From: Matthias A. <mat...@gm...> - 2020-03-30 20:28:59
|
Greetings, The 6.4.3-rc2 release of fetchmail is now available at the usual locations, including <https://downloads.sourceforge.net/project/fetchmail/branch_6.4/>. | I found that one bug fix caused double-free errors with asan, and | the TLS1_3 warning rigging wasn't working properly, and that some | HAVE_DECL_ checks were broken. | | Please test if you use the plugin option, or if you are using a more complex configuration | with defaults, or where command line overrides rcfile. The source archive is available at: <https://downloads.sourceforge.net/project/fetchmail/branch_6.4//fetchmail-6.4.3-rc2.tar.xz> <https://downloads.sourceforge.net/project/fetchmail/branch_6.4//fetchmail-6.4.3-rc2.tar.lz> Here are the release notes: fetchmail-6.4.3 (WIP) ## BUGFIXES: * Plug memory leaks when parts of the configuration (defaults, rcfile, command line) override one another. * fetchmail terminated the placeholder command string too late and included garbage from the heap at the end of the string. Workaround: don't use place- holders %h or %p in the --plugin string. Bug added in 6.4.0 when merging Gitlab merge request !5 in order to fix an input buffer overrun. Faulty commit 418cda65f752e367fa663fd13884a45fcbc39ddd. Reported by Stefan Thurner, Gitlab issue #16. * Fetchmail now checks for errors when trying to read the .idfile, Gitlab issue #3. * Fetchmail's error messages that reports that the defaults entry isn't the first was made more precise. It could be misleading if there was a poll or skip statement before the defaults. ## CHANGES: * Fetchmail documentation was updated to require OpenSSL 1.1.1. OpenSSL 1.0.2 reached End Of Life status at the end of the year 2019. Fetchmail will tolerate, but warn about, 1.0.2 for now on the assumption that distributors backport security fixes as the need arises. Fetchmail will also warn if another SSL library that is API-compatible with OpenSSL lacks TLS v1.3 support. * If the trust anchor is missing, fetchmail refers the user to README.SSL. ## INTERNAL CHANGES: * The AC_DECLS(getenv) check was removed, its only user was broken and not accounting for that AC_DECLS always defines HAVE_DECL_... to 0 or 1, so fetchmail never declared a missing getenv() symbol (it was testing with #ifdef). Remove the backup declaration. getenv is mandated by SUSv2 anyways. And this is the Git history since -rc1: * aa38c490 2020-03-30 | Record po for 6.4.3-rc2. * 6f7a83c0 2020-03-30 | Make fetchmail -V print SSL/TLS library warnings... * 0e590bf4 2020-03-30 | Fix -SSL/+SSL reporting in fetchmail -V output. * 43b557d5 2020-03-30 | Fix HAVE_DECL_ users to check value, not definition. * 66a35bd6 2020-03-30 | Remove broken AC_CHECK_DECLS(getenv). * c9fb6180 2020-03-30 | Properly report if the defaults entry is not the first. * 5af21c95 2020-03-30 | Bump version, we'll need -rc2. * 85e5a019 2020-03-30 | fetchmail.c Avoid double-free in optmerge()'s STRING_MERGE macro. Happy fetches, Matthias |