./mail/fetchmail [mail retrieval utility for POP2, POP3, KPOP, IMAP and more]
[+] Add this package to your ports tracker

[ CVSweb ] [ Homepage ] [ RSS feed ]

Version: 6.3.26, Package name: fetchmail-6.3.26
Maintained by: The OpenBSD ports mailing-list
Master sites:
Description
fetchmail is a free, full-featured, robust, well-documented remote
mail retrieval and forwarding utility intended to be used over
on-demand TCP/IP links (such as SLIP or PPP connections). It
retrieves mail from remote mail servers and forwards it to your local
(client) machine's delivery system, so it can then be read by
normal mail user agents such as elm(1) or Mail(1).

fetchmail supports standard all mail-retrieval protocols in use on the
Internet: POP2, POP3 (including POP3 with RFC1938 one-time passwords),
RPOP, APOP, KPOP, Compuserve's POP3 with RPA, Microsoft's NTLM, Demon
Internet's SDPS, all flavors of IMAP (including IMAP4rev1 with CRAM-MD5
authentication), and ESMTP ETRN. Fetchmail also supports end-to-end
encryption with OpenSSL.


Filesize: 1253.727 KB
Version History (View Complete History)
  • (2014-06-25) Updated to version: fetchmail-6.3.26
  • (2013-01-14) Updated to version: fetchmail-6.3.24
  • (2011-08-23) Updated to version: fetchmail-6.3.21
  • (2011-06-06) Updated to version: fetchmail-6.3.20
  • (2010-06-09) Updated to version: fetchmail-6.3.17p0
  • (2010-05-19) Updated to version: fetchmail-6.3.17
  • (2010-04-01) Updated to version: fetchmail-6.3.15
  • (2010-03-22) Updated to version: fetchmail-6.3.14
  • (2009-11-03) Updated to version: fetchmail-6.3.13
  • (2009-10-12) Updated to version: fetchmail-6.3.12
[show/hide] View available PLISTS (Can be a lot of data)

CVS Commit History:

