above.
    * fetchmail.man: now mentions that you may need to add --ssl when specifying
      a TLS-wrapped port.
    * fetchmailconf: --version (-V) now prints the Python version in use.
* Mon Mar 01 2021 Pedro Monreal <[email protected]>
  - update to 6.4.16:
    * fetchmail's --configdump, and fetchmailconf, lacked support for
      the sslcertfile option.
    * fetchmail --version [fetchmail -V] now queries and prints the
      SSL/TLS library's "SSL default trusted certificate" file or
      directory (mind the word "default"), where the OpenSSL-compatible
      TLS implementation will look for trusted root, meaning
      certification authority (CA), certificates.
    * fetchmail --version now prints version of the OpenSSL library
      that it was compiled against, and that it is using at runtime,
      and also the OPENSSL_DIR and OPENSSL_ENGINES_DIR (if available).
* Mon Jan 04 2021 Dirk Müller <[email protected]>
  - update to 6.4.15:
    * Fix a typo in the manual page reported by David McKelvie.
    * Fix cross-compilation with openssl, by Fabrice Fontaine. Merge request !23.
    * Fix truncation of SMTP PLAIN AUTH with ^ in credentials, by Earl Chew.
* Sat Dec 19 2020 Dirk Mueller <[email protected]>
  - update to 6.4.14:
    * sr:    Мирослав Николић (Miroslav Nikolić) [Serbian]
    * Errors about lock file (= pidfile) creation could be lost in daemon
    configurations (-d option, or set daemon) when using syslog. Now they are also
    logged to syslog.  Found verifying a pidfile creation issue on 6.4.12 that was
    previously reported by Alex Hall of Automatic Distributors.
    * If the lock file cannot be removed (no write permission on directory), try
    to truncate it, and if that fails, report error.
    * If the pidfile was non-default, fetchmail -q or --quit would malfunction and
    claim no other fetchmail were running, because it did not read the
    configuration files or merge the command line options, thus it would look for
    the PID in the wrong file.
* Fri Dec 18 2020 Thorsten Kukuk <[email protected]>
  - Don't require systemd
  - Use tmpfiles for all files
  - Use systemd macro for tmpfiles
  - Don't delete home directory if the user stays
  - Use sysusers config to create system user
* Fri Sep 04 2020 Dirk Mueller <[email protected]>
  - update to 6.4.12:
    [#] REGRESSION FIX:
    * configure: fetchmail 6.4.9 and 6.4.10 would miss checking for TLS v1.2 and
    TLS v1.3 support if AC_LIB_LINKFLAGS came up with something such as
    /path/to/libssl.so, rather than -lssl. (For instance on FreeBSD)
    * configure: fetchmail 6.4.9's configure was unable to pick up OpenSSL
    if it wasn't announced by pkg-config, for instance, on FreeBSD
* Fri Aug 28 2020 Callum Farmer <[email protected]>
  - De-hardcode /usr/lib path for launch executable (bsc#1174075)
  - Spec file cleanups
* Wed Aug 26 2020 Pedro Monreal Gonzalez <[email protected]>
  - Update fetchmail.keyring file
  - Use %{_prefix}/lib instead of %{_libexecdir}
* Mon Aug 24 2020 Dirk Mueller <[email protected]>
  - update to 6.4.8:
    * Add a test program fm_realpath, and a t.realpath script, neither to be
      installed. These will test resolution of the current working directory.
    * TRANSLATION UPDATES
    * Plug memory leaks when parts of the configuration (defaults, rcfile, command
      line) override one another.
    * fetchmail terminated the placeholder command string too late and included
      garbage from the heap at the end of the string. Workaround: don't use place-
      holders %h or %p in the --plugin string. Bug added in 6.4.0 when merging
      Gitlab merge request !5 in order to fix an input buffer overrun.
      Faulty commit 418cda65f752e367fa663fd13884a45fcbc39ddd.
    * Fetchmail now checks for errors when trying to read the .idfile
    * Fetchmail's error messages that reports that the defaults entry isn't the
      first was made more precise. It could be misleading if there was a poll or
      skip statement before the defaults.
    * Fetchmail documentation was updated to require OpenSSL 1.1.1.
      OpenSSL 1.0.2 reached End Of Life status at the end of the year 2019.
      Fetchmail will tolerate, but warn about, 1.0.2 for now on the assumption that
      distributors backport security fixes as the need arises.
      Fetchmail will also warn if another SSL library that is API-compatible
      with OpenSSL lacks TLS v1.3 support.
    * If the trust anchor is missing, fetchmail refers the user to README.SSL.
    * The AC_DECLS(getenv) check was removed, its only user was broken and not
      accounting for that AC_DECLS always defines HAVE_DECL_... to 0 or 1, so
      fetchmail never declared a missing getenv() symbol (it was testing with
      [#]ifdef).  Remove the backup declaration. getenv is mandated by SUSv2 anyways.
    * fetchmailconf now supports Python 3 and currently requires the "future"
      package, see https://pypi.org/project/future/.
    * fetchmailconf: The minimum supported version is now Python 2.7.13, but it is
      recommended to use at least 2.7.16 (due to its massive SSL updates).
      Older Python versions may check SSL certificates not strictly enough,
      which may cause fetchmail to complain later, if the certificate verify fails.
    * fetchmailconf now autoprobes SSL-wrapped connections (ports 993 and 995 for
      IMAP and POP3) as well and by preference.
    * fetchmailconf now defaults newly created users to "ssl" if either of the
      existing users sets ssl, or if the server has freshly been probed and
      found supporting ssl.
      There is a caveat: adding a user to an existing server without probing it
      again may skip adding ssl. (This does not prevent STARTTLS.)
    * Fix three bugs in fetchmail.man (one unterminated string to .IP macro, one
      line that ran into a .PP macro, .TH date format), and remove one .br request
      from inside the table, which is unsupported by FreeBSD 12's mandoc(1) formatter.
    * Further man page fixes and additions by Chris Mayo and Gregor Zattler.
    * When evaluating the need for STARTTLS in non-default configurations (SSL
      certificate validation turned off), fetchmail would only consider --sslproto
      tls1 as requiring STARTTLS, now all non-empty protocol versions do.
    * fetchmailconf now properly writes "no sslcertck" if sslcertck is disabled.
    * fetchmailconf now catches and reports OS errors (including DNS errors) when
      autoprobing.
    * fetchmailconf received a host of other bugfixes, see the Git commit log.
