[fetchmail-devel] fetchmail 7.0.0-alpha4 alpha preview release

[Matthias A. <mat...@gm...>]

Greetings,

in an effort to get sufficient testing, I have released the next alpha
version of fetchmail 7.0.0. This merges post-6.3.22 changes in, to
fix some regressions and plug the OpenSSL memory leak that prompted the
6.3.24 release. The changelog is included below.

Note that I plan to discontinue MAPI support, it has zero user interest.
 I have not received offers of Exchange test accounts, I have not
received test reports from users, and I can only conclude that while it
may have looked a good idea when the Google Summer Of Code project to
add MAPI support was started, this is a stillborn.

I will spend no more efforts in providing MAPI support in fetchmail
unless there are sustainable offers to help out with test accounts, test
reports, and so on.

The alpha version is available for download from these sites:
<http://home.pages.de/~mandree/fetchmail/>
<https://sourceforge.net/projects/fetchmail/files/branch_7-alpha/>

It is not available for download from BerliOS, its file release system
is too cumbersome to use.

The fetchmail sources are also available via Git.

The corresponding git tag is SNAPSHOT_7-0-0-alpha4, the branch is
"master". The repository browsers (these show the clone URLs):
<http://gitorious.org/fetchmail>
<http://git.berlios.de/cgi-bin/cgit.cgi/fetchmail/>
<http://git.berlios.de/cgi-bin/gitweb.cgi?p=fetchmail;a=summary>

Please send feedback to fet...@li....

Happy fetches!
Matthias

--------------------------------------------------------------------------------
fetchmail-7.0.0 (not yet released):

NOTE THIS IS AN ALPHA RELEASE THAT HAS NOT BEEN THOROUGHLY TESTED!

# MAJOR CHANGES
* The UIDL handler code is now much faster, especially noticable with
lots of
  mail kept on a POP3 server. Where the 6.3.X code was of O(n^2) complexity,
  we're down to O(n log n).
  Contributed by Rainer Weikusat, MAD Partners Ltd./MSS GmbH.
* The POP3 code now always uses UIDL, except if "fetchall" is in effect.
  Fixes BerliOS Bug #16172. Fixes Debian Bug#345788.
* Fetchmail now enables SSL support by default. If this is undesired,
  ./configure --without-ssl should help.
* The OpenSSL code now excludes the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
option.
  This can cause interoperability problems with certain buggy servers,
but is
  required to defang chosen-plaintext attacks against AES.  While
probably hard
  to mount against fetchmail, let's play it safe rather than be sorry later.

# FEATURES ADDED
* Fetchmail can now retrieve credentials from PWMD. This needs to be
enabled at
  compile-time and requires run-time configuration. See README.PWMD for
details.
  Contributed by Ben Kibbey, author of libpwmd and pwmd.
* Fetchmail now supports a retrieve-error command line or rcfile option that
  takes exactly one argument, abort (default), continue or markseen.  This
  specifies the policy used by fetchmail to handle messages whose bodies
  fail to be retrieved due to server errors.  Both the continue and markseen
  options will skip the message with errors and allow the session to
  continue so that subsequent messages can be retrieved.  The markseen
  option will also mark the message with errors as seen.
  The default policy is to abort the session whenever a server error occurs.
  Contributed by Craig Brown.
* Fetchmailconf offers cram-md5 and apop authentication.

# REMOVED FEATURES
* IMAP2 protocol support was removed.
* POP2 protocol support was removed.
* RPOP (not actually a protocol, but a variant of POP3) was removed
* POP3: the uidl option has been removed. It is always on.
* POP3: LAST is no longer used. It was removed from POP3 in 1994, and it
could
  cause mail loss when the connection was interrupted or if clients besides
  fetchmail polled the mailbox.
* Trio was removed, fetchmail expects reasonable stdio.h quality levels.
* Support for systems that do not conform to C89 and POSIX 2001 was removed,
  this means that BeOS, EMX, NeXTSTEP quirks are no longer worked around.
* The MX and host alias DNS lookups that fetchmail performs in multidrop
mode
  have been removed. They were based on the mistaken assumption that the
  IMAP/POP3 server was also the MX server, which is rarely the case.
They have
  never supported IPv6 (including IPv6-mapped IPv4) either.
  Non-DNS based alias keywords such as "aka" remain.
* Kerberos IV support was removed.
* fetchmail no longer supports SSL v2, nor the corresponding SSL2 option to
  --sslproto. SSLv2 is insecure and had been deprecated 15 years ago.
fetchmail
  will actively forbid SSLv2 negotiation by means of SSL_OP_NO_SSLv2.
  To fix Debian Bug#622054.
* A lot of outdated and/or unsafe-to-use material got dropped from contrib/.

# REGRESSION FIXES
* The mimedecode feature now properly detects multipart/mixed-type
matches, so
  that quoted-printable-encoded multipart messages can get decoded.
  (Regression in 5.0.0 on 1999-03-27, as a side effect of a
PGP-mimedecode fix
  attributed to Henrik Storner.)

