--- fetchmail-6.3.4.orig/debian/changelog
+++ fetchmail-6.3.4/debian/changelog
@@ -0,0 +1,2143 @@
+fetchmail (6.3.4-1ubuntu4.2) edgy-security; urgency=low
+
+ * SECURITY UPDATE: DoS via NULL pointer dereference when SMTP refuses to
+ send certain warning messages
+ * added 05_CVE-2007-4565.dpatch to sink.c to verify msg is not NULL
+ * SECURITY UPDATE: Due to a design flaw in the APOP protocol, remote
+ attackers may be able to acquire a portion of a user's authentication
+ credentials using man-in-the-middle techniques.
+ * added 06_CVE-2007-1558.dpatch. This patch adds notes about APOP's
+ limitations as well as updating pop3.c to more strictly validate the
+ presented challenge for RFC-822 conformity. This change to pop3.c does
+ not fix the APOP design flaw, but does make attacks against APOP somewhat
+ more difficult.
+ * References
+ CVE-2007-4565
+ CVE-2007-1558
+
+ -- Jamie Strandboge Tue, 25 Sep 2007 10:29:49 -0400
+
+fetchmail (6.3.4-1ubuntu4.1) edgy-security; urgency=low
+
+ * SECURITY UPDATE: password can leak in cleartext when SSL configured.
+ * Add 'debian/patches/04.fix-cleartext-leak.dpatch': extracted from upstream.
+ * References
+ CVE-2006-5867
+
+ -- Kees Cook Tue, 9 Jan 2007 14:42:01 -0800
+
+fetchmail (6.3.4-1ubuntu4) edgy; urgency=low
+
+ * Add debian/patches/03.fix-ja.po.dpatch: Japanese does not have any plural
+ forms; remove the useless msgstr[1] from Japanese translation so that
+ msgfmt does not abort with a fatal error. Fixes FTBFS.
+
+ -- Martin Pitt Mon, 23 Oct 2006 11:22:25 +0200
+
+fetchmail (6.3.4-1ubuntu3) edgy; urgency=low
+
+ * s/python2.3/python2.4/ in debian/rules to fix FTBFS.
+
+ -- Scott James Remnant Thu, 12 Oct 2006 15:14:46 +0100
+
+fetchmail (6.3.4-1ubuntu2) edgy; urgency=low
+
+ * Remove stop script symlinks from rc0 and rc6.
+
+ -- Scott James Remnant Mon, 18 Sep 2006 17:01:12 +0100
+
+fetchmail (6.3.4-1ubuntu1) edgy; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - LSB init script,
+ - suggest postfix rather than exim4,
+ - python2.4
+
+ -- Scott James Remnant Thu, 6 Jul 2006 11:12:01 +0100
+
+fetchmail (6.3.4-1) unstable; urgency=low
+
+ [ Hector Garcia ]
+ * New upstream release
+ - pidfile: there is a new command-line (--pidfile PATH) and global option
+ for the rcfile (set pidfile [=] "/path/to/pidfile") option to allow
+ overriding the default location of the PID file.
+ * Removed es.po patch, integrated upstream.
+ * Changed init.d to use new flag --pidfile to place pid file on
+ /var/run/fetchmail/fetchmail.pid (Closes: #355457)
+ * Changed ip-up and ip-down to use invoke-rc.d
+
+ [ Nico Golde ]
+ * Checked for new policy version and changed it in control.
+
+ -- Hector Garcia Tue, 2 May 2006 14:24:51 +0200
+
+fetchmail (6.3.3-1) UNRELEASED; urgency=low
+
+ [ Nico Golde ]
+ * Added true return values to fetchmail.postinst so postinst will not fail
+ if fetchmailrc is empty (Closes: #355187).
+ * Removed syslog patch to not change old behaviour (Closes: #356675).
+ Reopened #282259.
+ * Modified homepage tag in control to fit with the new address.
+ * Removed && true crap from init script.
+
+ [ Hector Garcia ]
+ * New upstream release
+ - SDPS: fetchmail no longer replaces the local user ID for an empty
+ envelope sender when using the proprietary SDPS extension for POP3.
+ (Closes: #353575)
+ - "ssl" is a user option rather than a server option. Patch by Nico Golde.
+ (Closes: #354661)
+ - --idle and --fetchall can now be specified on the command line, too.
+ * Updated es.po.dpatch
+ * Removed null-env-sender.dpatch, is included upstream.
+ * Removed 01.fix-netrc-sigsegv, is included upstream.
+ * Added dh_python and deleting .pyc and *.pyo from packages
+ * Changed init.d to remove stale pid file.
+
+ -- Hector Garcia Tue, 4 Apr 2006 10:54:49 +0200
+
+fetchmail (6.3.2-3) unstable; urgency=low
+
+ [ Nico Golde ]
+ * Fixed watch file, thanks Bart Martens. (Closes: #354357)
+ * Included temporary patch to fix null envelope sender problem,
+ will be fixed with next upstream version. (Closes: #353575)
+
+ -- Nico Golde Sat, 25 Feb 2006 20:51:10 +0100
+
+fetchmail (6.3.2-2ubuntu2) dapper; urgency=low
+
+ * Install fetchmailconf files into /usr/lib/python2.4 rather than
+ /usr/lib/python2.3
+ - Malone #31798
+
+ -- Andrew Mitchell Wed, 29 Mar 2006 18:32:01 +1200
+
+fetchmail (6.3.2-2ubuntu1) dapper; urgency=low
+
+ * Resynchronise with Debian. This brings the new upstream version to dapper
+ since upstream support for 6.2 was dropped.
+ * Drop debian/patches/CVE-2005-4348.dpatch, upstream now.
+
+ -- Martin Pitt Tue, 7 Feb 2006 12:12:13 +0100
+
+fetchmail (6.3.2-2) unstable; urgency=low
+
+ [ Nico Golde ]
+ * included 01.fix-netrc-sigsegv patch to fix a segmentation fault
+ if no password for an account in netrc is set. Will be included in
+ next upstream release.
+
+ [ Hector Garcia ]
+ * Included 02.fix-print-date patch to fix regresion on log notification.
+ Is included on upstream devel branch. (Closes: #282259)
+
+ -- Hector Garcia Fri, 3 Feb 2006 11:19:49 +0100
+
+fetchmail (6.3.2-1) unstable; urgency=low
+
+ [ Nico Golde ]
+ * New upstream release
+ - Security fix of CVE-2006-0321 (Closes: #348747).
+ - Fix help for poll interval and fetchall in
+ fetchmailconf (Closes: #344978).
+ - Don't complain about READ-ONLY IMAP folders in
+ --fetchall --keep mode (Closes: #348964).
+ * Removed 01_man_page.dpatch file upstream included it.
+ * Fixed watch file to match on bz2 files.
+
+ [ Hector Garcia ]
+ * Changed usermod --home to -d to prevent failure on old versions of passwd.
+ (Closes: #348855)
+
+ -- Hector Garcia Tue, 24 Jan 2006 16:46:51 +0100
+
+fetchmail (6.3.1-4) unstable; urgency=low
+
+ [ Nico Golde ]
+ * Fixed broken symlink (Closes: #348134).
+ * removed gzip of fetchmailconf.1 cause we should ignore it,
+ it points to a wrong fetchmail manpage so we set a symlink
+ manually.
+
+ [ Hector Garcia ]
+ * Reverted pidfile location (Closes: #348037).
+ * Removed #!/usr/bin/env python from fetchmailconf.py since it
+ is used as a lib not as a script. New dpatch file.
+
+ -- Hector Garcia Mon, 16 Jan 2006 10:27:04 +0100
+
+fetchmail (6.3.1-3) unstable; urgency=low
+
+ [ Nico Golde ]
+ * Fixed FTBFS on buildds (Closes: #347996).
+
+ [ Hector Garcia ]
+ * Moving fetchmail.pid instead of deleting it on upgrade to prevent
+ failure on first reboot (Closes: #348037).
+ * Fixed bug that emptyed /etc/default/fetchmail.
+
+ -- Hector Garcia Sun, 15 Jan 2006 03:34:05 +0100
+
+fetchmail (6.3.1-2) unstable; urgency=low
+
+ * Added usr/lib/python2.3/site-packages/ to fetchmailconf install files to
+ fix breakage from last upload.
+
+ -- Hector Garcia Fri, 13 Jan 2006 13:11:13 +0100
+
+fetchmail (6.3.1-1) unstable; urgency=low
+
+ [ Nico Golde ]
+ * New upstream release
+ - Fixed tracepolls problem for 2nd user in skip stanza (Closes: #156094).
+ - Corrected global option descriptions in manpage (Closes: #241883).
+ - Progress dots will appear now (Closes: #298557).
+ - Fixed manpage typos (Closes: #323028).
+ - Fixed character encoding of fetchmail daemon (Closes: #277324).
+ - Fixed broken subjects in notification mails (Closes: #301348)
+ - uidl usage is not switched on by default anymore (Closes: #304701).
+ - Security fix. CVE-2005-4348 (Closes: #345944).
+ - Ipv6 is now enabled by default (Closes: #345263, #329975).
+ * Removed de.po fix because upstream included it.
+ * Added Homepage tag to control file.
+ * Update manpage patch to current version.
+ * Removed flex and bison from build depends, they are no longer needed.
+ * Fetchmail now uses gettext.
+ * Removed --enable-ipv6 (its default now) and --enable-netsec cause
+ it is no longer working.
+ * Added call to make update-gmo to fix localisation problems (Closes: #340630).
+ * Updated copyright file.
+ * Removed Loïc Minier from uploaders.
+ * Added fetchmail-ssl removal to NEWS file.
+ * Removed xutils dependency because makedepend is not necessary since 6.3.0.
+ * Moved fetchmail home directory to /var/lib/fetchmail (Closes: #327250).
+ * Removed NEWS.truncated file from installation and replaced with OLDNEWS.
+
+ [ Hector Garcia ]
+ * Remove man1 from mandir on install time. (change on the packaging).
+ * Added myself to uploaders.
+ * Added patch to fix warning on fetchmail man page. Should submit upstream.
+ * Included gettext on build-depend.
+ * Included patch to update es.po. Already sended patch to usual translator.
+ * Added /etc/default/fetchmail to define when to start fetchmail or not
+ (Closes: #344582, #218040, #276044).
+ * Added NEWS.Debian to explain above.
+ * Made changes on control file to delete properly old fetchmail-ssl. I must
+ ask ftpmaster to delete it from archive.
+ * Removed depend on base-files (>= 2.2.0). Woody was released with 3.0.2
+ * Fixed a problem on debian/rules that was forcing configure to be called twice.
+ * Changed UIDL file to /var/lib/fetchmail/.fetchmail-UIDL-cache since now
+ upstream needs to write more files on same dir, hence /var/mail it is not
+ suitable.
+ * Added python to build-depends.
+
+ -- Hector Garcia Fri, 13 Jan 2006 12:01:10 +0100
+
+fetchmail (6.3.0-1) unstable; urgency=low
+
+ * New upstream release.
+ - Security fix. CVE-2005-2335 and CVE-2005-3088
+ - Drop support for OS not conforming to the Single Unix Specification v2
+ or v3 (aka IEEE Std 1003.1-2001).
+ - Default for --smtphost is now always "localhost".
+ - Force fetchsizelimit to 1 for APOP and RPOP.
+ - Patch, to use a NULL envelope from, not write a Return-Path header (both to
+ meet RFC-2821), changed From, added Subject header, rewording the human
+ readable part. (Closes: #316446).
+ - Patch to avoid a segfault in multidrop/received mode when the
+ Received: headers are malformatted.
+ - MIME-encode bodies and Subject headers of warning messages, limiting
+ the header to 7 bits.
+ - Normalize most locale codesets to IANA codesets.
+ - Nico Golde's patch to support "proto RPOP" in the configuration file,
+ reported. (Closes: #242384)
+ - Added Russian translation.
+ - Dropped da=Danish, el=Greek and tr=Turkish translations which have more
+ than 10% (61+) untranslated or fuzzy messages.
+ - Major fetchmail(1) manual page overhaul.
+ - Fix fetchmail leaks sockets when SSL negotiation fails.
+ (Closes: #301964).
+ - Really fix (garbage in Received: lines when smtphostset).
+ (Closes: #207919).
+ - When writing the PID file, write a FHS 2.3 compliant PID file.
+ (Closes: #230615).
+ - Make ODMR really silent, suppress "fetchmail: receiving message data".
+ (Closes: #296163).
+ - Add From: header to warning emails. (Closes: #244828).
+ - Fix IMAP code to use password of arbitrary length from configuration
+ file (although not when read interactively). (Closes: #276424).
+ - Document that fetchmail may automatically enable UIDL option.
+ (Closes: #304701).
+ - Put *BOLD* text into the manual page near --mda to state unmistakably
+ that the --mda %T and %F substitutions add single quotes, hoping to avoid
+ bogus bug reports. (Closes: #224564).
+ - gettext (intl/) has been removed from the fetchmail package.
+ - Use of automake.
+ - Rename fetchmailconf to fetchmailconf.py. Created a /bin/sh wrapper.
+ - New dummy fetchmailconf manual page.
+ - fetchmailconf redirects fetchmail's input from /dev/null so it doesn't
+ wait for the user to enter a password when the user doesn't even see the prompt.
+ - Write RFC-compliant BSMTP envelopes.
+ - Received: headers now enclose the for <...> destination address in angle
+ brackets for consistency with Postfix.
+ - Delete oversized messages with the new --limitflush option.
+ (Closes: #212240).
+ - Add full support for --service option.
+ - Make "envelope 'Delivered-To'" work with dropdelivered.
+ - fetchmail should now automatically detect if OpenSSL requires -ldl
+ - Missed --port/--service/--ssl cleanups in the manual.
+ - Properly shut down SSL connections.
+ - Add support for SubjectAltName (RFC-2595 or 2818), to avoid bogus certificate
+ mismatch errors. Patch by Roland Stigge, Debian Bug#201113. (MA)
+ - make fetchmail --silent --quit really silent. (Closes: #229014)
+ - Exit with error if the lock file cannot be read.
+ - Do not break some other process's lockfile in "-q" mode, but wait for
+ the other process's exit.
+ - Man page: --sslfingerprint points user to x509(1ssl) and gives an
+ example how to use it. (Closes: #213484)
+ - Try to obtain FQDN as our own host by default, rather than using
+ "localhost". If hostname cannot be qualified, complain noisily and continue,
+ unless Kerberos, ODMR or ETRN are used (these require a FQDN).
+ Partial fix of Debian Bug#150137. (Closes: #316454).
+ - fetchmailconf now sets the service properly after autoprobe.
+ (Closes: #320645).
+ - When eating IMAP message trailer, don't see any line containing "OK"
+ as the end of the trailer, but wait for the proper tagged OK line. To work
+ around the qmail + Courier-IMAP problem in Debian. (Closes: #338007).
+ - Fixes: when trying to send a bounce message, don't bail out if we cannot
+ qualify our own hostname, so we aren't losing the bounce. Instead, pass the
+ buck on to the SMTP server and use our own unqualified hostname.
+ (Closes: #317761)
+ - Updated translations: Albanian [sq] (Besnik Bleta), Catalan [ca] (Ernest
+ Adrogué Calveras), Czech [cs] (Miloslav Trmac), German [de] (MA),
+ Spanish (Castilian) [es] (Javier Kohen), French [fr] (MA),
+ Polish [pl] (Jakub Bogusz), Russian [ru] (Pavel Maryanov).
+ - In oversized warning messages, print the account name, too.
+ (Closes: #213299).
+ * Remove man1 from mandir on install time. (change on the packaging).
+ * Deleted es.po patch. Included upstream. Updated 00list.
+ * Added myself to uploaders.
+ * Added patch to fix warning on fetchmail man page. Should submit upstream.
+
+ -- Hector Garcia Wed, 21 Dec 2005 13:18:58 +0100
+
+fetchmail (6.2.5.4-1ubuntu2) dapper; urgency=low
+
+ * SECURITY UPDATE: Remote DoS.
+ * Add debian/patches/CVE-2005-4348.dpatch:
+ - Fix double free crash on messages without any headers when using
+ multidrop mode.
+ - Fix backported from stable 6.2.5.5 release.
+ - CVE-2005-4348.
+
+ -- Martin Pitt Mon, 2 Jan 2006 16:42:02 +0100
+
+fetchmail (6.2.5.4-1ubuntu1) dapper; urgency=low
+
+ * Resynchronise with Debian.
+
+ -- Martin Pitt Thu, 17 Nov 2005 17:31:25 +0100
+
+fetchmail (6.2.5.4-1) unstable; urgency=high
+
+ [ Lucas Wall ]
+ - pidfile checking in init.d script (closes: #323637).
+
+ [ Nico Golde ]
+ - Only create fetchmail user if it doesn't exist (closes: #330522,#321272).
+ - respect the permissions of fetchmail home.
+ - rebuild against latest openssl version.
+ - removed deletion of /etc/fetchmailrc,
+ see statement in BTS. (closes: #288063).
+ - adjusted legal notes (Thanks Marc Brockschmidt for the hint).
+
+ [ Loic Minier ]
+ * New upstream stable releases.
+ - Fix password exposure in fetchmailconf: use umask 077 before opening
+ output file and restore umask later. (Closes: #336096)
+ This is CVE-2005-3088.
+ - Drop 01pop3sec.dpatch, included upstream.
+ - Fix IMAP timeouts, counting message count down on servers that do not
+ send EXISTS counts after EXPUNGE. (Closes: #314509)
+ - Unlist spanish translation patch for now, as the spanish translation was
+ completely destroyed upstream.
+ * Add myself to Uploaders.
+
+ -- Loic Minier Tue, 15 Nov 2005 18:53:37 +0100
+
+fetchmail (6.2.5-18ubuntu1) dapper; urgency=low
+
+ * Resynchronise with Debian.
+
+ -- Tollef Fog Heen Mon, 14 Nov 2005 10:44:13 +0100
+
+fetchmail (6.2.5-18) unstable; urgency=low
+
+ * Nico Golde:
+ - fixed too late apply of dpatch patches
+ - fixed init script (closes: #320584)
+
+ -- Lucas Wall Sat, 30 Jul 2005 13:11:15 -0300
+
+fetchmail (6.2.5-17) unstable; urgency=high
+
+ * Nico Golde:
+ - reverted change of MTA because exim4 should be the default MTA in debian
+ (closes: #320311).
+ - included patch for Spanish translation (closes: #286044).
+ - included patch for German translation (closes: #313699).
+
+ -- Lucas Wall Thu, 28 Jul 2005 11:27:53 -0300
+
+fetchmail (6.2.5-16) unstable; urgency=high
+
+ * Nico Golde:
+ - changed suggests exim4 to postfix because of personal preference
+ - renewed copyright file
+ - added dpatch to build dependencies
+ - removed fetchmail.NEWS file cause it is no longer current
+ - new upstream patch because of security issue CAN-2005-2335
+
+ -- Nico Golde Fri, 22 Jul 2005 08:01:03 -0200
+
+fetchmail (6.2.5-15) unstable; urgency=high
+
+ * Nico Golde:
+ - fixed buffer overrun in pop3 UIDs handling CAN-2005-2335
+ http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
+ (closes: #212762)
+
+ -- Lucas Wall Thu, 21 Jul 2005 13:25:10 -0300
+
+fetchmail (6.2.5-14) unstable; urgency=low
+
+ * Nico Golde:
+ - Remove fetchmailrc if package is purged. (closes: #288063)
+ - modified /etc/fetchmailrc message so it only will be printed
+ if $1 is start
+ - corrected Maintainers field in control
+
+ -- Lucas Wall Sun, 17 Jul 2005 14:21:34 -0300
+
+fetchmail (6.2.5-13ubuntu4) dapper; urgency=low
+
+ * SECURITY UPDATE: Password disclosure.
+ * fetchmailconf: Create output configuration file under umask 077 to avoid
+ exposing the file with world-readable permission for a short time.
+ * CVE-2005-3088
+
+ -- Martin Pitt Mon, 7 Nov 2005 16:03:25 -0500
+
+fetchmail (6.2.5-13ubuntu3) breezy; urgency=low
+
+ * Removed error message if /etc/fetchmailrc doesn't exist on startup,
+ which it won't on fresh installs. (Ubuntu #13044).
+
+ -- Scott James Remnant Thu, 18 Aug 2005 02:42:02 +0100
+
+fetchmail (6.2.5-13ubuntu2) breezy; urgency=low
+
+ * SECURITY UPDATE: Fix remote buffer overflow.
+ * pop3.c: Bound maximum string size read by sscanf to not overflow the input
+ buffer when a malicious POP3 server sends overly large IDs.
+ * References:
+ CAN-2005-2335
+ http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
+
+ -- Martin Pitt Tue, 26 Jul 2005 10:32:27 +0200
+
+fetchmail (6.2.5-13ubuntu1) breezy; urgency=low
+
+ * Resynchronise with Debian.
+
+ -- Michael Vogt Mon, 27 Jun 2005 14:11:52 +0200
+
+fetchmail (6.2.5-13) unstable; urgency=low
+
+ * New maintainers. (closes: #295331)
+ * Lucas Wall:
+ - Removed debconf dependency (debconf was dropped in 6.2.5-1).
+ - Added build-dep on autotools-dev and switched to "copy
+ config.{guess,sub} on build schema".
+ * Nico Golde:
+ - Updated watch file.
+ - Improved init script.
+ - Removed conflict with popclient. (closes: #262257)
+ - Fixed pid file creation. (closes: #263447)
+ - Included contrib/fetchsetup into package. (closes: #303789)
+ - fixed broken esmtp support patch. (closes: #285934)
+
+ -- Lucas Wall Fri, 24 Jun 2005 20:36:36 -0300
+
+fetchmail (6.2.5-12ubuntu4) breezy; urgency=low
+
+ * Suggest: postfix | mail-transport-agent
+
+ -- LaMont Jones Tue, 3 May 2005 11:27:18 -0600
+
+fetchmail (6.2.5-12ubuntu3) breezy; urgency=low
+
+ * Fix another FTBFS with gcc-4.0.
+
+ -- Matthias Klose Tue, 3 May 2005 15:29:10 +0200
+
+fetchmail (6.2.5-12ubuntu2) breezy; urgency=low
+
+ * Fix FTBFS (amd64/gcc-4.0): Closes: #285934.
+
+ -- Matthias Klose Tue, 3 May 2005 12:22:47 +0200
+
+fetchmail (6.2.5-12ubuntu1) hoary; urgency=low
+
+ * Resynchronise with Debian.
+
+ -- Michael Vogt Mon, 20 Dec 2004 18:54:54 +0100
+
+fetchmail (6.2.5-12) unstable; urgency=medium
+
+ * Provide fetchmail-ssl package to facilitate upgrades from woody.
+
+ -- Graham Wilson Mon, 29 Nov 2004 00:43:30 +0000
+
+fetchmail (6.2.5-11ubuntu1) hoary; urgency=low
+
+ * Resynchronise with Debian.
+
+ -- Matthias Klose Mon, 1 Nov 2004 10:56:42 +0100
+
+fetchmail (6.2.5-11) unstable; urgency=medium
+
+ * Check to see if the fetchmail user exists before starting the system-wide
+ fetchmail service. If not, re-add the user. This is to avoid problems when
+ the user purges a fetchmail-common package from woody. (closes: #268228)
+ * Only install the NEWS file in the fetchmail package.
+
+ -- Graham Wilson Tue, 14 Sep 2004 17:05:44 +0000
+
+fetchmail (6.2.5-10) unstable; urgency=low
+
+ * Fix resolvconf script error. (closes: #257647)
+
+ -- Graham Wilson Mon, 05 Jul 2004 08:11:07 +0000
+
+fetchmail (6.2.5-9) unstable; urgency=low
+
+ * Don't use -a with test. (closes: #252093)
+ * Update the server logcheck ignore file. (closes: #253022)
+ * Update the resolvconf script. (closes: #252807)
+
+ -- Graham Wilson Fri, 11 Jun 2004 19:50:36 +0000
+
+fetchmail (6.2.5-8ubuntu2) warty; urgency=low
+
+ * Added versioned depend on lsb-base
+
+ -- Nathaniel McCallum Fri, 3 Sep 2004 14:53:58 -0400
+
+fetchmail (6.2.5-8ubuntu1) warty; urgency=low
+
+ * debian/init: pretty initscript
+
+ -- Nathaniel McCallum Thu, 2 Sep 2004 17:55:44 -0400
+
+fetchmail (6.2.5-8) unstable; urgency=low
+
+ * Add a note to README.Debian concerning errors when using the UIDL file.
