fetchmail-devel — Development related discussion

[Fetchmail-devel] ANNOUNCE: The 6.6.0.rc2 release candidate of fetchmail is available (TLS/STARTTLS support for SMTP)

[Matthias A. <mat...@gm...>]

The 6.6.0.rc2 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.6/>.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.6/fetchmail-6.6.0.rc2.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.6/fetchmail-6.6.0.rc2.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.6.0.rc2.tar.xz)= e86fb99ff97398bedab92fe6e24bb5d7253363f7ba61d0915666caf6763742a4

Changes since rc1:
------------------
* ee3eb70f 2025-10-13 | Bump version to 6.6.0.rc2. (tag: 6.6.0.rc2)
* 560d636e 2025-10-12 | Support GSSAPI in meson builds.
* c32bb1e7 2025-10-11 | Fix/reformat meson build instructions.
* 7d6b903a 2025-10-11 | Fix LOCALEDIR for meson builds.
* 521d0607 2025-10-11 | Update German translation.
* 3038cdf0 2025-10-11 | Support wolfSSL in meson builds.
* bc09484d 2025-10-11 | Strip OPIE, add meson instructions
* dc490e4c 2025-10-11 | SMTP: also default-/notls 127.0.0.1/::1 and some variants
* a7861fa1 2025-10-11 | Rename match_regex -> regex_ere_search
* 41874f11 2025-10-11 | options.c: Add --esmtp* opts to --help.
* c80bcc5e 2025-10-10 | Set folders and tags to 6.6.0
* f44d0e6e 2025-10-10 | NEWS: remove angle brackets from MAIL FROM:<>


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.6.0 (not yet released):

## FEATURE:
* SMTP TLS and STARTTLS support. By default, this works opportunistically,
  attempting to set up a TLS connection to the smtphost if it understands EHLO
  and offers STARTTLS, but will not enforce peer certificate validity for
  compatibility, esp. because "localhost" (the default SMTP host) usually
  isn't listed in the X.509 certificates.
    Behavior can be tweaked by adding /notls (cleartext connection), /tls
  (TLS-wrapped connection, negotiating TLS before conversing otherwise),
  or /starttls (requiring EHLO to offer STARTTLS, requesting the latter and
  requiring the server certificate to validate) to the SMTP host's name.
    Also, you can add /tlsproto=... where ... accepts the same parameters
  as the --sslproto option, which see.
  Ports, if not specified, default to 25 for opportunistic and /notls modes,
  465 for /tls and 587 for /starttls, but can be overridden either by giving,
  say /25 or /smtp for /starttls.

## TRANSLATIONS:
These will be requested only after fetchmail 6.5.7 will have been released.

-------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: The 6.5.7.rc2 release candiate of fetchmail is available (SMTP AUTH fixes & .netrc support - NO (START)TLS yet)

[Matthias A. <mat...@gm...>]

The 6.5.7.rc2 release candidate of fetchmail is now available at the 
usual locations, including
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.


Changes are listed below, but I have added wolfSSL and GSSAPI support to
meson-based builds.  I'd be happy to receive reports from people building with
meson if that works for you or if not, where not, how not.

I have not added all the tiny disable options to meson we used to have in
configure.ac, the POP3/IMAP features take 10...12 kByte on AMD64, and the
ETRN/ODMR less than 3 kByte each, in a 280 kByte sized executable.


The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.7.rc2.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.7.rc2.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.7.rc2.tar.xz)= 6b0a5aa50316b894b493c69e9c7c9ad5d8047df4703f483e97ed0a22a509172d

Note I have moved the tag after pushing it for the first time; it was on 686b6 first where I hadn't
committed the NEWS, configure.ac and meson.build file's bump to rc2 and crediting Besnik for the Shqip
(Albanian) translation, but the tarballs had already been built with the contents of what's now fd34e417.

Log since rc1: (newest first)
--------------
* fd34e417 2025-10-13 | Prepare 6.5.7.rc2. (tag: 6.5.7.rc2) [Matthias Andree]
* 686b6f64 2025-10-12 | Update <sq> Albanian translation to fetchmail-6.5.6 [Besnik Bleta]
* a46c2f3f 2025-10-12 | Support GSSAPI in meson builds. [Matthias Andree]
* 9dec1279 2025-10-11 | Support wolfSSL in meson builds. [Matthias Andree]
* 0ca08c94 2025-10-11 | Strip OPIE, add meson instructions [Matthias Andree]
* 29195d28 2025-10-11 | Fix LOCALEDIR for meson builds. [Matthias Andree]
* d9d4235a 2025-10-10 | NEWS: remove angle brackets from MAIL FROM:<> [Matthias Andree]
* 97765dff 2025-10-10 | Fix GNU tar --mtime argument when SOURCE_DATE_EPOCH is set. [Matthias Andree]


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.5.7 (not yet released):

## BUGFIX:
* When authenticating to an SMTP server, the AUTH LOGIN method (which didn't
  become a proposed standard, and is only the third method fetchmail would try,
  if CRAM-MD5 and PLAIN weren't offered) required that the server returned
  a 334 code followed by a blank and by a decodable base64 challenge we ignored
  anyways.  This is in line with RFC 4952.
    However, to improve compatibility, fetchmail now accepts anything that
  starts with "334 " and disregards the remainder of the line.
  At the same time, AUTH LOGIN was deprecated. AUTH PLAIN should be available
  everywhere AUTH LOGIN is, and is specified in IETF RFC 4616.
* When authenticating to an SMTP server, i. e. esmtpname/esmtppassword are
  defined, check for errors, and skip servers that do not understand EHLO,
  because we cannot negotiate supported authentication schemes with them.
  This should avoid attempting to send a lot of messages and see them rejected.
* When authenticating to an SMTP server, do not send client abort "*" when
  we receive any other server reply but 334.
* Extend 6.5.6's RFC-5321 address-literal fix to MAIL FROM. This might
  apply when we only have a server's IP address and need to quality
  addresses without domain. Fixes Debian Bug#1080025.
* SMTP AUTH can now look up passwords from the .netrc file - for that,
  fetchmail's esmtpname setting must match the login for the given host in
  .netrc. Fixes Debian Bug#1056651 by Ticker Berkin.

## TRANSLATION UPDATES were contributed by these fine people - thank you!
* cs:    Petr Pisar [Czech]
* eo:    Keith Bowes [Esperanto]
* es:    Cristian Othón Martínez Vera [Spanish]
* fr:    Frédéric Marchal [French]
* ja:    Takeshi Hamasaki [Japanese]
* pl:    Jakub Bogusz [Polish]
* ro:    Remus-Gabriel Chelu [Romanian]
* sq:    Besnik Bleta [Albanian]
* sv:    Göran Uddeborg [Swedish]

-------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: The 6.6.0.rc1 release of fetchmail is available (TLS/STARTTLS support for SMTP)

[Matthias A. <mat...@gm...>]

The 6.6.0.rc1 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.6/>.

Please test this especially if
+ you want to try TLS or STARTTLS connection to your SMTP forwarder
+ you use SMTP AUTH (esmtppassword)
+ and/or want to store your SMTP passwords in .netrc
and share feedback mentioning the 6.6.0.rc1 version via list,
by e-mail or, if you find a bug, Gitlab issue (account required) at 
https://gitlab.com/fetchmail/fetchmail/-/issues -
note for bug reports that AUTH PLAIN and AUTH LOGIN data must be redacted
from your reports, these can be reversed to reveal your password!

Reminder: only subscribers to the fetchmail mailing lists can send mail there.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.6/fetchmail-6.6.0.rc1.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.6/fetchmail-6.6.0.rc1.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.6.0.rc1.tar.xz)= f1a2cec31f673fd3cdcdca50ff0608321f168e9513c355fedd061a9f76928f5f


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.6.0 (not yet released):

## FEATURE:
* SMTP TLS and STARTTLS support. By default, this works opportunistically,
  attempting to set up a TLS connection to the smtphost if it understands EHLO
  and offers STARTTLS, but will not enforce peer certificate validity for
  compatibility, esp. because "localhost" (the default SMTP host) usually
  isn't listed in the X.509 certificates.
    Behavior can be tweaked by adding /notls (cleartext connection), /tls
  (TLS-wrapped connection, negotiating TLS before conversing otherwise),
  or /starttls (requiring EHLO to offer STARTTLS, requesting the latter and
  requiring the server certificate to validate) to the SMTP host's name.
    Also, you can add /tlsproto=... where ... accepts the same parameters
  as the --sslproto option, which see.
  Ports, if not specified, default to 25 for opportunistic and /notls modes,
  465 for /tls and 587 for /starttls, but can be overridden either by giving,
  say /25 or /smtp for /starttls.

