fetchmail-devel Mailing List for Fetchmail - the mail-retrieval daemon

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

The 6.5.0 release of fetchmail is now available at the usual locations,
including <https://downloads.sourceforge.net/project/fetchmail/branch_6.5/>.

The source archive is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.0.tar.xz/download>

The detached GnuPG signature is available at:
<https://downloads.sourceforge.net/project/fetchmail/branch_6.5/fetchmail-6.5.0.tar.xz.asc/download>

The SHA256 hashes for the tarballs are:
SHA2-256(fetchmail-6.5.0.tar.xz)= 42611aea4861a5311e5116843f01c203dceadf440bf2eb1b4a43a445f2977668

Note that the Sourceforge Git view is quirky,
the preferred Git repository is at 
https://gitlab.com/fetchmail/fetchmail
and mirrored at  
https://sourceforge.net/p/fetchmail/git/ci/legacy_6x/tree/

But it seems that SourceForge's Git web interface isn't fully 
recognizing the latest changes on the "legacy_6x" branch that the 6.5.0 
release was made from, you need to click the 6.5.0 tag on the left to 
see the update version.

Fetchmail 6.4.X and older releases are now unsupported.

DISTRIBUTORS BEWARE: OpenSSL changed license, so you may need to change
your license tags and possibly the license which you invoke to 
redistribute fetchmail.  As an alternative, wolfSSL could be used
to maintain GPL v2 compatibility, but it lacks some features OpenSSL 
offers.

Here are the release notes:
--------------------------------------------------------------------------------
fetchmail-6.5.0 (released 2024-10-29, 31200 LoC):

## SECURITY FIX:
* .netrc now may not have more than 0700 permission if it contains passwords,
  else fetchmail will warn and ignore the file.

## REMOVED FEATURES
* fetchmail no longer supports using an MDA as SMTP fallback. This is required 
  to make deliveries consistent.
  The --enable-fallback configure option is gone.
* fetchmail no longer supports SSLv3. --sslproto ssl3 and ssl3+ options have
  been removed and behave as though "--sslproto auto" had been given.

## INCOMPATIBLE CHANGES
* fetchmail by default only negotiates TLS v1.2 or higher. (RFC-7525)
* fetchmail can auto-negotiate TLS v1.1 through the --sslproto tls1.1+ option.
* fetchmail can auto-negotiate TLS v1.0 through the --sslproto tls1+ option.
* fetchmailconf now requires Python 3.7.0 or newer.
* fetchmail, with --logfile, now logs time stamps into the file, in localtime
  and in the format "Jun 20 23:45:01 fetchmail: ". It will be localized through
  the environment variables LC_TIME (or LC_ALL) and TZ.
  Contributed by Holger Hoffstätte.
* fetchmail sets the OPENSSL security level to 2 by default.
  Override is possible from an environment variable,
  see EXPERIMENTAL CHANGES below.
* The ca, da, en_GB, id, it, nl, ru, zh_CN translations have been disabled,
  they are too far behind.

## CHANGED REQUIREMENTS
* fetchmail 6.5.0 is written in C99 and requires a SUSv3 (Single Unix
  Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with
  XSI extension) compliant system.

  In particular, older fetchmail versions had workarounds or replacement code
  for several functions standardized in the Single Unix Specification v3, these
  have been removed. Hence:
  - The trio/ library has been removed from the distribution.
  - The libesmtp/getaddrinfo.? library has been removed from the distribution.
  - The KAME/getnameinfo.c file has been removed from the distribution.

* fetchmail 6.5.0 requires a TLSv1.3-capable version of OpenSSL or wolfSSL,
  at a minimum OpenSSL v3.0.9 or wolfSSL v5.7.2.

## TRANSLATIONS: fetchmail's messages were translated by these fine people:
* cs:    Petr Pisar [Czech]
* eo:    Keith Bowes [Esperanto]
* es:    Cristian Othón Martínez Vera [Spanish]
* fr:    Frédéric Marchal [French]
* ja:    Takeshi Hamasaki [Japanese]
* ro:    Remus-Gabriel Chelu [Romanian]
* sv:    Göran Uddeborg [Swedish]
* sq:    Besnik Bleta [Albanian]
* pl:    Jakub Bogusz [Polish]

