--- fetchmail-6.3.4.orig/debian/changelog +++ fetchmail-6.3.4/debian/changelog @@ -0,0 +1,2143 @@ +fetchmail (6.3.4-1ubuntu4.2) edgy-security; urgency=low + + * SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to + send certain warning messages + * added 05_CVE-2007-4565.dpatch to sink.c to verify msg is not NULL + * SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote + attackers may be able to acquire a portion of a user's authentication + credentials using man-in-the-middle techniques. + * added 06_CVE-2007-1558.dpatch. This patch adds notes about APOP's + limitations as well as updating pop3.c to more strictly validate the + presented challenge for RFC-822 conformity. This change to pop3.c does + not fix the APOP design flaw, but does make attacks against APOP somewhat + more difficult. + * References + CVE-2007-4565 + CVE-2007-1558 + + -- Jamie Strandboge Tue, 25 Sep 2007 10:29:49 -0400 + +fetchmail (6.3.4-1ubuntu4.1) edgy-security; urgency=low + + * SECURITY UPDATE: password can leak in cleartext when SSL configured. + * Add 'debian/patches/04.fix-cleartext-leak.dpatch': extracted from upstream. + * References + CVE-2006-5867 + + -- Kees Cook Tue, 9 Jan 2007 14:42:01 -0800 + +fetchmail (6.3.4-1ubuntu4) edgy; urgency=low + + * Add debian/patches/03.fix-ja.po.dpatch: Japanese does not have any plural + forms; remove the useless msgstr[1] from Japanese translation so that + msgfmt does not abort with a fatal error. Fixes FTBFS. + + -- Martin Pitt Mon, 23 Oct 2006 11:22:25 +0200 + +fetchmail (6.3.4-1ubuntu3) edgy; urgency=low + + * s/python2.3/python2.4/ in debian/rules to fix FTBFS. + + -- Scott James Remnant Thu, 12 Oct 2006 15:14:46 +0100 + +fetchmail (6.3.4-1ubuntu2) edgy; urgency=low + + * Remove stop script symlinks from rc0 and rc6. + + -- Scott James Remnant Mon, 18 Sep 2006 17:01:12 +0100 + +fetchmail (6.3.4-1ubuntu1) edgy; urgency=low + + * Merge from debian unstable, remaining changes: + - LSB init script, + - suggest postfix rather than exim4, + - python2.4 + + -- Scott James Remnant Thu, 6 Jul 2006 11:12:01 +0100 + +fetchmail (6.3.4-1) unstable; urgency=low + + [ Hector Garcia ] + * New upstream release + - pidfile: there is a new command-line (--pidfile PATH) and global option + for the rcfile (set pidfile [=] "/path/to/pidfile") option to allow + overriding the default location of the PID file. + * Removed es.po patch, integrated upstream. + * Changed init.d to use new flag --pidfile to place pid file on + /var/run/fetchmail/fetchmail.pid (Closes: #355457) + * Changed ip-up and ip-down to use invoke-rc.d + + [ Nico Golde ] + * Checked for new policy version and changed it in control. + + -- Hector Garcia Tue, 2 May 2006 14:24:51 +0200 + +fetchmail (6.3.3-1) UNRELEASED; urgency=low + + [ Nico Golde ] + * Added true return values to fetchmail.postinst so postinst will not fail + if fetchmailrc is empty (Closes: #355187). + * Removed syslog patch to not change old behaviour (Closes: #356675). + Reopened #282259. + * Modified homepage tag in control to fit with the new address. + * Removed && true crap from init script. + + [ Hector Garcia ] + * New upstream release + - SDPS: fetchmail no longer replaces the local user ID for an empty + envelope sender when using the proprietary SDPS extension for POP3. + (Closes: #353575) + - "ssl" is a user option rather than a server option. Patch by Nico Golde. + (Closes: #354661) + - --idle and --fetchall can now be specified on the command line, too. + * Updated es.po.dpatch + * Removed null-env-sender.dpatch, is included upstream. + * Removed 01.fix-netrc-sigsegv, is included upstream. + * Added dh_python and deleting .pyc and *.pyo from packages + * Changed init.d to remove stale pid file. + + -- Hector Garcia Tue, 4 Apr 2006 10:54:49 +0200 + +fetchmail (6.3.2-3) unstable; urgency=low + + [ Nico Golde ] + * Fixed watch file, thanks Bart Martens. (Closes: #354357) + * Included temporary patch to fix null envelope sender problem, + will be fixed with next upstream version. (Closes: #353575) + + -- Nico Golde Sat, 25 Feb 2006 20:51:10 +0100 + +fetchmail (6.3.2-2ubuntu2) dapper; urgency=low + + * Install fetchmailconf files into /usr/lib/python2.4 rather than + /usr/lib/python2.3 + - Malone #31798 + + -- Andrew Mitchell Wed, 29 Mar 2006 18:32:01 +1200 + +fetchmail (6.3.2-2ubuntu1) dapper; urgency=low + + * Resynchronise with Debian. This brings the new upstream version to dapper + since upstream support for 6.2 was dropped. + * Drop debian/patches/CVE-2005-4348.dpatch, upstream now. + + -- Martin Pitt Tue, 7 Feb 2006 12:12:13 +0100 + +fetchmail (6.3.2-2) unstable; urgency=low + + [ Nico Golde ] + * included 01.fix-netrc-sigsegv patch to fix a segmentation fault + if no password for an account in netrc is set. Will be included in + next upstream release. + + [ Hector Garcia ] + * Included 02.fix-print-date patch to fix regresion on log notification. + Is included on upstream devel branch. (Closes: #282259) + + -- Hector Garcia Fri, 3 Feb 2006 11:19:49 +0100 + +fetchmail (6.3.2-1) unstable; urgency=low + + [ Nico Golde ] + * New upstream release + - Security fix of CVE-2006-0321 (Closes: #348747). + - Fix help for poll interval and fetchall in + fetchmailconf (Closes: #344978). + - Don't complain about READ-ONLY IMAP folders in + --fetchall --keep mode (Closes: #348964). + * Removed 01_man_page.dpatch file upstream included it. + * Fixed watch file to match on bz2 files. + + [ Hector Garcia ] + * Changed usermod --home to -d to prevent failure on old versions of passwd. + (Closes: #348855) + + -- Hector Garcia Tue, 24 Jan 2006 16:46:51 +0100 + +fetchmail (6.3.1-4) unstable; urgency=low + + [ Nico Golde ] + * Fixed broken symlink (Closes: #348134). + * removed gzip of fetchmailconf.1 cause we should ignore it, + it points to a wrong fetchmail manpage so we set a symlink + manually. + + [ Hector Garcia ] + * Reverted pidfile location (Closes: #348037). + * Removed #!/usr/bin/env python from fetchmailconf.py since it + is used as a lib not as a script. New dpatch file. + + -- Hector Garcia Mon, 16 Jan 2006 10:27:04 +0100 + +fetchmail (6.3.1-3) unstable; urgency=low + + [ Nico Golde ] + * Fixed FTBFS on buildds (Closes: #347996). + + [ Hector Garcia ] + * Moving fetchmail.pid instead of deleting it on upgrade to prevent + failure on first reboot (Closes: #348037). + * Fixed bug that emptyed /etc/default/fetchmail. + + -- Hector Garcia Sun, 15 Jan 2006 03:34:05 +0100 + +fetchmail (6.3.1-2) unstable; urgency=low + + * Added usr/lib/python2.3/site-packages/ to fetchmailconf install files to + fix breakage from last upload. + + -- Hector Garcia Fri, 13 Jan 2006 13:11:13 +0100 + +fetchmail (6.3.1-1) unstable; urgency=low + + [ Nico Golde ] + * New upstream release + - Fixed tracepolls problem for 2nd user in skip stanza (Closes: #156094). + - Corrected global option descriptions in manpage (Closes: #241883). + - Progress dots will appear now (Closes: #298557). + - Fixed manpage typos (Closes: #323028). + - Fixed character encoding of fetchmail daemon (Closes: #277324). + - Fixed broken subjects in notification mails (Closes: #301348) + - uidl usage is not switched on by default anymore (Closes: #304701). + - Security fix. CVE-2005-4348 (Closes: #345944). + - Ipv6 is now enabled by default (Closes: #345263, #329975). + * Removed de.po fix because upstream included it. + * Added Homepage tag to control file. + * Update manpage patch to current version. + * Removed flex and bison from build depends, they are no longer needed. + * Fetchmail now uses gettext. + * Removed --enable-ipv6 (its default now) and --enable-netsec cause + it is no longer working. + * Added call to make update-gmo to fix localisation problems (Closes: #340630). + * Updated copyright file. + * Removed Loïc Minier from uploaders. + * Added fetchmail-ssl removal to NEWS file. + * Removed xutils dependency because makedepend is not necessary since 6.3.0. + * Moved fetchmail home directory to /var/lib/fetchmail (Closes: #327250). + * Removed NEWS.truncated file from installation and replaced with OLDNEWS. + + [ Hector Garcia ] + * Remove man1 from mandir on install time. (change on the packaging). + * Added myself to uploaders. + * Added patch to fix warning on fetchmail man page. Should submit upstream. + * Included gettext on build-depend. + * Included patch to update es.po. Already sended patch to usual translator. + * Added /etc/default/fetchmail to define when to start fetchmail or not + (Closes: #344582, #218040, #276044). + * Added NEWS.Debian to explain above. + * Made changes on control file to delete properly old fetchmail-ssl. I must + ask ftpmaster to delete it from archive. + * Removed depend on base-files (>= 2.2.0). Woody was released with 3.0.2 + * Fixed a problem on debian/rules that was forcing configure to be called twice. + * Changed UIDL file to /var/lib/fetchmail/.fetchmail-UIDL-cache since now + upstream needs to write more files on same dir, hence /var/mail it is not + suitable. + * Added python to build-depends. + + -- Hector Garcia Fri, 13 Jan 2006 12:01:10 +0100 + +fetchmail (6.3.0-1) unstable; urgency=low + + * New upstream release. + - Security fix. CVE-2005-2335 and CVE-2005-3088 + - Drop support for OS not conforming to the Single Unix Specification v2 + or v3 (aka IEEE Std 1003.1-2001). + - Default for --smtphost is now always "localhost". + - Force fetchsizelimit to 1 for APOP and RPOP. + - Patch, to use a NULL envelope from, not write a Return-Path header (both to + meet RFC-2821), changed From, added Subject header, rewording the human + readable part. (Closes: #316446). + - Patch to avoid a segfault in multidrop/received mode when the + Received: headers are malformatted. + - MIME-encode bodies and Subject headers of warning messages, limiting + the header to 7 bits. + - Normalize most locale codesets to IANA codesets. + - Nico Golde's patch to support "proto RPOP" in the configuration file, + reported. (Closes: #242384) + - Added Russian translation. + - Dropped da=Danish, el=Greek and tr=Turkish translations which have more + than 10% (61+) untranslated or fuzzy messages. + - Major fetchmail(1) manual page overhaul. + - Fix fetchmail leaks sockets when SSL negotiation fails. + (Closes: #301964). + - Really fix (garbage in Received: lines when smtphostset). + (Closes: #207919). + - When writing the PID file, write a FHS 2.3 compliant PID file. + (Closes: #230615). + - Make ODMR really silent, suppress "fetchmail: receiving message data". + (Closes: #296163). + - Add From: header to warning emails. (Closes: #244828). + - Fix IMAP code to use password of arbitrary length from configuration + file (although not when read interactively). (Closes: #276424). + - Document that fetchmail may automatically enable UIDL option. + (Closes: #304701). + - Put *BOLD* text into the manual page near --mda to state unmistakably + that the --mda %T and %F substitutions add single quotes, hoping to avoid + bogus bug reports. (Closes: #224564). + - gettext (intl/) has been removed from the fetchmail package. + - Use of automake. + - Rename fetchmailconf to fetchmailconf.py. Created a /bin/sh wrapper. + - New dummy fetchmailconf manual page. + - fetchmailconf redirects fetchmail's input from /dev/null so it doesn't + wait for the user to enter a password when the user doesn't even see the prompt. + - Write RFC-compliant BSMTP envelopes. + - Received: headers now enclose the for <...> destination address in angle + brackets for consistency with Postfix. + - Delete oversized messages with the new --limitflush option. + (Closes: #212240). + - Add full support for --service option. + - Make "envelope 'Delivered-To'" work with dropdelivered. + - fetchmail should now automatically detect if OpenSSL requires -ldl + - Missed --port/--service/--ssl cleanups in the manual. + - Properly shut down SSL connections. + - Add support for SubjectAltName (RFC-2595 or 2818), to avoid bogus certificate + mismatch errors. Patch by Roland Stigge, Debian Bug#201113. (MA) + - make fetchmail --silent --quit really silent. (Closes: #229014) + - Exit with error if the lock file cannot be read. + - Do not break some other process's lockfile in "-q" mode, but wait for + the other process's exit. + - Man page: --sslfingerprint points user to x509(1ssl) and gives an + example how to use it. (Closes: #213484) + - Try to obtain FQDN as our own host by default, rather than using + "localhost". If hostname cannot be qualified, complain noisily and continue, + unless Kerberos, ODMR or ETRN are used (these require a FQDN). + Partial fix of Debian Bug#150137. (Closes: #316454). + - fetchmailconf now sets the service properly after autoprobe. + (Closes: #320645). + - When eating IMAP message trailer, don't see any line containing "OK" + as the end of the trailer, but wait for the proper tagged OK line. To work + around the qmail + Courier-IMAP problem in Debian. (Closes: #338007). + - Fixes: when trying to send a bounce message, don't bail out if we cannot + qualify our own hostname, so we aren't losing the bounce. Instead, pass the + buck on to the SMTP server and use our own unqualified hostname. + (Closes: #317761) + - Updated translations: Albanian [sq] (Besnik Bleta), Catalan [ca] (Ernest + Adrogué Calveras), Czech [cs] (Miloslav Trmac), German [de] (MA), + Spanish (Castilian) [es] (Javier Kohen), French [fr] (MA), + Polish [pl] (Jakub Bogusz), Russian [ru] (Pavel Maryanov). + - In oversized warning messages, print the account name, too. + (Closes: #213299). + * Remove man1 from mandir on install time. (change on the packaging). + * Deleted es.po patch. Included upstream. Updated 00list. + * Added myself to uploaders. + * Added patch to fix warning on fetchmail man page. Should submit upstream. + + -- Hector Garcia Wed, 21 Dec 2005 13:18:58 +0100 + +fetchmail (6.2.5.4-1ubuntu2) dapper; urgency=low + + * SECURITY UPDATE: Remote DoS. + * Add debian/patches/CVE-2005-4348.dpatch: + - Fix double free crash on messages without any headers when using + multidrop mode. + - Fix backported from stable 6.2.5.5 release. + - CVE-2005-4348. + + -- Martin Pitt Mon, 2 Jan 2006 16:42:02 +0100 + +fetchmail (6.2.5.4-1ubuntu1) dapper; urgency=low + + * Resynchronise with Debian. + + -- Martin Pitt Thu, 17 Nov 2005 17:31:25 +0100 + +fetchmail (6.2.5.4-1) unstable; urgency=high + + [ Lucas Wall ] + - pidfile checking in init.d script (closes: #323637). + + [ Nico Golde ] + - Only create fetchmail user if it doesn't exist (closes: #330522,#321272). + - respect the permissions of fetchmail home. + - rebuild against latest openssl version. + - removed deletion of /etc/fetchmailrc, + see statement in BTS. (closes: #288063). + - adjusted legal notes (Thanks Marc Brockschmidt for the hint). + + [ Loic Minier ] + * New upstream stable releases. + - Fix password exposure in fetchmailconf: use umask 077 before opening + output file and restore umask later. (Closes: #336096) + This is CVE-2005-3088. + - Drop 01pop3sec.dpatch, included upstream. + - Fix IMAP timeouts, counting message count down on servers that do not + send EXISTS counts after EXPUNGE. (Closes: #314509) + - Unlist spanish translation patch for now, as the spanish translation was + completely destroyed upstream. + * Add myself to Uploaders. + + -- Loic Minier Tue, 15 Nov 2005 18:53:37 +0100 + +fetchmail (6.2.5-18ubuntu1) dapper; urgency=low + + * Resynchronise with Debian. + + -- Tollef Fog Heen Mon, 14 Nov 2005 10:44:13 +0100 + +fetchmail (6.2.5-18) unstable; urgency=low + + * Nico Golde: + - fixed too late apply of dpatch patches + - fixed init script (closes: #320584) + + -- Lucas Wall Sat, 30 Jul 2005 13:11:15 -0300 + +fetchmail (6.2.5-17) unstable; urgency=high + + * Nico Golde: + - reverted change of MTA because exim4 should be the default MTA in debian + (closes: #320311). + - included patch for Spanish translation (closes: #286044). + - included patch for German translation (closes: #313699). + + -- Lucas Wall Thu, 28 Jul 2005 11:27:53 -0300 + +fetchmail (6.2.5-16) unstable; urgency=high + + * Nico Golde: + - changed suggests exim4 to postfix because of personal preference + - renewed copyright file + - added dpatch to build dependencies + - removed fetchmail.NEWS file cause it is no longer current + - new upstream patch because of security issue CAN-2005-2335 + + -- Nico Golde Fri, 22 Jul 2005 08:01:03 -0200 + +fetchmail (6.2.5-15) unstable; urgency=high + + * Nico Golde: + - fixed buffer overrun in pop3 UIDs handling CAN-2005-2335 + http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt + (closes: #212762) + + -- Lucas Wall Thu, 21 Jul 2005 13:25:10 -0300 + +fetchmail (6.2.5-14) unstable; urgency=low + + * Nico Golde: + - Remove fetchmailrc if package is purged. (closes: #288063) + - modified /etc/fetchmailrc message so it only will be printed + if $1 is start + - corrected Maintainers field in control + + -- Lucas Wall Sun, 17 Jul 2005 14:21:34 -0300 + +fetchmail (6.2.5-13ubuntu4) dapper; urgency=low + + * SECURITY UPDATE: Password disclosure. + * fetchmailconf: Create output configuration file under umask 077 to avoid + exposing the file with world-readable permission for a short time. + * CVE-2005-3088 + + -- Martin Pitt Mon, 7 Nov 2005 16:03:25 -0500 + +fetchmail (6.2.5-13ubuntu3) breezy; urgency=low + + * Removed error message if /etc/fetchmailrc doesn't exist on startup, + which it won't on fresh installs. (Ubuntu #13044). + + -- Scott James Remnant Thu, 18 Aug 2005 02:42:02 +0100 + +fetchmail (6.2.5-13ubuntu2) breezy; urgency=low + + * SECURITY UPDATE: Fix remote buffer overflow. + * pop3.c: Bound maximum string size read by sscanf to not overflow the input + buffer when a malicious POP3 server sends overly large IDs. + * References: + CAN-2005-2335 + http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt + + -- Martin Pitt Tue, 26 Jul 2005 10:32:27 +0200 + +fetchmail (6.2.5-13ubuntu1) breezy; urgency=low + + * Resynchronise with Debian. + + -- Michael Vogt Mon, 27 Jun 2005 14:11:52 +0200 + +fetchmail (6.2.5-13) unstable; urgency=low + + * New maintainers. (closes: #295331) + * Lucas Wall: + - Removed debconf dependency (debconf was dropped in 6.2.5-1). + - Added build-dep on autotools-dev and switched to "copy + config.