Version 1.0.21: - Update gnulib to 2010-07-03. - Report platform in --version output. - Fix building with newer OpenSSL versions. Reported and tested by Peter Baur for msmtp. - Fixed building without TLS/SSL support. Reported by Tan Ker Vin for msmtp. Version 1.0.20: - Update gnulib to 2010-03-20. - Support authentication mechanism SCRAM-SHA-1 via GNU SASL. - New command tls_fingerprint to trust one particular TLS certificate. - Change whitespace: Avoid tabs and whitespace at end of lines. - Fix Mac OS X Keychain support to use POP3 instead of SMTP passwords. - Update the documentation of keyring usage. - Add the mpop-gnome-tool.py script to manage Gnome Keyring passwords for mpop. Thanks to Gaizka Villate and Emmanuel Bouthenot. - Fix single quotes in man page. - Add pt_BR translation, provided by Rudá Moura. Thanks! Version 1.0.19: - Properly handle NUL characters in the Common Name or Subject Alternative Name fields of certificates when using OpenSSL. This fixes the security problem described in <http://www.blackhat.com/presentations/bh-usa-09/ MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-PAPER1.pdf>. - Properly mask minus characters in the man page to prevent groff from converting them to hyphens. Reported by Emmanuel Bouthenot. - Handle network share names correctly when creating directories for UIDLS files on W32. Bug reported by Dan. - Handle mail boxes larger than 2 GiB even on 32bit systems. Based on a patch by Renato Schmidt. Thanks! Version 1.0.18: - Make writing of UIDLS files more robust. Avoid invalid file contents when mpop is killed while writing the file. - Use proper binary prefixes when handling sizes. - Update gnulib to 2009-09-08. Add modules mkstemp and rename. - Add support for delivery to MS Exchange pickup directories, based on a patch by Julien Larigaldie. - Use fflush() before fsync(), to ensure that all data reaches the disk. - Maildir delivery: check for zero-length hostname. Version 1.0.17: - Update gnulib to 2009-04-11. - Update gnulib to 2009-03-07. Remove gnulib modules fseek/fseeko/lseek because they cause errors on MinGW: files opened with "r+" cannot be written to. Provide our own fseeko instead if it does not exist; see configure.ac. - Improve test for non-existing UIDLS file. - Fix an invalid memory access in pop3_retr(). - Document that maildir delivery requires a file system that supports hard links. - Use more gnulib modules to remove more W32 workarounds from the source. - Add missing gnulib module strerror for meaningful error messages on W32. Version 1.0.16: - Remove most W32-specific code from net.c and use the appropriate gnulib modules instead. - Gnulib upate to 2008-12-24. - Added a vim syntax file for mpoprc files to scripts/vim. The file was originally written by Simon Ruderich for msmtp. Thanks! - Unified handling of the Gnome and MacOS keyrings. Both are disabled by default and must be enabled using --with-*-keyring options. - From msmtp: Support for SYSCONFDIR/netrc (as a fallback for ~/.netrc) was added by Jim Pryor. Thanks! - Added support for the GNOME Keyring. Originally written by Satoru SATOH for msmtp. Thanks a lot! Version 1.0.15: - Fix retrieval of mails that have no body. - Do not allow comments in UIDLs files after the first non-comment line, to prevent UIDs starting with '#' from being treated as comments. Bug reported by Robert Siemer. Version 1.0.14: - Added the new tls_crl_file configuration command and the corresponding --tls-crl-file option. - Added the new tls_min_dh_prime_bits configuration command and the corresponding --tls-min-dh-prime-bits option. - Added the new tls_priorities configuration command and the corresponding --tls-priorities option. - Gnulib upate to 2008-06-02. Use getpass-gnu instead of getpass module. - Document how to use 'killsize 0' and 'keep on' to synchronize the UID list of the client to the UID list of the server. Suggested by Dimitrios Apostolou. Thanks! - Use uidls_uidcmp() as a comparison function for qsort() and bsearch(). Eliminate a duplicate function in pop3.c. Suggested by Dimitrios Apostolou. Thanks! - Call fsync() after writing the UIDLS file. Suggested by Dimitrios Apostolou. Thanks! - Faster UIDL implementation: Do not create a sorted list of received UIDs. Do a binary search for every received UID instead. Patch by Dimitrios Apostolou. Thanks! Version 1.0.13: - Buffer read operations also when TLS/SSL is active. Fixes performance problems with GnuTLS, reported by Dimitrios Apostolou. - Fixed a potential problem with VPATH builds. - Small optimization in insert_sorted() in pop3.c, by Dimitrios Apostolou. - Updated gnulib to 2008-02-26. Imported havelib module. - Use locale-independent c_toupper() instead of toupper() to avoid problems with the tr_TR.UTF-8 locale. Reported by S.