rpms/fetchmail
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import fetchmail-6.3.26-19.el8

Browse Source
This commit is contained in:
CentOS Sources 2019-05-07 08:50:01 -04:00 committed by Andrew Lukoshko
commit ad370f3f4b
9 changed files with 1584 additions and 0 deletions

1
.fetchmail.metadata Normal file
View File

@ -0,0 +1 @@
de8dbe62a8edfa232ee4278257a1fe67aa1c797a SOURCES/fetchmail-6.3.26.tar.xz

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/fetchmail-6.3.26.tar.xz

36
SOURCES/fetchmail-6.3.24-sslv3-in-ssllib-check.patch Normal file
View File

@ -0,0 +1,36 @@
diff -up fetchmail-6.3.24/config.h.in.orig fetchmail-6.3.24/config.h.in
--- fetchmail-6.3.24/config.h.in.orig 2017-06-13 10:14:37.783983820 +0200
+++ fetchmail-6.3.24/config.h.in 2017-06-13 10:15:38.532996937 +0200
@@ -53,6 +53,10 @@
if you don't. */
#undef HAVE_DECL_SSLV2_CLIENT_METHOD
+/* Define to 1 if you have the declaration of `SSLv3_client_method', and to 0
+ if you don't. */
+#undef HAVE_DECL_SSLV3_CLIENT_METHOD
+
/* Define to 1 if you have the declaration of `strerror', and to 0 if you
don't. */
#undef HAVE_DECL_STRERROR
diff -up fetchmail-6.3.24/configure.orig fetchmail-6.3.24/configure
--- fetchmail-6.3.24/configure.orig 2017-06-13 10:23:06.824111065 +0200
+++ fetchmail-6.3.24/configure 2017-06-13 10:23:43.308129006 +0200
@@ -10133,6 +10133,18 @@ cat >>confdefs.h <<_ACEOF
#define HAVE_DECL_SSLV2_CLIENT_METHOD $ac_have_decl
_ACEOF
+ ac_fn_c_check_decl "$LINENO" "SSLv3_client_method" "ac_cv_have_decl_SSLv3_client_method" "#include <openssl/ssl.h>
+"
+if test "x$ac_cv_have_decl_SSLv3_client_method" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_SSLV3_CLIENT_METHOD $ac_have_decl
+_ACEOF
+
;;
esac

94
SOURCES/fetchmail-6.3.26-options-usage-manpage.patch Normal file
View File

@ -0,0 +1,94 @@
diff -up fetchmail-6.3.26/fetchmail.man.orig fetchmail-6.3.26/fetchmail.man
--- fetchmail-6.3.26/fetchmail.man.orig 2016-04-27 13:18:17.911459399 +0200
+++ fetchmail-6.3.26/fetchmail.man 2016-04-27 13:29:35.300958501 +0200
@@ -164,6 +164,9 @@ Some special options are not covered her
in sections on AUTHENTICATION and DAEMON MODE which follow.
.SS General Options
.TP
+.B \-? | \-\-help
+Displays option help.
+.TP
.B \-V | \-\-version
Displays the version information for your copy of \fBfetchmail\fP. No mail
fetch is performed. Instead, for each server specified, all the option
@@ -1061,7 +1064,7 @@ sent to 'username\&@\&userhost.userdom.d
\fIDelivered\-To:\fR line of the form:
.IP
Delivered\-To: mbox\-userstr\-username\&@\&userhost.example.com
-.PP
+.IP
The ISP can make the 'mbox\-userstr\-' prefix anything they choose
but a string matching the user host name is likely.
By using the option 'envelope Delivered\-To:' you can make fetchmail reliably
@@ -1075,6 +1078,10 @@ specified, and dump a configuration repo
configuration report is a data structure assignment in the language
Python. This option is meant to be used with an interactive
\fI~/.fetchmailrc\fP editor like \fBfetchmailconf\fP, written in Python.
+.TP
+.B \-y | \-\-yydebug
+Enables parser debugging, this option is meant to be used by developers
+only.
.SS Removed Options
.TP
@@ -1360,6 +1367,8 @@ authentication or multiple timeouts.
.SS Terminating the background daemon
.PP
The option
+.B \-q
+or
.B \-\-quit
will kill a running daemon process instead of waking it up (if there
is no such process, \fBfetchmail\fP will notify you).
@@ -1916,7 +1925,7 @@ T}
mda \-m \& T{
Specify MDA for local delivery
T}
-bsmtp \-o \& T{
+bsmtp \& \& T{
Specify BSMTP batch file to append to
T}
preconnect \& \& T{
diff -up fetchmail-6.3.26/options.c.orig fetchmail-6.3.26/options.c
--- fetchmail-6.3.26/options.c.orig 2016-04-27 13:00:59.001360077 +0200
+++ fetchmail-6.3.26/options.c 2016-04-27 13:17:48.325350247 +0200
@@ -58,9 +58,9 @@ enum {
LA_BADHEADER
};
-/* options still left: CgGhHjJoORTWxXYz */
+/* options still left: ACgGhHjJoORTWxXYz */
static const char *shortoptions =
- "?Vcsvd:NqL:f:i:p:UP:A:t:E:Q:u:akKFnl:r:S:Z:b:B:e:m:I:M:yw:D:";
+ "?Vcsvd:NqL:f:i:p:UP:t:E:Q:u:akKFnl:r:S:Z:b:B:e:m:I:M:yw:D:";
static const struct option longoptions[] = {
/* this can be const because all flag fields are 0 and will never get set */
@@ -630,6 +630,7 @@ int parsecmdline (int argc /** argument
P(GT_(" -q, --quit kill daemon process\n"));
P(GT_(" -L, --logfile specify logfile name\n"));
P(GT_(" --syslog use syslog(3) for most messages when running as a daemon\n"));
+ P(GT_(" --nosyslog turns off use of syslog(3)\n"));
P(GT_(" --invisible don't write Received & enable host spoofing\n"));
P(GT_(" -f, --fetchmailrc specify alternate run control file\n"));
P(GT_(" -i, --idfile specify alternate UIDs file\n"));
@@ -658,8 +659,9 @@ int parsecmdline (int argc /** argument
P(GT_(" --bad-header {reject|accept}\n"
" specify policy for handling messages with bad headers\n"));
- P(GT_(" -p, --protocol specify retrieval protocol (see man page)\n"));
+ P(GT_(" -p, --proto[col] specify retrieval protocol (see man page)\n"));
P(GT_(" -U, --uidl force the use of UIDLs (pop3 only)\n"));
+ P(GT_(" --idle tells the IMAP server to send notice of new messages\n"));
P(GT_(" --port TCP port to connect to (obsolete, use --service)\n"));
P(GT_(" -P, --service TCP service to connect to (can be numeric TCP port)\n"));
P(GT_(" --auth authentication type (password/kerberos/ssh/otp)\n"));
@@ -669,7 +671,7 @@ int parsecmdline (int argc /** argument
P(GT_(" --principal mail service principal\n"));
P(GT_(" --tracepolls add poll-tracing information to Received header\n"));
- P(GT_(" -u, --username specify users's login on server\n"));
+ P(GT_(" -u, --user[name] specify users's login on server\n"));
P(GT_(" -a, --[fetch]all retrieve old and new messages\n"));
P(GT_(" -K, --nokeep delete new messages after retrieval\n"));
P(GT_(" -k, --keep save new messages after retrieval\n"));