## BUG FIXES
* fetchmail can now report mailbox sizes of 2^31 octets and beyond (2 GibiB).
  This required C99 support (for the long long type).
  Fixes Debian Bug#873668, reported by Andreas Schmidt.
* fetchmail now defines its OpenSSL API level to 3.0.0 so as to expose the
  3.0.0 APIs from OpenSSL.
* The .netrc parser no longer permits "machine" after "default".
* Add manpage info on the .netrc syntax, as ftp(1) is not standardized and
  may not be installed. Fixes Launchpad Bug #1976361 reported by Bill Yikes.
* Received: lines now return GMT time if the tzoffset cannot be represented
  as whole minutes. Reported by @rriddicc via Gitlab #49.
* If fetchmail was running localized, generated an error e-mail message locally,
  and if the selected translation would require the Subject: line to wrap
  inside an RFC-2047 encoded word (=?UTF-8?Q?...?=), the wrapped encoded-word
  was not indented, thus not marked as a continuation line.
* SSL error handling was improved, fetchmail now consistently clears the
  thread/SSL error queue before SSL I/O operations and checks SSL_get_error
  afterwards.  The SSL_connect() error handling has been revised to log more
  consistently.

## CHANGES
* When fetchmail attempts to log out from an IMAP4 server and the server messes
  up its responses (it is supposed to send an untagged * BYE and a tagged
  A4711 OK) and sends a tagged A4711 BYE response, tolerate that, rather than
  reporting a protocol error. We don't intend to chat any more so the protocol
  violation is harmless, and we know the server cannot send more untagged
  status responses.
  Analysis and fix courtesy of Maciej S. Szmigiero, GitLab merge request !20.
* The configure script now spends more effort for getting --with-ssl right, by
  running pkg-config in the right environment, and using the AC_LIB_LINKFLAGS
  macro to obtain run-time library path setting flags.
* For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option
  do not match, emit a warning and continue. Closes Gitlab #31.
* There is now a --idletimeout feature contributed by Eric Durand, to
  permit setting a shorter timeout for the --idle option, because many
  servers violate the protocol (requiring 30 minutes) and hang up sooner than
  the 28 minutes fetchmail waits before refreshing IDLE.
  GitLab merge request !35.
* There is now a --forceidle feature to force idle mode even if not advertised
  in the server capabilities. This is a dangerous option, use it carefully.
  Courtesy of Eric Durand, GitLab merge request !39.
* There is now a --moveto feature (only feasible in IMAP) that, instead of
  flushing mail, moves it to a user-specified folder. This is to assist with
  archiving, or when providers (G...) break the IMAP model.
  Courteously provided by Damjan Jovanovic.
* rcfile parsing errors are now reported in more detail, and with -vv mode,
  also lead to a non-importable Python dump of what was obtained, for debugging.
* fetchmail's --auth option ssh was renamed to implicit, to make clear that it
  does *NOT* imply any particular type or features of the --plugin.  --auth ssh
  will be understood for a while for compatibility but fetchmail will report it
  as implicit.
* fetchmail no longer warns about port/service mismatches with/without ssl
  option when a "plugin" is in use because fetchmail cannot know whether the
  plugin talks SSL or STARTTLS/STLS. Fixes Debian Bug#1076604.
* fetchmail re-executes itself if the .netrc file's modification change
  is found to be newer at the beginning of a new run.
* fetchmail can now use other digest algorithms than MD5 for the
  --sslfingerprint option. To use, specify the algorithm's name in
  curly braces as prefix in the finger print, say,
  --sslfingerprint '{SHA256}00:01:[...]:1F'. This will also switch the
  algorithm for printing. All algorithms supported by the TLS/SSL library
  can be specified. Fixes Gitlab issue #19, Debian Bug#700266.

## EXPERIMENTAL CHANGES - these are not documented anywhere else, only here:
* fetchmail supports a FETCHMAIL_SSL_SECLEVEL environment variable that
  can be used to override the OpenSSL security level. Fetchmail by default
  raises the security level to 2 if lower. This variable can be used to lower it.
  Use with extreme caution. Note that levels 3 or higher will frequently cause
  incompabilities with servers because server-side data sizes are often too low.
  Valid range: 0 to 5 for OpenSSL 1.1.1 and 3.0.
* fetchmail supports a FETCHMAIL_SSL_CIPHERS environment variable that
  sets the cipher string (through two different OpenSSL functions) for SSL and
  TLS versions up to TLSv1.2.
  If setting the ciphers fails, fetchmail will not connect.
  If not given, defaults to Postfix's "medium" list,
  "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH".
* fetchmail supports a FETCHMAIL_TLS13_CIPHERSUITES environment variable
  that sets the ciphersuites (a colon-separated list, without + ! -) for
  TLSv1.3. If not given, defaults to OpenSSL's built-in list. If setting the
  ciphersuites fails, fetchmail refuses to connect.
* NOTE the features above are simplistic. For instance, even though you
  configure --sslproto tls1.3, a failure to set tls1.2 ciphers could cause
  a connection abort.
* fetchmail can be built with meson 1.30 or newer <https://mesonbuild.com/>.
  fetchmail is not currently written in a way that supports unity
  (amalgamated) builds.