ÃaÄlar Onur for msmtp. Thanks! - Support for the Max OS X keychain was added by Jay Soffian (originally for msmtp). Thanks a lot! - Fix typos in the man page. - Fix network input/output timeouts for W32. Bug reported and fixed by Shoorick. Thanks! Version 1.0.12: - Gnulib update to 2007-11-27. - Don't count already retrieved messages twice. This fixes a segfault when only_new is off and header or size filtering is on. The bug was introduced in the previous change; no released version is affected. - If a filter decides to delete a mail, then additionally mark it as retrieved. This prevents to filter the mail again in a later session when the 'keep' option is set. - Fix default UIDLS file on the W32 platform: Use '\' as directory separator, not '/'. Reported by Ricky Thomas. Version 1.0.11: - Update the license of the source code to GPLv3 or later, and change the license of the documentation to the GFDLv1.2 or later. - Gnulib update to 2007-07-15. - Add new option -Q / --half-quiet to print only status information but no progress information. Suggested by Dimitrios Apostolou. - Set the default timeout to 180 seconds = 3 minutes. This prevents sessions from hanging forever. Suggested by Dimitrios Apostolou. - Make the POP3 commands UIDL, LIST, and DELE abortable. This is useful for mailboxes with many thousand mails. - Update the UIDL state after mail retrieval, and save this state in case of errors in DELE or QUIT. Only update the UIDL state again after successful DELE and QUIT, and then save this state. This prevents an incorrect UIDL state if the DELE commands are aborted, for example. Bug reported by Dimitrios Apostolou. Version 1.0.10: - Fix UIDL handling: the first character of UIDs was ignored. - Improve APOP timestamp checks. Thanks to Carlos MartÃn Nieto for a discussion of this. - Add documentation on how to find the right CA certificate for tls_trust_file. Thanks to Bryan Kam for suggestions. - Improve the documentation for TLS vs. SSL and STARTTLS vs. POP3-over-TLS. Thanks to Carlos MartÃn Nieto for suggestions. - Update the spanish translation (Carlos MartÃn Nieto). Version 1.0.9: - Require either tls_trust_file or tls_certcheck=off for TLS sessions, so that mpop is not silently vulnerable to man-in-the-middle attacks. - Gnulib update 2007-04-07. - Protect against the man-in-the-middle attack on APOP authentication as described in CVE-2007-1558. This is done by doing sanity checks on the APOP timestamp in the server greeting. However, this probably makes attacks only harder. It will not make them impossible. Therefore, APOP authentication is never used automatically anymore unless TLS is active. - Do not use NTLM authentication automatically anymore unless TLS is active. NTLM is not an open standard and must therefore be considered broken. Version 1.0.8: - Move build-aux files to separate directory build-aux. - Gnulib update 2007-03-19. - Improve and generalize workaround for pop.gmail.com RFC violations. This enables automatic pipelining support for pop.gmail.com and some other servers. - Provide a hstrerror() function for systems that lack getaddrinfo() (so that gethostbyname() must be used instead) and that do not provide hstrerror() themselves. Needed for Solaris 2.6. Reported and tested by Chris Green. Version 1.0.7: - Add a workaround for the Comcast.net POP3 server: allow more than one space before the UID in an UIDL response, even though RFC 1939 says it must be exactly one. Reported and fixed by Benji Fisher. Version 1.0.6: - Updated copyright info to 2007. - Added an "auto" setting for pipelining and made it the default. "on" and "off" now force pipelining on or off regardless of server capabilities. Thanks to Jeremy C. Reed for suggestions on this. - Gnulib update to 2007-01-10. - Switch to autoconf-2.61 and automake-1.10, to avoid problems with configure trying to run "sh /usr/bin/install" where /usr/bin/install is not a shell script on NetBSD. Reported by Jeremy C. Reed. - Put the POP3_PIPELINE_MIN and POP3_PIPELINE_MAX definitions into #ifndef ... #endif so that they can easily be set via CFLAGS. Thanks to Jeremy C. Reed for the patch. - Remove the obsolete "extern int errno;" declaration. It does not conform to POSIX and causes trouble. Thanks to Jeremy C. Reed for the patch. - Added AC_SYS_LARGEFILE to configure.ac, for large file support. Removed the unnecessary AC_C_CONST and AC_HEADER_STDC. Version 1.0.5: - Remove gnulib module nanosleep. This fixes more build problems. Version 1.0.4: - Gnulib update. Remove the gettimeofday module. There are no local changes to the gnulib code anymore. - Do not use the gnulib gettimeofday module anymore. Use a local replacement in delivery.c instead. - Do not use nanosleep() on W32 anymore. Use Sleep() instead. Do not use nanosleep() on DJGPP anymore. Use usleep() instead. - Update gettext files to gettext-0.16. - Improved the configure check for the OpenSSL libraries. This fixes a build failure on Mac OS X. Reported for msmtp by Michael Williams, who also tested the fix. Thanks! - Fix a bug in string_replace(). This bug did not affect mpop. Version 1.0.3: - Improved configuration file examples in the documentation. - Fix GNU SASL support: replace #ifdef HAVE_GSASL with #ifdef HAVE_LIBGSASL. The old code did not actually use GNU SASL. This bug was introduced in 1.0.2. - Prevent to write UIDLs files that we cannot read back: - Do not allow UIDs to start with a space. - Allow UIDLs file lines to be long enough to hold the longest UID that we would accept from a server. - Added spanish translation by Carlos MartÃn Nieto. Thanks a lot! - Correct the documentation of "~/.mpop_uidls" in mpop.1 and mpop.texi. - Gnulib update. Removes the initialization of pkgdata_DATA from gnulib/Makefile.am, thanks to a fix by Bruno Haible. 