742
SOURCES/fetchmail-6.3.26-ssl-backport.patch Normal file
View File

@ -0,0 +1,742 @@
diff -up fetchmail-6.3.26/configure.ac.orig fetchmail-6.3.26/configure.ac
--- fetchmail-6.3.26/configure.ac.orig 2013-04-23 22:51:10.000000000 +0200
+++ fetchmail-6.3.26/configure.ac 2016-05-02 14:14:34.908139601 +0200
@@ -803,6 +803,7 @@ fi
case "$LIBS" in *-lssl*)
AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
+ AC_CHECK_DECLS([SSLv3_client_method],,,[#include <openssl/ssl.h>])
;;
esac
diff -up fetchmail-6.3.26/fetchmail.c.orig fetchmail-6.3.26/fetchmail.c
--- fetchmail-6.3.26/fetchmail.c.orig 2013-04-23 22:00:45.000000000 +0200
+++ fetchmail-6.3.26/fetchmail.c 2016-05-02 14:14:34.908139601 +0200
@@ -263,6 +263,12 @@ int main(int argc, char **argv)
#ifdef SSL_ENABLE
"+SSL"
#endif
+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 == 0
+ "-SSLv2"
+#endif
+#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0
+ "-SSLv3"
+#endif
#ifdef OPIE_ENABLE
"+OPIE"
#endif /* OPIE_ENABLE */
diff -up fetchmail-6.3.26/fetchmail.h.orig fetchmail-6.3.26/fetchmail.h
--- fetchmail-6.3.26/fetchmail.h.orig 2013-04-23 22:00:45.000000000 +0200
+++ fetchmail-6.3.26/fetchmail.h 2016-05-02 14:14:34.905139590 +0200
@@ -771,9 +771,9 @@ int servport(const char *service);
int fm_getaddrinfo(const char *node, const char *serv, const struct addrinfo *hints, struct addrinfo **res);
void fm_freeaddrinfo(struct addrinfo *ai);
-/* prototypes from tls.c */
-int maybe_tls(struct query *ctl);
-int must_tls(struct query *ctl);
+/* prototypes from starttls.c */
+int maybe_starttls(struct query *ctl);
+int must_starttls(struct query *ctl);
/* prototype from rfc822valid.c */
int rfc822_valid_msgid(const unsigned char *);
diff -up fetchmail-6.3.26/fetchmail.man.orig fetchmail-6.3.26/fetchmail.man
--- fetchmail-6.3.26/fetchmail.man.orig 2013-04-23 22:51:17.000000000 +0200
+++ fetchmail-6.3.26/fetchmail.man 2016-05-02 14:14:34.906139594 +0200
@@ -412,23 +412,22 @@ from. The folder information is written
.B \-\-ssl
(Keyword: ssl)
.br
-Causes the connection to the mail server to be encrypted
-via SSL. Connect to the server using the specified base protocol over a
-connection secured by SSL. This option defeats opportunistic starttls
-negotiation. It is highly recommended to use \-\-sslproto 'SSL3'
-\-\-sslcertck to validate the certificates presented by the server and
-defeat the obsolete SSLv2 negotiation. More information is available in
-the \fIREADME.SSL\fP file that ships with fetchmail.
-.IP
-Note that fetchmail may still try to negotiate SSL through starttls even
-if this option is omitted. You can use the \-\-sslproto option to defeat
-this behavior or tell fetchmail to negotiate a particular SSL protocol.
+Causes the connection to the mail server to be encrypted via SSL, by
+negotiating SSL directly after connecting (SSL-wrapped mode). It is
+highly recommended to use \-\-sslcertck to validate the certificates
+presented by the server. Please see the description of \-\-sslproto
+below! More information is available in the \fIREADME.SSL\fP file that
+ships with fetchmail.
+.IP
+Note that even if this option is omitted, fetchmail may still negotiate
+SSL in-band for POP3 or IMAP, through the STLS or STARTTLS feature. You
+can use the \-\-sslproto option to modify that behavior.
.IP
If no port is specified, the connection is attempted to the well known
port of the SSL version of the base protocol. This is generally a
different port than the port used by the base protocol. For IMAP, this
is port 143 for the clear protocol and port 993 for the SSL secured
-protocol, for POP3, it is port 110 for the clear text and port 995 for
+protocol; for POP3, it is port 110 for the clear text and port 995 for
the encrypted variant.
.IP
If your system lacks the corresponding entries from /etc/services, see
@@ -470,39 +469,77 @@ cause some complications in daemon mode.
.IP
Also see \-\-sslcert above.
.TP
-.B \-\-sslproto <name>
+.B \-\-sslproto <value>
(Keyword: sslproto)
.br
-Forces an SSL/TLS protocol. Possible values are \fB''\fP,
-\&'\fBSSL2\fP' (not supported on all systems),
-\&'\fBSSL23\fP', (use of these two values is discouraged
-and should only be used as a last resort) \&'\fBSSL3\fP', and
-\&'\fBTLS1\fP'. The default behaviour if this option is unset is: for
-connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will
-opportunistically try STARTTLS negotiation with TLS1. You can configure
-this option explicitly if the default handshake (TLS1 if \-\-ssl is not
-used) does not work for your server.
-.IP
-Use this option with '\fBTLS1\fP' value to enforce a STARTTLS
-connection. In this mode, it is highly recommended to also use
-\-\-sslcertck (see below). Note that this will then cause fetchmail
-v6.3.19 to force STARTTLS negotiation even if it is not advertised by
-the server.
-.IP
-To defeat opportunistic TLSv1 negotiation when the server advertises
-STARTTLS or STLS, and use a cleartext connection use \fB''\fP. This
-option, even if the argument is the empty string, will also suppress the
-diagnostic 'SERVER: opportunistic upgrade to TLS.' message in verbose
-mode. The default is to try appropriate protocols depending on context.
+This option has a dual use, out of historic fetchmail behaviour. It
+controls both the SSL/TLS protocol version and, if \-\-ssl is not
+specified, the STARTTLS behaviour (upgrading the protocol to an SSL or
+TLS connection in-band). Some other options may however make TLS
+mandatory.
+.PP
+Only if this option and \-\-ssl are both missing for a poll, there will
+be opportunistic TLS for POP3 and IMAP, where fetchmail will attempt to
+upgrade to TLSv1 or newer.
+.PP
+Recognized values for \-\-sslproto are given below. You should normally
+chose one of the auto-negotiating options, i. e. '\fBauto\fP' or one of
+the options ending in a plus (\fB+\fP) character. Note that depending
+on OpenSSL library version and configuration, some options cause
+run-time errors because the requested SSL or TLS versions are not
+supported by the particular installed OpenSSL library.
+.RS
+.IP "\fB''\fP, the empty string"
+Disable STARTTLS. If \-\-ssl is given for the same server, log an error
+and pretend that '\fBauto\fP' had been used instead.
+.IP '\fBauto\fP'
+(default). Require TLS. Auto-negotiate TLSv1 or newer, disable SSLv3 downgrade.
+(previous releases of fetchmail have auto-negotiated all protocols that
+their OpenSSL library supported, including the broken SSLv3).
+.IP "\&'\fBSSL23\fP'
+see '\fBauto\fP'.
+.IP \&'\fBSSL2\fP'
+Require SSLv2 exactly. SSLv2 is broken, not supported on all systems, avoid it
+if possible. This will make fetchmail negotiate SSLv2 only, and is the
+only way to have fetchmail permit SSLv2.
+.IP \&'\fBSSL3\fP'
+Require SSLv3 exactly. SSLv3 is broken, not supported on all systems, avoid it
+if possible. This will make fetchmail negotiate SSLv3 only, and is the
+only way besides '\fBSSL3+\fP' to have fetchmail permit SSLv3.
+.IP \&'\fBSSL3+\fP'
+same as '\fBauto\fP', but permit SSLv3 as well. This is the only way
+besides '\fBSSL3\fP' to have fetchmail permit SSLv3.
+.IP \&'\fBTLS1\fP'
+Require TLSv1. This does not negotiate TLSv1.1 or newer, and is
+discouraged. Replace by TLS1+ unless the latter chokes your server.
+.IP \&'\fBTLS1+\fP'
+See '\fBauto\fP'.
+.IP \&'\fBTLS1.1\fP'
+Require TLS v1.1 exactly.
+.IP \&'\fBTLS1.1+\fP'
+Require TLS. Auto-negotiate TLSv1.1 or newer.
+.IP \&'\fBTLS1.2\fP'
+Require TLS v1.2 exactly.
+.IP '\fBTLS1.2+\fP'
+Require TLS. Auto-negotiate TLSv1.2 or newer.
+.IP "Unrecognized parameters"
+are treated the same as '\fBauto\fP'.
+.RE