* Wed Aug 19 2020 Dominique Leuenberger <[email protected]>
  - Fix invalid usage of libexecdir where %_tmpfilesdir was meant to
    be used.
* Sun Feb 02 2020 Thorsten Kukuk <[email protected]>
  - pwdutils is gone long time ago
* Wed Jan 08 2020 Ondřej Súkup <[email protected]>
  - switch to python3
  - don't require python*-devel
* Fri Oct 04 2019 Pedro Monreal Gonzalez <[email protected]>
  - Update to 6.4.1 [bsc#1152964]
    [#]# REGRESSION FIXES:
    * The bug fix Debian Bug#941129 was incomplete and caused
    - a regression in the default file locations, so that fetchmail was
      no longer able to find its configuration files in some situations.
    - a regression under _FORTIFY_SOURCE where PATH_MAX > minimal _POSIX_PATH_MAX.
  - Update to 6.4.0
    [#]# SECURITY FIXES THAT AFFECT BEHAVIOUR AND MAY REQUIRE RECONFIGURATION
    * Fetchmail no longer supports SSLv2.
    * Fetchmail no longer attempts to negotiate SSLv3 by default,
      even with --sslproto ssl23. Fetchmail can now use SSLv3, or TLSv1.1 or a newer
      TLS version, with STLS/STARTTLS (it would previously force TLSv1.0 with
      STARTTLS).  If the OpenSSL version used at build and run-time supports these
      versions, --sslproto ssl3 and --sslproto ssl3+ can be used to re-enable SSLv3.
      Doing so is discouraged because the SSLv3 protocol is broken.
      While this change is supposed to be compatible with common configurations,
      users may have to and are advised to change all explicit --sslproto ssl2
      (change to newer protocols required), --sslproto ssl3, --sslproto tls1 to
    - -sslproto auto, so that they can benefit from TLSv1.1 and TLSv1.2 where
      supported by the server.
      The --sslproto option now understands the values auto, ssl3+, tls1+, tls1.1,
      tls1.1+, tls1.2, tls1.2+, tls1.3, tls1.3+ (case insensitively), see CHANGES
      below for details.
    * Fetchmail defaults to --sslcertck behaviour. A new option --nosslcertck to
      override this has been added, but may be removed in future fetchmail versions
      in favour of another configuration option that makes the insecurity in using
      this option clearer.
    [#]# SECURITY FIXES
    * Fetchmail prevents buffer overruns in GSSAPI authentication with user names
      beyond c. 6000 characters in length. Reported by Greg Hudson.
    [#]# CHANGED REQUIREMENTS
    * fetchmail 6.4.0 is written in C99 and requires a SUSv3 (Single Unix
      Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with
      XSI extension) compliant system. For now, a C89 compiler should also work
      if the system is SUSv3 compliant.
      In particular, older fetchmail versions had workaround for several functions
      standardized in the Single Unix Specification v3, these have been removed.
      The trio/ library has been removed from the distribution.
    [#]# CHANGES
    * fetchmail 6.3.X is unsupported.
    * fetchmail now configures OpenSSL support by default.
    * fetchmail now requires OpenSSL v1.0.2 or newer.
    * Fetchmail now supports --sslproto auto and --sslproto tls1+ (same as ssl23).
    * --sslproto tls1.1+, tls1.2+, and tls1.3+ are now supported for
      auto-negotiation with a minimum specified TLS protocol version, and --sslproto
      tls1.1, --sslproto tls1.2 and --sslproto tls1.3 to force the specified TLS
      protocol version. Note that tls1.3 requires OpenSSL v1.1.1 or newer.
    * Fetchmail now detects if the server hangs up prematurely during SSL_connect()
      and reports this condition as such, and not just as SSL connection failure.
      (OpenSSL 1.0.2 reported incompatible with pop3.live.com by Jerry Seibert).
    * A foreground fetchmail can now accept a few more options while another copy is
      running in the background.
    * fetchmail now handles POP3 --keep UID lists more efficiently, by using Rainer
      Weikusat's P-Tree implementation. This reduces the complexity for handling
      a large UIDL from O(n^2) to O(n log n) and becomes noticably faster with
      thousands of kept messages. (IMAP does not currently track UIDs and is unaffected.)
      At the same time, the UIDL emulation code for deficient servers has been
      removed. It never worked really well.  Servers that do not implement the
      optional UIDL command only work with --fetchall option set, which in itself is
      incompatible with the --keep option (it would cause message duplication).
    * fetchmail, when setting up TLS connections, now uses SSL_set_tlsext_host_name()
      to set up the SNI (Server Name Indication). Some servers (for instance
      googlemail) require SNI when using newer SSL protocols.
    * Fetchmail now sets the expected hostname through OpenSSL 1.0.2's new
      X509_VERIFY_PARAM_set1_host() function to enable OpenSSL's native certificate
      verification features.
    * fetchmail will drop the connection when fetching with IMAP and receiving an
      unexpected untagged "* BYE" response, to work around certain faulty servers.
    * The FETCHMAIL_POP3_FORCE_RETR environment variable is now documented,
      it forces fetchmail, when talking POP3, to always use the RETR command,
      even if it would otherwise use the TOP command.
    * Fetchmail's configure stage will try to query pkg-config or pkgconf for libssl
      and libcrypto, in case other system use .pc files to document specific library dependencies.
    * The gethostbyname() API calls and compatibility functions have been removed.
    * These translations are shipped but not installed by default because
      they have less than 500 translated messages out of 714: el fi gl pt_BR sk tr
    - > Greek, Finnish, Galician, Brazilian Portuguese, Slovak, Turkish.
    * Fetchmail now refuses delivery if the MDA option contains single-quoted expansions.
    [#]# FIXES
    * Do not translate header tags such as "Subject:".
    * Convert most links from berlios.de to sourceforge.net.
    * Report error to stderr, and exit, if --idle is combined with multiple  accounts.
    * Point to --idle from GENERAL OPERATION to clarify --idle and multiple  mailboxes do not mix.
    * Fix SSL-enabled build on systems that do not declare SSLv3_client_method(),
      or that #define OPENSSL_NO_SSL3 inside #include <openssl/ssl.h>
    * Version report lists -SSLv3 on SSL-enabled no-ssl3 builds.
    * Fetchmail no longer adds a NUL byte to the username in GSSAPI authentication.