+ * Fix checking of "set no syslog" in the init script. (closes: #243142)
+ * Remove documentation about UIDL cache transition, since we no longer handle
+ that specially.
+ * Add a patch from Paul Slootman to use uname(2), instead of uname(1) in
+ interface_init. (closes: #224778)
+ * Clean up documentation of the 'antispam' option. (closes: #241878)
+ * Document 'set no syslog' in the example rc file.
+ * When determining /proc/net/dev format, assume post-Linux 2.2 by default.
+
+ -- Graham Wilson Fri, 14 May 2004 07:06:34 +0000
+
+fetchmail (6.2.5-7) unstable; urgency=medium
+
+ * Don't output dots if we are loggin to syslog. (closes: #217610)
+ * Don't handle the case where the UIDL cache is in root's home directory.
+ Users have had all of woody to take care of moving that file.
+ * Document in NEWS how options should be set now that /etc/default/fetchmail
+ doesn't exist. (closes: #242755)
+ * Don't add the syslog option to the command line if the user has 'set
+ no syslog' in /etc/fetchmailrc. (closes: #242165)
+ * Apply patch for the debug mode in the init script. Thanks to Ilguiz
+ Latypov. (closes: #240598)
+ * Set the permissions correctly on the UIDL cache file. (closes: #241649)
+
+ -- Graham Wilson Fri, 09 Apr 2004 01:06:56 +0000
+
+fetchmail (6.2.5-6) unstable; urgency=medium
+
+ * Rename NEWS.Debian to NEWS, so that it gets installed.
+ * Use a better check for the daemon option in the system-wide
+ fetchmailrc file. (closes: #240699)
+ * Update the sample fetchmailrc to reflect the current state of the
+ fetchmail package.
+ * Create the UIDL cache file if it doesn't exist and we are going to
+ use it. Hopefully this fixes it. (closes: #237703)
+
+ -- Graham Wilson Fri, 02 Apr 2004 04:07:14 +0000
+
+fetchmail (6.2.5-5) unstable; urgency=low
+
+ * Reformat NEWS.Debian, and try to make it more accurate as to the changes.
+ * Don't discard output from the ip-up script.
+ * Use normal fetchmail PID file format. This re-opens #230615.
+ (closes: #235519, #240159)
+ * Only call fetchmail with the --daemon option if system-wide config file
+ doesn't. (closes: #236105, #238036)
+ * Reread config file if we are re-execing ourselves. Thanks to Jeff Norman
+ for the patch. (closes: #202787)
+ * Correct man page documentation concerning using --quit with other
+ options. (closes: #226822)
+ * Change owner of UIDL cache file if it exists. (closes: #237703)
+
+ -- Graham Wilson Fri, 26 Mar 2004 05:07:34 +0000
+
+fetchmail (6.2.5-4) unstable; urgency=low
+
+ * Install logcheck ignore files correctly, and add a line to the workstation
+ file. (closes: #234713)
+
+ -- Graham Wilson Wed, 25 Feb 2004 23:19:47 +0000
+
+fetchmail (6.2.5-3) unstable; urgency=low
+
+ * Make return codes and messages comply with the LSB. (closes: #234352)
+ * Correctly detect if the running process is backgrounded. (closes: #234387)
+ * Fix error in ja.po. (closes: #233634)
+ * Set fetchsizelimit = 1 for all POP3 variants. (closes: #234268)
+ * Quote x11 in the menu file to make lintian happy.
+ * Update standards version to 3.6.1 (no changes).
+
+ -- Graham Wilson Wed, 25 Feb 2004 22:50:38 +0000
+
+fetchmail (6.2.5-2) unstable; urgency=low
+
+ * Thanks to Thomas Hood for his help with this release.
+
+ * Suggest resolvconf.
+ * Rename the init script in the debian/ directory.
+ * Minor man page fixes. (closes: #231072)
+ * Use FHS compliant lock format. (closes: #230615)
+ * Under try-restart, just re-invoke the script with the restart argument.
+ * Don't die if /etc/fetchmailrc has the wrong permissions.
+ * Clean up in postrm, including calling dh_purge and not complaining
+ so much.
+ * Correct the test in try-restart. (closes: #230613)
+ * Call invoke-rc.d with the --quiet option.
+
+ -- Graham Wilson Sun, 22 Feb 2004 03:18:40 +0000
+
+fetchmail (6.2.5-1) experimental; urgency=low
+
+ * This release is mostly a rewrite of postinst, rules, and the init
+ script; I have tried to clean them up some, and to add some
+ improvements. (closes: #221115)
+
+ * Use invoke-rc.d in postinst and prerm. (closes: #218040)
+ * In ip-up, only restart fetchmail if it is running. (closes: #222535)
+ * Rip out all of the debconf-related stuff. (closes: #215818)
+
+ * In debian/rules:
+ - correctly support noopt and nostrip
+ - use dh_install in favor of dh_movefiles
+ - move commands from install target to binary-arch target
+ - use debian/compat instead of DH_COMPAT
+
+ * Documentation updates:
+ - clean up README.Debian and try to clarify some things
+ - update the copyright file
+ - add a NEWS file
+
+ * Add a watch file for uscan.
+ * Add support for resolvconf.
+
+ * New upstream release.
+
+ -- Graham Wilson Fri, 30 Jan 2004 02:24:01 +0000
+
+fetchmail (6.2.4-7) unstable; urgency=low
+
+ * Suggest exim4 instead of exim. (closes: #228593)
+
+ -- Graham Wilson Tue, 20 Jan 2004 17:33:25 +0000
+
+fetchmail (6.2.4-6) unstable; urgency=low
+
+ * Build the postinst file for the binary-arch target. (closes: #225396)
+
+ -- Graham Wilson Mon, 29 Dec 2003 18:20:39 +0000
+
+fetchmail (6.2.4-5) unstable; urgency=low
+
+ * Replace autogen.sh with a new script.
+ * Remove config.status & Makefile on distclean.
+ * debian/rules:
+ - Don't automatically run autogen.sh.
+ - Don't automatically update config.sub or config.guess
+ - Remove the need for configure-stamp.
+ - Remove uneeded variables.
+ - Clean up `clean' and `config.status' targets.
+ - Update --build and --host usage.
+ * Don't need {executable,deletable}.files
+ * Remove old control and changelog files.
+ * Convert changelog to UTF-8.
+ * Update es.po, thanks Carlos Valdivia Yagüe. (closes: #220926)
+ * Fix numerous small errors in the manpage.
+ * debian/control:
+ - New maintainer. Thanks Benjamin. (closes: #221919)
+ - Trim the build-depends list.
+ - Don't need to build-depend on m-t-a, since it was only used for
+ fallback selection.
+
+ -- Graham Wilson Tue, 23 Dec 2003 17:18:07 +0000
+
+fetchmail (6.2.4-4) unstable; urgency=low
+
+ * Fix postinst bugs (closes: #216630)
+ * Remove if-up crap, which was a bad idea(tm) (closes: #216503, #217985)
+ * Update russian and danish translation (closes: #214355, #216330)
+ * Clean up source tree from old templates (closes: #217434)
+
+ -- Benjamin Drieu Tue, 28 Oct 2003 22:35:27 +0100
+
+fetchmail (6.2.4-3) unstable; urgency=low
+
+ * Fix a typo in new if-up.d/fetchmail script (closes: #212554).
+
+ -- Benjamin Drieu Mon, 29 Sep 2003 08:27:32 +0200
+
+fetchmail (6.2.4-2) unstable; urgency=low
+
+ * Hack sink.c again to handle smtpname gracefully (Closes: #207919).
+ * Fix a bug that prevented limit and flush to cooperate (closes: #212240).
+ * Update Brazilian (closes: #207967), French (closes: #208999), Japanese
+ (closes: #211015) and Dutch (closes: #211148) debconf translations.
+ * Add a /etc/network/if-up.d/fetchmail script to handle restarted
+ interfaces (closes: #212554).
+
+ -- Benjamin Drieu Sun, 28 Sep 2003 15:18:40 +0200
+
+fetchmail (6.2.4-1) unstable; urgency=medium
+
+ * The "Let fix some bugs" release
+ * New upstream version:
+ + Updated German, Spanish, Catalan, and Turkish translations.
+ + IDLE is now supported using no-ops even if the server doesn't
+ support the IMAP IDLE extension. (closes: #202308)
+ + Sunil Shetye's patch to do better password shrouding.
+ (closes: #200470)
+ + Sunil Shetye's bug-fix rollup patch.
+ - Protocol errors do to incorrect assumption of protocols being able
+ to skip bodies (Closes: #203319, #201829, #207281, #204602)
+ - Avoid useless reconnections with limit & expunge (closes: #202207)
+ - Fix some auth problems (closes: #197813, #199462, #200208)
+ - Fix a parse error in fetchmailrc (closes: #184078)
+ - Finally fix the broken headers bug
+ (closes: #146690, #170941, #197007)
+ + Introduce a translation item for the word "seen". (closes: #158050)
+ + Back out the hack to deal with lack of byte stuffing on some POP3
+ servers.
+ + Thomas Steudten's patch to improve SMTP handling of 550 errors.
+ * Switch to po-debconf based templates (closes: #200361)
+ * Make sure we use the pidfile (closes: #207295)
+ * Fix a small typo in manpage (closes: #205892)
+
+ -- Benjamin Drieu Thu, 28 Aug 2003 15:47:25 +0200
+
+fetchmail (6.2.3-1) unstable; urgency=low
+
+ * New upstream version:
+ - German, Danish, Spanish, and Turkish translations updated.
+ - Brian Sammon's patch to deal with malformed message lines containiing NULs.
+ - Fai's patch to ignore all but the first Return-Path (some spams have
+ more than one of these) (closes: #192977).
+ - Bendebjamin Drieu's patch to properly byte-stuff when talking to BSNTP
+ (closes: #184469).
+ - Benjamin Drieu's patch to enable auth=cram-md5. (closes: #185232)
+ - Sunil Shetye's configure.in patch to avoid spurious search order messages
+ from GCC.
+ - Header-reading code now copes better with lines ending in \n only.
+ - Elias Israel's patches for POP3 NTLM support and dealing with byte-
+ stuffing failures at socket level.
+ * Fix my patch fixing #156592 (closes: #188417)
+ * Add a new logcheck patterns (closes: #198274, #202619)
+ * Fix dead links in debian/copyright (closes: #200519)
+
+ -- Benjamin Drieu Mon, 21 Jul 2003 10:49:04 +0200
+
+fetchmail (6.2.2-4) unstable; urgency=low
+
+ * Yet another init.d/fetchmail shell script error.
+
+ -- Benjamin Drieu Fri, 4 Jul 2003 13:51:35 +0200
+
+fetchmail (6.2.2-3) unstable; urgency=low
+
+ * Fix typo in shell script (closes: #197744)
+
+ -- Benjamin Drieu Tue, 17 Jun 2003 10:49:37 +0200
+
+fetchmail (6.2.2-2) unstable; urgency=low
+
+ * Do not croak if /usr/share/doc/fetchmail is missing (closes: #197631)
+
+ -- Benjamin Drieu Mon, 16 Jun 2003 17:01:41 +0200
+
+fetchmail (6.2.2-1) unstable; urgency=low
+
+ * New upstream source:
+ + Sunil Shetye's patch to improve behavior in empty messages.
+ (closes: #173343)
+ + Conform to RFC2595; reissue capability probes after successful
+ STARTTLS negotiation.
+ + Sunil's patch to make handling of failed STARTTLS more graceful.
+ + Sunil's JF2 fix patch for .fetchmailrc security fix.
+ + Christophe GIAUME finished the implementation
+ of RFC2177 IDLE.
+ + Jason Tishler's fix patch for Cygwin.
+ + Support ssh-style authentication in POP3
+ + Fix for Debian bug #108977, clean up config file evaluation,
+ by Benjamin Drieu. (already closed in 6.2.1-1)
+ * Provide an example of smtphost (closes: #192710)
+ * Fix two errors in manpage (closes: #180917, #189918)
+ * Fix init.d script not to override conffile's idfile option
+ (closes: #190762)
+
+ -- Benjamin Drieu Wed, 11 Jun 2003 13:08:37 +0200
+
+fetchmail (6.2.1-1) unstable; urgency=low
+
+ * New upstream source:
+ + Updated German, Turkish, Spanish, and Danish translation files.
+ + Integrated Sunil Shetye's patch to make mark_seen an explicit method
+ + Removed FAQ warning about GMX and associated fetchmailconf check, we
+ have a report that its servers are conformant now.
+ + Another Sunil patch to fix a minor bug in bouncemail generation
+ (closes: #174795)
+ * Build with libssl-0.9.7
+ * Hack fetchmail.c to prevent excessive config file evaluations
+ (closes: #108977)
+ * Add a "sleep" in init script to make restart happy (closes: #180545)
+ * Remove autom4te.cache after build (closes: #179134)
+ * Make etc files conffiles (closes: #175436)
+
+ -- Benjamin Drieu Fri, 31 Jan 2003 11:05:11 +0100
+
+fetchmail (6.2.0-3) unstable; urgency=high
+
+ * Rebuilt package with testing dependencies, so that it will hit testing
+ as soon as possible, thus severity is high (will close grave bug #175990).
+ * Fix an attempt to ls conf file even if not created (closes: #174675)
+ * Add a new regexp to logcheck (closes: #176861, 176861)
+ * Update spanish templates (closes: #174402)
+ * Fix a german typo in templates (closes: #174553)
+ * Update man page (closes: #173862)
+
+ -- Benjamin Drieu Thu, 16 Jan 2003 16:32:16 +0000
+
+fetchmail (6.2.0-2) unstable; urgency=high
+
+ * Attempt to close #169568, which may be caused by a subtle touch behavior
+ on ia64 and alpha. Many thanks to Lukas Geyer (closes: #169568).
+ * Do not frob conffile unconditionally (closes: #150533)
+
+ -- Benjamin Drieu Thu, 19 Dec 2002 14:08:48 +0100
+
+fetchmail (6.2.0-1) unstable; urgency=high
+
+ * New upstream version
+ + SECURITY FIX: Applied Steffen Esser's fix for a buffer-overflow
+ bug in rfc822.c
+ + Updated Danish, German, and Turkish translation files.
+ + Sunil Sheye's SMTP timeout patch.
+
+ -- Benjamin Drieu Wed, 18 Dec 2002 11:41:28 +0100
+
+fetchmail (6.1.3-2) unstable; urgency=low
+
+ * Fix stupid typo that prevented changelog to be installed
+ (closes: #171525)
+ * Add a recommendation on "ca-certificates" on a idea of Andrew Lau
+
+ -- Benjamin Drieu Fri, 30 Nov 2002 10:40:12 +0100
+
+fetchmail (6.1.3-1) unstable; urgency=low
+
+ * New upstream source
+ + Updated Turkish, Danish, German, Spanish, Catalan po files.
+ + Added Slovak support.
+ + Configure.in update for autoconf 2.5 (Art Haas).
+ + Be case-insensitive when looking for IMAP responses.
+ + Fix logout-after-idle-delivery bug (Sunil Shetye).
+ + Sunil Shetye's patch to bulletproof end-of-header detection.
+ (closes: #146690)
+ + Sunil's fix for the STARTTLS problem -- repoll if TLS nabdshake
+ fails. The attempt to set up STARTTLS can be suppressed with
+ 'sslproto ""'.
+ * Merge fetchmail and fetchmail-ssl into one single source. Remove
+ fetchmail-common (closes: #164570)
+ * FTBFS for 6.1.2 are not relevant anymore (closes: #169568, #169571)
+ * Do not advertise non-free software in control (closes: #170659)
+ * Hack sink.c to prevent segfaults on null headers while bouncing
+ mail (closes: #170029)
+ * PPP ip-up script now restart fetchmail (closes: #145437)
+
+ -- Benjamin Drieu Fri, 29 Nov 2002 16:08:00 +0100
+
+fetchmail (6.1.2-1) unstable; urgency=low
+
+ * New upstream source (closes: #164621, #167472, #146690)
+ + Jan Klaverstijn's verbosity-lowering patch.
+ + Updated Turkish, German, Catalan, and Danish translation files.
+ + Fix processing of POP3 messages with missing bodies.
+ + Minor fixes by Sunil Shetye: fix generation of auth fail note,
+ handle unexpected SIGALRM, plug memory leak, handle lines beginning
+ with '\0', try to bulletproof error handling against read failures.
+ * Fix manpage which was outdated regarding antispam capabilities
+ (closes: #167266)
+ * Users should now be able to build custom packages with Kerberos,
+ (closes: #165762)
+
+ -- Benjamin Drieu Wed, 23 Oct 2002 18:24:18 +0200
+
+fetchmail (6.1.0-2) unstable; urgency=medium
+
+ * Fix trivial fetchmail --configdump bug (closes: #163286)
+ * Fix typo in ROOT_UID checking in fetchmail.c (closes: #163043)
+ * Apply Sunil Shetye patches to fix various IMAP and POP3 SSL problems
+ (closes: #163028, #162566, #162625)
+ * Hack do_session() to avoid not-so-silent "Repoll" messages in silent
+ mode (closes: #162571)
+ * Hack smtp_open() to strip port number that caused invalid email adresses
+ (closes: #156592)
+
+ -- Benjamin Drieu Wed, 9 Oct 2002 23:12:04 +0200
+
+fetchmail (6.1.0-1) unstable; urgency=low
+
+ * New maintainer (closes: #156667)
+ * New upstream source (closes: #152125):
+ + Updated French translation.
+ + SECURITY FIX: Stefan Esser's fix for potential remote vulnerability
+ in multidrop mode. This is an important security fix!
+ + Applied Matt Kraai's fixes for minor Debian bugs (Closes: #144539, #152222).
+ + Nerijus Baliunas's patch to support STARTTLS over IMAP.
+ + More cleanups and minor bugfixes from Sunil Shetye (Closes: #117472).
+ + Default antispam-response list is now empty.
+ + Updated de and po translations.
+ * fetchmail-common: Fix wrong path in /etc/init.d/fetchmail (closes: #158323)
+
+ -- Benjamin Drieu Thu, 26 Sep 2002 16:29:28 +0200
+
+fetchmail (5.9.11-7.0) unstable; urgency=low
+
+ * NrMU (I have RFA'ed this thing, and I MEAN it)
+ * Recompile to get new python dependencies right (closes: #158997)
+
+ -- Henrique de Moraes Holschuh Mon, 16 Sep 2002 13:17:57 -0300
+
+fetchmail (5.9.11-7) unstable; urgency=high
+
+ * Same as woody 5.9.11-6
+ * SECURITY FIX: avoid buffer overflow on 64bit archs (imap.c)
+ This is a remote-expolitable buffer overflow, if the imap server
+ is hostile (backported from new upstream 5.9.12, bug found and
+ fixed by Nalin Dahyabhai)
+ * Minor fix to avoid leaking children (driver.c)
+ (backported from new upstream 5.9.12)
+ * Avoid trying to speak kpop to a imap server (driver.c)
+ (backported from new upstream 5.9.12)
+ * MINOR SECURITY FIX: better password shrounding (fetchmail.h, imap.c,
+ transact.c) (backported from new upstream 5.9.12)
+ * Handle empty addresses from a To: header containing only a comment
+ (transact.c) (backported from new upstream 5.9.12)
+
+ -- Henrique de Moraes Holschuh Sat, 8 Jun 2002 09:40:46 -0300
+
+fetchmail (5.9.11-5) unstable; urgency=low
+
+ * Grrr, fix stupid "be be" typo in package description too, while at
+ it...
+
+ -- Henrique de Moraes Holschuh Wed, 24 Apr 2002 14:02:42 -0300
+
+fetchmail (5.9.11-4) unstable; urgency=high
+
+ * The "I knew it" release
+ * Hack around STLS problems: fetchmail would try to start STLS even if
+ it was already talking over a secured channel. Thanks to Matt Kraai
+ for the patch
+
+ -- Henrique de Moraes Holschuh Wed, 24 Apr 2002 10:54:47 -0300
+
+fetchmail (5.9.11-3) unstable; urgency=high
+
+ * The "May this one be the last upload to woody" release
+ * Fix stupid typo in postrm script that redirected output to dev/null
+ instead of /dev/null (closes: #143145)
+
+ -- Henrique de Moraes Holschuh Tue, 16 Apr 2002 17:03:29 -0300
+
+fetchmail (5.9.11-2) unstable; urgency=high
+
+ * Fix another stupid bug in sink.c: do NOT cause mail to bounce
+ on 553 errors and the like
+ * Fix off-by-one error in base64.c anti-overflow patch from 5.9.10-4,
+ thanks to Ronald Wahl for
+ the fix. This probably fixes KerberosIV auth
+ * imap.c:do_imap_ntlm had the buffer size for from64tobits incorrectly
+ set to the input buffer size (closes: #141969)
+ * I dislike pointer arithmetric a lot, so I fixed base64.c to implement
+ from64tobits properly instead of applying the patch in the bug report
+ (closes: #141972)
+
+ -- Henrique de Moraes Holschuh Tue, 9 Apr 2002 12:40:31 -0300
+
+fetchmail (5.9.11-1) unstable; urgency=high
+
+ * New upstream source:
+ + Explicitly allow linking to OpenSSL in COPYING
+ (license change)
+ + Updated Turkish and Japanese translations
+ + Added warning about auth failures on the GMX server
+ + odmr.c: decrease log verbosity
+ (very minor code changes from Debian release 5.9.10-4)
+ * Crypto-in-main change to fetchmail-ssl's control file.
+ fetchmail-ssl has been moved into main, section mail, priority
+ extra.
+ * Matt Kraai's cosmetic env.c changes
+ * Enable Japanese localisation in configure.in
+
+ -- Henrique de Moraes Holschuh Tue, 2 Apr 2002 09:47:30 -0300
+
+fetchmail (5.9.10-4) unstable; urgency=high
+
+ * SECURITY FIX: Avoid buffer overflows in base64.c, patch from
+ Matt Kraai
+ * Revert crypto-in-main until we can get the fetchmail license
+ straightened out. I am doing this to get the security patches
+ to the fetchmail-ssl crowd, but *expect fetchmail-ssl to be
+ removed from Debian* if the license issue with OpenSSL is not
+ fixed soon enough. It certainly will not be in Woody without
+ a license fix.
+
+ -- Henrique de Moraes Holschuh Wed, 27 Mar 2002 13:25:18 -0300
+
+fetchmail (5.9.10-3) unstable; urgency=high
+
+ * SECURITY FIX: Fix lots of buffer overflows lurking in
+ the new SMTP AUTH code in smtp.c (closes: #139644)
+ * Crypto-in-main change to fetchmail-ssl's control file.
+ fetchmail-ssl has been moved into main, section mail, priority
+ extra.
+ * Fix 4xx PS_TRANSIENT patch to shut up gcc warning
+ (utterly safe patch. Add explicit initialization of variable)
+ * Apply Sunil Shetye 's patches
+ to detect and fix some format string bugs in fetchmail
+ (safe patch. Adds __attribute__ to some function
+ definitions, and fixes some obviously broken format strings)
+ * Add Catalan templates, thanks to Antoni Bella (safe patch,
+ closes: #139731, #139744)
+
+ -- Henrique de Moraes Holschuh Mon, 25 Mar 2002 13:38:52 -0300
+
+fetchmail (5.9.10-2) unstable; urgency=low
+
+ * The "get this sucker ready for a woody" release
+ * Track down stupid dangerous data-losing bugs in fetchmail:
+ + flushing messages on 4xx + can't send to postmaster
+ This was caused by the multidrop crap. Failover system added
+ that forces return of PS_TRANSIENT (and no bouncing of mail)
+ if any recipient returns a 4xx error. If this causes multidrop
+ misconfiguration to be hard to detect, you will get NO
+ sympathy from this maintainer; Other users were losing data
+ due to this bug
+ + non-paranoid documentation of default non-empty antispam list:
+ fixed in manpage, README.Debian
+ + non-paranoid documentation of the two always-delete-it codes:
+ fixed in manpage, README.Debian
+ + not always enforcing stripcr for delivery:
+ fixed by removing fallbacks, and upstream fallback stripcr fix
+ (closes: #133876)
+ * Tell people to read fetchmailconf to verify their servers against the
+ blacklist
+ * Add an "your helpful Debian Maintainer" section to top of manpage
+ * Fix minor spelling problem the BTS never delivered to me
+ (closes: #137277)
+ * Fix breakages caused by the new ESMTP AUTH stuff not being completely
+ implemented (closes: #138728)
+ * This upload has STLS support (closes: #138930)
+
+ -- Henrique de Moraes Holschuh Thu, 21 Mar 2002 11:56:07 -0300
+
+fetchmail (5.9.10-1) unstable; urgency=medium
+
+ * New upstream source
+ + Security fix: don't trust the message count passed back by the server
+ + Matt Kraai's patch for supporting STLS over POP3
+ + Jakub Ulanowski's patch to fix SSL fingerprint handling
+ + ESMTP AUTH support from Wojciech Polak
+ (closes: #60805)
+ * Apply Byrial Jensen 's patches for i18n of new
+ 5.9.10 messages
+ * Add French template, thanks to Denis Barbier
+ (closes: #137539)
+ * Apply patch from Sunil Shetye to
+ correctly signal failures to open/create a logfile as such, instead
+ of stupid "dup(): illegal FD" cryptic errors
+ * Apply a modified version of a patch from Sylvain Benoist
+ , to avoid file descriptor leaks on open
+ timeouts and reenable SSL connect timeouts (closes: #115355).