+.IP
+NOTE: you should hardly ever need to use anything other than '' (to
+force an unencrypted connection) or 'auto' (to enforce TLS).
.TP
.B \-\-sslcertck
(Keyword: sslcertck)
.br
-Causes fetchmail to strictly check the server certificate against a set of
-local trusted certificates (see the \fBsslcertfile\fP and \fBsslcertpath\fP
-options). If the server certificate cannot be obtained or is not signed by one
-of the trusted ones (directly or indirectly), the SSL connection will fail,
-regardless of the \fBsslfingerprint\fP option.
+Causes fetchmail to require that SSL/TLS be used and disconnect if it
+can not successfully negotiate SSL or TLS, or if it cannot successfully
+verify and validate the certificate and follow it to a trust anchor (or
+trusted root certificate). The trust anchors are given as a set of local
+trusted certificates (see the \fBsslcertfile\fP and \fBsslcertpath\fP
+options). If the server certificate cannot be obtained or is not signed
+by one of the trusted ones (directly or indirectly), fetchmail will
+disconnect, regardless of the \fBsslfingerprint\fP option.
.IP
Note that CRL (certificate revocation lists) are only supported in
OpenSSL 0.9.7 and newer! Your system clock should also be reasonably
@@ -1202,31 +1239,33 @@ capability response. Specify a user opti
username and the part to the right as the NTLM domain.
.SS Secure Socket Layers (SSL) and Transport Layer Security (TLS)
+.PP All retrieval protocols can use SSL or TLS wrapping for the
+transport. Additionally, POP3 and IMAP retrival can also negotiate
+SSL/TLS by means of STARTTLS (or STLS).
.PP
Note that fetchmail currently uses the OpenSSL library, which is
severely underdocumented, so failures may occur just because the
programmers are not aware of OpenSSL's requirement of the day.
For instance, since v6.3.16, fetchmail calls
OpenSSL_add_all_algorithms(), which is necessary to support certificates
-using SHA256 on OpenSSL 0.9.8 -- this information is deeply hidden in the
-documentation and not at all obvious. Please do not hesitate to report
-subtle SSL failures.
-.PP
-You can access SSL encrypted services by specifying the \-\-ssl option.
-You can also do this using the "ssl" user option in the .fetchmailrc
-file. With SSL encryption enabled, queries are initiated over a
-connection after negotiating an SSL session, and the connection fails if
-SSL cannot be negotiated. Some services, such as POP3 and IMAP, have
+using SHA256 on OpenSSL 0.9.8 -- this information is deeply hidden in
+the documentation and not at all obvious. Please do not hesitate to
+report subtle SSL failures.
+.PP
+You can access SSL encrypted services by specifying the options starting
+with \-\-ssl, such as \-\-ssl, \-\-sslproto, \-\-sslcertck, and others.
+You can also do this using the corresponding user options in the .fetchmailrc
+file. Some services, such as POP3 and IMAP, have
different well known ports defined for the SSL encrypted services. The
encrypted ports will be selected automatically when SSL is enabled and
-no explicit port is specified. The \-\-sslproto 'SSL3' option should be
-used to select the SSLv3 protocol (default if unset: v2 or v3). Also,
-the \-\-sslcertck command line or sslcertck run control file option
-should be used to force strict certificate checking - see below.
+no explicit port is specified. Also, the \-\-sslcertck command line or
+sslcertck run control file option should be used to force strict
+certificate checking - see below.
.PP
If SSL is not configured, fetchmail will usually opportunistically try to use
-STARTTLS. STARTTLS can be enforced by using \-\-sslproto "TLS1". TLS
-connections use the same port as the unencrypted version of the
+STARTTLS. STARTTLS can be enforced by using \-\-sslproto\~auto and
+defeated by using \-\-sslproto\~''.
+TLS connections use the same port as the unencrypted version of the
protocol and negotiate TLS via special command. The \-\-sslcertck
command line or sslcertck run control file option should be used to
force strict certificate checking - see below.
diff -up fetchmail-6.3.26/imap.c.orig fetchmail-6.3.26/imap.c
--- fetchmail-6.3.26/imap.c.orig 2013-04-23 22:00:45.000000000 +0200
+++ fetchmail-6.3.26/imap.c 2016-05-02 14:14:34.906139594 +0200
@@ -405,6 +405,8 @@ static int imap_getauth(int sock, struct
/* apply for connection authorization */
{
int ok = 0;
+ char *commonname;
+
(void)greeting;
/*
@@ -429,25 +431,21 @@ static int imap_getauth(int sock, struct
return(PS_SUCCESS);
}
-#ifdef SSL_ENABLE
- if (maybe_tls(ctl)) {
- char *commonname;
-
- commonname = ctl->server.pollname;
- if (ctl->server.via)
- commonname = ctl->server.via;
- if (ctl->sslcommonname)
- commonname = ctl->sslcommonname;
+ commonname = ctl->server.pollname;
+ if (ctl->server.via)
+ commonname = ctl->server.via;
+ if (ctl->sslcommonname)
+ commonname = ctl->sslcommonname;
- if (strstr(capabilities, "STARTTLS")
- || must_tls(ctl)) /* if TLS is mandatory, ignore capabilities */
+#ifdef SSL_ENABLE
+ if (maybe_starttls(ctl)) {
+ if ((strstr(capabilities, "STARTTLS") && maybe_starttls(ctl))
+ || must_starttls(ctl)) /* if TLS is mandatory, ignore capabilities */
{
- /* Use "tls1" rather than ctl->sslproto because tls1 is the only
- * protocol that will work with STARTTLS. Don't need to worry
- * whether TLS is mandatory or opportunistic unless SSLOpen() fails
- * (see below). */
+ /* Don't need to worry whether TLS is mandatory or
+ * opportunistic unless SSLOpen() fails (see below). */
if (gen_transact(sock, "STARTTLS") == PS_SUCCESS
- && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
+ && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, ctl->sslproto, ctl->sslcertck,
ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
ctl->server.pollname, &ctl->remotename)) != -1)
{
@@ -470,7 +468,7 @@ static int imap_getauth(int sock, struct
{
report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname);
}
- } else if (must_tls(ctl)) {
+ } else if (must_starttls(ctl)) {
/* Config required TLS but we couldn't guarantee it, so we must
* stop. */
set_timeout(0);
@@ -492,6 +490,10 @@ static int imap_getauth(int sock, struct
/* Usable. Proceed with authenticating insecurely. */
}
}
+ } else {
+ if (strstr(capabilities, "STARTTLS") && outlevel >= O_VERBOSE) {
+ report(stdout, GT_("%s: WARNING: server offered STARTTLS but sslproto '' given.\n"), commonname);
+ }
}
#endif /* SSL_ENABLE */
diff -up fetchmail-6.3.26/Makefile.am.orig fetchmail-6.3.26/Makefile.am
--- fetchmail-6.3.26/Makefile.am.orig 2013-04-23 22:00:45.000000000 +0200
+++ fetchmail-6.3.26/Makefile.am 2016-05-02 14:14:34.906139594 +0200
@@ -31,7 +31,7 @@ libfm_a_SOURCES= xmalloc.c base64.c rfc8
servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \
smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \
libesmtp/gethostbyname.h libesmtp/gethostbyname.c \
- smbtypes.h fm_getaddrinfo.c tls.c rfc822valid.c \
+ smbtypes.h fm_getaddrinfo.c starttls.c rfc822valid.c \
xmalloc.h sdump.h sdump.c x509_name_match.c \
fm_strl.h md5c.c
if NTLM_ENABLE
diff -up fetchmail-6.3.26/Makefile.in.orig fetchmail-6.3.26/Makefile.in
--- fetchmail-6.3.26/Makefile.in.orig 2013-04-23 23:36:56.000000000 +0200
+++ fetchmail-6.3.26/Makefile.in 2016-05-02 14:14:34.906139594 +0200
@@ -97,14 +97,14 @@ am__libfm_a_SOURCES_DIST = xmalloc.c bas
rfc2047e.c servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \
smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \
libesmtp/gethostbyname.h libesmtp/gethostbyname.c smbtypes.h \
- fm_getaddrinfo.c tls.c rfc822valid.c xmalloc.h sdump.h sdump.c \
+ fm_getaddrinfo.c starttls.c rfc822valid.c xmalloc.h sdump.h sdump.c \