      This was reported to break Kerberos-based authentication with Microsoft Exchange 2013
    * Set umask properly before writing the .fetchids file, to avoid failing the
      security check on the next run.
    * When forwarding by LMTP, also check antispam response code when collecting
      the responses after the CR LF . CR LF sequence at the end of the DATA phase.
    * fetchmail will not try other protocols after a socket error. This avoids mismatches
      of how different prococols see messages as "seen" and re-fetches of known mail.
    * fetchmail no longer reports "System error during SSL_connect(): Success."
    * fetchmailconf would ignore Edit or Delete actions on the first (topmost)
      item in a list (no matter if server list, user list, ...).
    * The mimedecode feature now properly detects multipart/mixed-type matches, so
      that quoted-printable-encoded multipart messages can get decoded.
      (Regression in 5.0.0 on 1999-03-27, as a side effect of a PGP-mimedecode fix
      attributed to Henrik Storner.)
    * FETCHMAILHOME can now safely be a relative path, which will be qualified
      through realpath(). Previously, it had to be absolute in daemon mode.
    [#]# KNOWN BUGS AND WORKAROUNDS
      (This section floats upwards through the NEWS file so it stays with the
      current release information)
    * Fetchmail does not handle messages without Message-ID header well
      (See sourceforge.net bug #780933)
    * Fetchmail currently uses 31-bit signed integers in several places
      where unsigned and/or wider types should have been used, for instance,
      for mailbox sizes, and misreports sizes of 2 GibiB and beyond.
      Fixing this requires C89 compatibility to be relinquished.
    * BSMTP is mostly untested and errors can cause corrupt output.
    * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
      64-bit mode.  Either compile 32-bit code or use GCC to compile 64-bit fetchmail.
    * Fetchmail does not track pending deletes across crashes.
    * The command line interface is sometimes a bit stubborn, for instance,
      fetchmail -s doesn't work with a daemon running.
    * Linux systems may return duplicates of an IP address in some circumstances if
      no or no global IPv6 addresses are configured.
      (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
    * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
      messages. This will not be fixed, because the maintainer has no Kerberos 5
      server to test against. Use GSSAPI.
  - Remove patches merged upstream:
    * fetchmail-openssl11.patch
    * fetchmail-fetchmailconf-python3-1of3.patch
    * fetchmail-fetchmailconf-python3-2of3.patch
    * fetchmail-fetchmailconf-python3-3of3.patch
  - Rebase fetchmail-6.3.8-smtp_errors.patch
* Fri May 31 2019 Pedro Monreal Gonzalez <[email protected]>
  - Remove comment about not available FETCHMAIL_USER configuration
    variable in sysconfig.fetchmail (bsc#1136538)
* Wed May 29 2019 Dr. Werner Fink <[email protected]>
  - Use Debian 02_remove_SSLv3 change set based on beta 6.4.0 to
    modernize the patch fetchmail-openssl11.patch for modern TLS
    (auto) support
* Thu Mar 15 2018 [email protected]
  - Fix fetchmailconf to compile with python{2,3} [bsc#1082694]
    * fetchmail-fetchmailconf-python3-1of3.patch
    * fetchmail-fetchmailconf-python3-2of3.patch
    * fetchmail-fetchmailconf-python3-3of3.patch
* Fri Mar 02 2018 [email protected]
  - By default, the status messages are redirected to
    /var/log/fetchmail. The syslog option or no-logging are also
    available. (bsc#1033081)
* Thu Nov 23 2017 [email protected]
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Mon Nov 13 2017 [email protected]
  - drop SSLv3 support to build with openssl 1.1 (bsc#1066940)
    * add fetchmail-openssl11.patch
* Fri Apr 28 2017 [email protected]
  - Allow --syslog option in daemon mode (bsc#1033081).
    * By default, the status messages are redirected to the syslog.
* Fri Mar 31 2017 [email protected]
  - prerequire group(daemon) to meet new tumbleweed user handling
* Fri May 13 2016 [email protected]
  - Check for user/group existence before attempting to add them,
    and remove error suppression from these calls.
  - Ensure tmpfile creation is run
* Fri May 13 2016 [email protected]
  - Made the helper script introduced in last change return exit status
    5 on configuration errors instead of 1, which should make it a bit
    less confusing (bsc#979534)
* Fri Apr 08 2016 [email protected]
  - Made /etc/sysconfig/fetchmail work again after a botched systemd
    conversion that ignored the file altogether (bsc#905673)
  - Removed the FETCHMAIL_USER setting in favor of editing the
    systemd service file (which should be copied to the respective
    location in /etc, and not edited in-place)
* Thu Jan 08 2015 [email protected]
  - Cleanup with spec-cleaner
  - Remove support for <12.3 as it does not build anyway.
  - Fix krb5 switches
  - Provide proper rcbla controler for the service
* Mon Dec 29 2014 [email protected]
  - build with PIE
* Fri Dec 05 2014 [email protected]
  - Removed executable permission bits from fetchmail.service file.
  - Update the project url in the spec file after Berlios shutdown.
  - Remove dependency on gpg-offline as signature checking is implemented in the
    source validator.
* Sun Nov 09 2014 Led <[email protected]>
  - fix bashism in postun script
* Wed May 21 2014 [email protected]
  - added necessary macros for systemd files
* Sun Oct 27 2013 [email protected]
  - Add systemd support for openSUSE >= 12.3
* Mon Apr 29 2013 [email protected]
  - added offline gpg verification
  - update to 6.3.26
    [#] CRITICAL BUG FIX for setups using "mimedecode":
    * The mimedecode feature failed to ship the last line of the body if it was
      encoded as quoted-printable and had a MIME soft line break in the very last
      line.  Reported by Lars Hecking in June 2011.
    * Bug introduced on 1998-03-20 when the mimedecode support was added by ESR
      before release 4.4.1 through code contributed by Henrik Storner.
      Workaround for older releases: do not use mimedecode feature.
    * Earlier versions of this NEWS file claimed this bug fixed in fetchmail-6.3.23,
      but it was not.
    * Fixes Launchpad Bug#1171818.
* Tue Mar 19 2013 [email protected]
  - update to 6.3,25
    [#] CRITICAL AND REGRESSION FIXES
    * Plug a memory leak in OpenSSL's certificate verification callback.
    This would affect fetchmail configurations running with SSL in daemon mode
    more than one-shot runs.
    Reported by Erik Thiele, and pinned by Dominik Heeg,
    fixes Debian Bug #688015.