'make install' will no longer create an empty directory $(pkgdatadir) anymore (the default for $(pkgdatadir) is /usr/local/share/mpop). Reported by Roman Bogorodskiy. Version 1.0.2: - Gnulib update. The modules nanosleep and gettimeofday still differ from the official gnulib source. - Disable SSLv2 because it has known flaws. This only affects the OpenSSL version because GNU TLS does not implement SSLv2. - Add new command tls_force_sslv3 and option --tls-force-sslv3 to force TLS/SSL version SSLv3. This might be needed to use SSL with some old and broken servers. Closes msmtp Debian bug #374610, reported by Marko Mäkelä. Thanks to Julien Louis for tracking this problem down and testing the patch. - Changed detection of libgnutls so that it works with version >= 1.2.0 again. - Improvements for the build system: - Quote arguments of M4 macros. - Use AC_LIB_HAVE_LINKFLAGS to detect libraries. Do not use *-config scripts or pkg-config. This avoids problems that are reported in this thread: http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/ 1610/focus=1610 . - Use HAVE_LIB* macros instead of USE_* or others, for consistency. - Link with LIB_NANOSLEEP as determined by the gnulib nanosleep module. This fixes build problems on Solaris. Reported by Daniel Rechsteiner for msmtp. Thanks! - Allow '+' and '/' in Return-Path mail addresses; do not replace them with '_'. Fix documentation of which characters are allowed and which are replaced, both in the code and in the user documentation for %F expansion. Version 1.0.1: - Changed the default UIDLS file from "~/.mpop_uidls" to "~/.mpop_uidls/%U_at_%H". - Gnulib update. The modules nanosleep and gettimeofday still differ from the official gnulib source. - Update to gettext-0.15. - Improve error message if directories for the UIDLS files cannot be created. - Allow to use special files like /dev/null to be used as an MBOX file, by ignoring an fsync() failure if and only if (errno == EINVAL). Suggested by Marco Ferra. Thanks! - Make error messages of the maildir and mbox delivery methods more verbose. - Fixed types of variables that are changed by signal handlers: they are 'volatile sig_atomic_t' now. - Adapt --version output to the latest GNU conventions. - Clean up #includes. - Move check for delivery information from main() into check_account(). - Added support for %U and %H expansion in UIDLS file names. This allows to have per-account UIDLS files with just one setting in the defaults section. - Automatically create directories needed to store the UIDLS file. - Gnulib update. Added the xstrndup module. The modules nanosleep and gettimeofday still differ from the official gnulib source. - Move string_replace from delivery.c to tools.[ch] to make it available to other modules. - Renamed os_env.[ch] to tools.[ch]. - Replace __MINGW__ with W32_NATIVE in os_env.h. - Check that the first command in the configuration file is either account or defaults. This fixes a crash (NULL pointer dereferencing) when the first command in the file is valid but does not belong to an account. - W32 port: Fixed the replacements for the WIFEXITED and WEXITSTATUS macros in delivery.c. Thanks to Gizbern for the bug report. - Minor documentation improvements. - Enable network connection timeouts on DJGPP/Watt32. Thanks to Gisle Vanem for pointing out that this works just like it does with UNIX. The DJGPP/Watt32 port is now on par with the UNIX port. - Update README.dos. - Don't check configuration file permissions on Cygwin. Version 1.0.0: - Gnulib update. Added gettimeofday module. Note that a locally modified copy of gnulib was used. It contains patches for the getpass, nanosleep, and gettimeofday modules, plus the additional module sys_select. All of these changes were submitted to the bug-gnulib@gnu.org mailing list, but they are not integrated yet. - Removed some W32 specific defines from delivery.c because they are not necessary with current MinGW versions. - Removed ftruncate-for-W32 hack in uidls.c, because newer MinGW versions have ftruncate(). - Renamed README.win32 to README.w32. Updated README.w32 and README.dos. - Replace '#ifdef _WIN32' with '#ifdef W32_NATIVE', where W32_NATIVE is defined in config.h if the following is true: '#if (defined _WIN32 || defined __WIN32__) && !defined __CYGWIN__'. The reason is that Cygwin defines _WIN32 nowadays, but we want the UNIX API on that platform. - Include config.h in list.c. - Fix warnings emitted for configure.ac by autoreconf. - Added -a, --all-accounts option to query all accounts in the configuration file (suggested by Jimmy Lolla). Changed short option for --auth-only from -a to -A. - Fixed handling of weird UIDs: 1. When checking for control characters, use c_iscntrl() instead of iscntrl(), to be independent of the user's locale. 