+ Grr, I never got that last email from the bug submitter, the
+ freaking BTS sent me the spam, though...
+
+ -- Henrique de Moraes Holschuh Wed, 13 Mar 2002 21:01:56 -0300
+
+fetchmail (5.9.8-4) unstable; urgency=low
+
+ * Fix autoconf support in debian/rules
+ * Add Sunil Shetye's patch to stop fetchmail from trying to fetch
+ twice with IMAP (when EXISTS is not returned on EXPUNGE, old value
+ of count was used)
+ * Added Russian template translation, thanks to Ilgiz Kalmetev,
+ (closes: #136275)
+ * Added Espanish template translation, thanks to Carlos Valdivia,
+ (closes: #135065)
+ * Enforce mode 0600 on /etc/fetchmailrc, since fetchmail insists on it
+ anyway (closes: #135416)
+ * Add warning to README.Debian about the now gone MDA fallback
+ * Edit manpages to make sure the MDA fallback myth doesn't come back,
+ either
+
+ -- Henrique de Moraes Holschuh Tue, 5 Mar 2002 15:23:37 -0300
+
+fetchmail (5.9.8-3) unstable; urgency=low
+
+ * Really fix #126221 this time, I hope.
+
+ -- Henrique de Moraes Holschuh Sun, 17 Feb 2002 07:50:53 -0300
+
+fetchmail (5.9.8-2) unstable; urgency=low
+
+ * Remove fetchmail-up and fetchmail-down scripts. There is no reason
+ at all not to call /etc/init.d/fetchmail for the ppp up and down
+ functions. (closes: #134190)
+ * Add sample /usr/share/doc/fetchmail{-ssl,}/ip-down example script
+
+ -- Henrique de Moraes Holschuh Sat, 16 Feb 2002 07:28:43 -0200
+
+fetchmail (5.9.8-1) unstable; urgency=medium
+
+ * New upstream source:
+ + Document interaction of expunge in POP3 and servers which require a
+ delay before reconnection (closes: #132769)
+ + vsprintf underflow fixes by Sunil Shetye.
+ + Added warning about UIMS POP3 server.
+ + Sunil Shetye's patch for idle timeout during poll.
+ * Update copyright file (closes: #133497)
+ * Re-create /var/run/fetchmail on init.d script (closes: #133577)
+ * A recent upload disabled fingerprint output when running in silent
+ mode (closes: #126221)
+ * Use a safer (but far more likely to leave cruft behind) method of
+ removing the fetchmail user during purge. Users that request fetchmail to
+ be purged will not lose anything they left behind in /var/run/fetchmail,
+ even if they DID tell dpkg to purge all fetchmail traces from the system.
+ Don't expect such level of babysitting very often (closes: #130779)
+ * Fix fuckage on new i18n templates, and update da.po while at it
+ * fetchmail, fetchmail-ssl: call db_purge on install and upgrades, to
+ let debconf know that all templates were moved to fetchmail-common.
+ Otherwise, they are not removed from the system on purge
+
+ -- Henrique de Moraes Holschuh Sat, 16 Feb 2002 00:50:24 -0200
+
+fetchmail (5.9.7-3) unstable; urgency=low
+
+ * Disable /usr/sbin/sendmail fallback (closes: #133340)
+
+ -- Henrique de Moraes Holschuh Mon, 11 Feb 2002 11:35:29 -0200
+
+fetchmail (5.9.7-2) unstable; urgency=low
+
+ * Do not supress the read of the message body when transact.c(readheaders)
+ returns PS_TRUNCATED (closes: #128672)
+ * Fix longstanding SSL hang w/ 100% CPU usage bug, thanks to
+ Matthias Andree for tracking down and
+ fixing the bug (closes: #127041)
+
+ -- Henrique de Moraes Holschuh Sun, 10 Feb 2002 12:22:39 -0200
+
+fetchmail (5.9.7-1) unstable; urgency=low
+
+ * New upstream source:
+ + Properly guard some transaction reporting in the SSL code
+ + Expunge edge case fix by Sunil Shetye
+ + Fixes for some odd IMAP and SMTP edge cases by Sunil Shetye
+ + UIDL bug fix by Matthias Andree
+ + Use smtpaddress, if present, to set the return path on warning mail
+ + Tell parser to object when SSL keyboard is used with SSL not compiled
+ + GSSAPI and ODMR fixes by Tom Hughes
+ * Fix small typo in message output (initscript) (closes: #129270)
+ * Change references to packaging-manual to debian-policy in comments
+ * Applied Tom Hughes patches to fix build of gssapi.c
+ * Enable i18n for "de" locale
+ * Do not output error when user requests "NO SSL" in the no-ssl version
+
+ -- Henrique de Moraes Holschuh Sat, 2 Feb 2002 20:29:35 -0200
+
+fetchmail (5.9.6-2) unstable; urgency=medium
+
+ * Fix minor upgrade glitch: now remove /usr/share/doc/fethmail{-ssl,}
+ in new fetchmail{-ssl,} preinst script (closes: #126155)
+ * Tweak descriptions of fetchmail-common, fetchmail and fetchmail-ssl
+ to mention each other (closes: #126345)
+ * Fix non-initialization of deletions(imap.c), which resulted in random
+ crashes. Thanks to Sunil Shetye for
+ tracking down the issue and for a preliminary version of the patch.
+ * Add umask 022 and some chmod --reference to postinst, so that we create
+ /etc/default/fetchmail with mode 644 and avoid changing its permissions
+ later. I will not attempt to chmod 644 it, since the user might have a
+ good reason to want it mode 600, so old files will remain 600 until the
+ user notices and chmods it himself if he wants to (closes: #126655)
+ * Add Danish debconf templates, thanks Claus Hindsgaul
+ (closes: #126595, #126596)
+
+ -- Henrique de Moraes Holschuh Sat, 29 Dec 2001 17:08:51 -0200
+
+fetchmail (5.9.6-1) unstable; urgency=medium
+
+ * The "Twilight in the North Sea" release
+ * New upstream source:
+ + OPIE bug fixes by Jun Miyoshi .
+ + Documented known IDLE bug in the todo.html file.
+ + Sunil Shetye's fix for a timeout/reconnect bug.
+ + LMTP fix from Toshiro HIKITA .
+ + The duplicate-killer doesn't try to operate if we can get an actual
+ recipient address from the trace headers.
+ * Fix usage of dpkg-architecture in debian/rules: do not append -gnu to
+ the result, dpkg-architecture might be fixed to actually work as it
+ should someday, after all...
+ * Create a fetchmail-common package, to fix once and for all the problems
+ resulting from the sharing of conffiles between fetchmail and
+ fetchmail-ssl (closes: #123056)
+ * fetchmail-up: return exit status 0 if $DAEMON is not there to be run
+ * ip-up: return exit status 0 if initscript is not there to be run
+ * Document well in README.Debian just how dumb it is to forget to test-run
+ fetchmail with the 'keep' option when one changes the MTA/MDA
+ configuration, or fetchmail's. Also document the less-likely-to-delete-
+ messages way: setting antispam to -1 and setting "no bouncemail".
+ Upstream does not want to change the antispam defaults, and I happen to
+ think this is his call. OTOH, I will add an example config with safe
+ options, and if clueless people use that one, they will be [mostly] safe
+ from harm (closes: #123759)
+ * Report errors while opening logfile (closes: #120526)
+ * Change initscript slightly to show 'fetchmail' before trying to start
+ or signal it (closes: #121939)
+ * lintian override: "E: fetchmail-ssl usr-doc-symlink-to-foreign-package":
+ fetchmail-ssl DOES come from exactly the same source of fetchmail-common,
+ due to the ssl transformation hack. This hack will be shortlived. As soon
+ as woody is out or crypto in main arrives, I am killing the non-crypto
+ version of fetchmail.
+
+ -- Henrique de Moraes Holschuh Sun, 16 Dec 2001 11:04:12 -0200
+
+fetchmail (5.9.5-7) unstable; urgency=low
+
+ * Braindamaged sudo usage hits again. I am done with this, screw $HOME --
+ sudo users make this useless and still expect stuff to work. Now use
+ getent passwd instead of assuming $HOME has anything useful at all in
+ these checks (closes: #122716). Yet another 'tip' for the currently
+ in limbo "debian packaging manual/howto/whatever".
+ * Apply patches from Mikael Andersson to fix build
+ with Debian kerberos4th. You better be using a new kerberos4th (>= 1.1),
+ or else this will break your build
+
+ -- Henrique de Moraes Holschuh Sat, 8 Dec 2001 03:50:21 -0200
+
+fetchmail (5.9.5-6) unstable; urgency=high
+
+ * Fix logcheck.ignore file to really close #120398
+ * Kicked urgency to high to get this thing into testing ASAP
+
+ -- Henrique de Moraes Holschuh Wed, 28 Nov 2001 13:21:53 -0200
+
+fetchmail (5.9.5-5) unstable; urgency=low
+
+ * Complile all archs using -O instead of -O2, since upstream
+ also does it, and -O2 is broken in sparc (closes: #119425)
+ * Force correct permissions before trying to read config file
+ (closes: #120932)
+
+ -- Henrique de Moraes Holschuh Sat, 24 Nov 2001 14:34:28 -0200
+
+fetchmail (5.9.5-4) unstable; urgency=low
+
+ * Yet another workaround against #119366, make sure the owner of
+ /var/run/fetchmail is fetchmail:nogroup (closes: #120519)
+ * Add the chown workaround to the init script too, just in case
+ * Added "key fingerprint" and "#### body octets" to logcheck.ignore
+ (closes: #120398)
+
+ -- Henrique de Moraes Holschuh Thu, 22 Nov 2001 00:29:04 -0200
+
+fetchmail (5.9.5-3) unstable; urgency=low
+
+ * Added fetchmail\[[0-9]+\]: sleeping to logcheck.ignore (closes: #119682)
+ * Changed verbosity of "sleeping at ..." log message so that it only
+ shows up if fetchmail is above normal log level (closes: #120078)
+
+ -- Henrique de Moraes Holschuh Sun, 18 Nov 2001 11:55:07 -0200
+
+fetchmail (5.9.5-2) unstable; urgency=low
+
+ * Remove uneeded conflicts with python >=2.2. Lintian was screwing up.
+ * Add workaround for #119366, adduser not ensuring that the homedir
+ of the fetchmail user is really there
+
+ -- Henrique de Moraes Holschuh Mon, 12 Nov 2001 22:10:38 -0200
+
+fetchmail (5.9.5-1) unstable; urgency=low
+
+ * The "Very dark skies ahead" release
+ * Enjoy NLS while it lasts. Upstream may drop it in the close future,
+ and I am not sure I will keep it alive in a Debian fork (I will certainly
+ try, however)
+ * New upstream source:
+ + Finished license cleanup, all licenses in the distribution are now
+ officially GPL-compatible.
+ + Added a length check to from64tobits() after receiving a warning that
+ it might create buffer overflows. No exploitable overflows were found
+ by a careful case-by-case audit, and at minimum an exploit would have
+ required that the mailserver be subverted
+ + Changed the logging logic along lines suggested by Jan Klaverstijn
+ + fetchmailconf looks first in the directory it's running from to find
+ fetchmail
+ + Make sure we vet a success status correctly from open_smtp_sink()
+ and open_bsmtp_sink()
+ + Immediately abort if a non-empty QMAILINJECT environment variable is
+ found. If it is set and contains f or i, qmail-inject or qmail's
+ sendmail `compatibility' wrapper will rewrite From: or Message-ID:
+ headers, respectively. En passant, fix the bug that program_name was not
+ filled in before used when the user's ID had no PW entry, leading to
+ (null) or crash when printing the error message. Patch by Matthias
+ Andree
+ + Block signals during SockConnect() so we don't get a socket descriptor
+ leak if we're hit by an alarm signal during connect(2)
+ + Set queryname even when server is inactive; avoids a core-dump bug in
+ the fetchids code
+ * Add -tt option to strace in the init.d debug-run debug helper
+ * Fix all calls to from64tobits so that fetchmail will actually compile,
+ I have no idea how it is compiling upstream without this. Maybe my CVS
+ tree is weird... oh well, I am using the non-exploitable version, so
+ I could care less :P
+ * Do not run config.guess anymore, trust output of dpkg-architecture
+ * Update fetchmailconf dependency list for the python 2.1 changes
+
+ -- Henrique de Moraes Holschuh Sat, 10 Nov 2001 11:32:14 -0200
+
+fetchmail (5.9.3-1) unstable; urgency=low
+
+ * The "Upstream blues" release(s) :P
+ * New upstream source
+ + Make -D short option for --smtpaddress active again
+ + Make sure IMAP capability checks are caseblind
+ + Make sure suffix checks on akalists are properly caseblinded
+ + All warning mail now has a generated date stamp
+ + End of poll cycle is now logged
+ + Sanity check now rejects SSL option if SSL support is not
+ compiled in (Closes: #109796)
+ + Mike Warfield's fix for using a combined SSL cert and key in a
+ single file
+ + DNS lookups moved to just before te mailserver socket open, so
+ fetchmail now works OK even if started up without Internet
+ access. HESIOD lookups moved just before the DNS lookups
+ + Make sure the SICHLD handler is called when we run detached
+ (this helps with the zombie issue in #95659, I hope)
+ + Added FAQ item X8 on why mail sometimes gets an extra )
+ appended
+ + Thomas Moestl's patch to use querynames in UID files.
+ + Timeout to deal with long socket closes (Sunil Shetye).
+ + Move from RSA MD5 code to Colin Plumb's public-domain implementation
+ (BSD classic license eliminated)
+ + Rewrite strcasecmp() (BSD classic license eliminated).
+ + Updated Danish po file.
+ + Re-enable explicit bounce message on bad address.
+ * Make sure .pot files are up-to-date. Will fix this for real in the
+ next upstream version, after I know how ESR will fix this upstream,
+ and what will come inside the upstream tarball
+ * fetchmailconf: fix tuple in sock.connect for python 2.1. Thanks to
+ Alain Tésio for the patch
+ * fetchmailconf: disable gross hack from upstream. We do NOT want
+ fetchmailconf to look for fetchmail in the current dir before it
+ searches $PATH. I shudder at the bug reports from clueless users...
+ * Fix problematic changes in 5.9.1-3 that caused POP2 protocol to be
+ run without being requested
+ * Make sure xgettext knows fetchmail uses GT_() instead of _() for gettext
+ (someone in fetchmail-friends pointed the need to do this, but I lost
+ his name somehow. Thank you, whomever you are). This actualy exposed
+ a bug in gettextize
+ * Update documentation on the _() to GT_() transition (sent upstream)
+ * Version dependency on debconf due to seen flag
+ * Fix typo in debian/copyright. Lintian rules!
+
+ -- Henrique de Moraes Holschuh Sun, 30 Sep 2001 21:47:41 -0300
+
+fetchmail (5.9.0-5) unstable; urgency=low
+
+ * The "tidy-up before a long winter" release
+ * Fix ugly bogosity in fetchmail-up script, thanks to Jacek Kawa
+ for the patch. I wonder what I was (not?)
+ thinking when I broke fetchmail-up...
+
+ -- Henrique de Moraes Holschuh Thu, 20 Sep 2001 08:47:54 -0300
+
+fetchmail (5.9.0-4) unstable; urgency=medium
+
+ * Fix extremely stupid typo in fetchmail.config (closes: #112142)
+
+ -- Henrique de Moraes Holschuh Thu, 13 Sep 2001 15:12:37 -0300
+
+fetchmail (5.9.0-3) unstable; urgency=low
+
+ * Do not warn about the overriding of initscript defaults if system-wide
+ fetchmail is not active (closes: #110396)
+ * Change /bin/mail to /usr/bin/mail in fetchmail(1) (closes: #110820)
+ * fetchmailconf does not output empty plugin/plugout strings anymore
+ (closes: #106668, #106686).
+ * fetchmail: do strip /port# from LMTP addresses (closes: #98388)
+
+ -- Henrique de Moraes Holschuh Sun, 2 Sep 2001 11:57:56 -0300
+
+fetchmail (5.9.0-2) unstable; urgency=low
+
+ * Added strace capability to /etc/init.d/fetchmail debug-run, and updated
+ docs accordingly
+ * Detect missing /var/run or /var/run/fetchmail directory in initscript
+ (closes: #110076)
+
+ -- Henrique de Moraes Holschuh Sun, 26 Aug 2001 08:11:34 -0300
+
+fetchmail (5.9.0-1) unstable; urgency=low
+
+ * New upstream source:
+ * # characters now go to stdout, same place as the dots
+ * Matthias Andree's patch to correct parsing of spaces in quoted
+ usernames
+ * Do not complain/bomb out with an error if /etc/init.d/fetchmail is
+ missing, unless system-wide fetchmail is being switched from
+ disabled to enabled.
+
+ -- Henrique de Moraes Holschuh Wed, 15 Aug 2001 15:35:17 -0300
+
+fetchmail (5.8.17-1) unstable; urgency=low
+
+ * New upstream source:
+ * Eliminated second bounce on failed RCPT TO address.
+ * Always use fetchmail host's FQDN to identify the daemon when sending
+ bounce messages.
+ * Embarrassing bug of the month -- somehow, `skip' wasn't being
+ interpreted!
+ * Upstream integrated the security fix added to Debian in 5.8.16-1,
+ however I've added a warning should anyone attempt that exploit.
+
+ -- Henrique de Moraes Holschuh Wed, 8 Aug 2001 09:08:54 -0300
+
+fetchmail (5.8.16-1) unstable; urgency=high
+
+ * New upstream source:
+ * Refuse mail that has no good addresses and can't be sent to postmaster
+ * Restore behavior of discarding mail on 550 (closes: #105237)
+ * John Summerfield updated getfetchmail
+ * Lock-file-name bug reported by Scott Johnson
+ * Man page bugs pointed out by Andrew Benham
+ * POP3 end of session RSET on keep removed. Fixed in Debian in 5.8.14-1
+ (closes: #104125)
+ * In IMAP, handle BAD and NO responses to FETCH gracefully
+ * Parse "no {syslog|invisible|showdots} properly
+ * Fixed bug in fetchmailconf plugin/plugout code (related to #105987)
+ * Handle ! in RFC2821 Return-Path addresses properly
+ * Fix typo in fetchmail(1), also done upstream (closes: #106925)
+ * SECURITY FIX: fix remote exploit on pop3 and imap protocols; Thanks
+ to Salvatore Sanfilippo for reporting the bug
+ and suggesting a patch to fix it.
+
+ -- Henrique de Moraes Holschuh Sat, 14 Jul 2001 12:38:26 -0300
+
+fetchmail (5.8.14-2) unstable; urgency=low
+
+ * Improved README.Debian file a little. Documented the fact that
+ system-wide fetchmail will refuse to start if there are errors in the
+ /etc/fetchmailrc file (closes: #105363). Documented how to properly
+ report bugs
+ * Added a debug-run initscript action that outputs proper debugging
+ information for reporting bugs
+ * Fix duplicate autotools-dev stuff in debian/rules clean target
+
+ -- Henrique de Moraes Holschuh Sat, 14 Jul 2001 12:38:26 -0300
+
+fetchmail (5.8.14-1) unstable; urgency=medium
+
+ * New upstream source:
+ * Correction for backslash-handling patch in rfc822.c
+ * Fix for Debian Bug#103822: fetchmailconf fails to write file after
+ configuration; move .fetchmailrc to .fetchmailrc~ before overwriting
+ (closes: #103822)
+ * Discard Return-Path headers consisting of a single @
+ * Make fetchmailconf dump plugin and plugout options properly
+ * Rob Brauns changes for building fetchmail outside its source directory
+ * Found (and killed) a subtle SMTP protocol error that was probably
+ lurking behind a lot of the bug reports related to bounce mail, thanks
+ to Quoc Luu. (Only manifested when the MTA rejected mail due to a bad
+ RCPT TO address) -- I think this closes: #88764 (hmh)
+ * Disable RSET before QUIT for pop3. This is a temporary measure, and I
+ might put it back soon (#104125)
+ * Fix serious configure.in bug that broke fallbacks to /usr/sbin/sendmail
+ (#104484)
+ * Fix assorted -Wall and build problems on upstream code
+
+ -- Henrique de Moraes Holschuh Sat, 14 Jul 2001 12:38:26 -0300
+
+fetchmail (5.8.12-1) unstable; urgency=low
+
+ * New upstream source:
+ + Bug fix for envelope header skip
+ + ODMR finally seems to be working
+ + Handle multiple backslashes within RFC822 address strings correctly.
+ + Don't exit on a failure to DNS-resolve a mailserver name, just
+ make it inactive. Exit only if all lookups fail (closes: #99197)
+ + Restore code to deal with SMTP error responses at RCPT TO time, but
+ without issuing an RSET. This is intended to fix obscure bugs that
+ show up in recent Postfix releases and sendmail configurations that
+ delay antispam checks on the MAIL FROM line until RCPT TO time
+ (maybe fixes #88764)
+ * Add better autotools-dev support to debian/rules. Add devscripts to
+ build-depends because of this change
+ * Close standard input on initscript to make sure fetchmail won't ask
+ for passwords
+
+ -- Henrique de Moraes Holschuh Sat, 7 Jul 2001 23:33:24 -0300
+
+fetchmail (5.8.11-1) unstable; urgency=low
+
+ * New upstream source:
+ + Add more ODMR fixes from Matt Armstrong
+ + Fix signal handling code (closes: #102711). Now, we do not reap
+ dead children until the end of a run when delivering to a MDA.
+ IF you use plugins and deliver to a MDA, you risk being overrun
+ by an army of undead. Don't do it, deliver through SMTP instead
+ + If a mail will be bounced to the postmaster AND postmaster is set to ""
+ (empty), don't try to forward it. Patch from Sunil Shetye
+
+ * Add polish template, thanks to Krzysztof Krzyzaniak
+ (closes: #102667)
+ * More code cleanups for -Wall
+ * Recent bugfixes to other problems also fixed these:
+ (closes: #95370, #101950)
+
+ -- Henrique de Moraes Holschuh Tue, 3 Jul 2001 11:59:34 -0300
+
+fetchmail (5.8.10-2) unstable; urgency=low
+
+ * Recompile with dpkg 1.9.10 (closes: #102524, #102593)
+
+ -- Henrique de Moraes Holschuh Wed, 27 Jun 2001 13:42:34 -0300
+
+fetchmail (5.8.10-1) unstable; urgency=low
+
+ * New upstream source:
+ + ODMR fixes from Matt Armstrong
+ + The smtphost option has been split. It is no longer overloaded to set
+ the list of domains to be queried in ETRN and ODMR modes. Instead,
+ use the `fetchdomains' option.
+ + Fixes for the new message-marking code from Thomas Moestl
+ * Fix incorrect usage of strncat in 5.8.8-2 patch (also done upstream)
+ * Normalize tab usage on fetchmailconf (to keep #102052 closed)
+ * Fixed some -Wall warnings
+ * Added menu icon for fetchmailconf
+
+ -- Henrique de Moraes Holschuh Tue, 26 Jun 2001 00:25:56 -0300
+
+fetchmail (5.8.8-3) unstable; urgency=low
+
+ * Finally managed to track down and terminate the last remaining
+ necromantic bug that liked keeping zombie children around for nefarious
+ needs (closes: #95659)
+ * Normalize tab usage on fetchmailconf (closes: #102052)
+
+ -- Henrique de Moraes Holschuh Sun, 24 Jun 2001 00:27:11 -0300
+
+fetchmail (5.8.8-2) unstable; urgency=low
+
+ * Fix warning about syslog/daemon overrides; now assume the warning should
+ be given at least once, if it cannot be verified to be uneeded.
+ * Replace numerous sprintfs with snprintf to avoid some remote
+ possibilities of a formatstring exploit exist. Same for strcat.
