Version: 6.4.12, Package name: fetchmail-6.4.12 |
Maintained by: The OpenBSD ports mailing-list |
Master sites: |
Description fetchmail is a free, full-featured, robust, well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as elm(1) or Mail(1). fetchmail supports standard all mail-retrieval protocols in use on the Internet: POP2, POP3 (including POP3 with RFC1938 one-time passwords), RPOP, APOP, KPOP, Compuserve's POP3 with RPA, Microsoft's NTLM, Demon Internet's SDPS, all flavors of IMAP (including IMAP4rev1 with CRAM-MD5 authentication), and ESMTP ETRN. Fetchmail also supports end-to-end encryption with OpenSSL. |
Filesize: 1272.98 KB |
Version History (View Complete History) |
|
2020-09-14 09:14:55 by Theo Buehler | Files touched by this commit (2) |
Log message: fetchmail: use legacy certificate verification beck's shiny new validator found its first victim. bluhm saw warnings from fetchmail's verify callback and once we investigated, it was quick to segfault since it doesn't bother to check return values. Failures are more visible to the callback than they previously were. Fixing this mess is more work than it's worth, so let it use the old garbage. with & ok beck, tested & ok bluhm |
2020-09-13 13:01:24 by Theo Buehler | Files touched by this commit (4) |
Log message: update fetchmail to 6.4.12 Not much changed, it gained translations for Romanian and Serbian, documentation fixes and saw some package config churn to make sure FreeBSD links against the correct libssl. ok kn |
2020-09-07 03:40:53 by Theo Buehler | Files touched by this commit (2) |
Log message: fetchmail: use OpenSSL 1.1 code path Instead of relying on an untested code path that uses version fixed TLS client methods and the made-up TLSv1_3_client_method() in case TLS1_3_VERSION is defined, we can just use the code path provided for the OpenSSL 1.1 API. While it seems reasonable to assume that such a client method might be available, version fixed methods are deprecated. TLSv1_3_client_method() never existed in either LibreSSL or OpenSSL. This will make sure that the port works correctly now and will continue to build and work correctly once LIBRESSL_HAS_TLS1_3 becomes publicly visible. ok jsing |
2020-06-12 07:02:35 by Stuart Henderson | Files touched by this commit (3) |
Log message: update to fetchmail-6.4.6 |
2020-04-15 13:48:40 by Stuart Henderson | Files touched by this commit (2) |
Log message: update to fetchmail-6.4.3 |
2020-02-15 08:55:51 by Stuart Henderson | Files touched by this commit (4) |
Log message: update to fetchmail-6.4.2 |
2020-01-27 06:48:45 by Stuart Henderson | Files touched by this commit (7) |
Log message: update to fetchmail-6.4.1 |
2019-07-12 14:47:59 by Stuart Henderson | Files touched by this commit (874) |
Log message: replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes |
2019-05-20 16:15:31 by Christian Weisgerber | Files touched by this commit (488) |
Log message: Update gettext to 0.20.1. Follow the upstream recommendations for packagers and switch to multi-packages: devel/gettext -> devel/gettext,-runtime devel/gettext-tools -> devel/gettext,-tools (new) devel/gettext,-textstyle |
2017-08-10 22:18:19 by Alexander Bluhm | Files touched by this commit (2) |
Log message: Do not overrun plugin string when copying it. Prevents sporadic segmentation fault in fetchmail. Fix reported to upstream. OK jca@ |
2015-11-02 04:56:55 by Marc Espie | Files touched by this commit (27) |
Log message: a few minor pkg_subst fixes, for the coming patch (disallow -c without -m outside of WRKDIR) |
2015-10-08 15:19:23 by Stuart Henderson | Files touched by this commit (33) |
Log message: Bump some ports which reference if_msghdr in their source, so that package updates are triggered. This is following the struct if_data ABI change a few days ago; if_msghdr has an embedded if_data. Some may be unnecessary, but some are definitely needed and bumps are cheaper than debugging. Problem reported with wpa_supplicant by Mikolaj Kucharski. |
2015-08-25 11:44:09 by Jeremie Courreges-Anglas | Files touched by this commit (3) |
