-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Corinna, and everyone else who is interested, checking <https://cygwin.com/packages/summary/fetchmail.html>, I see that Cygwin packages a very old fetchmail version that has unfixed security vulnerabilities and unfixed critical (data loss) bugs. Constructively moving forward, please: 1. I am about to release 6.4.0 in a few weeks' time with a few important SSL/TLS/OpenSSL updates that permit newer OpenSSL versions, require OpenSSL v1.0.2, and practically permit TLS v1.3 if linked against a sufficiently new OpenSSL. We're shy of 200 commits since the last formal release 6.3.26, and 276 changes past 6.3.21, the younger x86 (32bit) package for Cygwin. High-level details in the NEWS file linked below. Care was taken to not break the interfaces too hard, but in the sense of security, I carefully changed --sslproto semantics and flipped the switch 2. Note that fetchmail has seen several SECURITY and CRITICAL bug fixes since 6.3.21/6.3.22. Review <https://gitlab.com/fetchmail/fetchmail/blob/legacy_64/NEWS> for details, and look for these two capitalized words. 3. Please try to package 6.4.0.rc2 for x86 and x86_64 against Cygwin's libssl1.1, and see if you find any portability issues that would require fixing before 6.4.0. Deadline end of August 2019, and unless really needed for non-trivial code changes, rc2 is also the planned final candidate. Source tarballs and detached ASCII-armored GnuPG signatures at <https://sourceforge.net/projects/fetchmail/files/branch_6.4/>. Thanks for your consideration. Regards, Matthias Andree - upstream fetchmail maintainer -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3EplW9mTzUhx+oIQ5BKxVu/zhVoFAl1cMpoACgkQ5BKxVu/z hVrMORAAtRXCpG6lTsZNdPuu5NDquyWia6sfzptFl7FaNoD8cB2hTsoS7lBgW0VQ ulL2Y1xYdR4+JCg0i7656ZQhzpVM2qKnect4oFFfo5mx1vkrQYQQMiB3FACPF3zU OItP7nEngfmL30aDynYkrPH1+P4BY8GyZHML6KnD53jKNu5ZZBijGztV0HYjjAUd Nhmxm5GdF5uB1V6v4/c8cXDEf2xBdgMwBiU02YPLVI/8zixZR3EXLdNVcggl0Qbm 5+xe4oTw6EqY2VxUm9obs/U17bWm/10afcmm6ioo0xUXSTq5asF+2HD5WipHuhiW Zm/PPK6SVOwi32M2gzXqb3ZDqtuH9byUKZQw+LGVePsjrU1jU8F84c+5iq35g1RX TCloJWckBdflXR4Jda6yvlZstm6pd1PnQVXdw5Wl1Nwb+wAvEbV++dIvCbZuRKgI kEZBUOApyI8J0LMalxCyGAIykY+VLDsFSbcgCDuAFvrjpIyBBcKC2z0x2Y4gpxSS q4oLhTdjv+WUbVHBwN/NjroMhoNrX7zpFnGQFFjK2zVlSMMR+/aIsUUTX0v6aXZk WMMRrhtE1wiIgn7fqgxJ5oukz1Cp5qKB8NIIt5g+VgvZPpwuXXiaZ5Hw81wENzaL VN998lBF3q3K6+VDhmvdXFcilrgW5XnMoPOfTqlDKXYV5G8KY6k= =v7yh -----END PGP SIGNATURE----- -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