================================================================================

2004	Jan	Feb	Mar	Apr	May	Jun (73)	Jul (22)	Aug (42)	Sep (11)	Oct (23)	Nov (40)	Dec (2)
2005	Jan	Feb	Mar (17)	Apr (26)	May (6)	Jun (21)	Jul (133)	Aug (25)	Sep (40)	Oct (12)	Nov (71)	Dec (57)
2006	Jan (23)	Feb (22)	Mar (43)	Apr (27)	May (13)	Jun (7)	Jul (3)	Aug (20)	Sep (16)	Oct (17)	Nov (31)	Dec (10)
2007	Jan (12)	Feb (17)	Mar (26)	Apr (13)	May (4)	Jun (1)	Jul (1)	Aug (21)	Sep (3)	Oct (8)	Nov (8)	Dec (5)
2008	Jan (5)	Feb (1)	Mar (3)	Apr (10)	May (3)	Jun (11)	Jul (5)	Aug (1)	Sep (6)	Oct	Nov (10)	Dec (2)
2009	Jan (17)	Feb (2)	Mar (1)	Apr (9)	May (23)	Jun (22)	Jul (32)	Aug (30)	Sep (11)	Oct (24)	Nov (4)	Dec
2010	Jan (12)	Feb (56)	Mar (32)	Apr (41)	May (36)	Jun (14)	Jul (7)	Aug (10)	Sep (13)	Oct (16)	Nov	Dec (14)
2011	Jan (3)	Feb	Mar (1)	Apr (16)	May (36)	Jun (2)	Jul	Aug (9)	Sep (2)	Oct (1)	Nov (8)	Dec (3)
2012	Jan (1)	Feb (5)	Mar (1)	Apr (1)	May (2)	Jun	Jul	Aug (7)	Sep (9)	Oct (2)	Nov (8)	Dec (9)
2013	Jan (11)	Feb (6)	Mar (14)	Apr (10)	May	Jun (12)	Jul (2)	Aug (2)	Sep (2)	Oct	Nov (7)	Dec (4)
2014	Jan (1)	Feb	Mar (2)	Apr (1)	May	Jun	Jul (1)	Aug (1)	Sep (1)	Oct (1)	Nov	Dec
2015	Jan	Feb	Mar	Apr (1)	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2016	Jan	Feb	Mar	Apr (4)	May	Jun (7)	Jul	Aug (8)	Sep (8)	Oct	Nov	Dec (2)
2017	Jan	Feb	Mar (2)	Apr	May	Jun	Jul	Aug	Sep	Oct (3)	Nov	Dec
2018	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep (2)	Oct (2)	Nov	Dec
2019	Jan	Feb	Mar	Apr	May (3)	Jun	Jul	Aug (6)	Sep (3)	Oct	Nov	Dec
2020	Jan (2)	Feb (3)	Mar (5)	Apr (2)	May (3)	Jun (3)	Jul (3)	Aug (2)	Sep (3)	Oct (4)	Nov (3)	Dec
2021	Jan (5)	Feb (2)	Mar (3)	Apr (3)	May	Jun	Jul (2)	Aug (14)	Sep (3)	Oct (4)	Nov (4)	Dec (3)
2022	Jan	Feb (2)	Mar (2)	Apr (1)	May	Jun	Jul (3)	Aug (1)	Sep	Oct (2)	Nov	Dec
2023	Jan (3)	Feb (1)	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2024	Jan (2)	Feb	Mar	Apr	May (1)	Jun	Jul (1)	Aug	Sep (2)	Oct (1)	Nov	Dec

fetchmail-devel Mailing List for Fetchmail - the mail-retrieval daemon

Client daemon to move mail from POP and IMAP to your local computer

fetchmail-devel — Development related discussion