{guess,sub} on build schema". + * Nico Golde: + - Updated watch file. + - Improved init script. + - Removed conflict with popclient. (closes: #262257) + - Fixed pid file creation. (closes: #263447) + - Included contrib/fetchsetup into package. (closes: #303789) + - fixed broken esmtp support patch. (closes: #285934) + + -- Lucas Wall Fri, 24 Jun 2005 20:36:36 -0300 + +fetchmail (6.2.5-12ubuntu4) breezy; urgency=low + + * Suggest: postfix | mail-transport-agent + + -- LaMont Jones Tue, 3 May 2005 11:27:18 -0600 + +fetchmail (6.2.5-12ubuntu3) breezy; urgency=low + + * Fix another FTBFS with gcc-4.0. + + -- Matthias Klose Tue, 3 May 2005 15:29:10 +0200 + +fetchmail (6.2.5-12ubuntu2) breezy; urgency=low + + * Fix FTBFS (amd64/gcc-4.0): Closes: #285934. + + -- Matthias Klose Tue, 3 May 2005 12:22:47 +0200 + +fetchmail (6.2.5-12ubuntu1) hoary; urgency=low + + * Resynchronise with Debian. + + -- Michael Vogt Mon, 20 Dec 2004 18:54:54 +0100 + +fetchmail (6.2.5-12) unstable; urgency=medium + + * Provide fetchmail-ssl package to facilitate upgrades from woody. + + -- Graham Wilson Mon, 29 Nov 2004 00:43:30 +0000 + +fetchmail (6.2.5-11ubuntu1) hoary; urgency=low + + * Resynchronise with Debian. + + -- Matthias Klose Mon, 1 Nov 2004 10:56:42 +0100 + +fetchmail (6.2.5-11) unstable; urgency=medium + + * Check to see if the fetchmail user exists before starting the system-wide + fetchmail service. If not, re-add the user. This is to avoid problems when + the user purges a fetchmail-common package from woody. (closes: #268228) + * Only install the NEWS file in the fetchmail package. + + -- Graham Wilson Tue, 14 Sep 2004 17:05:44 +0000 + +fetchmail (6.2.5-10) unstable; urgency=low + + * Fix resolvconf script error. (closes: #257647) + + -- Graham Wilson Mon, 05 Jul 2004 08:11:07 +0000 + +fetchmail (6.2.5-9) unstable; urgency=low + + * Don't use -a with test. (closes: #252093) + * Update the server logcheck ignore file. (closes: #253022) + * Update the resolvconf script. (closes: #252807) + + -- Graham Wilson Fri, 11 Jun 2004 19:50:36 +0000 + +fetchmail (6.2.5-8ubuntu2) warty; urgency=low + + * Added versioned depend on lsb-base + + -- Nathaniel McCallum Fri, 3 Sep 2004 14:53:58 -0400 + +fetchmail (6.2.5-8ubuntu1) warty; urgency=low + + * debian/init: pretty initscript + + -- Nathaniel McCallum Thu, 2 Sep 2004 17:55:44 -0400 + +fetchmail (6.2.5-8) unstable; urgency=low + + * Add a note to README.Debian concerning errors when using the UIDL file. + * Fix checking of "set no syslog" in the init script. (closes: #243142) + * Remove documentation about UIDL cache transition, since we no longer handle + that specially. + * Add a patch from Paul Slootman to use uname(2), instead of uname(1) in + interface_init. (closes: #224778) + * Clean up documentation of the 'antispam' option. (closes: #241878) + * Document 'set no syslog' in the example rc file. + * When determining /proc/net/dev format, assume post-Linux 2.2 by default. + + -- Graham Wilson Fri, 14 May 2004 07:06:34 +0000 + +fetchmail (6.2.5-7) unstable; urgency=medium + + * Don't output dots if we are loggin to syslog. (closes: #217610) + * Don't handle the case where the UIDL cache is in root's home directory. + Users have had all of woody to take care of moving that file. + * Document in NEWS how options should be set now that /etc/default/fetchmail + doesn't exist. (closes: #242755) + * Don't add the syslog option to the command line if the user has 'set + no syslog' in /etc/fetchmailrc. (closes: #242165) + * Apply patch for the debug mode in the init script. Thanks to Ilguiz + Latypov. (closes: #240598) + * Set the permissions correctly on the UIDL cache file. (closes: #241649) + + -- Graham Wilson Fri, 09 Apr 2004 01:06:56 +0000 + +fetchmail (6.2.5-6) unstable; urgency=medium + + * Rename NEWS.Debian to NEWS, so that it gets installed. + * Use a better check for the daemon option in the system-wide + fetchmailrc file. (closes: #240699) + * Update the sample fetchmailrc to reflect the current state of the + fetchmail package. + * Create the UIDL cache file if it doesn't exist and we are going to + use it. Hopefully this fixes it. (closes: #237703) + + -- Graham Wilson Fri, 02 Apr 2004 04:07:14 +0000 + +fetchmail (6.2.5-5) unstable; urgency=low + + * Reformat NEWS.Debian, and try to make it more accurate as to the changes. + * Don't discard output from the ip-up script. + * Use normal fetchmail PID file format. This re-opens #230615. + (closes: #235519, #240159) + * Only call fetchmail with the --daemon option if system-wide config file + doesn't. (closes: #236105, #238036) + * Reread config file if we are re-execing ourselves. Thanks to Jeff Norman + for the patch. (closes: #202787) + * Correct man page documentation concerning using --quit with other + options. (closes: #226822) + * Change owner of UIDL cache file if it exists. (closes: #237703) + + -- Graham Wilson Fri, 26 Mar 2004 05:07:34 +0000 + +fetchmail (6.2.5-4) unstable; urgency=low + + * Install logcheck ignore files correctly, and add a line to the workstation + file. (closes: #234713) + + -- Graham Wilson Wed, 25 Feb 2004 23:19:47 +0000 + +fetchmail (6.2.5-3) unstable; urgency=low + + * Make return codes and messages comply with the LSB. (closes: #234352) + * Correctly detect if the running process is backgrounded. (closes: #234387) + * Fix error in ja.po. (closes: #233634) + * Set fetchsizelimit = 1 for all POP3 variants. (closes: #234268) + * Quote x11 in the menu file to make lintian happy. + * Update standards version to 3.6.1 (no changes). + + -- Graham Wilson Wed, 25 Feb 2004 22:50:38 +0000 + +fetchmail (6.2.5-2) unstable; urgency=low + + * Thanks to Thomas Hood for his help with this release. + + * Suggest resolvconf. + * Rename the init script in the debian/ directory. + * Minor man page fixes. (closes: #231072) + * Use FHS compliant lock format. (closes: #230615) + * Under try-restart, just re-invoke the script with the restart argument. + * Don't die if /etc/fetchmailrc has the wrong permissions. + * Clean up in postrm, including calling dh_purge and not complaining + so much. + * Correct the test in try-restart. (closes: #230613) + * Call invoke-rc.d with the --quiet option. + + -- Graham Wilson Sun, 22 Feb 2004 03:18:40 +0000 + +fetchmail (6.2.5-1) experimental; urgency=low + + * This release is mostly a rewrite of postinst, rules, and the init + script; I have tried to clean them up some, and to add some + improvements. (closes: #221115) + + * Use invoke-rc.d in postinst and prerm. (closes: #218040) + * In ip-up, only restart fetchmail if it is running. (closes: #222535) + * Rip out all of the debconf-related stuff. (closes: #215818) + + * In debian/rules: + - correctly support noopt and nostrip + - use dh_install in favor of dh_movefiles + - move commands from install target to binary-arch target + - use debian/compat instead of DH_COMPAT + + * Documentation updates: + - clean up README.Debian and try to clarify some things + - update the copyright file + - add a NEWS file + + * Add a watch file for uscan. + * Add support for resolvconf. + + * New upstream release. + + -- Graham Wilson Fri, 30 Jan 2004 02:24:01 +0000 + +fetchmail (6.2.4-7) unstable; urgency=low + + * Suggest exim4 instead of exim. (closes: #228593) + + -- Graham Wilson Tue, 20 Jan 2004 17:33:25 +0000 + +fetchmail (6.2.4-6) unstable; urgency=low + + * Build the postinst file for the binary-arch target. (closes: #225396) + + -- Graham Wilson Mon, 29 Dec 2003 18:20:39 +0000 + +fetchmail (6.2.4-5) unstable; urgency=low + + * Replace autogen.sh with a new script. + * Remove config.status & Makefile on distclean. + * debian/rules: + - Don't automatically run autogen.sh. + - Don't automatically update config.sub or config.guess + - Remove the need for configure-stamp. + - Remove uneeded variables. + - Clean up `clean' and `config.status' targets. + - Update --build and --host usage. + * Don't need {executable,deletable}.files + * Remove old control and changelog files. + * Convert changelog to UTF-8. + * Update es.po, thanks Carlos Valdivia Yagüe. (closes: #220926) + * Fix numerous small errors in the manpage. + * debian/control: + - New maintainer. Thanks Benjamin. (closes: #221919) + - Trim the build-depends list. + - Don't need to build-depend on m-t-a, since it was only used for + fallback selection. + + -- Graham Wilson Tue, 23 Dec 2003 17:18:07 +0000 + +fetchmail (6.2.4-4) unstable; urgency=low + + * Fix postinst bugs (closes: #216630) + * Remove if-up crap, which was a bad idea(tm) (closes: #216503, #217985) + * Update russian and danish translation (closes: #214355, #216330) + * Clean up source tree from old templates (closes: #217434) + + -- Benjamin Drieu Tue, 28 Oct 2003 22:35:27 +0100 + +fetchmail (6.2.4-3) unstable; urgency=low + + * Fix a typo in new if-up.d/fetchmail script (closes: #212554). + + -- Benjamin Drieu Mon, 29 Sep 2003 08:27:32 +0200 + +fetchmail (6.2.4-2) unstable; urgency=low + + * Hack sink.c again to handle smtpname gracefully (Closes: #207919). + * Fix a bug that prevented limit and flush to cooperate (closes: #212240). + * Update Brazilian (closes: #207967), French (closes: #208999), Japanese + (closes: #211015) and Dutch (closes: #211148) debconf translations. + * Add a /etc/network/if-up.d/fetchmail script to handle restarted + interfaces (closes: #212554). + + -- Benjamin Drieu Sun, 28 Sep 2003 15:18:40 +0200 + +fetchmail (6.2.4-1) unstable; urgency=medium + + * The "Let fix some bugs" release + * New upstream version: + + Updated German, Spanish, Catalan, and Turkish translations. + + IDLE is now supported using no-ops even if the server doesn't + support the IMAP IDLE extension. (closes: #202308) + + Sunil Shetye's patch to do better password shrouding. + (closes: #200470) + + Sunil Shetye's bug-fix rollup patch. + - Protocol errors do to incorrect assumption of protocols being able + to skip bodies (Closes: #203319, #201829, #207281, #204602) + - Avoid useless reconnections with limit & expunge (closes: #202207) + - Fix some auth problems (closes: #197813, #199462, #200208) + - Fix a parse error in fetchmailrc (closes: #184078) + - Finally fix the broken headers bug + (closes: #146690, #170941, #197007) + + Introduce a translation item for the word "seen". (closes: #158050) + + Back out the hack to deal with lack of byte stuffing on some POP3 + servers. + + Thomas Steudten's patch to improve SMTP handling of 550 errors. + * Switch to po-debconf based templates (closes: #200361) + * Make sure we use the pidfile (closes: #207295) + * Fix a small typo in manpage (closes: #205892) + + -- Benjamin Drieu Thu, 28 Aug 2003 15:47:25 +0200 + +fetchmail (6.2.3-1) unstable; urgency=low + + * New upstream version: + - German, Danish, Spanish, and Turkish translations updated. + - Brian Sammon's patch to deal with malformed message lines containiing NULs. + - Fai's patch to ignore all but the first Return-Path (some spams have + more than one of these) (closes: #192977). + - Bendebjamin Drieu's patch to properly byte-stuff when talking to BSNTP + (closes: #184469). + - Benjamin Drieu's patch to enable auth=cram-md5. (closes: #185232) + - Sunil Shetye's configure.in patch to avoid spurious search order messages + from GCC. + - Header-reading code now copes better with lines ending in \n only. + - Elias Israel's patches for POP3 NTLM support and dealing with byte- + stuffing failures at socket level. + * Fix my patch fixing #156592 (closes: #188417) + * Add a new logcheck patterns (closes: #198274, #202619) + * Fix dead links in debian/copyright (closes: #200519) + + -- Benjamin Drieu Mon, 21 Jul 2003 10:49:04 +0200 + +fetchmail (6.2.2-4) unstable; urgency=low + + * Yet another init.d/fetchmail shell script error. + + -- Benjamin Drieu Fri, 4 Jul 2003 13:51:35 +0200 + +fetchmail (6.2.2-3) unstable; urgency=low + + * Fix typo in shell script (closes: #197744) + + -- Benjamin Drieu Tue, 17 Jun 2003 10:49:37 +0200 + +fetchmail (6.2.2-2) unstable; urgency=low + + * Do not croak if /usr/share/doc/fetchmail is missing (closes: #197631) + + -- Benjamin Drieu Mon, 16 Jun 2003 17:01:41 +0200 + +fetchmail (6.2.2-1) unstable; urgency=low + + * New upstream source: + + Sunil Shetye's patch to improve behavior in empty messages. + (closes: #173343) + + Conform to RFC2595; reissue capability probes after successful + STARTTLS negotiation. + + Sunil's patch to make handling of failed STARTTLS more graceful. + + Sunil's JF2 fix patch for .fetchmailrc security fix. + + Christophe GIAUME finished the implementation + of RFC2177 IDLE. + + Jason Tishler's fix patch for Cygwin. + + Support ssh-style authentication in POP3 + + Fix for Debian bug #108977, clean up config file evaluation, + by Benjamin Drieu. (already closed in 6.2.1-1) + * Provide an example of smtphost (closes: #192710) + * Fix two errors in manpage (closes: #180917, #189918) + * Fix init.d script not to override conffile's idfile option + (closes: #190762) + + -- Benjamin Drieu Wed, 11 Jun 2003 13:08:37 +0200 + +fetchmail (6.2.1-1) unstable; urgency=low + + * New upstream source: + + Updated German, Turkish, Spanish, and Danish translation files. + + Integrated Sunil Shetye's patch to make mark_seen an explicit method + + Removed FAQ warning about GMX and associated fetchmailconf check, we + have a report that its servers are conformant now. + + Another Sunil patch to fix a minor bug in bouncemail generation + (closes: #174795) + * Build with libssl-0.9.7 + * Hack fetchmail.c to prevent excessive config file evaluations + (closes: #108977) + * Add a "sleep" in init script to make restart happy (closes: #180545) + * Remove autom4te.cache after build (closes: #179134) + * Make etc files conffiles (closes: #175436) + + -- Benjamin Drieu Fri, 31 Jan 2003 11:05:11 +0100 + +fetchmail (6.2.0-3) unstable; urgency=high + + * Rebuilt package with testing dependencies, so that it will hit testing + as soon as possible, thus severity is high (will close grave bug #175990). + * Fix an attempt to ls conf file even if not created (closes: #174675) + * Add a new regexp to logcheck (closes: #176861, 176861) + * Update spanish templates (closes: #174402) + * Fix a german typo in templates (closes: #174553) + * Update man page (closes: #173862) + + -- Benjamin Drieu Thu, 16 Jan 2003 16:32:16 +0000 + +fetchmail (6.2.0-2) unstable; urgency=high + + * Attempt to close #169568, which may be caused by a subtle touch behavior + on ia64 and alpha. Many thanks to Lukas Geyer (closes: #169568). + * Do not frob conffile unconditionally (closes: #150533) + + -- Benjamin Drieu Thu, 19 Dec 2002 14:08:48 +0100 + +fetchmail (6.2.0-1) unstable; urgency=high + + * New upstream version + + SECURITY FIX: Applied Steffen Esser's fix for a buffer-overflow + bug in rfc822.c + + Updated Danish, German, and Turkish translation files. + + Sunil Sheye's SMTP timeout patch. + + -- Benjamin Drieu Wed, 18 Dec 2002 11:41:28 +0100 + +fetchmail (6.1.3-2) unstable; urgency=low + + * Fix stupid typo that prevented changelog to be installed + (closes: #171525) + * Add a recommendation on "ca-certificates" on a idea of Andrew Lau + + -- Benjamin Drieu Fri, 30 Nov 2002 10:40:12 +0100 + +fetchmail (6.1.3-1) unstable; urgency=low + + * New upstream source + + Updated Turkish, Danish, German, Spanish, Catalan po files. + + Added Slovak support. + + Configure.in update for autoconf 2.5 (Art Haas). + + Be case-insensitive when looking for IMAP responses. + + Fix logout-after-idle-delivery bug (Sunil Shetye). + + Sunil Shetye's patch to bulletproof end-of-header detection. + (closes: #146690) + + Sunil's fix for the STARTTLS problem -- repoll if TLS nabdshake + fails. The attempt to set up STARTTLS can be suppressed with + 'sslproto ""'. + * Merge fetchmail and fetchmail-ssl into one single source. Remove + fetchmail-common (closes: #164570) + * FTBFS for 6.1.2 are not relevant anymore (closes: #169568, #169571) + * Do not advertise non-free software in control (closes: #170659) + * Hack sink.c to prevent segfaults on null headers while bouncing + mail (closes: #170029) + * PPP ip-up script now restart fetchmail (closes: #145437) + + -- Benjamin Drieu Fri, 29 Nov 2002 16:08:00 +0100 + +fetchmail (6.1.2-1) unstable; urgency=low + + * New upstream source (closes: #164621, #167472, #146690) + + Jan Klaverstijn's verbosity-lowering patch. + + Updated Turkish, German, Catalan, and Danish translation files. + + Fix processing of POP3 messages with missing bodies. + + Minor fixes by Sunil Shetye: fix generation of auth fail note, + handle unexpected SIGALRM, plug memory leak, handle lines beginning + with '\0', try to bulletproof error handling against read failures. + * Fix manpage which was outdated regarding antispam capabilities + (closes: #167266) + * Users should now be able to build custom packages with Kerberos, + (closes: #165762) + + -- Benjamin Drieu Wed, 23 Oct 2002 18:24:18 +0200 + +fetchmail (6.1.0-2) unstable; urgency=medium + + * Fix trivial fetchmail --configdump bug (closes: #163286) + * Fix typo in ROOT_UID checking in fetchmail.c (closes: #163043) + * Apply Sunil Shetye patches to fix various IMAP and POP3 SSL problems + (closes: #163028, #162566, #162625) + * Hack do_session() to avoid not-so-silent "Repoll" messages in silent + mode (closes: #162571) + * Hack smtp_open() to strip port number that caused invalid email adresses + (closes: #156592) + + -- Benjamin Drieu Wed, 9 Oct 2002 23:12:04 +0200 + +fetchmail (6.1.0-1) unstable; urgency=low + + * New maintainer (closes: #156667) + * New upstream source (closes: #152125): + + Updated French translation. + + SECURITY FIX: Stefan Esser's fix for potential remote vulnerability + in multidrop mode. This is an important security fix! + + Applied Matt Kraai's fixes for minor Debian bugs (Closes: #144539, #152222). + + Nerijus Baliunas's patch to support STARTTLS over IMAP. + + More cleanups and minor bugfixes from Sunil Shetye (Closes: #117472). + + Default antispam-response list is now empty. + + Updated de and po translations. + * fetchmail-common: Fix wrong path in /etc/init.d/fetchmail (closes: #158323) + + -- Benjamin Drieu Thu, 26 Sep 2002 16:29:28 +0200 + +fetchmail (5.9.11-7.0) unstable; urgency=low + + * NrMU (I have RFA'ed this thing, and I MEAN it) + * Recompile to get new python dependencies right (closes: #158997) + + -- Henrique de Moraes Holschuh Mon, 16 Sep 2002 13:17:57 -0300 + +fetchmail (5.9.11-7) unstable; urgency=high + + * Same as woody 5.9.11-6 + * SECURITY FIX: avoid buffer overflow on 64bit archs (imap.c) + This is a remote-expolitable buffer overflow, if the imap server + is hostile (backported from new upstream 5.9.12, bug found and + fixed by Nalin Dahyabhai) + * Minor fix to avoid leaking children (driver.c) + (backported from new upstream 5.9.12) + * Avoid trying to speak kpop to a imap server (driver.c) + (backported from new upstream 5.9.12) + * MINOR SECURITY FIX: better password shrounding (fetchmail.h, imap.c, + transact.c) (backported from new upstream 5.9.12) + * Handle empty addresses from a To: header containing only a comment + (transact.c) (backported from new upstream 5.9.12) + + -- Henrique de Moraes Holschuh Sat, 8 Jun 2002 09:40:46 -0300 + +fetchmail (5.9.11-5) unstable; urgency=low + + * Grrr, fix stupid "be be" typo in package description too, while at + it... + + -- Henrique de Moraes Holschuh Wed, 24 Apr 2002 14:02:42 -0300 + +fetchmail (5.9.11-4) unstable; urgency=high + + * The "I knew it" release + * Hack around STLS problems: fetchmail would try to start STLS even if + it was already talking over a secured channel. Thanks to Matt Kraai + for the patch + + -- Henrique de Moraes Holschuh Wed, 24 Apr 2002 10:54:47 -0300 + +fetchmail (5.9.11-3) unstable; urgency=high + + * The "May this one be the last upload to woody" release + * Fix stupid typo in postrm script that redirected output to dev/null + instead of /dev/null (closes: #143145) + + -- Henrique de Moraes Holschuh Tue, 16 Apr 2002 17:03:29 -0300 + +fetchmail (5.9.11-2) unstable; urgency=high + + * Fix another stupid bug in sink.c: do NOT cause mail to bounce + on 553 errors and the like + * Fix off-by-one error in base64.c anti-overflow patch from 5.9.10-4, + thanks to Ronald Wahl for + the fix. This probably fixes KerberosIV auth + * imap.c:do_imap_ntlm had the buffer size for from64tobits incorrectly + set to the input buffer size (closes: #141969) + * I dislike pointer arithmetric a lot, so I fixed base64.c to implement + from64tobits properly instead of applying the patch in the bug report + (closes: #141972) + + -- Henrique de Moraes Holschuh Tue, 9 Apr 2002 12:40:31 -0300 + +fetchmail (5.9.11-1) unstable; urgency=high + + * New upstream source: + + Explicitly allow linking to OpenSSL in COPYING + (license change) + + Updated Turkish and Japanese translations + + Added warning about auth failures on the GMX server + + odmr.c: decrease log verbosity + (very minor code changes from Debian release 5.9.10-4) + * Crypto-in-main change to fetchmail-ssl's control file. + fetchmail-ssl has been moved into main, section mail, priority + extra. + * Matt Kraai's cosmetic env.c changes + * Enable Japanese localisation in configure.in + + -- Henrique de Moraes Holschuh Tue, 2 Apr 2002 09:47:30 -0300 + +fetchmail (5.9.10-4) unstable; urgency=high + + * SECURITY FIX: Avoid buffer overflows in base64.c, patch from + Matt Kraai + * Revert crypto-in-main until we can get the fetchmail license + straightened out. I am doing this to get the security patches + to the fetchmail-ssl crowd, but *expect fetchmail-ssl to be + removed from Debian* if the license issue with OpenSSL is not + fixed soon enough. It certainly will not be in Woody without + a license fix. + + -- Henrique de Moraes Holschuh Wed, 27 Mar 2002 13:25:18 -0300 + +fetchmail (5.9.10-3) unstable; urgency=high + + * SECURITY FIX: Fix lots of buffer overflows lurking in + the new SMTP AUTH code in smtp.c (closes: #139644) + * Crypto-in-main change to fetchmail-ssl's control file. + fetchmail-ssl has been moved into main, section mail, priority + extra. + * Fix 4xx PS_TRANSIENT patch to shut up gcc warning + (utterly safe patch. Add explicit initialization of variable) + * Apply Sunil Shetye 's patches + to detect and fix some format string bugs in fetchmail + (safe patch. Adds __attribute__ to some function + definitions, and fixes some obviously broken format strings) + * Add Catalan templates, thanks to Antoni Bella (safe patch, + closes: #139731, #139744) + + -- Henrique de Moraes Holschuh Mon, 25 Mar 2002 13:38:52 -0300 + +fetchmail (5.9.10-2) unstable; urgency=low + + * The "get this sucker ready for a woody" release + * Track down stupid dangerous data-losing bugs in fetchmail: + + flushing messages on 4xx + can't send to postmaster + This was caused by the multidrop crap. Failover system added + that forces return of