Log message: Fixed upstream. |
2015-07-17 22:51:29 by Stuart Henderson | Files touched by this commit (5) |
Log message: cope if SSLv3 is disabled |
2015-05-25 01:54:28 by Jasper Lievisse Adriaanse | Files touched by this commit (29) |
Log message: remove a whole bunch more @rm -f cases |
2011-06-06 07:57:07 by Stuart Henderson | Files touched by this commit (5) |
Log message: update fetchmail to 6.3.20, tested by jasper@, lots of fixes including: * CVE-2011-1947 - use timeouts for IMAP STARTTLS/POP3 STLS negotiation which could cause fetchmail freezes if a server was hanging. * security improvements to defang X.509 certificate abuse - require wildcard CN/subject alternative names to start with "*." not just "*" - don't allow wildcards to match domain literals (such as 10.9.8.7) or wildcards in domain literals ("*.168.23.23"). - don't allow wildcarding top-level domains. |
2010-11-19 00:23:15 by Marc Espie | Files touched by this commit (332) |
Log message: new depends |
2010-10-18 15:50:39 by Stuart Henderson | Files touched by this commit (48) |
Log message: fix tabs |
2010-10-18 13:59:20 by Marc Espie | Files touched by this commit (135) |
Log message: USE_GROFF=Yes |
2010-06-10 19:36:23 by William Yodlowsky | Files touched by this commit (2) |
Log message: SECURITY FIX Resolves fetchmail-SA-2010-01 patch from upstream |
2010-06-09 02:34:59 by Stefan Sperling | Files touched by this commit (2) |
Log message: Add patch from upstream to fix bogus ssl check warning when the sslfingerprint option is used. hints and ok sthen@ |
2010-05-19 09:27:18 by Giovanni Bechis | Files touched by this commit (4) |
Log message: Update to 6.3.17 ok kili@ |
2010-03-31 13:12:06 by Jasper Lievisse Adriaanse | Files touched by this commit (4) |
Log message: - update fetchmail to 6.3.15 from charles smith, thanks. |
2010-03-21 19:28:40 by Stuart Henderson | Files touched by this commit (4) |
Log message: security update to 6.3.14, heap overflow in verbose mode SSL cert display on signed char arch. http://www.fetchmail.info/fetchmail-SA-2010-01.txt "This might be exploitable to inject code if - - fetchmail is run in verbose mode AND - - the host running fetchmail considers char signed AND - - the server uses malicious certificates with non-printing characters that have the high bit set AND - - these certificates manage to inject shell-code that consists purely of printable characters. It is believed to be difficult to achieve all this." |
2009-11-02 12:47:49 by Stuart Henderson | Files touched by this commit (3) |
Log message: update to 6.3.13, fixing a regression introduced in 6.3.12. ok jasper@ |
2009-10-24 21:51:32 by William Yodlowsky | Files touched by this commit (2) |
Log message: SECURITY FIX Resolves CVE-2009-2666: Detect malicious certificates that use a null byte injection in the Common Name or subjectAltName (CVE-2009-2666). patch from debian |
2009-10-16 17:36:52 by William Yodlowsky | Files touched by this commit (2) |
Log message: SECURITY FIX Resolves CVE-2009-2666: Detect malicious certificates that use a null byte injection in the Common Name or subjectAltName (CVE-2009-2666). patch from debian ok jasper@ |
2009-10-11 14:52:17 by Stuart Henderson | Files touched by this commit (6) |
Log message: SECURITY update to 6.3.12, fixes CVE-2009-2666 (bad handling of nulls in SSL domain names). ok jasper@ |
2009-02-17 05:08:44 by Jasper Lievisse Adriaanse | Files touched by this commit (8) |
Log message: - update fetchmail to 6.3.9 ok sthen@ |
2009-02-02 04:42:13 by Bernd Ahlers | Files touched by this commit (3) |
Log message: Fix stunnel usage with TLS1 encryption. From https://lists.berlios.de/pipermail/fetchmail-users/2007-December/001396.html via Dieter Rauschenberger. Thank you! Regen PLIST and drop maintainership. I don't use it anymore. |
2008-10-30 09:33:59 by Bernd Ahlers | Files touched by this commit (2) |
Log message: Remove the pre-generated yacc files so they will be re-build. This fixes a problem with gcc2. Also fix a format string. From miod@, thanks! |