# BUG FIXES
* The mimedecode feature failed to ship the last line of the body if it was
  encoded as quoted-printable and had a MIME soft line break in the very
last
  line.  Reported by Lars Hecking in June 2011.
  Bug introduced on 1998-03-20 when the mimedecode support was added by ESR
  before release 4.4.1 through code contributed by Henrik Storner.
  Workaround for older releases: do not use mimedecode feature.
* Fetchmail now detects singly-quoted % expansions in the mda option and
refuses
  to deliver for safety reasons. Fixes Debian Bug#347909.
* The Server certificate: message in verbose mode now appears on stdout
like the
  remainder of the output. Reported by Henry Jensen, to fix Debian Bug
#639807.

# CHANGES
* A foreground fetchmail can now accept a few more options while another
copy is
  running in the background.
* APOP is no longer a protocol, but an authentication method. In order
to use
  it, use protocol POP3 auth APOP, or on the commandline, -p pop3 --auth
apop.
  If no authentication method is specified, APOP is automatically tried if
  offered by the server before we resort to sending the password as
clear text.

# KNOWN BUGS AND WORKAROUNDS
  (This section floats upwards through the NEWS file so it stays with the
  current release information)
* Fetchmail does not handle messages without Message-ID header well
  (See sourceforge.net bug #780933)
* BSMTP is mostly untested and errors can cause corrupt output.
* Sun Workshop 6 (SPARC) is known to miscompile the configuration file
lexer in
  64-bit mode.  Either compile 32-bit code or use GCC to compile 64-bit
  fetchmail.  Note that fetchmail doesn't take advantage of 64-bit code,
  so compiling 32-bit SPARC code should not cause any difficulties.
* Fetchmail does not track pending deletes across crashes.
* The command line interface is sometimes a bit stubborn, for instance,
  fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some
circumstances if
  no or no global IPv6 addresses are configured.
  (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
  messages. This will not be fixed, because the maintainer has no Kerberos 5
  server to test against. Use GSSAPI.

--------------------------------------------------------------------------------

fetchmail-6.3.24 (released 2012-12-23, 26108 LoC):

# NOTE THAT THE RELEASE OF FUTURE FETCHMAIL 6.3.X VERSIONS IS UNCLEAR.
Should a 7.0 release be made earlier, chances are that the 6.3.X branch
is abandoned and its changes be folded into the 7.0 release, with changes
after 6.3.24 not available on their own in a newer 6.3.X release.

# NOTE THAT FETCHMAIL IS NO LONGER PUBLISHED THROUGH IBIBLIO.
  They have stopped accepting submissions and consider themselves an
archive.

# CRITICAL AND REGRESSION FIXES
* Plug a memory leak in OpenSSL's certificate verification callback.
  This would affect fetchmail configurations running with SSL in daemon mode
  more than one-shot runs.
  Reported by Erik Thiele, and pinned by Dominik Heeg,
  fixes Debian Bug #688015.
  This bug was introduced into fetchmail 6.3.0 (committed 2005-10-29)
  when support for subjectAltName was added through a patch by Roland
  Stigge, submitted as Debian Bug#201113.

* The --logfile option now works again outside daemon mode, reported by
Heinz
  Diehl. The documentation that I had been reading was inconsistent with the
  code, and only parts of the manual page claimed that --logfile was only
  effective in daemon mode.

# KNOWN BUGS AND WORKAROUNDS
  (This section floats upwards through the NEWS file so it stays with the
  current release information)
* Fetchmail does not handle messages without Message-ID header well
  (See sourceforge.net bug #780933)
* BSMTP is mostly untested and errors can cause corrupt output.
* Sun Workshop 6 (SPARC) is known to miscompile the configuration file
lexer in
  64-bit mode.  Either compile 32-bit code or use GCC to compile 64-bit
  fetchmail.  Note that fetchmail doesn't take advantage of 64-bit code,
  so compiling 32-bit SPARC code should not cause any difficulties.
* Fetchmail does not track pending deletes across crashes.
* The command line interface is sometimes a bit stubborn, for instance,
  fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some
circumstances if
  no or no global IPv6 addresses are configured.
  (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
  messages. This will not be fixed, because the maintainer has no Kerberos 5
  server to test against. Use GSSAPI.


fetchmail-6.3.23 (released 2012-12-10, 26106 LoC):

# REGRESSION FIXES
* Fix compilation with OpenSSL implementations before 0.9.8m that lack
  SSL_CTX_clear_options. Patch by Earl Chew.
  Note that the use of older OpenSSL versions with fetchmail is
unsupported and
  *not* recommended.

# BUG FIXES
* Fix combination of --plugin and -f -. Patch by Alexander Zangerl,
  to fix Debian Bug#671294.
* Clean up logfile vs. syslog handling, and in case logfile overrides
  syslog, send a message to the latter stating where logging goes.

# CHANGES
* The build process can now be made a bit more silent and concise through
  ./configure --enable-silent-rules, or by adding "V=0" to the make command.

# WORKAROUNDS
* Make Maillennium POP3 workarounds less specific, to encompass
  Maillennium POP3/UNIBOX (Maillennium V05.00c++). Reported by Eddie
  via fetchmail-users mailing list, 2012-10-13.

# TRANSLATION UPDATES
[cs] Czech, by Petr Pisar
[da] Danish, by Joe Hansen
[de] German
[fr] French, Frédéric Marchal
[ja] Japanese, Takeshi Hamasaki
[pl] Polish, by Jakub Bogusz
[sv] Swedish, by Göran Uddeborg
[vi] Vietnamese, Trần Ngọc Quân

--------------------------------------------------------------------------------