    This bug was introduced into fetchmail 6.3.0 (committed 2005-10-29)
    when support for subjectAltName was added through a patch by Roland
    Stigge, submitted as Debian Bug#201113.
    * The --logfile option now works again outside daemon mode, reported by Heinz
    Diehl. The documentation that I had been reading was inconsistent with the
    code, and only parts of the manual page claimed that --logfile was only
    effective in daemon mode.
    [#] BUG FIXES
    * Fix a memory leak in out-of-memory error condition while handling plugins.
    Report and patch by John Beck (found with Parfait static code analyzer).
    * Fix a NULL pointer dereference in out-of-memory error condition while handling
    plugins.
    Report and patch by John Beck (found with Parfait static code analyzer).
    [#] CHANGES
    * Improved reporting when SSL/TLS X.509 certificate validation has failed,
    working around a not-so-recent swapping of two OpenSSL error codes, and
    a practical impossibility to distinguish broken certification chains from
    missing trust anchors (root certificates).
    * OpenSSL decoded errors are now reported through report(), rather than dumped
    to stderr, so that they should show up in logfiles and/or syslog.
    * The fetchmail manual page no longer claims that MD5 were the default OpenSSL
    hash format (for use with --sslfingerprint). Reported by Jakob Wilk,
    PARTIAL fix for Debian Bug#700266.
    * The fetchmail manual page now refers the user to --softbounce from the
    SMTP/ESMTP ERROR HANDLING section.  Reported by Anton Shterenlikht.
* Tue Dec 11 2012 [email protected]
  - update to 6.3.23
    [#] REGRESSION FIXES
    * Fix compilation with OpenSSL implementations before 0.9.8m that lack
    SSL_CTX_clear_options. Patch by Earl Chew.
    Note that the use of older OpenSSL versions with fetchmail is unsupported and
    * not* recommended.
    [#] BUG FIXES
    * Fix combination of --plugin and -f -. Patch by Alexander Zangerl,
    to fix Debian Bug#671294.
    * Clean up logfile vs. syslog handling, and in case logfile overrides
    syslog, send a message to the latter stating where logging goes.
    [#] CHANGES
    * The build process can now be made a bit more silent and concise through
    ./configure --enable-silent-rules, or by adding "V=0" to the make command.
    [#] WORKAROUNDS
    * Make Maillennium POP3 workarounds less specific, to encompass
    Maillennium POP3/UNIBOX (Maillennium V05.00c++). Reported by Eddie
    via fetchmail-users mailing list, 2012-10-13.
    [#] TRANSLATION UPDATES
* Mon Nov 12 2012 [email protected]
  - do not use useradd -o without -u
* Tue Sep 11 2012 [email protected]
  - update to 6.3.22
    [#] SECURITY FIXES
    * CVE-2012-3482 (bnc#775988)
    * CVE-2011-3389
    [#] BUG FIX
    * The Server certificate: message in verbose mode now appears on stdout like the
      remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807.
    * The GSSAPI-related autoconf code now matches gssapi.c better, and uses
      a different check to look for GSS_C_NT_HOSTBASED_SERVICE.
      This fixes the GSSAPI-enabled build on NetBSD 6 Beta.
    [#] CHANGES
    * The security and errata notices fetchmail-{EN,SA}-20??-??.txt are now
      under the more relaxed CC BY-ND 3.0 license (the noncommercial clause
      was dropped). The Creative Commons address was updated.
    * The Python-related Makefile.am parts were simplified to avoid an automake
      1.11.X bug around noinst_PYTHON, Automake Bug #10995.
    * Configuring fetchmail without SSL now triggers a configure warning,
      and asks the user to consider running configure --with-ssl.
    [#] WORKAROUNDS
    * Some servers, notably Zimbra, return A1234 987 FETCH () in response to
      a header request, in the face of message corruption.  fetchmail now treats
      these as temporary errors. Report and Patch by Mikulas Patocka, Red Hat.
    * Some servers, notably Microsoft Exchange, return "A0009 OK FETCH completed."
      without any header in response to a header request for meeting reminder
      messages (with a "meeting.ics" attachment). fetchmail now treats these as
      transient errors.  Report by John Connett, Patch by Sunil Shetye.
* Thu Jun 14 2012 [email protected]
  - dont't require, just suggest smtp_daemon -- fetchmail does run
    fine (and much safer) with e.g. procmail as mda.
* Fri Dec 02 2011 [email protected]
  - add automake as buildrequire to avoid implicit dependency
* Sun Sep 18 2011 [email protected]
  - Apply packaging guidelines (remove redundant/obsolete
    tags/sections from specfile, etc.)
* Tue Aug 30 2011 [email protected]
  - repack upstream tarball without fetchmail-{SA,EN}-*.txt
    (bnc#713698)
  - add README-security.txt
* Mon Aug 22 2011 [email protected]
  - update to fetchmail-6.3.21
    - critical bug fix
    - The IMAP client no longer inserts NUL bytes into the last line
      of a message when it is not closed with a LF or CRLF sequence.
      Reported by Antoine Levitt.  As a side effect of the fix, and
      in order to avoid a full rewrite, fetchmail will now
      CRLF-terminate the last line fetched through IMAP, even if it
      is originally not terminated by LF or CRLF. This bears no
      relevance if your messages end up in mbox, but adds line
      termination for storages (like Maildir) that do not require
      that the last line be LF- or CRLF-terminated.
* Thu Jun 30 2011 [email protected]
  - license update:  GPLv2+
    remove licenses " Other uncritical OpenSource License ; Public Domain,
    Freeware"
* Mon Jun 06 2011 [email protected]
  - update to fetchmail-6.3.20
    [#] SECURITY BUG FIXES
    - CVE-2011-1947 (bnc#697368): STARTTLS: Fetchmail runs the IMAP
      STARTTLS or POP3 STLS negotiation with the set timeout (default
      five minutes) now. This was reported missing, with observed
      fetchmail freezes beyond a week, by Thomas Jarosch.
      See fetchmail-SA-2011-01.txt for further details.
    [#] BUG FIXES
    - IMAP: Do not search for UNSEEN messages in ranges. Usually,
      there are very few new messages and most of the range searches
      result in nothing. Instead, split the long response to make the
      IMAP driver think that there are multiple lines of response.
    - Do not print "skipping message" for old messages even in
      verbose mode. If there are too many old messages, the logs just
      get filled without any real activity.