   2017-08-10 22:18:19 by Alexander Bluhm | Files touched by this commit (2)
Log message:
Do not overrun plugin string when copying it.  Prevents sporadic
segmentation fault in fetchmail.  Fix reported to upstream.
OK jca@
   2017-08-10 22:18:19 by Alexander Bluhm | Files touched by this commit (2)
Log message:
Do not overrun plugin string when copying it.  Prevents sporadic
segmentation fault in fetchmail.  Fix reported to upstream.
OK jca@
   2015-11-02 04:56:55 by Marc Espie | Files touched by this commit (27)
Log message:
a few minor pkg_subst fixes, for the coming patch (disallow -c without -m
outside of WRKDIR)
   2015-10-08 15:19:23 by Stuart Henderson | Files touched by this commit (33)
Log message:
Bump some ports which reference if_msghdr in their source, so that package
updates are triggered. This is following the struct if_data ABI change a few
days ago; if_msghdr has an embedded if_data.  Some may be unnecessary, but
some are definitely needed and bumps are cheaper than debugging.
Problem reported with wpa_supplicant by Mikolaj Kucharski.
   2015-08-25 11:44:09 by Jeremie Courreges-Anglas | Files touched by this commit (3)
Log message:
Fixed upstream.
   2015-08-25 11:44:09 by Jeremie Courreges-Anglas | Files touched by this commit (3)
Log message:
Fixed upstream.
   2015-08-25 11:44:09 by Jeremie Courreges-Anglas | Files touched by this commit (3)
Log message:
Fixed upstream.
   2015-07-17 22:51:29 by Stuart Henderson | Files touched by this commit (5)
Log message:
cope if SSLv3 is disabled
   2015-07-17 22:51:29 by Stuart Henderson | Files touched by this commit (5)
Log message:
cope if SSLv3 is disabled
   2015-07-17 22:51:29 by Stuart Henderson | Files touched by this commit (5)
Log message:
cope if SSLv3 is disabled
   2015-07-17 22:51:29 by Stuart Henderson | Files touched by this commit (5)
Log message:
cope if SSLv3 is disabled
   2015-05-25 01:54:28 by Jasper Lievisse Adriaanse | Files touched by this commit (29)
Log message:
remove a whole bunch more @rm -f cases
   2011-06-06 07:57:07 by Stuart Henderson | Files touched by this commit (5)
Log message:
update fetchmail to 6.3.20, tested by jasper@, lots of fixes including:
* CVE-2011-1947
- use timeouts for IMAP STARTTLS/POP3 STLS negotiation which could cause
fetchmail freezes if a server was hanging.
* security improvements to defang X.509 certificate abuse
- require wildcard CN/subject alternative names to start with "*." not just "*"
- don't allow wildcards to match domain literals (such as 10.9.8.7) or
wildcards in domain literals ("*.168.23.23").
- don't allow wildcarding top-level domains.
   2011-06-06 07:57:07 by Stuart Henderson | Files touched by this commit (5)
Log message:
update fetchmail to 6.3.20, tested by jasper@, lots of fixes including:
* CVE-2011-1947
- use timeouts for IMAP STARTTLS/POP3 STLS negotiation which could cause
fetchmail freezes if a server was hanging.
* security improvements to defang X.509 certificate abuse
- require wildcard CN/subject alternative names to start with "*." not just "*"
- don't allow wildcards to match domain literals (such as 10.9.8.7) or
wildcards in domain literals ("*.168.23.23").
- don't allow wildcarding top-level domains.
   2011-06-06 07:57:07 by Stuart Henderson | Files touched by this commit (5)
Log message:
update fetchmail to 6.3.20, tested by jasper@, lots of fixes including:
* CVE-2011-1947
- use timeouts for IMAP STARTTLS/POP3 STLS negotiation which could cause
fetchmail freezes if a server was hanging.
* security improvements to defang X.509 certificate abuse
- require wildcard CN/subject alternative names to start with "*." not just "*"
- don't allow wildcards to match domain literals (such as 10.9.8.7) or
wildcards in domain literals ("*.168.23.23").
- don't allow wildcarding top-level domains.
   2011-06-06 07:57:07 by Stuart Henderson | Files touched by this commit (5)
Log message:
update fetchmail to 6.3.20, tested by jasper@, lots of fixes including:
* CVE-2011-1947
- use timeouts for IMAP STARTTLS/POP3 STLS negotiation which could cause
fetchmail freezes if a server was hanging.
* security improvements to defang X.509 certificate abuse
- require wildcard CN/subject alternative names to start with "*." not just "*"
- don't allow wildcards to match domain literals (such as 10.9.8.7) or
wildcards in domain literals ("*.168.23.23").
- don't allow wildcarding top-level domains.
   2011-06-06 07:57:07 by Stuart Henderson | Files touched by this commit (5)
Log message:
update fetchmail to 6.3.20, tested by jasper@, lots of fixes including:
* CVE-2011-1947
- use timeouts for IMAP STARTTLS/POP3 STLS negotiation which could cause
fetchmail freezes if a server was hanging.
* security improvements to defang X.509 certificate abuse
- require wildcard CN/subject alternative names to start with "*." not just "*"
- don't allow wildcards to match domain literals (such as 10.9.8.7) or
wildcards in domain literals ("*.168.23.23").
- don't allow wildcarding top-level domains.
   2010-11-19 00:23:15 by Marc Espie | Files touched by this commit (332)
Log message:
new depends
   2010-10-18 15:50:39 by Stuart Henderson | Files touched by this commit (48)
Log message:
fix tabs
   2010-10-18 13:59:20 by Marc Espie | Files touched by this commit (135)
Log message:
USE_GROFF=Yes
   2010-06-10 19:36:23 by William Yodlowsky | Files touched by this commit (2)
Log message:
SECURITY FIX
Resolves fetchmail-SA-2010-01
patch from upstream
   2010-06-10 19:36:23 by William Yodlowsky | Files touched by this commit (2)
Log message:
SECURITY FIX
Resolves fetchmail-SA-2010-01
patch from upstream
   2010-06-09 02:34:59 by Stefan Sperling | Files touched by this commit (2)
Log message:
Add patch from upstream to fix bogus ssl check warning when the
sslfingerprint option is used.
hints and ok sthen@
   2010-06-09 02:34:59 by Stefan Sperling | Files touched by this commit (2)
Log message:
Add patch from upstream to fix bogus ssl check warning when the
sslfingerprint option is used.
hints and ok sthen@
   2010-05-19 09:27:18 by Giovanni Bechis | Files touched by this commit (4)
Log message:
Update to 6.3.17
ok kili@
   2010-05-19 09:27:18 by Giovanni Bechis | Files touched by this commit (4)
Log message:
Update to 6.3.17
ok kili@
   2010-05-19 09:27:18 by Giovanni Bechis | Files touched by this commit (4)
Log message:
Update to 6.3.17
ok kili@
   2010-05-19 09:27:18 by Giovanni Bechis | Files touched by this commit (4)
Log message:
Update to 6.3.17
ok kili@
   2010-03-31 13:12:06 by Jasper Lievisse Adriaanse | Files touched by this commit (4)
Log message:
- update fetchmail to 6.3.15
from charles smith, thanks.
   2010-03-31 13:12:06 by Jasper Lievisse Adriaanse | Files touched by this commit (4)
Log message:
- update fetchmail to 6.3.15
from charles smith, thanks.
   2010-03-31 13:12:06 by Jasper Lievisse Adriaanse | Files touched by this commit (4)
Log message:
- update fetchmail to 6.3.15
from charles smith, thanks.
   2010-03-31 13:12:06 by Jasper Lievisse Adriaanse | Files touched by this commit (4)
Log message:
- update fetchmail to 6.3.15
from charles smith, thanks.
   2010-03-21 19:28:40 by Stuart Henderson | Files touched by this commit (4)
Log message:
security update to 6.3.14, heap overflow in verbose mode SSL cert display
on signed char arch. http://www.fetchmail.info/fetchmail-SA-2010-01.txt
"This might be exploitable to inject code if
- - fetchmail is run in verbose mode
AND
- - the host running fetchmail considers char signed
AND
- - the server uses malicious certificates with non-printing characters
that have the high bit set
AND
- - these certificates manage to inject shell-code that consists purely of
printable characters.
It is believed to be difficult to achieve all this."
   2010-03-21 19:28:40 by Stuart Henderson | Files touched by this commit (4)
Log message:
security update to 6.3.14, heap overflow in verbose mode SSL cert display
on signed char arch. http://www.fetchmail.info/fetchmail-SA-2010-01.txt
"This might be exploitable to inject code if
- - fetchmail is run in verbose mode
AND
- - the host running fetchmail considers char signed
AND
- - the server uses malicious certificates with non-printing characters
that have the high bit set
AND
- - these certificates manage to inject shell-code that consists purely of
printable characters.
It is believed to be difficult to achieve all this."
   2010-03-21 19:28:40 by Stuart Henderson | Files touched by this commit (4)
Log message:
security update to 6.3.14, heap overflow in verbose mode SSL cert display
on signed char arch. http://www.fetchmail.info/fetchmail-SA-2010-01.txt
"This might be exploitable to inject code if
- - fetchmail is run in verbose mode
AND
- - the host running fetchmail considers char signed
AND