2. Use POP3_EUNAVAIL as the error code for "Server does not support the UIDL command". All other error codes are critical. Bug reported by Marcelo. Thanks! - Lock the UIDLS file once and keep the lock as long as the UIDLS data is used. This prevents loss of UIDs (and therefore multiple deliveries of the corresponding mails) when multiple mpop processes use the same UIDLS file. - lock_file(): If another process holds a lock on the file, then wait 1/10 second instead of 1 second before the next try. - Gnulib update. Added nanosleep module. - Improve error handling for file locking: differentiate between timeouts and other errors. Version 0.8.5: - Improve checks for libraries in configure.ac. The ./configure options have changed! See INSTALL for more info. - Improve --version output. - Add (optional) support for Internationalized Domain Names (IDN) via GNU Libidn. - Initialize TLS only if pop3_connect() succeeded. - Move SSL_LIBS and GSASL_LIBS into LIBS; do not put them in Makefile.am. - Fix memory leak in GNU SASL variant of pop3_auth(). - Fix memory leak in GnuTLS variant of tls_cert_info_get(). - mpop_serverinfo(): If auth fails and this is ignored, then reset the error message and error string. - Sync pop3_auth() with smtp_auth() from msmtp. Affects only comments. - mpop_serverinfo(): Only resend CAPA if authentication succeeded. - pop3_auth(), GNU SASL variant: - Check if authentication data is complete before trying to start authentication. - Never call password_callback() when no user name is given. - Prevent a double free if an invalid argument to the auth command is given. - Prevent a double free if an invalid argument to --auth is given. - Replace crypto.[ch] with gnulib hmac-md5 module. - Gnulib update. Add hmac-md5 module. - net.c, tls.c: allow all network operations to be interrupted with CTRL+C, and print an appropriate error message in this case. - tls.c: if an error occurs, clean up *after* building the error message. This fixes a potential segfault in the OpenSSL version of tls_start(). - net_open_socket(): don't let net_close_socket() clobber errno. - net_open_socket(): print correct error message if getaddrinfo() returns EAI_SYSTEM. - MDA delivery method: handle SIGPIPE. Now mpop gives a proper error message if the MDA process dies without reading the mail data. This also affects filtering since the filter delivery method largely reuses the MDA delivery method code. - delivery_method_mda_open(): flush stdout and stderr before calling the MDA, so that its output won't be intermingled with mpop's output. - Fixed a comment in net.h. - net_get_canonical_hostname(): Only call freeaddrinfo() if getaddrinfo() succeeded. Reported and fixed by Raúl Núñez de Arenas Coronado. - Removed the simple_mbox delivery method because it is unnecessary. - Minor documentation improvements. Version 0.8.4: - Minor Win32 portability/cross-compilation updates. - Gnulib update. - Documentation updates. - The only_new command and --only-new option were re-added, but with slightly different meaning and a different default value. The default behaviour is completely compatible to all 0.8.x version. - Fix UIDLS file handling: make sure that uids appear in ascending order. Older versions wrote unsorted uid lists. If such a file is read, detect this and sort the lists. - Print --debug output to stdout instead of stderr, since it is requested output. Noted by Aliaksandr Lakhanko. - Changes taken from msmtp: - configure.ac: Rely on PKG_CHECK_MODULES to find GSASL, do not fall back to manual detection, to prevent using an incompatible version of GSASL. Problem reported by Jari Aalto. - Gnulibs sysexit_.h now defines EX_OK; there's no need to use a locally modified version anymore. - Use a locally modified version of gnulibs sysexit_.h that defines EX_OK to 0, since the gnulib maintainers apparently won't fix this file. Include the sysexits.h header after all other system headers to override previous definitions of EX_OK on systems that use EX_OK for other purposes. This is needed on Interix, reported by Ben Collver. Version 0.8.3: - gnulib update. - Expect sorted UIDLS files. This means that files written by versions prior to 0.5.0 are not accepted anymore. - Fixed -d and -P output for "delivery" when maildir is used. - Changes taken from msmtp: - adapted configure.ac for new pkg-config version - Use gnulib socklen module for socklen_t. - W32: Enable maildir delivery. - W32/DJGPP: Use all files/streams in binary mode. - W32: Allow %HOME% to override default user configuration directory. - W32: Enable getpass and netrc functionality. - Do not rely on a failing malloc setting errno in xalloc_die() - Shut down a GnuTLS TLS session with GNUTLS_SHUT_WR instead of GNUTLS_SHUT_RDWR. This prevents session hangs in certain situations. It is safe to do this because we never reuse a connection when TLS was shut down. Thanks to Jens Kammler for the problem report! - Make the GnuTLS code accept old version 1 CA certificates when verifying certificates. - Renamed LOCK_(READ|WRITE) to OSENV_LOCK_(READ|WRITE) in os_env.[ch] to avoid name clashes with <fcntl.h> Version 0.8.2: - gnulib update - unified all "... aborted" error messages to "operation aborted" - Updated README. Removed README.gsasl. - Don't accept empty UIDs or UIDs containing control characters. - Whitespace fixes, cleanups - Removed TODO file - Changes taken from msmtp: - Removed the OpenSSL exception note from the license information. This was necessary because mpop uses GPL'ed gnulib modules. - Avoid system call in net_puts() when there's no data to send - Updated netrc.c from fetchmail-6.2.6pre4 - Renamed the --disable-win32-ipv6 configure option to --enable-win2000-and-older, because it applies to more than just IPv6 support. - Retry gnutls_handshake() when the non-fatal error E_INTERRUPTED occurs. - Properly handle OpenSSL errors that occur due to interrupted system calls: retry the operation. This