    - Build: fetchmail now always uses its own MD5 implementation
      rather than trying to find a system library with matched
      header. The library and header variants found on systems are
      too diverse, and the code size saving is not worth any more
      wasted user or programmer time.
    [#] CHANGES
    - Call strlen() only once when removing CRLF from a line.
    - fetchmail sets Internet domain sockets to "keepalive" mode now.
      Note that there is no portable way to configure actual timeouts
      for this mode, and some systems only support a system-wide
      timeout setting. fetchmail does not attempt to tune the time
      spans of keepalive mode.
  - remove build-time dependency on ed
  - use spec-cleaner
* Mon Dec 13 2010 [email protected]
  - update to fetchmail-6.3.19
    - bugfix release
    * When specifying multiple local multidrop lists, do not lose
      wildcard flag.  (Affects "user foo is bar baz * is joe here")
    * In multidrop configurations, an asterisk can now appear
      anywhere in the list of local users, not just at the end.
    * In multidrop mode, header parsing is now more verbose in -vv
      mode, so that it becomes possible to see which header is used.
    * Make --antispam work from command line (these used to work in
      rcfiles).
    * Smoke test XHTML 1.1 validation, and if it fails, skip
      validating HTML documents.  Skip validating
      Mailbox-Names-UTF7.html. Several systems have broken XHTML 1.1
      DTD installations that jeopardize the build.
    * Send a NOOP only after a failed STARTTLS in IMAP.
    * GSSAPI verbose/debug syslog to INFO severity.  Do STARTTLS/STLS
      negotiation in IMAP/POP3 if it is mandatory even if the server
      capabilities do not show support for upgradation to TLS.  To
      use this, configure --sslproto tls1.
    * IMAP: Understand empty strings as FETCH response, seen on
      Yahoo.  Note that fetchmail continues to expect literals as
      FETCH response for now.
* Mon Oct 11 2010 [email protected]
  - update to fetchmail-6.3.18
    [#] SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE
    * Fetchmail now only accepts wildcard certificate common names
      and subject alternative names if they start with "*.". Previous
      versions would accept wildcards even if no period followed
      immediately.
    * Fetchmail now disallows wildcards in certificates to match
      domain literals (such as 10.9.8.7), or wildcards in domain
      literals ("*.168.23.23").  The test is overly picky and
      triggers if the pattern (after skipping the initial wildcard
      "*") or domain consists solely of digits and dots, and thus
      matches more than needed.
    * Fetchmail now disallows wildcarding top-level domains.
    [#] CRITICAL BUG FIXES AND REGRESSION FIXES
    * Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to
      obtain MD5* functions, as an effect of an undocumented Solaris
      MD5 fix.  This caused all MD5-related functions to malfunction
      if, for instance, libmd5.so was installed on other operating
      systems as part of libwww on machines where long isn't
      32-bits, i. e.  usually on 64-bit computers.
    * Fetchmail 6.3.17 warned about insecure SSL/TLS connections
      even if a matching --sslfingerprint was specified. This is an
      omission from an SSL usability change made in 6.3.17.
    * Fetchmail will now apply timeouts to the authentication stage.
      This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3.
      Reported missing by Thomas Jarosch.
    * Fetchmail now cancels GSSAPI authentication properly when
      encountering GSS errors, such as no or unsuitable credentials.
      It now sends an asterisk on a line by its own, as required in
      SASL.  This fixes protocol synchronization issues that cause
      Authentication failures, often observed with kerberized MS
      Exchange servers.
    * Other fixes.
* Tue Aug 17 2010 [email protected]
  - update to fetchmail-6.3.17
    [#] SECURITY FIX
    * CVE-2010-1167: Fetchmail before release 6.3.17 did not properly
      sanitize external input (mail headers and UID).
    [#] FEATURES
    * Fetchmail now supports a --sslcertfile <file> option to
      specify a "CA bundle" file (a file that contains trusted CA
      certificates).
    * Fetchmail now supports a
      FETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS environment variable
      to force loading the default SSL CA certificate locations even
      if --sslcertfile or --sslcertpath is used.  If neither option
      is in effect, fetchmail loads the default locations.
    [#] REGRESSION FIX
    * Fix string handling in rcfile scanner, which caused fetchmail
      to misparse a run control file in certain circumstances.
    [#] BUG FIXES
    * Plug memory leak when using a "defaults" entry in the run
      control file.
    * Do not print SSL certificate mismatches unless verbose or
    - -sslcertck is enabled.
    * Do not lose "set invisible" in fetchmailconf. (Michael Barnack)
  - drop fetchmail-SA-2010-02.patch (in upstream)
* Mon Apr 19 2010 [email protected]
  - add fetchmail-SA-2010-02.patch (bnc#597673)
* Wed Apr 14 2010 [email protected]
  - make it possible change default fetchmailrc location using new
    sysconfig option
  - do not change owner of fetchmailrc in post
* Wed Apr 07 2010 [email protected]
  - update to fetchmail-6.3.16
    [#] BUG FIX
    * Fix --interface option, broken in 6.3.15.
    [#] CHANGE
    * Call OpenSSL_add_all_algorithms(). This is needed to support
      non-mandatory algorithms in certificates.
* Mon Mar 29 2010 [email protected]
  - update to fetchmail-6.3.15
    [#] FEATURE
    * Fetchmail now supports a bad-header command line or rcfile
      option that takes exactly one argument, accept or reject
      (default).
    [#] BUG FIXES
    * In the rcfile, recognize "local" as abbreviation for
      "localdomains", as documented.
    * Do not close stdout when using mda and "bsmtp -" at the same time.
    * Log operating system errors when BSMTP writes fail.
    * Fix verbose mode progress formatting regression from 6.3.10;
      SMTP trace lines were no longer on a line of their own. Reported
      by Melchior Franz.
    * Check seteuid() return value and abort running MDA if switch fails.
    * Set global flags in a consistent manner. Make --nosoftbounce and
    - -nobounce work from command line (these used to work in rcfiles).
      Reported and fix confirmed working by N.J. Mann. (Sunil Shetye)
* Fri Feb 05 2010 [email protected]
  - update to fetchmail-6.3.14
    [#] SECURITY FIXES
    * SSL/TLS certificate information is now also reported properly
      on computers that consider the "char" type signed. Fixes
      malloc() buffer overrun.  Workaround for older versions: do not
      use verbose mode.