- - the server uses malicious certificates with non-printing characters
that have the high bit set
AND
- - these certificates manage to inject shell-code that consists purely of
printable characters.
It is believed to be difficult to achieve all this."
   2010-03-21 19:28:40 by Stuart Henderson | Files touched by this commit (4)
Log message:
security update to 6.3.14, heap overflow in verbose mode SSL cert display
on signed char arch. http://www.fetchmail.info/fetchmail-SA-2010-01.txt
"This might be exploitable to inject code if
- - fetchmail is run in verbose mode
AND
- - the host running fetchmail considers char signed
AND
- - the server uses malicious certificates with non-printing characters
that have the high bit set
AND
- - these certificates manage to inject shell-code that consists purely of
printable characters.
It is believed to be difficult to achieve all this."
   2009-11-02 12:47:49 by Stuart Henderson | Files touched by this commit (3)
Log message:
update to 6.3.13, fixing a regression introduced in 6.3.12. ok jasper@
   2009-11-02 12:47:49 by Stuart Henderson | Files touched by this commit (3)
Log message:
update to 6.3.13, fixing a regression introduced in 6.3.12. ok jasper@
   2009-11-02 12:47:49 by Stuart Henderson | Files touched by this commit (3)
Log message:
update to 6.3.13, fixing a regression introduced in 6.3.12. ok jasper@
   2009-10-24 21:51:32 by William Yodlowsky | Files touched by this commit (2)
Log message:
SECURITY FIX
Resolves CVE-2009-2666:
Detect malicious certificates that use a null byte injection in the
Common Name or subjectAltName (CVE-2009-2666).
patch from debian
   2009-10-24 21:51:32 by William Yodlowsky | Files touched by this commit (2)
Log message:
SECURITY FIX
Resolves CVE-2009-2666:
Detect malicious certificates that use a null byte injection in the
Common Name or subjectAltName (CVE-2009-2666).
patch from debian
   2009-10-16 17:36:52 by William Yodlowsky | Files touched by this commit (2)
Log message:
SECURITY FIX
Resolves CVE-2009-2666:
Detect malicious certificates that use a null byte injection in the
Common Name or subjectAltName (CVE-2009-2666).
patch from debian
ok jasper@
   2009-10-16 17:36:52 by William Yodlowsky | Files touched by this commit (2)
Log message:
SECURITY FIX
Resolves CVE-2009-2666:
Detect malicious certificates that use a null byte injection in the
Common Name or subjectAltName (CVE-2009-2666).
patch from debian
ok jasper@
   2009-10-11 14:52:17 by Stuart Henderson | Files touched by this commit (6)
Log message:
SECURITY update to 6.3.12, fixes CVE-2009-2666 (bad handling of nulls
in SSL domain names).  ok jasper@
   2009-10-11 14:52:17 by Stuart Henderson | Files touched by this commit (6)
Log message:
SECURITY update to 6.3.12, fixes CVE-2009-2666 (bad handling of nulls
in SSL domain names).  ok jasper@
   2009-10-11 14:52:17 by Stuart Henderson | Files touched by this commit (6)
Log message:
SECURITY update to 6.3.12, fixes CVE-2009-2666 (bad handling of nulls
in SSL domain names).  ok jasper@
   2009-10-11 14:52:17 by Stuart Henderson | Files touched by this commit (6)
Log message:
SECURITY update to 6.3.12, fixes CVE-2009-2666 (bad handling of nulls
in SSL domain names).  ok jasper@
   2009-10-11 14:52:17 by Stuart Henderson | Files touched by this commit (6)
Log message:
SECURITY update to 6.3.12, fixes CVE-2009-2666 (bad handling of nulls
in SSL domain names).  ok jasper@
   2009-10-11 14:52:17 by Stuart Henderson | Files touched by this commit (6)
Log message:
SECURITY update to 6.3.12, fixes CVE-2009-2666 (bad handling of nulls
in SSL domain names).  ok jasper@
   2009-02-17 05:08:44 by Jasper Lievisse Adriaanse | Files touched by this commit (8)
Log message:
- update fetchmail to 6.3.9
ok sthen@
   2009-02-17 05:08:44 by Jasper Lievisse Adriaanse | Files touched by this commit (8)
Log message:
- update fetchmail to 6.3.9
ok sthen@
   2009-02-17 05:08:44 by Jasper Lievisse Adriaanse | Files touched by this commit (8)
Log message:
- update fetchmail to 6.3.9
ok sthen@
   2009-02-17 05:08:44 by Jasper Lievisse Adriaanse | Files touched by this commit (8)
Log message:
- update fetchmail to 6.3.9
ok sthen@
   2009-02-17 05:08:44 by Jasper Lievisse Adriaanse | Files touched by this commit (8)
Log message:
- update fetchmail to 6.3.9
ok sthen@
   2009-02-17 05:08:44 by Jasper Lievisse Adriaanse | Files touched by this commit (8)
Log message:
- update fetchmail to 6.3.9
ok sthen@
   2009-02-17 05:08:44 by Jasper Lievisse Adriaanse | Files touched by this commit (8)
Log message:
- update fetchmail to 6.3.9
ok sthen@
   2009-02-17 05:08:44 by Jasper Lievisse Adriaanse | Files touched by this commit (8)
Log message:
- update fetchmail to 6.3.9
ok sthen@
   2009-02-02 04:42:13 by Bernd Ahlers | Files touched by this commit (3)
Log message:
Fix stunnel usage with TLS1 encryption.
From https://lists.berlios.de/pipermail/fetchmail-users/2007-December/001396.html
via Dieter Rauschenberger. Thank you!
Regen PLIST and drop maintainership. I don't use it anymore.
   2009-02-02 04:42:13 by Bernd Ahlers | Files touched by this commit (3)
Log message:
Fix stunnel usage with TLS1 encryption.
From https://lists.berlios.de/pipermail/fetchmail-users/2007-December/001396.html
via Dieter Rauschenberger. Thank you!
Regen PLIST and drop maintainership. I don't use it anymore.
   2009-02-02 04:42:13 by Bernd Ahlers | Files touched by this commit (3)
Log message:
Fix stunnel usage with TLS1 encryption.
From https://lists.berlios.de/pipermail/fetchmail-users/2007-December/001396.html
via Dieter Rauschenberger. Thank you!
Regen PLIST and drop maintainership. I don't use it anymore.
   2008-10-30 09:33:59 by Bernd Ahlers | Files touched by this commit (2)
Log message:
Remove the pre-generated yacc files so they will be re-build.
This fixes a problem with gcc2. Also fix a format string.
From miod@, thanks!
   2008-10-30 09:33:59 by Bernd Ahlers | Files touched by this commit (2)
Log message:
Remove the pre-generated yacc files so they will be re-build.
This fixes a problem with gcc2. Also fix a format string.
From miod@, thanks!
   2008-08-19 16:41:24 by Jasper Lievisse Adriaanse | Files touched by this commit (2)
Log message:
SECURITY FIX for http://secunia.com/advisories/30742/
(Fetchmail Large Header Processing Denial of Service)
Patch was taken from upstream advisory.
http://www.fetchmail.info/fetchmail-SA-2008-01.txt
ok bernd@ (MAINTAINER)
   2008-08-19 16:41:24 by Jasper Lievisse Adriaanse | Files touched by this commit (2)
Log message:
SECURITY FIX for http://secunia.com/advisories/30742/
(Fetchmail Large Header Processing Denial of Service)
Patch was taken from upstream advisory.
http://www.fetchmail.info/fetchmail-SA-2008-01.txt
ok bernd@ (MAINTAINER)
   2007-09-15 18:17:07 by Michael Erdely | Files touched by this commit (124)
Log message:
Remove surrounding quotes in COMMENT*/PERMIT_*
   2007-09-04 00:11:47 by Antoine Jacoutot | Files touched by this commit (2)
Log message:
MFC (original commit rui@):
roll in a distribution patch which fixes CVE-2007-4565
Reference: http://securitytracker.com/alerts/2007/Aug/1018627.html
ok sturm@
   2007-09-04 00:11:47 by Antoine Jacoutot | Files touched by this commit (2)
Log message:
MFC (original commit rui@):
roll in a distribution patch which fixes CVE-2007-4565
Reference: http://securitytracker.com/alerts/2007/Aug/1018627.html
ok sturm@
   2007-09-04 00:11:20 by Antoine Jacoutot | Files touched by this commit (2)
Log message:
MFC (original commit rui@):
roll in a distribution patch which fixes CVE-2007-4565
Reference: http://securitytracker.com/alerts/2007/Aug/1018627.html
ok sturm@
   2007-09-04 00:11:20 by Antoine Jacoutot | Files touched by this commit (2)
Log message:
MFC (original commit rui@):
roll in a distribution patch which fixes CVE-2007-4565
Reference: http://securitytracker.com/alerts/2007/Aug/1018627.html
ok sturm@
   2007-08-31 08:20:46 by Rui Reis | Files touched by this commit (2)
Log message:
SECURITY: roll in a distribution patch which fixes CVE-2007-4565
Reference: http://securitytracker.com/alerts/2007/Aug/1018627.html
ok bernd@
   2007-08-31 08:20:46 by Rui Reis | Files touched by this commit (2)
Log message:
SECURITY: roll in a distribution patch which fixes CVE-2007-4565
Reference: http://securitytracker.com/alerts/2007/Aug/1018627.html
ok bernd@
   2007-05-01 10:31:36 by Nikolay Sturm | Files touched by this commit (2)
Log message:
MFC:
Security update to fetchmail-6.3.8. (CVE-2007-1558)
Make the APOP challenge parser more distrustful and have it reject challenges
that do not conform to RFC-822 msg-id format, in the hope to make mounting
man-in-the-middle attacks (MITM) against APOP a bit more difficult.
Detailed information:
http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt


   2007-04-19 07:55:35 by Nikolay Sturm | Files touched by this commit (2)
Log message:
MFC:
Security update to fetchmail-6.3.8. (CVE-2007-1558)
Make the APOP challenge parser more distrustful and have it reject challenges
that do not conform to RFC-822 msg-id format, in the hope to make mounting
man-in-the-middle attacks (MITM) against APOP a bit more difficult.
Detailed information:
http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt


   2007-04-19 06:38:08 by Nikolay Sturm | Files touched by this commit (2)
Log message:
MFC:
Security update to fetchmail-6.3.8. (CVE-2007-1558)
Make the APOP challenge parser more distrustful and have it reject challenges
that do not conform to RFC-822 msg-id format, in the hope to make mounting
man-in-the-middle attacks (MITM) against APOP a bit more difficult.
Detailed information:
http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt


   2007-04-13 07:22:25 by Bernd Ahlers | Files touched by this commit (4)
Log message:
Security update to fetchmail-6.3.8. (CVE-2007-1558)
Make the APOP challenge parser more distrustful and have it reject challenges
that do not conform to RFC-822 msg-id format, in the hope to make mounting
man-in-the-middle attacks (MITM) against APOP a bit more difficult.
Detailed information:
http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt


   2007-04-13 07:22:25 by Bernd Ahlers | Files touched by this commit (4)
Log message:
Security update to fetchmail-6.3.8. (CVE-2007-1558)
Make the APOP challenge parser more distrustful and have it reject challenges
that do not conform to RFC-822 msg-id format, in the hope to make mounting
man-in-the-middle attacks (MITM) against APOP a bit more difficult.
Detailed information:
http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt


   2007-04-13 07:22:25 by Bernd Ahlers | Files touched by this commit (4)
Log message:
Security update to fetchmail-6.3.8. (CVE-2007-1558)
Make the APOP challenge parser more distrustful and have it reject challenges
that do not conform to RFC-822 msg-id format, in the hope to make mounting
man-in-the-middle attacks (MITM) against APOP a bit more difficult.
Detailed information:
http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt


   2007-04-13 07:22:25 by Bernd Ahlers | Files touched by this commit (4)
Log message:
Security update to fetchmail-6.3.8. (CVE-2007-1558)
Make the APOP challenge parser more distrustful and have it reject challenges
that do not conform to RFC-822 msg-id format, in the hope to make mounting
man-in-the-middle attacks (MITM) against APOP a bit more difficult.
Detailed information:
http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt


   2007-04-05 10:20:19 by Marc Espie | Files touched by this commit (912)
Log message:
base64 checksums.


