fetchmailconf-6.4.22-20.26.1<>,xap9|"ZfxBeR;JyĞ-~i-3(srlc֬f4̰A%Kٙaֻq)į^tY06l\Ej ĭv^/`k),D }+Iz/tnd4)%t?C߉;qoooMAf1ۧɖ,r/&]rO;?@b5qيlc/9 ._jI* mRal>>p?ptd  ?  5QW`t ~    .Pd  K (u8|*9$*:8*Fl^GltHlIlXlYl\l]l^mRbmcnjdnenfnlnuovowoxoypzpp$p(p.ppCfetchmailconf6.4.2220.26.1Fetchmail Configuration UtilityA GUI configuration utility for generating fetchmail configuration files (.fetchmailrc).as390zp34tSUSE Linux Enterprise 15SUSE LLC GPL-2.0-or-laterhttps://www.suse.com/Productivity/Networking/Email/Utilitieshttps://www.fetchmail.info/linuxs390xXTTo)큤aaaaa86de0f9c3f4791a838c4088a6c8066d0adbdccebeb65deb21b40137ad15018e3c29a4177f6944e2d4eb673ff09137f6c4d8fcfdb6529772ab566f75705b124fbc29a4177f6944e2d4eb673ff09137f6c4d8fcfdb6529772ab566f75705b124fbc8efc412a3f361ca19250d5fb5dbf6dad72b015bcf18eb6d3ba7175ebb1ff1dc12759562f1e75cce4641e6e3b50dd6266a37f7c00db53411ee9f408cf33173f3rootrootrootrootrootrootrootrootrootrootfetchmail-6.4.22-20.26.1.src.rpmfetchmailconffetchmailconf(s390-64)@@    /bin/shfetchmailpython(abi)python3-futurepython3-tkrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)6.4.223.63.0.4-14.6.0-14.0-15.2-14.14.1aaay?@ay?@a`2a@a$@a$@a@a@`.``}@`lM@`<@`<@_@_@_ܙ_R,@_H_FN_C_=@^6^@]4@\@\t@Z`@Z no vulnerability. - Fix program abort (SIGABRT) with "internal error" when invalid sslproto is given with OpenSSL 1.1.0 API compatible SSL implementations. * CHANGES: - IMAP: When fetchmail is in not-authenticated state and the server volunteers CAPABILITY information, use it and do not re-probe. (After STARTTLS, fetchmail must and will re-probe explicitly.) - For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option do not match, emit a warning and continue. - fetchmail.man and README.SSL were updated in line with RFC-8314/8996/8997 recommendations to prefer Implicit TLS (--ssl/ssl) and TLS v1.2 or newer, placing --sslproto tls1.2+ more prominently. The defaults shall not change between 6.4.X releases for compatibility. * Rebase patches: fetchmail-add-imap-oauthbearer-support.patch fetchmail-add-query_to64_outsize-utility-function.patch fetchmail-support-oauthbearer-xoauth2-with-pop3.patch- Security fix: [bsc#1190069, CVE-2021-39272] * Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. * Advisory: https://www.fetchmail.info/fetchmail-SA-2021-02.txt * Add fetchmail-CVE-2021-39272.patch- Added hardening to systemd service(s) (bsc#1181400). Modified: * fetchmail.service- Update to 6.4.21 in SLE-15-SP2: [jsc#SLE-18159, jsc#SLE-17903, jsc#SLE-18059] * Remove patches fixed upstream: - fetchmail-SNI-hostname-support.patch - fetchmail-CVE-2021-36386.patch - fetchmail-PASSWORDLEN-256.patch- Update to 6.4.21: * REGRESSION FIX: The new security fix in 6.4.20 for CVE-2021-36386 caused truncation of messages logged to buffered outputs, predominantly --logfile.- Security fix: [bsc#1188875, CVE-2021-36386] * DoS or information disclosure in some configurations. * See also: https://www.fetchmail.info/fetchmail-SA-2021-01.txt * Add fetchmail-CVE-2021-36386.patch- Update to 6.4.20: [bsc#1188875, CVE-2021-36386] * CVE-2021-36386: DoS or information disclosure in some configurations. When a log message exceeds c. 2 kByte in size, for instance, with very long header contents, and depending on verbosity option, fetchmail can crash or misreport each first log message that requires a buffer reallocation. fetchmail then reallocates memory and re-runs vsnprintf() without another call to va_start(), so it reads garbage. The exact impact depends on many factors around the compiler and operating system configurations used and the implementation details of the stdarg.h interfaces of the two functions mentioned before.