+ * Cleaned up lots of warnings (most of them justified) from gcc
+ * Debug builds now disable optimizations
+ * Dirty fix for ok in (driver.c)fetch_messages getting out of scope
+ for do_session (closes: #101792)
+
+ -- Henrique de Moraes Holschuh Sat, 23 Jun 2001 02:37:30 -0300
+
+fetchmail (5.8.8-1) unstable; urgency=low
+
+ * New upstream source
+ + Fix bug that prevented messages from being marked oversized
+ unless -v was on
+ + Steven Krings's patch to deal with over-long header lines
+ + Chris Maio's patch for POP3 with BSMTP
+
+ -- Henrique de Moraes Holschuh Thu, 21 Jun 2001 11:51:18 -0300
+
+fetchmail (5.8.7-2) unstable; urgency=low
+
+ * fetchmailconf: Enclose local user names in quotes to avoid parse error
+ if numeric (closes: #101500)
+ * Add recently added .c files to po/POTFILES.in. Thanks to Byrial Jensen
+ for the patch
+ * Fix multidrop problem caused by the security fix in 5.8.5-2. Thanks to
+ Steve M.Robbins for tracking this bug
+ down, and supplying a patch. Don't I feel dumb now for this mistake...
+ No more coding security fixes at 03:00 in the morning for me
+ (closes: #101530)
+ * Fix undue parameter expansion when generating postinst from template
+
+ -- Henrique de Moraes Holschuh Tue, 19 Jun 2001 23:08:59 -0300
+
+fetchmail (5.8.7-1) unstable; urgency=low
+
+ * This release marks the start of a major code rewrite in fetchmail, so I
+ expect things to break. It doesn't help that I had to do a very
+ extensive list of changes in the packaging for 5.8.6-3. This is
+ unstable, therefore I'm not too concerned. However, you might want to
+ stick to 5.8.6-2 and wait for a few days to see if any major bugs show
+ up in the BTS before upgrading. You have been warned.
+ * New upstream source
+ + Fix fetchmailconf support for tracepolls (closes: #101242)
+ + driver.c refactoring in preparation for streaming mode
+
+ -- Henrique de Moraes Holschuh Mon, 18 Jun 2001 11:26:41 -0300
+
+fetchmail (5.8.6-3) unstable; urgency=medium
+
+ * Applied patch from Byrial Jensen to make the
+ tracepools RFC-2822 compliant. Also, fixed bogus reference to
+ --adaccthdr in fetchmail --help
+ * Generate the postinst script in debian/rules from init.defaults and
+ *.postinst.template, to avoid poluting /usr/share or sync loss between
+ postinst and init.defaults
+ * Fix segfault-waiting-to-happen in driver.c. Thanks to Stephan Krings
+ for noticing it
+ * /etc/default/fetchmail is not a conffile anymore. User-made changes are
+ still supported, but any changes made by me will not be propagated
+ anymore on upgrades. The "up-to-date" version of the configuration file
+ (including defaults and comments) is in the examples directory in the
+ documentation (closes: #101025)
+ * Disable fetchmailconf support for tracepolls until bug#101242 gets
+ fixed upstream
+
+ -- Henrique de Moraes Holschuh Mon, 18 Jun 2001 02:50:34 -0300
+
+fetchmail (5.8.6-2) unstable; urgency=low
+
+ * Clean-up upstream cruft automatically, to make sure it won't choke an
+ --with-included-gettext build (not normally used in Debian, but who
+ knows...). This is needed because diff cannot delete files
+ * Running fetchmail as root is dangerous. The safest way is to run it as a
+ very unpriviledged user (you could even chroot it, I suppose) and
+ deliver over smtp. Stress this on the documentation
+ * Fix initscript so that it will work with POSIXLY_CORRECT set, thanks
+ "Sven M. Hallberg"
+ * Do not abort postinst/prerm if the initscript fails (closes: #100832)
+
+ -- Henrique de Moraes Holschuh Thu, 14 Jun 2001 11:12:53 -0300
+
+fetchmail (5.8.6-1) unstable; urgency=low
+
+ * New upstream source
+ - Reject candidate headers for the MAIL FROM address that have \n in
+ them
+ - Add capability to insert poll trace data in the Received line
+ - Brendan Kehoe's patch to avoid doing DNS lookups on skip entries
+ (helps with #99197, but doesn't fix the whole issue)
+
+ -- Henrique de Moraes Holschuh Tue, 12 Jun 2001 13:28:19 -0300
+
+fetchmail (5.8.5-2) unstable; urgency=high
+
+ * Security fix: buffer overflow when rewriting headers longer than 512
+ bytes (closes : #100394)
+
+ -- Henrique de Moraes Holschuh Tue, 12 Jun 2001 02:34:50 -0300
+
+fetchmail (5.8.5-1) unstable; urgency=low
+
+ * New upstream version
+ + Interface option fix from Alexander Kourakov.
+ + Attempted fix for Harry McGavran's problems with the Kerberos V build.
+ + Added fetchmailnochda.pl to the contrib directory.
+ + Sunil Shetye's patches for the seen count on IMAP and auto protocol.
+ * Fixed typo in logcheck.ignore (closes: #99706)
+ * Removed top_srcdir="." directive in debian/rules, as it broke the build
+ with new gettext and autoconf
+ * At least two known (and bad) bugs waiting for upstream fix. See
+ TODO.Debian in the source package -- they're not new bugs, AFAIK.
+
+ -- Henrique de Moraes Holschuh Sat, 2 Jun 2001 12:49:23 -0300
+
+fetchmail (5.8.4-1) unstable; urgency=low
+
+ * New upstream version
+ + New README.SSL file. If you use SSL, read it; tied to:
+ + New SSL certificate options from Thomas Moestl
+ + Frantisek Brabec's patch for better UIDL error recovery
+ + Jorg de Jong's patch attempts to handle spaces in the ID part of UIDLs
+ (this probably closes: #96489)
+ * Fixed small typo in manpage
+ * Very minor fixes to work with autoconf 2.50
+
+ -- Henrique de Moraes Holschuh Tue, 22 May 2001 22:42:13 -0300
+
+fetchmail (5.8.3-2) unstable; urgency=medium
+
+ * The "Zombie-Child Reaper" release
+ * Split changelogs (including upstream's), to remove old cruft.
+ No information was lost, the complete changelogs are available
+ in the source package
+ * Serious attempt to allow all dead children to go peacefully to
+ the Big Bitbucket In The Sky. Signal handling was really screwed
+ up in Linux glibc 2.2 systems (and maybe others) (closes: #95659)
+ * fetchmailconf would generate bogus output if the monitor or
+ netsec options where enabled (closes: #98127)
+ * Use autotools-dev to make sure we need not worry about
+ config.{sub,guess} again.
+
+ -- Henrique de Moraes Holschuh Mon, 21 May 2001 11:42:13 -0300
+
+fetchmail (5.8.3-1) unstable; urgency=medium
+
+ * The "major pain in the neck" release
+ * New upstream release
+ - Don't cough and die from failure to resolve a skipped host
+ (closes: #92530, #92554)
+ - SIGCHLD handler now sets SA_RESTART explicitly in order to avoid
+ zombies from interrupted system calls (closes: #95993)
+ - Do aka suffix match even if DNS checking is enabled
+ - Prevent POP3 code from authenticating multiple times on success
+ - Fixed IMAP password shrouding
+ - Ignore Sender and Resent-Sender headers unless they contain @
+ + The `localhost' special case of `via' is gone. Use `plugin %h' for
+ talking to ssh instead. THIS IS AN INCOMPATIBLE CHANGE IN
+ .fetchmailrc SEMANTICS. If you are using this for ssh tunnelling,
+ you may need to switch to using a plugin option with %h
+ SEE THE FAQ and fetchmail(1) manpage.
+ * Also set SA_NOCLDSTOP on SIGCHLD handler, we'll timeout the child
+ * Update German template, thanks blade@debian.org (closes: #97155)
+ * Add Galician template, thanks Jacobo Tarrio
+ * Fixed build-dependency: libssl096-dev -> libssl-dev
+ * Honour /etc/default/fetchmail's CONFFILE in debconf warning tests
+ * Trust base-files to manage /var/mail, update policy compliance to
+ 3.5.4 and add the proper depends on base-files >= 2.2.0. This
+ reduces the mess on many of the scripts, which is a Good Thing.
+
+ -- Henrique de Moraes Holschuh Sun, 13 May 2001 14:35:58 -0300
+
+fetchmail (5.8.1-6) unstable; urgency=low
+
+ * The "I should not have got out of bed yesterday" release
+ * Fix broken handling of debconf defaults in fetchmail.config
+ (closes: #96648)
+ * Fix handling of /etc/default/fetchmail for $SERVICE when first
+ adding SERVICE to the config file
+ * Fix annoying postinst bogosity when creating the fetchmail user
+ * Add user-is-really-there test to initscript to close a bogon source
+
+ -- Henrique de Moraes Holschuh Mon, 7 May 2001 16:53:08 -0300
+
+fetchmail (5.8.1-5) unstable; urgency=low
+
+ * The "I told you, didn't I?" release
+ * Warn users that ssh needs to be able to read the RSA/DSA keys to work,
+ and that means they must run the system-wide fetchmail as root.
+ * Debconf "no system-wide fetchmail" master switch added. Use
+ dpkg-reconfigure to re-enable it, or cry silently at the resulting
+ breakage if you don't know what you're doing.
+
+ -- Henrique de Moraes Holschuh Sat, 5 May 2001 23:58:05 -0300
+
+fetchmail (5.8.1-4) unstable; urgency=low
+
+ * The "A Debian developer's way is fraught with peril" release
+ * New Dutch template, thanks Thomas J. Zeeman (closes: #95737)
+ * Add debconf and initscript support to run the system-wide fetchmail
+ daemon as user fetchmail. It is safer, but it won't work if
+ fetchmail is told to deliver to a MDA. Unfortunately, now the
+ initscript violates the KISS principle quite throughoutly.
+
+ -- Henrique de Moraes Holschuh Sat, 5 May 2001 01:57:50 -0300
+
+fetchmail (5.8.1-3) unstable; urgency=low
+
+ * Small fixes to Makefile.in to finally have proper builds with all
+ possible gettext profiles (none, included, system's).
+ * New german template translations, thanks Sebastian Feltel (closes: #94529)
+ * Fix typo in templates.br (pt-br -> pt_BR)
+
+ -- Henrique de Moraes Holschuh Thu, 19 Apr 2001 15:32:15 -0300
+
+fetchmail (5.8.1-2) unstable; urgency=medium
+
+ * Fix upload screwup. No changes
+ * Use MULTIDROP(foo) in #92544 fix patch
+
+ -- Henrique de Moraes Holschuh Thu, 12 Apr 2001 00:41:09 -0300
+
+fetchmail (5.8.1-1) unstable; urgency=medium
+
+ * The "it's time for the spring cleanup" release
+ * New upstream source
+ - Nalin Dahyabai's password parsing and authentication fixes.
+ - Golden brand (5.8.0)
+ * New upstream gettext 0.10.36 used instead of fetchmail upstream's. From
+ now on, Debian builds will always include the newest Debian packaged
+ version of gettext in the package source, just in case (we do not use
+ it, though)
+ * Build tweaks: to make sure new gettext will work, debian/rules clean now
+ adds execute permissions to all files that should have them, instead of
+ trusting the upstream tarball
+ * Switch to debhelper DH_COMPAT mode 3
+ * Kerberos build support in fetchmail is NOT sane. I don't have a very
+ good way to test this stuff (and I don't think upstream can, either...),
+ but I'll try to at least clean it up to the point of it building
+ out-of-the-box using the multiple kerberos packages available in Debian.
+ This probably closes: #92793.
+ - configure changes to properly detect and work with heimdal-dev,
+ kerberos4kth-dev and krb5-dev. Do notice heimdal-dev does not provide
+ kerberosIV compatibility in Debian, you need kerberos4kth-dev too if
+ you need it (configure.in). Also, Heimdal builds *require* OpenSSL
+ support (due to Debian's packaging of Heimdal).
+ - rfc1731 seems to require kerberosIV support as far as I can tell from
+ RFCs, and the imap.c code agrees with this. This means that now KPOP
+ is only available if kerberosIV is as well. Do remember that GSSAPI
+ does not require kerberosIV and will work in kerberosV-only setups
+ (pop3.c)
+ * Fix typo in logcheck.ignore file (closes: #93215)
+ * Initscript fixed to not lie about fetchmail already running when it
+ fails to start (e.g. due to bad DNS) (closes: #93316)
+ * Do not use the poll name when using "via localhost" unless it is
+ a multidrop poll. (partialy addresses #92554)
+
+ -- Henrique de Moraes Holschuh Wed, 11 Apr 2001 12:09:35 -0300
+
+fetchmail (5.7.7-2) unstable; urgency=low
+
+ * Fix postrm purge target (closes: #92361)
+
+ -- Henrique de Moraes Holschuh Sun, 1 Apr 2001 01:43:41 -0300
+
+fetchmail (5.7.7-1) unstable; urgency=low
+
+ * New upstream source (but not really)
+ - No changes from 5.7.6-3 in Debian
+ * Build tweaks: now debian/rules makes sure the autotools are never run
+ so they have been dropped from build-depends.
+ * "--user root" was lost somehow from the initscript, probably in
+ one of those late-night hack-the-initscript sessions. Add it
+ back (closes: #92124)
+
+ -- Henrique de Moraes Holschuh Fri, 30 Mar 2001 00:45:57 -0300
+
+fetchmail (5.7.6-3) unstable; urgency=low
+
+ * The "GNU autotools are a pain in the arse" release
+ * I'm now using a full CVS-style autogen.sh approach. This will
+ make fetchmail far more friendly to newly debian-supported archs,
+ such as ia64 and hppa which need up-to-date config.guess or config.sub
+ support. I just hope nothing got broken in the process...
+ * Added menu entry for fetchmailconf
+
+ -- Henrique de Moraes Holschuh Wed, 28 Mar 2001 01:36:40 -0300
+
+fetchmail (5.7.6-2) unstable; urgency=low
+
+ * Fix broken support for build without autoconf/autoheader
+ * Added CVS version info to many debian/ files
+ * Remind user that /etc/fetchmailrc is not removed on package
+ purge (we don't provide it, after all...)
+ * Fix bug in sink.c that would cause some SMTP errors not to be
+ correctly echoed to the log (e.g. 452 Out of storage)
+ (closes: #90966)
+
+ -- Henrique de Moraes Holschuh Sun, 25 Mar 2001 11:28:48 -0300
+
+fetchmail (5.7.6-1) unstable; urgency=low
+
+ * New upstream source
+ - IMAP: don't just quit if GSSAPI or Kerberos IV fail, but
+ try other methods
+ - Document the fact the IDLE and multiple folders don't play
+ well together (closes: #89908)
+ * Use -pipe for gcc in debian/rules
+ * Remove a lot of useless or dangerous cruft from contrib/
+
+ -- Henrique de Moraes Holschuh Thu, 22 Mar 2001 21:22:27 -0300
+
+fetchmail (5.7.5-2) unstable; urgency=high
+
+ * Fix POP2 build breackage
+ * Fix POP3 password leakage in fetchmail -v (closes: #90176)
+ * Try to compensate for broken sudo setups not correctly
+ setting ${HOME} for root, without actually breaking it for
+ people that have root's homedir elsewhere than /root
+ (closes: #90180)
+
+ -- Henrique de Moraes Holschuh Sun, 18 Mar 2001 23:40:58 -0300
+
+fetchmail (5.7.5-1) unstable; urgency=low
+
+ * New upstream source
+ * Add IPV6 and IPV6SEC build-time options to debian/rules
+ * Document in rcfile_y.y that "interface" is not available in
+ ipv6 builds
+
+ -- Henrique de Moraes Holschuh Thu, 15 Mar 2001 19:30:23 -0300
+
+fetchmail (5.7.4-3) unstable; urgency=low
+
+ * Build-depends only in mail-transport-agent, as autobuilders do not
+ use the OR dependency.
+
+ -- Henrique de Moraes Holschuh Wed, 14 Mar 2001 14:57:55 -0300
+
+fetchmail (5.7.4-2) unstable; urgency=low
+
+ * Fixed build-depends (for fallback MDA)
+ * Suggests: mail-transport-agent
+
+ -- Henrique de Moraes Holschuh Mon, 12 Mar 2001 21:57:18 -0300
+
+fetchmail (5.7.4-1) unstable; urgency=low
+
+ * New upstream source
+ - fetchmail now has a fallback MDA strategy for when it cannot connect
+ to the SMTP sink. Since not everyone will want to install and configure
+ procmail just because of fetchmail, we use /usr/sbin/sendmail as the
+ fallback strategy (works with exim, sendmail and postfix. Other MTAs
+ not tested)
+ * Patched to allow user to choose fallback strategy
+ * New conffile for initscript, /etc/default/fetchmail. This allows for
+ a default --daemon and --syslog behaviour, but will get in the way of
+ the clueful people who did the right thing and used set daemon and
+ set syslog in /etc/fetchmailrc (closes: #89343)
+
+ -- Henrique de Moraes Holschuh Sun, 11 Mar 2001 20:26:56 -0300
+
+fetchmail (5.7.2-4) unstable; urgency=low
+
+ * Added support for systems where aclocal and autoconf are not available
+ (which actually mean autoconf and automake can be removed from the
+ build-depends, but I'd rather have them installed when building
+ fetchmail)
+ * Better changelog for fetchmail-ssl
+ * Fix unsafe tempfile handling in fetchmailconf (closes: #89238)
+ Thanks go to Colin Phipps for the patch
+
+ -- Henrique de Moraes Holschuh Sun, 11 Mar 2001 13:02:15 -0300
+
+fetchmail (5.7.2-3) unstable; urgency=low
+
+ * Fix bug in IMAP mailbox check (triggered by --check)
+
+ -- Henrique de Moraes Holschuh Wed, 7 Mar 2001 15:10:00 -0300
+
+fetchmail (5.7.2-2) unstable; urgency=low
+
+ * Fix IPv6 SA_LEN patch
+ * GSSAPI wouldn't compile due to syntax errors
+ * PROG_MAKE_SET was missing in configure.in
+ * Installs logcheck ignore files for the "C" locale
+
+ -- Henrique de Moraes Holschuh Wed, 7 Mar 2001 00:03:48 -0300
+
+fetchmail (5.7.2-1) unstable; urgency=low
+
+ * New upstream source
+ * Fixed SA_LEN for glibc 2.2.2 and IPv6
+ * Rebuilt NLS support (configure, makefiles) from scratch. Many thanks to
+ Nicolás Lichtmaier, who helped me a lot to figure out what was broken,
+ and why
+ * Warn user to move /root/.fetchids to new location (closes: #88658)
+
+ -- Henrique de Moraes Holschuh Mon, 5 Mar 2001 09:05:39 -0300
+
+fetchmail (5.7.1-2) unstable; urgency=low
+
+ * Seamless *build-time* support for kerberos IV and V, as well as for many
+ optional configure targets for fetchmail. This allows easy building of custom
+ fetchmail packages, supporting, e.g. POP2 or GSSAPI. See README.Debian and
+ debian/rules files for more information. (closes: #33317)
+ * Fix fetchmailconf "nospambounce" bug
+
+ -- Henrique de Moraes Holschuh Sun, 4 Mar 2001 13:09:46 -0300
+
+fetchmail (5.7.1-1) unstable; urgency=low
+
+ * New upstream source
+ - manpage updates
+ - new --sslproto option
+ * Patched to fix NLS build
+ * Patched to fix SSL build
+
+ -- Henrique de Moraes Holschuh Sun, 4 Mar 2001 05:43:50 -0300
+
+fetchmail (5.7.0-2) unstable; urgency=low
+
+ * Patch from upstream: do not attempt SASL on KPOP servers,
+ instead send USER and a fake PASS (closes: #88288)
+
+ -- Henrique de Moraes Holschuh Sat, 3 Mar 2001 19:19:54 -0300
+
+fetchmail (5.7.0-1) unstable; urgency=low
+
+ * New upstream source, fixes issues with fetchmailconf
+ * Patched to avoid breakage in NLS support
+
+ -- Henrique de Moraes Holschuh Sat, 3 Mar 2001 08:29:43 -0300
+
+fetchmail (5.6.8-3) unstable; urgency=low
+
+ * Fix imap timeout when talking to Micoshaft Exchange
+ servers (closes: #87908)
+
+ -- Henrique de Moraes Holschuh Wed, 28 Feb 2001 19:10:52 -0300
+
+fetchmail (5.6.8-2) unstable; urgency=low
+
+ * Remind users that daemon means daemon (closes: #87580)
+ * Make sure fetchmail is started on ip-up (closes: #87577)
+ * Removed findutils from build-depends.
+
+ -- Henrique de Moraes Holschuh Sun, 25 Feb 2001 12:59:51 -0300
+
+fetchmail (5.6.8-1) unstable; urgency=low
+
+ * New upstream source
+ Upstream has changed the syntax of "preauth" back to "auth",
+ please update your fetchmail configuration files.
+ * Maintainer scripts are now able to handle the sharing of
+ /etc/init.d/fetchmail by fetchmail and fetchmail-ssl without
+ causing problems during purge
+ * Avoid causing health problems during system boot ;-) (closes: #86885)
+ * "Improved" fetchmail-up and fetchmail-down scripts (closes: #86924)
+ This *will* bite your arse if you use PPP and don't read README.Debian;
+ Given the debconf annoyance I've added, and this changelog entry, consider
+ yourself warned and go read the README.Debian.
+ * Debconf support added to warn people about the init.d and ppp
+ scripts changes.
+ * Added missing Suggests: fetchmailconf to fetchmail-ssl
+ * Added missing xutils to Build-Depends: (for makedepend)
+
+ -- Henrique de Moraes Holschuh Wed, 21 Feb 2001 12:35:19 -0300
+
+fetchmail (5.6.7-2) unstable; urgency=medium
+
+ * Instead of reverting the change in driver.c, apply fix
+ * New CRAM-MD5 code is fully RFC-compliant, closes: #86667, #86474
+ * Add warning to fetchmailconf for local usernames with embedded '@'
+ Closes: #82514
+
+ -- Henrique de Moraes Holschuh Tue, 20 Feb 2001 05:20:39 -0300
+
+fetchmail (5.6.7-1) unstable; urgency=medium
+
+ * New upstream source:
+ - Fixes pop3 AUTH/CAPA stuff so as to be rfc-compliant
+ * Please note 5.6.5 made changes to the fetchmailrc format, related
+ to the fact that many authorization features (such as CRAM-MD5) are now
+ auto-detected for both IMAP and POP3
+ * Reverted change done to driver.c in 5.6.6 which caused fetchmail to emit
+ wrong status messages on timeouts when opening the mail server (source)
+
+ -- Henrique de Moraes Holschuh Mon, 19 Feb 2001 21:27:37 -0300
+
+fetchmail (5.6.6-2) unstable; urgency=medium
+
+ * The "children should not make fun of their elders" release
+ * Fetchmail wouldn't ask for passwords anymore (closes: #86350)
+
+ -- Henrique de Moraes Holschuh Sat, 17 Feb 2001 10:33:38 -0200
+
+fetchmail (5.6.6-1) unstable; urgency=medium
+
+ * New upstream source
+ * The "let's get that old maid out of testing" release
+ * No more asking for a password when using ETRN (closes: #85938)
+ * Don't issue AUTH between USER and PASS (closes: #85853, #86047)
+ * Different error message when local connection fails (closes: #85961)
+
+ -- Henrique de Moraes Holschuh Fri, 16 Feb 2001 17:28:11 -0200
+
+fetchmail (5.6.5-3) unstable; urgency=low
+
+ * Locales were not being correctly setup (closes: #73614)
+ * Applied patches to allow build with Kerberos IV (closes: #85772)
+ * /etc/init.d/fetchmail script for system-wide mail delivery,
+ create file /etc/fetchmailrc to enable. Deleted bogus
+ debian_rc file from the contrib dir to avoid confusing users.
+ (closes: #66251, #77804)
+
+ -- Henrique de Moraes Holschuh Thu, 15 Feb 2001 17:27:56 -0200
+
+fetchmail (5.6.5-2) unstable; urgency=low
+
+ * Added hack from hell to generate fetchmail-ssl from the same source tree
+ * New fetchmail-ssl package, recompiled against up-to-date unstable
+ closes: #82073, #84427, #76240, #78362, #43179, #79153, #60949
+ closes: #79967, #82503, #84434, #59584, #50421, #66624
+ * Suggests fetchmailconf (closes: #69069)
+ * Bugs fixed by 5.5.4 and above:
+ closes: #75011, #70862, #69358, #69199, #66110, #63667
+ closes: #62115, #61983, #59698
+ probably closes: #80344
+ * This is a new version (closes: #66824)
+ * Ported to debhelper v3, mode v2 (i.e. rebuilt debian/rules), and
+ fixed all crosstalk between the fetchmail and fetchmailconf packages.