   2007-01-10 12:46:20 by Nikolay Sturm | Files touched by this commit (3)
Log message:
MFC:
Security update to fetchmail-6.3.6:
A password disclosure vulnerability (CVE-2006-5867, fetchmail's using unsafe
logins or omitting TLS) and a denial of service vulnerability (CVE-2006-5974,
fetchmail crashes, dereferencing the null page, when rejecting a message sent
to an MDA).
Fetchmail 6.3.6 also fixes several regressions and long-standing bugs.
Details:
https://lists.berlios.de/pipermail/fetchmail-announce/2007-January/000042.html
   2007-01-10 12:00:26 by Nikolay Sturm | Files touched by this commit (3)
Log message:
MFC:
Security update to fetchmail-6.3.6:
A password disclosure vulnerability (CVE-2006-5867, fetchmail's using unsafe
logins or omitting TLS) and a denial of service vulnerability (CVE-2006-5974,
fetchmail crashes, dereferencing the null page, when rejecting a message sent
to an MDA).
Fetchmail 6.3.6 also fixes several regressions and long-standing bugs.
Details:
https://lists.berlios.de/pipermail/fetchmail-announce/2007-January/000042.html
   2007-01-09 03:35:42 by Bernd Ahlers | Files touched by this commit (5)
Log message:
Security update to fetchmail-6.3.6:
A password disclosure vulnerability (CVE-2006-5867, fetchmail's using unsafe
logins or omitting TLS) and a denial of service vulnerability (CVE-2006-5974,
fetchmail crashes, dereferencing the null page, when rejecting a message sent
to an MDA).
Fetchmail 6.3.6 also fixes several regressions and long-standing bugs.
Details:
https://lists.berlios.de/pipermail/fetchmail-announce/2007-January/000042.html
tests & ok jasper@, simon@
   2007-01-09 03:35:42 by Bernd Ahlers | Files touched by this commit (5)
Log message:
Security update to fetchmail-6.3.6:
A password disclosure vulnerability (CVE-2006-5867, fetchmail's using unsafe
logins or omitting TLS) and a denial of service vulnerability (CVE-2006-5974,
fetchmail crashes, dereferencing the null page, when rejecting a message sent
to an MDA).
Fetchmail 6.3.6 also fixes several regressions and long-standing bugs.
Details:
https://lists.berlios.de/pipermail/fetchmail-announce/2007-January/000042.html
tests & ok jasper@, simon@
   2007-01-09 03:35:42 by Bernd Ahlers | Files touched by this commit (5)
Log message:
Security update to fetchmail-6.3.6:
A password disclosure vulnerability (CVE-2006-5867, fetchmail's using unsafe
logins or omitting TLS) and a denial of service vulnerability (CVE-2006-5974,
fetchmail crashes, dereferencing the null page, when rejecting a message sent
to an MDA).
Fetchmail 6.3.6 also fixes several regressions and long-standing bugs.
Details:
https://lists.berlios.de/pipermail/fetchmail-announce/2007-January/000042.html
tests & ok jasper@, simon@
   2007-01-09 03:35:42 by Bernd Ahlers | Files touched by this commit (5)
Log message:
Security update to fetchmail-6.3.6:
A password disclosure vulnerability (CVE-2006-5867, fetchmail's using unsafe
logins or omitting TLS) and a denial of service vulnerability (CVE-2006-5974,
fetchmail crashes, dereferencing the null page, when rejecting a message sent
to an MDA).
Fetchmail 6.3.6 also fixes several regressions and long-standing bugs.
Details:
https://lists.berlios.de/pipermail/fetchmail-announce/2007-January/000042.html
tests & ok jasper@, simon@
   2007-01-09 03:35:42 by Bernd Ahlers | Files touched by this commit (5)
Log message:
Security update to fetchmail-6.3.6:
A password disclosure vulnerability (CVE-2006-5867, fetchmail's using unsafe
logins or omitting TLS) and a denial of service vulnerability (CVE-2006-5974,
fetchmail crashes, dereferencing the null page, when rejecting a message sent
to an MDA).
Fetchmail 6.3.6 also fixes several regressions and long-standing bugs.
Details:
https://lists.berlios.de/pipermail/fetchmail-announce/2007-January/000042.html
tests & ok jasper@, simon@
   2006-08-01 12:38:23 by Aleksander Piotrowski | Files touched by this commit (11)
Log message:
Use MASTER_SITE_BERLIOS


   2006-04-21 03:22:00 by Bernd Ahlers | Files touched by this commit (5)
Log message:
Update to fetchmail-6.3.4.


   2006-04-21 03:22:00 by Bernd Ahlers | Files touched by this commit (5)
Log message:
Update to fetchmail-6.3.4.


   2006-04-21 03:22:00 by Bernd Ahlers | Files touched by this commit (5)
Log message:
Update to fetchmail-6.3.4.


   2006-04-21 03:22:00 by Bernd Ahlers | Files touched by this commit (5)
Log message:
Update to fetchmail-6.3.4.


   2006-04-21 03:22:00 by Bernd Ahlers | Files touched by this commit (5)
Log message:
Update to fetchmail-6.3.4.


   2006-04-01 04:57:44 by Bernd Ahlers | Files touched by this commit (4)
Log message:
Update to fetchmail-6.3.3.


   2006-04-01 04:57:44 by Bernd Ahlers | Files touched by this commit (4)
Log message:
Update to fetchmail-6.3.3.


   2006-04-01 04:57:44 by Bernd Ahlers | Files touched by this commit (4)
Log message:
Update to fetchmail-6.3.3.


