2
- Require either tls_trust_file or tls_certcheck=off for TLS sessions, so that
3
mpop is not silently vulnerable to man-in-the-middle attacks.
4
- Gnulib update 2007-04-07.
5
- Protect against the man-in-the-middle attack on APOP authentication as
6
described in CVE-2007-1558. This is done by doing sanity checks on the
7
APOP timestamp in the server greeting.
8
However, this probably makes attacks only harder. It will not make them
9
impossible. Therefore, APOP authentication is never used automatically
10
anymore unless TLS is active.
11
- Do not use NTLM authentication automatically anymore unless TLS is active.
12
NTLM is not an open standard and must therefore be considered broken.
15
- Move build-aux files to separate directory build-aux.
16
- Gnulib update 2007-03-19.
17
- Improve and generalize workaround for pop.gmail.com RFC violations. This
18
enables automatic pipelining support for pop.gmail.com and some other
20
- Provide a hstrerror() function for systems that lack getaddrinfo() (so that
21
gethostbyname() must be used instead) and that do not provide hstrerror()
22
themselves. Needed for Solaris 2.6. Reported and tested by Chris Green.
25
- Add a workaround for the Comcast.net POP3 server: allow more than one space
26
before the UID in an UIDL response, even though RFC 1939 says it must be
27
exactly one. Reported and fixed by Benji Fisher.
30
- Updated copyright info to 2007.
31
- Added an "auto" setting for pipelining and made it the default. "on" and
32
"off" now force pipelining on or off regardless of server capabilities.
33
Thanks to Jeremy C. Reed for suggestions on this.
34
- Gnulib update to 2007-01-10.
35
- Switch to autoconf-2.61 and automake-1.10, to avoid problems with configure
36
trying to run "sh /usr/bin/install" where /usr/bin/install is not a shell
37
script on NetBSD. Reported by Jeremy C. Reed.
38
- Put the POP3_PIPELINE_MIN and POP3_PIPELINE_MAX definitions into #ifndef ...
39
#endif so that they can easily be set via CFLAGS. Thanks to Jeremy C. Reed
41
- Remove the obsolete "extern int errno;" declaration. It does not conform to
42
POSIX and causes trouble. Thanks to Jeremy C. Reed for the patch.
43
- Added AC_SYS_LARGEFILE to configure.ac, for large file support. Removed the
44
unnecessary AC_C_CONST and AC_HEADER_STDC.
2
47
- Remove gnulib module nanosleep. This fixes more build problems.