also fixes the "cannot read from TLS connection: operation timed out" message when CTRL+C was pressed. Now the correct error message is printed: "<operation> aborted". Version 0.8.1: - Really delete stale messages (messages that were retrieved and delivered successfully in a previous session) instead of just ignoring them. - Fix error messages for network input/output timeouts. This affects reading and writing raw sockets, OpenSSL connections, and GnuTLS connections. - Only send QUIT when necessary - Cosmetic change in --pretend/--debug configuration dump Version 0.8.0: - gnulib update - Fix handling of servers that do not use pipelining. - Replace the connect_timeout setting with a timeout setting that not only applies to connection attempts but also to input/output operations. - Never retrieve mails that were already successfully deliverd. Remove the now useless only_new command and only-new option. - Always record received messages in the UIDLs file, even in case of errors or certain signals. This means that the state of a session is now always correctly saved in the UIDLs file. - Changed failure error message. - Lock the UIDLs file so that multiple instances of mpop can safely coexist. - Switch mbox locking in delivery.c to the new lock_file() function. - Added a new function lock_file() to os_env.[ch], used for platform independent file locking. - Enable or disable pipelining automatically if ther server supports the CAPA command. The "pipelining" command is ignored unless the server does not support CAPA. Thanks to Vo^ Danh for his feedback. - Minor documentation improvements - Fixed possible memory leak in pop3_get_addr() - Clarified some comments and error messages. - Replaced combinations of static buffers and snprintf with variable buffers and xasprintf in mpop.c Version 0.7.0: - gnulib update - cleaned up uidls.c - The pipelining paramters pipeline_min and pipeline_max are no longer configurable in the configuration file or on the command line. They are compile time constants defined in pop3.c now. - Pipelining will automatically be enabled for all servers that advertize this capability. - Moved the pipeline_min and pipeline_max parameters into pop3_session_t, where they are properly hidden from the user of pop3.[ch]. - Added gnulib modules xvasprintf. Use xasprintf where appropriate to avoid the need for static buffers with unknown required length. - Simplifications: - eliminate some error conditions by using safe fallbacks - don't print special error messages when the system setup is obviously completely broken - Updated all occurrences of the address of the FSF (all .h and .c files, configure.ac, COPYING, mpop.texi) - Added german translation - Improved some error messages - Added gettext support - Minor documentation improvements - Let gcc know about unused variables to suppress warnings. The UNUSED macro used for this purpose is written into config.h. The logic that defines it to be empty when the compiler is not a recent gcc was taken from coreutils-5.2.1. - Show the canonical hostname and network address of the POP3 server in --serverinfo output (only if these informations are available). - Prepend a Received: header to each received mail before delivering - Update documentation of $USER, $LOGNAME - Renamed paths.[ch] to os_env.[ch] and added new function get_username() - Don't change count_newline_as_crlf when filtering in pop3_delivery() - Some whitespace / style fixes - Fixed error detection for strtol(): LONG_MAX is a valid return value if errno != ERANGE (errno must be reset before strtol). - Handle the CAPA reply for the EXPIRE and AUTH keywords case insensitively - Make maildir sequence numbers unique for a whole process lifetime, not only for the lifetime of one delivery method. - Don't allow more than POP3_MAX_MESSAGES messages on the POP3 server, to protect against size_t overflows in memory allocations that depend on the total number of messages. - Fixed replacement of '/' and ':' in hostnames for maildir filenames. - Changes taken from msmtp: - Clarification and fixes of comments in paths.c - Remove superfluous password nulling in msmtp_password_callback() Version 0.6.3: - Improved maildir filenames. - Maildir is now available on DJGPP systems, too, though you obviously need long filename support. - Changes taken from msmtp: - Don't call gnutls_record_send() in the GnuTLS version of tls_puts() when there is no data to send. Thanks to Jesse Michael for identifying, reporting, and fixing this bug. This bug can break mpop versions compiled with GnuTLS support. Version 0.6.2: - Added %F (envelope from address) and %S (mail size) expansion for filter command. - Integrated pop3_retr() and pop3_filter() into pop3_delivery(). - Added maildir delivery method. This is only available for UNIX systems, not for DJGPP and Win32. Porting the method should not be hard; patches are welcome. - Added umask(077) to mbox delivery methods and did some cleanups - gnulib update - Changes taken from msmtp: - Removed the requirement for the configuration file to be a regular file. This allows tricks like msmtp -C<(echo "host ..."...) again. Closes Debian bug #306904. - Changed read buffer counter in net.