Version 6.2.6-pre8 of fetchmail
Release Notes: A remote root vulnerability in POP3/UIDL handling was fixed (CAN-2005-2335, requisite compromised/malicious POP3 server). Tracepolls now works. A socket leak with SSL failures was plugged. The Received: header no longer contains garbage with smtphost set. The PID file is now FHS compliant. --silent now also works for ODMR. Warning emails now have a From: header. IMAP can use passwords of arbitrary length from the rc file. Oversized messages are now deleted with --flush unless in daemon mode. lock_release was renamed to fix a Darwin namespace collision. The manual page was corrected and updated.
Other releases
Release Notes: Compilation with OpenSSL implementations before 0.9.8m lacking SSL_CTX_clear_options() works again, but is neither supported nor recommended. The combination of "--plugin" and "-f -" was fixed. Logfile vs. syslog handling was cleaned up. Other minor changes were made.
Release Notes: A security issue where a misinterpreted server response could allow DoS and data theft in NTLM authentication was fixed. This issue was reported as CVE-2012-3482. The false disabling of a countermeasure against plaintext attacks in block ciphers was fixed. Various other minor fixes were made.
Release Notes: A NUL byte insertion bug in the IMAP client, which occurred when the last line of the input had no LF and no CRLF termination, was fixed.
Release Notes: This release fixes a STARTTLS denial of service vulnerability (CVE-2011-1947). It reduces repetitions in "unseen" message logging and speeds up IMAP fetches with full mailboxes quite a bit. Fetchmail now sets its Internet sockets to keepalive mode, to detect disconnections, and resolves MD5-related build problems.
Release Notes: Several multidrop fixes were made. "--antispam" now works from the command line. A workaround for documentation builds with broken XHTML 1.1 DTD installations was put in place. STARTTLS handling was improved. IMAP now understands empty strings as FETCH response.