PS_TRANSIENT (and no bouncing of mail) + if any recipient returns a 4xx error. If this causes multidrop + misconfiguration to be hard to detect, you will get NO + sympathy from this maintainer; Other users were losing data + due to this bug + + non-paranoid documentation of default non-empty antispam list: + fixed in manpage, README.Debian + + non-paranoid documentation of the two always-delete-it codes: + fixed in manpage, README.Debian + + not always enforcing stripcr for delivery: + fixed by removing fallbacks, and upstream fallback stripcr fix + (closes: #133876) + * Tell people to read fetchmailconf to verify their servers against the + blacklist + * Add an "your helpful Debian Maintainer" section to top of manpage + * Fix minor spelling problem the BTS never delivered to me + (closes: #137277) + * Fix breakages caused by the new ESMTP AUTH stuff not being completely + implemented (closes: #138728) + * This upload has STLS support (closes: #138930) + + -- Henrique de Moraes Holschuh Thu, 21 Mar 2002 11:56:07 -0300 + +fetchmail (5.9.10-1) unstable; urgency=medium + + * New upstream source + + Security fix: don't trust the message count passed back by the server + + Matt Kraai's patch for supporting STLS over POP3 + + Jakub Ulanowski's patch to fix SSL fingerprint handling + + ESMTP AUTH support from Wojciech Polak + (closes: #60805) + * Apply Byrial Jensen 's patches for i18n of new + 5.9.10 messages + * Add French template, thanks to Denis Barbier + (closes: #137539) + * Apply patch from Sunil Shetye to + correctly signal failures to open/create a logfile as such, instead + of stupid "dup(): illegal FD" cryptic errors + * Apply a modified version of a patch from Sylvain Benoist + , to avoid file descriptor leaks on open + timeouts and reenable SSL connect timeouts (closes: #115355). + Grr, I never got that last email from the bug submitter, the + freaking BTS sent me the spam, though... + + -- Henrique de Moraes Holschuh Wed, 13 Mar 2002 21:01:56 -0300 + +fetchmail (5.9.8-4) unstable; urgency=low + + * Fix autoconf support in debian/rules + * Add Sunil Shetye's patch to stop fetchmail from trying to fetch + twice with IMAP (when EXISTS is not returned on EXPUNGE, old value + of count was used) + * Added Russian template translation, thanks to Ilgiz Kalmetev, + (closes: #136275) + * Added Espanish template translation, thanks to Carlos Valdivia, + (closes: #135065) + * Enforce mode 0600 on /etc/fetchmailrc, since fetchmail insists on it + anyway (closes: #135416) + * Add warning to README.Debian about the now gone MDA fallback + * Edit manpages to make sure the MDA fallback myth doesn't come back, + either + + -- Henrique de Moraes Holschuh Tue, 5 Mar 2002 15:23:37 -0300 + +fetchmail (5.9.8-3) unstable; urgency=low + + * Really fix #126221 this time, I hope. + + -- Henrique de Moraes Holschuh Sun, 17 Feb 2002 07:50:53 -0300 + +fetchmail (5.9.8-2) unstable; urgency=low + + * Remove fetchmail-up and fetchmail-down scripts. There is no reason + at all not to call /etc/init.d/fetchmail for the ppp up and down + functions. (closes: #134190) + * Add sample /usr/share/doc/fetchmail{-ssl,}/ip-down example script + + -- Henrique de Moraes Holschuh Sat, 16 Feb 2002 07:28:43 -0200 + +fetchmail (5.9.8-1) unstable; urgency=medium + + * New upstream source: + + Document interaction of expunge in POP3 and servers which require a + delay before reconnection (closes: #132769) + + vsprintf underflow fixes by Sunil Shetye. + + Added warning about UIMS POP3 server. + + Sunil Shetye's patch for idle timeout during poll. + * Update copyright file (closes: #133497) + * Re-create /var/run/fetchmail on init.d script (closes: #133577) + * A recent upload disabled fingerprint output when running in silent + mode (closes: #126221) + * Use a safer (but far more likely to leave cruft behind) method of + removing the fetchmail user during purge. Users that request fetchmail to + be purged will not lose anything they left behind in /var/run/fetchmail, + even if they DID tell dpkg to purge all fetchmail traces from the system. + Don't expect such level of babysitting very often (closes: #130779) + * Fix fuckage on new i18n templates, and update da.po while at it + * fetchmail, fetchmail-ssl: call db_purge on install and upgrades, to + let debconf know that all templates were moved to fetchmail-common. + Otherwise, they are not removed from the system on purge + + -- Henrique de Moraes Holschuh Sat, 16 Feb 2002 00:50:24 -0200 + +fetchmail (5.9.7-3) unstable; urgency=low + + * Disable /usr/sbin/sendmail fallback (closes: #133340) + + -- Henrique de Moraes Holschuh Mon, 11 Feb 2002 11:35:29 -0200 + +fetchmail (5.9.7-2) unstable; urgency=low + + * Do not supress the read of the message body when transact.c(readheaders) + returns PS_TRUNCATED (closes: #128672) + * Fix longstanding SSL hang w/ 100% CPU usage bug, thanks to + Matthias Andree for tracking down and + fixing the bug (closes: #127041) + + -- Henrique de Moraes Holschuh Sun, 10 Feb 2002 12:22:39 -0200 + +fetchmail (5.9.7-1) unstable; urgency=low + + * New upstream source: + + Properly guard some transaction reporting in the SSL code + + Expunge edge case fix by Sunil Shetye + + Fixes for some odd IMAP and SMTP edge cases by Sunil Shetye + + UIDL bug fix by Matthias Andree + + Use smtpaddress, if present, to set the return path on warning mail + + Tell parser to object when SSL keyboard is used with SSL not compiled + + GSSAPI and ODMR fixes by Tom Hughes + * Fix small typo in message output (initscript) (closes: #129270) + * Change references to packaging-manual to debian-policy in comments + * Applied Tom Hughes patches to fix build of gssapi.c + * Enable i18n for "de" locale + * Do not output error when user requests "NO SSL" in the no-ssl version + + -- Henrique de Moraes Holschuh Sat, 2 Feb 2002 20:29:35 -0200 + +fetchmail (5.9.6-2) unstable; urgency=medium + + * Fix minor upgrade glitch: now remove /usr/share/doc/fethmail{-ssl,} + in new fetchmail{-ssl,} preinst script (closes: #126155) + * Tweak descriptions of fetchmail-common, fetchmail and fetchmail-ssl + to mention each other (closes: #126345) + * Fix non-initialization of deletions(imap.c), which resulted in random + crashes. Thanks to Sunil Shetye for + tracking down the issue and for a preliminary version of the patch. + * Add umask 022 and some chmod --reference to postinst, so that we create + /etc/default/fetchmail with mode 644 and avoid changing its permissions + later. I will not attempt to chmod 644 it, since the user might have a + good reason to want it mode 600, so old files will remain 600 until the + user notices and chmods it himself if he wants to (closes: #126655) + * Add Danish debconf templates, thanks Claus Hindsgaul + (closes: #126595, #126596) + + -- Henrique de Moraes Holschuh Sat, 29 Dec 2001 17:08:51 -0200 + +fetchmail (5.9.6-1) unstable; urgency=medium + + * The "Twilight in the North Sea" release + * New upstream source: + + OPIE bug fixes by Jun Miyoshi . + + Documented known IDLE bug in the todo.html file. + + Sunil Shetye's fix for a timeout/reconnect bug. + + LMTP fix from Toshiro HIKITA . + + The duplicate-killer doesn't try to operate if we can get an actual + recipient address from the trace headers. + * Fix usage of dpkg-architecture in debian/rules: do not append -gnu to + the result, dpkg-architecture might be fixed to actually work as it + should someday, after all... + * Create a fetchmail-common package, to fix once and for all the problems + resulting from the sharing of conffiles between fetchmail and + fetchmail-ssl (closes: #123056) + * fetchmail-up: return exit status 0 if $DAEMON is not there to be run + * ip-up: return exit status 0 if initscript is not there to be run + * Document well in README.Debian just how dumb it is to forget to test-run + fetchmail with the 'keep' option when one changes the MTA/MDA + configuration, or fetchmail's. Also document the less-likely-to-delete- + messages way: setting antispam to -1 and setting "no bouncemail". + Upstream does not want to change the antispam defaults, and I happen to + think this is his call. OTOH, I will add an example config with safe + options, and if clueless people use that one, they will be [mostly] safe + from harm (closes: #123759) + * Report errors while opening logfile (closes: #120526) + * Change initscript slightly to show 'fetchmail' before trying to start + or signal it (closes: #121939) + * lintian override: "E: fetchmail-ssl usr-doc-symlink-to-foreign-package": + fetchmail-ssl DOES come from exactly the same source of fetchmail-common, + due to the ssl transformation hack. This hack will be shortlived. As soon + as woody is out or crypto in main arrives, I am killing the non-crypto + version of fetchmail. + + -- Henrique de Moraes Holschuh Sun, 16 Dec 2001 11:04:12 -0200 + +fetchmail (5.9.5-7) unstable; urgency=low + + * Braindamaged sudo usage hits again. I am done with this, screw $HOME -- + sudo users make this useless and still expect stuff to work. Now use + getent passwd instead of assuming $HOME has anything useful at all in + these checks (closes: #122716). Yet another 'tip' for the currently + in limbo "debian packaging manual/howto/whatever". + * Apply patches from Mikael Andersson to fix build + with Debian kerberos4th. You better be using a new kerberos4th (>= 1.1), + or else this will break your build + + -- Henrique de Moraes Holschuh Sat, 8 Dec 2001 03:50:21 -0200 + +fetchmail (5.9.5-6) unstable; urgency=high + + * Fix logcheck.ignore file to really close #120398 + * Kicked urgency to high to get this thing into testing ASAP + + -- Henrique de Moraes Holschuh Wed, 28 Nov 2001 13:21:53 -0200 + +fetchmail (5.9.5-5) unstable; urgency=low + + * Complile all archs using -O instead of -O2, since upstream + also does it, and -O2 is broken in sparc (closes: #119425) + * Force correct permissions before trying to read config file + (closes: #120932) + + -- Henrique de Moraes Holschuh Sat, 24 Nov 2001 14:34:28 -0200 + +fetchmail (5.9.5-4) unstable; urgency=low + + * Yet another workaround against #119366, make sure the owner of + /var/run/fetchmail is fetchmail:nogroup (closes: #120519) + * Add the chown workaround to the init script too, just in case + * Added "key fingerprint" and "#### body octets" to logcheck.ignore + (closes: #120398) + + -- Henrique de Moraes Holschuh Thu, 22 Nov 2001 00:29:04 -0200 + +fetchmail (5.9.5-3) unstable; urgency=low + + * Added fetchmail\[[0-9]+\]: sleeping to logcheck.ignore (closes: #119682) + * Changed verbosity of "sleeping at ..." log message so that it only + shows up if fetchmail is above normal log level (closes: #120078) + + -- Henrique de Moraes Holschuh Sun, 18 Nov 2001 11:55:07 -0200 + +fetchmail (5.9.5-2) unstable; urgency=low + + * Remove uneeded conflicts with python >=2.2. Lintian was screwing up. + * Add workaround for #119366, adduser not ensuring that the homedir + of the fetchmail user is really there + + -- Henrique de Moraes Holschuh Mon, 12 Nov 2001 22:10:38 -0200 + +fetchmail (5.9.5-1) unstable; urgency=low + + * The "Very dark skies ahead" release + * Enjoy NLS while it lasts. Upstream may drop it in the close future, + and I am not sure I will keep it alive in a Debian fork (I will certainly + try, however) + * New upstream source: + + Finished license cleanup, all licenses in the distribution are now + officially GPL-compatible. + + Added a length check to from64tobits() after receiving a warning that + it might create buffer overflows. No exploitable overflows were found + by a careful case-by-case audit, and at minimum an exploit would have + required that the mailserver be subverted + + Changed the logging logic along lines suggested by Jan Klaverstijn + + fetchmailconf looks first in the directory it's running from to find + fetchmail + + Make sure we vet a success status correctly from open_smtp_sink() + and open_bsmtp_sink() + + Immediately abort if a non-empty QMAILINJECT environment variable is + found. If it is set and contains f or i, qmail-inject or qmail's + sendmail `compatibility' wrapper will rewrite From: or Message-ID: + headers, respectively. En passant, fix the bug that program_name was not + filled in before used when the user's ID had no PW entry, leading to + (null) or crash when printing the error message. Patch by Matthias + Andree + + Block signals during SockConnect() so we don't get a socket descriptor + leak if we're hit by an alarm signal during connect(2) + + Set queryname even when server is inactive; avoids a core-dump bug in + the fetchids code + * Add -tt option to strace in the init.d debug-run debug helper + * Fix all calls to from64tobits so that fetchmail will actually compile, + I have no idea how it is compiling upstream without this. Maybe my CVS + tree is weird... oh well, I am using the non-exploitable version, so + I could care less :P + * Do not run config.guess anymore, trust output of dpkg-architecture + * Update fetchmailconf dependency list for the python 2.1 changes + + -- Henrique de Moraes Holschuh Sat, 10 Nov 2001 11:32:14 -0200 + +fetchmail (5.9.3-1) unstable; urgency=low + + * The "Upstream blues" release(s) :P + * New upstream source + + Make -D short option for --smtpaddress active again + + Make sure IMAP capability checks are caseblind + + Make sure suffix checks on akalists are properly caseblinded + + All warning mail now has a generated date stamp + + End of poll cycle is now logged + + Sanity check now rejects SSL option if SSL support is not + compiled in (Closes: #109796) + + Mike Warfield's fix for using a combined SSL cert and key in a + single file + + DNS lookups moved to just before te mailserver socket open, so + fetchmail now works OK even if started up without Internet + access. HESIOD lookups moved just before the DNS lookups + + Make sure the SICHLD handler is called when we run detached + (this helps with the zombie issue in #95659, I hope) + + Added FAQ item X8 on why mail sometimes gets an extra ) + appended + + Thomas Moestl's patch to use querynames in UID files. + + Timeout to deal with long socket closes (Sunil Shetye). + + Move from RSA MD5 code to Colin Plumb's public-domain implementation + (BSD classic license eliminated) + + Rewrite strcasecmp() (BSD classic license eliminated). + + Updated Danish po file. + + Re-enable explicit bounce message on bad address. + * Make sure .pot files are up-to-date. Will fix this for real in the + next upstream version, after I know how ESR will fix this upstream, + and what will come inside the upstream tarball + * fetchmailconf: fix tuple in sock.connect for python 2.1. Thanks to + Alain Tésio for the patch + * fetchmailconf: disable gross hack from upstream. We do NOT want + fetchmailconf to look for fetchmail in the current dir before it + searches $PATH. I shudder at the bug reports from clueless users... + * Fix problematic changes in 5.9.1-3 that caused POP2 protocol to be + run without being requested + * Make sure xgettext knows fetchmail uses GT_() instead of _() for gettext + (someone in fetchmail-friends pointed the need to do this, but I lost + his name somehow. Thank you, whomever you are). This actualy exposed + a bug in gettextize + * Update documentation on the _() to GT_() transition (sent upstream) + * Version dependency on debconf due to seen flag + * Fix typo in debian/copyright. Lintian rules! + + -- Henrique de Moraes Holschuh Sun, 30 Sep 2001 21:47:41 -0300 + +fetchmail (5.9.0-5) unstable; urgency=low + + * The "tidy-up before a long winter" release + * Fix ugly bogosity in fetchmail-up script, thanks to Jacek Kawa + for the patch. I wonder what I was (not?) + thinking when I broke fetchmail-up... + + -- Henrique de Moraes Holschuh Thu, 20 Sep 2001 08:47:54 -0300 + +fetchmail (5.9.0-4) unstable; urgency=medium + + * Fix extremely stupid typo in fetchmail.config (closes: #112142) + + -- Henrique de Moraes Holschuh Thu, 13 Sep 2001 15:12:37 -0300 + +fetchmail (5.9.0-3) unstable; urgency=low + + * Do not warn about the overriding of initscript defaults if system-wide + fetchmail is not active (closes: #110396) + * Change /bin/mail to /usr/bin/mail in fetchmail(1) (closes: #110820) + * fetchmailconf does not output empty plugin/plugout strings anymore + (closes: #106668, #106686). + * fetchmail: do strip /port# from LMTP addresses (closes: #98388) + + -- Henrique de Moraes Holschuh Sun, 2 Sep 2001 11:57:56 -0300 + +fetchmail (5.9.0-2) unstable; urgency=low + + * Added strace capability to /etc/init.d/fetchmail debug-run, and updated + docs accordingly + * Detect missing /var/run or /var/run/fetchmail directory in initscript + (closes: #110076) + + -- Henrique de Moraes Holschuh Sun, 26 Aug 2001 08:11:34 -0300 + +fetchmail (5.9.0-1) unstable; urgency=low + + * New upstream source: + * # characters now go to stdout, same place as the dots + * Matthias Andree's patch to correct parsing of spaces in quoted + usernames + * Do not complain/bomb out with an error if /etc/init.d/fetchmail is + missing, unless system-wide fetchmail is being switched from + disabled to enabled. + + -- Henrique de Moraes Holschuh Wed, 15 Aug 2001 15:35:17 -0300 + +fetchmail (5.8.17-1) unstable; urgency=low + + * New upstream source: + * Eliminated second bounce on failed RCPT TO address. + * Always use fetchmail host's FQDN to identify the daemon when sending + bounce messages. + * Embarrassing bug of the month -- somehow, `skip' wasn't being + interpreted! + * Upstream integrated the security fix added to Debian in 5.8.16-1, + however I've added a warning should anyone attempt that exploit. + + -- Henrique de Moraes Holschuh Wed, 8 Aug 2001 09:08:54 -0300 + +fetchmail (5.8.16-1) unstable; urgency=high + + * New upstream source: + * Refuse mail that has no good addresses and can't be sent to postmaster + * Restore behavior of discarding mail on 550 (closes: #105237) + * John Summerfield updated getfetchmail + * Lock-file-name bug reported by Scott Johnson + * Man page bugs pointed out by Andrew Benham + * POP3 end of session RSET on keep removed. Fixed in Debian in 5.8.14-1 + (closes: #104125) + * In IMAP, handle BAD and NO responses to FETCH gracefully + * Parse "no {syslog|invisible|showdots} properly + * Fixed bug in fetchmailconf plugin/plugout code (related to #105987) + * Handle ! in RFC2821 Return-Path addresses properly + * Fix typo in fetchmail(1), also done upstream (closes: #106925) + * SECURITY FIX: fix remote exploit on pop3 and imap protocols; Thanks + to Salvatore Sanfilippo for reporting the bug + and suggesting a patch to fix it. + + -- Henrique de Moraes Holschuh Sat, 14 Jul 2001 12:38:26 -0300 + +fetchmail (5.8.14-2) unstable; urgency=low + + * Improved README.Debian file a little. Documented the fact that + system-wide fetchmail will refuse to start if there are errors in the + /etc/fetchmailrc file (closes: #105363). Documented how to properly + report bugs + * Added a debug-run initscript action that outputs proper debugging + information for reporting bugs + * Fix duplicate autotools-dev stuff in debian/rules clean target + + -- Henrique de Moraes Holschuh Sat, 14 Jul 2001 12:38:26 -0300 + +fetchmail (5.8.14-1) unstable; urgency=medium + + * New upstream source: + * Correction for backslash-handling patch in rfc822.c + * Fix for Debian Bug#103822: fetchmailconf fails to write file after + configuration; move .fetchmailrc to .fetchmailrc~ before overwriting + (closes: #103822) + * Discard Return-Path headers consisting of a single @ + * Make fetchmailconf dump plugin and plugout options properly + * Rob Brauns changes for building fetchmail outside its source directory + * Found (and killed) a subtle SMTP protocol error that was probably + lurking behind a lot of the bug reports related to bounce mail, thanks + to Quoc Luu. (Only manifested when the MTA rejected mail due to a bad + RCPT TO address) -- I think this closes: #88764 (hmh) + * Disable RSET before QUIT for pop3. This is a temporary measure, and I + might put it back soon (#104125) + * Fix serious configure.in bug that broke fallbacks to /usr/sbin/sendmail + (#104484) + * Fix assorted -Wall and build problems on upstream code + + -- Henrique de Moraes Holschuh Sat, 14 Jul 2001 12:38:26 -0300 + +fetchmail (5.8.12-1) unstable; urgency=low + + * New upstream source: + + Bug fix for envelope header skip + + ODMR finally seems to be working + + Handle multiple backslashes within RFC822 address strings correctly. + + Don't exit on a failure to DNS-resolve a mailserver name, just + make it inactive. Exit