- Change PASSWORDLEN from 64 to 256 [bsc#1188034] * Add fetchmail-PASSWORDLEN-256.patch- Backported support for OAUTH2 authentication from Fetchmail 7.0. - add imap oauthbearer support - support oauthbearer/xoauth2 with pop3 - add passwordfile and passwordfd options - add contrib/fetchnmail-oauth2.py token acquisition utility - FAQ: list gmail options including oauthbearer and app password - give each ctl it's own copy of password - re-read passwordfile on every poll - add query_to64_outsize() utility function - Chase and integrate interface change. - oauth2.c: calculate and pass in correct buffer size to to64frombits() - Increase max password length to handle oauth tokens - Bump max. passwordlen to 10000 bytes. - Add README.OAUTH2 - Added patches: * fetchmail-add-imap-oauthbearer-support.patch * fetchmail-support-oauthbearer-xoauth2-with-pop3.patch * fetchmail-add-passwordfile-and-passwordfd-options.patch * fetchmail-add-contrib-fetchnmail-oauth2.py-token-acquisition-u.patch * fetchmail-FAQ-list-gmail-options-including-oauthbearer-and-app.patch * fetchmail-give-each-ctl-it-s-own-copy-of-password.patch * fetchmail-re-read-passwordfile-on-every-poll.patch * fetchmail-add-query_to64_outsize-utility-function.patch * fetchmail-chase-and-integrate-interface-change.patch * fetchmail-oauth2-c-calculate-and-pass-in-correct-buffer-size-to-to64frombits.patch * fetchmail-increase-max-password-length-to-handle-oauth-tokens.patch * fetchmail-bump-max-passwordlen-to-1bytes.patch * fetchmail-add-readme-oauth2-issue-27.patch- update to 6.4.19: * fetchmailconf: properly catch and report option parsing errors * LMTP: do not try to validate the last component of a UNIX-domain LMTP socket as though it were a TCP port.- update to 6.4.18: * fetchmailconf: fetchmail 6.4.16 added --sslcertfile to the configuration dump, but fetchmailconf support was incomplete in Git 7349f124 and it could not parse sslcertfile, thus the user settings editor came up empty with console errors printed. Fix configuration parser in fetchmailconf. * fetchmailconf: do not require fetchmail for -V. do not require Tk (Tkinter) for -d option. This is to fail more gracefully on incomplete installs. * TLS code: remove OPENSSL_NO_DEPRECATED macros to avoid portability issues with OpenSSL v3 - these are for development purposes, not production. * TLS futureproofing: use SSL_use_PrivateKey_file instead of SSL_use_RSAPrivateKey_file, the latter will be deprecated with OpenSSL v3, and the user's key file might be something else than RSA. * IMAP client: it used to leak memory for username and password when trying the LOGIN (password-based) authentication and encountered a timeout situation. * dist-tools/getstats.py: also counts lines in *.py files, shown above. * fetchmail.man: now mentions that you may need to add --ssl when specifying a TLS-wrapped port. * fetchmailconf: --version (-V) now prints the Python version in use.- Set the hostname for SNI when using TLS [bsc#1182807] - Add fetchmail-SNI-hostname-support.patch- update to 6.4.16: * fetchmail's --configdump, and fetchmailconf, lacked support for the sslcertfile option. * fetchmail --version [fetchmail -V] now queries and prints the SSL/TLS library's "SSL default trusted certificate" file or directory (mind the word "default"), where the OpenSSL-compatible TLS implementation will look for trusted root, meaning certification authority (CA), certificates. * fetchmail --version now prints version of the OpenSSL library that it was compiled against, and that it is using at runtime, and also the OPENSSL_DIR and OPENSSL_ENGINES_DIR (if available).- update to 6.4.15: * Fix a typo in the manual page reported by David McKelvie. * Fix cross-compilation with openssl, by Fabrice Fontaine. Merge request !23. * Fix truncation of SMTP PLAIN AUTH with ^ in credentials, by Earl Chew.- update to 6.4.14: * sr: Мирослав Николић (Miroslav Nikolić) [Serbian] * Errors about lock file (= pidfile) creation could be lost in daemon configurations (-d option, or set daemon) when using syslog. Now they are also logged to syslog. Found verifying a pidfile creation issue on 6.4.12 that was previously reported by Alex Hall of Automatic Distributors. * If the lock file cannot be removed (no write permission on directory), try to truncate it, and if that fails, report error. * If the pidfile was non-default, fetchmail -q or --quit would malfunction and claim no other fetchmail were running, because it did not read the configuration files or merge the command line options, thus it would look for the PID in the wrong file.- Don't require systemd - Use tmpfiles for all files - Use systemd macro for tmpfiles - Don't delete home directory if the user stays - Use sysusers config to create system user- update to 6.4.12: [#] REGRESSION FIX: * configure: fetchmail 6.4.9 and 6.4.10 would miss checking for TLS v1.2 and TLS v1.3 support if AC_LIB_LINKFLAGS came up with something such as /path/to/libssl.so, rather than -lssl. (For instance on FreeBSD) * configure: fetchmail 6.4.9's configure was unable to pick up OpenSSL if it wasn't announced by pkg-config, for instance, on FreeBSD- De-hardcode /usr/lib path for launch executable (bsc#1174075) - Spec file cleanups- Update fetchmail.keyring file - Use %{_prefix}/lib instead of %{_libexecdir}- update to 6.4.8: * Add a test program fm_realpath, and a t.realpath script, neither to be installed. These will test resolution of the current working directory. * TRANSLATION UPDATES * Plug memory leaks when parts of the configuration (defaults, rcfile, command line) override one another. * fetchmail terminated the placeholder command string too late and included garbage from the heap at the end of the string. Workaround: don't use place- holders %h or %p in the --plugin string. Bug added in 6.4.0 when merging Gitlab merge request !5 in order to fix an input buffer overrun. Faulty commit 418cda65f752e367fa663fd13884a45fcbc39ddd. * Fetchmail now checks for errors when trying to read the .idfile * Fetchmail's error messages that reports that the defaults entry isn't the first was made more precise. It could be misleading if there was a poll or skip statement before the defaults. * Fetchmail documentation was updated to require OpenSSL 1.1.1. OpenSSL 1.0.2 reached End Of Life status at the end of the year 2019. Fetchmail will tolerate, but warn about, 1.0.2 for now on the assumption that distributors backport security fixes as the need arises. Fetchmail will also warn if another SSL library that is API-compatible with OpenSSL lacks TLS v1.3 support. * If the trust anchor is missing, fetchmail refers the user to README.SSL. * The AC_DECLS(getenv) check was removed, its only user was broken and not accounting for that AC_DECLS always defines HAVE_DECL_... to 0 or 1, so fetchmail never declared a missing getenv() symbol (it was testing with [#]ifdef). Remove the backup declaration. getenv is mandated by SUSv2 anyways. * fetchmailconf now supports Python 3 and currently requires the "future" package, see https://pypi.org/project/future/. * fetchmailconf: The minimum supported version is now Python 2.7.13, but it is recommended to use at least 2.7.16 (due to its massive SSL updates). Older Python versions may check SSL certificates not strictly enough, which may cause fetchmail to complain later, if the certificate verify fails. * fetchmailconf now autoprobes SSL-wrapped connections (ports 993 and 995 for IMAP and POP3) as well and by preference. * fetchmailconf now defaults newly created users to "ssl" if either of the existing users sets ssl, or if the server has freshly been probed and found supporting ssl. There is a caveat: adding a user to an existing server without probing it again may skip adding ssl. (This does not prevent STARTTLS.) * Fix three bugs in fetchmail.man (one unterminated string to .IP macro, one line that ran into a .PP macro, .TH date format), and remove one .br request from inside the table, which is unsupported by FreeBSD 12's mandoc(1) formatter. * Further man page fixes and additions by Chris Mayo and Gregor Zattler. * When evaluating the need for STARTTLS in non-default configurations (SSL certificate validation turned off), fetchmail would only consider --sslproto tls1 as requiring STARTTLS, now all non-empty protocol versions do. * fetchmailconf now properly writes "no sslcertck" if sslcertck is disabled. * fetchmailconf now catches and reports OS errors (including DNS errors) when autoprobing. * fetchmailconf received a host of other bugfixes, see the Git commit log.- Fix invalid usage of libexecdir where %_tmpfilesdir was meant to be used.- pwdutils is gone long time ago- switch to python3 - don't require python*-devel- Update to 6.4.1 [bsc#1152964] [#]# REGRESSION FIXES: * The bug fix Debian Bug#941129 was incomplete and caused - a regression in the default file locations, so that fetchmail was no longer able to find its configuration files in some situations. - a regression under _FORTIFY_SOURCE where PATH_MAX > minimal _POSIX_PATH_MAX. - Update to 6.4.0 [#]# SECURITY FIXES THAT AFFECT BEHAVIOUR AND MAY REQUIRE RECONFIGURATION * Fetchmail no longer supports SSLv2. * Fetchmail no longer attempts to negotiate SSLv3 by default, even with --sslproto ssl23. Fetchmail can now use SSLv3, or TLSv1.1 or a newer TLS version, with STLS/STARTTLS (it would previously force TLSv1.0 with STARTTLS). If the OpenSSL version used at build and run-time supports these versions, --sslproto ssl3 and --sslproto ssl3+ can be used to re-enable SSLv3. Doing so is discouraged because the SSLv3 protocol is broken. While this change is supposed to be compatible with common configurations, users may have to and are advised to change all explicit --sslproto ssl2 (change to newer protocols required), --sslproto ssl3, --sslproto tls1 to - -sslproto auto, so that they can benefit from TLSv1.1 and TLSv1.2 where supported by the server. The --sslproto option now understands the values auto, ssl3+, tls1+, tls1.1, tls1.1+, tls1.2, tls1.2+, tls1.3, tls1.3+ (case insensitively), see CHANGES below for details. * Fetchmail defaults to --sslcertck behaviour. A new option --nosslcertck to override this has been added, but may be removed in future fetchmail versions in favour of another configuration option that makes the insecurity in using this option clearer. [#]# SECURITY FIXES * Fetchmail prevents buffer overruns in GSSAPI authentication with user names beyond c. 6000 characters in length. Reported by Greg Hudson. [#]# CHANGED REQUIREMENTS * fetchmail 6.4.0 is written in C99 and requires a SUSv3 (Single Unix Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with XSI extension) compliant system. For now, a C89 compiler should also work if the system is SUSv3 compliant. In particular, older fetchmail versions had workaround for several functions standardized in the Single Unix Specification v3, these have been removed. The trio/ library has been removed from the distribution. [#]# CHANGES * fetchmail 6.3.X is unsupported. * fetchmail now configures OpenSSL support by default. * fetchmail now requires OpenSSL v1.0.2 or newer. * Fetchmail now supports --sslproto auto and --sslproto tls1+ (same as ssl23). * --sslproto tls1.1+, tls1.2+, and tls1.3+ are now supported for auto-negotiation with a minimum specified TLS protocol version, and --sslproto tls1.1, --sslproto tls1.2 and --sslproto tls1.3 to force the specified TLS protocol version. Note that tls1.3 requires OpenSSL v1.1.1 or newer. * Fetchmail now detects if the server hangs up prematurely during SSL_connect() and reports this condition as such, and not just as SSL connection failure. (OpenSSL 1.0.2 reported incompatible with pop3.live.com by Jerry Seibert). * A foreground fetchmail can now accept a few more options while another copy is running in the background. * fetchmail now handles POP3 --keep UID lists more efficiently, by using Rainer Weikusat's P-Tree implementation. This reduces the complexity for handling a large UIDL from O(n^2) to O(n log n) and becomes noticably faster with thousands of kept messages. (IMAP does not currently track UIDs and is unaffected.) At the same time, the UIDL emulation code for deficient servers has been removed. It never worked really well. Servers that do not implement the optional UIDL command only work with --fetchall option set, which in itself is incompatible with the --keep option (it would cause message duplication). * fetchmail, when setting up TLS connections, now uses SSL_set_tlsext_host_name() to set up the SNI (Server Name Indication). Some servers (for instance googlemail) require SNI when using newer SSL protocols. * Fetchmail now sets the expected hostname through OpenSSL 1.0.2's new X509_VERIFY_PARAM_set1_host() function to enable OpenSSL's native certificate verification features. * fetchmail will drop the connection when fetching with IMAP and receiving an unexpected untagged "* BYE" response, to work around certain faulty servers. * The FETCHMAIL_POP3_FORCE_RETR environment variable is now documented, it forces fetchmail, when talking POP3, to always use the RETR command, even if it would otherwise use the TOP command. * Fetchmail's configure stage will try to query pkg-config or pkgconf for libssl and libcrypto, in case other system use .pc files to document specific library dependencies. * The gethostbyname() API calls and compatibility functions have been removed. * These translations are shipped but not installed by default because they have less than 500 translated messages out of 714: el fi gl pt_BR sk tr - > Greek, Finnish, Galician, Brazilian Portuguese, Slovak, Turkish. * Fetchmail now refuses delivery if the MDA option contains single-quoted expansions. [#]# FIXES * Do not translate header tags such as "Subject:". * Convert most links from berlios.de to sourceforge.net. * Report error to stderr, and exit, if --idle is combined with multiple accounts. * Point to --idle from GENERAL OPERATION to clarify --idle and multiple mailboxes do not mix. * Fix SSL-enabled build on systems that do not declare SSLv3_client_method(), or that #define OPENSSL_NO_SSL3 inside #include * Version report lists -SSLv3 on SSL-enabled no-ssl3 builds. * Fetchmail no longer adds a NUL byte to the username in GSSAPI authentication. This was reported to break Kerberos-based authentication with Microsoft Exchange 2013 * Set umask properly before writing the .fetchids file, to avoid failing the security check on the next run. * When forwarding by LMTP, also check antispam response code when collecting the responses after the CR LF . CR LF sequence at the end of the DATA phase. * fetchmail will not try other protocols after a socket error. This avoids mismatches of how different prococols see messages as "seen" and re-fetches of known mail. * fetchmail no longer reports "System error during SSL_connect(): Success." * fetchmailconf would ignore Edit or Delete actions on the first (topmost) item in a list (no matter if server list, user list, ...). * The mimedecode feature now properly detects multipart/mixed-type matches, so that quoted-printable-encoded multipart messages can get decoded. (Regression in 5.0.0 on 1999-03-27, as a side effect of a PGP-mimedecode fix attributed to Henrik Storner.) * FETCHMAILHOME can now safely be a relative path, which will be qualified through realpath(). Previously, it had to be absolute in daemon mode. [#]# KNOWN BUGS AND WORKAROUNDS (This section floats upwards through the NEWS file so it stays with the current release information) * Fetchmail does not handle messages without Message-ID header well (See sourceforge.net bug #780933) * Fetchmail currently uses 31-bit signed integers in several places where unsigned and/or wider types should have been used, for instance, for mailbox sizes, and misreports sizes of 2 GibiB and beyond. Fixing this requires C89 compatibility to be relinquished. * BSMTP is mostly untested and errors can cause corrupt output. * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit fetchmail. * Fetchmail does not track pending deletes across crashes. * The command line interface is sometimes a bit stubborn, for instance, fetchmail -s doesn't work with a daemon running. * Linux systems may return duplicates of an IP address in some circumstances if no or no global IPv6 addresses are configured. (No workaround. Ubuntu Bug#582585, Novell Bug#606980.) * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error messages. This will not be fixed, because the maintainer has no Kerberos 5 server to test against. Use GSSAPI. - Remove patches merged upstream: * fetchmail-openssl11.patch * fetchmail-fetchmailconf-python3-1of3.patch * fetchmail-fetchmailconf-python3-2of3.patch * fetchmail-fetchmailconf-python3-3of3.patch - Rebase fetchmail-6.3.8-smtp_errors.patch- Remove comment about not available FETCHMAIL_USER configuration variable in sysconfig.fetchmail (bsc#1136538)- Use Debian 02_remove_SSLv3 change set based on beta 6.4.0 to modernize the patch fetchmail-openssl11.patch for modern TLS (auto) support- Fix fetchmailconf to compile with python{2,3} [bsc#1082694] * fetchmail-fetchmailconf-python3-1of3.patch * fetchmail-fetchmailconf-python3-2of3.patch * fetchmail-fetchmailconf-python3-3of3.patch- By default, the status messages are redirected to /var/log/fetchmail. The syslog option or no-logging are also available. (bsc#1033081)- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- drop SSLv3 support to build with openssl 1.1 (bsc#1066940) * add fetchmail-openssl11.patch- Allow --syslog option in daemon mode (bsc#1033081). * By default, the status messages are redirected to the syslog.- prerequire group(daemon) to meet new tumbleweed user handling- Check for user/group existence before attempting to add them, and remove error suppression from these calls. - Ensure tmpfile creation is run- Made the helper script introduced in last change return exit status 5 on configuration errors instead of 1, which should make it a bit less confusing (bsc#979534)- Made /etc/sysconfig/fetchmail work again after a botched systemd conversion that ignored the file altogether (bsc#905673) - Removed the FETCHMAIL_USER setting in favor of editing the systemd service file (which should be copied to the respective location in /etc, and not edited in-place)- Cleanup with spec-cleaner - Remove support for <12.3 as it does not build anyway. - Fix krb5 switches - Provide proper rcbla controler for the service- build with PIE- Removed executable permission bits from fetchmail.service file. - Update the project url in the spec file after Berlios shutdown. - Remove dependency on gpg-offline as signature checking is implemented in the source validator.- fix bashism in postun scripts390zp34 16439676486.4.22-20.26.16.4.22-20.26.1fetchmailconffetchmailconf.cpython-36.opt-1.pycfetchmailconf.cpython-36.pycfetchmailconf.pyfetchmailconf.1.gz/usr/bin//usr/lib/python3.6/site-packages/__pycache__//usr/lib/python3.6/site-packages//usr/share/man/man1/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:22690/SUSE_SLE-15_Update/5287d60010c3f0ce3a367f271f4fc405-fetchmail.SUSE_SLE-15_Updatedrpmxz5s390x-suse-linuxPOSIX shell script, ASCII text executablepython 3.6 byte-compiledPython script, ASCII text executabletroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RRRRwS7>r)#.utf-84019b378c27ea350a921e2924347aba7bc21101a62942d696390ac95cbcacce2? 7zXZ !t/]"k% N7rw&wc ^-խ8x$Ym$/ nlN <9t 鄇\M|>-/K@=lghs&kUf+qD+Ē޸rrxeAx; Iv7: \ _X,fTM]eGW$Ȗh64KWN_صuPnXBD19E'7H:_T}Es ^j'u޲`y7:B'vhbaE{2#w^0=l B$7wǴ4ArSjzp"n)ed$ "q7XB2;h#<`(DŽƖeg3gG Xyp8ڂ