[ch] from ssize_t to int. This fixes compilation on FreeBSD (ssize_t was unkown in net.h; unistd.h had to be included). Reported by Roman Bogorodskiy. - Corrected documentation: the netrc syntax is described in netrc(5) or ftp(1). - Fixed a problem when using an IP address as a host name on certain old Windows systems without configured DNS: The gethostbyname() function may not be able to handle IP addresses. Work around this by trying inet_addr() first. Original report and patch by Dirk Heinemann. Note that newer Windows systems (XP and up) have getaddrinfo() and are therefore not affected by this problem. Version 0.6.1: - Fixed an error in net_gets() that could corrupt mails with lines longer than 1023 characters, including CRLF: A null character was inserted. Note that this cannot happen when TLS is used. - Minor documentation improvements - Changes taken from msmtp: - Correctly handle null characters in the input by replacing fgets() with stream_gets() and fputs() with fwrite() Version 0.6.0: - Do tilde expansion for the following options, in case the shell did not do it: --tls-trust-file, --tls-key-file, --tls-cert-file, --delivery, --uidls-file - Changed pipelining defaults from 5/50 to 20/100. This is an improvement for me; feel free to complain :-) - Removed the obsolete mmda.sh script; use the built-in mbox delivery method instead. - Allow an empty argument to the filter command; this disables filtering. - Improved network input/output, including input buffering. Initiated by Dimitris Apostolou. - net_gets()/tls_gets() now return the length of the string, and net_puts()/tls_puts() now take a length argument. This saves some strlen() calls. Original patch by Dimitris Apostolou. - Minor fixes in pipelining from the POP3 server to the delivery method. - Added a new delivery command and --delivery option to set the delivery method. There's now an mbox method in addition to the mda method. The mda command does not exit anymore. The new mda method has the ability to expand %F to the envelope from address of the current mail. - Fixed detection of APOP capability. Reported by Dimitris Apostolou. - Made output use less characters to make it suitable for dialup connections. Suggested by Dimitris Apostolou. - Minor change in --serverinfo output. - Updated documentation. - Changes taken from msmtp: - Make the OpenSSL code accept self signed certificates in the default mode (tls_cert_check on, tls_trust_file unset). This should have been in 1.3.6, but I forgot one case. The GnuTLS code always did this. Reported by Luis A. Florit. - Accept CRLF line ends in the configuration files. - Fixed a memory leak in the tempfile() function. Version 0.5.0: - Removed redundant cat from mmda.sh - Print human readable sizes (GB, MB, KB, bytes). - Changed USER/PASS in output to USER. - Changed pop3_auth_user to support pipelining. - Don't reset capabilities before each CAPA. - The POP3 implementation was restructured to be far more network efficient: POP3 pipelining is used for TOP, RETR, and DELE, and the LIST and UIDL are issued only once per session. Pipelining can be enabled/disabled with the pipelining command and the --pipelining option. Parameters can be tweaked with pipeline_min, pipeline_max, and the corresponding options. - The UIDLs management is now much faster, in particular the comparsion of stored UIDs with the UIDs of the current POP3 session. Thanks to Dimitris Apostolou for the algorithm. - Changes taken from msmtp: - Added support for .netrc - Minor fix in net.c: net_open_socket() could have wrongly reported success in very obscure situations. Version 0.4.3: - Updated AUTHORS - Fixed a segfault bug (NULL pointer dereference) that could happen if --status-only was used or filtering fails because the server does not support TOP. Version 0.4.2: - Added -k as the short form of --keep - Server information mode supports the RESP-CODES and AUTH-RESP-CODE capabilities now. - Send one LIST command to get the sizes for all mails instead of one LIST command for each mail. This speeds up mail retrieval. - Implemented the only_new command / -n,--only-new option to process only mails that have not been retrieved before. This works with the UIDL command. UIDLs are stored in ~/.mpop_uidls (configurable with uidls_fil/--uidls-file). - Changes taken from msmtp: - Moved setting of default port from conf.c to mpop.c. Setting a port in a "defaults" section should now work correctly. - For all commands and options that accept the argument "on": also accept no argument, an treat that the same as "on". - Moved lib to gnulib and m4 to gnulib/m4 - Use gnulib module sysexits.h - Replace xmalloc.[ch] with gnulib module xalloc - Simplify crypto.