+ Closes: #76240, #79967, #54132, #55205
+
+ -- Henrique de Moraes Holschuh Mon, 12 Feb 2001 15:25:18 -0200
+
+fetchmail (5.6.5-1) unstable; urgency=low
+
+ * New upstream source
+ * Closing bugs fixed by versions 5.5.4 and above:
+ closes: #78963, #63064, #65505, #81312, #78796, #78363
+ closes: #68627, #63088, #71428
+
+ -- Henrique de Moraes Holschuh Mon, 12 Feb 2001 12:49:22 -0200
+
+fetchmail (5.6.4-1) unstable; urgency=low
+
+ * New upstream source
+ * Package is now compliant with policy 3.5.0.0
+ * Fixed stupid screwup that might stop an autobuild in debian/rules
+ * Tentative build-depends. Please file a bug if it doesn't work
+
+ -- Henrique de Moraes Holschuh Sun, 11 Feb 2001 14:24:42 -0200
+
+fetchmail (5.6.3-1) unstable; urgency=low
+
+ * New upstream source
+ * New maintainer. Paul orphaned the package, and the other person who
+ should become the new fetchmail maintainer went MIA without so
+ much as uploading a new package or finishing his NM application
+ * Minor package cleanups
+
+ -- Henrique de Moraes Holschuh Sat, 10 Feb 2001 21:55:06 -0200
+
--- fetchmail-6.3.4.orig/debian/README.contrib
+++ fetchmail-6.3.4/debian/README.contrib
@@ -0,0 +1,14 @@
+Fetchmail for Debian, contrib/README.Debian file
+$Id: README.contrib,v 1.4 2003/06/09 14:55:57 benj Exp $
+==========================================================
+
+A lot of the stuff in contrib/ is NOT tailored for being run in a
+Debian system, and will malfunction or break your system if not correctly
+modified. If you don't know what you're doing, don't use it. I do NOT
+maintain the contrib/ directory, nor does fetchmail upstream.
+
+I have removed some useless or outright dangerous stuff from there as
+well. You can always get the complete contrib/ contents from the source
+package.
+
+ -- Benjamin Drieu
--- fetchmail-6.3.4.orig/debian/fetchmail.examples
+++ fetchmail-6.3.4/debian/fetchmail.examples
@@ -0,0 +1 @@
+debian/fetchmailrc.example
--- fetchmail-6.3.4.orig/debian/fetchmailconf.dirs
+++ fetchmail-6.3.4/debian/fetchmailconf.dirs
@@ -0,0 +1,2 @@
+usr/bin
+usr/share/man/man1
--- fetchmail-6.3.4.orig/debian/NEWS
+++ fetchmail-6.3.4/debian/NEWS
@@ -0,0 +1,19 @@
+fetchmail (6.3.1-1) unstable; urgency=low
+
+ * File /etc/default/fetchamil has been added to stablish if user wants to
+ start fetchmail on boot or not.
+ * On install time we try to determine from old version if start or not.
+ * Default will be to not start.
+ * This addition is necessary since upgrades of the package while the users
+ hadn't finish to configure fetchmail properly were breaking the upgrade.
+ This had bitten quite a few users.
+ * The fetchmail-ssl dummy package has been removed since it is no longer
+ needed.
+ * Due to #327250 fetchmail home directory (/var/run/fetchmail) changed to
+ /var/lib/fetchmail
+
+ -- Hector Garcia Mon, 9 Jan 2006 23:24:29 +0100
+
+ $Id$
+
+# vim:set ai et sts=2 sw=2 tw=78:
--- fetchmail-6.3.4.orig/debian/fetchmail.prerm
+++ fetchmail-6.3.4/debian/fetchmail.prerm
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# Stops daemon if it is running under our control
+if [ -x /etc/init.d/fetchmail ]; then
+ if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d --quiet fetchmail stop
+ else
+ /etc/init.d/fetchmail stop
+ fi
+fi
+
+#DEBHELPER#
+
+exit 0
--- fetchmail-6.3.4.orig/debian/fetchmailconf.xpm
+++ fetchmail-6.3.4/debian/fetchmailconf.xpm
@@ -0,0 +1,37 @@
+/* XPM */
+static char *magick[] = {
+/* columns rows colors chars-per-pixel */
+"32 19 12 1",
+" c black",
+". c #191919",
+"X c gray20",
+"o c #4c4c4c",
+"O c #666667",
+"+ c gray50",
+"@ c gray60",
+"# c #b2b2b2",
+"$ c gray80",
+"% c gray90",
+"& c white",
+"* c None",
+/* pixels */
+"********************************",
+"********************************",
+"***************@@@@@@@@@@@@@@@@@",
+"*************@@+@####@####@###@@",
+"***********@+OOO$&&&%&&&%&%&%&%@",
+"oXooO@***@OOO@+o#%&&&&%&&&&&&%$@",
+" O$@@OOO@###@O#$%&&&&&&&&$#$@",
+" @&OO+@@####$#@O@$%%&%&$#$$%@",
+" @%@@@@+@##@+@#@@##$%%##%%&&@",
+" .@&@@@@@@@OOoOOOO#&$@#%%$&&%@",
+" +%@@@@@@++@+&$$$%&&&&&%$$%&@",
+" @%@@++@@@@@+&%$%&&&%&&&&$$%@",
+" @&@OOO++++O+&$$&&&%&&&&&&$%@",
+". . @%+O@@O+O+@+$#$#$#$$$#$#$##@",
+" O#@********@@@@@@@@@@@@@@@@+",
+" o@**************************",
+"+O+O@***************************",
+"********************************",
+"********************************"
+};
--- fetchmail-6.3.4.orig/debian/fetchmailconf.install
+++ fetchmail-6.3.4/debian/fetchmailconf.install
@@ -0,0 +1,3 @@
+usr/bin/fetchmailconf
+usr/share/pixmaps/fetchmailconf.xpm
+usr/lib/python2.4/site-packages/fetchmailconf.*
--- fetchmail-6.3.4.orig/debian/server
+++ fetchmail-6.3.4/debian/server
@@ -0,0 +1,15 @@
+fetchmail\[[0-9]+\]: +reading
+fetchmail\[[0-9]+\]: +(not )?flushed
+fetchmail\[[0-9]+\]: +[0-9]+ +messages? (\([0-9]+ seen\) )?for
+fetchmail\[[0-9]+\]: +skipping poll
+fetchmail\[[0-9]+\]: +Polling
+fetchmail\[[0-9]+\]: +Queuing for
+fetchmail\[[0-9]+\]: +awakened by
+fetchmail\[[0-9]+\]: +awakened at
+fetchmail\[[0-9]+\]: +sleeping
+fetchmail\[[0-9]+\]: .* key fingerprint:
+fetchmail\[[0-9]+\]: +\(.* body octets\)
+fetchmail\[[0-9]+\]: +could not decode BASE64 challenge
+fetchmail\[[0-9]+\]: +You have no mail\.
+fetchmail\[[0-9]+\]: +Turnaround now\.\.\.
+fetchmail\[[0-9]+\]: +receiving message data
--- fetchmail-6.3.4.orig/debian/fetchmailconf.menu
+++ fetchmail-6.3.4/debian/fetchmailconf.menu
@@ -0,0 +1,7 @@
+?package(fetchmailconf):needs="x11"\
+ section="Apps/System/Admin"\
+ hints="Mail,Admin"\
+ title="fetchmailconf"\
+ longtitle="Configure fetchmail"\
+ icon="/usr/share/pixmaps/fetchmailconf.xpm"\
+ command="/usr/bin/fetchmailconf"
--- fetchmail-6.3.4.orig/debian/fetchmail.links
+++ fetchmail-6.3.4/debian/fetchmail.links
@@ -0,0 +1,3 @@
+usr/bin/fetchmail usr/bin/popclient
+usr/share/man/man1/fetchmail.1 usr/share/man/man1/popclient.1
+usr/share/man/man1/fetchmail.1 usr/share/man/man1/fetchmailrc.1
--- fetchmail-6.3.4.orig/debian/contrib.files
+++ fetchmail-6.3.4/debian/contrib.files
@@ -0,0 +1,23 @@
+contrib/fetchmailnochda.pl
+contrib/fetchsetup
+contrib/domino
+contrib/fetchmaildistrib
+contrib/fetchmail-mode.el
+contrib/getmail
+contrib/gotmail
+contrib/gotmail.awk
+contrib/gotmail.conf
+contrib/gotmail.html.awk
+contrib/login
+contrib/logout
+contrib/maildaemon
+contrib/mailqueue.pl
+contrib/multidrop
+contrib/novell
+contrib/poptest
+contrib/preauth-harness
+contrib/README
+contrib/README.getmail
+contrib/runfetchmail
+contrib/toprocmail
+contrib/zsh-completion
--- fetchmail-6.3.4.orig/debian/fetchmail.preinst
+++ fetchmail-6.3.4/debian/fetchmail.preinst
@@ -0,0 +1,16 @@
+#!/bin/sh
+#
+# Preinst script for fetchmail
+# $Id: fetchmail.preinst 148 2004-06-02 16:32:57Z bob $
+#
+
+# Remove a possibly fucked ip-up.d, which was unfortunately not
+# removed due of being a conffile. This is ugly but the only "clean"
+# way I see right now.
+if [ -f /etc/network/if-up.d/fetchmail ] && [ "$2" = "6.2.4-3" ]; then
+ rm -f /etc/network/if-up.d/fetchmail
+fi
+
+#DEBHELPER#
+
+exit 0
--- fetchmail-6.3.4.orig/debian/fetchmailrc.example
+++ fetchmail-6.3.4/debian/fetchmailrc.example
@@ -0,0 +1,33 @@
+# /etc/fetchmailrc for system-wide daemon mode
+# This file must be chmod 0600, owner fetchmail
+
+# The default for this option is 300, which polls the server every 5
+# minutes.
+#
+#set daemon 300
+
+# By default, the system-wide fetchmail will output logging messages to
+# syslog; uncomment the line below to disable this. This might be useful
+# if you are logging to another file using the 'logfile' option.
+#
+# set no syslog
+
+# Avoid loss on 4xx errors. On the other hand, 5xx errors get more
+# dangerous.
+#
+set no bouncemail
+
+# The following defaults are used when connecting to any server, and can
+# be overridden in the server description below.
+#
+# Set antispam to -1, since it is far safer to use that together with no
+# bouncemail.
+#
+defaults:
+ antispam -1
+ batchlimit 100
+
+# Example server section.
+#
+#poll foo.bar.org with protocol pop3
+# user baka there is localbaka here smtphost smtp.foo.bar.org;
--- fetchmail-6.3.4.orig/debian/rules
+++ fetchmail-6.3.4/debian/rules
@@ -0,0 +1,204 @@
+#!/usr/bin/make -f
+#
+# $Id: rules 340 2006-03-31 16:51:36Z hector $
+#
+# Originally by Henrique M. Holschuh , and based on
+# previous work by Paul Haggard , and in a
+# debmake-created rules file.
+#
+# Special package build-time options:
+# POP2, RPA, NTLM, SDPS, OPIE, KRB4, KRB5, GSSAPI
+# NOPOP3, NOIMAP, NOETRN, NOODMR, IPV6, IPV6SEC
+#
+# To use them, add the ones you need to the environment variable
+# DEB_FETCHMAIL_BUILD_OPTIONS before building the package.
+#
+# e.g.
+# export DEB_FETCHMAIL_BUILD_OPTIONS="KRB4,NOIMAP,NOETRN,NOODMR"
+# dpkg-buildpackage -rfakeroot -uc -us
+#
+# If DEB_FETCHMAIL_BUILD_OPTIONS is undefined, SSl, NTLM and SDPS will
+# be enabled by default.
+#
+# The targets KRB4, KRB5, GSSAPI and OPIE require the proper libraries
+# to be installed in the system.
+#
+# IPV6 and IPV6SEC support is untested, and breaks the 'interface'
+# keyword (which is why they will not be enabled by default).
+
+export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+
+include /usr/share/dpatch/dpatch.make
+# for autoconf 2.52 and newer only
+CONFFLAGS =
+ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE))
+ CONFFLAGS += --build $(DEB_HOST_GNU_TYPE)
+else
+ CONFFLAGS += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)
+endif
+
+# Defaults for official debian package
+ifeq (,$(DEB_FETCHMAIL_BUILD_OPTIONS))
+ DEB_FETCHMAIL_BUILD_OPTIONS="SSL,NTLM,SDPS"
+endif
+
+# Process build-time options
+FETCHCONFOPT =
+ifneq (,$(findstring SSL,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --with-ssl=/usr
+endif
+ifneq (,$(findstring POP2,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --enable-POP2
+endif
+ifneq (,$(findstring RPA,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --enable-RPA
+endif
+ifneq (,$(findstring NTLM,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --enable-NTLM
+endif
+ifneq (,$(findstring SDPS,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --enable-SDPS
+endif
+ifneq (,$(findstring OPIE,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --enable-opie
+endif
+ifneq (,$(findstring KRB4,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --with-kerberos=/usr
+endif
+ifneq (,$(findstring KRB5,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --with-kerberos5=/usr
+endif
+ifneq (,$(findstring GSSAPI,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --with-gssapi=/usr
+endif
+ifneq (,$(findstring NOPOP3,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --disable-POP3
+endif
+ifneq (,$(findstring NOIMAP,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --disable-IMAP
+endif
+ifneq (,$(findstring NOETRN,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --disable-ETRN
+endif
+ifneq (,$(findstring NOODMR,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --disable-ODMR
+endif
+ifneq (,$(findstring IPV6,$(DEB_FETCHMAIL_BUILD_OPTIONS)))
+ FETCHCONFOPT += --enable-inet6
+endif
+
+# Turn off optimization if the user requests it.
+CFLAGS = -Wall -pipe -g
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+ CFLAGS += -O0
+else
+ CFLAGS += -O2
+endif
+export CFLAGS
+
+clean: unpatch
+ dh_testdir
+ dh_testroot
+ -rm -f build-stamp configure-stamp
+ -$(MAKE) -i distclean
+ -rm -f po/*.gmo config.sub config.guess config.status
+ dh_clean -X.orig -X.rej
+
+configure: configure-stamp
+configure-stamp: patch
+ set -e
+ dh_testdir
+
+ cp /usr/share/misc/config.sub config.sub
+ cp /usr/share/misc/config.guess config.guess
+
+ ./configure $(CONFFLAGS) --prefix=/usr --enable-nls \
+ --disable-fallback $(FETCHCONFOPT)
+
+ touch configure-stamp
+
+build: configure-stamp build-stamp
+build-stamp:
+ set -e
+ dh_testdir
+
+ $(MAKE)
+
+ # recreate gmo-files as workaround
+ (cd po; $(MAKE) update-gmo)
+# sed -e '/fetchmail-5.3.3/ { s/.*/=== file truncated, see source package for complete changelog ===/; q; }' < NEWS > NEWS.truncated
+
+ touch build-stamp
+
+tmpdir = $(CURDIR)/debian/tmp
+pckdir = $(CURDIR)/debian/fetchmail
+
+install: build-stamp
+ dh_testdir
+ dh_testroot
+ dh_clean -k -X.orig -X.rej
+ dh_installdirs
+ $(MAKE) install prefix=$(tmpdir)/usr mandir=$(tmpdir)/usr/share/man
+ -install -D -m 644 debian/fetchmailconf.xpm \
+ $(tmpdir)/usr/share/pixmaps/fetchmailconf.xpm
+ gzip -9 $(tmpdir)/usr/share/man/man1/fetchmail.1
+# not needed we set a symlink
+# gzip -9 $(tmpdir)/usr/share/man/man1/fetchmailconf.1
+ rm $(tmpdir)/usr/lib/python2.4/site-packages/fetchmailconf.py[co]
+
+
+# Build architecture-independent files here. [ fetchmailconf ]
+binary-indep: build-stamp install
+ dh_testdir
+ dh_testroot
+ dh_install -i --sourcedir=$(tmpdir)
+ dh_installdocs -i
+ dh_installmenu -i
+ dh_installman -i
+ dh_installchangelogs -i
+ dh_link -i usr/share/man/man1/fetchmail.1.gz usr/share/man/man1/fetchmailconf.1.gz
+ dh_python -i
+ dh_compress -i
+ dh_fixperms -i
+ dh_installdeb -i
+ dh_gencontrol -i
+ dh_md5sums -i
+ dh_builddeb -i
+
+# Build architecture-dependent files here. [ fetchmail ]
+binary-arch: build-stamp install
+ dh_testdir
+ dh_testroot
+ mkdir -p $(pckdir)/usr/share/doc/fetchmail/contrib
+ xargs -r -i install "{}" $(pckdir)/usr/share/doc/fetchmail/contrib \
+ < debian/contrib.files
+ -install -m 644 debian/README.contrib \
+ $(pckdir)/usr/share/doc/fetchmail/contrib/README.Debian
+ install -D -m 755 debian/ip-up $(pckdir)/etc/ppp/ip-up.d/fetchmail
+ install -D -m 755 debian/ip-down $(pckdir)/etc/ppp/ip-down.d/fetchmail
+ install -D -m 755 debian/resolvconf \
+ $(pckdir)/etc/resolvconf/update-libc.d/fetchmail
+ install -D -m 644 debian/workstation \
+ $(pckdir)/etc/logcheck/ignore.d.workstation/fetchmail
+ install -D -m 644 debian/server \
+ $(pckdir)/etc/logcheck/ignore.d.server/fetchmail
+ dh_install -a --sourcedir=$(tmpdir)
+ dh_installdocs -a NOTES README fetchmail-features.html \
+ design-notes.html todo.html fetchmail-FAQ.html README.SSL OLDNEWS
+ dh_installexamples -a
+ dh_installinit -a -n
+ dh_installchangelogs -a
+ dh_installman
+ dh_strip -a
+ dh_link -a
+ dh_compress -a
+ dh_fixperms -a
+ dh_installdeb -a
+ dh_shlibdeps -a
+ dh_gencontrol -a
+ dh_md5sums -a
+ dh_builddeb -a
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install
--- fetchmail-6.3.4.orig/debian/workstation
+++ fetchmail-6.3.4/debian/workstation
@@ -0,0 +1 @@
+fetchmail\[[0-9]+\]: +Server CommonName mismatch:
--- fetchmail-6.3.4.orig/debian/dirs
+++ fetchmail-6.3.4/debian/dirs
@@ -0,0 +1,2 @@
+usr/bin
+usr/share/man/man1
--- fetchmail-6.3.4.orig/debian/fetchmail.install
+++ fetchmail-6.3.4/debian/fetchmail.install
@@ -0,0 +1,3 @@
+usr/bin/fetchmail
+usr/share/locale/
+usr/share/man/man1/fetchmail.1.gz
--- fetchmail-6.3.4.orig/debian/ip-up
+++ fetchmail-6.3.4/debian/ip-up
@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# Default fetchmail ip-up script (/etc/ppp/ip-up.d/fetchmail)
+#
+# Change "try-restart" below to "start" if you only want to run fetchmail when
+# the PPP link is up.
+#
+
+if [ -x /etc/init.d/fetchmail -a ! -x /sbin/resolvconf ]; then
+ if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d --quiet fetchmail try-restart || true
+ else
+ /etc/init.d/fetchmail try-restart || true
+ fi
+fi
--- fetchmail-6.3.4.orig/debian/compat
+++ fetchmail-6.3.4/debian/compat
@@ -0,0 +1 @@
+4
--- fetchmail-6.3.4.orig/debian/README.Debian
+++ fetchmail-6.3.4/debian/README.Debian
@@ -0,0 +1,164 @@
+Fetchmail for Debian, README file
+$Id: README.Debian 228 2005-08-14 15:52:49Z nion $
+
+Miscellaneous notes
+-------------------
+
+Fetchmail wants a MTA and will not use a MDA fallback by default anymore.
+Please configure it correctly for your system.
+
+Also, MTA return codes 552 and 553 always cause fetchmail to trash the message,
+unless "keep" mode is being used. MTA return codes in the "antispam" option
+list will also cause mail loss. However, this list is empty by default.
+
+
+Build instructions
+------------------
+
+Make sure to run "debian/rules clean" BEFORE you try to build the package
+(dpkg-buildpackage will do that for you). You have been warned.
+
+You can tailor the capabilities of fetchmail (e.g. to add Kerberos IV support)
+by defining DEB_FETCHMAIL_BUILD_OPTIONS before building the package. There is
+no need to edit debian/rules anymore. Please read the comments in debian/rules
+for more information.
+
+Building KerberosV support using the Heimdal libs in Debian will only work in
+the SSL version of fetchmail.
+
+
+Fetchmail and losing mail
+-------------------------
+
+POP3 servers are known to delete stored mail for no good reason, no matter what
+it is told to do. Badly-configured MTAs are known to send email to the trash or
+bounce it with spam return codes -- including email sent to the postmaster. And
+fetchmail is known to be blamed for both these things causing mail loss.
+
+SEND EMAIL TO YOURSELF MANUALLY TROUGH WHICHEVER DELIVERY METHOD YOU WANT
+FETCHMAIL TO SEND THROUGH, TO TEST IT BEFORE RUNNING FETCHMAIL.
+
+CHECK YOUR MTA AND POP3 SERVER BY TELLING FETCHMAIL NOT TO DELETE MAIL FROM
+YOUR SERVER ("keep" option) NOR DELETE SPAM ("antispam -1") NOR BOUNCE MAIL
+("set no bouncemail") IF YOU VALUE YOUR EMAIL. YOU HAVE BEEN WARNED.
+
+The above checks should be made everytime you change something important in
+either fetchmail's or the MTA/MDA configuration.
+
+Now, let's go over it once again: Fetchmail can, and will delete your mail if
+it thinks the MTA is telling it to do so. Option "keep" will avoid the
+deletion of messages. If you forget to tell fetchmail to "keep" messages, and
+the MTA refuses delivery (particulary with codes 552 (message too large) or 553
+(invalid envelope sender), fetchmail will delete the message even when it
+failed to deliver it. Setting "no bouncemail" and "antispam -1" makes such
+deletion less likely.
+
+
+Using the system-wide fetchmail
+-------------------------------
+
+The fetchmail package install a SysV init script in /etc/init.d/fetchmail.
+This script will start a fetchmail daemon running as the user fetchmail, if
+the configuration file /etc/fetchmailrc is present in the system. If the
+configuration file is not present, nothing is started.
+
+If the system-wide fetchmail refuses to start, you probably have syntax
+errors in the /etc/fetchmailrc file. Try /etc/init.d/fetchmail debug-run
+to find out why it is not starting. Do notice that debug-run is *not*
+capable of detecting errors that happen only in daemon mode.
+
+By default, the system-wide fetchmail daemon will poll every 5 minutes. To
+change this, add a line like the following to your /etc/fetchmailrc file:
+
+ set daemon 900 # poll every 15 minutes
+
+Also, the system-wide fetchmail daemon will by default log all output to
+syslog. To disable this (e.g. if you use the logfile option), add the
+following to your /etc/fetchmailrc file:
+
+ set no syslog # disable logging to syslog
+
+
+Fetchmail on a PPP link
+-----------------------
+
+By default, the system-wide fetchmail will start at boot, and will be
+restarted when the PPP link is brought up. You, can however, configure
+the system-wide fetchmail to *only* run when the PPP link is up (note
+that this has no real advantage over running fetchmail all the time). To
+do so, you must do four things:
+
+ 1. Turn of fetchmail at boot. Simply rename the S99fetchmail links in
+ the /etc/rc?.d directories to K15fetchmail. For example:
+
+ # cd /etc/rc2.d
+ # mv S99fetchmail K15fetchmail
+
+ 2. Edit the ip-up script and change
+ "[ -x /etc/init.d/fetchmail -a ! -x /sbin/resolvconf ]" to
+ "[ -x /etc/init.d/fetchmail ]", and
+ "try-restart" to "start"
+
+ 3. Edit the ip-down script and remove the "exit 0" line.
+
+ 4. Remove /etc/resolvconf/update-libc.d/fetchmail (or add an "exit 0"
+ line at the beginning).
+
+Note that both the init script and the fetchmail PPP scripts are conffiles,
+so if you don't like the setup you just need to change them to your heart's
+content. The changes will not be overwritten by a package upgrade without
+your explicit consent.