only if all lookups fail (closes: #99197) + + Restore code to deal with SMTP error responses at RCPT TO time, but + without issuing an RSET. This is intended to fix obscure bugs that + show up in recent Postfix releases and sendmail configurations that + delay antispam checks on the MAIL FROM line until RCPT TO time + (maybe fixes #88764) + * Add better autotools-dev support to debian/rules. Add devscripts to + build-depends because of this change + * Close standard input on initscript to make sure fetchmail won't ask + for passwords + + -- Henrique de Moraes Holschuh Sat, 7 Jul 2001 23:33:24 -0300 + +fetchmail (5.8.11-1) unstable; urgency=low + + * New upstream source: + + Add more ODMR fixes from Matt Armstrong + + Fix signal handling code (closes: #102711). Now, we do not reap + dead children until the end of a run when delivering to a MDA. + IF you use plugins and deliver to a MDA, you risk being overrun + by an army of undead. Don't do it, deliver through SMTP instead + + If a mail will be bounced to the postmaster AND postmaster is set to "" + (empty), don't try to forward it. Patch from Sunil Shetye + + * Add polish template, thanks to Krzysztof Krzyzaniak + (closes: #102667) + * More code cleanups for -Wall + * Recent bugfixes to other problems also fixed these: + (closes: #95370, #101950) + + -- Henrique de Moraes Holschuh Tue, 3 Jul 2001 11:59:34 -0300 + +fetchmail (5.8.10-2) unstable; urgency=low + + * Recompile with dpkg 1.9.10 (closes: #102524, #102593) + + -- Henrique de Moraes Holschuh Wed, 27 Jun 2001 13:42:34 -0300 + +fetchmail (5.8.10-1) unstable; urgency=low + + * New upstream source: + + ODMR fixes from Matt Armstrong + + The smtphost option has been split. It is no longer overloaded to set + the list of domains to be queried in ETRN and ODMR modes. Instead, + use the `fetchdomains' option. + + Fixes for the new message-marking code from Thomas Moestl + * Fix incorrect usage of strncat in 5.8.8-2 patch (also done upstream) + * Normalize tab usage on fetchmailconf (to keep #102052 closed) + * Fixed some -Wall warnings + * Added menu icon for fetchmailconf + + -- Henrique de Moraes Holschuh Tue, 26 Jun 2001 00:25:56 -0300 + +fetchmail (5.8.8-3) unstable; urgency=low + + * Finally managed to track down and terminate the last remaining + necromantic bug that liked keeping zombie children around for nefarious + needs (closes: #95659) + * Normalize tab usage on fetchmailconf (closes: #102052) + + -- Henrique de Moraes Holschuh Sun, 24 Jun 2001 00:27:11 -0300 + +fetchmail (5.8.8-2) unstable; urgency=low + + * Fix warning about syslog/daemon overrides; now assume the warning should + be given at least once, if it cannot be verified to be uneeded. + * Replace numerous sprintfs with snprintf to avoid some remote + possibilities of a formatstring exploit exist. Same for strcat. + * Cleaned up lots of warnings (most of them justified) from gcc + * Debug builds now disable optimizations + * Dirty fix for ok in (driver.c)fetch_messages getting out of scope + for do_session (closes: #101792) + + -- Henrique de Moraes Holschuh Sat, 23 Jun 2001 02:37:30 -0300 + +fetchmail (5.8.8-1) unstable; urgency=low + + * New upstream source + + Fix bug that prevented messages from being marked oversized + unless -v was on + + Steven Krings's patch to deal with over-long header lines + + Chris Maio's patch for POP3 with BSMTP + + -- Henrique de Moraes Holschuh Thu, 21 Jun 2001 11:51:18 -0300 + +fetchmail (5.8.7-2) unstable; urgency=low + + * fetchmailconf: Enclose local user names in quotes to avoid parse error + if numeric (closes: #101500) + * Add recently added .c files to po/POTFILES.in. Thanks to Byrial Jensen + for the patch + * Fix multidrop problem caused by the security fix in 5.8.5-2. Thanks to + Steve M.Robbins for tracking this bug + down, and supplying a patch. Don't I feel dumb now for this mistake... + No more coding security fixes at 03:00 in the morning for me + (closes: #101530) + * Fix undue parameter expansion when generating postinst from template + + -- Henrique de Moraes Holschuh Tue, 19 Jun 2001 23:08:59 -0300 + +fetchmail (5.8.7-1) unstable; urgency=low + + * This release marks the start of a major code rewrite in fetchmail, so I + expect things to break. It doesn't help that I had to do a very + extensive list of changes in the packaging for 5.8.6-3. This is + unstable, therefore I'm not too concerned. However, you might want to + stick to 5.8.6-2 and wait for a few days to see if any major bugs show + up in the BTS before upgrading. You have been warned. + * New upstream source + + Fix fetchmailconf support for tracepolls (closes: #101242) + + driver.c refactoring in preparation for streaming mode + + -- Henrique de Moraes Holschuh Mon, 18 Jun 2001 11:26:41 -0300 + +fetchmail (5.8.6-3) unstable; urgency=medium + + * Applied patch from Byrial Jensen to make the + tracepools RFC-2822 compliant. Also, fixed bogus reference to + --adaccthdr in fetchmail --help + * Generate the postinst script in debian/rules from init.defaults and + *.postinst.template, to avoid poluting /usr/share or sync loss between + postinst and init.defaults + * Fix segfault-waiting-to-happen in driver.c. Thanks to Stephan Krings + for noticing it + * /etc/default/fetchmail is not a conffile anymore. User-made changes are + still supported, but any changes made by me will not be propagated + anymore on upgrades. The "up-to-date" version of the configuration file + (including defaults and comments) is in the examples directory in the + documentation (closes: #101025) + * Disable fetchmailconf support for tracepolls until bug#101242 gets + fixed upstream + + -- Henrique de Moraes Holschuh Mon, 18 Jun 2001 02:50:34 -0300 + +fetchmail (5.8.6-2) unstable; urgency=low + + * Clean-up upstream cruft automatically, to make sure it won't choke an + --with-included-gettext build (not normally used in Debian, but who + knows...). This is needed because diff cannot delete files + * Running fetchmail as root is dangerous. The safest way is to run it as a + very unpriviledged user (you could even chroot it, I suppose) and + deliver over smtp. Stress this on the documentation + * Fix initscript so that it will work with POSIXLY_CORRECT set, thanks + "Sven M. Hallberg" + * Do not abort postinst/prerm if the initscript fails (closes: #100832) + + -- Henrique de Moraes Holschuh Thu, 14 Jun 2001 11:12:53 -0300 + +fetchmail (5.8.6-1) unstable; urgency=low + + * New upstream source + - Reject candidate headers for the MAIL FROM address that have \n in + them + - Add capability to insert poll trace data in the Received line + - Brendan Kehoe's patch to avoid doing DNS lookups on skip entries + (helps with #99197, but doesn't fix the whole issue) + + -- Henrique de Moraes Holschuh Tue, 12 Jun 2001 13:28:19 -0300 + +fetchmail (5.8.5-2) unstable; urgency=high + + * Security fix: buffer overflow when rewriting headers longer than 512 + bytes (closes : #100394) + + -- Henrique de Moraes Holschuh Tue, 12 Jun 2001 02:34:50 -0300 + +fetchmail (5.8.5-1) unstable; urgency=low + + * New upstream version + + Interface option fix from Alexander Kourakov. + + Attempted fix for Harry McGavran's problems with the Kerberos V build. + + Added fetchmailnochda.pl to the contrib directory. + + Sunil Shetye's patches for the seen count on IMAP and auto protocol. + * Fixed typo in logcheck.ignore (closes: #99706) + * Removed top_srcdir="." directive in debian/rules, as it broke the build + with new gettext and autoconf + * At least two known (and bad) bugs waiting for upstream fix. See + TODO.Debian in the source package -- they're not new bugs, AFAIK. + + -- Henrique de Moraes Holschuh Sat, 2 Jun 2001 12:49:23 -0300 + +fetchmail (5.8.4-1) unstable; urgency=low + + * New upstream version + + New README.SSL file. If you use SSL, read it; tied to: + + New SSL certificate options from Thomas Moestl + + Frantisek Brabec's patch for better UIDL error recovery + + Jorg de Jong's patch attempts to handle spaces in the ID part of UIDLs + (this probably closes: #96489) + * Fixed small typo in manpage + * Very minor fixes to work with autoconf 2.50 + + -- Henrique de Moraes Holschuh Tue, 22 May 2001 22:42:13 -0300 + +fetchmail (5.8.3-2) unstable; urgency=medium + + * The "Zombie-Child Reaper" release + * Split changelogs (including upstream's), to remove old cruft. + No information was lost, the complete changelogs are available + in the source package + * Serious attempt to allow all dead children to go peacefully to + the Big Bitbucket In The Sky. Signal handling was really screwed + up in Linux glibc 2.2 systems (and maybe others) (closes: #95659) + * fetchmailconf would generate bogus output if the monitor or + netsec options where enabled (closes: #98127) + * Use autotools-dev to make sure we need not worry about + config.{sub,guess} again. + + -- Henrique de Moraes Holschuh Mon, 21 May 2001 11:42:13 -0300 + +fetchmail (5.8.3-1) unstable; urgency=medium + + * The "major pain in the neck" release + * New upstream release + - Don't cough and die from failure to resolve a skipped host + (closes: #92530, #92554) + - SIGCHLD handler now sets SA_RESTART explicitly in order to avoid + zombies from interrupted system calls (closes: #95993) + - Do aka suffix match even if DNS checking is enabled + - Prevent POP3 code from authenticating multiple times on success + - Fixed IMAP password shrouding + - Ignore Sender and Resent-Sender headers unless they contain @ + + The `localhost' special case of `via' is gone. Use `plugin %h' for + talking to ssh instead. THIS IS AN INCOMPATIBLE CHANGE IN + .fetchmailrc SEMANTICS. If you are using this for ssh tunnelling, + you may need to switch to using a plugin option with %h + SEE THE FAQ and fetchmail(1) manpage. + * Also set SA_NOCLDSTOP on SIGCHLD handler, we'll timeout the child + * Update German template, thanks blade@debian.org (closes: #97155) + * Add Galician template, thanks Jacobo Tarrio + * Fixed build-dependency: libssl096-dev -> libssl-dev + * Honour /etc/default/fetchmail's CONFFILE in debconf warning tests + * Trust base-files to manage /var/mail, update policy compliance to + 3.5.4 and add the proper depends on base-files >= 2.2.0. This + reduces the mess on many of the scripts, which is a Good Thing. + + -- Henrique de Moraes Holschuh Sun, 13 May 2001 14:35:58 -0300 + +fetchmail (5.8.1-6) unstable; urgency=low + + * The "I should not have got out of bed yesterday" release + * Fix broken handling of debconf defaults in fetchmail.config + (closes: #96648) + * Fix handling of /etc/default/fetchmail for $SERVICE when first + adding SERVICE to the config file + * Fix annoying postinst bogosity when creating the fetchmail user + * Add user-is-really-there test to initscript to close a bogon source + + -- Henrique de Moraes Holschuh Mon, 7 May 2001 16:53:08 -0300 + +fetchmail (5.8.1-5) unstable; urgency=low + + * The "I told you, didn't I?" release + * Warn users that ssh needs to be able to read the RSA/DSA keys to work, + and that means they must run the system-wide fetchmail as root. + * Debconf "no system-wide fetchmail" master switch added. Use + dpkg-reconfigure to re-enable it, or cry silently at the resulting + breakage if you don't know what you're doing. + + -- Henrique de Moraes Holschuh Sat, 5 May 2001 23:58:05 -0300 + +fetchmail (5.8.1-4) unstable; urgency=low + + * The "A Debian developer's way is fraught with peril" release + * New Dutch template, thanks Thomas J. Zeeman (closes: #95737) + * Add debconf and initscript support to run the system-wide fetchmail + daemon as user fetchmail. It is safer, but it won't work if + fetchmail is told to deliver to a MDA. Unfortunately, now the + initscript violates the KISS principle quite throughoutly. + + -- Henrique de Moraes Holschuh Sat, 5 May 2001 01:57:50 -0300 + +fetchmail (5.8.1-3) unstable; urgency=low + + * Small fixes to Makefile.in to finally have proper builds with all + possible gettext profiles (none, included, system's). + * New german template translations, thanks Sebastian Feltel (closes: #94529) + * Fix typo in templates.br (pt-br -> pt_BR) + + -- Henrique de Moraes Holschuh Thu, 19 Apr 2001 15:32:15 -0300 + +fetchmail (5.8.1-2) unstable; urgency=medium + + * Fix upload screwup. No changes + * Use MULTIDROP(foo) in #92544 fix patch + + -- Henrique de Moraes Holschuh Thu, 12 Apr 2001 00:41:09 -0300 + +fetchmail (5.8.1-1) unstable; urgency=medium + + * The "it's time for the spring cleanup" release + * New upstream source + - Nalin Dahyabai's password parsing and authentication fixes. + - Golden brand (5.8.0) + * New upstream gettext 0.10.36 used instead of fetchmail upstream's. From + now on, Debian builds will always include the newest Debian packaged + version of gettext in the package source, just in case (we do not use + it, though) + * Build tweaks: to make sure new gettext will work, debian/rules clean now + adds execute permissions to all files that should have them, instead of + trusting the upstream tarball + * Switch to debhelper DH_COMPAT mode 3 + * Kerberos build support in fetchmail is NOT sane. I don't have a very + good way to test this stuff (and I don't think upstream can, either...), + but I'll try to at least clean it up to the point of it building + out-of-the-box using the multiple kerberos packages available in Debian. + This probably closes: #92793. + - configure changes to properly detect and work with heimdal-dev, + kerberos4kth-dev and krb5-dev. Do notice heimdal-dev does not provide + kerberosIV compatibility in Debian, you need kerberos4kth-dev too if + you need it (configure.in). Also, Heimdal builds *require* OpenSSL + support (due to Debian's packaging of Heimdal). + - rfc1731 seems to require kerberosIV support as far as I can tell from + RFCs, and the imap.c code agrees with this. This means that now KPOP + is only available if kerberosIV is as well. Do remember that GSSAPI + does not require kerberosIV and will work in kerberosV-only setups + (pop3.c) + * Fix typo in logcheck.ignore file (closes: #93215) + * Initscript fixed to not lie about fetchmail already running when it + fails to start (e.g. due to bad DNS) (closes: #93316) + * Do not use the poll name when using "via localhost" unless it is + a multidrop poll. (partialy addresses #92554) + + -- Henrique de Moraes Holschuh Wed, 11 Apr 2001 12:09:35 -0300 + +fetchmail (5.7.7-2) unstable; urgency=low + + * Fix postrm purge target (closes: #92361) + + -- Henrique de Moraes Holschuh Sun, 1 Apr 2001 01:43:41 -0300 + +fetchmail (5.7.7-1) unstable; urgency=low + + * New upstream source (but not really) + - No changes from 5.7.6-3 in Debian + * Build tweaks: now debian/rules makes sure the autotools are never run + so they have been dropped from build-depends. + * "--user root" was lost somehow from the initscript, probably in + one of those late-night hack-the-initscript sessions. Add it + back (closes: #92124) + + -- Henrique de Moraes Holschuh Fri, 30 Mar 2001 00:45:57 -0300 + +fetchmail (5.7.6-3) unstable; urgency=low + + * The "GNU autotools are a pain in the arse" release + * I'm now using a full CVS-style autogen.sh approach. This will + make fetchmail far more friendly to newly debian-supported archs, + such as ia64 and hppa which need up-to-date config.guess or config.sub + support. I just hope nothing got broken in the process... + * Added menu entry for fetchmailconf + + -- Henrique de Moraes Holschuh Wed, 28 Mar 2001 01:36:40 -0300 + +fetchmail (5.7.6-2) unstable; urgency=low + + * Fix broken support for build without autoconf/autoheader + * Added CVS version info to many debian/ files + * Remind user that /etc/fetchmailrc is not removed on package + purge (we don't provide it, after all...) + * Fix bug in sink.c that would cause some SMTP errors not to be + correctly echoed to the log (e.g. 452 Out of storage) + (closes: #90966) + + -- Henrique de Moraes Holschuh Sun, 25 Mar 2001 11:28:48 -0300 + +fetchmail (5.7.6-1) unstable; urgency=low + + * New upstream source + - IMAP: don't just quit if GSSAPI or Kerberos IV fail, but + try other methods + - Document the fact the IDLE and multiple folders don't play + well together (closes: #89908) + * Use -pipe for gcc in debian/rules + * Remove a lot of useless or dangerous cruft from contrib/ + + -- Henrique de Moraes Holschuh Thu, 22 Mar 2001 21:22:27 -0300 + +fetchmail (5.7.5-2) unstable; urgency=high + + * Fix POP2 build breackage + * Fix POP3 password leakage in fetchmail -v (closes: #90176) + * Try to compensate for broken sudo setups not correctly + setting ${HOME} for root, without actually breaking it for + people that have root's homedir elsewhere than /root + (closes: #90180) + + -- Henrique de Moraes Holschuh Sun, 18 Mar 2001 23:40:58 -0300 + +fetchmail (5.7.5-1) unstable; urgency=low + + * New upstream source + * Add IPV6 and IPV6SEC build-time options to debian/rules + * Document in rcfile_y.y that "interface" is not available in + ipv6 builds + + -- Henrique de Moraes Holschuh Thu, 15 Mar 2001 19:30:23 -0300 + +fetchmail (5.7.4-3) unstable; urgency=low + + * Build-depends only in mail-transport-agent, as autobuilders do not + use the OR dependency. + + -- Henrique de Moraes Holschuh Wed, 14 Mar 2001 14:57:55 -0300 + +fetchmail (5.7.4-2) unstable; urgency=low + + * Fixed build-depends (for fallback MDA) + * Suggests: mail-transport-agent + + -- Henrique de Moraes Holschuh Mon, 12 Mar 2001 21:57:18 -0300 + +fetchmail (5.7.4-1) unstable; urgency=low + + * New upstream source + - fetchmail now has a fallback MDA strategy for when it cannot connect + to the SMTP sink. Since not everyone will want to install and configure + procmail just because of fetchmail, we use /usr/sbin/sendmail as the + fallback strategy (works with exim, sendmail and postfix. Other MTAs + not tested) + * Patched to allow user to choose fallback strategy + * New conffile for initscript, /etc/default/fetchmail. This allows for + a default --daemon and --syslog behaviour, but will get in the way of + the clueful people who did the right thing and used set daemon and + set syslog in /etc/fetchmailrc (closes: #89343) + + -- Henrique de Moraes Holschuh Sun, 11 Mar 2001 20:26:56 -0300 + +fetchmail (5.7.2-4) unstable; urgency=low + + * Added support for systems where aclocal and autoconf are not available + (which actually mean autoconf and automake can be removed from the + build-depends, but I'd rather have them installed when building + fetchmail) + * Better changelog for fetchmail-ssl + * Fix unsafe tempfile handling in fetchmailconf (closes: #89238) + Thanks go to Colin Phipps for the patch + + -- Henrique de Moraes Holschuh Sun, 11 Mar 2001 13:02:15 -0300 + +fetchmail (5.7.2-3) unstable; urgency=low + + * Fix bug in IMAP mailbox check (triggered by --check) + + -- Henrique de Moraes Holschuh Wed, 7 Mar 2001 15:10:00 -0300 + +fetchmail (5.7.2-2) unstable; urgency=low + + * Fix IPv6 SA_LEN patch + * GSSAPI wouldn't compile due to syntax errors + * PROG_MAKE_SET was missing in configure.in + * Installs logcheck ignore files for the "C" locale + + -- Henrique de Moraes Holschuh Wed, 7 Mar 2001 00:03:48 -0300 + +fetchmail (5.7.2-1) unstable; urgency=low + + * New upstream source + * Fixed SA_LEN for glibc 2.2.2 and IPv6 + * Rebuilt NLS support (configure, makefiles) from scratch. Many thanks to + Nicolás Lichtmaier, who helped me a lot to figure out what was broken, + and why + * Warn user to move /root/.fetchids to new location (closes: #88658) + + -- Henrique de Moraes Holschuh Mon, 5 Mar 2001 09:05:39 -0300 + +fetchmail (5.7.1-2) unstable; urgency=low + + * Seamless *build-time* support for kerberos IV and V, as well as for many + optional configure targets for fetchmail. This allows easy building of custom + fetchmail packages, supporting, e.g. POP2 or GSSAPI. See README.Debian and + debian/rules files for more information. (closes: #33317) + * Fix fetchmailconf "nospambounce" bug + + -- Henrique de Moraes Holschuh Sun, 4 Mar 2001 13:09:46 -0300 + +fetchmail (5.7.1-1) unstable; urgency=low + + * New upstream source + - manpage updates + - new --sslproto option + * Patched to fix NLS build + * Patched to fix SSL build + + -- Henrique de Moraes Holschuh Sun, 4 Mar 2001 05:43:50 -0300 + +fetchmail (5.7.0-2) unstable; urgency=low + + * Patch from upstream: do not attempt SASL on KPOP servers, + instead send USER and a fake PASS (closes: #88288) + + -- Henrique de Moraes Holschuh Sat, 3 Mar 2001 19:19:54 -0300 + +fetchmail (5.7.0-1) unstable; urgency=low + + * New upstream source, fixes