    [#] BUG FIXES
    * The IMAP client no longer skips messages from several IMAP
      servers including Dovecot if fetchmail's "idle" is in use.
      Causes were that fetchmail (a) ignored some untagged responses
      when it should not (b) relied on EXISTS messages in response to
      EXPUNGE, which aren't mandated by RFC-3501 (the IMAP standard)
      and aren't sent by Dovecot either. Fix by Sunil Shetye (the fix
      also consolidates IMAP response handling, improving overall
      robustness of the IMAP client), bug report and testing by Matt
      Doran, with further hints from Timo Sirainen.
    * The SMTP client now recovers from errors (such as servers
      dropping the connection after errors) when sending an RSET
      command.  Fix by Sunil Shetye. Report by James Moe.
    * The IMAP client now uses "SEARCH UNSEEN" rather than "SEARCH
      UNSEEN NOT DELETED" again on IMAP2, to fix a regression in
      fetchmail 6.2.5 reported by Will Stringer in June 2004. (Sunil
      Shetye)
    * The IMAP client now uses "SEARCH UNSEEN UNDELETED" on IMAP4
      and IMAP4r1 servers (Sunil Shetye).
    * Workaround: The IMAP client now falls back to "FETCH n:m
      FLAGS" if the server does not support "SEARCH". (Sunil Shetye)
    * The IMAP client now requests message numbers in batches of
      1,000 to avoid problems if there are more than 1860 unseen
      messages. (Sunil Shetye) Note that this wasn't security
      relevant because fetchmail would only read up to the maximum
      buffer size and leave the remainder of the string unread, going
      out of synch afterwards.
    * Stricter validation of IMAP responses containing byte or
      message counts.
  - fetchmail 6.3.13 :
    [#] REGRESSION FIXES
    * The multiline SMTP error fix in release 6.3.12 caused
      fetchmail to lose message codes 400..599 and treat all of these
      as temporary error. This would cause messages to be left on the
      server even if softbounce was turned off.  Reported by Thomas
      Jarosch.
* Fri Nov 13 2009 [email protected]
  - update to fetchmail-6.3.12
    [#] REGRESSION FIXES
    * The CVS-2009-2666 fix in fetchmail release 6.3.11 caused a free() of
      unallocated memory on SSL connections, which caused crashes or program aborts
      on some systems (depending on how initialization and free() of unallocated
      memory is handled in compiler and libc).
      Workaround for older versions: run in verbose mode.
      Patch courtesy of Thomas Heinz, fixes Gentoo Bug #280760.
      This regression affected only the 6.3.11 release, but not the patch that was
      part of the security announcement fetchmail-SA-2009-01.
    [#] BUG FIXES
    * Fix error reporting for GSSAPI on Heimdal (h5l) Kerberos.
    * Look for MD5_Init in libcrypto rather than libssl, fixes Gentoo Kerberos
      builds; fixes upstream parts of Gentoo Bugs #231400 and #185652, and fixes
      BerliOS Bug #16134.
    * Report multiline SMTP errors properly, reported by Earl Chew; fixes Debian Bug
      [#569899], reported by Akihiro Terasaki.
      Note: This fix introduced a regression, fixed in 6.3.13.
    * Replace control characters in SMTP replies by '?'.
    * Fetchmailconf: Fix descriptions for smtpaddress and smtpname options;
      smtpaddress is for RCPT TO, not MAIL FROM. Found by Gerard Seibert.
  - update to fetchmail-6.3.13
    [#] REGRESSION FIXES
    * The multiline SMTP error fix in release 6.3.12 caused fetchmail to lose
      message codes 400..599 and treat all of these as temporary error. This would
      cause messages to be left on the server even if softbounce was turned off.
      Reported by Thomas Jarosch.
  - drop fetchmail-6.3.11-fix-invalid-free.patch (fixed upstream)
* Mon Aug 10 2009 [email protected]
  - add fetchmail-6.3.11-fix-invalid-free.patch
    - fix https://bugs.gentoo.org/280760
* Sun Aug 09 2009 [email protected]
  - use new python macros
* Thu Aug 06 2009 [email protected]
  - update to 6.3.11
    [#] SECURITY BUGFIXES
    * CVE-2009-2666: SSL NUL prefix impersonation attack through NULs in a
      part of a X.509 certificate's CommonName and subjectAltName fields. These
      fields use opaque strings with a separate length field, so that the NUL
      character isn't a special character inside the certificate. Fetchmail, being
      written in the C language, used to treat these strings as C strings
      nonetheless, so that the domain comparison would end at the first embedded NUL
      character, rather than at the real end of the string.
      Fetchmail will now abort certificate verification as failed if NULs are
      encountered inside either of these fields regardless of their position, and
      drop the connection even if --sslcertck is not used, because NUL is not a
      valid character in legitimate DNS names.
      See fetchmail-SA-2009-01.txt for details, including a minimal patch.
    [#] BUGFIXES
    * Remove the spurious message "message delimiter found while scanning headers".
      RFC-5322 syntax states that the delimiter is part of the body, and the body is
      optional.
    * Convert all non-printable characters in certificate Subject/Issuer
      Common Name or Subject Alternative Name fields to ANSI-C hex escapes (\xnn,
      where nn are hex digits).
* Fri Jul 03 2009 [email protected]
  - update to 6.3.10 (final version)
* Mon Jun 01 2009 [email protected]
  - update to 6.3.10-beta1
    [#] INCOMPATIBLE BUGFIXES AND CHANGES:
    * Fetchmail no longer drops permanently undelivered messages by default, to
      match historic documentation.  It does this by adding a new "softbounce"
      option, see below.
    * There is a new "softbounce" global option that prevents the deletion of
      messages that have not been forwarded. It defaults to "true" for fetchmail
      6.3.X in order to match historic documentation. This may change its default
      in the next major release.
    * For other changes, please see the package changelog
  - update fetchmail-6.3.8-smtp_errors.patch (partially upstreamed)
* Tue Jan 13 2009 [email protected]
  - update to 6.3.9 final
    - deleted fetchmail-fix-permissions-doc.patch (fixed upstream)
* Mon Jan 12 2009 [email protected]
  - fix spurious messages from fetchmail.init (bnc#464037)
* Fri Nov 14 2008 [email protected]
  - make the kerberos handling based on suse_version instead
    of sles_version
* Thu Oct 09 2008 [email protected]
  - fix documentation inconsistency (bnc#174287)
  - mark /etc/logrotate.d/fetchmail as %config(noreplace)
* Wed Oct 01 2008 [email protected]
  - Fix build on SLE9
    - do not build with kerberos support on SLE9
* Tue Sep 09 2008 [email protected]
  - Remove support for dante (deprecated, homepage not reacheable,...)