x509_name_match.c fm_strl.h md5c.c ntlmsubr.c
@NTLM_ENABLE_TRUE@am__objects_1 = ntlmsubr.$(OBJEXT)
am_libfm_a_OBJECTS = xmalloc.$(OBJEXT) base64.$(OBJEXT) \
rfc822.$(OBJEXT) report.$(OBJEXT) rfc2047e.$(OBJEXT) \
servport.$(OBJEXT) smbdes.$(OBJEXT) smbencrypt.$(OBJEXT) \
smbmd4.$(OBJEXT) smbutil.$(OBJEXT) gethostbyname.$(OBJEXT) \
- fm_getaddrinfo.$(OBJEXT) tls.$(OBJEXT) rfc822valid.$(OBJEXT) \
+ fm_getaddrinfo.$(OBJEXT) starttls.$(OBJEXT) rfc822valid.$(OBJEXT) \
sdump.$(OBJEXT) x509_name_match.$(OBJEXT) md5c.$(OBJEXT) \
$(am__objects_1)
libfm_a_OBJECTS = $(am_libfm_a_OBJECTS)
@@ -483,7 +483,7 @@ libfm_a_SOURCES = xmalloc.c base64.c rfc
servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \
smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \
libesmtp/gethostbyname.h libesmtp/gethostbyname.c smbtypes.h \
- fm_getaddrinfo.c tls.c rfc822valid.c xmalloc.h sdump.h sdump.c \
+ fm_getaddrinfo.c starttls.c rfc822valid.c xmalloc.h sdump.h sdump.c \
x509_name_match.c fm_strl.h md5c.c $(am__append_1)
libfm_a_LIBADD = $(EXTRAOBJ)
libfm_a_DEPENDENCIES = $(EXTRAOBJ)
diff -up fetchmail-6.3.26/NEWS.orig fetchmail-6.3.26/NEWS
--- fetchmail-6.3.26/NEWS.orig 2013-04-23 23:35:49.000000000 +0200
+++ fetchmail-6.3.26/NEWS 2016-05-02 14:14:34.907139597 +0200
@@ -53,9 +53,33 @@ removed from a 6.4.0 or newer release.)
fetchmail may switch to a different SSL library.
* SSLv2 support will be removed from a future fetchmail release. It has been
obsolete for more than a decade.
-
+* SSLv3 support may be removed from a future fetchmail release. It has been
+ obsolete for many years and found insecure. Use TLS.
--------------------------------------------------------------------------------
+## SECURITY FIXES THAT AFFECT BEHAVIOUR AND MAY WANT RECONFIGURATION
+* Fetchmail no longer attempts to negotiate SSLv3 by default,
+ even with --sslproto ssl23. Fetchmail can now use SSLv3, or TLSv1.1 or a newer
+ TLS version, with STLS/STARTTLS (it would previously force TLSv1.0). If the
+ OpenSSL version used at build and run-time supports these versions, -sslproto
+ ssl3 can be used to enable this specific version. Doing so is discouraged
+ because these protocols are broken.
+
+ Along the lines suggested - as patch - by Kurt Roeckx, Debian Bug #768843.
+
+ While this change is supposed to be compatible with common configurations,
+ users are advised to change all explicit --sslproto ssl2, --sslproto
+ ssl3, --sslproto tls1 to --sslproto auto, so that they can enable TLSv1.1 and
+ TLSv1.2 on systems with OpenSSL 1.0.1 or newer.
+
+ The --sslproto option now understands the values auto, tls1+, tls1.1+,
+ tls1.2+ (case insensitively).
+
+## CHANGES
+* Fetchmail now supports --sslproto auto and --sslproto tls1+ (same as ssl23).
+* --sslproto tls1.1+ and tls1.2+ are now supported for auto-negotiation with a
+ minimum specified TLS protocol version.
+
fetchmail-6.3.26 (released 2013-04-23, 26180 LoC):
# NOTE THAT FETCHMAIL IS NO LONGER PUBLISHED THROUGH IBIBLIO.
@@ -75,6 +99,11 @@ fetchmail-6.3.26 (released 2013-04-23, 2
Fixes Launchpad Bug#1171818.
+* Fix SSL-enabled build on systems that do not declare SSLv3_client_method().
+ Related to Debian Bug#775255.
+* Version report lists -SSLv3 on +SSL builds that omit SSLv3_client_method().
+* Version report lists -SSLv2 on +SSL builds that omit SSLv2_client_method().
+
# KNOWN BUGS AND WORKAROUNDS
(This section floats upwards through the NEWS file so it stays with the
current release information)
diff -up fetchmail-6.3.26/pop3.c.orig fetchmail-6.3.26/pop3.c
--- fetchmail-6.3.26/pop3.c.orig 2013-04-23 22:00:45.000000000 +0200
+++ fetchmail-6.3.26/pop3.c 2016-05-02 14:14:34.907139597 +0200
@@ -281,6 +281,7 @@ static int pop3_getauth(int sock, struct
#endif /* OPIE_ENABLE */
#ifdef SSL_ENABLE
flag connection_may_have_tls_errors = FALSE;
+ char *commonname;
#endif /* SSL_ENABLE */
done_capa = FALSE;
@@ -393,7 +394,7 @@ static int pop3_getauth(int sock, struct
(ctl->server.authenticate == A_KERBEROS_V5) ||
(ctl->server.authenticate == A_OTP) ||
(ctl->server.authenticate == A_CRAM_MD5) ||
- maybe_tls(ctl))
+ maybe_starttls(ctl))
{
if ((ok = capa_probe(sock)) != PS_SUCCESS)
/* we are in STAGE_GETAUTH => failure is PS_AUTHFAIL! */
@@ -406,12 +407,12 @@ static int pop3_getauth(int sock, struct
(ok == PS_SOCKET && !ctl->wehaveauthed))
{
#ifdef SSL_ENABLE
- if (must_tls(ctl)) {
+ if (must_starttls(ctl)) {
/* fail with mandatory STLS without repoll */
report(stderr, GT_("TLS is mandatory for this session, but server refused CAPA command.\n"));
report(stderr, GT_("The CAPA command is however necessary for TLS.\n"));
return ok;
- } else if (maybe_tls(ctl)) {
+ } else if (maybe_starttls(ctl)) {
/* defeat opportunistic STLS */
xfree(ctl->sslproto);
ctl->sslproto = xstrdup("");
@@ -431,24 +432,19 @@ static int pop3_getauth(int sock, struct
}
#ifdef SSL_ENABLE
- if (maybe_tls(ctl)) {
- char *commonname;
+ commonname = ctl->server.pollname;
+ if (ctl->server.via)
+ commonname = ctl->server.via;
+ if (ctl->sslcommonname)
+ commonname = ctl->sslcommonname;
- commonname = ctl->server.pollname;
- if (ctl->server.via)
- commonname = ctl->server.via;
- if (ctl->sslcommonname)
- commonname = ctl->sslcommonname;
-
- if (has_stls
- || must_tls(ctl)) /* if TLS is mandatory, ignore capabilities */
+ if (maybe_starttls(ctl)) {
+ if (has_stls || must_starttls(ctl)) /* if TLS is mandatory, ignore capabilities */
{
- /* Use "tls1" rather than ctl->sslproto because tls1 is the only
- * protocol that will work with STARTTLS. Don't need to worry
- * whether TLS is mandatory or opportunistic unless SSLOpen() fails
- * (see below). */
+ /* Don't need to worry whether TLS is mandatory or
+ * opportunistic unless SSLOpen() fails (see below). */
if (gen_transact(sock, "STLS") == PS_SUCCESS
- && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
+ && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, ctl->sslproto, ctl->sslcertck,
ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
ctl->server.pollname, &ctl->remotename)) != -1)
{
@@ -475,7 +471,7 @@ static int pop3_getauth(int sock, struct
{
report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname);
}
- } else if (must_tls(ctl)) {
+ } else if (must_starttls(ctl)) {
/* Config required TLS but we couldn't guarantee it, so we must
* stop. */
set_timeout(0);
@@ -495,7 +491,11 @@ static int pop3_getauth(int sock, struct
}
}
}
- } /* maybe_tls() */
+ } else { /* maybe_starttls() */
+ if (has_stls && outlevel >= O_VERBOSE) {
+ report(stdout, GT_("%s: WARNING: server offered STLS, but sslproto '' given.\n"), commonname);
+ }
+ } /* maybe_starttls() */
#endif /* SSL_ENABLE */
/*
diff -up fetchmail-6.3.26/README.SSL.orig fetchmail-6.3.26/README.SSL
--- fetchmail-6.3.26/README.SSL.orig 2013-01-02 23:38:24.000000000 +0100
+++ fetchmail-6.3.26/README.SSL 2016-05-02 14:14:34.907139597 +0200
@@ -11,36 +11,48 @@ specific to fetchmail.
In case of troubles, mail the README.SSL-SERVER file to your ISP and
have them check their server configuration against it.
-Unfortunately, fetchmail confuses SSL/TLS protocol levels with whether
-a service needs to use in-band negotiation (STLS/STARTTLS for POP3/IMAP4) or is
-totally SSL-wrapped on a separate port. For compatibility reasons, this cannot
-be fixed in a bugfix release.
+Unfortunately, fetchmail confuses SSL/TLS protocol levels with whether a
+service needs to use in-band negotiation (STLS/STARTTLS for POP3/IMAP4)
+or is totally SSL-wrapped on a separate port. For compatibility
+reasons, this cannot be fixed in a bugfix or minor release.
-- Matthias Andree, 2009-05-09