   2006-04-01 04:57:44 by Bernd Ahlers | Files touched by this commit (4)
Log message:
Update to fetchmail-6.3.3.


   2006-02-01 14:00:20 by Nikolay Sturm | Files touched by this commit (2)
Log message:
update to fetchmail 6.2.5.5, fixing CVE-2005-3088 and CVE-2005-4348
from bernd@


   2006-02-01 14:00:20 by Nikolay Sturm | Files touched by this commit (2)
Log message:
update to fetchmail 6.2.5.5, fixing CVE-2005-3088 and CVE-2005-4348
from bernd@


   2006-02-01 13:59:34 by Nikolay Sturm | Files touched by this commit (2)
Log message:
update to fetchmail 6.2.5.5, fixing CVE-2005-3088 and CVE-2005-4348
from bernd@


   2006-02-01 13:59:34 by Nikolay Sturm | Files touched by this commit (2)
Log message:
update to fetchmail 6.2.5.5, fixing CVE-2005-3088 and CVE-2005-4348
from bernd@


   2006-01-31 07:30:35 by Bernd Ahlers | Files touched by this commit (7)
Log message:
Update to fetchmail-6.3.2.
This update includes security fixes for CVE-2005-2335, CVE-2005-4348
and CVE-2006-0321.
Take over maintainership. (With permission from old MAINTAINER fgsch@.)
Tested by Sigfred Heversen and aanriot@.
ok aanriot@, brad@


   2006-01-31 07:30:35 by Bernd Ahlers | Files touched by this commit (7)
Log message:
Update to fetchmail-6.3.2.
This update includes security fixes for CVE-2005-2335, CVE-2005-4348
and CVE-2006-0321.
Take over maintainership. (With permission from old MAINTAINER fgsch@.)
Tested by Sigfred Heversen and aanriot@.
ok aanriot@, brad@


   2006-01-31 07:30:35 by Bernd Ahlers | Files touched by this commit (7)
Log message:
Update to fetchmail-6.3.2.
This update includes security fixes for CVE-2005-2335, CVE-2005-4348
and CVE-2006-0321.
Take over maintainership. (With permission from old MAINTAINER fgsch@.)
Tested by Sigfred Heversen and aanriot@.
ok aanriot@, brad@


   2006-01-31 07:30:35 by Bernd Ahlers | Files touched by this commit (7)
Log message:
Update to fetchmail-6.3.2.
This update includes security fixes for CVE-2005-2335, CVE-2005-4348
and CVE-2006-0321.
Take over maintainership. (With permission from old MAINTAINER fgsch@.)
Tested by Sigfred Heversen and aanriot@.
ok aanriot@, brad@


   2006-01-31 07:30:35 by Bernd Ahlers | Files touched by this commit (7)
Log message:
Update to fetchmail-6.3.2.
This update includes security fixes for CVE-2005-2335, CVE-2005-4348
and CVE-2006-0321.
Take over maintainership. (With permission from old MAINTAINER fgsch@.)
Tested by Sigfred Heversen and aanriot@.
ok aanriot@, brad@


   2006-01-31 07:30:35 by Bernd Ahlers | Files touched by this commit (7)
Log message:
Update to fetchmail-6.3.2.
This update includes security fixes for CVE-2005-2335, CVE-2005-4348
and CVE-2006-0321.
Take over maintainership. (With permission from old MAINTAINER fgsch@.)
Tested by Sigfred Heversen and aanriot@.
ok aanriot@, brad@


   2006-01-31 07:30:35 by Bernd Ahlers | Files touched by this commit (7)
Log message:
Update to fetchmail-6.3.2.
This update includes security fixes for CVE-2005-2335, CVE-2005-4348
and CVE-2006-0321.
Take over maintainership. (With permission from old MAINTAINER fgsch@.)
Tested by Sigfred Heversen and aanriot@.
ok aanriot@, brad@


   2005-11-01 04:33:50 by Nikolay Sturm | Files touched by this commit (2)
Log message:
MFC:
Fix the latest security issue in fetchmailconf.
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
"passwords are written to a world-readable file"
ok brad@


   2005-11-01 04:33:50 by Nikolay Sturm | Files touched by this commit (2)
Log message:
MFC:
Fix the latest security issue in fetchmailconf.
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
"passwords are written to a world-readable file"
ok brad@


   2005-10-30 01:23:47 by Nikolay Sturm | Files touched by this commit (2)
Log message:
MFC:
Fix the latest security issue in fetchmailconf.
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
"passwords are written to a world-readable file"
ok brad@


   2005-10-30 01:23:47 by Nikolay Sturm | Files touched by this commit (2)
Log message:
MFC:
Fix the latest security issue in fetchmailconf.
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
"passwords are written to a world-readable file"
ok brad@


   2005-10-30 01:14:00 by Nikolay Sturm | Files touched by this commit (2)
Log message:
MFC:
Fix the latest security issue in fetchmailconf.
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
"passwords are written to a world-readable file"
ok brad@


   2005-10-30 01:14:00 by Nikolay Sturm | Files touched by this commit (2)
Log message:
MFC:
Fix the latest security issue in fetchmailconf.
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
"passwords are written to a world-readable file"
ok brad@


   2005-10-27 15:58:51 by Bernd Ahlers | Files touched by this commit (2)
Log message:
Fix the latest security issue in fetchmailconf.
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
"passwords are written to a world-readable file"
nicer fetchmailconf diff & ok fgsch@ (thanks!)


   2005-10-27 15:58:51 by Bernd Ahlers | Files touched by this commit (2)
Log message:
Fix the latest security issue in fetchmailconf.
http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt
"passwords are written to a world-readable file"
nicer fetchmailconf diff & ok fgsch@ (thanks!)