+
+
+Running the system-wide fetchmail as root
+-----------------------------------------
+
+The fetchmail package no longer supports running the system-wide fetchmail
+as root. To switch to the new init script facility, just move your
+/root/.fetchmailrc to /etc/fetchmailrc, read the "UIDL cache" section below,
+and run:
+
+ /etc/init.d/fetchmail restart
+
+
+The UIDL cache
+--------------
+
+Fetchmail has an UIDL cache it may use to track message-seen state. The
+init script and ip-up scripts want this cache to be in
+/var/mail/.fetchmail-UIDL-cache. Note the paths leading up to the UIDL
+cache file must be readable by the fetchmail user. This should not be a
+problem on a default Debian install.
+
+
+Errors with POP3 servers
+------------------------
+
+If you have difficulties with your POP3 server, and fetchmail -v shows that
+fetchmail is trying to use AUTH instead of USER and PASS, you can use
+"auth password" to force the use of USER and PASS. Also, fetchmailconf has
+a blacklist of known-bad servers, try autodetecting the server with it.
+
+
+Reporting problems
+------------------
+
+Use a Debian bug-reporting tool (e.g. reportbug from the reportbug package) to
+report problems. Please include a fetchmail -v -v dump showing the problem to
+aid debugging. /etc/init.d/fetchmail debug-run will do that for you if you are
+using the system-wide fetchmail feature (Do remember that problems that only
+happen in daemon mode are NOT triggered by debug-run).
+
+Problems with signals (e.g. "why fetchmail aborts with SIGPIPE?") need the use
+of strace for debugging. Just do:
+
+ /etc/init.d/fetchmail debug-run strace -o /tmp/strace.out
+
+and the init script will run fetchmail, and store the strace output in
+/tmp/strace.out. See strace(1) for more details on strace.
+
+WARNING: strace output may contain security-sensitive information, such as your
+fetchmail passwords. You should clobber those with "*" or "X" before sending
+the file to anyone, especially the Debian bug-tracking system.
+
+ -- Benjamin Drieu
--- fetchmail-6.3.4.orig/debian/copyright
+++ fetchmail-6.3.4/debian/copyright
@@ -0,0 +1,77 @@
+This package was first debianized by Paul Haggart on
+Mon, 18 Nov 1996 16:58:49 -0500.
+
+The Debian packaging was rebuilt and updated by Henrique M. Holschuh
+ on Mon, 12 Feb 2001 15:25:18 -0200, based on Paul's previous
+work until September 2002. Thanks Paul and Henrique!
+
+The package was then maintained by Benjamin Drieu
+Afterwards it was maintained by Graham Wilson .
+
+Now it is maintained by Nico Golde
+and Héctor García .
+
+It was downloaded from: http://download.berlios.de/fetchmail/
+
+Please check the fetchmail homepage at: http://fetchmail.berlios.de
+
+The code and docs are patched extensively. All changes from default upstream
+behaviour are documented in README.Debian.
+
+Copyright:
+
+The code in the fetchmail distribution is Copyright 1997 by Eric S. Raymond.
+Portions were also copyrighted by Carl E. Harris, 1993 and 1995. Copyright
+retained for the purpose of protecting free software redistribution.
+
+The support for SMB authentication is copyright by Andrew Tridgell and
+is under GPL version 2. Tridge has granted a specific exemption for
+his GPL-licensed code to be linked with non-GPL-compliant code in
+fetchmail. The relevant files are smb*.[ch] and ntlm.h.
+
+The code of interface.c is Copyright (c) 1996,1997 by George M. Sipe.
+
+License:
+
+The following files are public-domain: acconfig.h, alloca.c, md5c.c, md5.h.
+
+The following files are MIT license: rfc822.c,idle.c.
+
+The file contrib/runfetchmail is:
+Copyright (c) 1997 Doug Muth, Wescosville, Pennsylvania USA
+All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+The following file is under a variant of the InnerNet Version 2 license
+(with the advertising clause removed for GPL compatibility) supplied
+by its author: ipv6_connect.c.
+
+The following files are explicitly GPL-licensed: getopt1.c, getopt.c, getopt.h,
+contrib/getfetchmail.pl,contrib/mailqueue.pl,contrib/PopDel.py,contrib/poptest,
+contrib/fetchmail-mode.el.
+
+All other code in the distribution incorporates the copy of GPL version 2
+below by reference:
+
+Specific permission is granted for the GPLed code in this distribition to
+be linked to OpenSSL without invoking GPL clause 2(b).
+
+[See /usr/share/common-licenses/GPL-2 for text of GPL v2]
+
--- fetchmail-6.3.4.orig/debian/patches/02.fix-print-date.dpatch
+++ fetchmail-6.3.4/debian/patches/02.fix-print-date.dpatch
@@ -0,0 +1,28 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 02.fix-print-date.dpatch by >
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad trunk~/fetchmail.c trunk/fetchmail.c
+--- trunk~/fetchmail.c 2006-01-23 10:09:12.000000000 +0100
++++ trunk/fetchmail.c 2006-02-02 11:02:37.000000000 +0100
+@@ -782,7 +782,7 @@
+ exit(PS_AUTHFAIL);
+ }
+
+- if (outlevel > O_SILENT)
++ if (outlevel > O_NORMAL)
+ report(stdout,
+ GT_("sleeping at %s\n"), timestamp());
+
+@@ -817,7 +817,7 @@
+ ctl->wedged = FALSE;
+ }
+
+- if (outlevel > O_SILENT)
++ if (outlevel > O_NORMAL)
+ report(stdout, GT_("awakened at %s\n"), timestamp());
+ }
+ } while
--- fetchmail-6.3.4.orig/debian/patches/06_CVE-2007-1558.dpatch
+++ fetchmail-6.3.4/debian/patches/06_CVE-2007-1558.dpatch
@@ -0,0 +1,414 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 06_CVE-2007-1558.dpatch by Jamie Strandboge
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix for CVE-2007-1558
+
+@DPATCH@
+
+diff -Nru fetchmail-6.3.4.orig/Makefile.am fetchmail-6.3.4/Makefile.am
+--- fetchmail-6.3.4.orig/Makefile.am 2007-09-25 15:34:24.000000000 -0400
++++ fetchmail-6.3.4/Makefile.am 2007-09-25 15:38:48.000000000 -0400
+@@ -39,7 +39,7 @@
+ servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \
+ smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \
+ libesmtp/gethostbyname.h libesmtp/gethostbyname.c \
+- smbtypes.h tls.c
++ smbtypes.h tls.c rfc822valid.c
+ libfm_a_LIBADD= $(EXTRAOBJ)
+ libfm_a_DEPENDENCIES= $(EXTRAOBJ)
+ LDADD = libfm.a @LIBINTL@ $(LIBOBJS)
+@@ -75,11 +75,13 @@
+ libesmtp/getaddrinfo.h libesmtp/getaddrinfo.c \
+ KAME/getnameinfo.c
+
+-check_PROGRAMS += rfc822 unmime netrc rfc2047e mxget
++check_PROGRAMS += rfc822 unmime netrc rfc2047e mxget rfc822valid
+
+ rfc2047e_CFLAGS= -DTEST
+
+-rfc822_CFLAGS= -DMAIN
++rfc822valid_CFLAGS= -DTEST
++
++rfc822_CFLAGS= -DMAIN
+
+ unmime_SOURCES= unmime.c
+ unmime_CFLAGS= -DSTANDALONE -DHAVE_CONFIG_H -I$(builddir)
+diff -Nru fetchmail-6.3.4.orig/Makefile.in fetchmail-6.3.4/Makefile.in
+--- fetchmail-6.3.4.orig/Makefile.in 2007-09-25 15:34:24.000000000 -0400
++++ fetchmail-6.3.4/Makefile.in 2007-09-25 15:39:29.000000000 -0400
+@@ -44,7 +44,8 @@
+ bin_PROGRAMS = fetchmail$(EXEEXT)
+ @HAVE_PYTHON_TRUE@am__append_1 = $(pym)
+ check_PROGRAMS = $(am__EXEEXT_1) rfc822$(EXEEXT) unmime$(EXEEXT) \
+- netrc$(EXEEXT) rfc2047e$(EXEEXT) mxget$(EXEEXT)
++ netrc$(EXEEXT) rfc2047e$(EXEEXT) mxget$(EXEEXT) \
++ rfc822valid$(EXEEXT)
+ @NEED_TRIO_TRUE@am__append_2 = libtrio.a
+ @NEED_TRIO_TRUE@am__append_3 = regression
+ @NEED_TRIO_TRUE@am__append_4 = libtrio.a -lm
+@@ -85,7 +86,7 @@
+ rfc822.$(OBJEXT) report.$(OBJEXT) rfc2047e.$(OBJEXT) \
+ servport.$(OBJEXT) smbdes.$(OBJEXT) smbencrypt.$(OBJEXT) \
+ smbmd4.$(OBJEXT) smbutil.$(OBJEXT) gethostbyname.$(OBJEXT) \
+- tls.$(OBJEXT)
++ tls.$(OBJEXT) rfc822valid.$(OBJEXT)
+ libfm_a_OBJECTS = $(am_libfm_a_OBJECTS)
+ libtrio_a_AR = $(AR) $(ARFLAGS)
+ libtrio_a_LIBADD =
+@@ -145,6 +146,11 @@
+ rfc822_LDADD = $(LDADD)
+ rfc822_DEPENDENCIES = libfm.a $(am__DEPENDENCIES_2) \
+ $(am__DEPENDENCIES_3)
++rfc822valid_SOURCES = rfc822valid.c
++rfc822valid_OBJECTS = rfc822valid-rfc822valid.$(OBJEXT)
++rfc822valid_LDADD = $(LDADD)
++rfc822valid_DEPENDENCIES = libfm.a $(am__DEPENDENCIES_2) \
++ $(am__DEPENDENCIES_3)
+ am_unmime_OBJECTS = unmime-unmime.$(OBJEXT)
+ unmime_OBJECTS = $(am_unmime_OBJECTS)
+ unmime_LDADD = $(LDADD)
+@@ -163,11 +169,11 @@
+ YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS)
+ SOURCES = $(libfm_a_SOURCES) $(libtrio_a_SOURCES) $(fetchmail_SOURCES) \
+ $(mxget_SOURCES) $(netrc_SOURCES) $(regression_SOURCES) \
+- rfc2047e.c rfc822.c $(unmime_SOURCES)
++ rfc2047e.c rfc822.c rfc822valid.c $(unmime_SOURCES)
+ DIST_SOURCES = $(libfm_a_SOURCES) $(am__libtrio_a_SOURCES_DIST) \
+ $(fetchmail_SOURCES) $(mxget_SOURCES) $(netrc_SOURCES) \
+ $(am__regression_SOURCES_DIST) rfc2047e.c rfc822.c \
+- $(unmime_SOURCES)
++ rfc822valid.c $(unmime_SOURCES)
+ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-exec-recursive install-info-recursive \
+@@ -363,7 +369,7 @@
+ servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \
+ smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \
+ libesmtp/gethostbyname.h libesmtp/gethostbyname.c \
+- smbtypes.h tls.c
++ smbtypes.h tls.c rfc822valid.c
+
+ libfm_a_LIBADD = $(EXTRAOBJ)
+ libfm_a_DEPENDENCIES = $(EXTRAOBJ)
+@@ -391,6 +397,7 @@
+ KAME/getnameinfo.c
+
+ rfc2047e_CFLAGS = -DTEST
++rfc822valid_CFLAGS = -DTEST
+ rfc822_CFLAGS = -DMAIN
+ unmime_SOURCES = unmime.c
+ unmime_CFLAGS = -DSTANDALONE -DHAVE_CONFIG_H -I$(builddir)
+@@ -528,6 +535,9 @@
+ rfc822$(EXEEXT): $(rfc822_OBJECTS) $(rfc822_DEPENDENCIES)
+ @rm -f rfc822$(EXEEXT)
+ $(LINK) $(rfc822_LDFLAGS) $(rfc822_OBJECTS) $(rfc822_LDADD) $(LIBS)
++rfc822valid$(EXEEXT): $(rfc822valid_OBJECTS) $(rfc822valid_DEPENDENCIES)
++ @rm -f rfc822valid$(EXEEXT)
++ $(LINK) $(rfc822valid_LDFLAGS) $(rfc822valid_OBJECTS) $(rfc822valid_LDADD) $(LIBS)
+ unmime$(EXEEXT): $(unmime_OBJECTS) $(unmime_DEPENDENCIES)
+ @rm -f unmime$(EXEEXT)
+ $(LINK) $(unmime_LDFLAGS) $(unmime_OBJECTS) $(unmime_LDADD) $(LIBS)
+@@ -606,6 +616,8 @@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc2047e.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc822-rfc822.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc822.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc822valid-rfc822valid.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc822valid.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rpa.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/servport.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sink.Po@am__quote@
+@@ -835,6 +847,20 @@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(rfc822_CFLAGS) $(CFLAGS) -c -o rfc822-rfc822.obj `if test -f 'rfc822.c'; then $(CYGPATH_W) 'rfc822.c'; else $(CYGPATH_W) '$(srcdir)/rfc822.c'; fi`
+
++rfc822valid-rfc822valid.o: rfc822valid.c
++@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(rfc822valid_CFLAGS) $(CFLAGS) -MT rfc822valid-rfc822valid.o -MD -MP -MF "$(DEPDIR)/rfc822valid-rfc822valid.Tpo" -c -o rfc822valid-rfc822valid.o `test -f 'rfc822valid.c' || echo '$(srcdir)/'`rfc822valid.c; \
++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rfc822valid-rfc822valid.Tpo" "$(DEPDIR)/rfc822valid-rfc822valid.Po"; else rm -f "$(DEPDIR)/rfc822valid-rfc822valid.Tpo"; exit 1; fi
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rfc822valid.c' object='rfc822valid-rfc822valid.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(rfc822valid_CFLAGS) $(CFLAGS) -c -o rfc822valid-rfc822valid.o `test -f 'rfc822valid.c' || echo '$(srcdir)/'`rfc822valid.c
++
++rfc822valid-rfc822valid.obj: rfc822valid.c
++@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(rfc822valid_CFLAGS) $(CFLAGS) -MT rfc822valid-rfc822valid.obj -MD -MP -MF "$(DEPDIR)/rfc822valid-rfc822valid.Tpo" -c -o rfc822valid-rfc822valid.obj `if test -f 'rfc822valid.c'; then $(CYGPATH_W) 'rfc822valid.c'; else $(CYGPATH_W) '$(srcdir)/rfc822valid.c'; fi`; \
++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rfc822valid-rfc822valid.Tpo" "$(DEPDIR)/rfc822valid-rfc822valid.Po"; else rm -f "$(DEPDIR)/rfc822valid-rfc822valid.Tpo"; exit 1; fi
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='rfc822valid.c' object='rfc822valid-rfc822valid.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(rfc822valid_CFLAGS) $(CFLAGS) -c -o rfc822valid-rfc822valid.obj `if test -f 'rfc822valid.c'; then $(CYGPATH_W) 'rfc822valid.c'; else $(CYGPATH_W) '$(srcdir)/rfc822valid.c'; fi`
++
+ unmime-unmime.o: unmime.c
+ @am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unmime_CFLAGS) $(CFLAGS) -MT unmime-unmime.o -MD -MP -MF "$(DEPDIR)/unmime-unmime.Tpo" -c -o unmime-unmime.o `test -f 'unmime.c' || echo '$(srcdir)/'`unmime.c; \
+ @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/unmime-unmime.Tpo" "$(DEPDIR)/unmime-unmime.Po"; else rm -f "$(DEPDIR)/unmime-unmime.Tpo"; exit 1; fi
+diff -Nru fetchmail-6.3.4.orig/fetchmail-FAQ.html fetchmail-6.3.4/fetchmail-FAQ.html
+--- fetchmail-6.3.4.orig/fetchmail-FAQ.html 2006-03-30 19:26:03.000000000 -0500
++++ fetchmail-6.3.4/fetchmail-FAQ.html 2007-09-25 15:37:11.000000000 -0400
+@@ -628,11 +628,12 @@
+ you see something in the greeting line that looks like an
+ angle-bracket-enclosed Internet address with a numeric left-hand
+ part, that's an APOP challenge (it will vary each time you log in).
+-You can register a secret on the host (using
+-popauth(8)
or some program like it). Specify the
++For some hosts, you need to register a secret on the host (using
++popauth(8)
or some program like that). Specify the
+ secret as your password in your .fetchmailrc; it will be used to
+ encrypt the current challenge, and the encrypted form will be sent
+-back the the server for verification.
++back the the server for verification. Note that APOP is no longer
++considered secure since March 2007.
+
+ Alternatively, you may have Kerberos available. This may require
+ you to set up some magic files in your home directory on your
+@@ -648,8 +649,8 @@
+ response.
+
+ If you are fetching mail from a CompuServe POP3 account, you can
+-use their RPA authentication (which works much like APOP). See I1 for details. If you are fetching mail from
++use their RPA authentication. See I1 for details.
++If you are fetching mail from
+ Microsoft Exchange using IMAP, you will be able to use NTLM.
+
+ Your POP3 server may have the RFC1938 OTP capability to use
+diff -Nru fetchmail-6.3.4.orig/fetchmail.h fetchmail-6.3.4/fetchmail.h
+--- fetchmail-6.3.4.orig/fetchmail.h 2007-09-25 15:34:24.000000000 -0400
++++ fetchmail-6.3.4/fetchmail.h 2007-09-25 15:37:11.000000000 -0400
+@@ -752,5 +752,8 @@
+ int maybe_tls(struct query *ctl);
+ int must_tls(struct query *ctl);
+
++/* prototype from rfc822valid.c */
++int rfc822_valid_msgid(const unsigned char *);
++
+ #endif
+ /* fetchmail.h ends here */
+diff -Nru fetchmail-6.3.4.orig/fetchmail.man fetchmail-6.3.4/fetchmail.man
+--- fetchmail-6.3.4.orig/fetchmail.man 2006-04-06 05:44:05.000000000 -0400
++++ fetchmail-6.3.4/fetchmail.man 2007-09-25 15:40:52.000000000 -0400
+@@ -236,6 +236,7 @@
+ Post Office Protocol 3
+ .IP APOP
+ Use POP3 with old-fashioned MD5-challenge authentication.
++Considered not resistant to man-in-the-middle attacks.
+ .IP RPOP
+ Use POP3 with RPOP authentication.
+ .IP KPOP
+@@ -939,15 +940,15 @@
+ facility was vulnerable to spoofing and was withdrawn in RFC1460.
+ .PP
+ RFC1460 introduced APOP authentication. In this variant of POP3,
+-you register an APOP password on your server host (the program
+-to do this with on the server is probably called \fIpopauth\fR(8)). You
+-put the same password in your
+-.I ~/.fetchmailrc
+-file. Each time
+-.I fetchmail
+-logs in, it sends a cryptographically secure hash of your password and
+-the server greeting time to the server, which can verify it by
+-checking its authorization database.
++you register an APOP password on your server host (on some servers, the
++program to do this is called \fIpopauth\fR(8)). You put the same
++password in your \fI~/.fetchmailrc\fP file. Each time \fIfetchmail\fP
++logs in, it sends an MD5 hash of your password and the server greeting
++time to the server, which can verify it by checking its authorization
++database.
++
++\fBNote that APOP is no longer considered resistant against
++man-in-the-middle attacks.\fP
+ .SS RETR or TOP
+ .I fetchmail
+ makes some efforts to make the server believe messages had not been
+@@ -1009,7 +1010,7 @@
+ password as a pass phrase to generate the required response. This
+ avoids sending secrets over the net unencrypted.
+ .PP
+-Compuserve's RPA authentication (similar to APOP) is supported. If you
++Compuserve's RPA authentication is supported. If you
+ compile in the support, \fIfetchmail\fR will try to perform an RPA pass-phrase
+ authentication instead of sending over the password en clair if it
+ detects "@compuserve.com" in the hostname.
+@@ -1975,7 +1976,7 @@
+ \&'kerberos_v4', 'kerberos_v5' and 'gssapi', 'cram\-md5', 'otp', 'msn'
+ (only for POP3), 'ntlm', 'ssh'. The 'password' type specifies
+ authentication by normal transmission of a password (the password may be
+-plain text or subject to protocol-specific encryption as in APOP);
++plain text or subject to protocol-specific encryption as in CRAM-MD5);
+ \&'kerberos' tells \fIfetchmail\fR to try to get a Kerberos ticket at the
+ start of each query instead, and send an arbitrary string as the
+ password; and 'gssapi' tells fetchmail to use GSSAPI authentication.
+@@ -2633,7 +2634,7 @@
+ RFC 2195, RFC 2449.
+ .TP 5
+ APOP:
+-RFC 1460, RFC 1725, RFC 1939.
++RFC 1939.
+ .TP 5
+ RPOP:
+ RFC 1081, RFC 1225.
+diff -Nru fetchmail-6.3.4.orig/pop3.c fetchmail-6.3.4/pop3.c
+--- fetchmail-6.3.4.orig/pop3.c 2007-09-25 15:34:24.000000000 -0400
++++ fetchmail-6.3.4/pop3.c 2007-09-25 15:37:11.000000000 -0400
+@@ -656,6 +656,20 @@
+ else
+ *++end = '\0';
+
++ /* SECURITY: 2007-03-17
++ * Strictly validating the presented challenge for RFC-822
++ * conformity (it must be a msg-id in terms of that standard) is
++ * supposed to make attacks against the MD5 implementation
++ * harder[1]
++ *
++ * [1] "Security vulnerability in APOP authentication",
++ * Gaëtan Leurent, fetchmail-devel, 2007-03-17 */
++ if (!rfc822_valid_msgid((unsigned char *)start)) {
++ report(stderr,
++ GT_("Invalid APOP timestamp.\n"));
++ return PS_AUTHFAIL;
++ }
++
+ /* copy timestamp and password into digestion buffer */
+ msg = xmalloc((end-start+1) + strlen(ctl->password) + 1);
+ strcpy(msg,start);
+diff -Nru fetchmail-6.3.4.orig/rfc822valid.c fetchmail-6.3.4/rfc822valid.c
+--- fetchmail-6.3.4.orig/rfc822valid.c 1969-12-31 19:00:00.000000000 -0500
++++ fetchmail-6.3.4/rfc822valid.c 2007-09-25 15:37:11.000000000 -0400
+@@ -0,0 +1,140 @@
++/* rfc822valid.c -- validators for RFC-822 syntax
++ * (C) Copyright 2007 Matthias Andree
++ * GNU General Public License v2 */
++
++/* This works only on ASCII-based computers. */
++
++#include "fetchmail.h"
++#include
++
++/* CHAR except specials, SPACE, CTLs */
++static const char *atomchar = "!#$%&'*+-/0123456789=?ABCDEFGHIJKLMNOPQRSTUVWXYZ^_`abcdefghijklmnopqrstuvwxyz{|}~";
++
++static int quotedpair(unsigned char const **x) {
++ if (**x != '\\') return 0;
++ ++ *x;
++ if ((int)* *x > 127 || * *x == '\0')
++ /* XXX FIXME: 0 is a legal CHAR, so the == '\0' is sort of bogus
++ * above, but fetchmail does not currently deal with NUL inputs
++ * so we don't need to make the distinction between
++ * end-of-string and quoted NUL. */
++ return 0;
++ ++ *x;
++ return 1;
++}
++
++
++static int quotedstring(unsigned char const **x) {
++ if (* *x != '"') return 0;
++ ++ *x;
++ for(;;) {
++ switch (* *x) {
++ case '"':
++ ++ *x;
++ return 1;
++ case '\\':
++ if (quotedpair(x) == 0) return 0;
++ continue;
++ case '\r':
++ case '\0':
++ return 0;
++ }
++ if ((int)* *x >= 128) {
++ return 0;
++ }
++ ++ *x;
++ }
++}
++
++static int atom(unsigned char const **x) {
++ /* atom */
++ if (strchr(atomchar, (const char)**x)) {
++ *x += strspn((const char *)*x, atomchar);
++ return 1;
++ }
++ /* invalid character */
++ return 0;
++}
++
++static int word(unsigned char const **x) {
++ if (**x == '"')
++ return quotedstring(x);
++ return atom(x);
++}
++
++static int domain_literal(unsigned char const **x) {
++ if (**x != '[') return 0;
++ ++ *x;
++ for(;;) {
++ switch (* *x) {
++ case '\0':
++ case '\r':
++ case '[':
++ return 0;
++ case ']':
++ ++ *x;
++ return 1;
++ case '\\':
++ if (quotedpair(x) == 0) return 0;
++ continue;
++ }
++ if ((int)* *x > 127) return 0;
++ ++ *x;
++ }
++}
++
++static int subdomain(unsigned char const **x) {
++ if (* *x == '[') return domain_literal(x);
++ return atom(x);
++}
++
++int rfc822_valid_msgid(const unsigned char *x) {
++ /* expect "<" */
++ if (*x != '<') return 0;
++ ++ x;
++
++ /* expect local-part = word *("." word)
++ * where
++ * word = atom/quoted-string
++ * atom = 1*ATOMCHAR
++ * quoted-string = <"> *(qtext/quoted-pair) <">
++ * qtext = CHAR except ", \, CR
++ * quoted-pair = "\" CHAR
++ */
++ for(;;) {
++ if (word(&x) == 0) return 0;
++ if (*x == '.') { ++x; continue; }
++ if (*x == '@') break;
++ return 0;
++ }
++
++ /* expect "@" */
++ if (*x != '@') return 0;
++ ++ x;
++
++ /* expect domain = sub-domain *("." sub-domain)
++ * sub-domain = domain-ref/domain-literal
++ * domain-ref = atom
++ * domain-literal = "[" *(dtext/quoted-pair) "]" */
++ for(;;) {
++ if (subdomain(&x) == 0) return 0;
++ if (*x == '.') { ++x; continue; }
++ if (*x == '>') break;
++ return 0;
++ }
++
++ if (*x != '>') return 0;
++ return 1;
++}
++
++#ifdef TEST
++#include
++
++int main(int argc, char **argv) {
++ int i;
++ for (i = 1; i < argc; i++) {
++ printf("%s: %s\n", argv[i], rfc822_valid_msgid((unsigned char *)argv[i]) ? "OK" : "INVALID");
++ }
++ return 0;
++}
++#endif
--- fetchmail-6.3.4.orig/debian/patches/04.fix-cleartext-leak.dpatch
+++ fetchmail-6.3.4/debian/patches/04.fix-cleartext-leak.dpatch
@@ -0,0 +1,574 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 04.fix-cleartext-leak.dpatch by Kees Cook
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fixes for CVE-2006-5867 extracted from upstream 6.3.6 release.