+Also, fetchmail 6.4.0 and newer releases (this is also true for this release,
+as the changes were backported from upstream - noted by Red Hat) changed
+some of the semantics as the result of a bug-fix, and will auto-negotiate
+TLSv1 or newer only. If your server does not support this, you may have
+to specify --sslproto ssl3. This is in order to prefer the newer TLS
+protocols, because SSLv2 and v3 are broken.
+
+ -- Matthias Andree, 2015-01-16
+
Quickstart
----------
+Use an up-to-date release of OpenSSL 1.0.1 or newer, so as to get
+TLSv1.2 support.
+
For use of SSL or TLS with in-band negotiation on the regular service's port,
i. e. with STLS or STARTTLS, use these command line options
- --sslproto tls1 --sslcertck
+ --sslproto auto --sslcertck
or these options in the rcfile (after the respective "user"... options)
- sslproto tls1 sslcertck
+ sslproto auto sslcertck
For use of SSL or TLS on a separate port, if the whole TCP connection is
-SSL-encrypted from the very beginning, use these command line options (in the
-rcfile, omit all leading "--"):
+SSL-encrypted from the very beginning (SSL- or TLS-wrapped), use these
+command line options (in the rcfile, omit all leading "--"):
- --ssl --sslproto ssl3 --sslcertck
+ --ssl --sslproto auto --sslcertck
or these options in the rcfile (after the respective "user"... options)
- ssl sslproto ssl3 sslcertck
+ ssl sslproto auto sslcertck
Background and use (long version :-))
diff -up fetchmail-6.3.26/socket.c.orig fetchmail-6.3.26/socket.c
--- fetchmail-6.3.26/socket.c.orig 2013-04-23 22:00:45.000000000 +0200
+++ fetchmail-6.3.26/socket.c 2016-05-02 14:16:27.711570350 +0200
@@ -876,6 +876,9 @@ int SSLOpen(int sock, char *mycert, char
{
struct stat randstat;
int i;
+ /* disable SSLv2 and SSLv3 by default. SSLv2 can be enabled with '--sslproto ssl2'.
+ SSLv3 can be enabled with '--sslproto ssl3' or '--sslproto ssl3+' */
+ int avoid_ssl_versions = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
long sslopts = SSL_OP_ALL;
SSL_load_error_strings();
@@ -910,21 +913,61 @@ int SSLOpen(int sock, char *mycert, char
#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
#else
- report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+ report(stderr, GT_("Your OpenSSL version does not support SSLv2.\n"));
return -1;
#endif
+ avoid_ssl_versions &= ~SSL_OP_NO_SSLv2;
} else if(!strcasecmp("ssl3",myproto)) {
+#if HAVE_DECL_SSLV3_CLIENT_METHOD + 0 > 0
_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
+#else
+ report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));
+ return -1;
+#endif
+ avoid_ssl_versions &= ~SSL_OP_NO_SSLv3;
+ } else if(!strcasecmp("ssl3+",myproto)) {
+ avoid_ssl_versions &= ~SSL_OP_NO_SSLv3;
+ myproto = NULL;
} else if(!strcasecmp("tls1",myproto)) {
_ctx[sock] = SSL_CTX_new(TLSv1_client_method());
- } else if (!strcasecmp("ssl23",myproto)) {
+ } else if(!strcasecmp("tls1+",myproto)) {
+ myproto = NULL;
+#if defined(TLS1_1_VERSION) && TLS_MAX_VERSION >= TLS1_1_VERSION
+ } else if(!strcasecmp("tls1.1",myproto)) {
+ _ctx[sock] = SSL_CTX_new(TLSv1_1_client_method());
+ } else if(!strcasecmp("tls1.1+",myproto)) {
+ myproto = NULL;
+ avoid_ssl_versions |= SSL_OP_NO_TLSv1;
+#else
+ } else if(!strcasecmp("tls1.1",myproto) || !strcasecmp("tls1.1+", myproto)) {
+ report(stderr, GT_("Your OpenSSL version does not support TLS v1.1.\n"));
+ return -1;
+#endif
+#if defined(TLS1_2_VERSION) && TLS_MAX_VERSION >= TLS1_2_VERSION
+ } else if(!strcasecmp("tls1.2",myproto)) {
+ _ctx[sock] = SSL_CTX_new(TLSv1_2_client_method());
+ } else if(!strcasecmp("tls1.2+",myproto)) {
+ myproto = NULL;
+ avoid_ssl_versions |= SSL_OP_NO_TLSv1;
+ avoid_ssl_versions |= SSL_OP_NO_TLSv1_1;
+#else
+ } else if(!strcasecmp("tls1.2",myproto) || !strcasecmp("tls1.2+", myproto)) {
+ report(stderr, GT_("Your OpenSSL version does not support TLS v1.2.\n"));
+ return -1;
+#endif
+ } else if (!strcasecmp("ssl23",myproto) || 0 == strcasecmp("auto",myproto)) {
myproto = NULL;
} else {
- report(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSLv23).\n"), myproto);
+ report(stderr,GT_("Invalid SSL protocol '%s' specified, using default autoselect (SSL23).\n"), myproto);
myproto = NULL;
}
}
+ // do not combine into an else { } as myproto may be nulled
+ // above!
if(!myproto) {
+ // SSLv23 is a misnomer and will in fact use the best
+ // available protocol, subject to SSL_OP_NO*
+ // constraints.
_ctx[sock] = SSL_CTX_new(SSLv23_client_method());
}
if(_ctx[sock] == NULL) {
@@ -938,7 +981,7 @@ int SSLOpen(int sock, char *mycert, char
sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
}
- SSL_CTX_set_options(_ctx[sock], sslopts);
+ SSL_CTX_set_options(_ctx[sock], sslopts | avoid_ssl_versions);
if (certck) {
SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
@@ -1017,6 +1060,24 @@ int SSLOpen(int sock, char *mycert, char
return(-1);
}
+ if (outlevel >= O_VERBOSE) {
+ SSL_CIPHER const *sc;
+ int bitsmax, bitsused;
+
+ const char *ver;
+
+ ver = SSL_get_version(_ssl_context[sock]);
+
+ sc = SSL_get_current_cipher(_ssl_context[sock]);
+ if (!sc) {
+ report (stderr, GT_("Cannot obtain current SSL/TLS cipher - no session established?\n"));
+ } else {
+ bitsused = SSL_CIPHER_get_bits(sc, &bitsmax);
+ report(stdout, GT_("SSL/TLS: using protocol %s, cipher %s, %d/%d secret/processed bits\n"),
+ ver, SSL_CIPHER_get_name(sc), bitsused, bitsmax);
+ }
+ }
+
/* Paranoia: was the callback not called as we expected? */
if (!_depth0ck) {
report(stderr, GT_("Certificate/fingerprint verification was somehow skipped!\n"));
diff -up fetchmail-6.3.26/starttls.c.orig fetchmail-6.3.26/starttls.c
--- fetchmail-6.3.26/starttls.c.orig 2016-05-02 14:14:34.908139601 +0200
+++ fetchmail-6.3.26/starttls.c 2016-05-02 14:14:34.908139601 +0200
@@ -0,0 +1,37 @@
+/** \file tls.c - collect common TLS functionality
+ * \author Matthias Andree
+ * \date 2006
+ */
+
+#include "fetchmail.h"
+
+#include <string.h>
+
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+
+/** return true if user allowed opportunistic STARTTLS/STLS */
+int maybe_starttls(struct query *ctl) {
+#ifdef SSL_ENABLE
+ /* opportunistic or forced TLS */
+ return (!ctl->sslproto || strlen(ctl->sslproto))
+ && !ctl->use_ssl;
+#else
+ (void)ctl;
+ return 0;
+#endif
+}
+
+/** return true if user requires STARTTLS/STLS, note though that this
+ * code must always use a logical AND with maybe_tls(). */
+int must_starttls(struct query *ctl) {
+#ifdef SSL_ENABLE
+ return maybe_starttls(ctl)
+ && (ctl->sslfingerprint || ctl->sslcertck
+ || (ctl->sslproto && !strcasecmp(ctl->sslproto, "tls1")));
+#else
+ (void)ctl;
+ return 0;
+#endif
+}
diff -up fetchmail-6.3.26/tls.c.orig fetchmail-6.3.26/tls.c
--- fetchmail-6.3.26/tls.c.orig 2013-04-23 22:00:45.000000000 +0200
+++ fetchmail-6.3.26/tls.c 2016-05-02 14:14:34.908139601 +0200
@@ -1,35 +0,0 @@
-/** \file tls.c - collect common TLS functionality
- * \author Matthias Andree
- * \date 2006
- */
-
-#include "fetchmail.h"
-
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-/** return true if user allowed TLS */
-int maybe_tls(struct query *ctl) {
-#ifdef SSL_ENABLE
- /* opportunistic or forced TLS */
- return (!ctl->sslproto || !strcasecmp(ctl->sslproto,"tls1"))
- && !ctl->use_ssl;
-#else
- (void)ctl;
- return 0;
-#endif
-}
-
-/** return true if user requires TLS, note though that this code must
- * always use a logical AND with maybe_tls(). */
-int must_tls(struct query *ctl) {
-#ifdef SSL_ENABLE
- return maybe_tls(ctl)
- && (ctl->sslfingerprint || ctl->sslcertck
- || (ctl->sslproto && !strcasecmp(ctl->sslproto, "tls1")));
-#else
- (void)ctl;
- return 0;
-#endif
-}

