[Fetchmail-devel] ANNOUNCE: fetchmail 6.4.25 release candidate #3 available (wolfSSL support, fixup Encrypt fix, fixup configure.ac, add systemd example)

[Matthias A. <mat...@gm...>]

Greetings,

The 6.4.25 release CANDIDATE #3 of fetchmail is now available at
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/>.

It fixes up the OpenSSL 1.0.2 workaround for Let's Encrypt Sites.
It contains support for wolfSSL 5.0, blocks out LibreSSL due to
licensing issues, and overhauls the configure script for OpenSSL.

release candidate #2 adds contrib/systemd (which see)
and makes some fixes to configure.ac. It updated some translations.

release candidate #3 makes more fixes to configure.ac and
updates some translations.

See COPYING, INSTALL, README.SSL, README.packaging for more details on 
the news.

Please test this thoroughly and report your findings so we can be sure that
6.4.25 will be a good release.

It has been mailed out to the translation project to solicit translation updates.

The source archive is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.25.rc3.tar.xz/download>

Detached GnuPG signatures for the respective tarballs are at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.25.rc3.tar.xz.asc/download>

SHA256 hash values for the tarballs:
SHA256(fetchmail-6.4.25.rc3.tar.xz)= d40995068ff7c18682ef0dcae051a44ec89b6a54df4dd2e50a25d32becfb15b2

Thanks to Corey Halpin for the suggestion about license clarification
with gnu.org links (submitted through FreeBSD's Bugzilla).

Here are the release notes:

---------------------------------------------------------------------------------
fetchmail-6.4.25.rc3 (release candidate issued 2021-11-28, 31636 LoC):

# BREAKING CHANGES:
* Since distributions continue patching for LibreSSL use, which cannot be
  linked legally, block out LibreSSL in configure.ac and socket.c, and
  refer to COPYING.  OpenSSL and wolfSSL 5 can be used.
  SSL-related documentation was updated, do re-read
  COPYING, INSTALL, README, README.packaging, README.SSL.
* Bump OpenSSL version requirement to 1.0.2f in order to safely remove
  the obsolete OpenSSL flag SSL_OP_SINGLE_DH_USE. This blocks out 1.0.2e and 
  older 1.0.2 versions. 1.0.2f was a security fix release, and 1.0.2u is 
  publicly available from https://www.openssl.org/source/old/1.0.2/
* Some of the configure.ac fiddling MIGHT have broken cross-compilation
  again. The maintainer does not test cross-compiling fetchmail; if you
  have difficulties, try setting PKG_CONFIG_LIBDIR to the pkg-config path
  containing your target/host libraries, or see if --with-ssl-prefix or 
  --with-wolfssl-prefix, or overriding LDFLAGS/LIBS/CPPFLAGS, can help.
  Feedback solicited on compliant systems that are before end-of-life.

# BUG FIXES:
* 6.4.24's workaround for OpenSSL 1.0.2's X509_V_FLAG_TRUSTED_FIRST flag
  contained a typo and would not kick in properly.
* Library and/or rpath setting from configure.ac was fixed.

# ADDITIONS:
* Added an example systemd unit file and instructions to contrib/systemd/
  which runs fetchmail as a daemon with 5-minute poll intervals.
  Courteously contributed by Barak A. Pearlmutter, Debian Bug#981464.

# CHANGES:
* fetchmail can now be used with wolfSSL 5's OpenSSL compatibility layer,
  see INSTALL and README.SSL. This is considered experimental.
  Feedback solicited.
* The getstats.py dist-tool now counts lines of .ac and .am files.
* ./configure --with-ssl now supports pkg-config module names, too. See INSTALL.

# TRANSLATIONS: language translations were updated by these fine people:
(in reverse alphabetical order of language codes so as not to prefer people):
* sv:    Göran Uddeborg [Swedish]
* sq:    Besnik Bleta [Albanian]
* pl:    Jakub Bogusz [Polish]
* ja:    Takeshi Hamasaki [Japanese]
* fr:    Frédéric Marchal [French]
* eo:    Keith Bowes [Esperanto]
* cs:    Petr Pisar [Czech]
--------------------------------------------------------------------------------

Happy fetches,
Matthias