+
+@DPATCH@
+diff -urNad fetchmail-6.3.4~/Makefile.am fetchmail-6.3.4/Makefile.am
+--- fetchmail-6.3.4~/Makefile.am 2006-04-02 03:19:27.000000000 -0700
++++ fetchmail-6.3.4/Makefile.am 2007-01-09 14:56:09.768303145 -0800
+@@ -39,7 +39,7 @@
+ servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \
+ smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \
+ libesmtp/gethostbyname.h libesmtp/gethostbyname.c \
+- smbtypes.h
++ smbtypes.h tls.c
+ libfm_a_LIBADD= $(EXTRAOBJ)
+ libfm_a_DEPENDENCIES= $(EXTRAOBJ)
+ LDADD = libfm.a @LIBINTL@ $(LIBOBJS)
+diff -urNad fetchmail-6.3.4~/Makefile.in fetchmail-6.3.4/Makefile.in
+--- fetchmail-6.3.4~/Makefile.in 2006-04-14 08:42:56.000000000 -0700
++++ fetchmail-6.3.4/Makefile.in 2007-01-09 14:57:34.944623746 -0800
+@@ -84,7 +84,8 @@
+ am_libfm_a_OBJECTS = xmalloc.$(OBJEXT) base64.$(OBJEXT) \
+ rfc822.$(OBJEXT) report.$(OBJEXT) rfc2047e.$(OBJEXT) \
+ servport.$(OBJEXT) smbdes.$(OBJEXT) smbencrypt.$(OBJEXT) \
+- smbmd4.$(OBJEXT) smbutil.$(OBJEXT) gethostbyname.$(OBJEXT)
++ smbmd4.$(OBJEXT) smbutil.$(OBJEXT) gethostbyname.$(OBJEXT) \
++ tls.$(OBJEXT)
+ libfm_a_OBJECTS = $(am_libfm_a_OBJECTS)
+ libtrio_a_AR = $(AR) $(ARFLAGS)
+ libtrio_a_LIBADD =
+@@ -362,7 +363,7 @@
+ servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \
+ smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \
+ libesmtp/gethostbyname.h libesmtp/gethostbyname.c \
+- smbtypes.h
++ smbtypes.h tls.c
+
+ libfm_a_LIBADD = $(EXTRAOBJ)
+ libfm_a_DEPENDENCIES = $(EXTRAOBJ)
+@@ -614,6 +615,7 @@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smbutil.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smtp.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transact.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trio.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trionan.Po@am__quote@
+diff -urNad fetchmail-6.3.4~/fetchmail.h fetchmail-6.3.4/fetchmail.h
+--- fetchmail-6.3.4~/fetchmail.h 2006-04-02 03:18:20.000000000 -0700
++++ fetchmail-6.3.4/fetchmail.h 2007-01-09 14:56:09.772303348 -0800
+@@ -748,5 +748,9 @@
+ # define NI_DGRAM 16
+ #endif
+
++/* prototypes from tls.c */
++int maybe_tls(struct query *ctl);
++int must_tls(struct query *ctl);
++
+ #endif
+ /* fetchmail.h ends here */
+diff -urNad fetchmail-6.3.4~/imap.c fetchmail-6.3.4/imap.c
+--- fetchmail-6.3.4~/imap.c 2006-03-15 08:25:22.000000000 -0800
++++ fetchmail-6.3.4/imap.c 2007-01-09 14:56:09.772303348 -0800
+@@ -348,10 +348,11 @@
+ {
+ int ok = 0;
+ #ifdef SSL_ENABLE
+- flag did_stls = FALSE;
+-#endif /* SSL_ENABLE */
+-
++ int got_tls = 0;
++ char *realhost;
++#endif
+ (void)greeting;
++
+ /*
+ * Assumption: expunges are cheap, so we want to do them
+ * after every message unless user said otherwise.
+@@ -374,44 +375,63 @@
+ }
+
+ #ifdef SSL_ENABLE
+- if ((!ctl->sslproto || !strcmp(ctl->sslproto,"tls1"))
+- && !ctl->use_ssl
+- && strstr(capabilities, "STARTTLS"))
+- {
+- char *realhost;
+-
+- realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname;
+- ok = gen_transact(sock, "STARTTLS");
++ realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname;
+
+- /* We use "tls1" instead of ctl->sslproto, as we want STARTTLS,
+- * not other SSL protocols
+- */
+- if (ok == PS_SUCCESS &&
+- SSLOpen(sock,ctl->sslcert,ctl->sslkey,"tls1",ctl->sslcertck, ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1)
+- {
+- if (!ctl->sslproto && !ctl->wehaveauthed)
+- {
+- ctl->sslproto = xstrdup("");
+- /* repoll immediately */
+- return(PS_REPOLL);
+- }
+- report(stderr,
+- GT_("SSL connection failed.\n"));
+- return PS_SOCKET;
+- }
+- did_stls = TRUE;
++ if (maybe_tls(ctl)) {
++ if (strstr(capabilities, "STARTTLS"))
++ {
++ /* Use "tls1" rather than ctl->sslproto because tls1 is the only
++ * protocol that will work with STARTTLS. Don't need to worry
++ * whether TLS is mandatory or opportunistic unless SSLOpen() fails
++ * (see below). */
++ if (gen_transact(sock, "STARTTLS") == PS_SUCCESS
++ && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
++ ctl->sslcertpath, ctl->sslfingerprint, realhost,
++ ctl->server.pollname) != -1)
++ {
++ /*
++ * RFC 2595 says this:
++ *
++ * "Once TLS has been started, the client MUST discard cached
++ * information about server capabilities and SHOULD re-issue the
++ * CAPABILITY command. This is necessary to protect against
++ * man-in-the-middle attacks which alter the capabilities list prior
++ * to STARTTLS. The server MAY advertise different capabilities
++ * after STARTTLS."
++ *
++ * Now that we're confident in our TLS connection we can
++ * guarantee a secure capability re-probe.
++ */
++ got_tls = 1;
++ capa_probe(sock, ctl);
++ if (outlevel >= O_VERBOSE)
++ {
++ report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), realhost);
++ }
++ }
++ }
+
+- /*
+- * RFC 2595 says this:
+- *
+- * "Once TLS has been started, the client MUST discard cached
+- * information about server capabilities and SHOULD re-issue the
+- * CAPABILITY command. This is necessary to protect against
+- * man-in-the-middle attacks which alter the capabilities list prior
+- * to STARTTLS. The server MAY advertise different capabilities
+- * after STARTTLS."
+- */
+- capa_probe(sock, ctl);
++ if (!got_tls) {
++ if (must_tls(ctl)) {
++ /* Config required TLS but we couldn't guarantee it, so we must
++ * stop. */
++ report(stderr, GT_("%s: upgrade to TLS failed.\n"), realhost);
++ return PS_SOCKET;
++ } else {
++ if (outlevel >= O_VERBOSE) {
++ report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue\n"), realhost);
++ }
++ /* We don't know whether the connection is in a working state, so
++ * test by issuing a NOOP. */
++ if (gen_transact(sock, "NOOP") != PS_SUCCESS) {
++ /* Not usable. Empty sslproto to force an unencrypted
++ * connection on the next attempt, and repoll. */
++ ctl->sslproto = xstrdup("");
++ return PS_REPOLL;
++ }
++ /* Usable. Proceed with authenticating insecurely. */
++ }
++ }
+ }
+ #endif /* SSL_ENABLE */
+
+@@ -552,19 +572,11 @@
+
+ snprintf(shroud, sizeof (shroud), "\"%s\"", password);
+ ok = gen_transact(sock, "LOGIN \"%s\" \"%s\"", remotename, password);
++ memset(shroud, 0x55, sizeof(shroud));
+ shroud[0] = '\0';
++ memset(password, 0x55, strlen(password));
+ free(password);
+ free(remotename);
+-#ifdef SSL_ENABLE
+- /* this is for servers which claim to support TLS, but actually
+- * don't! */
+- if (did_stls && ok == PS_SOCKET && !ctl->sslproto && !ctl->wehaveauthed)
+- {
+- ctl->sslproto = xstrdup("");
+- /* repoll immediately */
+- ok = PS_REPOLL;
+- }
+-#endif
+ if (ok)
+ {
+ /* SASL cancellation of authentication */
+diff -urNad fetchmail-6.3.4~/pop2.c fetchmail-6.3.4/pop2.c
+--- fetchmail-6.3.4~/pop2.c 2006-03-14 01:48:01.000000000 -0800
++++ fetchmail-6.3.4/pop2.c 2007-01-09 14:56:09.772303348 -0800
+@@ -60,10 +60,24 @@
+ int status;
+
+ (void)buf;
++
++ if (ctl->sslproto && !strcasecmp(ctl->sslproto, "tls1") && !ctl->use_ssl)
++ {
++ report(stderr, GT_("POP2 does not support STLS. Giving up.\n"));
++ return PS_SOCKET;
++ }
++
++ if (ctl->server.authenticate != A_ANY && ctl->server.authenticate != A_PASSWORD)
++ {
++ report(stderr, GT_("POP2 only supports password authentication. Giving up.\n"));
++ return PS_AUTHFAIL;
++ }
++
+ strlcpy(shroud, ctl->password, sizeof(shroud));
+ status = gen_transact(sock,
+ "HELO %s %s",
+ ctl->remotename, ctl->password);
++ memset(shroud, 0x55, sizeof(shroud));
+ shroud[0] = '\0';
+ return status;
+ }
+diff -urNad fetchmail-6.3.4~/pop3.c fetchmail-6.3.4/pop3.c
+--- fetchmail-6.3.4~/pop3.c 2006-04-03 03:09:31.000000000 -0700
++++ fetchmail-6.3.4/pop3.c 2007-01-09 14:56:09.772303348 -0800
+@@ -41,6 +41,7 @@
+ #endif /* OPIE_ENABLE */
+
+ /* session variables initialized in capa_probe() or pop3_getauth() */
++flag done_capa = FALSE;
+ #if defined(GSSAPI)
+ flag has_gssapi = FALSE;
+ #endif /* defined(GSSAPI) */
+@@ -52,7 +53,7 @@
+ flag has_otp = FALSE;
+ #endif /* OPIE_ENABLE */
+ #ifdef SSL_ENABLE
+-static flag has_ssl = FALSE;
++static flag has_stls = FALSE;
+ #endif /* SSL_ENABLE */
+
+ /* mailbox variables initialized in pop3_getrange() */
+@@ -238,6 +239,9 @@
+ {
+ int ok;
+
++ if (done_capa) {
++ return PS_SUCCESS;
++ }
+ #if defined(GSSAPI)
+ has_gssapi = FALSE;
+ #endif /* defined(GSSAPI) */
+@@ -261,7 +265,7 @@
+ break;
+ #ifdef SSL_ENABLE
+ if (strstr(buffer, "STLS"))
+- has_ssl = TRUE;
++ has_stls = TRUE;
+ #endif /* SSL_ENABLE */
+ #if defined(GSSAPI)
+ if (strstr(buffer, "GSSAPI"))
+@@ -279,6 +283,7 @@
+ has_cram = TRUE;
+ }
+ }
++ done_capa = TRUE;
+ return(ok);
+ }
+
+@@ -302,9 +307,12 @@
+ char *challenge;
+ #endif /* OPIE_ENABLE */
+ #ifdef SSL_ENABLE
+- flag did_stls = FALSE;
++ char *realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname;
++ flag connection_may_have_tls_errors = FALSE;
++ flag got_tls = FALSE;
+ #endif /* SSL_ENABLE */
+
++ done_capa = FALSE;
+ #if defined(GSSAPI)
+ has_gssapi = FALSE;
+ #endif /* defined(GSSAPI) */
+@@ -316,7 +324,7 @@
+ has_otp = FALSE;
+ #endif /* OPIE_ENABLE */
+ #ifdef SSL_ENABLE
+- has_ssl = FALSE;
++ has_stls = FALSE;
+ #endif /* SSL_ENABLE */
+
+ /* Set this up before authentication quits early. */
+@@ -404,25 +412,29 @@
+
+ /*
+ * CAPA command may return a list including available
+- * authentication mechanisms. if it doesn't, no harm done, we
+- * just fall back to a plain login. Note that this code
+- * latches the server's authentication type, so that in daemon mode
+- * the CAPA check only needs to be done once at start of run.
++ * authentication mechanisms and STLS capability.
+ *
+- * If CAPA fails, then force the authentication method to PASSORD
+- * and repoll immediately.
++ * If it doesn't, no harm done, we just fall back to a plain
++ * login -- if the user allows it.
+ *
+- * These authentication methods are blessed by RFC1734,
+- * describing the POP3 AUTHentication command.
++ * Note that this code latches the server's authentication type,
++ * so that in daemon mode the CAPA check only needs to be done
++ * once at start of run.
++ *
++ * If CAPA fails, then force the authentication method to
++ * PASSWORD, switch off opportunistic and repoll immediately.
++ * If TLS is mandatory, fail up front.
+ */
+ if ((ctl->server.authenticate == A_ANY) ||
+- (ctl->server.authenticate == A_GSSAPI) ||
+- (ctl->server.authenticate == A_KERBEROS_V4) ||
+- (ctl->server.authenticate == A_OTP) ||
+- (ctl->server.authenticate == A_CRAM_MD5))
++ (ctl->server.authenticate == A_GSSAPI) ||
++ (ctl->server.authenticate == A_KERBEROS_V4) ||
++ (ctl->server.authenticate == A_KERBEROS_V5) ||
++ (ctl->server.authenticate == A_OTP) ||
++ (ctl->server.authenticate == A_CRAM_MD5) ||
++ maybe_tls(ctl))
+ {
+ if ((ok = capa_probe(sock)) != PS_SUCCESS)
+- /* we are in STAGE_GETAUTH! */
++ /* we are in STAGE_GETAUTH => failure is PS_AUTHFAIL! */
+ if (ok == PS_AUTHFAIL ||
+ /* Some servers directly close the socket. However, if we
+ * have already authenticated before, then a previous CAPA
+@@ -431,52 +443,89 @@
+ */
+ (ok == PS_SOCKET && !ctl->wehaveauthed))
+ {
+- ctl->server.authenticate = A_PASSWORD;
+- /* repoll immediately */
+- ok = PS_REPOLL;
+- break;
++#ifdef SSL_ENABLE
++ if (must_tls(ctl)) {
++ /* fail with mandatory STLS without repoll */
++ report(stderr, GT_("TLS is mandatory for this session, but server refused CAPA command.\n"));
++ report(stderr, GT_("The CAPA command is however necessary for TLS.\n"));
++ return ok;
++ } else {
++ /* defeat opportunistic STLS */
++ xfree(ctl->sslproto);
++ ctl->sslproto = xstrdup("");
++ }
++#endif
++ /* If strong authentication was opportunistic, retry without, else fail. */
++ switch (ctl->server.authenticate) {
++ case A_ANY:
++ ctl->server.authenticate = A_PASSWORD;
++ /* FALLTHROUGH */
++ case A_PASSWORD: /* this should only happen with TLS enabled */
++ return PS_REPOLL;
++ default:
++ return PS_AUTHFAIL;
++ }
+ }
+ }
+
+ #ifdef SSL_ENABLE
+- if (has_ssl
+- && !ctl->use_ssl
+- && (!ctl->sslproto || !strcmp(ctl->sslproto,"tls1")))
+- {
+- char *realhost;
+-
+- realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname;
+- ok = gen_transact(sock, "STLS");
+-
+- /* We use "tls1" instead of ctl->sslproto, as we want STLS,
+- * not other SSL protocols
+- */
+- if (ok == PS_SUCCESS &&
+- SSLOpen(sock,ctl->sslcert,ctl->sslkey,"tls1",ctl->sslcertck, ctl->sslcertpath,ctl->sslfingerprint,realhost,ctl->server.pollname) == -1)
++ if (maybe_tls(ctl)) {
++ if (has_stls)
+ {
+- if (!ctl->sslproto && !ctl->wehaveauthed)
++ /* Use "tls1" rather than ctl->sslproto because tls1 is the only
++ * protocol that will work with STARTTLS. Don't need to worry
++ * whether TLS is mandatory or opportunistic unless SSLOpen() fails
++ * (see below). */
++ if (gen_transact(sock, "STLS") == PS_SUCCESS
++ && SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
++ ctl->sslcertpath, ctl->sslfingerprint, realhost,
++ ctl->server.pollname) != -1)
+ {
+- ctl->sslproto = xstrdup("");
+- /* repoll immediately */
+- return(PS_REPOLL);
++ /*
++ * RFC 2595 says this:
++ *
++ * "Once TLS has been started, the client MUST discard cached
++ * information about server capabilities and SHOULD re-issue the
++ * CAPABILITY command. This is necessary to protect against
++ * man-in-the-middle attacks which alter the capabilities list prior
++ * to STARTTLS. The server MAY advertise different capabilities
++ * after STARTTLS."
++ *
++ * Now that we're confident in our TLS connection we can
++ * guarantee a secure capability re-probe.
++ */
++ got_tls = TRUE;
++ done_capa = FALSE;
++ ok = capa_probe(sock);
++ if (ok != PS_SUCCESS) {
++ return ok;
++ }
++ if (outlevel >= O_VERBOSE)
++ {
++ report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), realhost);
++ }
+ }
+- report(stderr,
+- GT_("SSL connection failed.\n"));
+- return PS_SOCKET;
+- }
+- did_stls = TRUE;
++ }
+
+- /*
+- * RFC 2595 says this:
+- *
+- * "Once TLS has been started, the client MUST discard cached
+- * information about server capabilities and SHOULD re-issue the
+- * CAPABILITY command. This is necessary to protect against
+- * man-in-the-middle attacks which alter the capabilities list prior
+- * to STARTTLS. The server MAY advertise different capabilities
+- * after STARTTLS."
+- */
+- capa_probe(sock);
++ if (!got_tls) {
++ if (must_tls(ctl)) {
++ /* Config required TLS but we couldn't guarantee it, so we must
++ * stop. */
++ report(stderr, GT_("%s: upgrade to TLS failed.\n"), realhost);
++ return PS_SOCKET;
++ } else {
++ /* We don't know whether the connection is usable, and there's
++ * no command we can reasonably issue to test it (NOOP isn't
++ * allowed til post-authentication), so leave it in an unknown
++ * state, mark it as such, and check more carefully if things
++ * go wrong when we try to authenticate. */
++ connection_may_have_tls_errors = TRUE;
++ if (outlevel >= O_VERBOSE)
++ {
++ report(stdout, GT_("%s: opportunistic upgrade to TLS failed, trying to continue.\n"), realhost);
++ }
++ }
++ }
+ }
+ #endif /* SSL_ENABLE */
+
+@@ -561,16 +610,25 @@
+ }
+ #endif /* OPIE_ENABLE */
+
+- strlcpy(shroud, ctl->password, sizeof(shroud));
+- ok = gen_transact(sock, "PASS %s", ctl->password);
++ /* check if we are actually allowed to send the password */
++ if (ctl->server.authenticate == A_ANY
++ || ctl->server.authenticate == A_PASSWORD) {
++ strlcpy(shroud, ctl->password, sizeof(shroud));
++ ok = gen_transact(sock, "PASS %s", ctl->password);
++ } else {
++ report(stderr, GT_("We've run out of allowed authenticators and cannot continue.\n"));
++ ok = PS_AUTHFAIL;
++ }
++ memset(shroud, 0x55, sizeof(shroud));
+ shroud[0] = '\0';
+ #ifdef SSL_ENABLE
+ /* this is for servers which claim to support TLS, but actually
+ * don't! */
+- if (did_stls && ok == PS_SOCKET && !ctl->sslproto && !ctl->wehaveauthed)
++ if (connection_may_have_tls_errors && ok == PS_SOCKET)
+ {
++ xfree(ctl->sslproto);
+ ctl->sslproto = xstrdup("");
+- /* repoll immediately */
++ /* repoll immediately without TLS */
+ ok = PS_REPOLL;
+ }
+ #endif
+@@ -609,8 +667,12 @@
+ break;
+
+ case P_RPOP:
+- if ((ok = gen_transact(sock,"USER %s", ctl->remotename)) == 0)
++ if ((ok = gen_transact(sock,"USER %s", ctl->remotename)) == 0) {
++ strlcpy(shroud, ctl->password, sizeof(shroud));
+ ok = gen_transact(sock, "RPOP %s", ctl->password);
++ memset(shroud, 0x55, sizeof(shroud));
++ shroud[0] = '\0';
++ }
+ break;
+
+ default:
+@@ -1019,8 +1081,9 @@
+ * the same mail will not be downloaded again.
+ */
+ old = save_str(&ctl->oldsaved, id, UID_UNSEEN);
+- old->val.status.num = unum;
+ }
++ /* save the number */
++ old->val.status.num = unum;
+ } else
+ return PS_ERROR;
+ } /* multi-line loop for UIDL reply */
+@@ -1309,8 +1372,8 @@
+ static const struct method pop3 =
+ {
+ "POP3", /* Post Office Protocol v3 */
+- "pop3", /* standard POP3 port */
+- "pop3s", /* ssl POP3 port */
++ "pop3", /* port for plain and TLS POP3 */
++ "pop3s", /* port for SSL POP3 */
+ FALSE, /* this is not a tagged protocol */
+ TRUE, /* this uses a message delimiter */
+ pop3_ok, /* parse command response */
+diff -urNad fetchmail-6.3.4~/tls.c fetchmail-6.3.4/tls.c
+--- fetchmail-6.3.4~/tls.c 1969-12-31 16:00:00.000000000 -0800
++++ fetchmail-6.3.4/tls.c 2007-01-09 14:56:09.772303348 -0800
+@@ -0,0 +1,33 @@
++/** \file tls.c - collect common TLS functionality
++ * \author Matthias Andree
++ * \year 2006
++ */
++
++#include "fetchmail.h"
++
++#ifdef HAVE_STRINGS_H
++#include
++#endif
++
++/** return true if user allowed TLS */
++int maybe_tls(struct query *ctl) {
++#ifdef SSL_ENABLE
++ /* opportunistic or forced TLS */
++ return (!ctl->sslproto || !strcasecmp(ctl->sslproto,"tls1"))
++ && !ctl->use_ssl;
++#else
++ return 0;
++#endif
++}
++
++/** return true if user requires TLS, note though that this code must
++ * always use a logical AND with maybe_tls(). */
++int must_tls(struct query *ctl) {
++#ifdef SSL_ENABLE
++ return maybe_tls(ctl)
++ && (ctl->sslfingerprint || ctl->sslcertck
++ || (ctl->sslproto && !strcasecmp(ctl->sslproto, "tls1")));
++#else
++ return 0;
++#endif
++}
--- fetchmail-6.3.4.orig/debian/patches/00list
+++ fetchmail-6.3.4/debian/patches/00list
@@ -0,0 +1,5 @@
+01.fetchmailconf
+03.fix-ja.po
+04.fix-cleartext-leak.dpatch
+05_CVE-2007-4565.dpatch
+06_CVE-2007-1558.dpatch
--- fetchmail-6.3.4.orig/debian/patches/01.fetchmailconf.dpatch
+++ fetchmail-6.3.4/debian/patches/01.fetchmailconf.dpatch
@@ -0,0 +1,16 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 03.fetchmailconf.dpatch by >
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad trunk~/fetchmailconf.py trunk/fetchmailconf.py
+--- trunk~/fetchmailconf.py 2006-01-08 13:11:51.000000000 +0100
++++ trunk/fetchmailconf.py 2006-01-15 13:35:26.000000000 +0100
+@@ -1,5 +1,3 @@
+-#!/usr/bin/env python
+-#
+ # A GUI configurator for generating fetchmail configuration files.
