SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for fetchmail-debuginfo-6.3.11-6.1.x86_64.rpm :
Thu Aug 6 14:00:00 2009 puzelAATTnovell.com
- update to 6.3.11
[#] SECURITY BUGFIXES

* CVE-2009-2666: SSL NUL prefix impersonation attack through NULs in a
part of a X.509 certificate\'s CommonName and subjectAltName fields. These
fields use opaque strings with a separate length field, so that the NUL
character isn\'t a special character inside the certificate. Fetchmail, being
written in the C language, used to treat these strings as C strings
nonetheless, so that the domain comparison would end at the first embedded NUL
character, rather than at the real end of the string.
Fetchmail will now abort certificate verification as failed if NULs are
encountered inside either of these fields regardless of their position, and
drop the connection even if --sslcertck is not used, because NUL is not a
valid character in legitimate DNS names.
See fetchmail-SA-2009-01.txt for details, including a minimal patch.
[#] BUGFIXES

* Remove the spurious message \"message delimiter found while scanning headers\".
RFC-5322 syntax states that the delimiter is part of the body, and the body is
optional.

* Convert all non-printable characters in certificate Subject/Issuer
Common Name or Subject Alternative Name fields to ANSI-C hex escapes (\\xnn,
where nn are hex digits).

Fri Jul 3 14:00:00 2009 puzelAATTnovell.com
- update to 6.3.10 (final version)

Mon Jun 1 14:00:00 2009 puzelAATTsuse.cz
- update to 6.3.10-beta1
[#] INCOMPATIBLE BUGFIXES AND CHANGES:

* Fetchmail no longer drops permanently undelivered messages by default, to
match historic documentation. It does this by adding a new \"softbounce\"
option, see below.

* There is a new \"softbounce\" global option that prevents the deletion of
messages that have not been forwarded. It defaults to \"true\" for fetchmail
6.3.X in order to match historic documentation. This may change its default
in the next major release.

* For other changes, please see the package changelog
- update fetchmail-6.3.8-smtp_errors.patch (partially upstreamed)

Tue Jan 13 13:00:00 2009 puzelAATTsuse.cz
- update to 6.3.9 final
- deleted fetchmail-fix-permissions-doc.patch (fixed upstream)

Mon Jan 12 13:00:00 2009 puzelAATTsuse.cz
- fix spurious messages from fetchmail.init (bnc#464037)

Fri Nov 14 13:00:00 2008 mrueckertAATTsuse.de
- make the kerberos handling based on suse_version instead
of sles_version

Thu Oct 9 14:00:00 2008 puzelAATTsuse.cz
- fix documentation inconsistency (bnc#174287)
- mark /etc/logrotate.d/fetchmail as %config(noreplace)

Wed Oct 1 14:00:00 2008 puzelAATTsuse.cz
- Fix build on SLE9
- do not build with kerberos support on SLE9

Tue Sep 9 14:00:00 2008 kukukAATTsuse.de
- Remove support for dante (deprecated, homepage not reacheable,...)

Thu Sep 4 14:00:00 2008 puzelAATTsuse.cz
- update to 6.3.9rc2
- bugfix release, see package changelog for details
- removed fetchmail-6.3.8-CVE-2007-4565.patch (fixed in upstream)
- removed fetchmail-6.3.8-long_headers_segfault.patch (fixed in upstream)

Fri Aug 22 14:00:00 2008 puzelAATTsuse.cz
- fix build on SLE10
- do not run autoreconf if suse_version < 1010

Thu Jul 24 14:00:00 2008 puzelAATTsuse.cz
- specfile cleanup and rpmlint warning fixes

* removed obsolete \'Provides: pop\'

* added logrotate dependency

* removed unnecessary python dependency

* removed unnecessary \'export CFLAGS=\"$RPM_OPT_FLAGS\"\'
- %configure macro should suffice
- initscript fixes

* obsolete X-UnitedLinux-Should-Start replaced by
Should-Start

* same with Should-Stop

* added $remote-fs dependency

Tue Jul 1 14:00:00 2008 puzelAATTsuse.cz
- updated fetchmail-6.3.8-long_headers_segfault.patch from upstream

Tue Jun 17 14:00:00 2008 puzelAATTsuse.cz
- kerberos (krb5) support enabled [bnc#353817]

Wed May 28 14:00:00 2008 puzelAATTsuse.cz
- fixed broken oneshot option in initscript [bnc#360507]

Thu May 22 14:00:00 2008 puzelAATTsuse.cz
- fixed bnc#354291

* caused segmentation fault when retrieving mail with long To:
headers

Wed Apr 30 14:00:00 2008 pcernyAATTsuse.cz
- added option to specify polling interval to init script

Fri Mar 28 13:00:00 2008 pcernyAATTsuse.cz
- additional fix for bnc#246829
[fetchmail-6.3.8-starttls.patch ->
fetchmail-6.3.8-smtp_errors.patch]

Wed Nov 28 13:00:00 2007 pvAATTsuse.de
- add PreReq pwdutils #327550 - yast2-mail fetchmail error

Thu Sep 27 14:00:00 2007 pcernyAATTsuse.de
- Fix for DoS vulnerability (#308271 CVE-2007-4565)
- Do not remove messages if SMTP insists on TLS (#246829)
[fetchmail-6.3.8-starttls.patch]

Tue Sep 11 14:00:00 2007 roAATTsuse.de
- remove librsaref2-devel from buildrequires (unused)

Fri Aug 31 14:00:00 2007 pcernyAATTsuse.cz
- librsaref2 => librsaref2-devel [#302599]
- removed %suseversion > 800 check (insserv)

Mon Jul 2 14:00:00 2007 lruppAATTsuse.de
- rsaref => librsaref2

Thu Apr 19 14:00:00 2007 sbrabecAATTsuse.cz
- Updated to version 6.3.8:

* Make the APOP challenge parser more distrustful and have it
reject challenges that do not conform to RFC-822 msg-id format
(CVE-2007-1558).

* Repoll immediately if a protocol error happens during the
authentication attempt after a failed opportunistic TLS upgrade
(#262450).

* Do not crash with a null pointer dereference when opening the
BSMTP file fails.

* Make BSMTP output actually work.

* Add delete-later and delete-later.README.

* Fix KPOP.

* Fix repoll when server disconnects after opportunistic TLS
failed for POP3.

* Documentation and string fixes.

Fri Mar 30 14:00:00 2007 roAATTsuse.de
- added pwdutils to buildreq

Tue Feb 6 13:00:00 2007 sbrabecAATTsuse.cz
- Repair repoll after opportunistic TLS failed (#223507#c27,
Berlios#10133).
- Use upstream fix of KPOP regression (#223507#c26).

Thu Jan 25 13:00:00 2007 sbrabecAATTsuse.cz
- Fixed regression in KPOP support (#223507#c8).
http://lists.berlios.de/pipermail/fetchmail-devel/2007-January/000857.html

Wed Jan 24 13:00:00 2007 sbrabecAATTsuse.cz
- Updated to version 6.3.6 (#223507):

* Password disclosure vulnerability fixed (CVE-2006-5867).

* Repairs a regression in 6.3.5 that crashes fetchmail when a
message with invalid headers is found while fetchmail\'s mda
option is in use (CVE-2006-5974).

* Repair --logfile, broken in 6.3.5.

* Repair --user, broken in 6.3.5.

* RPOP: used to log the password locally rather than an asterisk
as the other protocols do.

* POP3: Probes capabilities now when Kerberos V5 is enabled, so
that we can actually detect if the server supports it.

* DNS: Detect /etc/resolv.conf changes

* When HOME and FETCHMAILHOME are unset, be sure to copy user
database information.
- Spec file cleanup.

Wed Oct 25 14:00:00 2006 sbrabecAATTsuse.cz
- Fixed problems caused by calling daemon as non-root (#207305).

Mon Oct 23 14:00:00 2006 sbrabecAATTsuse.cz
- Updated to version 6.3.5:

* Bug fixes.

* Translation updates.

* Logging behavior changes.

* fetchmail now supports fooAATTexample.org=bar user mappings for
multidrop boxes.

* Bouncing improvements.

* Improved IMAP and SDPS behavior.

* See NEWS for deprecated features and major incompatible change
advance warnings.

Sat Oct 21 14:00:00 2006 schwabAATTsuse.de
- Run automake.


  
ICM