7
SOURCES/fetchmail-6.3.26.tar.xz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEABECAAYFAlF2/zAACgkQvmGDOQUufZU65ACgsCpaBSklzY/wF9lYX8xLeOPZ
KFAAniIj07N3WeMmWtOHUcmqbJjbl0QU
=3T6y
-----END PGP SIGNATURE-----

11
SOURCES/fetchmail.service Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=A remote-mail retrieval utility
After=local-fs.target network.target
[Service]
User=mail
ExecStart=/usr/bin/fetchmail -d 300 --fetchmailrc /etc/fetchmailrc.example
RestartSec=1
[Install]
WantedBy=multi-user.target

2
SOURCES/fetchmailrc.example Normal file
View File

@ -0,0 +1,2 @@
#poll pop.domain.com proto pop3
# user 'user1' there with password 'secret' is user1 here

690
SPECS/fetchmail.spec Normal file
View File

@ -0,0 +1,690 @@
Summary: A remote mail retrieval and forwarding utility
Name: fetchmail
Version: 6.3.26
Release: 19%{?dist}
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
Source1: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz.asc
# systemd service file
Source2: fetchmail.service
# example configuration file
Source3: fetchmailrc.example
# Improves SSL related options
Patch0: fetchmail-6.3.26-ssl-backport.patch
# Minor fixes of inacurracies in options, usage message and man page (accepted upstream)
Patch1: fetchmail-6.3.26-options-usage-manpage.patch
Patch2: fetchmail-6.3.24-sslv3-in-ssllib-check.patch
URL: http://www.fetchmail.info/
# For a breakdown of the licensing, see COPYING
License: GPL+ and Public Domain
Group: Applications/Internet
BuildRequires: gettext-devel krb5-devel openssl-devel systemd
%description
Fetchmail is a remote mail retrieval and forwarding utility intended
for use over on-demand TCP/IP links, like SLIP or PPP connections.
Fetchmail supports every remote-mail protocol currently in use on the
Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,
and IPSEC) for retrieval. Then Fetchmail forwards the mail through
SMTP so you can read it through your favorite mail client.
Install fetchmail if you need to retrieve mail over SLIP or PPP
connections.
%prep
%setup -q
%patch0 -p1 -b .ssl-backport
%patch1 -p1 -b .options-usage-manpage
%patch2 -p1 -b .sslv3-in-ssllib-check
%build
%configure --enable-POP3 --enable-IMAP --with-ssl --without-hesiod \
--enable-ETRN --enable-NTLM --enable-SDPS --enable-RPA \
--enable-nls --with-kerberos5 --with-gssapi \
--enable-fallback=no
make
%install
make install DESTDIR=$RPM_BUILD_ROOT
# install example systemd unit
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
install -p -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_unitdir}/fetchmail.service
# install example config file
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
install -p -m 600 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/fetchmailrc.example
# remove fetchmailconf stuff
rm -f $RPM_BUILD_ROOT%{_bindir}/fetchmailconf*
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/fetchmailconf.1*
rm -f $RPM_BUILD_ROOT%{python3_sitelib}/fetchmailconf.py*
%find_lang %name
%files -f %{name}.lang
%doc COPYING FAQ FEATURES NEWS NOTES README README.SSL TODO
%{_bindir}/fetchmail
%{_mandir}/man1/fetchmail.1*
%{_unitdir}/fetchmail.service
%config(noreplace) %attr(0600, mail, mail) %{_sysconfdir}/fetchmailrc.example
%changelog
* Wed Nov 28 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.26-19
- Remove hesiod dependency
Resolves: #1638490
* Tue Jul 31 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.26-18
- Fix failing builds
Resolves: #1609979
* Fri Jun 15 2018 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.26-17
- Remove unnecessary python-devel dependency
(disables build of fetchmailconf, but we don't pack it into rpm anyway)
Resolves: #1591710
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.3.26-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 6.3.26-15
- Rebuilt for switch to libxcrypt
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 6.3.26-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 6.3.26-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Wed Jun 14 2017 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.26-12
- Fix checking for availability of SSLv3 in openssl library
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 6.3.26-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon May 02 2016 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.26-10
- Improve output related to SSLv3 disabling
Resolves: #1331702
- Minor fixes in options, usage message and man page
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 6.3.26-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Oct 20 2015 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.26-8
- Backport better SSL support from upstream
* Mon Sep 14 2015 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.26-7
- Add exapmles of systemd service file and config file
* Mon Jul 13 2015 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.26-6
- Fix fetchmail FTBFS in rawhide
Resolves: #1239500
- Fix bogus dates in the %%changelog
- Fix Source and URL
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.3.26-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.3.26-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.3.26-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.3.26-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Apr 24 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.26-1
- Update to fetchmail-6.3.26
* Tue Mar 19 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.25-1
- Update to fetchmail-6.3.25
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.3.24-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Jan 07 2013 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.24-1
- Update to fetchmail-6.3.24
* Tue Dec 11 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.23-1
- Update to fetchmail-6.3.23
* Mon Sep 03 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.22-1
- Update to fetchmail-6.3.22
* Mon Aug 27 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.21-5
- Fix issues found by fedora-review utility in the spec file
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.3.21-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Mar 13 2012 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.21-3
- Remove obsolete fetchmailconf stuff
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.3.21-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Aug 22 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.21-1
- Update to fetchmail-6.3.21
Resolves: #732400
* Tue Jun 07 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.20-1
- Update to fetchmail-6.3.20
* Thu Jun 02 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.19-5
- Fix CVE-2011-1947
* Mon Mar 07 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.19-4
- Remove server(smtp) dependency
* Wed Feb 09 2011 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.19-3
- Disable /usr/bin/procmail fallback
Resolves: #672452
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.3.19-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Dec 13 2010 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.19-1
- Update to fetchmail-6.3.19
* Tue Oct 12 2010 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.18-1
- Update to fetchmail-6.3.18
* Thu May 6 2010 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.17-1
- Update to fetchmail-6.3.17
* Wed Apr 7 2010 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.16-1
- Update to fetchmail-6.3.16
* Mon Mar 29 2010 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.15-1
- Update to fetchmail-6.3.15
* Tue Feb 9 2010 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.14-1
- Update to fetchmail-6.3.14