   2005-08-31 13:55:37 by Nikolay Sturm | Files touched by this commit (8)
Log message:
bump PKGNAME so that 3.7 won't have higher PKGNAMEs than 3.8
suggested by espie@, ok pval@


   2005-08-31 13:51:42 by Nikolay Sturm | Files touched by this commit (11)
Log message:
updated packages for these ports where not build in a sane environment
bump PKGNAME for fixed packages


   2005-08-31 13:46:33 by Nikolay Sturm | Files touched by this commit (7)
Log message:
updated packages for these ports where not build in a sane environment
bump PKGNAME for fixed packages


   2005-07-29 11:19:14 by Robert Nagy | Files touched by this commit (2)
Log message:
SECURITY FIX: update to 6.2.5.2, see
http://www.vuxml.org/openbsd/aee27100-fcf2-11d9-b3c7-00065bd5b0b6.html.
Update master sites and homepage (project moved to belios.de).
From Bernd Ahlers <b dot ahlers at ba-net dot org>.
ok brad@


   2005-07-29 11:19:14 by Robert Nagy | Files touched by this commit (2)
Log message:
SECURITY FIX: update to 6.2.5.2, see
http://www.vuxml.org/openbsd/aee27100-fcf2-11d9-b3c7-00065bd5b0b6.html.
Update master sites and homepage (project moved to belios.de).
From Bernd Ahlers <b dot ahlers at ba-net dot org>.
ok brad@


   2005-07-29 11:14:48 by Robert Nagy | Files touched by this commit (2)
Log message:
SECURITY FIX: update to 6.2.5.2, see
http://www.vuxml.org/openbsd/aee27100-fcf2-11d9-b3c7-00065bd5b0b6.html.
Update master sites and homepage (project moved to belios.de).
From Bernd Ahlers <b dot ahlers at ba-net dot org>.
ok brad@


   2005-07-29 11:14:48 by Robert Nagy | Files touched by this commit (2)
Log message:
SECURITY FIX: update to 6.2.5.2, see
http://www.vuxml.org/openbsd/aee27100-fcf2-11d9-b3c7-00065bd5b0b6.html.
Update master sites and homepage (project moved to belios.de).
From Bernd Ahlers <b dot ahlers at ba-net dot org>.
ok brad@


   2005-07-25 11:41:51 by Federico G. Schwindt | Files touched by this commit (3)
Log message:
SECURITY FIX: update to 6.2.5.2, see
http://www.vuxml.org/openbsd/aee27100-fcf2-11d9-b3c7-00065bd5b0b6.html.
Update master sites and homepage (project moved to belios.de).
From Bernd Ahlers <b dot ahlers at ba-net dot org>.


   2005-07-25 11:41:51 by Federico G. Schwindt | Files touched by this commit (3)
Log message:
SECURITY FIX: update to 6.2.5.2, see
http://www.vuxml.org/openbsd/aee27100-fcf2-11d9-b3c7-00065bd5b0b6.html.
Update master sites and homepage (project moved to belios.de).
From Bernd Ahlers <b dot ahlers at ba-net dot org>.


   2005-07-25 11:41:51 by Federico G. Schwindt | Files touched by this commit (3)
Log message:
SECURITY FIX: update to 6.2.5.2, see
http://www.vuxml.org/openbsd/aee27100-fcf2-11d9-b3c7-00065bd5b0b6.html.
Update master sites and homepage (project moved to belios.de).
From Bernd Ahlers <b dot ahlers at ba-net dot org>.


   2005-02-19 14:27:35 by Aleksander Piotrowski | Files touched by this commit (3)
Log message:
- Fix libintl detection
- Don't use bundled libintl headers
- Bump PKGNAME


   2005-02-19 14:27:35 by Aleksander Piotrowski | Files touched by this commit (3)
Log message:
- Fix libintl detection
- Don't use bundled libintl headers
- Bump PKGNAME


   2005-02-19 14:27:35 by Aleksander Piotrowski | Files touched by this commit (3)
Log message:
- Fix libintl detection
- Don't use bundled libintl headers
- Bump PKGNAME


   2005-01-05 09:58:59 by Christian Weisgerber | Files touched by this commit (132)
Log message:
SIZE


   2005-01-02 05:56:06 by Aleksander Piotrowski | Files touched by this commit (27)
Log message:
Add WANTLIB markers


   2004-09-15 03:09:46 by Marc Espie | Files touched by this commit (110)
Log message:
new style plists.


   2004-08-10 03:14:48 by Xavier Santolaria | Files touched by this commit (18)
Log message:
new-style MODULES.


   2004-03-11 17:18:42 by Federico G. Schwindt | Files touched by this commit (1)
Log message:
fix apop. from alexander dot bluhm at gmx dot net via PR/3709.
pvalchev@ ok.


   2003-12-15 14:42:44 by Christian Weisgerber | Files touched by this commit (507)
Log message:
remove WWW lines


   2003-10-15 17:08:49 by Federico G. Schwindt | Files touched by this commit (3)
Log message:
update to 6.2.5.


   2003-10-15 17:08:49 by Federico G. Schwindt | Files touched by this commit (3)
Log message:
update to 6.2.5.


   2003-10-15 17:08:49 by Federico G. Schwindt | Files touched by this commit (3)
Log message:
update to 6.2.5.


   2003-09-23 14:37:51 by Markus Friedl | Files touched by this commit (1)
Log message:
out of bounds access; detected by malloc guard; ok fgsch@


   2003-08-13 17:28:24 by Federico G. Schwindt | Files touched by this commit (3)
Log message:
update to fetchmail 6.2.4; bugfix release.


   2003-08-13 17:28:24 by Federico G. Schwindt | Files touched by this commit (3)
Log message:
update to fetchmail 6.2.4; bugfix release.


   2003-08-13 17:28:24 by Federico G. Schwindt | Files touched by this commit (3)
Log message:
update to fetchmail 6.2.4; bugfix release.