issues with fetchmailconf + * Patched to avoid breakage in NLS support + + -- Henrique de Moraes Holschuh Sat, 3 Mar 2001 08:29:43 -0300 + +fetchmail (5.6.8-3) unstable; urgency=low + + * Fix imap timeout when talking to Micoshaft Exchange + servers (closes: #87908) + + -- Henrique de Moraes Holschuh Wed, 28 Feb 2001 19:10:52 -0300 + +fetchmail (5.6.8-2) unstable; urgency=low + + * Remind users that daemon means daemon (closes: #87580) + * Make sure fetchmail is started on ip-up (closes: #87577) + * Removed findutils from build-depends. + + -- Henrique de Moraes Holschuh Sun, 25 Feb 2001 12:59:51 -0300 + +fetchmail (5.6.8-1) unstable; urgency=low + + * New upstream source + Upstream has changed the syntax of "preauth" back to "auth", + please update your fetchmail configuration files. + * Maintainer scripts are now able to handle the sharing of + /etc/init.d/fetchmail by fetchmail and fetchmail-ssl without + causing problems during purge + * Avoid causing health problems during system boot ;-) (closes: #86885) + * "Improved" fetchmail-up and fetchmail-down scripts (closes: #86924) + This *will* bite your arse if you use PPP and don't read README.Debian; + Given the debconf annoyance I've added, and this changelog entry, consider + yourself warned and go read the README.Debian. + * Debconf support added to warn people about the init.d and ppp + scripts changes. + * Added missing Suggests: fetchmailconf to fetchmail-ssl + * Added missing xutils to Build-Depends: (for makedepend) + + -- Henrique de Moraes Holschuh Wed, 21 Feb 2001 12:35:19 -0300 + +fetchmail (5.6.7-2) unstable; urgency=medium + + * Instead of reverting the change in driver.c, apply fix + * New CRAM-MD5 code is fully RFC-compliant, closes: #86667, #86474 + * Add warning to fetchmailconf for local usernames with embedded '@' + Closes: #82514 + + -- Henrique de Moraes Holschuh Tue, 20 Feb 2001 05:20:39 -0300 + +fetchmail (5.6.7-1) unstable; urgency=medium + + * New upstream source: + - Fixes pop3 AUTH/CAPA stuff so as to be rfc-compliant + * Please note 5.6.5 made changes to the fetchmailrc format, related + to the fact that many authorization features (such as CRAM-MD5) are now + auto-detected for both IMAP and POP3 + * Reverted change done to driver.c in 5.6.6 which caused fetchmail to emit + wrong status messages on timeouts when opening the mail server (source) + + -- Henrique de Moraes Holschuh Mon, 19 Feb 2001 21:27:37 -0300 + +fetchmail (5.6.6-2) unstable; urgency=medium + + * The "children should not make fun of their elders" release + * Fetchmail wouldn't ask for passwords anymore (closes: #86350) + + -- Henrique de Moraes Holschuh Sat, 17 Feb 2001 10:33:38 -0200 + +fetchmail (5.6.6-1) unstable; urgency=medium + + * New upstream source + * The "let's get that old maid out of testing" release + * No more asking for a password when using ETRN (closes: #85938) + * Don't issue AUTH between USER and PASS (closes: #85853, #86047) + * Different error message when local connection fails (closes: #85961) + + -- Henrique de Moraes Holschuh Fri, 16 Feb 2001 17:28:11 -0200 + +fetchmail (5.6.5-3) unstable; urgency=low + + * Locales were not being correctly setup (closes: #73614) + * Applied patches to allow build with Kerberos IV (closes: #85772) + * /etc/init.d/fetchmail script for system-wide mail delivery, + create file /etc/fetchmailrc to enable. Deleted bogus + debian_rc file from the contrib dir to avoid confusing users. + (closes: #66251, #77804) + + -- Henrique de Moraes Holschuh Thu, 15 Feb 2001 17:27:56 -0200 + +fetchmail (5.6.5-2) unstable; urgency=low + + * Added hack from hell to generate fetchmail-ssl from the same source tree + * New fetchmail-ssl package, recompiled against up-to-date unstable + closes: #82073, #84427, #76240, #78362, #43179, #79153, #60949 + closes: #79967, #82503, #84434, #59584, #50421, #66624 + * Suggests fetchmailconf (closes: #69069) + * Bugs fixed by 5.5.4 and above: + closes: #75011, #70862, #69358, #69199, #66110, #63667 + closes: #62115, #61983, #59698 + probably closes: #80344 + * This is a new version (closes: #66824) + * Ported to debhelper v3, mode v2 (i.e. rebuilt debian/rules), and + fixed all crosstalk between the fetchmail and fetchmailconf packages. + Closes: #76240, #79967, #54132, #55205 + + -- Henrique de Moraes Holschuh Mon, 12 Feb 2001 15:25:18 -0200 + +fetchmail (5.6.5-1) unstable; urgency=low + + * New upstream source + * Closing bugs fixed by versions 5.5.4 and above: + closes: #78963, #63064, #65505, #81312, #78796, #78363 + closes: #68627, #63088, #71428 + + -- Henrique de Moraes Holschuh Mon, 12 Feb 2001 12:49:22 -0200 + +fetchmail (5.6.4-1) unstable; urgency=low + + * New upstream source + * Package is now compliant with policy 3.5.0.0 + * Fixed stupid screwup that might stop an autobuild in debian/rules + * Tentative build-depends. Please file a bug if it doesn't work + + -- Henrique de Moraes Holschuh Sun, 11 Feb 2001 14:24:42 -0200 + +fetchmail (5.6.3-1) unstable; urgency=low + + * New upstream source + * New maintainer. Paul orphaned the package, and the other person who + should become the new fetchmail maintainer went MIA without so + much as uploading a new package or finishing his NM application + * Minor package cleanups + + -- Henrique de Moraes Holschuh Sat, 10 Feb 2001 21:55:06 -0200 + --- fetchmail-6.3.4.orig/debian/README.contrib +++ fetchmail-6.3.4/debian/README.contrib @@ -0,0 +1,14 @@ +Fetchmail for Debian, contrib/README.Debian file +$Id: README.contrib,v 1.4 2003/06/09 14:55:57 benj Exp $ +========================================================== + +A lot of the stuff in contrib/ is NOT tailored for being run in a +Debian system, and will malfunction or break your system if not correctly +modified. If you don't know what you're doing, don't use it. I do NOT +maintain the contrib/ directory, nor does fetchmail upstream. + +I have removed some useless or outright dangerous stuff from there as +well. You can always get the complete contrib/ contents from the source +package. + + -- Benjamin Drieu --- fetchmail-6.3.4.orig/debian/fetchmail.examples +++ fetchmail-6.3.4/debian/fetchmail.examples @@ -0,0 +1 @@ +debian/fetchmailrc.example --- fetchmail-6.3.4.orig/debian/fetchmailconf.dirs +++ fetchmail-6.3.4/debian/fetchmailconf.dirs @@ -0,0 +1,2 @@ +usr/bin +usr/share/man/man1 --- fetchmail-6.3.4.orig/debian/NEWS +++ fetchmail-6.3.4/debian/NEWS @@ -0,0 +1,19 @@ +fetchmail (6.3.1-1) unstable; urgency=low + + * File /etc/default/fetchamil has been added to stablish if user wants to + start fetchmail on boot or not. + * On install time we try to determine from old version if start or not. + * Default will be to not start. + * This addition is necessary since upgrades of the package while the users + hadn't finish to configure fetchmail properly were breaking the upgrade. + This had bitten quite a few users. + * The fetchmail-ssl dummy package has been removed since it is no longer + needed. + * Due to #327250 fetchmail home directory (/var/run/fetchmail) changed to + /var/lib/fetchmail + + -- Hector Garcia Mon, 9 Jan 2006 23:24:29 +0100 + + $Id$ + +# vim:set ai et sts=2 sw=2 tw=78: --- fetchmail-6.3.4.orig/debian/fetchmail.prerm +++ fetchmail-6.3.4/debian/fetchmail.prerm @@ -0,0 +1,14 @@ +#!/bin/sh + +# Stops daemon if it is running under our control +if [ -x /etc/init.d/fetchmail ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d --quiet fetchmail stop + else + /etc/init.d/fetchmail stop + fi +fi + +#DEBHELPER# + +exit 0 --- fetchmail-6.3.4.orig/debian/fetchmailconf.xpm +++ fetchmail-6.3.4/debian/fetchmailconf.xpm @@ -0,0 +1,37 @@ +/* XPM */ +static char *magick[] = { +/* columns rows colors chars-per-pixel */ +"32 19 12 1", +" c black", +". c #191919", +"X c gray20", +"o c #4c4c4c", +"O c #666667", +"+ c gray50", +"@ c gray60", +"# c #b2b2b2", +"$ c gray80", +"% c gray90", +"& c white", +"* c None", +/* pixels */ +"********************************", +"********************************", +"***************@@@@@@@@@@@@@@@@@", +"*************@@+@####@####@###@@", +"***********@+OOO$&&&%&&&%&%&%&%@", +"oXooO@***@OOO@+o#%&&&&%&&&&&&%$@", +" O$@@OOO@###@O#$%&&&&&&&&$#$@", +" @&OO+@@####$#@O@$%%&%&$#$$%@", +" @%@@@@+@##@+@#@@##$%%##%%&&@", +" .@&@@@@@@@OOoOOOO#&$@#%%$&&%@", +" +%@@@@@@++@+&$$$%&&&&&%$$%&@", +" @%@@++@@@@@+&%$%&&&%&&&&$$%@", +" @&@OOO++++O+&$$&&&%&&&&&&$%@", +". . @%+O@@O+O+@+$#$#$#$$$#$#$##@", +" O#@********@@@@@@@@@@@@@@@@+", +" o@**************************", +"+O+O@***************************", +"********************************", +"********************************" +}; --- fetchmail-6.3.4.orig/debian/fetchmailconf.install +++ fetchmail-6.3.4/debian/fetchmailconf.install @@ -0,0 +1,3 @@ +usr/bin/fetchmailconf +usr/share/pixmaps/fetchmailconf.xpm +usr/lib/python2.4/site-packages/fetchmailconf.* --- fetchmail-6.3.4.orig/debian/server +++ fetchmail-6.3.4/debian/server @@ -0,0 +1,15 @@ +fetchmail\[[0-9]+\]: +reading +fetchmail\[[0-9]+\]: +(not )?flushed +fetchmail\[[0-9]+\]: +[0-9]+ +messages? (\([0-9]+ seen\) )?for +fetchmail\[[0-9]+\]: +skipping poll +fetchmail\[[0-9]+\]: +Polling +fetchmail\[[0-9]+\]: +Queuing for +fetchmail\[[0-9]+\]: +awakened by +fetchmail\[[0-9]+\]: +awakened at +fetchmail\[[0-9]+\]: +sleeping +fetchmail\[[0-9]+\]: .* key fingerprint: +fetchmail\[[0-9]+\]: +\(.* body octets\) +fetchmail\[[0-9]+\]: +could not decode BASE64 challenge +fetchmail\[[0-9]+\]: +You have no mail\. +fetchmail\[[0-9]+\]: +Turnaround now\.\.\. +fetchmail\[[0-9]+\]: +receiving message data --- fetchmail-6.3.4.orig/debian/fetchmailconf.menu +++ fetchmail-6.3.4/debian/fetchmailconf.menu @@ -0,0 +1,7 @@ +?package(fetchmailconf):needs="x11"\ + section="Apps/System/Admin"\ + hints="Mail,Admin"\ + title="fetchmailconf"\ + longtitle="Configure fetchmail"\ + icon="/usr/share/pixmaps/fetchmailconf.xpm"\ + command="/usr/bin/fetchmailconf" --- fetchmail-6.3.4.orig/debian/fetchmail.links +++ fetchmail-6.3.4/debian/fetchmail.links @@ -0,0 +1,3 @@ +usr/bin/fetchmail usr/bin/popclient +usr/share/man/man1/fetchmail.1 usr/share/man/man1/popclient.1 +usr/share/man/man1/fetchmail.1 usr/share/man/man1/fetchmailrc.1 --- fetchmail-6.3.4.orig/debian/contrib.files +++ fetchmail-6.3.4/debian/contrib.files @@ -0,0 +1,23 @@ +contrib/fetchmailnochda.pl +contrib/fetchsetup +contrib/domino +contrib/fetchmaildistrib +contrib/fetchmail-mode.el +contrib/getmail +contrib/gotmail +contrib/gotmail.awk +contrib/gotmail.conf +contrib/gotmail.html.awk +contrib/login +contrib/logout +contrib/maildaemon +contrib/mailqueue.pl +contrib/multidrop +contrib/novell +contrib/poptest +contrib/preauth-harness +contrib/README +contrib/README.getmail +contrib/runfetchmail +contrib/toprocmail +contrib/zsh-completion --- fetchmail-6.3.4.orig/debian/fetchmail.preinst +++ fetchmail-6.3.4/debian/fetchmail.preinst @@ -0,0 +1,16 @@ +#!/bin/sh +# +# Preinst script for fetchmail +# $Id: fetchmail.preinst 148 2004-06-02 16:32:57Z bob $ +# + +# Remove a possibly fucked ip-up.d, which was unfortunately not +# removed due of being a conffile. This is ugly but the only "clean" +# way I see right now. +if [ -f /etc/network/if-up.d/fetchmail ] && [ "$2" = "6.2.4-3" ]; then + rm -f /etc/network/if-up.d/fetchmail +fi + +#DEBHELPER# + +exit 0 --- fetchmail-6.3.4.orig/debian/fetchmailrc.example +++ fetchmail-6.3.4/debian/fetchmailrc.example @@ -0,0 +1,33 @@ +# /etc/fetchmailrc for system-wide daemon mode +# This file must be chmod 0600, owner fetchmail + +# The default for this option is 300, which polls the server every 5 +# minutes. +# +#set daemon 300 + +# By default, the system-wide fetchmail will output logging messages to +# syslog; uncomment the line below to disable this. This might be useful +# if you are logging to another file using the 'logfile' option. +# +# set no syslog + +# Avoid loss on 4xx errors. On the other hand, 5xx errors get more +# dangerous. +# +set no bouncemail + +# The following defaults are used when connecting to any server, and can +# be overridden in the server description below. +# +# Set antispam to -1, since it is far safer to use that together with no +# bouncemail. +# +defaults: + antispam -1 + batchlimit 100 + +# Example server section. +# +#poll foo.bar.org with protocol pop3 +# user baka there is localbaka here smtphost smtp.foo.bar.org; --- fetchmail-6.3.4.orig/debian/rules +++ fetchmail-6.3.4/debian/rules @@ -0,0 +1,204 @@ +#!/usr/bin/make -f +# +# $Id: rules 340 2006-03-31 16:51:36Z hector $ +# +# Originally by Henrique M. Holschuh , and based on +# previous work by Paul Haggard , and in a +# debmake-created rules file. +# +# Special package build-time options: +# POP2, RPA, NTLM, SDPS, OPIE, KRB4, KRB5, GSSAPI +# NOPOP3, NOIMAP, NOETRN, NOODMR, IPV6, IPV6SEC +# +# To use them, add the ones you need to the environment variable +# DEB_FETCHMAIL_BUILD_OPTIONS before building the package. +# +# e.g. +# export DEB_FETCHMAIL_BUILD_OPTIONS="KRB4,NOIMAP,NOETRN,NOODMR" +# dpkg-buildpackage -rfakeroot -uc -us +# +# If DEB_FETCHMAIL_BUILD_OPTIONS is undefined, SSl, NTLM and SDPS will +# be enabled by default. +# +# The targets KRB4, KRB5, GSSAPI and OPIE require the proper libraries +# to be installed in the system. +# +# IPV6 and IPV6SEC support is untested, and breaks the 'interface' +# keyword (which is why they will not be enabled by default). + +export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +include /usr/share/dpatch/dpatch.make +# for autoconf 2.52 and newer only +CONFFLAGS = +ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) + CONFFLAGS += --build $(DEB_HOST_GNU_TYPE) +else + CONFFLAGS += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) +endif + +# Defaults for official debian package +ifeq (,$(DEB_FETCHMAIL_BUILD_OPTIONS)) + DEB_FETCHMAIL_BUILD_OPTIONS="SSL,NTLM,SDPS" +endif + +# Process build-time options +FETCHCONFOPT = +ifneq (,$(findstring SSL,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --with-ssl=/usr +endif +ifneq (,$(findstring POP2,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --enable-POP2 +endif +ifneq (,$(findstring RPA,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --enable-RPA +endif +ifneq (,$(findstring NTLM,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --enable-NTLM +endif +ifneq (,$(findstring SDPS,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --enable-SDPS +endif +ifneq (,$(findstring OPIE,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --enable-opie +endif +ifneq (,$(findstring KRB4,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --with-kerberos=/usr +endif +ifneq (,$(findstring KRB5,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --with-kerberos5=/usr +endif +ifneq (,$(findstring GSSAPI,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --with-gssapi=/usr +endif +ifneq (,$(findstring NOPOP3,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --disable-POP3 +endif +ifneq (,$(findstring NOIMAP,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --disable-IMAP +endif +ifneq (,$(findstring NOETRN,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --disable-ETRN +endif +ifneq (,$(findstring NOODMR,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --disable-ODMR +endif +ifneq (,$(findstring IPV6,$(DEB_FETCHMAIL_BUILD_OPTIONS))) + FETCHCONFOPT += --enable-inet6 +endif + +# Turn off optimization if the user requests it. +CFLAGS = -Wall -pipe -g +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif +export CFLAGS + +clean: unpatch + dh_testdir + dh_testroot + -rm -f build-stamp configure-stamp + -$(MAKE) -i distclean + -rm -f po/*.gmo config.sub config.guess config.status + dh_clean -X.orig -X.rej + +configure: configure-stamp +configure-stamp: patch + set -e + dh_testdir + + cp /usr/share/misc/config.sub config.sub + cp /usr/share/misc/config.guess config.guess + + ./configure $(CONFFLAGS) --prefix=/usr --enable-nls \ + --disable-fallback $(FETCHCONFOPT) + + touch configure-stamp + +build: configure-stamp build-stamp +build-stamp: + set -e + dh_testdir + + $(MAKE) + + # recreate gmo-files as workaround + (cd po; $(MAKE) update-gmo) +# sed -e '/fetchmail-5.3.3/ { s/.*/=== file truncated, see source package for complete changelog ===/; q; }' < NEWS > NEWS.truncated + + touch build-stamp + +tmpdir = $(CURDIR)/debian/tmp +pckdir = $(CURDIR)/debian/fetchmail + +install: build-stamp + dh_testdir + dh_testroot + dh_clean -k -X.orig -X.rej + dh_installdirs + $(MAKE) install prefix=$(tmpdir)/usr mandir=$(tmpdir)/usr/share/man + -install -D -m 644 debian/fetchmailconf.xpm \ + $(tmpdir)/usr/share/pixmaps/fetchmailconf.xpm + gzip -9 $(tmpdir)/usr/share/man/man1/fetchmail.1 +# not needed we set a symlink +# gzip -9 $(tmpdir)/usr/share/man/man1/fetchmailconf.1 + rm $(tmpdir)/usr/lib/python2.4/site-packages/fetchmailconf.py[co] + + +# Build architecture-independent files here. [ fetchmailconf ] +binary-indep: build-stamp install + dh_testdir + dh_testroot + dh_install -i --sourcedir=$(tmpdir) + dh_installdocs -i + dh_installmenu -i + dh_installman -i + dh_installchangelogs -i + dh_link -i usr/share/man/man1/fetchmail.1.gz usr/share/man/man1/fetchmailconf.1.gz + dh_python -i + dh_compress -i + dh_fixperms -i + dh_installdeb -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +# Build architecture-dependent files here. [ fetchmail ] +binary-arch: build-stamp install + dh_testdir + dh_testroot + mkdir -p $(pckdir)/usr/share/doc/fetchmail/contrib + xargs -r -i install "{}" $(pckdir)/usr/share/doc/fetchmail/contrib \ + < debian/contrib.files + -install -m 644 debian/README.contrib \ + $(pckdir)/usr/share/doc/fetchmail/contrib/README.Debian + install -D -m 755 debian/ip-up $(pckdir)/etc/ppp/ip-up.d/fetchmail + install -D -m 755 debian/ip-down $(pckdir)/etc/ppp/ip-down.d/fetchmail + install -D -m 755 debian/resolvconf \ + $(pckdir)/etc/resolvconf/update-libc.d/fetchmail + install -D -m 644 debian/workstation \ + $(pckdir)/etc/logcheck/ignore.d.workstation/fetchmail + install -D -m 644 debian/server \ + $(pckdir)/etc/logcheck/ignore.d.server/fetchmail + dh_install -a --sourcedir=$(tmpdir) + dh_installdocs -a NOTES README fetchmail-features.html \ + design-notes.html todo.html fetchmail-FAQ.html README.SSL OLDNEWS + dh_installexamples -a + dh_installinit -a -n + dh_installchangelogs -a + dh_installman + dh_strip -a + dh_link -a + dh_compress -a + dh_fixperms -a + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- fetchmail-6.3.4.orig/debian/workstation +++ fetchmail-6.3.4/debian/workstation @@ -0,0 +1 @@ +fetchmail\[[0-9]+\]: +Server CommonName mismatch: --- fetchmail-6.3.4.orig/debian/dirs +++ fetchmail-6.3.4/debian/dirs @@ -0,0 +1,2 @@ +usr/bin +usr/share/man/man1 --- fetchmail-6.3.4.orig/debian/fetchmail.install +++ fetchmail-6.3.4/debian/fetchmail.install @@ -0,0 +1,3 @@ +usr/bin/fetchmail +usr/share/locale/ +usr/share/man/man1/fetchmail.1.gz --- fetchmail-6.3.4.orig/debian/ip-up +++ fetchmail-6.3.4/debian/ip-up @@ -0,0 +1,15 @@ +#!