* Thu Sep 04 2008 [email protected]
  - update to 6.3.9rc2
    - bugfix release, see package changelog for details
  - removed fetchmail-6.3.8-CVE-2007-4565.patch (fixed in upstream)
  - removed fetchmail-6.3.8-long_headers_segfault.patch (fixed in upstream)
* Fri Aug 22 2008 [email protected]
  - fix build on SLE10
    - do not run autoreconf if suse_version < 1010
* Thu Jul 24 2008 [email protected]
  - specfile cleanup and rpmlint warning fixes
    * removed obsolete 'Provides: pop'
    * added logrotate dependency
    * removed unnecessary python dependency
    * removed unnecessary 'export CFLAGS="$RPM_OPT_FLAGS"'
    - %configure macro should suffice
  - initscript fixes
    * obsolete X-UnitedLinux-Should-Start replaced by
      Should-Start
    * same with Should-Stop
    * added $remote-fs dependency
* Tue Jul 01 2008 [email protected]
  - updated fetchmail-6.3.8-long_headers_segfault.patch from upstream
* Tue Jun 17 2008 [email protected]
  - kerberos (krb5) support enabled [bnc#353817]
* Wed May 28 2008 [email protected]
  - fixed broken oneshot option in initscript [bnc#360507]
* Thu May 22 2008 [email protected]
  - fixed bnc#354291
    * caused segmentation fault when retrieving mail with long To:
      headers
* Wed Apr 30 2008 [email protected]
  - added option to specify polling interval to init script
* Fri Mar 28 2008 [email protected]
  - additional fix for bnc#246829
    [fetchmail-6.3.8-starttls.patch ->
    fetchmail-6.3.8-smtp_errors.patch]
* Wed Nov 28 2007 [email protected]
  - add PreReq pwdutils #327550 - yast2-mail fetchmail error
* Thu Sep 27 2007 [email protected]
  - Fix for DoS vulnerability (#308271 CVE-2007-4565)
  - Do not remove messages if SMTP insists on TLS (#246829)
    [fetchmail-6.3.8-starttls.patch]
* Tue Sep 11 2007 [email protected]
  - remove librsaref2-devel from buildrequires (unused)
* Fri Aug 31 2007 [email protected]
  - librsaref2 => librsaref2-devel [#302599]
  - removed %suseversion > 800 check (insserv)
* Mon Jul 02 2007 [email protected]
  - rsaref => librsaref2
* Thu Apr 19 2007 [email protected]
  - Updated to version 6.3.8:
    * Make the APOP challenge parser more distrustful and have it
      reject challenges that do not conform to RFC-822 msg-id format
      (CVE-2007-1558).
    * Repoll immediately if a protocol error happens during the
      authentication attempt after a failed opportunistic TLS upgrade
      (#262450).
    * Do not crash with a null pointer dereference when opening the
      BSMTP file fails.
    * Make BSMTP output actually work.
    * Add delete-later and delete-later.README.
    * Fix KPOP.
    * Fix repoll when server disconnects after opportunistic TLS
      failed for POP3.
    * Documentation and string fixes.
* Fri Mar 30 2007 [email protected]
  - added pwdutils to buildreq
* Tue Feb 06 2007 [email protected]
  - Repair repoll after opportunistic TLS failed (#223507#c27,
    Berlios#10133).
  - Use upstream fix of KPOP regression (#223507#c26).
* Thu Jan 25 2007 [email protected]
  - Fixed regression in KPOP support (#223507#c8).
    http://lists.berlios.de/pipermail/fetchmail-devel/2007-January/000857.html
* Wed Jan 24 2007 [email protected]
  - Updated to version 6.3.6 (#223507):
    * Password disclosure vulnerability fixed (CVE-2006-5867).
    * Repairs a regression in 6.3.5 that crashes fetchmail when a
      message with invalid headers is found while fetchmail's mda
      option is in use (CVE-2006-5974).
    * Repair --logfile, broken in 6.3.5.
    * Repair --user, broken in 6.3.5.
    * RPOP: used to log the password locally rather than an asterisk
      as the other protocols do.
    * POP3: Probes capabilities now when Kerberos V5 is enabled, so
      that we can actually detect if the server supports it.
    * DNS: Detect /etc/resolv.conf changes
    * When HOME and FETCHMAILHOME are unset, be sure to copy user
      database information.
  - Spec file cleanup.
* Wed Oct 25 2006 [email protected]
  - Fixed problems caused by calling daemon as non-root (#207305).
* Mon Oct 23 2006 [email protected]
  - Updated to version 6.3.5:
    * Bug fixes.
    * Translation updates.
    * Logging behavior changes.
    * fetchmail now supports [email protected]=bar user mappings for
      multidrop boxes.
    * Bouncing improvements.
    * Improved IMAP and SDPS behavior.
    * See NEWS for deprecated features and major incompatible change
      advance warnings.
* Sat Oct 21 2006 [email protected]
  - Run automake.
* Thu Jun 01 2006 [email protected]
  - By default run as non-root user fetchmail (159764#c1).
  - Implemented "oneshot" in the init script (159764#c8).
* Mon Apr 03 2006 [email protected]
  - Backported fixes for two crashes (159764#c9, 159764#c10).
* Wed Jan 25 2006 [email protected]
  - converted neededforbuild to BuildRequires
* Mon Jan 23 2006 [email protected]
  - Updated to version 6.3.2 (fixes CVE-2006-0321).
* Tue Jan 10 2006 [email protected]
  - Updated to version 6.3.1 (fixes #140475).
* Mon Dec 05 2005 [email protected]
  - Updated to version 6.3.0 (fixes #131232).
* Wed Jul 27 2005 [email protected]
  - Updated to version 6.2.5.2 (#97555).
* Mon Apr 25 2005 [email protected]
  - Prevent lost mails with NULL envelope (#80331).
* Thu Feb 03 2005 [email protected]
  - fix build on older distributions
* Wed Jan 19 2005 [email protected]
  - Turned on GSSAPI, SOCKS and RSAREF support.
  - Fixed implicit declaration and random result warnings.
* Fri Sep 24 2004 [email protected]
  - Added more sysconfig options for init script.
