Re: [blfs-book] [BLFS Trac] #12436: fetchmail-6.4.1

[BLFS Trac via blfs-book]

#12436: fetchmail-6.4.1
-+-
 Reporter:  bdubbs   |   Owner:  ken@…
 Type:  enhancement  |  Status:  closed
 Priority:  normal   |   Milestone:  9.1
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:  fixed
 Keywords:   |
-+-
Changes (by ken@…):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 r22298.

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #12436: fetchmail-6.4.1

[BLFS Trac via blfs-book]

#12436: fetchmail-6.4.1
-+---
 Reporter:  bdubbs   |   Owner:  ken@…
 Type:  enhancement  |  Status:  assigned
 Priority:  normal   |   Milestone:  9.1
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+---

Comment (by ken@…):

 Replying to [comment:6 ken@…]:

 > tl;dr - in progress, but probably won't be done until early in November.

 I was too despondent : I will need to check my local scripts a couple of
 times next week, but the changes for 6.4.1 that I intend to put in the
 book are not affected by that. However, watching how it runs when invoked
 as a user has pointed to some changes for the book's fetchmailrc. Will do
 it shortly.

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #12436: fetchmail-6.4.1

[BLFS Trac via blfs-book]

#12436: fetchmail-6.4.1
-+---
 Reporter:  bdubbs   |   Owner:  ken@…
 Type:  enhancement  |  Status:  assigned
 Priority:  normal   |   Milestone:  9.1
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+---

Comment (by ken@…):

 I've been intermittently looking at this, but my test accounts are not
 particularly useful for this. Will try modifying my current system to use
 fcron as my normal user. And then look at adding the user log to
 logrotate. If it works for me, will then confirm with 6.4.1. I'm a bit
 worried about the size of user log file (at the moment root runs fetchmail
 as a daemon from my initscript, for a user that will not work for me
 because I need to stop it to perform certain housekeeping on my maildirs
 at start of month.

 tl;dr - in progress, but probably won't be done until early in November.

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #12436: fetchmail-6.4.1

[BLFS Trac via blfs-book]

#12436: fetchmail-6.4.1
-+---
 Reporter:  bdubbs   |   Owner:  ken@…
 Type:  enhancement  |  Status:  assigned
 Priority:  normal   |   Milestone:  9.1
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+---

Comment (by bdubbs):

 Replying to [comment:4 ken@…]:

 > There are also two python2 scripts in contrib/ - should we just drop the
 dep to python2 ?

 Yes.  PY2 should go away as soon as we can do it.

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #12436: fetchmail-6.4.1

[BLFS Trac via blfs-book]

#12436: fetchmail-6.4.1
-+---
 Reporter:  bdubbs   |   Owner:  ken@…
 Type:  enhancement  |  Status:  assigned
 Priority:  normal   |   Milestone:  9.1
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+---

Comment (by ken@…):

 We currently list an optional dependency of Python-2.7.16, built after
 Tk-8.6.9. That is obviously for fetchmailconf.py, but the heading now
 states:

 {{{
  # WARNING: this needs to be updated for fetchmail 6.4's SSL options,
 # and other recent new options;
 # WARNING: to be compatible with Python 3, needs to be run thru 2to3.py.
 }}}

 which I take to mean that it won't work properly re SSL. Please note that
 I have no use for this GUI configurator script. There are also two python2
 scripts in contrib/ - should we just drop the dep to python2 ?

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #12436: fetchmail-6.4.1

[BLFS Trac via blfs-book]

#12436: fetchmail-6.4.1
-+---
 Reporter:  bdubbs   |   Owner:  ken@…
 Type:  enhancement  |  Status:  assigned
 Priority:  normal   |   Milestone:  9.1
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+---
Changes (by ken@…):

 * owner:  blfs-book => ken@…
 * status:  new => assigned


Comment:

 fetchmail-6.4.1 (released 2019-09-28, 27473 LoC):

 ## REGRESSION FIXES:
 * The bug fix Debian Bug#941129 was incomplete and caused
   + a regression in the default file locations, so that fetchmail was no
 longer
 able to find its configuration files in some situations.
 Reported by Cy Schubert.
   + a regression under _FORTIFY_SOURCE where PATH_MAX > minimal
 _POSIX_PATH_MAX.

 


 fetchmail 6.4.0 (released 2019-09-27, 27429 LoC):

 # NOTE THAT FETCHMAIL IS NO LONGER PUBLISHED THROUGH IBIBLIO.
 * They have stopped accepting submissions and consider themselves an
 archive.