[ch]: Always use gnulib md5. This avoids error checking that was necessary because of the libgcrypt code. - Fixed some pedantic compiler/lint warnings - Minor output format changes - Rewrote the OpenSSL specific hostname matching code: - It only allows one form of wildcard in the certificate name: "*." as the two leftmost characters. See the comment for hostname_match() in tls.c for the reasons for this. - It does not require memrchr() anymore, therefore the gnulib memrchr module was removed. - It does not break with "tcc -b" anymore. - Only replace characters for which iscntrl() returns true with question marks in mpop_sanitize(). Replacing every character for which isprint() is false is too restrictive. Now UTF-8 is passed through. - Updated paths.c from msmtp. The changes have no effect for mpop. - Added missing const qualifiers - Move allocation of the defaults account into read_conffile() to keep conf.c in sync with msmtp. This change has no effect for mpop. - sanitize more strings before printing them - fixed compilation on systems that don't have socklen_t, for example MacOS X Version 0.4.1: - Enable the password callback when compiled with GNU SASL support but using the built-in methods USER/PASS or APOP. I forgot this case when adding the callback support. - Added new detectable POP3 capability, POP3_CAP_CAPA, because not all servers support the CAPA command. Don't send CAPA again (for example after STLS) if the server does not support it. Print CAPA information in server information mode. Only resend CAPA after AUTH in retrievel mode if absolutely necessary. This should never be the case, but some servers are not 100% RFC conformant; see the comments in the code. - Changes taken from msmtp: - Better authentication error messages - Be more strict when checking the port/--port argument - Added the new connect_timeout command and --connect-timeout option. Suggested by Jim Fohlin. - configure.ac: only try to find GNU SASL manually if pkgconfig is not found - Added specialisation to account definitions. See documentation of the account command and the example files. Suggested by Jim Fohlin. Version 0.4.0: - print error messages from get_account_list() directly instead of first putting them to 'errstr': very long error messages (caused by very long account names) won't get truncated anymore. - Added a "defaults" command (suggested for msmtp by Jim Fohlin). The default_mda command is therefore obsolete and no longer supported. - Changes taken from msmtp: - Added a password callback function that reads a password via getpass() if needed. Suggested by lots of people. - Added a user configuration file permission check: It must have no more permissions than 0600. Suggested by lots of people. - Added a "defaults" command. Suggested by Jim Fohlin. - Added authentication mechanism EXTERNAL (both built-in and via GSASL). - Updated GnuTLS dependency to 1.2.0. - Accept self-signed certificates in the certificate chain in the default settings (tls_cert_check on, tls_trust_file unset). This only affects the OpenSSL code; the GnuTLS code did it already. - Improved the OpenSSL certificate name check (host name versus the subjectAltNames or the common name of the peer certificate). The improvements were partially taken from libesmtp-1.0.3r1, Copyright 2001-2004 Brian Stafford, Released under the LGPL. - Add SSL_CFLAGS and GSASL_CFLAGS to CFLAGS in configure.ac. Should fix compilation on various systems, including RH9. (Jim Fohlin) - moved md5_hmac function from smtp.c to the new crypto.c file - When neither GnuTLS nor OpenSSL is used, always use the gnulib MD5 implementation, even if the BSD MD5 API is available. The gnulib md5.h header shadows the system md5.h header, and trying to solve this results in a mess that isn't worth it. This fixes compilation with --disable-ssl on a system with the BSD MD5 API. - gnulib update - use automake 1.9.4 Version 0.3.1: - minor man page cleanup - updated msmtp files - make most commands and all options require an argument - allow empty configuration file - Proceed with --serverinfo even without authentication, just print a warning about it. Before, --serverinfo was unusable if valid authentication data was not available. Version 0.3.0: - Use getservbyname() to get the default port for pop3 or pop3s. Use 110/995 as fallback. - added short explanation to the name of the exit codes returned by mda or filter (if they are from sysexits.h) - added --mda option - implemented filter command and --filter option to set a mail header filter - updated TODO - fixed several memory leaks reported by valgrind - pop3_gets(): Do not return a partial POP3 input line in case of input errors - Changes taken from msmtp: - Fixed built-in CRAM-MD5 authentication. The error was introduced when switching to the gnulib base64 implementation. Reported by Martin Hauke. - the SHA1 and MD5 fingerprints of the peer's certificate were added to the certificate information output - --serverinfo: always print port number - cleanups in conf.[ch] - fixed the setting of the default port - killed prototype for nonexistant function from conf.h Version 0.2.0: - Many many small improvements, some of which I forgot to mention... - The progress output is now updated at most 100 times - Completely new command line options; see man page - Optional support for GSASL: replaces built-in PLAIN, LOGIN, and CRAM-MD5, and adds DIGEST-MD5, GSSAPI, and NTLM. USER/PASS and APOP are still built-in. - Improved error message when the POP3 server sends an invalid reply - Fixed signed/unsigned comparison in mpop_close_pipe() - Allow TLS commands in configuration file even if TLS support is not compiled in (an error message results). This allows sharing of the same configuration file between different versions of mpop. - Changes taken from msmtp: - use AM_CPPFLAGS = -I$(top_srcdir)/lib in src/Makefile.am and change #include <md5.h> to #include "md5.h" in smtp.c to solve the MD5 build issues. Also replaced #include "../lib/base64.h" with #include "base64.h" and killed the #ifdef'ed inclusion of "getopt.h" in msmtp.c: always include <getopt.h> - replaced the GnuTLS check in configure.ac with the AM_PATH_LIBGNUTLS macro that comes with GnuTLS - fixed the --pretend option: - it now prohibits the execution of mpop_serverinfo() even if --serverinfo was given - the printed configuration contains only the information that is actually used - OpenSSL code in tls.c: allow Common Names of arbitrary length during certificate check - minor cleanups in net.c, tls.c, and mpop.c - improvements to the Windows mkstemp() replacement function in paths.c - fixed a potential segmentation fault in DOS/DJGPP specific code in tempfile() - added the field 'conffile' to account_t for better error messages in msmtp.c - added the field 'mask' to account_t and adjusted conf.c and msmtp.c accordingly - Require GNU SASL >= 0.2.4, because it contains a new DIGEST-MD5 implementation. - Replaced base64.[ch] and md5_algo.[ch] with the gnulib modules base64 and md5. Moved md5_hmac() from md5_apps.c into smtp.c and removed md5_apps.[ch]. Updated man page and AUTHORS accordingly. Removed README.md5. - The auth command is now required to activate authentication. It is not sufficient to use user/password anymore. This allows switching off authentication with --auth=off - Imported the gnulib module getopt: long option support for all platforms - reactivated xmalloc.c to make the code more readable - Rewrote expand_tilde() (from paths.c) - Error handling: eliminated merror.[ch]. Replaced it by an int return value and an additional argument 'char *errstr' where necessary. Various minor changes to error messages. Eliminated static buffer in tls.c. Version 0.1.4: - Check that the value of numbers from the LOGIN-DELAY and EXPIRE responses to the CAPA command is >= 0 - Made mmda.sh work in more environments, including Solaris. Return EX_USAGE or EX_IOERR instead of 1 on errors. - Changed error code in case of too long authentication data from EX_SOFTWARE to EX_DATAERR - Changes taken from msmtp: - Portability improvement: added missing declaration of h_errno to net.c. Thanks to Marco for reporting this. - New configure option --disable-win32-ipv6 to disable IPv6 on Windows and thus build binaries that run on any Windows version, not just XP and newer. See the updated README.win32 file. Thanks to Thomas Davies for pointing out this problem. - Fixed typos in conffile.c error message - Fixed typo in tls.c error message (OpenSSL code only) - Changed error messages: "bla [blub]" -> "bla: blub" - Improved some TLS error messages - Changed return code in case of authentication error from EX_DATAERR to EX_NOPERM - Changed return code in case of missing/invalid configuration file or nonexistent account from EX_NOINPUT/EX_DATAERR to EX_CONFIG - net.c, Windows specific code: moved translation of error code from WSAStartup() from net_lib_init() to wsa_strerror() - OpenSSL specific code in tls.c: minor cleanup in openssl_io_error() - Clarified usage instructions of merror() in merror.h - Make the output of -h/--help and -v/--version consistent with the GNU utilities by including copyright and no-warranty notice (version) and a short description and the bug report address (--help). - Add missing declarations of optarg and optind to mpop.c, needed for getopt() handling. No compiler complained so far, though. - updated automake files to version 1.8.5 - configure.ac: check that pkg-config exists before trying to use it - configure.ac: improved detection of network settings. - configure.ac: improved checks for OpenSSL and GnuTLS - configure.ac: fixed display of warning when neither OpenSSL nor GnuTLS is found and --disable-ssl was not explicitly used - updated README.win32, README.dos - Use getaddrinfo() on Windows (but not gai_strerror()). This enables IPv6 support for Windows. - clarified an error message in tls.c (only OpenSSL affected): "cannot establish TLS connection" -> "TLS handshake failed" Version 0.1.3: - do not expect POP3 responses to end with '\n' (a similar problem was reported for msmtp by Ralph Siemsen) - do not reset the POP3 server with the RSET command when an error occured. This prevents double download of mails. - pop3 error messages are sanitized before printed in an error message: non-printable characters (!isprint(c)) are replaced with a question mark. - removed all `...' quoting from error messages: `bla' -> bla Version 0.1.2: - updated msmtp sources to 1.2.1 - fixed IMPLEMENTATION info with -S/--serverinfo: it is not converted to uppercase anymore. - fixed the -q/--quiet flag - made the mmda.sh script work with Solaris /bin/sh - if an error occurs during mail retrieval, an extra error message containing the account name and configuration file gets printed. - prefer SASL AUTH PLAIN over USER/PASS authentication when both are available, because PLAIN needs only one command/response step and USER/PASS needs two - erase POP3 server message buffer at the start of pop3_auth() - -S/--serverinfo: don't print server greeting string if its length is zero Version 0.1.1: - The following configuration file commands were implemented: default_mda, killsize, skipsize - The exit status of the MDA is now checked correctly - Many cleanups Version 0.1.0: - initial public release; 90% of the code comes from msmtp read the TODO file to find out about missing and untested features!