* Thu Sep 16 2004 [email protected]
  - Remove wrong definition.
* Tue Aug 31 2004 [email protected]
  - Added sendmail to Required-Start/Stop (#44500).
* Wed May 05 2004 [email protected]
  - Added sysconfig variable for polling interval (#39777).
  - Init script adapted to conform latest LSB.
* Mon Apr 26 2004 [email protected]
  - fix missing return value in pop2.c
* Tue Mar 30 2004 [email protected]
  - Added /etc/fetchmailrc to file list.
* Thu Mar 25 2004 [email protected]
  - Add postfix to # neededforbuild
* Wed Mar 10 2004 [email protected]
  - Set fetchsizelimit for APOP and RPOP (bug #35555).
    http://lists.ccil.org/pipermail/fetchmail-friends/2003-October/003958.html
* Wed Feb 04 2004 [email protected]
  - Updated to version 6.2.5.
* Sat Jan 10 2004 [email protected]
  - add %defattr
* Thu Oct 23 2003 [email protected]
  - Remove wrong requires
* Thu Aug 07 2003 [email protected]
  - Updated to version 6.2.3.
* Tue May 20 2003 [email protected]
  - Fix typo
* Wed Mar 26 2003 [email protected]
  - Updated to version 6.2.2.
  - Created startup script.
* Thu Jan 16 2003 [email protected]
  - Updated to version 6.2.1.
* Fri Dec 13 2002 [email protected]
  - Update to 6.2.0 which has security fix for rfc822.c and some
    translations plus an SMTP timeout patch
* Tue Dec 10 2002 [email protected]
  - Updated to version 6.1.3.
* Wed Nov 20 2002 [email protected]
  - Spec file cleanup (bug #21912).
* Thu Oct 24 2002 [email protected]
  - Update to version 6.1.1.
* Tue Oct 01 2002 [email protected]
  - Removed --with-included-gettext and re-enabled NLS.
  - OPIE/OTP fixes.
  - Spec file cleanup.
* Fri Sep 27 2002 [email protected]
  - Update to 6.1.0 including since 5.9.13:
    o Support for STARTTLS over IMAP
    o Cleanups and bugfixes
    o Translation update
    o Fix for potential remote vulnerability in multidrop mode,
      which according to the author is an important security fix.
* Mon Jul 29 2002 [email protected]
  - more spec file cleanup
* Mon Jul 29 2002 [email protected]
  - added /etc/logrotate.d/fetchmail (Bugzilla #17279)
  - spec file cleanup
* Fri Jul 19 2002 [email protected]
  - removed /usr/share/locale/*/LC_MESSAGES/fetchmail.mo from file list
* Wed Jul 17 2002 [email protected]
  - updated to version 5.9.13
  - disabled NLS support because it doesn't compile and esr is about
    to remove it anyway
  - complete changelog: http://tuxedo.org/~esr/fetchmail/NEWS
* Sat Mar 23 2002 [email protected]
  - Fix fetchmailconf (wrong python widget destroy calls) [Bug #15391]
* Mon Sep 17 2001 [email protected]
  - minor fixes in README.SUSE
* Thu Aug 16 2001 [email protected]
  - update to 5.9.0
* Thu Jul 12 2001 [email protected]
  - update to 5.8.14
* Thu Jun 14 2001 [email protected]
  - patch to prevent buffer overflow due to long headers
* Tue Apr 03 2001 [email protected]
  - update to 5.8.0
* Thu Mar 22 2001 [email protected]
  - added split-aliases as provides
* Wed Feb 14 2001 [email protected]
  - updated to 5.6.5 (fixes #6245)
  - fix fetchmailconf nospambounce problem
  - enable RPA protocol
* Fri Jan 05 2001 [email protected]
  - disabled IPv6 support for the time being to fix bug #5111
* Wed Dec 20 2000 [email protected]
  - pass --enable-NTLM to configure in order to enable M$ Exchange
    compatible auth proto
  - explicitly specify the directories with --mandir etc ...
  - Use DESTDIR= instead of prefix to pass RPM_BUILD_ROOT
  - add %{?suse_update_config}
* Mon Dec 18 2000 [email protected]
  - some spec file fixes
* Mon Dec 18 2000 [email protected]
  - Fix requires for fetchmailconf (again)
* Mon Dec 18 2000 [email protected]
  - merged ssl stuff from fetchmailssl to fetchmail package
* Wed Nov 29 2000 [email protected]
  - updated to 5.6.0
  - adjust README to new boot concept
* Fri Nov 10 2000 [email protected]
  - updated to version 5.5.5
  - switched to long names
  - added README.SuSE
* Sun Sep 03 2000 [email protected]
  - update to fetchmail-5.5.1
* Tue May 23 2000 [email protected]
  - moved fetchmailconf man page to subpackage fetchmcf
* Mon May 15 2000 [email protected]
  - update to fetchmail-5.4.0, new major version.
* Wed Mar 01 2000 [email protected]
  - Fix config.guess selection
* Thu Feb 24 2000 [email protected]
  - update to fetchmail-5.3. update to fetchmail-5.3.00
* Tue Feb 15 2000 [email protected]
  - update to fetchmail-5.2.8, that's the code freeze release for 5.3.0
* Tue Feb 08 2000 [email protected]
  - update to fetchmail-5.2.7, Eric's changelog to 5.2.6 is very small:
    * Updated FAQ and
    * Updated es.po.
    * Disable mail notification on server unreachable.  This turned out to
      be a very bad idea.
* Tue Feb 01 2000 [email protected]
  - specfile typo
* Mon Jan 31 2000 [email protected]
  - create man directory
* Mon Jan 31 2000 [email protected]
  - restarted spec from package-provided spec, subpackages fetchmcf (fetchmailconf)
* Wed Oct 20 1999 [email protected]
  - split-off from pop, update to 5.1.2

Files

/usr/bin/fetchmailconf
/usr/lib/python3.11/site-packages/__pycache__/fetchmailconf.cpython-311.opt-1.pyc
/usr/lib/python3.11/site-packages/__pycache__/fetchmailconf.cpython-311.opt-2.pyc
/usr/lib/python3.11/site-packages/__pycache__/fetchmailconf.cpython-311.pyc
/usr/lib/python3.11/site-packages/fetchmailconf.py
/usr/share/man/man1/fetchmailconf.1.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Dec 11 23:24:38 2024