 ## SECURITY FIXES THAT AFFECT BEHAVIOUR AND MAY REQUIRE RECONFIGURATION
 * Fetchmail no longer supports SSLv2.
 * Fetchmail no longer attempts to negotiate SSLv3 by default,
   even with --sslproto ssl23. Fetchmail can now use SSLv3, or TLSv1.1 or a
 newer
   TLS version, with STLS/STARTTLS (it would previously force TLSv1.0 with
   STARTTLS).  If the OpenSSL version used at build and run-time supports
 these
   versions, --sslproto ssl3 and --sslproto ssl3+ can be used to re-enable
 SSLv3.
   Doing so is discouraged because the SSLv3 protocol is broken.

   Along the lines suggested - as patch - by Kurt Roeckx, Debian Bug
 #768843.

   While this change is supposed to be compatible with common
 configurations,
   users may have to and are advised to change all explicit --sslproto ssl2
   (change to newer protocols required), --sslproto ssl3, --sslproto tls1
 to
   --sslproto auto, so that they can benefit from TLSv1.1 and TLSv1.2 where
   supported by the server.

   The --sslproto option now understands the values auto, ssl3+, tls1+,
 tls1.1,
   tls1.1+, tls1.2, tls1.2+, tls1.3, tls1.3+ (case insensitively), see
 CHANGES
   below for details.

 * Fetchmail defaults to --sslcertck behaviour. A new option --nosslcertck
 to
   override this has been added, but may be removed in future fetchmail
 versions
   in favour of another configuration option that makes the insecurity in
 using
   this option clearer.

 ## SECURITY FIXES
 * Fetchmail prevents buffer overruns in GSSAPI authentication with user
 names
   beyond c. 6000 characters in length. Reported by Greg Hudson.
 ## CHANGED REQUIREMENTS
 * fetchmail 6.4.0 is written in C99 and requires a SUSv3 (Single Unix
   Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001
 with
   XSI extension) compliant system. For now, a C89 compiler should also
 work
   if the system is SUSv3 compliant.

   In particular, older fetchmail versions had workaround for several
 functions
   standardized in the Single Unix Specification v3, these have been
 removed.

   The trio/ library has been removed from the distribution.

 ## CHANGES
 * fetchmail 6.3.X is unsupported.
 * fetchmail now configures OpenSSL support by default.
 * fetchmail now requires OpenSSL v1.0.2 or newer.
 * Fetchmail now supports --sslproto auto and --sslproto tls1+ (same as
 ssl23).
 * --sslproto tls1.1+, tls1.2+, and tls1.3+ are now supported for
   auto-negotiation with a minimum specified TLS protocol version, and
 --sslproto
   tls1.1, --sslproto tls1.2 and --sslproto tls1.3 to force the specified
 TLS
   protocol version. Note that tls1.3 requires OpenSSL v1.1.1 or newer.
 * Fetchmail now detects if the server hangs up prematurely during
 SSL_connect()
   and reports this condition as such, and not just as SSL connection
 failure.
   (OpenSSL 1.0.2 reported incompatible with pop3.live.com by Jerry
 Seibert).
 * A foreground fetchmail can now accept a few more options while another
 copy is
   running in the background.
 * fetchmail now handles POP3 --keep UID lists more efficiently, by using
 Rainer
   Weikusat's P-Tree implementation. This reduces the complexity for
 handling
   a large UIDL from O(n^2) to O(n log n) and becomes noticably faster with
   thousands of kept messages.
   (IMAP does not currently track UIDs and is unaffected.)
   At the same time, the UIDL emulation code for deficient servers has been
   removed. It never worked really well.  Servers that do not implement the
   optional UIDL command only work with --fetchall option set, which in
 itself is
   incompatible with the --keep option (it would cause message
 duplication).
 * fetchmail, when setting up TLS connections, now uses
 SSL_set_tlsext_host_name()
   to set up the SNI (Server Name Indication). Some servers (for instance
   googlemail) require SNI when using newer SSL protocols.
 *

Re: [blfs-book] [BLFS Trac] #12436: fetchmail-6.4.1 (was: fetchmail-6.4.0 (pending))

[BLFS Trac via blfs-book]

#12436: fetchmail-6.4.1
-+
 Reporter:  bdubbs   |   Owner:  blfs-book
 Type:  enhancement  |  Status:  new
 Priority:  normal   |   Milestone:  9.1
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+
Changes (by renodr):

 * milestone:  hold => 9.1


Comment:

 {{{
 On 2019-09-28, fetchmail 6.4.1 has been released (click this link to
 download, or to see changes since 6.3.26) . Note that you will need
 OpenSSL 1.0.2 to compile.
 }}}

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page