2008-08-19 16:41:24 by Jasper Lievisse Adriaanse | Files touched by this commit (2) |
Log message: SECURITY FIX for http://secunia.com/advisories/30742/ (Fetchmail Large Header Processing Denial of Service) Patch was taken from upstream advisory. http://www.fetchmail.info/fetchmail-SA-2008-01.txt ok bernd@ (MAINTAINER) |
2007-09-15 18:17:07 by Michael Erdely | Files touched by this commit (124) |
Log message: Remove surrounding quotes in COMMENT*/PERMIT_* |
2007-09-04 00:11:47 by Antoine Jacoutot | Files touched by this commit (2) |
Log message: MFC (original commit rui@): roll in a distribution patch which fixes CVE-2007-4565 Reference: http://securitytracker.com/alerts/2007/Aug/1018627.html ok sturm@ |
2007-09-04 00:11:20 by Antoine Jacoutot | Files touched by this commit (2) |
Log message: MFC (original commit rui@): roll in a distribution patch which fixes CVE-2007-4565 Reference: http://securitytracker.com/alerts/2007/Aug/1018627.html ok sturm@ |
2007-08-31 08:20:46 by Rui Reis | Files touched by this commit (2) |
Log message: SECURITY: roll in a distribution patch which fixes CVE-2007-4565 Reference: http://securitytracker.com/alerts/2007/Aug/1018627.html ok bernd@ |
2007-05-01 10:31:36 by Nikolay Sturm | Files touched by this commit (2) |
Log message: MFC: Security update to fetchmail-6.3.8. (CVE-2007-1558) Make the APOP challenge parser more distrustful and have it reject challenges that do not conform to RFC-822 msg-id format, in the hope to make mounting man-in-the-middle attacks (MITM) against APOP a bit more difficult. Detailed information: http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt |
2007-04-19 07:55:35 by Nikolay Sturm | Files touched by this commit (2) |
Log message: MFC: Security update to fetchmail-6.3.8. (CVE-2007-1558) Make the APOP challenge parser more distrustful and have it reject challenges that do not conform to RFC-822 msg-id format, in the hope to make mounting man-in-the-middle attacks (MITM) against APOP a bit more difficult. Detailed information: http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt |
2007-04-19 06:38:08 by Nikolay Sturm | Files touched by this commit (2) |
Log message: MFC: Security update to fetchmail-6.3.8. (CVE-2007-1558) Make the APOP challenge parser more distrustful and have it reject challenges that do not conform to RFC-822 msg-id format, in the hope to make mounting man-in-the-middle attacks (MITM) against APOP a bit more difficult. Detailed information: http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt |
2007-04-13 07:22:25 by Bernd Ahlers | Files touched by this commit (4) |
Log message: Security update to fetchmail-6.3.8. (CVE-2007-1558) Make the APOP challenge parser more distrustful and have it reject challenges that do not conform to RFC-822 msg-id format, in the hope to make mounting man-in-the-middle attacks (MITM) against APOP a bit more difficult. Detailed information: http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt |
2007-04-05 10:20:19 by Marc Espie | Files touched by this commit (912) |
Log message: base64 checksums. |
2007-01-10 12:46:20 by Nikolay Sturm | Files touched by this commit (3) |
Log message: MFC: Security update to fetchmail-6.3.6: A password disclosure vulnerability (CVE-2006-5867, fetchmail's using unsafe logins or omitting TLS) and a denial of service vulnerability (CVE-2006-5974, fetchmail crashes, dereferencing the null page, when rejecting a message sent to an MDA). Fetchmail 6.3.6 also fixes several regressions and long-standing bugs. Details: https://lists.berlios.de/pipermail/fetchmail-announce/2007-January/000042.html |
2007-01-10 12:00:26 by Nikolay Sturm | Files touched by this commit (3) |
Log message: MFC: Security update to fetchmail-6.3.6: A password disclosure vulnerability (CVE-2006-5867, fetchmail's using unsafe logins or omitting TLS) and a denial of service vulnerability (CVE-2006-5974, fetchmail crashes, dereferencing the null page, when rejecting a message sent to an MDA). Fetchmail 6.3.6 also fixes several regressions and long-standing bugs. Details: https://lists.berlios.de/pipermail/fetchmail-announce/2007-January/000042.html |