+ # by Eric S. Raymond, ,
+ # Matthias Andree
--- fetchmail-6.3.4.orig/debian/patches/03.fix-ja.po.dpatch
+++ fetchmail-6.3.4/debian/patches/03.fix-ja.po.dpatch
@@ -0,0 +1,81 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 03.fix-ja.po.dpatch by
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad fetchmail-6.3.4~/po/ja.po fetchmail-6.3.4/po/ja.po
+--- fetchmail-6.3.4~/po/ja.po 2006-04-13 16:54:34.000000000 +0200
++++ fetchmail-6.3.4/po/ja.po 2006-10-23 11:22:10.000000000 +0200
+@@ -162,9 +162,6 @@
+ msgstr[0] ""
+ "最大å–ã‚Šè¾¼ã¿æ•°ã§ã‚ã‚‹ %d 通ã«é”ã—ã¾ã—ãŸ; メッセージ㌠%d 通ã€ã‚µãƒ¼ãƒ %s ã«ã‚¢ã‚«"
+ "ウント %s å®›ã§æ®‹ã•ã‚Œã¦ã„ã¾ã™ã€‚\n"
+-msgstr[1] ""
+-"最大å–ã‚Šè¾¼ã¿æ•°ã§ã‚ã‚‹ %d 通ã«é”ã—ã¾ã—ãŸ; メッセージ㌠%d 通ã€ã‚µãƒ¼ãƒ %s ã«ã‚¢ã‚«"
+-"ウント %s å®›ã§æ®‹ã•ã‚Œã¦ã„ã¾ã™ã€‚\n"
+
+ #: driver.c:885
+ msgid "SIGPIPE thrown from an MDA or a stream socket error\n"
+@@ -407,20 +404,17 @@
+ msgid "%d message (%d %s) for %s"
+ msgid_plural "%d messages (%d %s) for %s"
+ msgstr[0] "%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ (ãã®ã†ã¡ %d 通㯠%s) ãŒ%så®›ã«å±Šã„ã¦ã„ã¾ã™"
+-msgstr[1] "%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ (ãã®ã†ã¡ %d 通㯠%s ) ãŒ%så®›ã«å±Šã„ã¦ã„ã¾ã™"
+
+ #: driver.c:1341
+ msgid "seen"
+ msgid_plural "seen"
+ msgstr[0] "æ—¢ã«èªã¿è¾¼ã‚“ã§ã„ã¾ã™"
+-msgstr[1] "æ—¢ã«èªã¿è¾¼ã‚“ã§ã„ã¾ã™"
+
+ #: driver.c:1344
+ #, c-format
+ msgid "%d message for %s"
+ msgid_plural "%d messages for %s"
+ msgstr[0] "%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒ %s å®›ã«å±Šã„ã¦ã„ã¾ã™"
+-msgstr[1] "%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒ %s å®›ã«å±Šã„ã¦ã„ã¾ã™"
+
+ #: driver.c:1351
+ #, c-format
+@@ -1064,7 +1058,6 @@
+ msgid " Poll of this server will occur every %d interval.\n"
+ msgid_plural " Poll of this server will occur every %d intervals.\n"
+ msgstr[0] " ã“ã®ã‚µãƒ¼ãƒã«å¯¾ã—ã¦ã®ã‚¢ã‚¯ã‚»ã‚¹ã¯ %d ã®é–“éš”ã§è¡Œã‚ã‚Œã¾ã™ã€‚\n"
+-msgstr[1] " ã“ã®ã‚µãƒ¼ãƒã«å¯¾ã—ã¦ã®ã‚¢ã‚¯ã‚»ã‚¹ã¯ %d ã®é–“éš”ã§è¡Œã‚ã‚Œã¾ã™ã€‚\n"
+
+ #: fetchmail.c:1510
+ #, c-format
+@@ -1460,7 +1453,6 @@
+ msgid "%d local name recognized.\n"
+ msgid_plural "%d local names recognized.\n"
+ msgstr[0] "%d 個㮠localname ãŒå˜åœ¨ã—ã¾ã™ã€‚\n"
+-msgstr[1] "%d 個㮠localname ãŒå˜åœ¨ã—ã¾ã™ã€‚\n"
+
+ #: fetchmail.c:1792
+ msgid " DNS lookup for multidrop addresses is enabled.\n"
+@@ -1686,7 +1678,6 @@
+ msgid "%d message waiting after re-poll\n"
+ msgid_plural "%d messages waiting after re-poll\n"
+ msgstr[0] "%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒå†ã‚¢ã‚¯ã‚»ã‚¹ã®å¾Œã«å˜åœ¨ã—ã¾ã™ã€‚\n"
+-msgstr[1] "%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒå†ã‚¢ã‚¯ã‚»ã‚¹ã®å¾Œã«å˜åœ¨ã—ã¾ã™ã€‚\n"
+
+ #: imap.c:731
+ msgid "mailbox selection failed\n"
+@@ -1697,7 +1688,6 @@
+ msgid "%d message waiting after first poll\n"
+ msgid_plural "%d messages waiting after first poll\n"
+ msgstr[0] "最åˆã®ã‚¢ã‚¯ã‚»ã‚¹ã‹ã‚‰ %d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒã‚ã‚Šã¾ã™ã€‚\n"
+-msgstr[1] "最åˆã®ã‚¢ã‚¯ã‚»ã‚¹ã‹ã‚‰ %d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒã‚ã‚Šã¾ã™ã€‚\n"
+
+ #: imap.c:749
+ msgid "expunge failed\n"
+@@ -1708,7 +1698,6 @@
+ msgid "%d message waiting after expunge\n"
+ msgid_plural "%d messages waiting after expunge\n"
+ msgstr[0] "削除ã®å¾Œã€%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ®‹ã£ã¦ã„ã¾ã™ã€‚\n"
+-msgstr[1] "削除ã®å¾Œã€%d 通ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ®‹ã£ã¦ã„ã¾ã™ã€‚\n"
+
+ #: imap.c:795
+ msgid "search for unseen messages failed\n"
--- fetchmail-6.3.4.orig/debian/patches/05_CVE-2007-4565.dpatch
+++ fetchmail-6.3.4/debian/patches/05_CVE-2007-4565.dpatch
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 05_CVE-2007-4565.dpatch by Jamie Strandboge
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix for CVE-2007-4565
+
+@DPATCH@
+
+diff -Nru fetchmail-6.3.4.orig/sink.c fetchmail-6.3.4/sink.c
+--- fetchmail-6.3.4.orig/sink.c 2006-04-04 08:14:37.000000000 -0400
++++ fetchmail-6.3.4/sink.c 2007-09-25 10:02:22.000000000 -0400
+@@ -262,7 +262,7 @@
+ const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@";
+
+ /* don't bounce in reply to undeliverable bounces */
+- if (!msg->return_path[0] ||
++ if (!msg || !msg->return_path[0] ||
+ strcmp(msg->return_path, "<>") == 0 ||
+ strcasecmp(msg->return_path, md1) == 0 ||
+ strncasecmp(msg->return_path, md2, strlen(md2)) == 0)
--- fetchmail-6.3.4.orig/debian/control
+++ fetchmail-6.3.4/debian/control
@@ -0,0 +1,34 @@
+Source: fetchmail
+Section: mail
+Priority: optional
+Maintainer: Fetchmail Maintainers
+Uploaders: Nico Golde , Hector Garcia
+Build-Depends: debhelper (>= 4.1.16), libssl-dev, autotools-dev, dpatch, gettext, python
+Standards-Version: 3.7.0
+
+Package: fetchmail
+Architecture: any
+Depends: ${shlibs:Depends}, debianutils (>= 1.7), adduser (>= 3.34), gettext, lsb-base (>= 1.3-9ubuntu3), sysv-rc (>= 2.86.ds1-14.1ubuntu2)
+Conflicts: popclient, fetchmail-common, logcheck (<< 1.1.1-9), fetchmail-ssl (<= 6.2.5-12)
+Replaces: fetchmail-common, fetchmail-ssl
+Provides: fetchmail-ssl
+Suggests: fetchmailconf, postfix | mail-transport-agent, resolvconf
+Recommends: ca-certificates
+Description: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
+ fetchmail is a free, full-featured, robust, and well-documented remote mail
+ retrieval and forwarding utility intended to be used over on-demand TCP/IP
+ links (such as SLIP or PPP connections). It retrieves mail from remote mail
+ servers and forwards it to your local (client) machine's delivery system, so
+ it can then be read by normal mail user agents such as mutt, elm, pine,
+ (x)emacs/gnus, or mailx. The fetchmailconf package includes an interactive
+ GUI configurator suitable for end-users. Kerberos IV & V, RPA, OPIE and
+ GSSAPI support are available if the package is recompiled.
+ .
+ Homepage: http://www.fetchmail.info
+
+Package: fetchmailconf
+Architecture: all
+Depends: fetchmail (= ${Source-Version}), python (>= 2.1), python-tk
+Description: fetchmail configurator
+ A GUI wrapper to configure fetchmail's .fetchmailrc, suitable for
+ end-users. See fetchmail package for more information.
--- fetchmail-6.3.4.orig/debian/resolvconf
+++ fetchmail-6.3.4/debian/resolvconf
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+while [ "$1" ]; do
+ if [ "$1" = "--nscd" ]; then
+ exit 0
+ fi
+ shift
+done
+
+if [ -x /etc/init.d/fetchmail ]; then
+ /etc/init.d/fetchmail try-restart
+fi
--- fetchmail-6.3.4.orig/debian/fetchmail.postrm
+++ fetchmail-6.3.4/debian/fetchmail.postrm
@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# Postrm script for fetchmail
+# $Id: fetchmail.postrm 237 2005-10-18 15:57:10Z nion $
+#
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" = "purge" ]; then
+ if [ -e /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
+ db_purge
+ fi
+
+ # Remove SysV initscript
+ update-rc.d fetchmail remove >/dev/null || true
+
+ # Remove init.d configuration file
+ if [ -r /etc/default/fetchmail ]; then
+ rm -f /etc/default/fetchmail
+ fi
+ # Remove other cruft
+ rm -f /var/mail/.fetchmail-UIDL-cache >/dev/null 2>&1 || true
+
+ # Remove user fetchmail
+ fetchmailhome=`getent passwd fetchmail | cut -d : -f 6`
+ rm -f "$fetchmailhome/.fetchids" >/dev/null 2>&1 || true
+ rm -f "$fetchmailhome/.fetchmail-UIDL-cache" >/dev/null 2>&1 || true
+ rm -f "$fetchmailhome/.fetchmail.pid" >/dev/null 2>&1 || true
+ userdel fetchmail || true
+ rmdir "$fetchmailhome" >/dev/null 2>&1 || true
+fi
+
+exit 0
+
+# vim:ts=4:sw=4:
--- fetchmail-6.3.4.orig/debian/fetchmail.default
+++ fetchmail-6.3.4/debian/fetchmail.default
@@ -0,0 +1,4 @@
+# This file will be used to declare some vars for fetchmail
+
+# Declare here if we want to start fetchmail. 'yes' or 'no'
+START_DAEMON=no
--- fetchmail-6.3.4.orig/debian/fetchmail.postinst
+++ fetchmail-6.3.4/debian/fetchmail.postinst
@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# Postinst script for fetchmail
+# $Id: fetchmail.postinst 333 2006-03-27 17:20:45Z nion-guest $
+#
+
+set -e
+
+# Create fetchmail user and its homedir if we may need it
+if ! getent passwd fetchmail >/dev/null; then
+ adduser --system --ingroup nogroup --home /var/lib/fetchmail \
+ --shell /bin/sh --disabled-password fetchmail
+fi
+if ! [ -d /var/lib/fetchmail ]; then
+ mkdir -p /var/lib/fetchmail
+fi
+chmod 700 /var/lib/fetchmail
+chown -h -R fetchmail:nogroup /var/lib/fetchmail
+
+# Code to handle the upgrade to use /etc/default/fetchmail
+case "$1" in
+ configure)
+ if dpkg --compare-versions "$2" lt 6.3.1
+ then
+ if [ -e /etc/fetchmailrc ]
+ then
+ if [ `grep -c poll /etc/fetchmailrc` ]
+ then
+ # If /etc/fetchmailrc exits and is defined a pool line
+ # I assume is correctly configured and make the default to
+ # run on boot
+ FILE=`mktemp`
+ cat /etc/default/fetchmail | sed 's/START_DAEMON=no/START_DAEMON=yes/' > $FILE
+ mv $FILE /etc/default/fetchmail
+ fi
+ fi
+ # update home directory for old installations because of #327250
+ usermod -d /var/lib/fetchmail fetchmail
+
+ # Removing old /var/run/fetchmail if empty
+ rm -f "/var/run/fetchmail/.fetchids" >/dev/null 2>&1 || true
+ rm -f "/var/run/fetchmail/.fetchmail-UIDL-cache" >/dev/null 2>&1 || true
+ if [ ! -f "/var/lib/fetchmail/.fetchmail.pid" ]
+ then
+ mv "/var/run/fetchmail/.fetchmail.pid" "/var/lib/fetchmail/.fetchmail.pid" >/dev/null 2>&1 || true
+ fi
+ rmdir "/var/run/fetchmail" >/dev/null 2>&1 || true
+ fi
+ ;;
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+esac
+
+if [ -x /etc/init.d/fetchmail ]; then
+ update-rc.d fetchmail multiuser 99 15 >/dev/null
+
+ if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d --quiet fetchmail start || true
+ else
+ /etc/init.d/fetchmail start || true
+ fi
+fi
+
+# Remove shutdown and reboot links; this init script does not need them.
+if dpkg --compare-versions "$2" lt "6.3.4-1ubuntu2"; then
+ rm -f /etc/rc0.d/K15fetchmail /etc/rc6.d/K15fetchmail
+fi
+
+#DEBHELPER#
+
+exit 0
+
+# vim:ts=4:sw=4:
--- fetchmail-6.3.4.orig/debian/watch
+++ fetchmail-6.3.4/debian/watch
@@ -0,0 +1,2 @@
+version=2
+http://developer.berlios.de/project/showfiles.php?group_id=1824 .*fetchmail-(.*)\.tar\.bz2
--- fetchmail-6.3.4.orig/debian/TODO.Debian
+++ fetchmail-6.3.4/debian/TODO.Debian
@@ -0,0 +1,12 @@
++ Maybe add a suid-to-utterly-unpriviledged-user mode for the
+ benefit of those not using system-wide fetchmails because they
+ don't want root to have their mail passwords.
+* verify .de template, and linelength of all templates
+* verify all the weirdness with the signal handling, and
+ especially concerning SA_RESTART [pending]
+* fix heimdal support in unstable
+
+2. when fetchmail exits with SMTP transaction errors (code 10), fetchmail jumps
+out of the window before updating its .fetchids, thus, previous successful
+transactions are done again the next fetchmail run -> duplicate mail on
+receiver.
--- fetchmail-6.3.4.orig/debian/ip-down
+++ fetchmail-6.3.4/debian/ip-down
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# Default fetchmail ip-down script (/etc/ppp/ip-down.d/fetchmail)
+#
+# Remove the "exit 0" line if you want only want to run fetchmail when the
+# PPP link is up.
+#
+
+exit 0
+
+if [ -x /etc/init.d/fetchmail ]; then
+ if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d --quiet fetchmail stop || true
+ else
+ /etc/init.d/fetchmail stop || true
+ fi
+fi
--- fetchmail-6.3.4.orig/debian/init
+++ fetchmail-6.3.4/debian/init
@@ -0,0 +1,200 @@
+#!/bin/sh
+#
+# Fetchmail init script
+# Latest change: Do Jun 23 16:59:08 CEST 2005
+#
+# A fetchmailrc file containg hosts and passwords for all local users should be
+# placed in /etc/fetchmailrc. Remember to make the /etc/fetchmailrc mode 600
+# to avoid disclosing the users' passwords.
+#
+# This script will NOT start or stop fetchmail if the /etc/fetchmailrc file
+# does not exist.
+#
+
+set -e
+
+if [ ! -e /etc/fetchmailrc ]; then
+ exit 0
+fi
+
+test -f /etc/default/fetchmail || exit 0
+. /etc/default/fetchmail
+if [ ! "x$START_DAEMON" = "xyes" ]; then
+ echo "Edit /etc/default/fetchmail to start fetchmail"
+ exit 0
+fi
+
+# Defaults
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/bin/fetchmail
+USER=fetchmail
+
+CONFFILE=/etc/fetchmailrc
+PIDFILE="/var/run/fetchmail/fetchmail.pid"
+OPTIONS="-f $CONFFILE --pidfile $PIDFILE"
+UIDL=/var/lib/fetchmail/.fetchmail-UIDL-cache
+
+test -f $DAEMON || exit 0
+test -r $CONFFILE || exit 0
+
+. /lib/lsb/init-functions
+
+if [ "$1" = "start" ]; then
+ if [ ! -r $CONFFILE ] ; then
+ echo "$CONFFILE not found."
+ echo "can not start fetchmail daemon... consider disabling the script"
+ exit 0
+ fi
+fi
+
+
+
+# sanity checks (saves on MY sanity :-P )
+if ! id $USER >/dev/null 2>&1; then
+ if [ "$USER" = "fetchmail" ]; then
+ # The fetchmail user might have been removed when the fetchmail-common
+ # package is purged. We have to re-add it here so the system-wide
+ # daemon will run.
+
+ adduser --system --ingroup nogroup --home /var/lib/fetchmail \
+ --shell /bin/sh --disabled-password fetchmail >/dev/null 2>&1 || true
+ # work around possible adduser bug, see #119366
+ [ -d /var/lib/fetchmail ] || mkdir -p /var/lib/fetchmail
+ chmod 700 /var/lib/fetchmail
+ chown -h -R fetchmail:nogroup /var/lib/fetchmail
+ else
+ log_failure_msg "$USER user does not exist!"
+ exit 1
+ fi
+fi
+
+# add daemon option if user hasn't already specified it
+if ! grep -qs '^[[:space:]]*set[[:space:]]\+daemon[[:space:]]' "$CONFFILE"; then
+ OPTIONS="$OPTIONS -d 300"
+fi
+
+# add syslog option unless user specified "set no syslog".
+if ! grep -qs '^[[:space:]]*set[[:space:]]\+no[[:space:]]\+syslog' "$CONFFILE"; then
+ OPTIONS="$OPTIONS --syslog"
+fi
+
+# support for ephemeral /var/run
+if [ "${PIDFILE%/*}" = "/var/run/fetchmail" ] && [ ! -d ${PIDFILE%/*} ]; then
+ mkdir /var/run/fetchmail
+ chown -h $USER:nogroup /var/run/fetchmail
+ chmod 700 /var/run/fetchmail
+fi
+
+# sanity check
+#if [ ! -d ${PIDFILE%/*} ]; then
+# echo "$0: directory ${PIDFILE%/*} does not exist!"
+# exit 1
+#fi
+
+# If the user is going to use a UIDL cache, try to find a better place for the
+# UIDL cache than root's homedir. Also create $UIDL if it doesn't exist,
+# because the daemon won't have the permission.
+if ! grep -qs idfile "$CONFFILE" && [ -d /var/lib/fetchmail ]; then
+ OPTIONS="$OPTIONS -i $UIDL"
+ touch $UIDL
+ chown -h $USER $UIDL
+ chmod 0600 $UIDL
+fi
+
+# Makes sure certain files/directories have the proper owner
+if [ "`stat -c '%U %a' $CONFFILE 2>/dev/null`" != "$USER 600" ]; then
+ chown -h $USER $CONFFILE
+ chmod -f 0600 $CONFFILE
+fi
+
+case "$1" in
+ start)
+ if test -e $PIDFILE ; then
+ pid=`cat $PIDFILE | sed -e 's/\s.*//'`
+ PIDDIR=/proc/$pid
+ if [ -d ${PIDDIR} -a "$(readlink -f ${PIDDIR}/exe)" = "${DAEMON}" ]; then
+ echo "fetchmail already started; not starting."
+ exit 0
+ else
+ echo "Removing stale PID file $PIDFILE."
+ rm -f $PIDFILE
+ fi
+ fi
+ log_begin_msg "Starting mail retrieval agent..."
+ start-stop-daemon -S -o -q -p $PIDFILE -x $DAEMON -u $USER -a /bin/su -- -c "$DAEMON $OPTIONS" $USER
+ log_end_msg $?
+ ;;
+ stop)
+ if ! test -e $PIDFILE ; then
+ echo "Pidfile not found! Is fetchmail running?"
+ exit 0
+ fi
+ log_begin_msg "Stopping mail retrieval agent..."
+ start-stop-daemon -K -o -q -p $PIDFILE -x $DAEMON -u $USER
+ log_end_msg $?
+ ;;
+ force-reload|restart)
+ sh $0 stop
+ sh $0 start
+ ;;
+ try-restart)
+ if start-stop-daemon -S -t -q -p $PIDFILE -x $DAEMON -u $USER >/dev/null; then
+ exit 0
+ fi
+ $0 restart
+ ;;
+ awaken)
+ log_begin_msg "Awakening mail retrieval agent..."
+ if [ -r $PIDFILE ]; then
+ su -c $DAEMON $USER <&- >/dev/null 2>&1
+ log_end_msg 0
+ exit 0
+ else
+ log_end_msg 1
+ exit 1
+ fi
+ ;;
+ debug-run)
+ log_success_msg "Initiating debug run of system-wide fetchmail service..." 1>&2
+ log_success_msg "script will be run in debug mode, all output to forced to" 1>&2
+ log_success_msg "stdout. This is not enough to debug failures that only" 1>&2
+ log_success_msg "happen in daemon mode." 1>&2
+ log_success_msg "You might want to direct output to a file, and tail -f it." 1>&2
+ if [ "$2" = "strace" ]; then
+ log_success_msg "(running debug mode under strace. See strace(1) for options)" 1>&2
+ log_success_msg "WARNING: strace output may contain security-sensitive info, such as" 1>&2
+ log_success_msg "passwords; please clobber them before sending the strace file to a" 1>&2
+ log_success_msg "public bug tracking system, such as Debian's." 1>&2
+ fi
+ log_success_msg "Stopping the service..." 1>&2
+ "$0" stop
+ log_success_msg "exit status of service stop was: $?"
+ log_success_msg "RUNUSER is $USER"
+ log_success_msg "OPTIONS would be $OPTIONS"
+ log_success_msg "Starting service in nodetach mode, hit ^C (SIGINT/intr) to finish run..." 1>&2
+ if [ "$2" = "strace" ] ; then
+ shift
+ shift
+ [ $# -ne 0 ] && log_success_msg "(strace options are: -tt $@)" 1>&2
+ su -c "/usr/bin/strace -tt $@ $DAEMON $OPTIONS --nosyslog --nodetach -v -v" $USER <&- 2>&1 && true
+ else
+ su -c "$DAEMON $OPTIONS --nosyslog --nodetach -v -v" $USER <&- 2>&1
+ fi
+ log_success_msg "End of service run. Exit status was: $?"
+ exit 0
+ ;;
+ *)
+ log_success_msg "Usage: /etc/init.d/fetchmail {start|stop|restart|force-reload|awaken|debug-run}"
+ log_success_msg " start - starts system-wide fetchmail service"
+ log_success_msg " stop - stops system-wide fetchmail service"
+ log_success_msg " restart, force-reload - starts a new system-wide fetchmail service"
+ log_success_msg " awaken - tell system-wide fetchmail to start a poll cycle immediately"
+ log_success_msg " debug-run [strace [strace options...]] - start a debug run of the"
+ log_success_msg " system-wide fetchmail service, optionally running it under strace"
+ exit 1
+ ;;
+esac
+
+exit 0
+
+# vim:ts=4:sw=4: