From: Matthias A. <mat...@gm...> - 2020-04-05 10:14:57
|
Greetings, The 6.4.3 release of fetchmail is now available at the usual locations, including <https://downloads.sourceforge.net/project/fetchmail/branch_6.4/>. NOTE: I intend this to be the last 6.4.x version with functional changes, and new 6.4.x are not planned, except if regressions, critical fixes, or new translations or important documentation fixes appear and 6.5.0 is too far out. Fetchmail 6.4.x is the last branch that will tolerate OpenSSL 1.0.2 and C89 compilers, and support Python 2.7.x (for newer x) for fetchmailconf. == EXCURSION --------- The direction for the near future is to do some bugfixing and possibly minor features on the Git branch 'legacy_6x', for now called 6.5.0.dev*, it is a branch that will require newer operating systems, toolchains, library, for instance, OpenSSL 1.1.1 with TLSv1.3 support, C99 (for long long support) or possibly C11 (TBD) and possibly newer IEEE Std 1003.1 compliance. == END EXCURSION ----- The source archive is available with the same content but different compression format at: <https://downloads.sourceforge.net/project/fetchmail/branch_6.4/fetchmail-6.4.3.tar.lz> <https://downloads.sourceforge.net/project/fetchmail/branch_6.4/fetchmail-6.4.3.tar.xz> Detached GnuPG signatures are at: <https://downloads.sourceforge.net/project/fetchmail/branch_6.4/fetchmail-6.4.3.tar.lz.asc> <https://downloads.sourceforge.net/project/fetchmail/branch_6.4/fetchmail-6.4.3.tar.xz.asc> Digests (obtained from openssl dgst -sha256): SHA256(fetchmail-6.4.3.tar.lz)= b22217beb0a1545a84a111baada2008f00887afe395a8514805e5297366385d0 SHA256(fetchmail-6.4.3.tar.xz)= b0360e14b9aa5d065eef8ff99ad0347ef6cbbfc934c8114908295a402a09d3e4 Here are the release notes: fetchmail-6.4.3 (released 2020-04-05, 27530 LoC): ## BUGFIXES: * Plug memory leaks when parts of the configuration (defaults, rcfile, command line) override one another. * fetchmail terminated the placeholder command string too late and included garbage from the heap at the end of the string. Workaround: don't use place- holders %h or %p in the --plugin string. Bug added in 6.4.0 when merging Gitlab merge request !5 in order to fix an input buffer overrun. Faulty commit 418cda65f752e367fa663fd13884a45fcbc39ddd. Reported by Stefan Thurner, Gitlab issue #16. * Fetchmail now checks for errors when trying to read the .idfile, Gitlab issue #3. * Fetchmail's error messages that reports that the defaults entry isn't the first was made more precise. It could be misleading if there was a poll or skip statement before the defaults. ## CHANGES: * Fetchmail documentation was updated to require OpenSSL 1.1.1. OpenSSL 1.0.2 reached End Of Life status at the end of the year 2019. Fetchmail will tolerate, but warn about, 1.0.2 for now on the assumption that distributors backport security fixes as the need arises. Fetchmail will also warn if another SSL library that is API-compatible with OpenSSL lacks TLS v1.3 support. * If the trust anchor is missing, fetchmail refers the user to README.SSL. ## INTERNAL CHANGES: * The AC_DECLS(getenv) check was removed, its only user was broken and not accounting for that AC_DECLS always defines HAVE_DECL_... to 0 or 1, so fetchmail never declared a missing getenv() symbol (it was testing with #ifdef). Remove the backup declaration. getenv is mandated by SUSv2 anyways. ## UPDATED TRANSLATION - WITH THANKS TO THE TRANSLATORS: * sq: Besnik Bleta [Albanian] * zh_CN: Boyuan Yang [Chinese (simplified)] * pl: Jakub Bogusz [Polish] * cs: Petr Pisar [Czech] * fr: Frédéric Marchal [French] * sv: Göran Uddeborg [Swedish] * eo: Felipe Castro [Esperanto] -------------------------------------------------------------------------------- |