2007-01-09 03:35:42 by Bernd Ahlers | Files touched by this commit (5) |
Log message: Security update to fetchmail-6.3.6: A password disclosure vulnerability (CVE-2006-5867, fetchmail's using unsafe logins or omitting TLS) and a denial of service vulnerability (CVE-2006-5974, fetchmail crashes, dereferencing the null page, when rejecting a message sent to an MDA). Fetchmail 6.3.6 also fixes several regressions and long-standing bugs. Details: https://lists.berlios.de/pipermail/fetchmail-announce/2007-January/000042.html tests & ok jasper@, simon@ |
2006-08-01 12:38:23 by Aleksander Piotrowski | Files touched by this commit (11) |
Log message: Use MASTER_SITE_BERLIOS |
2006-04-21 03:22:00 by Bernd Ahlers | Files touched by this commit (5) |
Log message: Update to fetchmail-6.3.4. |
2006-04-01 04:57:44 by Bernd Ahlers | Files touched by this commit (4) |
Log message: Update to fetchmail-6.3.3. |
2006-02-01 14:00:20 by Nikolay Sturm | Files touched by this commit (2) |
Log message: update to fetchmail 6.2.5.5, fixing CVE-2005-3088 and CVE-2005-4348 from bernd@ |
2006-02-01 13:59:34 by Nikolay Sturm | Files touched by this commit (2) |
Log message: update to fetchmail 6.2.5.5, fixing CVE-2005-3088 and CVE-2005-4348 from bernd@ |
2006-01-31 07:30:35 by Bernd Ahlers | Files touched by this commit (7) |
Log message: Update to fetchmail-6.3.2. This update includes security fixes for CVE-2005-2335, CVE-2005-4348 and CVE-2006-0321. Take over maintainership. (With permission from old MAINTAINER fgsch@.) Tested by Sigfred Heversen and aanriot@. ok aanriot@, brad@ |
2005-11-01 04:33:50 by Nikolay Sturm | Files touched by this commit (2) |
Log message: MFC: Fix the latest security issue in fetchmailconf. http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt "passwords are written to a world-readable file" ok brad@ |
2005-10-30 01:23:47 by Nikolay Sturm | Files touched by this commit (2) |
Log message: MFC: Fix the latest security issue in fetchmailconf. http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt "passwords are written to a world-readable file" ok brad@ |
2005-10-30 01:14:00 by Nikolay Sturm | Files touched by this commit (2) |
Log message: MFC: Fix the latest security issue in fetchmailconf. http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt "passwords are written to a world-readable file" ok brad@ |
2005-10-27 15:58:51 by Bernd Ahlers | Files touched by this commit (2) |
Log message: Fix the latest security issue in fetchmailconf. http://fetchmail.berlios.de/fetchmail-SA-2005-02.txt "passwords are written to a world-readable file" nicer fetchmailconf diff & ok fgsch@ (thanks!) |
2005-08-31 13:55:37 by Nikolay Sturm | Files touched by this commit (8) |
Log message: bump PKGNAME so that 3.7 won't have higher PKGNAMEs than 3.8 suggested by espie@, ok pval@ |
2005-08-31 13:51:42 by Nikolay Sturm | Files touched by this commit (11) |
Log message: updated packages for these ports where not build in a sane environment bump PKGNAME for fixed packages |
2005-08-31 13:46:33 by Nikolay Sturm | Files touched by this commit (7) |
Log message: updated packages for these ports where not build in a sane environment bump PKGNAME for fixed packages |
2005-07-29 11:19:14 by Robert Nagy | Files touched by this commit (2) |
Log message: SECURITY FIX: update to 6.2.5.2, see http://www.vuxml.org/openbsd/aee27100-fcf2-11d9-b3c7-00065bd5b0b6.html. Update master sites and homepage (project moved to belios.de). From Bernd Ahlers <b dot ahlers at ba-net dot org>. ok brad@ |
2005-07-29 11:14:48 by Robert Nagy | Files touched by this commit (2) |
Log message: SECURITY FIX: update to 6.2.5.2, see http://www.vuxml.org/openbsd/aee27100-fcf2-11d9-b3c7-00065bd5b0b6.html. Update master sites and homepage (project moved to belios.de). From Bernd Ahlers <b dot ahlers at ba-net dot org>. ok brad@ |
2005-07-25 11:41:51 by Federico G. Schwindt | Files touched by this commit (3) |
