Hello community, here is the log from the commit of package fetchmail for openSUSE:Factory checked in at Mon Oct 11 15:38:39 CEST 2010. -------- --- fetchmail/fetchmail.changes 2010-08-17 17:01:54.000000000 +0200 +++ fetchmail/fetchmail.changes 2010-10-11 10:43:02.000000000 +0200 @@ -1,0 +2,37 @@ +Mon Oct 11 08:37:09 UTC 2010 - puzel@novell.com + +- update to fetchmail-6.3.18 + # SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE + * Fetchmail now only accepts wildcard certificate common names + and subject alternative names if they start with "*.". Previous + versions would accept wildcards even if no period followed + immediately. + * Fetchmail now disallows wildcards in certificates to match + domain literals (such as 10.9.8.7), or wildcards in domain + literals ("*.168.23.23"). The test is overly picky and + triggers if the pattern (after skipping the initial wildcard + "*") or domain consists solely of digits and dots, and thus + matches more than needed. + * Fetchmail now disallows wildcarding top-level domains. + # CRITICAL BUG FIXES AND REGRESSION FIXES + * Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to + obtain MD5* functions, as an effect of an undocumented Solaris + MD5 fix. This caused all MD5-related functions to malfunction + if, for instance, libmd5.so was installed on other operating + systems as part of libwww on machines where long isn't + 32-bits, i. e. usually on 64-bit computers. + * Fetchmail 6.3.17 warned about insecure SSL/TLS connections + even if a matching --sslfingerprint was specified. This is an + omission from an SSL usability change made in 6.3.17. + * Fetchmail will now apply timeouts to the authentication stage. + This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3. + Reported missing by Thomas Jarosch. + * Fetchmail now cancels GSSAPI authentication properly when + encountering GSS errors, such as no or unsuitable credentials. + It now sends an asterisk on a line by its own, as required in + SASL. This fixes protocol synchronization issues that cause + Authentication failures, often observed with kerberized MS + Exchange servers. + * Other fixes. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- fetchmail-6.3.17.tar.bz2 New: ---- fetchmail-6.3.18.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fetchmail.spec ++++++ --- /var/tmp/diff_new_pack.VUVzxE/_old 2010-10-11 15:37:32.000000000 +0200 +++ /var/tmp/diff_new_pack.VUVzxE/_new 2010-10-11 15:37:32.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package fetchmail (Version 6.3.17) +# spec file for package fetchmail (Version 6.3.18) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -29,7 +29,7 @@ License: GPLv2+ ; Other uncritical OpenSource License ; Public Domain, Freeware Group: Productivity/Networking/Email/Utilities AutoReqProv: on -Version: 6.3.17 +Version: 6.3.18 Release: 1 Source: %{name}-%{version}.tar.bz2 Source1: %{name}.init ++++++ fetchmail-6.3.17.tar.bz2 -> fetchmail-6.3.18.tar.bz2 ++++++ ++++ 79948 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org