## TRANSLATIONS:
These will be requested only after fetchmail 6.5.7 will have been released.

-------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: The 6.5.7.rc1 release of fetchmail is available (SMTP AUTH fixes & .netrc support - NO (START)TLS yet)

[Matthias A. <mat...@gm...>]

The 6.5.7.rc1 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.


Please test this especially if
+ you use SMTP AUTH (esmtppassword)
+ and/or want to store your SMTP passwords in .netrc
and share feedback mentioning the 6.5.7.rc1 version via list,
by e-mail or, if you find a bug, Gitlab issue (account required) at 
https://gitlab.com/fetchmail/fetchmail/-/issues -
note for bug reports that AUTH PLAIN and AUTH LOGIN data must be redacted
from your reports, these can be reversed to reveal your password!

Reminder: only subscribers to the fetchmail mailing lists can send mail there.
 

Plan:

I intend this to further clean up the SMTP AUTH code, which I saw necessary
when fixing the security bug in 6.5.6, and collect the translations, which
I could not wait for when making the security bugfix release. 

If we don't see regressions, I intend to release 6.5.7 in c. 10 days.

Afterwards, I intend to quickly follow up with an unplanned but necessary
fetchmail 6.6.0 feature release that will add TLS and STARTTLS support for
SMTP because we don't have strong protection for SMTP passwords yet.


The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.7.rc1.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.7.rc1.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.7.rc1.tar.xz)= 2aa57f8cfe117dcfaf0a481a8c607dc401c15603bcb641bc610ec794c398cb9a


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.5.7 (not yet released):

## BUGFIX:
* When authenticating to an SMTP server, the AUTH LOGIN method (which didn't
  become a proposed standard, and is only the third method fetchmail would try,
  if CRAM-MD5 and PLAIN weren't offered) required that the server returned
  a 334 code followed by a blank and by a decodable base64 challenge we ignored
  anyways.  This is in line with RFC 4952.
    However, to improve compatibility, fetchmail now accepts anything that
  starts with "334 " and disregards the remainder of the line.
  At the same time, AUTH LOGIN was deprecated. AUTH PLAIN should be available
  everywhere AUTH LOGIN is, and is specified in IETF RFC 4616.
* When authenticating to an SMTP server, i. e. esmtpname/esmtppassword are
  defined, check for errors, and skip servers that do not understand EHLO,
  because we cannot negotiate supported authentication schemes with them.
  This should avoid attempting to send a lot of messages and see them rejected.
* When authenticating to an SMTP server, do not send client abort "*" when
  we receive any other server reply but 334.
* Extend 6.5.6's RFC-5321 address-literal fix to MAIL FROM:<>. This might
  apply when we only have a server's IP address and need to quality
  addresses without domain. Fixes Debian Bug#1080025.
* SMTP AUTH can now look up passwords from the .netrc file - for that,
  fetchmail's esmtpname setting must match the login for the given host in
  .netrc. Fixes Debian Bug#1056651 by Ticker Berkin.

## TRANSLATION UPDATES were contributed by these fine people - thank you!
* cs:    Petr Pisar [Czech]
* eo:    Keith Bowes [Esperanto]
* es:    Cristian Othón Martínez Vera [Spanish]
* fr:    Frédéric Marchal [French]
* ja:    Takeshi Hamasaki [Japanese]
* pl:    Jakub Bogusz [Polish]
* ro:    Remus-Gabriel Chelu [Romanian]
* sv:    Göran Uddeborg [Swedish]

-------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: fetchmail 6.5.6 SECURITY FIX released and fetchmail-SA-2025-01.txt security announcement (fix for SMTP AUTH potential crash, other bugfixes)

[Matthias A. <mat...@gm...>]

The 6.5.6 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.6.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.6.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.6.tar.xz)= ec10e0e0eaa417313559379ede76c74614766d838b39470b66474863aa690dab


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.5.6 (released 2025-10-03, 31795 LoC):

## SECURITY BUGFIX:
* fetchmail-SA-2025-01.txt: CVE pending assignment by MITRE
  An SMTP server advertising EHLO and AUTH, and if fetchmail is configured to
  authenticate (esmtpname and esmtppassword given and non-empty), the server
  might crash fetchmail by sending a "334" response without further blank to
  fetchmail's AUTH request. This is in violation of applicable RFC-4952 though.
    Fetchmail now detects this situation and reports it separately as
  malformed server reply.
    Fetchmail 6.5.6 has been released without waiting for translation updates
  or CVE identifier, these will be provided in followup releases.

## BUGFIXES:
* RFC-5321: When the --smtpaddress, --smtphost, --smtpname, -D or -S argument
  is an numeric address literal such as 192.0.2.2 or 2001:0DB8::4321, properly
  format that as such in the SMTP RCPT command as user@[192.0.2.2] or
  user@[IPv6:2001:0DB8::4321].
* When printing output on the console while fetching mail, do not intersperse
  another copy of our program name and date in the middle of a log line.

  Workaround for older versions: --logfile /dev/tty  (might also use
  --logfile /dev/stderr) - but note this changes buffering behavior and may
  output to appear later and without ticker marks.
* A few low-priority memory leaks in the command-line options parser were
  fixed. Since this parser runs only once, leaks are harmless.
* Some minor code cleanups and robustness fixes were made, and we should
  see fewer compiler warnings as a result.

## CHANGES:
* Given the slow update schedules of some distributions, already add code
  that checks if time_t() is good beyond the year 2038,
  meaning time_t is either unsigned (which would last until 2106) or
  64 bits wide.  If the system isn't safe, warn on every launch of fetchmail
  beginning 2028-01-01 at 00:00 GMT so users have 10 years to plan.
  Fetchmail will also print a warning if time(time_t *t) overflows.

-------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: fetchmail 6.5.5 released (more C23/GCC15 fixes, more clearing of secrets in memory)

[Matthias A. <mat...@gm...>]

The 6.5.5 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.

Note this re-enables DNS-based features on ./configure-based builds with
GCC 15 and other compilers that implement C23 by default.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.5.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.5.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.5.tar.xz)= f989b62729c76afbcd65ec43b9c477f2d990f0913da141ff8166aa4e2bf56025


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.5.5 (released 2025-09-24, 31528 LoC):

## LICENSING CHANGE OF WOLFSSL:
* Note that wolfSSL 5.8.2 switched license from GPLv2 to GPLv3, so if
  a distribution links fetchmail against wolfSSL, this implies the use
  of the "or-any-later-version" clause of the GPLv2-or-later licensed material
  in fetchmail, and the combined work can also only ship as GPLv3.
  This may or may not apply to later versions of wolfSSL - be sure to check!
  
## BUGFIXES:
==-- note that these comprise C23 compatibility fixes (GCC 15) --==
* Support t.operation when the running user is different from the one
  mentioned in the $USER variable.  Fix courtesy of Corey Halpin.
* The kerberos*_auth() functions for v4 and v5 have prototypes now,
  so they can be compiled by the most modern C compilers.
* AC_TYPE_* type-checking macros seem unnecessary, strip them, also from
  config.h.meson which would not fill them from build.meson. We expect
  the operating system to provide us pid_t, size_t, uint32_t.
* Our res_search() autoconf check was broken on compilers adhering to newer
  standards (C23), for instance GCC 15, disabling several DNS-based features
  in autotools-based builds, but not meson-based builds.
  Strip the bogus "extern int res_search();" declaration without prototype,
  we would need to have the prototype from the system either way.

## IMPORTANT CHANGE:
* Fetchmail is now more careful to actually clear password and like buffers
  in memory, so that is less likely that other processes could access them
  should they happen to access similar memory regions after fetchmail's exit.
    Fetchmail now uses memset_explicit(), explicit_bzero(), or its own
  explicit_bzero() implementation to clear memory buffers that contain
  passwords or like secrets, or their base64 equivalents, and also buffers
  that it uses to visualize such strings, instead of just using memset().
    The motivating reason is that a plain memset() that does not have
  /observable/ effects, i. e. when we do not read from the buffer or
  transfer it, can be removed by the compiler's optimizer in the so-called
  dead store elimination, voiding our attempt to clear the buffer contents
  before releasing it to the heap.
    The named alternative functions are not being optimized away.

## WORKAROUND:
* IMAP: Recognize SASL_IR advertisement of Cyrus IMAP 3.10.0...3.12.? as
  synonymous to SASL-IR per RFC4959.  Upstream bug reported at
  https://github.com/cyrusimap/cyrus-imapd/issues/5481 - and it was
  quickly fixed in all their supported branches by patch releases.

## CHANGES:
* Several documentation tweaks.
* As long as SOURCE_DATE_EPOCH is set, the source tarball build may
  be reproducible now.  Tested on Fedora 42.
* The Japanese translation [ja] has been updated by Takeshi Hamasaki.
* The Makefile should be compatible across a wider set of make implementations,
  beyond GNU make.

-------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: fetchmail 6.5.5 release candidate available (more C23/GCC15 fixes, password zeroing)

[Matthias A. <mat...@gm...>]

The 6.5.5.rc1 release candidate
of fetchmail is now available at the usual locations, including
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.

Please test soon in your usual configuration, please compile with
-fsanitize=address,undefined added to CFLAGS if your compiler supports
that, and let me know if it's OK or if new issues show up.

I intend to release 6.5.5 next week if things work out.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.5.rc1.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.5.rc1.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.5.rc1.tar.xz)= c35eeece253a1bf4b0aa8f3467f8d0eb111d99c3caddbdf5f8fdbd2413ef9b63


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.5.5 (not yet released):

## LICENSING CHANGE OF WOLFSSL:
* Note that wolfSSL 5.8.2 switched license from GPLv2 to GPLv3, so if
  a distribution links fetchmail against wolfSSL, this implies the use
  of the "or-any-later-version" clause of the GPLv2-or-later licensed material
  in fetchmail, and the combined work can also only ship as GPLv3.
  wolfSSL has therefore lost its licensing advantage and has been marked
  for potential removal in fetchmail 7 above.
  (OpenSSL 3 is under the Apache License 2.0 and a combined work
  of fetchmail with OpenSSL 3 also requires the combined work to ship
  as GPLv3.)

## BUGFIXES:
==-- note that these comprise C23 compatibility fixes (GCC 15) --==
* Support t.operation when the running user is different from the one
  mentioned in the $USER variable.  Fix courtesy of Corey Halpin.
* The kerberos*_auth() functions for v4 and v5 have prototypes now,
  so they can be compiled by the most modern C compilers.
* AC_TYPE_* type-checking macros seem unnecessary, strip them, also from
  config.h.meson which would not fill them from build.meson. We expect
  the operating system to provide us pid_t, size_t, uint32_t.
* Our res_search() autoconf check was broken on compilers adhering to newer
  standards (C23), for instance GCC 15, disabling several DNS-based features
  in autotools-based builds, but not meson-based builds.
  Strip the bogus "extern int res_search();" declaration without prototype,
  we would need to have the prototype from the system either way.

## IMPORTANT CHANGE:
* Fetchmail is now more careful to actually clear password and like buffers
  in memory, so that is less likely that other processes could access them
  should they happen to access similar memory regions after fetchmail's exit.
    Fetchmail now uses memset_explicit(), explicit_bzero(), or its own
  explicit_bzero() implementation to clear memory buffers that contain
  passwords or like secrets, or their base64 equivalents, and also buffers
  that it uses to visualize such strings, instead of just using memset().
    The motivating reason is that a plain memset() that does not have
  /observable/ effects, i. e. when we do not read from the buffer or
  transfer it, can be removed by the compiler's optimizer in the so-called
  dead store elimination, voiding our attempt to clear the buffer contents
  before releasing it to the heap.
    The named alternative functions are not being optimized away.

## WORKAROUND:
* IMAP: Recognize SASL_IR advertisement of Cyrus IMAP 3.10.0...3.12.? as
  synonymous to SASL-IR per RFC4959.  Upstream bug reported at
  https://github.com/cyrusimap/cyrus-imapd/issues/5481 - and it was
  quickly fixed in all their supported branches by patch releases.

## CHANGES:
* Several documentation tweaks.
* As long as SOURCE_DATE_EPOCH is set, the source tarball build may
  be reproducible now.  Tested on Fedora 42.
* The Japanese translation [ja] has been updated by Takeshi Hamasaki.
* The Makefile should be compatible across a wider set of make implementations,
  beyond GNU make.

-------------------------------------------------------------------------------

[Fetchmail-devel] REMINDER: Use fetchmail 6.5.X --- 6.4.Y are unsupported and may fail to build f.i. with GCC 15

[Matthias A. <mat...@gm...>]

REMINDER: Use fetchmail 6.5.X versions.
fetchmail 6.4.Y and older versions are at the end of life.

Also, the older versions contained faulty configure checks that
cause the build to fail with, among others, GCC 15,
and also other compilers that comply with newer
versions of the C language standard in their factory setting.

Current fetchmail versions of the 6.5 series (6.5.4 is the
current release) build fine with recent compilers in C23 in my
spot checks.

Regards,
Matthias

Re: [Fetchmail-devel] Should sslcommonname be mentioned in the list of legal user descriptions and options?

[Matthias A. <mat...@gm...>]

Am 24.06.25 um 00:18 schrieb u3...@ne...:
> Hello,
> Referring to
> https://gitlab.com/fetchmail/fetchmail/-/blob/next/fetchmail.man?ref_type=heads :
> Is avoiding to mention the sslcommonname keyword in the list of
> 'legal user descriptions and options', which begins at line #2106, deliberate?

Hi u34,

thanks for asking this. No, that's an oversight, also on legacy_6x (the 
branch for 6.5) and the - unmaintained, so wontfix - legacy_64. There 
might be more.

I created https://gitlab.com/fetchmail/fetchmail/-/issues/72 to track this.

I wonder however if such information should be inlined with the 
remainder of the documentation, because I main the manual page, um, 
manually, and strictly speaking, that information is halfway redundant.  
I might reduce my workload by either removing the tables/lists and 
putting that information in the main section where we have the command 
line option, the rcfile Keyword, the history (when introduced), or I 
would need to mark that up and auto-generate that information somehow.

Regards,
Matthias

[Fetchmail-devel] Should sslcommonname be mentioned in the list of legal user descriptions and options?

[<u3...@ne...>]

Hello,
Referring to 
https://gitlab.com/fetchmail/fetchmail/-/blob/next/fetchmail.man?ref_type=heads :
Is avoiding to mention the sslcommonname keyword in the list of  
'legal user descriptions and options', which begins at line #2106, deliberate?

--
u34

[Fetchmail-devel] ANNOUNCE: fetchmail 6.5.4 is available (crash fix for unencrypted socket write error, wolfSSL compilation fix)

[Matthias A. <mat...@gm...>]

The 6.5.4 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.4.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.4.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.4.tar.xz)= c859156e9bff841d4d984cb3fdcb8042b6b31789fc3387c2649baa95a88d698b


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.5.4 (released 2025-06-17, 31208 LoC):

## BUGFIXES:
* socket: avoid crash when writing to a socket without SSL/TLS fails.
  Reported by Andrea Venturoli via mailing list, fixes #71.
* wolfSSL support: avoid fetchmail.c compilation failure in certain
  configurations of wolfSSL (for instance, on FreeBSD's wolfssl-5.8.0_1
  package), OpenSSL_version enables a newer 1.1.x compat API that passes its
  argument to a wolfSSL API, with OPENSSL_DIR and OPENSSL_ENGINES_DIR, causing
  related compiler failures.
  See <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287435>.

-------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: fetchmail 6.5.3 is available (reinstate IDLE workaround & translation update for Spanish (Castellano))

[Matthias A. <mat...@gm...>]

The 6.5.3 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.3.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.3.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.3.tar.xz)= d74e893b78ef29ebef375ab7e726d2977140f8f1208f5905569395cbdae4c23d


Note that I have re-rolled the tarball and moved the tag and forced 
committed between 19:15 UTC and 19:30 UTC today because the 
documentation, manual page, NEWS file, commit logs accidentally 
referenced Gitlab issue #68 when they should have referenced Gitlab 
issue #69.  Now fixed.


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.5.3 (released 2025-06-10, 31204 LoC):

## BUGFIXES:
* IMAP: Reinstate workaround for missing IDLE support if --idle is requested.
  This had been a long-standing feature but got broken in fetchmail 6.4.22
  (commit 616e8c70).  Thanks to Lukáš Tesař for the detailed report including
  a Git bisect that identified this faulty commit.  Fixes Gitlab issue #69.
* IMAP: Only print 'will idle after poll' if --idle is enabled
  and either offered by the server, or forced through --forceidle.
  This fixes a regression introduced in fetchmail 6.4.22 (commit 616e8c70).

## TRANSLATIONS: fetchmail's translation was updated, courtesy of:
* es:    Cristian Othón Martínez Vera [Spanish]

-------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: fetchmail 6.5.2 is available (translation updates for Czech and Serbian)

[Matthias A. <mat...@gm...>]

The 6.5.2 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.2.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.2.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.2.tar.xz)= 8fd0477408620ae382c1d0ef83d8946a95e5be0c2e582dd4ebe55cba513a45fe


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.5.2 (released 2024-12-30, 31200 LoC):

## TRANSLATIONS: fetchmail's translations were updated, courtesy of:
* cs:    Petr Pisar [Czech]
* sr:    Мирослав Николић (Miroslav Nikolić) [Serbian]

## CHANGES:
* Minor documentation consistency fixes (versions, dates).

-------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: fetchmail 6.5.1 is available (minor polishing)

[Matthias A. <mat...@gm...>]

The 6.5.1 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.1.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.1.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.1.tar.xz)= ca3fdb95141c277aca109be77f4d45b47e03ee010043058dd90bc182db518d4a


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.5.1 (released 2024-11-13):

## BUG AND PORTABILITY FIXES:
* Drop two wolfSSL compile-time checks that were for older 6.4 or for future
  7.0 releases and broke compilation with wolfSSL 5.7.4. 
  Fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282413#c4
* Use %p instead of non-portable %#p for one wolfSSL-related diagnostic message
  (FreeBSD defines %#p to be %p, on many other platforms it's undefined 
  behavior).
* Add regex_helper.c to list of files that contain translatable strings,
  which contains two strings we missed to translate.

## CHANGES:
* Simplify EVP_MD_fetch API detection ("like OpenSSL 3" vs. "like OpenSSL 1") 
  for version switch and base it on the claimed OpenSSL version of the crypto 
  SSL, which works for LibreSSL (claims OpenSSL 2) and wolfSSL alike.

## TRANSLATIONS: fetchmail's messages were translated by these fine people:
* sq:    Besnik Bleta [Albanian]
* es:    Cristian Othón Martínez Vera [Spanish]
* ro:    Remus-Gabriel Chelu [Romanian]
* fr:    Frédéric Marchal [French]
* pl:    Jakub Bogusz [Polish]
* sv:    Göran Uddeborg [Swedish]
* ja:    Takeshi Hamasaki [Japanese]
* eo:    Keith Bowes [Esperanto]

-------------------------------------------------------------------------------
fetchmail-6.5.0 (released 2024-10-29, 31200 LoC):

## SECURITY FIX:
* .netrc now may not have more than 0700 permission if it contains passwords,
  else fetchmail will warn and ignore the file.

## REMOVED FEATURES
* fetchmail no longer supports using an MDA as SMTP fallback. This is required 
  to make deliveries consistent.
  The --enable-fallback configure option is gone.
* fetchmail no longer supports SSLv3. --sslproto ssl3 and ssl3+ options have
  been removed and behave as though "--sslproto auto" had been given.

## INCOMPATIBLE CHANGES
* fetchmail by default only negotiates TLS v1.2 or higher. (RFC-7525)
* fetchmail can auto-negotiate TLS v1.1 through the --sslproto tls1.1+ option.
* fetchmail can auto-negotiate TLS v1.0 through the --sslproto tls1+ option.
* fetchmailconf now requires Python 3.7.0 or newer.
* fetchmail, with --logfile, now logs time stamps into the file, in localtime
  and in the format "Jun 20 23:45:01 fetchmail: ". It will be localized through
  the environment variables LC_TIME (or LC_ALL) and TZ.
  Contributed by Holger Hoffstätte.
* fetchmail sets the OPENSSL security level to 2 by default.
  Override is possible from an environment variable,
  see EXPERIMENTAL CHANGES below.
* The ca, da, en_GB, id, it, nl, ru, zh_CN translations have been disabled,
  they are too far behind.

## CHANGED REQUIREMENTS
* fetchmail 6.5.0 is written in C99 and requires a SUSv3 (Single Unix
  Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with
  XSI extension) compliant system.

  In particular, older fetchmail versions had workarounds or replacement code
  for several functions standardized in the Single Unix Specification v3, these
  have been removed. Hence:
  - The trio/ library has been removed from the distribution.
  - The libesmtp/getaddrinfo.? library has been removed from the distribution.
  - The KAME/getnameinfo.c file has been removed from the distribution.

* fetchmail 6.5.0 requires a TLSv1.3-capable version of OpenSSL or wolfSSL,
  at a minimum OpenSSL v3.0.9 or wolfSSL v5.7.2.

## TRANSLATIONS: fetchmail's messages were translated by these fine people:
* cs:    Petr Pisar [Czech]
* eo:    Keith Bowes [Esperanto]
* es:    Cristian Othón Martínez Vera [Spanish]
* fr:    Frédéric Marchal [French]
* ja:    Takeshi Hamasaki [Japanese]
* ro:    Remus-Gabriel Chelu [Romanian]
* sv:    Göran Uddeborg [Swedish]
* sq:    Besnik Bleta [Albanian]
* pl:    Jakub Bogusz [Polish]

## BUG FIXES
* fetchmail can now report mailbox sizes of 2^31 octets and beyond (2 GibiB).
  This required C99 support (for the long long type).
  Fixes Debian Bug#873668, reported by Andreas Schmidt.
* fetchmail now defines its OpenSSL API level to 3.0.0 so as to expose the
  3.0.0 APIs from OpenSSL.
* The .netrc parser no longer permits "machine" after "default".
* Add manpage info on the .netrc syntax, as ftp(1) is not standardized and
  may not be installed. Fixes Launchpad Bug #1976361 reported by Bill Yikes.
* Received: lines now return GMT time if the tzoffset cannot be represented
  as whole minutes. Reported by @rriddicc via Gitlab #49.
* If fetchmail was running localized, generated an error e-mail message locally,
  and if the selected translation would require the Subject: line to wrap
  inside an RFC-2047 encoded word (=?UTF-8?Q?...?=), the wrapped encoded-word
  was not indented, thus not marked as a continuation line.
* SSL error handling was improved, fetchmail now consistently clears the
  thread/SSL error queue before SSL I/O operations and checks SSL_get_error
  afterwards.  The SSL_connect() error handling has been revised to log more
  consistently.

## CHANGES
* When fetchmail attempts to log out from an IMAP4 server and the server messes
  up its responses (it is supposed to send an untagged * BYE and a tagged
  A4711 OK) and sends a tagged A4711 BYE response, tolerate that, rather than
  reporting a protocol error. We don't intend to chat any more so the protocol
  violation is harmless, and we know the server cannot send more untagged
  status responses.
  Analysis and fix courtesy of Maciej S. Szmigiero, GitLab merge request !20.
* The configure script now spends more effort for getting --with-ssl right, by
  running pkg-config in the right environment, and using the AC_LIB_LINKFLAGS
  macro to obtain run-time library path setting flags.
* For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option
  do not match, emit a warning and continue. Closes Gitlab #31.
* There is now a --idletimeout feature contributed by Eric Durand, to
  permit setting a shorter timeout for the --idle option, because many
  servers violate the protocol (requiring 30 minutes) and hang up sooner than
  the 28 minutes fetchmail waits before refreshing IDLE.
  GitLab merge request !35.
* There is now a --forceidle feature to force idle mode even if not advertised
  in the server capabilities. This is a dangerous option, use it carefully.
  Courtesy of Eric Durand, GitLab merge request !39.
* There is now a --moveto feature (only feasible in IMAP) that, instead of
  flushing mail, moves it to a user-specified folder. This is to assist with
  archiving, or when providers (G...) break the IMAP model.
  Courteously provided by Damjan Jovanovic.
* rcfile parsing errors are now reported in more detail, and with -vv mode,
  also lead to a non-importable Python dump of what was obtained, for debugging.
* fetchmail's --auth option ssh was renamed to implicit, to make clear that it
  does *NOT* imply any particular type or features of the --plugin.  --auth ssh
  will be understood for a while for compatibility but fetchmail will report it
  as implicit.
* fetchmail no longer warns about port/service mismatches with/without ssl
  option when a "plugin" is in use because fetchmail cannot know whether the
  plugin talks SSL or STARTTLS/STLS. Fixes Debian Bug#1076604.
* fetchmail re-executes itself if the .netrc file's modification change
  is found to be newer at the beginning of a new run.
* fetchmail can now use other digest algorithms than MD5 for the
  --sslfingerprint option. To use, specify the algorithm's name in
  curly braces as prefix in the finger print, say,
  --sslfingerprint '{SHA256}00:01:[...]:1F'. This will also switch the
  algorithm for printing. All algorithms supported by the TLS/SSL library
  can be specified. Fixes Gitlab issue #19, Debian Bug#700266.

## EXPERIMENTAL CHANGES - these are not documented anywhere else, only here:
* fetchmail supports a FETCHMAIL_SSL_SECLEVEL environment variable that
  can be used to override the OpenSSL security level. Fetchmail by default
  raises the security level to 2 if lower. This variable can be used to lower it.
  Use with extreme caution. Note that levels 3 or higher will frequently cause
  incompabilities with servers because server-side data sizes are often too low.
  Valid range: 0 to 5 for OpenSSL 1.1.1 and 3.0.
* fetchmail supports a FETCHMAIL_SSL_CIPHERS environment variable that
  sets the cipher string (through two different OpenSSL functions) for SSL and
  TLS versions up to TLSv1.2.
  If setting the ciphers fails, fetchmail will not connect.
  If not given, defaults to Postfix's "medium" list,
  "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH".
* fetchmail supports a FETCHMAIL_TLS13_CIPHERSUITES environment variable
  that sets the ciphersuites (a colon-separated list, without + ! -) for
  TLSv1.3. If not given, defaults to OpenSSL's built-in list. If setting the
  ciphersuites fails, fetchmail refuses to connect.
* NOTE the features above are simplistic. For instance, even though you
  configure --sslproto tls1.3, a failure to set tls1.2 ciphers could cause
  a connection abort.
* fetchmail can be built with meson 1.30 or newer <https://mesonbuild.com/>.
  fetchmail is not currently written in a way that supports unity
  (amalgamated) builds.

================================================================================

[Fetchmail-devel] ANNOUNCE: fetchmail 6.5.0 is available (modernization)

[Matthias A. <mat...@gm...>]

The 6.5.0 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.0.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.0.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.0.tar.xz)= 42611aea4861a5311e5116843f01c203dceadf440bf2eb1b4a43a445f2977668

Note that the Sourceforge Git view is quirky,
the preferred Git repository is at 
https://gitlab.com/fetchmail/fetchmail
and mirrored at  
https://sourceforge.net/p/fetchmail/git/ci/legacy_6x/tree/

But it seems that SourceForge's Git web interface isn't fully 
recognizing the latest changes on the "legacy_6x" branch that the 6.5.0 
release was made from, you need to click the 6.5.0 tag on the left to 
see the update version.

Fetchmail 6.4.X and older releases are now unsupported.


DISTRIBUTORS BEWARE: OpenSSL changed license, so you may need to change
your license tags and possibly the license which you invoke to 
redistribute fetchmail.  As an alternative, wolfSSL could be used
to maintain GPL v2 compatibility, but it lacks some features OpenSSL 
offers.


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.5.0 (released 2024-10-29, 31200 LoC):

## SECURITY FIX:
* .netrc now may not have more than 0700 permission if it contains passwords,
  else fetchmail will warn and ignore the file.

## REMOVED FEATURES
* fetchmail no longer supports using an MDA as SMTP fallback. This is required 
  to make deliveries consistent.
  The --enable-fallback configure option is gone.
* fetchmail no longer supports SSLv3. --sslproto ssl3 and ssl3+ options have
  been removed and behave as though "--sslproto auto" had been given.

## INCOMPATIBLE CHANGES
* fetchmail by default only negotiates TLS v1.2 or higher. (RFC-7525)
* fetchmail can auto-negotiate TLS v1.1 through the --sslproto tls1.1+ option.
* fetchmail can auto-negotiate TLS v1.0 through the --sslproto tls1+ option.
* fetchmailconf now requires Python 3.7.0 or newer.
* fetchmail, with --logfile, now logs time stamps into the file, in localtime
  and in the format "Jun 20 23:45:01 fetchmail: ". It will be localized through
  the environment variables LC_TIME (or LC_ALL) and TZ.
  Contributed by Holger Hoffstätte.
* fetchmail sets the OPENSSL security level to 2 by default.
  Override is possible from an environment variable,
  see EXPERIMENTAL CHANGES below.
* The ca, da, en_GB, id, it, nl, ru, zh_CN translations have been disabled,
  they are too far behind.

## CHANGED REQUIREMENTS
* fetchmail 6.5.0 is written in C99 and requires a SUSv3 (Single Unix
  Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with
  XSI extension) compliant system.

  In particular, older fetchmail versions had workarounds or replacement code
  for several functions standardized in the Single Unix Specification v3, these
  have been removed. Hence:
  - The trio/ library has been removed from the distribution.
  - The libesmtp/getaddrinfo.? library has been removed from the distribution.
  - The KAME/getnameinfo.c file has been removed from the distribution.

* fetchmail 6.5.0 requires a TLSv1.3-capable version of OpenSSL or wolfSSL,
  at a minimum OpenSSL v3.0.9 or wolfSSL v5.7.2.

## TRANSLATIONS: fetchmail's messages were translated by these fine people:
* cs:    Petr Pisar [Czech]
* eo:    Keith Bowes [Esperanto]
* es:    Cristian Othón Martínez Vera [Spanish]
* fr:    Frédéric Marchal [French]
* ja:    Takeshi Hamasaki [Japanese]
* ro:    Remus-Gabriel Chelu [Romanian]
* sv:    Göran Uddeborg [Swedish]
* sq:    Besnik Bleta [Albanian]
* pl:    Jakub Bogusz [Polish]

## BUG FIXES
* fetchmail can now report mailbox sizes of 2^31 octets and beyond (2 GibiB).
  This required C99 support (for the long long type).
  Fixes Debian Bug#873668, reported by Andreas Schmidt.
* fetchmail now defines its OpenSSL API level to 3.0.0 so as to expose the
  3.0.0 APIs from OpenSSL.
* The .netrc parser no longer permits "machine" after "default".
* Add manpage info on the .netrc syntax, as ftp(1) is not standardized and
  may not be installed. Fixes Launchpad Bug #1976361 reported by Bill Yikes.
* Received: lines now return GMT time if the tzoffset cannot be represented
  as whole minutes. Reported by @rriddicc via Gitlab #49.
* If fetchmail was running localized, generated an error e-mail message locally,
  and if the selected translation would require the Subject: line to wrap
  inside an RFC-2047 encoded word (=?UTF-8?Q?...?=), the wrapped encoded-word
  was not indented, thus not marked as a continuation line.
* SSL error handling was improved, fetchmail now consistently clears the
  thread/SSL error queue before SSL I/O operations and checks SSL_get_error
  afterwards.  The SSL_connect() error handling has been revised to log more
  consistently.

## CHANGES
* When fetchmail attempts to log out from an IMAP4 server and the server messes
  up its responses (it is supposed to send an untagged * BYE and a tagged
  A4711 OK) and sends a tagged A4711 BYE response, tolerate that, rather than
  reporting a protocol error. We don't intend to chat any more so the protocol
  violation is harmless, and we know the server cannot send more untagged
  status responses.
  Analysis and fix courtesy of Maciej S. Szmigiero, GitLab merge request !20.
* The configure script now spends more effort for getting --with-ssl right, by
  running pkg-config in the right environment, and using the AC_LIB_LINKFLAGS
  macro to obtain run-time library path setting flags.
* For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option
  do not match, emit a warning and continue. Closes Gitlab #31.
* There is now a --idletimeout feature contributed by Eric Durand, to
  permit setting a shorter timeout for the --idle option, because many
  servers violate the protocol (requiring 30 minutes) and hang up sooner than
  the 28 minutes fetchmail waits before refreshing IDLE.
  GitLab merge request !35.
* There is now a --forceidle feature to force idle mode even if not advertised
  in the server capabilities. This is a dangerous option, use it carefully.
  Courtesy of Eric Durand, GitLab merge request !39.
* There is now a --moveto feature (only feasible in IMAP) that, instead of
  flushing mail, moves it to a user-specified folder. This is to assist with
  archiving, or when providers (G...) break the IMAP model.
  Courteously provided by Damjan Jovanovic.
* rcfile parsing errors are now reported in more detail, and with -vv mode,
  also lead to a non-importable Python dump of what was obtained, for debugging.
* fetchmail's --auth option ssh was renamed to implicit, to make clear that it
  does *NOT* imply any particular type or features of the --plugin.  --auth ssh
  will be understood for a while for compatibility but fetchmail will report it
  as implicit.
* fetchmail no longer warns about port/service mismatches with/without ssl
  option when a "plugin" is in use because fetchmail cannot know whether the
  plugin talks SSL or STARTTLS/STLS. Fixes Debian Bug#1076604.
* fetchmail re-executes itself if the .netrc file's modification change
  is found to be newer at the beginning of a new run.
* fetchmail can now use other digest algorithms than MD5 for the
  --sslfingerprint option. To use, specify the algorithm's name in
  curly braces as prefix in the finger print, say,
  --sslfingerprint '{SHA256}00:01:[...]:1F'. This will also switch the
  algorithm for printing. All algorithms supported by the TLS/SSL library
  can be specified. Fixes Gitlab issue #19, Debian Bug#700266.

## EXPERIMENTAL CHANGES - these are not documented anywhere else, only here:
* fetchmail supports a FETCHMAIL_SSL_SECLEVEL environment variable that
  can be used to override the OpenSSL security level. Fetchmail by default
  raises the security level to 2 if lower. This variable can be used to lower it.
  Use with extreme caution. Note that levels 3 or higher will frequently cause
  incompabilities with servers because server-side data sizes are often too low.
  Valid range: 0 to 5 for OpenSSL 1.1.1 and 3.0.
* fetchmail supports a FETCHMAIL_SSL_CIPHERS environment variable that
  sets the cipher string (through two different OpenSSL functions) for SSL and
  TLS versions up to TLSv1.2.
  If setting the ciphers fails, fetchmail will not connect.
  If not given, defaults to Postfix's "medium" list,
  "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH".
* fetchmail supports a FETCHMAIL_TLS13_CIPHERSUITES environment variable
  that sets the ciphersuites (a colon-separated list, without + ! -) for
  TLSv1.3. If not given, defaults to OpenSSL's built-in list. If setting the
  ciphersuites fails, fetchmail refuses to connect.
* NOTE the features above are simplistic. For instance, even though you
  configure --sslproto tls1.3, a failure to set tls1.2 ciphers could cause
  a connection abort.
* fetchmail can be built with meson 1.30 or newer <https://mesonbuild.com/>.
  fetchmail is not currently written in a way that supports unity
  (amalgamated) builds.

================================================================================

[Fetchmail-devel] ANNOUNCE: The 6.5.0.rc2 release candidate of fetchmail is available

[Matthias A. <mat...@gm...>]

The 6.5.0.rc2 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.

It adds seven new translations and fixes a PATH_MAX related mis-merge 
that might break compilation on arcane operating systems.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.0.rc2.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.0.rc2.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.0.rc2.tar.xz)= 577b4f32b81be2c5ccd4a2ea18131a758f159497b13aba71d8e3a490952914ac


Here are the release notes changes since rc1:
--------------------------------------------------------------------------------
* fetchmail 6.5.0 requires a TLSv1.3-capable version of OpenSSL or wolfSSL,
  at a minimum OpenSSL v3.0.9 or wolfSSL v5.7.2.

## TRANSLATIONS: fetchmail's messages were translated by these fine people:
* cs:    Petr Pisar [Czech]
* eo:    Keith Bowes [Esperanto]
* es:    Cristian Othón Martínez Vera [Spanish]
* fr:    Frédéric Marchal [French]
* ja:    Takeshi Hamasaki [Japanese]
* ro:    Remus-Gabriel Chelu [Romanian]
* sv:    Göran Uddeborg [Swedish]

* fetchmail now defines its OpenSSL API level to 3.0.0 so as to expose the
  3.0.0 APIs from OpenSSL.
* SSL error handling was improved, fetchmail now consistently clears the
  thread/SSL error queue before SSL I/O operations and checks SSL_get_error
  afterwards.  The SSL_connect() error handling has been revised to log more
  consistently.

* fetchmail can be built with meson 1.30 or newer <https://mesonbuild.com/>.
  fetchmail is not currently written in a way that supports unity
  (amalgamated) builds.
================================================================================

[Fetchmail-devel] ANNOUNCE: The 6.5.0.rc1 release candidate of fetchmail is available (translations still incomplete)

[Matthias A. <mat...@gm...>]

The 6.5.0.rc1 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.0.rc1.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.0.rc1.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.0.rc1.tar.xz)= f4c8317bf95477d975c945a5624275729385904a7a2d4931f8098cfd9dddf5d0


Please test this thorougly, report bugs, issues in documentation, 
everything, through issues on <https://gitlab.com/fetchmail/fetchmail>,
and send praise -- and if your translation isn't up to date, consider
joining the <https://translationproject.org> and helping out.

Thank you very much in advance!


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.5.0 (not yet released):

## SECURITY FIX:
* .netrc now may not have more than 0700 permission if it contains passwords,
  else fetchmail will warn and ignore the file.

## REMOVED FEATURES
* fetchmail no longer supports using an MDA as SMTP fallback. This is required 
  to make deliveries consistent.
  The --enable-fallback configure option is gone.
* fetchmail no longer supports SSLv3. --sslproto ssl3 and ssl3+ options have
  been removed and behave as though "--sslproto auto" had been given.

## INCOMPATIBLE CHANGES
* fetchmail by default only negotiates TLS v1.2 or higher. (RFC-7525)
* fetchmail can auto-negotiate TLS v1.1 through the --sslproto tls1.1+ option.
* fetchmail can auto-negotiate TLS v1.0 through the --sslproto tls1+ option.
* fetchmailconf now requires Python 3.7.0 or newer.
* fetchmail, with --logfile, now logs time stamps into the file, in localtime
  and in the format "Jun 20 23:45:01 fetchmail: ". It will be localized through
  the environment variables LC_TIME (or LC_ALL) and TZ.
  Contributed by Holger Hoffstätte.
* fetchmail sets the OPENSSL security level to 2 by default.
  Override is possible from an environment variable,
  see EXPERIMENTAL CHANGES below.
* The ca, da, en_GB, id, it, nl, ru, zh_CN translations have been disabled,
  they are too far behind.

## CHANGED REQUIREMENTS
* fetchmail 6.5.0 is written in C99 and requires a SUSv3 (Single Unix
  Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with
  XSI extension) compliant system.

  In particular, older fetchmail versions had workarounds or replacement code
  for several functions standardized in the Single Unix Specification v3, these 
  have been removed. Hence:
  - The trio/ library has been removed from the distribution.
  - The libesmtp/getaddrinfo.? library has been removed from the distribution.
  - The KAME/getnameinfo.c file has been removed from the distribution.

* fetchmail 6.5.0 requires a TLSv1.3-capable version of OpenSSL or wolfSSL,
  at a minimum OpenSSL v1.1.1 or wolfSSL v5.5.1.

## BUG FIXES
* fetchmail can now report mailbox sizes of 2^31 octets and beyond.
  This required C99 support (for the long long type).
  Fixes Debian Bug#873668, reported by Andreas Schmidt.
* fetchmail now defines its OpenSSL API level (1.1.1, or 10101) so
  as to compile with OpenSSL 3.0. (fetchmail was requesting to hide
  deprecated APIs.)
* The .netrc parser no longer permits "machine" after "default".
* Add manpage info on the .netrc syntax, as ftp(1) is not standardized and
  may not be installed. Fixes Launchpad Bug #1976361 reported by Bill Yikes.
* Received: lines now return GMT time if the tzoffset cannot be represented
  as whole minutes. Reported by @rriddicc via Gitlab #49.
* If fetchmail was running localized, generated an error e-mail message locally,
  and if the selected translation would require the Subject: line to wrap
  inside an RFC-2047 encoded word (=?UTF-8?Q?...?=), the wrapped encoded-word
  was not indented, thus not marked as a continuation line.

## CHANGES
* When fetchmail attempts to log out from an IMAP4 server and the server messes
  up its responses (it is supposed to send an untagged * BYE and a tagged
  A4711 OK) and sends a tagged A4711 BYE response, tolerate that, rather than
  reporting a protocol error. We don't intend to chat any more so the protocol
  violation is harmless, and we know the server cannot send more untagged
  status responses.
  Analysis and fix courtesy of Maciej S. Szmigiero, GitLab merge request !20.
* The configure script now spends more effort for getting --with-ssl right, by 
  running pkg-config in the right environment, and using the AC_LIB_LINKFLAGS 
  macro to obtain run-time library path setting flags.
* For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option
  do not match, emit a warning and continue. Closes Gitlab #31.
* There is now a --idletimeout feature contributed by Eric Durand, to
  permit setting a shorter timeout for the --idle option, because many
  servers violate the protocol (requiring 30 minutes) and hang up sooner than
  the 28 minutes fetchmail waits before refreshing IDLE.
  GitLab merge request !35.
* There is now a --forceidle feature to force idle mode even if not advertised
  in the server capabilities. This is a dangerous option, use it carefully.
  Courtesy of Eric Durand, GitLab merge request !39.
* There is now a --moveto feature (only feasible in IMAP) that, instead of
  flushing mail, moves it to a user-specified folder. This is to assist with
  archiving, or when providers (G...) break the IMAP model.
  Courteously provided by Damjan Jovanovic.
* rcfile parsing errors are now reported in more detail, and with -vv mode,
  also lead to a non-importable Python dump of what was obtained, for debugging.
* fetchmail's --auth option ssh was renamed to implicit, to make clear that it 
  does *NOT* imply any particular type or features of the --plugin.  --auth ssh 
  will be understood for a while for compatibility but fetchmail will report it 
  as implicit.
* fetchmail no longer warns about port/service mismatches with/without ssl
  option when a "plugin" is in use because fetchmail cannot know whether the
  plugin talks SSL or STARTTLS/STLS. Fixes Debian Bug#1076604.
* fetchmail re-executes itself if the .netrc file's modification change
  is found to be newer at the beginning of a new run.
* fetchmail can now use other digest algorithms than MD5 for the 
  --sslfingerprint option. To use, specify the algorithm's name in
  curly braces as prefix in the finger print, say,
  --sslfingerprint '{SHA256}00:01:[...]:1F'. This will also switch the
  algorithm for printing. All algorithms supported by the TLS/SSL library
  can be specified. Fixes Gitlab issue #19, Debian Bug#700266.

## EXPERIMENTAL CHANGES - these are not documented anywhere else, only here:
* fetchmail supports a FETCHMAIL_SSL_SECLEVEL environment variable that
  can be used to override the OpenSSL security level. Fetchmail by default
  raises the security level to 2 if lower. This variable can be used to lower it.
  Use with extreme caution. Note that levels 3 or higher will frequently cause
  incompabilities with servers because server-side data sizes are often too low.
  Valid range: 0 to 5 for OpenSSL 1.1.1 and 3.0.
* fetchmail supports a FETCHMAIL_SSL_CIPHERS environment variable that
  sets the cipher string (through two different OpenSSL functions) for SSL and
  TLS versions up to TLSv1.2.
  If setting the ciphers fails, fetchmail will not connect.
  If not given, defaults to Postfix's "medium" list, 
  "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH".
* fetchmail supports a FETCHMAIL_TLS13_CIPHERSUITES environment variable
  that sets the ciphersuites (a colon-separated list, without + ! -) for
  TLSv1.3. If not given, defaults to OpenSSL's built-in list. If setting the 
  ciphersuites fails, fetchmail refuses to connect.
* NOTE the features above are simplistic. For instance, even though you 
  configure --sslproto tls1.3, a failure to set tls1.2 ciphers could cause
  a connection abort.
* fetchmail can be built with meson 0.60 or newer <https://mesonbuild.com/>.
  fetchmail is not currently written in a way that supports unity
  (amalgamated) builds.

================================================================================

[Fetchmail-devel] ANNOUNCE: fetchmail 6.4.39 is available (two bugfixes)

[Matthias A. <mat...@gm...>]

The 6.4.39 release of fetchmail is now available at the usual locations,
including <https://sourceforge.net/projects/fetchmail/files/branch_6.4/>.

The source archive is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.39.tar.xz/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.39.tar.lz/download>

The detached GnuPG signature is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.39.tar.xz.asc/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.39.tar.lz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.4.39.tar.xz)= 75109a1f307b538155fa05f5ef298e8298cb4deae95aed24c16b38d36ff0a186
SHA2-256(fetchmail-6.4.39.tar.lz)= 657ff8655860e649c0863eb942eda1668d4f20f72263129622829e60c018854b


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.4.39 (released 2024-07-20, 31729 LoC):

# BUG FIXES:
* When a server offers STARTTLS although the connection is already wrapped
  in TLS, fetchmail would issue a bogus "WARNING: server offered STARTTLS but 
  sslproto '' given." (or STLS for POP3).  In situations where we wrap the
  connection in TLS, suppress the warning. Reported by Mike Pope.

* If fetchmail was running localized, generate an error e-mail message locally,
  and if the selected translation would require the Subject: line to wrap
  inside an RFC-2047 encoded word (=?UTF-8?Q?...?=), the wrapped encoded-word
  was not indented, thus not marked as a continuation line.

--------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: The 6.5.0.beta10 snapshot of fetchmail is available

[Matthias A. <mat...@gm...>]

The 6.5.0.beta10 release of fetchmail is now available at the usual 
location, <https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.

The source archive is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.5/fetchmail-6.5.0.beta10.tar.xz/download>

The detached GnuPG signature is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.5/fetchmail-6.5.0.beta10.tar.xz.asc/download>

The SHA256 hash for the tarball is:
SHA2-256(fetchmail-6.5.0.beta10.tar.xz)= 1c818b87ccd6cde10b18e55bb30e2ce9dca9c4cc28be699fd436c4eab87ac636
============================================================================

Re: [Fetchmail-devel] ANNOUNCE: fetchmail 6.4.38 is available (translation updates, updated OpenSSL/wolfSSL version requirements)

[Matthias A. <mat...@gm...>]

Note that the shipped NEWS file in the tarball and this release message 
claim fetchmail-6.4.38 were "not yet released", but I have released iti 
today intentionally, not by accident.