- Use xz compressed upstream tarball
* Tue Nov 3 2009 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.13-1
- Update to fetchmail-6.3.13
* Wed Oct 7 2009 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.12-1
- Update to fetchmail-6.3.12
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 6.3.11-3
- rebuilt with new openssl
* Tue Aug 18 2009 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.11-2
- Regression bug fix for fetchmail 6.3.11
* Thu Aug 6 2009 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.11-1
- Update to fetchmail-6.3.11
- Remove addrconf patch (upstream now)
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.3.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Tue Jun 09 2009 Adam Jackson <ajax@redhat.com> 6.3.9-4
- Rebuild to get rid of libkrb4 dependency.
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.3.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Fri Jan 16 2009 Tomas Mraz <tmraz@redhat.com> - 6.3.9-2
- rebuild with new openssl
* Wed Dec 3 2008 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.9-1
- Update to fetchmail-6.3.9
* Thu Sep 18 2008 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.8-8
- Rediff all patches to work with patch --fuzz=0
- Replace server(smtp) requires by procmail
Resolves: #66396
* Fri Jun 27 2008 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.8-7
- Fix CVE-2008-2711
* Wed Mar 26 2008 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.8-6
- Replace smtpdaemon requires by server(smtp) requires
Resolves: #66396
* Mon Feb 11 2008 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.8-5
- Fix Buildroot
* Wed Dec 5 2007 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.8-4
- Rebuild
* Tue Sep 4 2007 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.8-3
- Fix CVE-2007-4565
* Thu Aug 23 2007 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.8-2
- fix license
- rebuild
* Mon Jul 2 2007 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.3.8-1
- Update to fetchmail-6.3.8 (#246445)
* Mon Feb 19 2007 Miloslav Trmac <mitr@redhat.com> - 6.3.7-1
- Update to fetchmail-6.3.7
* Mon Jan 22 2007 Miloslav Trmac <mitr@redhat.com> - 6.3.6-2
- Let KPOP use PASS again
Resolves: #223661
* Sat Jan 6 2007 Miloslav Trmac <mitr@redhat.com> - 6.3.6-1
- Update to fetchmail-6.3.6 (CVE-2006-5867, CVE-2006-5974)
* Wed Nov 1 2006 Miloslav Trmac <mitr@redhat.com> - 6.3.5-1
- Update to fetchmail-6.3.5
- Fix some rpmlint warnings
* Sun Sep 24 2006 Miloslav Trmac <mitr@redhat.com> - 6.3.4-2
- Don't increase the certificate search path on each poll (#206346)
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 6.3.4-1.1
- rebuild
* Mon May 1 2006 Miloslav Trmac <mitr@redhat.com> - 6.3.4-1
- Update to fetchmail-6.3.4
* Sat Apr 1 2006 Miloslav Trmac <mitr@redhat.com> - 6.3.3-3
- Fix fetchmail-6.3.3-resolv.patch
* Fri Mar 31 2006 Miloslav Trmac <mitr@redhat.com> - 6.3.3-2
- Fix some type mismatches on 64-bit architectures
- Fix checking for res_* on architectures with newer glibc ABI
* Fri Mar 31 2006 Miloslav Trmac <mitr@redhat.com> - 6.3.3-1
- Update to fetchmail-6.3.3
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 6.3.2.1-1.2
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 6.3.2.1-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Mon Jan 30 2006 Miloslav Trmac <mitr@redhat.com> - 6.3.2.1-1
- Update to fetchmail-6.3.2.1
* Mon Jan 23 2006 Miloslav Trmac <mitr@redhat.com> - 6.3.2-1
- Update to fetchmail-6.3.2 (CVE-2006-0321)
* Tue Dec 20 2005 Miloslav Trmac <mitr@redhat.com> - 6.3.1-1
- Update to fetchmail-6.3.1 (CVE-2005-4348)
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
* Fri Dec 2 2005 Miloslav Trmac <mitr@redhat.com> - 6.3.0-1
- Update to fetchmail-6.3.0
- Remove nohesiod and nokerberos conditionals
* Wed Nov 30 2005 Miloslav Trmac <mitr@redhat.com> - 6.2.9-0.1.rc10
- Update to fetchmail-6.2.9-rc10
* Wed Nov 9 2005 Miloslav Trmac <mitr@redhat.com> - 6.2.5.2-2
- Rebuild with new openssl
- Ship README.SSL, drop html documentation copies
* Fri Jul 22 2005 Miloslav Trmac <mitr@redhat.com> - 6.2.5.2-1
- Update to fetchmail-6.2.5.2
* Thu Jul 21 2005 Miloslav Trmac <mitr@redhat.com> - 6.2.5.1-1
- Update to fetchmail-6.2.5.1 to fix CAN-2005-2335 (#163819)
- Fix crash on empty Message-ID
* Mon Jul 18 2005 Karsten Hopp <karsten@redhat.de> 6.2.5-10
- Buildrequires gettext-devel for AM_GNU_GETTEXT macro
* Sat Jun 11 2005 Miloslav Trmac <mitr@redhat.com> - 6.2.5-9
- Fix fetchmailconf handling of unspecified server port
* Tue Jun 7 2005 Miloslav Trmac <mitr@redhat.com> - 6.2.5-8
- Fix APOP and RPOP (#127315)
- Don't link to libdl
* Wed Mar 16 2005 Nalin Dahyabhai <nalin@redhat.com> 6.2.5-7
- stop using one of the libkrb5 private functions
* Thu Sep 30 2004 John Dennis <jdennis@redhat.com> 6.2.5-6
- fix bug #113492
after expunge, dovecot hangs fetchmail if new e-mail came in
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Wed May 19 2004 Nalin Dahyabhai <nalin@redhat.com> 6.2.5-4
- turn on SDPS (#123599) and RPA
* Wed May 19 2004 Joe Orton <jorton@redhat.com> 6.2.5-3
- pass AI_ADDRCONFIG to getaddrinfo to prevent pointless AAAA lookups
* Wed Apr 21 2004 Nalin Dahyabhai <nalin@redhat.com> 6.2.5-2
- distill out portions of pop3.c which don't affect capa probing
* Fri Apr 16 2004 Nalin Dahyabhai <nalin@redhat.com>
- switch to Robert Scheck's fix for capa probing endless loop on pop servers
which don't support capa (#115474)
* Thu Apr 15 2004 Nalin Dahyabhai <nalin@redhat.com>
- split the use-correct-service-name and check-for-gssapi-in-pop portions of
gssapi+pop fix into pieces
- only trigger pop capa probe if authentication method != password
* Mon Mar 15 2004 Nalin Dahyabhai <nalin@redhat.com> 6.2.5-1
- update to 6.2.5, per Eric's recommendation
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Mon Feb 2 2004 Nalin Dahyabhai <nalin@redhat.com> 6.2.0-9
- add patch to ensure that stuffed warnings always end in cr-lf (#114470)
* Tue Nov 25 2003 Nalin Dahyabhai <nalin@redhat.com>
- blah, merge multiple patches for krb5-config things into one
* Fri Nov 14 2003 Nalin Dahyabhai <nalin@redhat.com>
- fix gssapi support authenticating to imap, even when connected to pop
* Thu Nov 13 2003 Nalin Dahyabhai <nalin@redhat.com>
- munge, munge, munge. kpop build resurrected, at least for now.
* Fri Oct 10 2003 Nalin Dahyabhai <nalin@redhat.com> 6.2.0-8
- add patch to not truncate headers which have been munged to include a
hostname where one didn't exist before (CAN-2003-0792), backport from fix
for 6.2.4 included in 6.2.5
* Thu Oct 9 2003 Nalin Dahyabhai <nalin@redhat.com>
- add patch from Markus Friedl to fix possible buffer underrun (CAN-2003-0790)
* Tue Sep 23 2003 Florian La Roche <Florian.LaRoche@redhat.de>
- allow compiling without hesiod
* Tue Jun 24 2003 Nalin Dahyabhai <nalin@redhat.com> 6.2.0-6
- rebuild
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Tue Apr 29 2003 Nalin Dahyabhai <nalin@redhat.com>
- update URLs
* Wed Jan 22 2003 Tim Powers <timp@redhat.com> 6.2.0-3
- rebuilt
* Tue Jan 7 2003 Nalin Dahyabhai <nalin@redhat.com> 6.2.0-2
- rebuild
* Fri Dec 13 2002 Nalin Dahyabhai <nalin@redhat.com> 6.2.0-1
- update to 6.2.0
* Mon Nov 4 2002 Nalin Dahyabhai <nalin@redhat.com> 6.1.2-1
- update to 6.1.2
* Fri Oct 4 2002 Nalin Dahyabhai <nalin@redhat.com> 6.1.0-1
- add -L/usr/kerberos/%%{_lib} to LDFLAGS so that the Kerberos libraries will
be found again
* Wed Sep 25 2002 Nalin Dahyabhai <nalin@redhat.com>
- update to 6.0.0
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Tue Jun 11 2002 Nalin Dahyabhai <nalin@redhat.com> 5.9.0-15
- remove and obsolete the fetchmailconf subpackage (tkinter is gone, so it
