[fetchmail-devel] fetchmail 6.3.18-pre1 snapshot up for testing

[Matthias A. <mat...@gm...>]

Greetings,

#1 I am asking interested fetchmail users to test a preview release of
fetchmail. Change details are below.

#2 Also, if you can offer access to test servers that I can send a short
test mail to and then log into to retrieve that test message -
particularly Exchange 2007 is desired, but others besides Cyrus IMAP and
Dovecot are also welcome - please let me know.

#3 Finally, fetchmail needs translators for the program strings. Some
languages (such as those shown below) are in quite good shape, but
others are lacking a bit.

Translation information at
<http://translationproject.org/domain/fetchmail.html>

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

DOWNLOAD this beta software from:
<http://home.pages.de/~mandree/fetchmail/>

The repository can be browsed at and cloned from:
<http://gitorious.org/fetchmail/fetchmail>

Git (the software used to keep the fetchmail source code version
controlled) information is at: <http://git-scm.com/>

CHANGES since the previous formal release of fetchmail listed below.
Unless otherwise noted, the changes were made by Matthias Andree:


# SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE
* Fetchmail now only accepts wildcard certificate common names and subject
  alternative names if they start with "*.". Previous versions would accept
  wildcards even if no period followed immediately.
* Fetchmail now disallows wildcards in certificates to match domain literals
  (such as 10.9.8.7), or wildcards in domain literals ("*.168.23.23").
  The test is overly picky and triggers if the pattern (after skipping the
  initial wildcard "*") or domain consist solely of digits and dots and matches
  more than needed.
* Fetchmail now disallows wildcarding top-level domains.

# BUG FIXES
* Fetchmail would warn about insecure SSL/TLS connections even if a matching
  --sslfingerprint was specified. This is an omission from an SSL usability
  change made in 6.3.17.  Fixes Debian Bug#580796 reported by Roland Stigge.
* Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to obtain MD5*
  functions, as an effect of an undocumented Solaris MD5 fix.
  This fails if, for instance, libmd5.so was installed on other operating
  systems as part of libwww on machines where long isn't 32-bits. Fixes Gentoo
  Bug #319283, reported - including the hint to libwww - by Karl Hakimian.
  Side effect: fetchmail will now use -lmd on Solaris rather than -lmd5.
* Fetchmail will no longer print connection attempts and errors for one host
  in "silent" and "normal" logging modes, unless all connections fail. This
  should reduce irritation around refused-connection logging if services are
  only on an IPv4 socket if the host also supports IPv6. Often observed as
  connections refused to ::1/25 when the subsequent connection to 127.0.0.1/25
  then - silently - succeeds.  Fetchmail, unless in verbose mode, will collect
  all connect errors and only report them if all of them fail.
* Fetchmail will now apply timeouts to the authentication stage. This stage
  encompasses STARTTLS/STLS negotiation in IMAP/POP3.
  Reported missing by Thomas Jarosch.
* Fetchmail will not try GSSAPI authentication automatically unless it has GSS
  credentials. This avoids getting servers such as Exchange 2007 wedged if
  GSSAPI authentication fails.  Reported by Patrick Rynhart, Debian Bug #568455,
  and Alan Murrell, to the fetchmail-users list.
  Note that if GSSAPI fails for other reasons, you can use the --auth option to
  work around that.
* Fetchmail now parses response to "FETCH n:m RFC822.SIZE" and "FETCH n
  RFC822.HEADER" in a more flexible manner. (Sunil Shetye)

# CHANGES
* When encountering incorrect headers, fetchmail will refer to the bad-header
  option in the manpage. BerliOS Bug #17272, change suggested by Björn Voigt.
* Fetchmail now decodes and reports GSSAPI status codes upon errors.

# KNOWN BUGS AND WORKAROUNDS:
  (this section floats upwards through the NEWS file so it stays with the
  current release information - however, it was stuck with 6.3.8 for a while)
* fetchmail does not handle messages without Message-ID header well
  (See sourceforge.net bug #780933)
* BSMTP is mostly untested and errors can cause corrupt output.
* Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
  64-bit mode.  Either compile 32-bit code or use GCC to compile 64-bit
  fetchmail.  Note that fetchmail doesn't take advantage of 64-bit code,
  so compiling 32-bit SPARC code should not cause any difficulties.
* fetchmail does not track pending deletes over crashes
* the command line interface is sometimes a bit stubborn, for instance,
  fetchmail -s doesn't work with a daemon running
* Linux may return duplicates of an IP address in some circumstances if no or
  no global IPv6 addresses are configured. (No workaround. Ubuntu Bug#582585,
  Novell Bug#606980.)

-- 
Matthias Andree