Log message: SECURITY FIX: update to 6.2.5.2, see http://www.vuxml.org/openbsd/aee27100-fcf2-11d9-b3c7-00065bd5b0b6.html. Update master sites and homepage (project moved to belios.de). From Bernd Ahlers <b dot ahlers at ba-net dot org>. |
2005-02-19 14:27:35 by Aleksander Piotrowski | Files touched by this commit (3) |
Log message: - Fix libintl detection - Don't use bundled libintl headers - Bump PKGNAME |
2005-01-05 09:58:59 by Christian Weisgerber | Files touched by this commit (132) |
Log message: SIZE |
2005-01-02 05:56:06 by Aleksander Piotrowski | Files touched by this commit (27) |
Log message: Add WANTLIB markers |
2004-09-15 03:09:46 by Marc Espie | Files touched by this commit (110) |
Log message: new style plists. |
2004-08-10 03:14:48 by Xavier Santolaria | Files touched by this commit (18) |
Log message: new-style MODULES. |
2004-03-11 17:18:42 by Federico G. Schwindt | Files touched by this commit (1) |
Log message: fix apop. from alexander dot bluhm at gmx dot net via PR/3709. pvalchev@ ok. |
2003-12-15 14:42:44 by Christian Weisgerber | Files touched by this commit (507) |
Log message: remove WWW lines |
2003-10-15 17:08:49 by Federico G. Schwindt | Files touched by this commit (3) |
Log message: update to 6.2.5. |
2003-09-23 14:37:51 by Markus Friedl | Files touched by this commit (1) |
Log message: out of bounds access; detected by malloc guard; ok fgsch@ |
2003-08-13 17:28:24 by Federico G. Schwindt | Files touched by this commit (3) |
Log message: update to fetchmail 6.2.4; bugfix release. |
2003-07-17 16:36:44 by Federico G. Schwindt | Files touched by this commit (2) |
Log message: update to fetchmail 6.2.3. |
2003-05-19 19:55:59 by Federico G. Schwindt | Files touched by this commit (1) |
Log message: no more kerberosIV stuff; reported and tested by krw. |
2003-04-03 21:34:18 by Federico G. Schwindt | Files touched by this commit (2) |
Log message: update to fetchmail 6.2.2. |
2003-02-25 19:57:56 by David Krause | Files touched by this commit (9) |
Log message: remove double word stuttering ok pvalchev@ brad@ |
2003-02-18 03:30:17 by Federico G. Schwindt | Files touched by this commit (1) |
Log message: new MASTER_SITES and HOMEPAGE. from by Joseph C. Bender <jcbender at benderhome dot net>. |
2002-12-13 08:29:59 by Christian Weisgerber | Files touched by this commit (2) |
Log message: MFC: SECURITY FIX: update to fetchmail 6.2.0. |
2002-12-13 08:07:07 by Christian Weisgerber | Files touched by this commit (2) |
Log message: MFC: SECURITY FIX: update to fetchmail 6.2.0. |
2002-12-13 01:53:56 by Federico G. Schwindt | Files touched by this commit (3) |
Log message: SECURITY FIX: update to fetchmail 6.2.0. |
2002-11-28 09:34:15 by Federico G. Schwindt | Files touched by this commit (2) |
Log message: Update to fetchmail 6.1.3. |
2002-11-02 13:23:34 by Federico G. Schwindt | Files touched by this commit (2) |
Log message: update to fetchmail 6.1.2. |
2002-10-27 10:21:40 by Christian Weisgerber | Files touched by this commit (29) |
Log message: No regression tests available. |
2002-10-18 14:31:22 by Federico G. Schwindt | Files touched by this commit (2) |
Log message: update to fetchmail 6.1.1. |
2002-09-30 13:53:38 by Brad Smith | Files touched by this commit (5) |
Log message: upgrade to fetchmail 6.1.0 - fixes a few buffer overflows and a broken boundary check which could potentially lead to a remote vulnerability. http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2 -- Ok'd by: fgsch@ |
2002-09-30 10:37:14 by Brad Smith | Files touched by this commit (2) |
Log message: upgrade to fetchmail 6.1.0 - fixes a few buffer overflows and a broken boundary check which could potentially lead to a remote vulnerability. http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2 -- Ok'd by: pvalchev@ |
2002-09-17 19:02:51 by Federico G. Schwindt | Files touched by this commit (2) |
Log message: update to 6.0.0. |
2002-09-10 04:14:24 by Federico G. Schwindt | Files touched by this commit (4) |
Log message: - update to fetchmail 5.9.14. - remove deprecated NEED_VERSION. - enable NTLM support as requested by Nick Nauwelaerts <nick@wanadoo.be>. - add gettext to MODULES. |