can't be run)
* Mon Jun 3 2002 Nalin Dahyabhai <nalin@redhat.com> 5.9.0-14
- require hesiod at build-time
* Sun May 26 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 5.9.0-12
- rebuild in new environment
- require autoconf213
- enable hesiod support
* Wed May 1 2002 Nalin Dahyabhai <nalin@redhat.com> 5.9.0-11
- rebuild
* Wed May 1 2002 Nalin Dahyabhai <nalin@redhat.com> 5.9.0-10
- reject bogusly large message counts on 64-bit systems, too
* Wed Mar 27 2002 Nalin Dahyabhai <nalin@redhat.com> 5.9.0-8
- configure with --enable-NTLM, not --enable-ntlm, ditto for ETRN, POP3, IMAP
* Mon Mar 11 2002 Nalin Dahyabhai <nalin@redhat.com>
- add patch to reject bogusly large message counts, backported from 5.9.10
- build for RHL 6.2 errata
* Fri Feb 22 2002 Nalin Dahyabhai <nalin@redhat.com> 5.9.0-5
- rebuild
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 5.9.0-4
- rebuild in new environment
* Wed Jan 09 2002 Tim Powers <timp@redhat.com> 5.9.0-3
- automated rebuild
* Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com> 5.9.0-2
- remove explicit dependency on krb5-libs
* Mon Aug 13 2001 Nalin Dahyabhai <nalin@redhat.com> 5.9.0-1
- update to 5.9.0 final release
* Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.8.17, candidate for 5.9.0
* Tue Jul 17 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.8.14
* Fri Jul 6 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.8.12
* Mon Jul 2 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.8.11
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
- fetchmailconf should depend on tkinter (#42156)
* Thu Jun 21 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.8.8
* Tue Jun 19 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.8.7
* Tue Jun 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.8.6, which approaches a 5.9.0
* Wed May 30 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.8.5
* Tue May 22 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.8.4
* Fri Apr 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- rebuild in new environment
* Tue Apr 17 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.8.1, which includes patches we were using
* Wed Apr 4 2001 Nalin Dahyabhai <nalin@redhat.com>
- fix handling of "any" authentication (#32527)
- accept more arguments to --auth
- parse "auth password" correctly in the configuration file
* Wed Mar 21 2001 Nalin Dahyabhai <nalin@redhat.com>
- fall back to plain auth if gssapi fails (#32527)
* Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com>
- properly handle "nospambounce" in the config file (#31234)
* Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.7.4, which merges our patches
* Mon Mar 5 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.7.2
- call AC_PROG_MAKE_SET in configure.in
- fix various things which cause it to not compile if gssapi is enabled
* Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com>
- rebuild in new environment
* Fri Feb 23 2001 Trond Eivind Glomsrød <teg@redhat.com>
- langify
* Mon Feb 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- work around sockets without an sa_len field
* Fri Feb 9 2001 Nalin Dahyabhai <nalin@redhat.com>
- fix for exception when adding hosts in fetchmailconf (#26387)
* Thu Feb 8 2001 Nalin Dahyabhai <nalin@redhat.com>
- add Todd Sabin's patch for handling untagged responses during CRAM-MD5 auth
* Mon Jan 15 2001 Nalin Dahyabhai <nalin@redhat.com>
- enable IPv6 support (#24033)
* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- enable NLS (#21419)
* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.6.0
- revert "untagged" patch, which went upstream
* Wed Nov 8 2000 Nalin Dahyabhai <nalin@redhat.com>
- patch to handle untagged responses during IMAP-GSS authentication
- update to 5.5.5
* Thu Aug 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- enable SSL support
* Sat Aug 12 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.5.0
- change Copyright: to License: GPL
* Tue Aug 8 2000 Nalin Dahyabhai <nalin@redhat.com>
- back out MDA patch; sendmail started listening by default again
* Thu Aug 3 2000 Nalin Dahyabhai <nalin@redhat.com>
- patch to use procmail as an MDA by default
- patch to not run makedepend
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
* Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.4.3
* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix a typo in 5.4.2
* Wed Jun 28 2000 Matt Wilson <msw@redhat.com>
- fixed configure arguments to not have a continuation at the end of the last
one
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.4.2
* Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.4.1
- FHS fixes, with mandir override
- change fetchmailconf.1 symlink to an include
* Thu May 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix Kerberos configure patch to work correctly for krb5 1.0, too
* Fri May 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.4.0
- rework Kerberos dependencies
* Fri Apr 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 5.3.8
* Tue Apr 4 2000 Bill Nottingham <notting@redhat.com>
- eliminate explicit krb5-configs dependency
* Mon Mar 6 2000 Bernhard Rosenkränzer <bero@redhat.com>
- 5.3.1 - This fixes Bugs #9982 and #9987
* Wed Mar 1 2000 Nalin Dahyabhai <nalin@redhat.com>
- make kerberos support conditional at build-time
* Wed Mar 1 2000 Bill Nottingham <notting@redhat.com>
- integrate kerberos support into main tree
* Fri Feb 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- Add Kerberos and GSS authenticator support
* Fri Feb 25 2000 Cristian Gafton <gafton@redhat.com>
- version 5.3.0 has a correct version of the rfc822 patch
* Fri Feb 25 2000 Jeff Johnson <jbj@redhat.com>
- fix length of rfc822 headers in strcncasecmp().
* Tue Feb 15 2000 Bernhard Rosenkränzer <bero@redhat.com>
- 5.2.8 (fixes the POP3-UIDL bug)
- Fix up the fetchmailconf man page symlink
* Fri Feb 11 2000 Cristian Gafton <gafton@redhat.com>
- version 5.2.7
- add patch so that fetchmailconf will not output ssl configure statements
is no ssl is configured
* Mon Jan 31 2000 Cristian Gafton <gafton@redhat.com>
- rebuild to fix deps
- man pages are compressed
- enable %%clean
* Tue Jan 11 2000 Bernhard Rosenkraenzer <bero@redhat.com>
- 5.2.3
- fetchmailconf requires fetchmail = %%{version}
- fix compilation
* Mon Dec 27 1999 Bernhard Rosenkraenzer <bero@redhat.com>
- 5.2.2
* Thu Sep 23 1999 Preston Brown <pbrown@redhat.com>
- got 5.1.0, fixes potential buffer overflow...
* Sat Jun 12 1999 Jeff Johnson <jbj@redhat.com>
- update to 5.0.4.
* Mon Apr 05 1999 Cristian Gafton <gafton@redhat.com>
- 5.0.0
* Tue Mar 30 1999 Preston Brown <pbrown@redhat.com>
- subpackage for fetchmailconf
* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
- auto rebuild in the new build environment (release 2)
* Thu Dec 17 1998 Cristian Gafton <gafton@redhat.com>
- version 4.7.0
- build against glibc 2.1
* Sat Sep 19 1998 Jeff Johnson <jbj@redhat.com>
- correct typo in dangling symlink fix.
* Wed Sep 09 1998 Cristian Gafton <gafton@redhat.com>
- update to 4.5.8
* Wed Jul 22 1998 Jeff Johnson <jbj@redhat.com>
- update to 4.5.3.
* Fri May 08 1998 Cristian Gafton <gafton@redhat.com>
- fixed spelung eror in the decsriptoin
* Thu May 07 1998 Cristian Gafton <gafton@redhat.com>
- new version 4.4.4 fixes a lot of bugs
* Fri Apr 24 1998 Prospector System <bugs@redhat.com>
- translations modified for de, fr, tr
* Thu Apr 09 1998 Cristian Gafton <gafton@redhat.com>
- upgraded to 4.4.1
- buildroot
* Thu Oct 23 1997 Michael Fulbright <msf@redhat.com>
- Updated to 4.3.2 using SRPM from Eric Raymond
* Thu Jul 10 1997 Erik Troan <ewt@redhat.com>
- built against glibc