   2003-07-17 16:36:44 by Federico G. Schwindt | Files touched by this commit (2)
Log message:
update to fetchmail 6.2.3.


   2003-07-17 16:36:44 by Federico G. Schwindt | Files touched by this commit (2)
Log message:
update to fetchmail 6.2.3.


   2003-05-19 19:55:59 by Federico G. Schwindt | Files touched by this commit (1)
Log message:
no more kerberosIV stuff; reported and tested by krw.


   2003-04-03 21:34:18 by Federico G. Schwindt | Files touched by this commit (2)
Log message:
update to fetchmail 6.2.2.


   2003-04-03 21:34:18 by Federico G. Schwindt | Files touched by this commit (2)
Log message:
update to fetchmail 6.2.2.


   2003-02-25 19:57:56 by David Krause | Files touched by this commit (9)
Log message:
remove double word stuttering
ok pvalchev@ brad@


   2003-02-18 03:30:17 by Federico G. Schwindt | Files touched by this commit (1)
Log message:
new MASTER_SITES and HOMEPAGE.
from by Joseph C. Bender <jcbender at benderhome dot net>.


   2002-12-13 08:29:59 by Christian Weisgerber | Files touched by this commit (2)
Log message:
MFC:
SECURITY FIX: update to fetchmail 6.2.0.


   2002-12-13 08:07:07 by Christian Weisgerber | Files touched by this commit (2)
Log message:
MFC:
SECURITY FIX: update to fetchmail 6.2.0.


   2002-12-13 01:53:56 by Federico G. Schwindt | Files touched by this commit (3)
Log message:
SECURITY FIX: update to fetchmail 6.2.0.


   2002-12-13 01:53:56 by Federico G. Schwindt | Files touched by this commit (3)
Log message:
SECURITY FIX: update to fetchmail 6.2.0.


   2002-12-13 01:53:56 by Federico G. Schwindt | Files touched by this commit (3)
Log message:
SECURITY FIX: update to fetchmail 6.2.0.


   2002-11-28 09:34:15 by Federico G. Schwindt | Files touched by this commit (2)
Log message:
Update to fetchmail 6.1.3.


   2002-11-28 09:34:15 by Federico G. Schwindt | Files touched by this commit (2)
Log message:
Update to fetchmail 6.1.3.


   2002-11-02 13:23:34 by Federico G. Schwindt | Files touched by this commit (2)
Log message:
update to fetchmail 6.1.2.


   2002-11-02 13:23:34 by Federico G. Schwindt | Files touched by this commit (2)
Log message:
update to fetchmail 6.1.2.


   2002-10-27 10:21:40 by Christian Weisgerber | Files touched by this commit (29)
Log message:
No regression tests available.


   2002-10-18 14:31:22 by Federico G. Schwindt | Files touched by this commit (2)
Log message:
update to fetchmail 6.1.1.


   2002-10-18 14:31:22 by Federico G. Schwindt | Files touched by this commit (2)
Log message:
update to fetchmail 6.1.1.


   2002-09-30 13:53:38 by Brad Smith | Files touched by this commit (5)
Log message:
upgrade to fetchmail 6.1.0
- fixes a few buffer overflows and a broken boundary check
which could potentially lead to a remote vulnerability.
http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2
--
Ok'd by: fgsch@


   2002-09-30 13:53:38 by Brad Smith | Files touched by this commit (5)
Log message:
upgrade to fetchmail 6.1.0
- fixes a few buffer overflows and a broken boundary check
which could potentially lead to a remote vulnerability.
http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2
--
Ok'd by: fgsch@


   2002-09-30 13:53:38 by Brad Smith | Files touched by this commit (5)
Log message:
upgrade to fetchmail 6.1.0
- fixes a few buffer overflows and a broken boundary check
which could potentially lead to a remote vulnerability.
http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2
--
Ok'd by: fgsch@


   2002-09-30 10:37:14 by Brad Smith | Files touched by this commit (2)
Log message:
upgrade to fetchmail 6.1.0
- fixes a few buffer overflows and a broken boundary check
which could potentially lead to a remote vulnerability.
http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2
--
Ok'd by: pvalchev@


   2002-09-30 10:37:14 by Brad Smith | Files touched by this commit (2)
Log message:
upgrade to fetchmail 6.1.0
- fixes a few buffer overflows and a broken boundary check
which could potentially lead to a remote vulnerability.
http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2
--
Ok'd by: pvalchev@


   2002-09-17 19:02:51 by Federico G. Schwindt | Files touched by this commit (2)
Log message:
update to 6.0.0.


   2002-09-17 19:02:51 by Federico G. Schwindt | Files touched by this commit (2)
Log message:
update to 6.0.0.


   2002-09-10 04:14:24 by Federico G. Schwindt | Files touched by this commit (4)
Log message:
- update to fetchmail 5.9.14.
- remove deprecated NEED_VERSION.
- enable NTLM support as requested by Nick Nauwelaerts <nick@wanadoo.be>.
- add gettext to MODULES.


   2002-09-10 04:14:24 by Federico G. Schwindt | Files touched by this commit (4)
Log message:
- update to fetchmail 5.9.14.
- remove deprecated NEED_VERSION.
- enable NTLM support as requested by Nick Nauwelaerts <nick@wanadoo.be>.
- add gettext to MODULES.


   2002-09-10 04:14:24 by Federico G. Schwindt | Files touched by this commit (4)
Log message:
- update to fetchmail 5.9.14.
- remove deprecated NEED_VERSION.
- enable NTLM support as requested by Nick Nauwelaerts <nick@wanadoo.be>.
- add gettext to MODULES.


   2002-09-10 04:14:24 by Federico G. Schwindt | Files touched by this commit (4)
Log message:
- update to fetchmail 5.9.14.
- remove deprecated NEED_VERSION.
- enable NTLM support as requested by Nick Nauwelaerts <nick@wanadoo.be>.
- add gettext to MODULES.