That line should have read instead:

"fetchmail-6.4.38 (released 2024-01-31, 31720 LoC)"

and has been pushed with a GnuPG-signed tag to the Git repos,
https://gitlab.com/fetchmail/fetchmail and 
https://sourceforge.net/p/fetchmail/git/ci/legacy_64/tree/


Am Wed, Jan 31, 2024 at 10:00:33PM +0100 schrieb Matthias Andree:
> The 6.4.38 release of fetchmail is now available at the usual locations,
> including <https://sourceforge.net/projects/fetchmail/files/branch_6.4/>.
> 
> The source archive is available at:
> <https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.38.tar.xz/download>
> <https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.38.tar.lz/download>
> 
> The detached GnuPG signature is available at:
> <https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.38.tar.xz.asc/download>
> <https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.38.tar.lz.asc/download>
> 
> The SHA256 hashes for the tarballs are:
> SHA2-256(fetchmail-6.4.38.tar.xz)= a6cb4ea863ac61d242ffb2db564a39123761578d3e40d71ce7b6f2905be609d9
> SHA2-256(fetchmail-6.4.38.tar.lz)= be82b520d9698c1378c3a9a4dbab4d392c8c90d457af11a97ce9b85a3fedc70a
> 
> 
> Here are the release notes:
> --------------------------------------------------------------------------------
> fetchmail-6.4.38 (not yet released):
> 
> # BREAKING CHANGES:
> * Tighten OpenSSL and wolfSSL version requirements again. See README.SSL.
>   Distributors providing older versions that they backport security fixes for 
>   may want to patch socket.c but remember to redirect support to your 
>   distribution's support channels.
>   The fetchmail maintainer only supports functionally unmodified builds with 
>   publicly available SSL/TLS library versions.
>   fetchmail will refuse to build against OpenSSL 1.0.2 older than 1.0.2u,
>   or wolfSSL older than 5.6.2. It will warn about OpenSSL older than 3.0.9,
>   or between 3.1.0 and 3.1.4, or wolfSSL older than 5.6.6.
> 
> # TRANSLATIONS: language translations were updated by these fine people:
> (in reverse alphabetical order of language codes):
> * ru:    Kirill Isakov [Russian]
> * eo:    Keith Bowes [Esperanto]
> 
> --------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: fetchmail 6.4.38 is available (translation updates, updated OpenSSL/wolfSSL version requirements)

[Matthias A. <mat...@gm...>]

The 6.4.38 release of fetchmail is now available at the usual locations,
including <https://sourceforge.net/projects/fetchmail/files/branch_6.4/>.

The source archive is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.38.tar.xz/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.38.tar.lz/download>

The detached GnuPG signature is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.38.tar.xz.asc/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.38.tar.lz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.4.38.tar.xz)= a6cb4ea863ac61d242ffb2db564a39123761578d3e40d71ce7b6f2905be609d9
SHA2-256(fetchmail-6.4.38.tar.lz)= be82b520d9698c1378c3a9a4dbab4d392c8c90d457af11a97ce9b85a3fedc70a


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.4.38 (not yet released):

# BREAKING CHANGES:
* Tighten OpenSSL and wolfSSL version requirements again. See README.SSL.
  Distributors providing older versions that they backport security fixes for 
  may want to patch socket.c but remember to redirect support to your 
  distribution's support channels.
  The fetchmail maintainer only supports functionally unmodified builds with 
  publicly available SSL/TLS library versions.
  fetchmail will refuse to build against OpenSSL 1.0.2 older than 1.0.2u,
  or wolfSSL older than 5.6.2. It will warn about OpenSSL older than 3.0.9,
  or between 3.1.0 and 3.1.4, or wolfSSL older than 5.6.6.

# TRANSLATIONS: language translations were updated by these fine people:
(in reverse alphabetical order of language codes):
* ru:    Kirill Isakov [Russian]
* eo:    Keith Bowes [Esperanto]

--------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: fetchmail 6.4.37 is available (translation updates)

[Matthias A. <mat...@gm...>]

The 6.4.37 release of fetchmail is now available at the usual locations,
including <https://sourceforge.net/projects/fetchmail/files/branch_6.4/>.

The source archive is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.37.tar.xz/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.37.tar.lz/download>

The detached GnuPG signature is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.37.tar.xz.asc/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.37.tar.lz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.4.37.tar.xz)= 4a182e5d893e9abe6ac37ae71e542651fce6d606234fc735c2aaae18657e69ea
SHA2-256(fetchmail-6.4.37.tar.lz)= 2bc3c602bb967a8d7a7348a6e7bdffc54ab93c61187301431c63914372ec3c1b


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.4.37 (released 2023-02-26, 31710 LoC):

# TRANSLATIONS: language translations were updated by this fine person:
* sr:    Мирослав Николић (Miroslav Nikolić) [Serbian]

--------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: fetchmail 6.4.36 is available (translation updates)

[Matthias A. <mat...@gm...>]

The 6.4.36 release of fetchmail is now available at the usual locations,
including <https://sourceforge.net/projects/fetchmail/files/branch_6.4/>.

The source archive is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.36.tar.xz/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.36.tar.lz/download>

The detached GnuPG signature is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.36.tar.xz.asc/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.36.tar.lz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.4.36.tar.xz)= 700d433838d3e29e304452aec56b21874f538ec24113fdcbb25139c5f2edc23a
SHA2-256(fetchmail-6.4.36.tar.lz)= 5554fd033b461f255f83301985fe12b5bbf964d8fdcead87a339b7e0c726cd65


Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.4.36 (released 2023-01-28, 31710 LoC):

# TRANSLATIONS: language translations were updated by these fine people:
(in alphabetical order of language codes):
* cs:    Petr Pisar [Czech]
* es:    Cristian Othón Martínez Vera [Spanish]
* fr:    Frédéric Marchal [French]
* ja:    Takeshi Hamasaki [Japanese]
* pl:    Jakub Bogusz [Polish]
* ro:    Remus-Gabriel Chelu [Romanian]
* sq:    Besnik Bleta [Albanian]
* sv:    Göran Uddeborg [Swedish]

--------------------------------------------------------------------------------

[Fetchmail-devel] ANNOUNCE: The 6.5.0.beta9 snapshot of fetchmail is available

[Matthias A. <mat...@gm...>]

The 6.5.0.beta9 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.0.beta9.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.0.beta9.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.0.beta9.tar.xz)= ee6212d2aad80507f9128a0969ae1a2a8dbd3407c8bf8e5f9ec4fc3a6754b093


Here are the additions to the release notes since beta8:
+---------------------------------------------------------------------------
KNOWN ISSUES:
* Using ccache may trigger "implicit fallthrough" warnings because
  the comments that, for instance, GCC understands, are removed by ccache's
  separate preprocessing.  Fixing this portably requires C++17.
 
INCOMPATIBLE CHANGES:
* The ca, da, en_GB, id, it, nl, ru, zh_CN translations have been disabled,
  they are too far behind.
 
 ## CHANGED REQUIREMENTS
* fetchmail 6.5.0 requires a TLSv1.3-capable version of OpenSSL or wolfSSL,
  at a minimum OpenSSL v1.1.1 or wolfSSL v5.5.1.
 
 ## BUG FIXES
* Received: lines now return GMT time if the tzoffset cannot be represented
  as whole minutes. Reported by @rriddicc via Gitlab #49.
 
 ## CHANGES
* There is now a --moveto feature (only feasible in IMAP) that, instead of
  flushing mail, moves it to a user-specified folder. This is to assist with
  archiving, or when providers (G...) break the IMAP model.
  Courteously provided by Damjan Jovanovic.
* fetchmail can be built with meson 0.60 or newer <https://mesonbuild.com/>.
  fetchmail is not currently written in a way that supports unity
  (amalgamated) builds.
============================================================================

[Fetchmail-devel] ANNOUNCE: fetchmail 6.4.35 is available (translation updates and raised SSL/TLS library requirements)

[Matthias A. <mat...@gm...>]

The 6.4.35 release of fetchmail is now available at the usual locations,
including <https://sourceforge.net/projects/fetchmail/files/branch_6.4/>.

The source archive is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.35.tar.xz/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.35.tar.lz/download>

The detached GnuPG signature is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.35.tar.xz.asc/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.35.tar.lz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.4.35.tar.xz)= 7b0b56cbc0fca854504f167795fab532d5a54d5a7d3b6e3e36a33f34a0960a01
SHA2-256(fetchmail-6.4.35.tar.lz)= 8c8675b4655344d6d14143c4a16fa0ebcf5754c9e707d413dab9fec68d1826cd

Here are the release notes:
>-------------------------------------------------------------------------------
fetchmail-6.4.35 (released 2023-01-04, 31707 LoC):

# BREAKING CHANGES:
* Fetchmail now warns about OpenSSL before 1.1.1s or 3.0.7,
  and rejects wolfSSL older than 5.5.0.

# TRANSLATIONS: language translations were updated by these fine people:
(in reverse alphabetical order of language codes so as not to prefer people):
* sv:    Göran Uddeborg [Swedish]
* eo:    Keith Bowes [Esperanto]
>-------------------------------------------------------------------------------