/bin/sh +# +# Default fetchmail ip-up script (/etc/ppp/ip-up.d/fetchmail) +# +# Change "try-restart" below to "start" if you only want to run fetchmail when +# the PPP link is up. +# + +if [ -x /etc/init.d/fetchmail -a ! -x /sbin/resolvconf ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d --quiet fetchmail try-restart || true + else + /etc/init.d/fetchmail try-restart || true + fi +fi --- fetchmail-6.3.4.orig/debian/compat +++ fetchmail-6.3.4/debian/compat @@ -0,0 +1 @@ +4 --- fetchmail-6.3.4.orig/debian/README.Debian +++ fetchmail-6.3.4/debian/README.Debian @@ -0,0 +1,164 @@ +Fetchmail for Debian, README file +$Id: README.Debian 228 2005-08-14 15:52:49Z nion $ + +Miscellaneous notes +------------------- + +Fetchmail wants a MTA and will not use a MDA fallback by default anymore. +Please configure it correctly for your system. + +Also, MTA return codes 552 and 553 always cause fetchmail to trash the message, +unless "keep" mode is being used. MTA return codes in the "antispam" option +list will also cause mail loss. However, this list is empty by default. + + +Build instructions +------------------ + +Make sure to run "debian/rules clean" BEFORE you try to build the package +(dpkg-buildpackage will do that for you). You have been warned. + +You can tailor the capabilities of fetchmail (e.g. to add Kerberos IV support) +by defining DEB_FETCHMAIL_BUILD_OPTIONS before building the package. There is +no need to edit debian/rules anymore. Please read the comments in debian/rules +for more information. + +Building KerberosV support using the Heimdal libs in Debian will only work in +the SSL version of fetchmail. + + +Fetchmail and losing mail +------------------------- + +POP3 servers are known to delete stored mail for no good reason, no matter what +it is told to do. Badly-configured MTAs are known to send email to the trash or +bounce it with spam return codes -- including email sent to the postmaster. And +fetchmail is known to be blamed for both these things causing mail loss. + +SEND EMAIL TO YOURSELF MANUALLY TROUGH WHICHEVER DELIVERY METHOD YOU WANT +FETCHMAIL TO SEND THROUGH, TO TEST IT BEFORE RUNNING FETCHMAIL. + +CHECK YOUR MTA AND POP3 SERVER BY TELLING FETCHMAIL NOT TO DELETE MAIL FROM +YOUR SERVER ("keep" option) NOR DELETE SPAM ("antispam -1") NOR BOUNCE MAIL +("set no bouncemail") IF YOU VALUE YOUR EMAIL. YOU HAVE BEEN WARNED. + +The above checks should be made everytime you change something important in +either fetchmail's or the MTA/MDA configuration. + +Now, let's go over it once again: Fetchmail can, and will delete your mail if +it thinks the MTA is telling it to do so. Option "keep" will avoid the +deletion of messages. If you forget to tell fetchmail to "keep" messages, and +the MTA refuses delivery (particulary with codes 552 (message too large) or 553 +(invalid envelope sender), fetchmail will delete the message even when it +failed to deliver it. Setting "no bouncemail" and "antispam -1" makes such +deletion less likely. + + +Using the system-wide fetchmail +------------------------------- + +The fetchmail package install a SysV init script in /etc/init.d/fetchmail. +This script will start a fetchmail daemon running as the user fetchmail, if +the configuration file /etc/fetchmailrc is present in the system. If the +configuration file is not present, nothing is started. + +If the system-wide fetchmail refuses to start, you probably have syntax +errors in the /etc/fetchmailrc file. Try /etc/init.d/fetchmail debug-run +to find out why it is not starting. Do notice that debug-run is *not* +capable of detecting errors that happen only in daemon mode. + +By default, the system-wide fetchmail daemon will poll every 5 minutes. To +change this, add a line like the following to your /etc/fetchmailrc file: + + set daemon 900 # poll every 15 minutes + +Also, the system-wide fetchmail daemon will by default log all output to +syslog. To disable this (e.g. if you use the logfile option), add the +following to your /etc/fetchmailrc file: + + set no syslog # disable logging to syslog + + +Fetchmail on a PPP link +----------------------- + +By default, the system-wide fetchmail will start at boot, and will be +restarted when the PPP link is brought up. You, can however, configure +the system-wide fetchmail to *only* run when the PPP link is up (note +that this has no real advantage over running fetchmail all the time). To +do so, you must do four things: + + 1. Turn of fetchmail at boot. Simply rename the S99fetchmail links in + the /etc/rc?.d directories to K15fetchmail. For example: + + # cd /etc/rc2.d + # mv S99fetchmail K15fetchmail + + 2. Edit the ip-up script and change + "[ -x /etc/init.d/fetchmail -a ! -x /sbin/resolvconf ]" to + "[ -x /etc/init.d/fetchmail ]", and + "try-restart" to "start" + + 3. Edit the ip-down script and remove the "exit 0" line. + + 4. Remove /etc/resolvconf/update-libc.d/fetchmail (or add an "exit 0" + line at the beginning). + +Note that both the init script and the fetchmail PPP scripts are conffiles, +so if you don't like the setup you just need to change them to your heart's +content. The changes will not be overwritten by a package upgrade without +your explicit consent. + + +Running the system-wide fetchmail as root +----------------------------------------- + +The fetchmail package no longer supports running the system-wide fetchmail +as root. To switch to the new init script facility, just move your +/root/.fetchmailrc to /etc/fetchmailrc, read the "UIDL cache" section below, +and run: + + /etc/init.d/fetchmail restart + + +The UIDL cache +-------------- + +Fetchmail has an UIDL cache it may use to track message-seen state. The +init script and ip-up scripts want this cache to be in +/var/mail/.fetchmail-UIDL-cache. Note the paths leading up to the UIDL +cache file must be readable by the fetchmail user. This should not be a +problem on a default Debian install. + + +Errors with POP3 servers +------------------------ + +If you have difficulties with your POP3 server, and fetchmail -v shows that +fetchmail is trying to use AUTH instead of USER and PASS, you can use +"auth password" to force the use of USER and PASS. Also, fetchmailconf has +a blacklist of known-bad servers, try autodetecting the server with it. + + +Reporting problems +------------------ + +Use a Debian bug-reporting tool (e.g. reportbug from the reportbug package) to +report problems. Please include a fetchmail -v -v dump showing the problem to +aid debugging. /etc/init.d/fetchmail debug-run will do that for you if you are +using the system-wide fetchmail feature (Do remember that problems that only +happen in daemon mode are NOT triggered by debug-run). + +Problems with signals (e.g. "why fetchmail aborts with SIGPIPE?") need the use +of strace for debugging. Just do: + + /etc/init.d/fetchmail debug-run strace -o /tmp/strace.out + +and the init script will run fetchmail, and store the strace output in +/tmp/strace.out. See strace(1) for more details on strace. + +WARNING: strace output may contain security-sensitive information, such as your +fetchmail passwords. You should clobber those with "*" or "X" before sending +the file to anyone, especially the Debian bug-tracking system. + + -- Benjamin Drieu --- fetchmail-6.3.4.orig/debian/copyright +++ fetchmail-6.3.4/debian/copyright @@ -0,0 +1,77 @@ +This package was first debianized by Paul Haggart on +Mon, 18 Nov 1996 16:58:49 -0500. + +The Debian packaging was rebuilt and updated by Henrique M. Holschuh + on Mon, 12 Feb 2001 15:25:18 -0200, based on Paul's previous +work until September 2002. Thanks Paul and Henrique! + +The package was then maintained by Benjamin Drieu +Afterwards it was maintained by Graham Wilson . + +Now it is maintained by Nico Golde +and Héctor García . + +It was downloaded from: http://download.berlios.de/fetchmail/ + +Please check the fetchmail homepage at: http://fetchmail.berlios.de + +The code and docs are patched extensively. All changes from default upstream +behaviour are documented in README.Debian. + +Copyright: + +The code in the fetchmail distribution is Copyright 1997 by Eric S. Raymond. +Portions were also copyrighted by Carl E. Harris, 1993 and 1995. Copyright +retained for the purpose of protecting free software redistribution. + +The support for SMB authentication is copyright by Andrew Tridgell and +is under GPL version 2. Tridge has granted a specific exemption for +his GPL-licensed code to be linked with non-GPL-compliant code in +fetchmail. The relevant files are smb*.[ch] and ntlm.h. + +The code of interface.c is Copyright (c) 1996,1997 by George M. Sipe. + +License: + +The following files are public-domain: acconfig.h, alloca.c, md5c.c, md5.h. + +The following files are MIT license: rfc822.c,idle.c. + +The file contrib/runfetchmail is: +Copyright (c) 1997 Doug Muth, Wescosville, Pennsylvania USA +All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +The following file is under a variant of the InnerNet Version 2 license +(with the advertising clause removed for GPL compatibility) supplied +by its author: ipv6_connect.c. + +The following files are explicitly GPL-licensed: getopt1.c, getopt.c, getopt.h, +contrib/getfetchmail.pl,contrib/mailqueue.pl,contrib/PopDel.py,contrib/poptest, +contrib/fetchmail-mode.el. + +All other code in the distribution incorporates the copy of GPL version 2 +below by reference: + +Specific permission is granted for the GPLed code in this distribition to +be linked to OpenSSL without invoking GPL clause 2(b). + +[See /usr/share/common-licenses/GPL-2 for text of GPL v2] + --- fetchmail-6.3.4.orig/debian/patches/02.fix-print-date.dpatch +++ fetchmail-6.3.4/debian/patches/02.fix-print-date.dpatch @@ -0,0 +1,28 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 02.fix-print-date.dpatch by > +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad trunk~/fetchmail.c trunk/fetchmail.c +--- trunk~/fetchmail.c 2006-01-23 10:09:12.000000000 +0100 ++++ trunk/fetchmail.c 2006-02-02 11:02:37.000000000 +0100 +@@ -782,7 +782,7 @@ + exit(PS_AUTHFAIL); + } + +- if (outlevel > O_SILENT) ++ if (outlevel > O_NORMAL) + report(stdout, + GT_("sleeping at %s\n"), timestamp()); + +@@ -817,7 +817,7 @@ + ctl->wedged = FALSE; + } + +- if (outlevel > O_SILENT) ++ if (outlevel > O_NORMAL) + report(stdout, GT_("awakened at %s\n"), timestamp()); + } + } while --- fetchmail-6.3.4.orig/debian/patches/06_CVE-2007-1558.dpatch +++ fetchmail-6.3.4/debian/patches/06_CVE-2007-1558.dpatch @@ -0,0 +1,414 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 06_CVE-2007-1558.dpatch by Jamie Strandboge +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: fix for CVE-2007-1558 + +@DPATCH@ + +diff -Nru fetchmail-6.3.4.orig/Makefile.am fetchmail-6.3.4/Makefile.am +--- fetchmail-6.3.4.orig/Makefile.am 2007-09-25 15:34:24.000000000 -0400 ++++ fetchmail-6.3.4/Makefile.am 2007-09-25 15:38:48.000000000 -0400 +@@ -39,7 +39,7 @@ + servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \ + smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \ + libesmtp/gethostbyname.h libesmtp/gethostbyname.c \ +- smbtypes.h tls.c ++ smbtypes.h tls.c rfc822valid.c + libfm_a_LIBADD= $(EXTRAOBJ) + libfm_a_DEPENDENCIES= $(EXTRAOBJ) + LDADD = libfm.a @LIBINTL@ $(LIBOBJS) +@@ -75,11 +75,13 @@ + libesmtp/getaddrinfo.h libesmtp/getaddrinfo.c \ + KAME/getnameinfo.c + +-check_PROGRAMS += rfc822 unmime netrc rfc2047e mxget ++check_PROGRAMS += rfc822 unmime netrc rfc2047e mxget rfc822valid + + rfc2047e_CFLAGS= -DTEST + +-rfc822_CFLAGS= -DMAIN ++rfc822valid_CFLAGS= -DTEST ++ ++rfc822_CFLAGS= -DMAIN + + unmime_SOURCES= unmime.c + unmime_CFLAGS= -DSTANDALONE -DHAVE_CONFIG_H -I$(builddir) +diff -Nru fetchmail-6.3.4.orig/Makefile.in fetchmail-6.3.4/Makefile.in +--- fetchmail-6.3.4.orig/Makefile.in 2007-09-25 15:34:24.000000000 -0400 ++++ fetchmail-6.3.4/Makefile.in 2007-09-25 15:39:29.000000000 -0400 +@@ -44,7 +44,8 @@ + bin_PROGRAMS = fetchmail$(EXEEXT) + @HAVE_PYTHON_TRUE@am__append_1 = $(pym) + check_PROGRAMS = $(am__EXEEXT_1) rfc822$(EXEEXT) unmime$(EXEEXT) \ +- netrc$(EXEEXT) rfc2047e$(EXEEXT) mxget$(EXEEXT) ++ netrc$(EXEEXT) rfc2047e$(EXEEXT) mxget$(EXEEXT) \ ++ rfc822valid$(EXEEXT) + @NEED_TRIO_TRUE@am__append_2 = libtrio.a + @NEED_TRIO_TRUE@am__append_3 = regression + @NEED_TRIO_TRUE@am__append_4 = libtrio.a -lm +@@ -85,7 +86,7 @@ + rfc822.$(OBJEXT) report.$(OBJEXT) rfc2047e.$(OBJEXT) \ + servport.$(OBJEXT) smbdes.$(OBJEXT) smbencrypt.$(OBJEXT) \ + smbmd4.$(OBJEXT) smbutil.$(OBJEXT) gethostbyname.$(OBJEXT) \ +- tls.$(OBJEXT) ++ tls.$(OBJEXT) rfc822valid.$(OBJEXT) + libfm_a_OBJECTS = $(am_libfm_a_OBJECTS) + libtrio_a_AR = $(AR) $(ARFLAGS) + libtrio_a_LIBADD = +@@ -145,6 +146,11 @@ + rfc822_LDADD = $(LDADD) + rfc822_DEPENDENCIES = libfm.a $(am__DEPENDENCIES_2) \ + $(am__DEPENDENCIES_3) ++rfc822valid_SOURCES = rfc822valid.c ++rfc822valid_OBJECTS = rfc822valid-rfc822valid.$(OBJEXT) ++rfc822valid_LDADD = $(LDADD) ++rfc822valid_DEPENDENCIES = libfm.a $(am__DEPENDENCIES_2) \ ++ $(am__DEPENDENCIES_3) + am_unmime_OBJECTS = unmime-unmime.$(OBJEXT) + unmime_OBJECTS = $(am_unmime_OBJECTS) + unmime_LDADD = $(LDADD) +@@ -163,11 +169,11 @@ + YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS) + SOURCES = $(libfm_a_SOURCES) $(libtrio_a_SOURCES) $(fetchmail_SOURCES) \ + $(mxget_SOURCES) $(netrc_SOURCES) $(regression_SOURCES) \ +- rfc2047e.c rfc822.c $(unmime_SOURCES) ++ rfc2047e.c rfc822.c rfc822valid.c $(unmime_SOURCES) + DIST_SOURCES = $(libfm_a_SOURCES) $(am__libtrio_a_SOURCES_DIST) \ + $(fetchmail_SOURCES) $(mxget_SOURCES) $(netrc_SOURCES) \ + $(am__regression_SOURCES_DIST) rfc2047e.c rfc822.c \ +- $(unmime_SOURCES) ++ rfc822valid.c $(unmime_SOURCES) + RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-exec-recursive install-info-recursive \ +@@ -363,7 +369,7 @@ + servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \ + smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \ + libesmtp/gethostbyname.h libesmtp/gethostbyname.c \ +- smbtypes.h tls.c ++ smbtypes.h tls.c rfc822valid.c + + libfm_a_LIBADD = $(EXTRAOBJ) + libfm_a_DEPENDENCIES = $(EXTRAOBJ) +@@ -391,6 +397,7 @@ + KAME/getnameinfo.c + + rfc2047e_CFLAGS = -DTEST ++rfc822valid_CFLAGS = -DTEST + rfc822_CFLAGS = -DMAIN + unmime_SOURCES = unmime.c + unmime_CFLAGS = -DSTANDALONE -DHAVE_CONFIG_H -I$(builddir) +@@ -528,6 +535,9 @@ + rfc822$(EXEEXT): $(rfc822_OBJECTS) $(rfc822_DEPENDENCIES) + @rm -f rfc822$(EXEEXT) + $(LINK) $(rfc822_LDFLAGS) $(rfc822_OBJECTS) $(rfc822_LDADD) $(LIBS) ++rfc822valid$(EXEEXT): $(rfc822valid_OBJECTS) $(rfc822valid_DEPENDENCIES) ++ @rm -f rfc822valid$(EXEEXT) ++ $(LINK) $(rfc822valid_LDFLAGS) $(rfc822valid_OBJECTS) $(rfc822valid_LDADD) $(LIBS) + unmime$(EXEEXT): $(unmime_OBJECTS) $(unmime_DEPENDENCIES) + @rm -f unmime$(EXEEXT) + $(LINK) $(unmime_LDFLAGS) $(unmime_OBJECTS) $(unmime_LDADD) $(LIBS) +@@ -606,6 +616,8 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc2047e.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc822-rfc822.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc822.Po@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc822valid-rfc822valid.Po@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc822valid.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rpa.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/servport.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sink.Po@am__quote@ +@@ -835,6 +847,20 @@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ + @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(rfc822_CFLAGS) $(CFLAGS) -c -o rfc822-rfc822.obj `if test -f 'rfc822.c'; then $(CYGPATH_W) 'rfc822.c'; else $(CYGPATH_W) '$(srcdir)/rfc822.c'; fi` + ++rfc822valid-rfc822valid.o: rfc822valid.c ++@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(rfc822valid_CFLAGS) $(CFLAGS) -MT rfc822valid-rfc822valid.o -MD -MP -MF "$(DEPDIR)/rfc822valid-rfc822valid.Tpo" -c -o rfc822valid-rfc822valid.o `test -f 'rfc822valid.c' || echo '$(srcdir)/'`rfc822valid.c; \ ++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rfc822valid-rfc822valid.Tpo" "$(DEPDIR)/rfc822valid-rfc822valid.Po"; else rm -f "$(DEPDIR)/rfc822valid-rfc822valid.Tpo"; exit 1; fi ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rfc822valid.c' object='rfc822valid-rfc822valid.o' libtool=no @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(rfc822valid_CFLAGS) $(CFLAGS) -c -o rfc822valid-rfc822valid.o `test -f 'rfc822valid.c' || echo '$(srcdir)/'`rfc822valid.c ++ ++rfc822valid-rfc822valid.obj: rfc822valid.c ++@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(rfc822valid_CFLAGS) $(CFLAGS) -MT rfc822valid-rfc822valid.obj -MD -MP -MF "$(DEPDIR)/rfc822valid-rfc822valid.Tpo" -c -o rfc822valid-rfc822valid.obj `if test -f 'rfc822valid.c'; then $(CYGPATH_W) 'rfc822valid.c'; else $(CYGPATH_W) '$(srcdir)/rfc822valid.c'; fi`; \ ++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rfc822valid-rfc822valid.Tpo" "$(DEPDIR)/rfc822valid-rfc822valid.Po"; else rm -f "$(DEPDIR)/rfc822valid-rfc822valid.Tpo"; exit 1; fi ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rfc822valid.c' object='rfc822valid-rfc822valid.obj' libtool=no @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(rfc822valid_CFLAGS) $(CFLAGS) -c -o rfc822valid-rfc822valid.obj `if test -f 'rfc822valid.c'; then $(CYGPATH_W) 'rfc822valid.c'; else $(CYGPATH_W) '$(srcdir)/rfc822valid.c'; fi` ++ + unmime-unmime.o: unmime.c + @am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unmime_CFLAGS) $(CFLAGS) -MT unmime-unmime.o -MD -MP -MF "$(DEPDIR)/unmime-unmime.Tpo" -c -o unmime-unmime.o `test -f 'unmime.c' || echo '$(srcdir)/'`unmime.c; \ + @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/unmime-unmime.Tpo" "$(DEPDIR)/unmime-unmime.Po"; else rm -f "$(DEPDIR)/unmime-unmime.Tpo"; exit 1; fi +diff -Nru fetchmail-6.3.4.orig/fetchmail-FAQ.html fetchmail-6.3.4/fetchmail-FAQ.html +--- fetchmail-6.3.4.orig/fetchmail-FAQ.html 2006-03-30 19:26:03.000000000 -0500 ++++ fetchmail-6.3.4/fetchmail-FAQ.html 2007-09-25 15:37:11.000000000 -0400 +@@ -628,11 +628,12 @@ + you see something in the greeting line that looks like an + angle-bracket-enclosed Internet address with a numeric left-hand + part, that's an APOP challenge (it will vary each time you log in). +-You can register a secret on the host (using +-popauth(8) or some program like it). Specify the ++For some hosts, you need to register a secret on the host (using ++popauth(8) or some program like that). Specify the + secret as your password in your .fetchmailrc; it will be used to + encrypt the current challenge, and the encrypted form will be sent +-back the the server for verification.

++back the the server for verification. Note that APOP is no longer ++considered secure since March 2007.

+ +

Alternatively, you may have Kerberos available. This may require + you to set up some magic files in your home directory on your +@@ -648,8 +649,8 @@ + response.

+ +

If you are fetching mail from a CompuServe POP3 account, you can +-use their RPA authentication (which works much like APOP). See I1 for details. If you are fetching mail from ++use their RPA authentication. See I1 for details. ++If you are fetching mail from + Microsoft Exchange using IMAP, you will be able to use NTLM.

+ +

Your POP3 server may have the RFC1938 OTP capability to use +diff -Nru fetchmail-6.3.4.orig/fetchmail.h fetchmail-6.3.4/fetchmail.h +--- fetchmail-6.3.4.orig/fetchmail.h 2007-09-25 15:34:24.000000000 -0400 ++++ fetchmail-6.3.4/fetchmail.h 2007-09-25 15:37:11.000000000 -0400 +@@ -752,5 +752,8 @@ + int maybe_tls(struct query *ctl); + int must_tls(struct query *ctl); + ++/* prototype from rfc822valid.c */ ++int rfc822_valid_msgid(const unsigned char *); ++ + #endif + /* fetchmail.h ends here */ +diff -Nru fetchmail-6.3.4.orig/fetchmail.man fetchmail-6.3.4/fetchmail.man +--- fetchmail-6.3.4.orig/fetchmail.man 2006-04-06 05:44:05.000000000 -0400 ++++ fetchmail-6.3.4/fetchmail.man 2007-09-25 15:40:52.000000000 -0400 +@@ -236,6 +236,7 @@ + Post Office Protocol 3 + .IP APOP + Use POP3 with old-fashioned MD5-challenge authentication. ++Considered not resistant to man-in-the-middle attacks. + .IP RPOP + Use POP3 with RPOP authentication. + .IP KPOP +@@ -939,15 +940,15 @@ + facility was vulnerable to spoofing and was withdrawn in RFC1460. + .PP + RFC1460 introduced APOP authentication. In this variant of POP3, +-you register an APOP password on your server host (the program +-to do this with on the server is probably called \fIpopauth\fR(8)). You +-put the same password in your +-.I ~/.fetchmailrc +-file. Each time +-.I fetchmail +-logs in, it sends a cryptographically secure hash of your password and +-the server greeting time to the server, which can verify it by +-checking its authorization database. ++you register an APOP password on your server host (on some servers, the ++program to do this is called \fIpopauth\fR(8)). You put the same ++password in your \fI~/.fetchmailrc\fP file. Each time \fIfetchmail\fP ++logs in, it sends an MD5 hash of your password and the server greeting ++time to the server, which can verify it by checking its authorization ++database. ++ ++\fBNote that APOP is no longer considered resistant against ++man-in-the-middle attacks.\fP + .SS RETR or TOP + .I fetchmail + makes some efforts to make the server believe messages had not been +@@ -1009,7 +1010,7 @@ + password as a pass phrase to generate the required response. This + avoids sending secrets over the net unencrypted. + .PP +-Compuserve's RPA authentication (similar to APOP) is supported. If you ++Compuserve's RPA authentication is supported. If you + compile in the support, \fIfetchmail\fR will try to perform an RPA pass-phrase + authentication instead of sending over the password en clair if it + detects "@compuserve.com" in the hostname. +@@ -1975,7 +1976,7 @@ + \&'kerberos_v4', 'kerberos_v5' and 'gssapi', 'cram\-md5', 'otp', 'msn' + (only for POP3), 'ntlm', 'ssh'. The 'password' type specifies + authentication by normal transmission of a password (the password may be +-plain text or subject to protocol-specific encryption as in APOP); ++plain text or subject to protocol-specific encryption as in CRAM-MD5); + \&'kerberos' tells \fIfetchmail\fR to try to get a Kerberos ticket at the + start of each query instead, and send an arbitrary string as the + password; and 'gssapi' tells fetchmail to use GSSAPI authentication. +@@ -2633,7 +2634,7 @@ + RFC 2195, RFC 2449. + .TP 5 + APOP: +-RFC 1460, RFC 1725, RFC 1939. ++RFC 1939. + .TP 5 + RPOP: + RFC 1081, RFC 1225. +diff -Nru fetchmail-6.3.4.orig/pop3.c fetchmail-6.3.4/pop3.c +--- fetchmail-6.3.4.orig/pop3.c 2007-09-25 15:34:24.000000000 -0400 ++++ fetchmail-6.3.4/pop3.c 2007-09-25 15:37:11.000000000 -0400 +@@ -656,6 +656,20 @@ + else + *++end = '\0'; + ++ /* SECURITY: 2007-03-17 ++ * Strictly validating the presented challenge for RFC-822 ++ * conformity (it must be a msg-id in terms of that standard) is ++ * supposed to make attacks against the MD5 implementation ++ * harder[1] ++ * ++ * [1] "Security vulnerability in APOP authentication", ++ * Gaëtan Leurent, fetchmail-devel, 2007-03-17 */ ++ if (!rfc822_valid_msgid((unsigned char *)start)) { ++ report(stderr, ++ GT_("Invalid APOP timestamp.\n")); ++ return PS_AUTHFAIL; ++ } ++ + /* copy timestamp and password into digestion buffer */ + msg = xmalloc((end-start+1) + strlen(ctl->password) + 1); + strcpy(msg,start); +diff -Nru fetchmail-6.3.4.orig/rfc822valid.c fetchmail-6.3.4/rfc822valid.c +--- fetchmail-6.3.4.orig/rfc822valid.c 1969-12-31 19:00:00.000000000 -0500 ++++ fetchmail-6.3.4/rfc822valid.c 2007-09-25 15:37:11.000000000 -0400 +@@ -0,0 +1,140 @@ ++/* rfc822valid.c -- validators for RFC-822 syntax ++ * (C) Copyright 2007 Matthias Andree ++ * GNU General Public License v2 */ ++ ++/* This works only on ASCII-based computers. */ ++ ++#include "fetchmail.h" ++#include ++ ++/* CHAR except specials, SPACE, CTLs */ ++static const char *atomchar = "!#$%&'*+-/0123456789=?ABCDEFGHIJKLMNOPQRSTUVWXYZ^_`abcdefghijklmnopqrstuvwxyz{|}~"; ++ ++static int quotedpair(unsigned char const **x) { ++ if (**x != '\\') return 0; ++ ++ *x; ++ if ((int)* *x > 127 || * *x == '\0') ++ /* XXX FIXME: 0 is a legal CHAR, so the == '\0' is sort of bogus ++ * above, but fetchmail does not currently deal with NUL inputs ++ * so we don't need to make the distinction between ++ * end-of-string and quoted NUL. */ ++ return 0; ++ ++ *x; ++ return 1; ++} ++ ++ ++static int quotedstring(unsigned char const **x) { ++ if (* *x != '"') return 0; ++ ++ *x; ++ for(;;) { ++ switch (* *x) { ++ case '"': ++ ++ *x; ++ return 1; ++ case '\\': ++ if (quotedpair(x) == 0) return 0; ++ continue; ++ case '\r': ++ case '\0': ++ return 0; ++ } ++ if ((int)* *x >= 128) { ++ return 0; ++ } ++ ++ *x; ++ } ++} ++ ++static int atom(unsigned char const **x) { ++ /* atom */ ++ if (strchr(atomchar, (const char)**x)) { ++ *x += strspn((const char *)*x, atomchar); ++ return 1; ++ } ++ /* invalid character */ ++ return 0; ++} ++ ++static int word(unsigned char const **x) { ++ if (**x == '"') ++ return quotedstring(x); ++ return atom(x); ++} ++ ++static int domain_literal(unsigned char const **x) { ++ if (**x != '[') return 0; ++ ++ *x; ++ for(;;) { ++ switch (* *x) { ++ case '\0': ++ case '\r': ++ case '[': ++ return 0; ++ case ']': ++ ++ *x; ++ return 1; ++ case '\\': ++ if (quotedpair(x) == 0) return 0; ++ continue; ++ } ++ if ((int)* *x > 127) return 0; ++ ++ *x; ++ } ++} ++ ++static int subdomain(unsigned char const **x) { ++ if (* *x == '[') return domain_literal(x); ++ return atom(x); ++} ++ ++int rfc822_valid_msgid(const unsigned char *x) { ++ /* expect "<" */ ++ if (*x != '<') return 0; ++ ++ x; ++ ++ /* expect local-part = word *("." word) ++ * where ++ * word = atom/quoted-string ++ * atom = 1*ATOMCHAR ++ * quoted-string = <"> *(qtext/quoted-pair) <"> ++ * qtext = CHAR except ", \, CR ++ * quoted-pair = "\" CHAR ++ */ ++ for(;;) { ++ if (word(&x) == 0) return 0; ++ if (*x == '.') { ++x; continue; } ++ if (*x == '@') break; ++ return 0; ++ } ++ ++ /* expect "@" */ ++ if (*x != '@') return 0; ++ ++ x; ++ ++ /* expect domain = sub-domain *("." sub-domain) ++ * sub-domain = domain-ref/domain-literal ++ * domain-ref = atom ++ * domain-literal = "[" *(dtext/quoted-pair) "]" */ ++ for(;;) { ++ if (subdomain(&x) == 0) return 0; ++ if (*x == '.') { ++x; continue; } ++ if (*x == '>') break; ++ return 0; ++ } ++ ++ if (*x != '>') return 0; ++ return 1; ++} ++ ++#ifdef TEST ++#include ++ ++int main(int argc, char **argv) { ++ int i; ++ for (i = 1; i < argc; i++) { ++ printf("%s: %s\n", argv[i], rfc822_valid_msgid((unsigned char *)argv[i]) ? "OK" : "INVALID"); ++ } ++ return 0; ++} ++#endif --- fetchmail-6.3.4.orig/debian/patches/04.fix-cleartext-leak.dpatch +++ fetchmail-6.3.4/debian/patches/04.fix-cleartext-leak.dpatch @@ -0,0 +1,574 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04.fix-cleartext-leak.dpatch by Kees Cook +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fixes for CVE-2006-5867 extracted from upstream 6.3.6 release. + +@DPATCH@ +diff -urNad fetchmail-6.3.4~/Makefile.am fetchmail-6.3.4/Makefile.am +--- fetchmail-6.3.4~/Makefile.am 2006-04-02 03:19:27.000000000 -0700 ++++ fetchmail-6.3.4/Makefile.am 2007-01-09 14:56:09.768303145 -0800 +@@ -39,7 +39,7 @@ + servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \ + smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \ + libesmtp/gethostbyname.h libesmtp/gethostbyname.c \ +- smbtypes.h ++ smbtypes.h tls.c + libfm_a_LIBADD= $(EXTRAOBJ) + libfm_a_DEPENDENCIES= $(EXTRAOBJ) + LDADD = libfm.a @LIBINTL@ $(LIBOBJS) +diff -urNad fetchmail-6.3.4~/Makefile.in fetchmail-6.3.4/Makefile.in +--- fetchmail-6.3.4~/Makefile.in 2006-04-14 08:42:56.000000000 -0700 ++++ fetchmail-6.3.4/Makefile.in 2007-01-09 14:57:34.944623746 -0800 +@@ -84,7 +84,8 @@ + am_libfm_a_OBJECTS = xmalloc.$(OBJEXT) base64.$(OBJEXT) \ + rfc822.$(OBJEXT) report.$(OBJEXT) rfc2047e.$(OBJEXT) \ + servport.$(OBJEXT) smbdes.$(OBJEXT) smbencrypt.$(OBJEXT) \ +- smbmd4.$(OBJEXT) smbutil.$(OBJEXT) gethostbyname.$(OBJEXT) ++ smbmd4.$(OBJEXT) smbutil.$(OBJEXT) gethostbyname.$(OBJEXT) \ ++ tls.$(OBJEXT) + libfm_a_OBJECTS = $(am_libfm_a_OBJECTS) + libtrio_a_AR = $(AR) $(ARFLAGS) + libtrio_a_LIBADD = +@@ -362,7 +363,7 @@ + servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \ + smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \ + libesmtp/gethostbyname.h libesmtp/gethostbyname.c \ +- smbtypes.h ++ smbtypes.h tls.c + + libfm_a_LIBADD = $(EXTRAOBJ) + libfm_a_DEPENDENCIES = $(EXTRAOBJ) +@@ -614,6 +615,7 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smbutil.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smtp.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket.Po@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transact.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trio.Po@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trionan.Po@am__quote@ +diff -urNad fetchmail-6.3.4~/fetchmail.h fetchmail-6.3.4/fetchmail.h +--- fetchmail-6.3.4~/fetchmail.h 2006-04-02 03:18:20.000000000 -0700 ++++ fetchmail-6.3.4/fetchmail.h 2007-01-09 14:56:09.772303348 -0800 +@@ -748,5 +748,9 @@ + # define NI_DGRAM 16 + #endif + ++/* prototypes from tls.c */ ++int maybe_tls(struct query *ctl); ++int must_tls(struct query *ctl); ++ + #endif + /* fetchmail.h ends here */ +diff -urNad fetchmail-6.3.4~/imap.c fetchmail-6.3.4/imap.c +--- fetchmail-6.3.4~/imap.c 2006-03-15 08:25:22.000000000 -0800 ++++ fetchmail-6.3.4/imap.c 2007-01-09 14:56:09.772303348 -0800 +@@ -348,10 +348,11 @@ + { + int ok = 0; + #ifdef SSL_ENABLE +- flag did_stls = FALSE; +-#endif /* SSL_ENABLE */ +- ++ int got_tls = 0; ++ char *realhost; ++#endif + (void)greeting; ++ + /* + * Assumption: expunges are cheap, so we want to do them + * after every message unless user said otherwise. +@@ -374,44 +375,63 @@ + } + + #ifdef SSL_ENABLE +- if ((!ctl->sslproto || !strcmp(ctl->sslproto,"tls1")) +- && !ctl->use_ssl +- && strstr(capabilities, "STARTTLS")) +- { +- char *realhost; +- +- realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname; +- ok = gen_transact(sock, "STARTTLS"); ++ realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname; + +- /* We use "tls1" instead of ctl->sslproto, as we want STARTTLS, +- * not other SSL protocols +- */ +- if (ok == PS_SUCCESS && +- SSLOpen(sock,ctl->sslcert,ctl->sslkey,"tls1",ctl->sslcertck, ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1) +- { +- if (!ctl->sslproto && !ctl->wehaveauthed) +- { +- ctl->sslproto = xstrdup(""); +- /* repoll immediately */ +- return(PS_REPOLL); +- } +- report(stderr, +- GT_("SSL connection failed.\n")); +- return PS_SOCKET; +- } +- did_stls = TRUE; ++ if (maybe_tls(ctl)) { ++ if (strstr(capabilities, "STARTTLS")) ++ { ++ /* Use "tls1" rather than ctl->sslproto because tls1 is the only ++ * protocol that will work with STARTTLS. Don't need to worry ++ * whether TLS is mandatory or opportunistic unless SSLOpen() fails ++ * (see below). */ ++ if (gen_transact(sock, "STARTTLS") == PS_SUCCESS ++ && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck, ++ ctl->sslcertpath, ctl->sslfingerprint, realhost, ++ ctl->server.pollname) != -1) ++ { ++ /* ++ * RFC 2595 says this: ++ * ++ * "Once TLS has been started, the client MUST discard cached ++ * information about server capabilities and SHOULD re-issue the ++ * CAPABILITY command. This is necessary to protect against ++ * man-in-the-middle attacks which alter the capabilities list prior ++ * to STARTTLS. The server MAY advertise different capabilities ++ * after STARTTLS." ++ * ++ * Now that we're confident in our TLS connection we can ++ * guarantee a secure capability re-probe. ++ */ ++ got_tls = 1; ++ capa_probe(sock, ctl); ++ if (outlevel >= O_VERBOSE) ++ { ++ report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), realhost); ++ } ++ } ++ } + +- /* +- * RFC 2595 says this: +- * +- * "Once TLS has been started, the client MUST discard cached +- * information about server capabilities and SHOULD re-issue the +- * CAPABILITY command. This is necessary to protect against +- * man-in-the-middle attacks which alter the capabilities list prior +- * to STARTTLS. The server MAY advertise different capabilities +- * after STARTTLS." +- */ +- capa_probe(sock, ctl); ++ if (!got_tls) { ++ if (must_tls(ctl)) { ++ /* Config required TLS but we couldn't guarantee it, so we must ++ * stop. */ ++ report(stderr, GT_("%s: upgrade to TLS failed.\n"), realhost); ++ return PS_SOCKET; ++ } else { ++ if (outlevel >= O_VERBOSE) { ++ report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue\n"), realhost); ++ } ++ /* We don't know whether the connection is in a working state, so ++ * test by issuing a NOOP. */ ++ if (gen_transact(sock, "NOOP") != PS_SUCCESS) { ++ /* Not usable. Empty sslproto to force an unencrypted ++ * connection on the next attempt, and repoll. */ ++ ctl->sslproto = xstrdup(""); ++ return PS_REPOLL; ++ } ++ /* Usable. Proceed with authenticating insecurely. */ ++ } ++ } + } + #endif /* SSL_ENABLE */ + +@@ -552,19 +572,11 @@ + + snprintf(shroud, sizeof (shroud), "\"%s\"", password); + ok = gen_transact(sock, "LOGIN \"%s\" \"%s\"", remotename, password); ++ memset(shroud, 0x55, sizeof(shroud)); + shroud[0] = '\0'; ++ memset(password, 0x55, strlen(password)); + free(password); + free(remotename); +-#ifdef SSL_ENABLE +- /* this is for servers which claim to support TLS, but actually +- * don't! */ +- if (did_stls && ok == PS_SOCKET && !ctl->sslproto && !ctl->wehaveauthed) +- { +- ctl->sslproto = xstrdup(""); +- /* repoll immediately */ +- ok = PS_REPOLL; +- } +-#endif + if (ok) + { + /* SASL cancellation of authentication */ +diff -urNad fetchmail-6.3.4~/pop2.c fetchmail-6.3.4/pop2.c +--- fetchmail-6.3.4~/pop2.c 2006-03-14 01:48:01.000000000 -0800 ++++ fetchmail-6.3.4/pop2.c 2007-01-09 14:56:09.772303348 -0800 +@@ -60,10 +60,24 @@ + int status; + + (void)buf; ++ ++ if (ctl->sslproto && !strcasecmp(ctl->sslproto, "tls1") && !ctl->use_ssl) ++ { ++ report(stderr, GT_("POP2 does not support STLS. Giving up.\n")); ++ return PS_SOCKET; ++ } ++ ++ if (ctl->server.authenticate != A_ANY && ctl->server.authenticate != A_PASSWORD) ++ { ++ report(stderr, GT_("POP2 only supports password authentication. Giving up.\n")); ++ return PS_AUTHFAIL; ++ } ++ + strlcpy(shroud, ctl->password, sizeof(shroud)); + status = gen_transact(sock, + "HELO %s %s", + ctl->remotename, ctl->password); ++ memset(shroud, 0x55, sizeof(shroud)); + shroud[0] = '\0'; + return status; + } +diff -urNad fetchmail-6.3.4~/pop3.c fetchmail-6.3.4/pop3.c +--- fetchmail-6.3.4~/pop3.c 2006-04-03 03:09:31.000000000 -0700 ++++ fetchmail-6.3.4/pop3.c 2007-01-09 14:56:09.772303348 -0800 +@@ -41,6 +41,7 @@ + #endif /* OPIE_ENABLE */ + + /* session variables initialized in capa_probe() or pop3_getauth() */ ++flag done_capa = FALSE; + #if defined(GSSAPI) + flag has_gssapi = FALSE; + #endif /* defined(GSSAPI) */ +@@ -52,7 +53,7 @@ + flag has_otp = FALSE; + #endif /* OPIE_ENABLE */ + #ifdef SSL_ENABLE +-static flag has_ssl = FALSE; ++static flag has_stls = FALSE; + #endif /* SSL_ENABLE */ + + /* mailbox variables initialized in pop3_getrange() */ +@@ -238,6 +239,9 @@ + { + int ok; + ++ if (done_capa) { ++ return PS_SUCCESS; ++ } + #if defined(GSSAPI) + has_gssapi = FALSE; + #endif /* defined(GSSAPI) */ +@@ -261,7 +265,7 @@ + break; + #ifdef SSL_ENABLE + if (strstr(buffer, "STLS")) +- has_ssl = TRUE; ++ has_stls = TRUE; + #endif /* SSL_ENABLE */ + #if defined(GSSAPI) + if (strstr(buffer, "GSSAPI")) +@@ -279,6 +283,7 @@ + has_cram = TRUE; + } + } ++ done_capa = TRUE; + return(ok); + } + +@@ -302,9 +307,12 @@ + char *challenge; + #endif /* OPIE_ENABLE */ + #ifdef SSL_ENABLE +- flag did_stls = FALSE; ++ char *realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname; ++ flag connection_may_have_tls_errors = FALSE; ++ flag got_tls = FALSE; + #endif /* SSL_ENABLE */ + ++ done_capa = FALSE; + #if defined(GSSAPI) + has_gssapi = FALSE; + #endif /* defined(GSSAPI) */ +@@ -316,7 +324,7 @@ + has_otp = FALSE; + #endif /* OPIE_ENABLE */ + #ifdef SSL_ENABLE +- has_ssl = FALSE; ++ has_stls = FALSE; + #endif /* SSL_ENABLE */ + + /* Set this up before authentication quits early. */ +@@ -404,25 +412,29 @@ + + /* + * CAPA command may return a list including available +- * authentication mechanisms. if it doesn't, no harm done, we +- * just fall back to a plain login. Note that this code +- * latches the server's authentication type, so that in daemon mode +- * the CAPA check only needs to be done once at start of run. ++ * authentication mechanisms and STLS capability. + * +- * If CAPA fails, then force the authentication method to PASSORD +- * and repoll immediately. ++ * If it doesn't, no harm done, we just fall back to a plain ++ * login -- if the user allows it. + * +- * These authentication methods are blessed by RFC1734, +- * describing the POP3 AUTHentication command. ++ * Note that this code latches the server's authentication type, ++ * so that in daemon mode the CAPA check only needs to be done ++ * once at start of run. ++ * ++ * If CAPA fails, then force the authentication method to ++ * PASSWORD, switch off opportunistic and repoll immediately. ++ * If TLS is mandatory, fail up front. + */ + if ((ctl->server.authenticate == A_ANY) || +- (ctl->server.authenticate == A_GSSAPI) || +- (ctl->server.authenticate == A_KERBEROS_V4) || +- (ctl->server.authenticate == A_OTP) || +- (ctl->server.authenticate == A_CRAM_MD5)) ++ (ctl->server.authenticate == A_GSSAPI) || ++ (ctl->server.authenticate == A_KERBEROS_V4) || ++ (ctl->server.authenticate == A_KERBEROS_V5) || ++ (ctl->server.authenticate == A_OTP) || ++ (ctl->server.authenticate == A_CRAM_MD5) || ++ maybe_tls(ctl)) + { + if ((ok = capa_probe(sock)) != PS_SUCCESS) +- /* we are in STAGE_GETAUTH! */ ++ /* we are in STAGE_GETAUTH => failure is PS_AUTHFAIL! */ + if (ok == PS_AUTHFAIL || + /* Some servers directly close the socket. However, if we + * have already authenticated before, then a previous CAPA +@@ -431,52 +443,89 @@ + */ + (ok == PS_SOCKET && !ctl->wehaveauthed)) + { +- ctl->server.authenticate = A_PASSWORD; +- /* repoll immediately */ +- ok = PS_REPOLL; +- break; ++#ifdef SSL_ENABLE ++ if (must_tls(ctl)) { ++ /* fail with mandatory STLS without repoll */ ++ report(stderr, GT_("TLS is mandatory for this session, but server refused CAPA command.\n")); ++ report(stderr, GT_("The CAPA command is however necessary for TLS.\n")); ++ return ok; ++ } else { ++ /* defeat opportunistic STLS */ ++ xfree(ctl->sslproto); ++ ctl->sslproto = xstrdup(""); ++ } ++#endif ++ /* If strong authentication was opportunistic, retry without, else fail. */ ++ switch (ctl->server.authenticate) { ++ case A_ANY: ++ ctl->server.authenticate = A_PASSWORD; ++ /* FALLTHROUGH */ ++ case A_PASSWORD: /* this should only happen with TLS enabled */ ++ return PS_REPOLL; ++ default: ++ return PS_AUTHFAIL; ++ } + } + } + + #ifdef SSL_ENABLE +- if (has_ssl +- && !ctl->use_ssl +- && (!ctl->sslproto || !strcmp(ctl->sslproto,"tls1"))) +- { +- char *realhost; +- +- realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname; +- ok = gen_transact(sock, "STLS"); +- +- /* We use "tls1" instead of ctl->sslproto, as we want STLS, +- * not other SSL protocols +- */ +- if (ok == PS_SUCCESS && +- SSLOpen(sock,ctl->sslcert,ctl->sslkey,"tls1",ctl->sslcertck, ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1) ++ if (maybe_tls(ctl)) { ++ if (has_stls) + { +- if (!ctl->sslproto && !ctl->wehaveauthed) ++ /* Use "tls1" rather than ctl->sslproto because tls1 is the only ++ * protocol that will work with STARTTLS. Don't need to worry ++ * whether TLS is mandatory or opportunistic unless SSLOpen() fails ++ * (see below). */ ++ if (gen_transact(sock, "STLS") == PS_SUCCESS ++ && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck, ++ ctl->sslcertpath, ctl->sslfingerprint, realhost, ++ ctl->server.pollname) != -1) + { +- ctl->sslproto = xstrdup(""); +- /* repoll immediately */ +- return(PS_REPOLL); ++ /* ++ * RFC 2595 says this: ++ * ++ * "Once TLS has been started, the client MUST discard cached ++ * information about server capabilities and SHOULD re-issue the ++ * CAPABILITY command. This is necessary to protect against ++ * man-in-the-middle attacks which alter the capabilities list prior ++ * to STARTTLS. The server MAY advertise different capabilities ++ * after STARTTLS." ++ * ++ * Now that we're confident in our TLS connection we can ++ * guarantee a secure capability re-probe. ++ */ ++ got_tls = TRUE; ++ done_capa = FALSE; ++ ok = capa_probe(sock); ++ if (ok != PS_SUCCESS) { ++ return ok; ++ } ++ if (outlevel >= O_VERBOSE) ++ { ++ report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), realhost); ++ } + } +- report(stderr, +- GT_("SSL connection failed.\n")); +- return PS_SOCKET; +- } +- did_stls = TRUE; ++ } + +- /* +- * RFC 2595 says this: +- * +- * "Once TLS has been started, the client MUST discard cached +- * information about server capabilities and SHOULD re-issue the +- * CAPABILITY command. This is necessary to protect against +- * man-in-the-middle attacks which alter the capabilities list prior +- * to STARTTLS. The server MAY advertise different capabilities +- * after STARTTLS." +- */ +- capa_probe(sock); ++ if (!got_tls) { ++ if (must_tls(ctl)) { ++ /* Config required TLS but we couldn't guarantee it, so we must ++ * stop. */ ++ report(stderr, GT_("%s: upgrade to TLS failed.\n"), realhost); ++ return PS_SOCKET; ++ } else { ++ /* We don't know whether the connection is usable, and there's ++ * no command we can reasonably issue to test it (NOOP isn't ++ * allowed til post-authentication), so leave it in an unknown ++ * state, mark it as such, and check more carefully if things ++ * go wrong when we try to authenticate. */ ++ connection_may_have_tls_errors = TRUE; ++ if (outlevel >= O_VERBOSE) ++ { ++ report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue.\n"), realhost); ++ } ++ } ++ } + } + #endif /* SSL_ENABLE */ + +@@ -561,16 +610,25 @@ + } + #endif /* OPIE_ENABLE */ + +- strlcpy(shroud, ctl->password, sizeof(shroud)); +- ok = gen_transact(sock, "PASS %s", ctl->password); ++ /* check if we are actually allowed to send the password */ ++ if (ctl->server.authenticate == A_ANY ++ || ctl->server.authenticate == A_PASSWORD) { ++ strlcpy(shroud, ctl->password, sizeof(shroud)); ++ ok = gen_transact(sock, "PASS %s", ctl->password); ++ } else { ++ report(stderr, GT_("We've run out of allowed authenticators and cannot continue.\n")); ++ ok = PS_AUTHFAIL; ++ } ++ memset(shroud, 0x55, sizeof(shroud)); + shroud[0] = '\0'; + #ifdef SSL_ENABLE + /* this is for servers which claim to support TLS, but actually + * don't! */ +- if (did_stls && ok == PS_SOCKET && !ctl->sslproto && !ctl->wehaveauthed) ++ if (connection_may_have_tls_errors && ok == PS_SOCKET) + { ++ xfree(ctl->sslproto); + ctl->sslproto = xstrdup(""); +- /* repoll immediately */ ++ /* repoll immediately without TLS */ + ok = PS_REPOLL; + } + #endif +@@ -609,8 +667,12 @@ + break; + + case P_RPOP: +- if ((ok = gen_transact(sock,"USER %s", ctl->remotename)) == 0) ++ if ((ok = gen_transact(sock,"USER %s", ctl->remotename)) == 0) { ++ strlcpy(shroud, ctl->password, sizeof(shroud)); + ok = gen_transact(sock, "RPOP %s", ctl->password); ++ memset(shroud, 0x55, sizeof(shroud)); ++ shroud[0] = '\0'; ++ } + break; + + default: +@@ -1019,8 +1081,9 @@ + * the same mail will not be downloaded again. + */ + old = save_str(&ctl->oldsaved, id, UID_UNSEEN); +- old->val.status.num = unum; + } ++ /* save the number */ ++ old->val.status.num = unum; + } else + return PS_ERROR; + } /* multi-line loop for UIDL reply */ +@@ -1309,8 +1372,8 @@ + static const struct method pop3 = + { + "POP3", /* Post Office Protocol v3 */ +- "pop3", /* standard POP3 port */ +- "pop3s", /* ssl POP3 port */ ++ "pop3", /* port for plain and TLS POP3 */ ++ "pop3s", /* port for SSL POP3 */ + FALSE, /* this is not a tagged protocol */ + TRUE, /* this uses a message delimiter */ + pop3_ok, /* parse command response */ +diff -urNad fetchmail-6.3.4~/tls.c fetchmail-6.3.4/tls.c +--- fetchmail-6.3.4~/tls.c 1969-12-31 16:00:00.000000000 -0800 ++++ fetchmail-6.3.4/tls.c 2007-01-09 14:56:09.772303348 -0800 +@@ -0,0 +1,33 @@ ++/** \file tls.c - collect common TLS functionality ++ * \author Matthias Andree ++ * \year 2006 ++ */ ++ ++#include "fetchmail.h" ++ ++#ifdef HAVE_STRINGS_H ++#include ++#endif ++ ++/** return true if user allowed TLS */ ++int maybe_tls(struct query *ctl) { ++#ifdef SSL_ENABLE ++ /* opportunistic or forced TLS */ ++ return (!ctl->sslproto || !strcasecmp(ctl->sslproto,"tls1")) ++ && !ctl->use_ssl; ++#else ++ return 0; ++#endif ++} ++ ++/** return true if user requires TLS, note though that this code must ++ * always use a logical AND with maybe_tls(). */ ++int must_tls(struct query *ctl) { ++#ifdef SSL_ENABLE ++ return maybe_tls(ctl) ++ && (ctl->sslfingerprint || ctl->sslcertck ++ || (ctl->sslproto && !strcasecmp(ctl->sslproto, "tls1"))); ++#else ++ return 0; ++#endif ++} --- fetchmail-6.3.4.orig/debian/patches/00list +++ fetchmail-6.3.4/debian/patches/00list @@ -0,0 +1,5 @@ +01.fetchmailconf +03.fix-ja.po +04.fix-cleartext-leak.dpatch +05_CVE-2007-4565.dpatch +06_CVE-2007-1558.dpatch --- fetchmail-6.3.4.orig/debian/patches/01.fetchmailconf.dpatch +++ fetchmail-6.3.4/debian/patches/01.fetchmailconf.dpatch @@ -0,0 +1,16 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03.fetchmailconf.dpatch by > +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad trunk~/fetchmailconf.py trunk/fetchmailconf.py +--- trunk~/fetchmailconf.py 2006-01-08 13:11:51.000000000 +0100 ++++ trunk/fetchmailconf.py 2006-01-15 13:35:26.000000000 +0100 +@@ -1,5 +1,3 @@ +-#!/usr/bin/env python +-# + # A GUI configurator for generating fetchmail configuration files. + # by Eric S. Raymond, , + # Matthias Andree --- fetchmail-6.3.4.orig/debian/patches/03.fix-ja.po.dpatch +++ fetchmail-6.3.4/debian/patches/03.fix-ja.po.dpatch @@ -0,0 +1,81 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03.fix-ja.po.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad fetchmail-6.3.4~/po/ja.po fetchmail-6.3.4/po/ja.po +--- fetchmail-6.3.4~/po/ja.po 2006-04-13 16:54:34.000000000 +0200 ++++ fetchmail-6.3.4/po/ja.po 2006-10-23 11:22:10.000000000 +0200 +@@ -162,9 +162,6 @@ + msgstr[0] "" + "最大å–ã‚Šè¾¼ã¿æ•°ã§ã‚ã‚‹ %d 通ã«é”ã—ã¾ã—ãŸ; メッセージ㌠%d 通ã€ã‚µãƒ¼ãƒ %s ã«ã‚¢ã‚«" + "ウント %s å®›ã§æ®‹ã•ã‚Œã¦ã„ã¾ã™ã€‚\n" +-msgstr[1] "" +-"最大å–ã‚Šè¾¼ã¿æ•°ã§ã‚ã‚‹ %d 通ã«é”ã—ã¾ã—ãŸ; メッセージ㌠%d 通ã€ã‚µãƒ¼ãƒ %s ã«ã‚¢ã‚«" +-"ウント %s å®›ã§æ®‹ã•ã‚Œã¦ã„ã¾ã™ã€‚\n" + + #: driver.c:885 + msgid "SIGPIPE thrown from an MDA or a stream socket error\n" +@@ -407,20 +404,17 @@ + msgid "%d message (%d %s) for %s" + msgid_plural "%d messages (%d %s) for %s" + msgstr[0] "%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ (ãã®ã†ã¡ %d 通㯠%s) ãŒ%så®›ã«å±Šã„ã¦ã„ã¾ã™" +-msgstr[1] "%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ (ãã®ã†ã¡ %d 通㯠%s ) ãŒ%så®›ã«å±Šã„ã¦ã„ã¾ã™" + + #: driver.c:1341 + msgid "seen" + msgid_plural "seen" + msgstr[0] "æ—¢ã«èª­ã¿è¾¼ã‚“ã§ã„ã¾ã™" +-msgstr[1] "æ—¢ã«èª­ã¿è¾¼ã‚“ã§ã„ã¾ã™" + + #: driver.c:1344 + #, c-format + msgid "%d message for %s" + msgid_plural "%d messages for %s" + msgstr[0] "%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒ %s å®›ã«å±Šã„ã¦ã„ã¾ã™" +-msgstr[1] "%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒ %s å®›ã«å±Šã„ã¦ã„ã¾ã™" + + #: driver.c:1351 + #, c-format +@@ -1064,7 +1058,6 @@ + msgid " Poll of this server will occur every %d interval.\n" + msgid_plural " Poll of this server will occur every %d intervals.\n" + msgstr[0] " ã“ã®ã‚µãƒ¼ãƒã«å¯¾ã—ã¦ã®ã‚¢ã‚¯ã‚»ã‚¹ã¯ %d ã®é–“éš”ã§è¡Œã‚ã‚Œã¾ã™ã€‚\n" +-msgstr[1] " ã“ã®ã‚µãƒ¼ãƒã«å¯¾ã—ã¦ã®ã‚¢ã‚¯ã‚»ã‚¹ã¯ %d ã®é–“éš”ã§è¡Œã‚ã‚Œã¾ã™ã€‚\n" + + #: fetchmail.c:1510 + #, c-format +@@ -1460,7 +1453,6 @@ + msgid "%d local name recognized.\n" + msgid_plural "%d local names recognized.\n" + msgstr[0] "%d 個㮠localname ãŒå­˜åœ¨ã—ã¾ã™ã€‚\n" +-msgstr[1] "%d 個㮠localname ãŒå­˜åœ¨ã—ã¾ã™ã€‚\n" + + #: fetchmail.c:1792 + msgid " DNS lookup for multidrop addresses is enabled.\n" +@@ -1686,7 +1678,6 @@ + msgid "%d message waiting after re-poll\n" + msgid_plural "%d messages waiting after re-poll\n" + msgstr[0] "%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒå†ã‚¢ã‚¯ã‚»ã‚¹ã®å¾Œã«å­˜åœ¨ã—ã¾ã™ã€‚\n" +-msgstr[1] "%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒå†ã‚¢ã‚¯ã‚»ã‚¹ã®å¾Œã«å­˜åœ¨ã—ã¾ã™ã€‚\n" + + #: imap.c:731 + msgid "mailbox selection failed\n" +@@ -1697,7 +1688,6 @@ + msgid "%d message waiting after first poll\n" + msgid_plural "%d messages waiting after first poll\n" + msgstr[0] "最åˆã®ã‚¢ã‚¯ã‚»ã‚¹ã‹ã‚‰ %d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒã‚ã‚Šã¾ã™ã€‚\n" +-msgstr[1] "最åˆã®ã‚¢ã‚¯ã‚»ã‚¹ã‹ã‚‰ %d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒã‚ã‚Šã¾ã™ã€‚\n" + + #: imap.c:749 + msgid "expunge failed\n" +@@ -1708,7 +1698,6 @@ + msgid "%d message waiting after expunge\n" + msgid_plural "%d messages waiting after expunge\n" + msgstr[0] "削除ã®å¾Œã€%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ®‹ã£ã¦ã„ã¾ã™ã€‚\n" +-msgstr[1] "削除ã®å¾Œã€%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ®‹ã£ã¦ã„ã¾ã™ã€‚\n" + + #: imap.c:795 + msgid "search for unseen messages failed\n" --- fetchmail-6.3.4.orig/debian/patches/05_CVE-2007-4565.dpatch +++ fetchmail-6.3.4/debian/patches/05_CVE-2007-4565.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 05_CVE-2007-4565.dpatch by Jamie Strandboge +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: fix for CVE-2007-4565 + +@DPATCH@ + +diff -Nru fetchmail-6.3.4.orig/sink.c fetchmail-6.3.4/sink.c +--- fetchmail-6.3.4.orig/sink.c 2006-04-04 08:14:37.000000000 -0400 ++++ fetchmail-6.3.4/sink.c 2007-09-25 10:02:22.000000000 -0400 +@@ -262,7 +262,7 @@ + const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@"; + + /* don't bounce in reply to undeliverable bounces */ +- if (!msg->return_path[0] || ++ if (!msg || !msg->return_path[0] || + strcmp(msg->return_path, "<>") == 0 || + strcasecmp(msg->return_path, md1) == 0 || + strncasecmp(msg->return_path, md2, strlen(md2)) == 0) --- fetchmail-6.3.4.orig/debian/control +++ fetchmail-6.3.4/debian/control @@ -0,0 +1,34 @@ +Source: fetchmail +Section: mail +Priority: optional +Maintainer: Fetchmail Maintainers +Uploaders: Nico Golde , Hector Garcia +Build-Depends: debhelper (>= 4.1.16), libssl-dev, autotools-dev, dpatch, gettext, python +Standards-Version: 3.7.0 + +Package: fetchmail +Architecture: any +Depends: ${shlibs:Depends}, debianutils (>= 1.7), adduser (>= 3.34), gettext, lsb-base (>= 1.3-9ubuntu3), sysv-rc (>= 2.86.ds1-14.1ubuntu2) +Conflicts: popclient, fetchmail-common, logcheck (<< 1.1.1-9), fetchmail-ssl (<= 6.2.5-12) +Replaces: fetchmail-common, fetchmail-ssl +Provides: fetchmail-ssl +Suggests: fetchmailconf, postfix | mail-transport-agent, resolvconf +Recommends: ca-certificates +Description: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder + fetchmail is a free, full-featured, robust, and well-documented remote mail + retrieval and forwarding utility intended to be used over on-demand TCP/IP + links (such as SLIP or PPP connections). It retrieves mail from remote mail + servers and forwards it to your local (client) machine's delivery system, so + it can then be read by normal mail user agents such as mutt, elm, pine, + (x)emacs/gnus, or mailx. The fetchmailconf package includes an interactive + GUI configurator suitable for end-users. Kerberos IV & V, RPA, OPIE and + GSSAPI support are available if the package is recompiled. + . + Homepage: http://www.fetchmail.info + +Package: fetchmailconf +Architecture: all +Depends: fetchmail (= ${Source-Version}), python (>= 2.1), python-tk +Description: fetchmail configurator + A GUI wrapper to configure fetchmail's .fetchmailrc, suitable for + end-users. See fetchmail package for more information. --- fetchmail-6.3.4.orig/debian/resolvconf +++ fetchmail-6.3.4/debian/resolvconf @@ -0,0 +1,12 @@ +#!/bin/sh + +while [ "$1" ]; do + if [ "$1" = "--nscd" ]; then + exit 0 + fi + shift +done + +if [ -x /etc/init.d/fetchmail ]; then + /etc/init.d/fetchmail try-restart +fi --- fetchmail-6.3.4.orig/debian/fetchmail.postrm +++ fetchmail-6.3.4/debian/fetchmail.postrm @@ -0,0 +1,38 @@ +#!/bin/sh +# +# Postrm script for fetchmail +# $Id: fetchmail.postrm 237 2005-10-18 15:57:10Z nion $ +# + +set -e + +#DEBHELPER# + +if [ "$1" = "purge" ]; then + if [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_purge + fi + + # Remove SysV initscript + update-rc.d fetchmail remove >/dev/null || true + + # Remove init.d configuration file + if [ -r /etc/default/fetchmail ]; then + rm -f /etc/default/fetchmail + fi + # Remove other cruft + rm -f /var/mail/.fetchmail-UIDL-cache >/dev/null 2>&1 || true + + # Remove user fetchmail + fetchmailhome=`getent passwd fetchmail | cut -d : -f 6` + rm -f "$fetchmailhome/.fetchids" >/dev/null 2>&1 || true + rm -f "$fetchmailhome/.fetchmail-UIDL-cache" >/dev/null 2>&1 || true + rm -f "$fetchmailhome/.fetchmail.pid" >/dev/null 2>&1 || true + userdel fetchmail || true + rmdir "$fetchmailhome" >/dev/null 2>&1 || true +fi + +exit 0 + +# vim:ts=4:sw=4: --- fetchmail-6.3.4.orig/debian/fetchmail.default +++ fetchmail-6.3.4/debian/fetchmail.default @@ -0,0 +1,4 @@ +# This file will be used to declare some vars for fetchmail + +# Declare here if we want to start fetchmail. 'yes' or 'no' +START_DAEMON=no --- fetchmail-6.3.4.orig/debian/fetchmail.postinst +++ fetchmail-6.3.4/debian/fetchmail.postinst @@ -0,0 +1,73 @@ +#!/bin/sh +# +# Postinst script for fetchmail +# $Id: fetchmail.postinst 333 2006-03-27 17:20:45Z nion-guest $ +# + +set -e + +# Create fetchmail user and its homedir if we may need it +if ! getent passwd fetchmail >/dev/null; then + adduser --system --ingroup nogroup --home /var/lib/fetchmail \ + --shell /bin/sh --disabled-password fetchmail +fi +if ! [ -d /var/lib/fetchmail ]; then + mkdir -p /var/lib/fetchmail +fi +chmod 700 /var/lib/fetchmail +chown -h -R fetchmail:nogroup /var/lib/fetchmail + +# Code to handle the upgrade to use /etc/default/fetchmail +case "$1" in + configure) + if dpkg --compare-versions "$2" lt 6.3.1 + then + if [ -e /etc/fetchmailrc ] + then + if [ `grep -c poll /etc/fetchmailrc` ] + then + # If /etc/fetchmailrc exits and is defined a pool line + # I assume is correctly configured and make the default to + # run on boot + FILE=`mktemp` + cat /etc/default/fetchmail | sed 's/START_DAEMON=no/START_DAEMON=yes/' > $FILE + mv $FILE /etc/default/fetchmail + fi + fi + # update home directory for old installations because of #327250 + usermod -d /var/lib/fetchmail fetchmail + + # Removing old /var/run/fetchmail if empty + rm -f "/var/run/fetchmail/.fetchids" >/dev/null 2>&1 || true + rm -f "/var/run/fetchmail/.fetchmail-UIDL-cache" >/dev/null 2>&1 || true + if [ ! -f "/var/lib/fetchmail/.fetchmail.pid" ] + then + mv "/var/run/fetchmail/.fetchmail.pid" "/var/lib/fetchmail/.fetchmail.pid" >/dev/null 2>&1 || true + fi + rmdir "/var/run/fetchmail" >/dev/null 2>&1 || true + fi + ;; + abort-upgrade|abort-remove|abort-deconfigure) + ;; +esac + +if [ -x /etc/init.d/fetchmail ]; then + update-rc.d fetchmail multiuser 99 15 >/dev/null + + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d --quiet fetchmail start || true + else + /etc/init.d/fetchmail start || true + fi +fi + +# Remove shutdown and reboot links; this init script does not need them. +if dpkg --compare-versions "$2" lt "6.3.4-1ubuntu2"; then + rm -f /etc/rc0.d/K15fetchmail /etc/rc6.d/K15fetchmail +fi + +#DEBHELPER# + +exit 0 + +# vim:ts=4:sw=4: --- fetchmail-6.3.4.orig/debian/watch +++ fetchmail-6.3.4/debian/watch @@ -0,0 +1,2 @@ +version=2 +http://developer.berlios.de/project/showfiles.php?group_id=1824 .*fetchmail-(.*)\.tar\.bz2 --- fetchmail-6.3.4.orig/debian/TODO.Debian +++ fetchmail-6.3.4/debian/TODO.Debian @@ -0,0 +1,12 @@ ++ Maybe add a suid-to-utterly-unpriviledged-user mode for the + benefit of those not using system-wide fetchmails because they + don't want root to have their mail passwords. +* verify .de template, and linelength of all templates +* verify all the weirdness with the signal handling, and + especially concerning SA_RESTART [pending] +* fix heimdal support in unstable + +2. when fetchmail exits with SMTP transaction errors (code 10), fetchmail jumps +out of the window before updating its .fetchids, thus, previous successful +transactions are done again the next fetchmail run -> duplicate mail on +receiver. --- fetchmail-6.3.4.orig/debian/ip-down +++ fetchmail-6.3.4/debian/ip-down @@ -0,0 +1,17 @@ +#!/bin/sh +# +# Default fetchmail ip-down script (/etc/ppp/ip-down.d/fetchmail) +# +# Remove the "exit 0" line if you want only want to run fetchmail when the +# PPP link is up. +# + +exit 0 + +if [ -x /etc/init.d/fetchmail ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d --quiet fetchmail stop || true + else + /etc/init.d/fetchmail stop || true + fi +fi --- fetchmail-6.3.4.orig/debian/init +++ fetchmail-6.3.4/debian/init @@ -0,0 +1,200 @@ +#!/bin/sh +# +# Fetchmail init script +# Latest change: Do Jun 23 16:59:08 CEST 2005 +# +# A fetchmailrc file containg hosts and passwords for all local users should be +# placed in /etc/fetchmailrc. Remember to make the /etc/fetchmailrc mode 600 +# to avoid disclosing the users' passwords. +# +# This script will NOT start or stop fetchmail if the /etc/fetchmailrc file +# does not exist. +# + +set -e + +if [ ! -e /etc/fetchmailrc ]; then + exit 0 +fi + +test -f /etc/default/fetchmail || exit 0 +. /etc/default/fetchmail +if [ ! "x$START_DAEMON" = "xyes" ]; then + echo "Edit /etc/default/fetchmail to start fetchmail" + exit 0 +fi + +# Defaults +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/bin/fetchmail +USER=fetchmail + +CONFFILE=/etc/fetchmailrc +PIDFILE="/var/run/fetchmail/fetchmail.pid" +OPTIONS="-f $CONFFILE --pidfile $PIDFILE" +UIDL=/var/lib/fetchmail/.fetchmail-UIDL-cache + +test -f $DAEMON || exit 0 +test -r $CONFFILE || exit 0 + +. /lib/lsb/init-functions + +if [ "$1" = "start" ]; then + if [ ! -r $CONFFILE ] ; then + echo "$CONFFILE not found." + echo "can not start fetchmail daemon... consider disabling the script" + exit 0 + fi +fi + + + +# sanity checks (saves on MY sanity :-P ) +if ! id $USER >/dev/null 2>&1; then + if [ "$USER" = "fetchmail" ]; then + # The fetchmail user might have been removed when the fetchmail-common + # package is purged. We have to re-add it here so the system-wide + # daemon will run. + + adduser --system --ingroup nogroup --home /var/lib/fetchmail \ + --shell /bin/sh --disabled-password fetchmail >/dev/null 2>&1 || true + # work around possible adduser bug, see #119366 + [ -d /var/lib/fetchmail ] || mkdir -p /var/lib/fetchmail + chmod 700 /var/lib/fetchmail + chown -h -R fetchmail:nogroup /var/lib/fetchmail + else + log_failure_msg "$USER user does not exist!" + exit 1 + fi +fi + +# add daemon option if user hasn't already specified it +if ! grep -qs '^[[:space:]]*set[[:space:]]\+daemon[[:space:]]' "$CONFFILE"; then + OPTIONS="$OPTIONS -d 300" +fi + +# add syslog option unless user specified "set no syslog". +if ! grep -qs '^[[:space:]]*set[[:space:]]\+no[[:space:]]\+syslog' "$CONFFILE"; then + OPTIONS="$OPTIONS --syslog" +fi + +# support for ephemeral /var/run +if [ "${PIDFILE%/*}" = "/var/run/fetchmail" ] && [ ! -d ${PIDFILE%/*} ]; then + mkdir /var/run/fetchmail + chown -h $USER:nogroup /var/run/fetchmail + chmod 700 /var/run/fetchmail +fi + +# sanity check +#if [ ! -d ${PIDFILE%/*} ]; then +# echo "$0: directory ${PIDFILE%/*} does not exist!" +# exit 1 +#fi + +# If the user is going to use a UIDL cache, try to find a better place for the +# UIDL cache than root's homedir. Also create $UIDL if it doesn't exist, +# because the daemon won't have the permission. +if ! grep -qs idfile "$CONFFILE" && [ -d /var/lib/fetchmail ]; then + OPTIONS="$OPTIONS -i $UIDL" + touch $UIDL + chown -h $USER $UIDL + chmod 0600 $UIDL +fi + +# Makes sure certain files/directories have the proper owner +if [ "`stat -c '%U %a' $CONFFILE 2>/dev/null`" != "$USER 600" ]; then + chown -h $USER $CONFFILE + chmod -f 0600 $CONFFILE +fi + +case "$1" in + start) + if test -e $PIDFILE ; then + pid=`cat $PIDFILE | sed -e 's/\s.*//'` + PIDDIR=/proc/$pid + if [ -d ${PIDDIR} -a "$(readlink -f ${PIDDIR}/exe)" = "${DAEMON}" ]; then + echo "fetchmail already started; not starting." + exit 0 + else + echo "Removing stale PID file $PIDFILE." + rm -f $PIDFILE + fi + fi + log_begin_msg "Starting mail retrieval agent..." + start-stop-daemon -S -o -q -p $PIDFILE -x $DAEMON -u $USER -a /bin/su -- -c "$DAEMON $OPTIONS" $USER + log_end_msg $? + ;; + stop) + if ! test -e $PIDFILE ; then + echo "Pidfile not found! Is fetchmail running?" + exit 0 + fi + log_begin_msg "Stopping mail retrieval agent..." + start-stop-daemon -K -o -q -p $PIDFILE -x $DAEMON -u $USER + log_end_msg $? + ;; + force-reload|restart) + sh $0 stop + sh $0 start + ;; + try-restart) + if start-stop-daemon -S -t -q -p $PIDFILE -x $DAEMON -u $USER >/dev/null; then + exit 0 + fi + $0 restart + ;; + awaken) + log_begin_msg "Awakening mail retrieval agent..." + if [ -r $PIDFILE ]; then + su -c $DAEMON $USER <&- >/dev/null 2>&1 + log_end_msg 0 + exit 0 + else + log_end_msg 1 + exit 1 + fi + ;; + debug-run) + log_success_msg "Initiating debug run of system-wide fetchmail service..." 1>&2 + log_success_msg "script will be run in debug mode, all output to forced to" 1>&2 + log_success_msg "stdout. This is not enough to debug failures that only" 1>&2 + log_success_msg "happen in daemon mode." 1>&2 + log_success_msg "You might want to direct output to a file, and tail -f it." 1>&2 + if [ "$2" = "strace" ]; then + log_success_msg "(running debug mode under strace. See strace(1) for options)" 1>&2 + log_success_msg "WARNING: strace output may contain security-sensitive info, such as" 1>&2 + log_success_msg "passwords; please clobber them before sending the strace file to a" 1>&2 + log_success_msg "public bug tracking system, such as Debian's." 1>&2 + fi + log_success_msg "Stopping the service..." 1>&2 + "$0" stop + log_success_msg "exit status of service stop was: $?" + log_success_msg "RUNUSER is $USER" + log_success_msg "OPTIONS would be $OPTIONS" + log_success_msg "Starting service in nodetach mode, hit ^C (SIGINT/intr) to finish run..." 1>&2 + if [ "$2" = "strace" ] ; then + shift + shift + [ $# -ne 0 ] && log_success_msg "(strace options are: -tt $@)" 1>&2 + su -c "/usr/bin/strace -tt $@ $DAEMON $OPTIONS --nosyslog --nodetach -v -v" $USER <&- 2>&1 && true + else + su -c "$DAEMON $OPTIONS --nosyslog --nodetach -v -v" $USER <&- 2>&1 + fi + log_success_msg "End of service run. Exit status was: $?" + exit 0 + ;; + *) + log_success_msg "Usage: /etc/init.d/fetchmail {start|stop|restart|force-reload|awaken|debug-run}" + log_success_msg " start - starts system-wide fetchmail service" + log_success_msg " stop - stops system-wide fetchmail service" + log_success_msg " restart, force-reload - starts a new system-wide fetchmail service" + log_success_msg " awaken - tell system-wide fetchmail to start a poll cycle immediately" + log_success_msg " debug-run [strace [strace options...]] - start a debug run of the" + log_success_msg " system-wide fetchmail service, optionally running it under strace" + exit 1 + ;; +esac + +exit 0 + +# vim:ts=4:sw=4: