ChangeLog.old

Version 1.2.0rc1:
- GSSAPI authentication is not chosen automatically anymore, you have to
  request it manually.
- GNOME Keyring support now uses libsecret instead of libgnome-keyring.
- Libidn is not required for IDN support anymore on systems where getaddrinfo()
  supports the AI_IDN flag and the GnuTLS version is >= 3.4.0.
- Add proxy_host and proxy_port commands and corresponding options to use a
  SOCKS proxy.
- Remove the obsolete tls_force_sslv3 command and --tls-force-sslv3 option from
  the documentation. They are still accepted by msmtp for compatibility, but
  have no effect anymore.
- Disable SSLv3 in addition to SSLv2.
- passwordeval: Remove \r in addition to \n from command output, for Windows
  systems.

Version 1.0.29:
- Fix crash on missing argument to the --passwordeval option (Debian bug
  #716572).

Version 1.0.28:
- Fixed building of the documentation with texinfo >= 5.0.

Version 1.0.27:
- Update autotools files.
- Improve error message on connection failures in some IPv6/IPv4 situations.

Version 1.0.26:
- Always use the internal MD5 functions for the built-in CRAM-MD5
  implementation; never use the ones from OpenSSL. This fixes problems with
  configurations that use OpenSSL and do not use GNU SASL. Thanks to Gleydson
  Soares and Moritz Wilhelmy for providing information and for testing the fix.
- Fix a compiler warning with current OpenSSL versions.

Version 1.0.25:
- Fix DIGEST-MD5 authentication, accidentally broken in 1.0.23.
- Deprecate DIGEST-MD5 authentication as per RFC 6331.

Version 1.0.24:
- Remove unmaintained translations (es, pt_BR).
- Simplify manual license: use a simple permissive license instead of GNU FDL.
- Replace a call to gnutls_protocol_set_priority(), which is deprecated in
  GnuTLS >= 2.12.0. Fixes Debian bug #624048.
- Remove gnulib, for simplicity and maintainability.
- Update GNU autotools files, in particular configure.ac.

Version 1.0.23:
- Fix authentication with SCRAM-SHA-1 via libgsasl. Reported and analyzed by
  Steffen Lehmann.

Version 1.0.22:
- Add a new received_header command and --received-header option, to disable
  the Received header if required.
- Update gnulib to 2010-12-23.
- Add a new passwordeval command and --passwordeval option, to set the password
  from the output of a command. Written by Martin Stenberg for msmtp.

Version 1.0.21:
- Update gnulib to 2010-07-03.
- Report platform in --version output.
- Fix building with newer OpenSSL versions. Reported and tested by Peter Baur
  for msmtp.
- Fixed building without TLS/SSL support. Reported by Tan Ker Vin for msmtp.

Version 1.0.20:
- Update gnulib to 2010-03-20.
- Support authentication mechanism SCRAM-SHA-1 via GNU SASL.
- New command tls_fingerprint to trust one particular TLS certificate.
- Change whitespace: Avoid tabs and whitespace at end of lines.
- Fix Mac OS X Keychain support to use POP3 instead of SMTP passwords.
- Update the documentation of keyring usage.
- Add the mpop-gnome-tool.py script to manage Gnome Keyring passwords for
  mpop. Thanks to Gaizka Villate and Emmanuel Bouthenot.
- Fix single quotes in man page.
- Add pt_BR translation, provided by Rudá Moura. Thanks!

Version 1.0.19:
- Properly handle NUL characters in the Common Name or Subject Alternative
  Name fields of certificates when using OpenSSL. This fixes the security
  problem described in <http://www.blackhat.com/presentations/bh-usa-09/
  MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-PAPER1.pdf>.
- Properly mask minus characters in the man page to prevent groff from
  converting them to hyphens. Reported by Emmanuel Bouthenot.
- Handle network share names correctly when creating directories for UIDLS
  files on W32. Bug reported by Dan.
- Handle mail boxes larger than 2 GiB even on 32bit systems. Based on a patch
  by Renato Schmidt. Thanks!

Version 1.0.18:
- Make writing of UIDLS files more robust. Avoid invalid file contents when
  mpop is killed while writing the file.
- Use proper binary prefixes when handling sizes.
- Update gnulib to 2009-09-08. Add modules mkstemp and rename.
- Add support for delivery to MS Exchange pickup directories, based on a patch
  by Julien Larigaldie.
- Use fflush() before fsync(), to ensure that all data reaches the disk.
- Maildir delivery: check for zero-length hostname.

Version 1.0.17:
- Update gnulib to 2009-04-11.
- Update gnulib to 2009-03-07. Remove gnulib modules fseek/fseeko/lseek because
  they cause errors on MinGW: files opened with "r+" cannot be written to.
  Provide our own fseeko instead if it does not exist; see configure.ac.
- Improve test for non-existing UIDLS file.
- Fix an invalid memory access in pop3_retr().
- Document that maildir delivery requires a file system that supports hard 
  links.
- Use more gnulib modules to remove more W32 workarounds from the source.
- Add missing gnulib module strerror for meaningful error messages on W32.

Version 1.0.16:
- Remove most W32-specific code from net.c and use the appropriate gnulib
  modules instead.
- Gnulib upate to 2008-12-24.
- Added a vim syntax file for mpoprc files to scripts/vim. The file was
  originally written by Simon Ruderich for msmtp. Thanks!
- Unified handling of the Gnome and MacOS keyrings. Both are disabled by default
  and must be enabled using --with-*-keyring options.
- From msmtp: Support for SYSCONFDIR/netrc (as a fallback for ~/.netrc) was
  added by Jim Pryor. Thanks!
- Added support for the GNOME Keyring. Originally written by Satoru SATOH for
  msmtp. Thanks a lot!

Version 1.0.15:
- Fix retrieval of mails that have no body.
- Do not allow comments in UIDLs files after the first non-comment line, to
  prevent UIDs starting with '#' from being treated as comments. Bug reported
  by Robert Siemer.

Version 1.0.14:
- Added the new tls_crl_file configuration command and the corresponding
  --tls-crl-file option.
- Added the new tls_min_dh_prime_bits configuration command and the
  corresponding --tls-min-dh-prime-bits option.
- Added the new tls_priorities configuration command and the corresponding
  --tls-priorities option.
- Gnulib upate to 2008-06-02. Use getpass-gnu instead of getpass module.
- Document how to use 'killsize 0' and 'keep on' to synchronize the UID list
  of the client to the UID list of the server. Suggested by Dimitrios Apostolou.
  Thanks!
- Use uidls_uidcmp() as a comparison function for qsort() and bsearch().
  Eliminate a duplicate function in pop3.c. Suggested by Dimitrios Apostolou.
  Thanks!
- Call fsync() after writing the UIDLS file. Suggested by Dimitrios Apostolou.
  Thanks!
- Faster UIDL implementation: Do not create a sorted list of received UIDs. Do
  a binary search for every received UID instead. Patch by Dimitrios Apostolou.
  Thanks!

Version 1.0.13:
- Buffer read operations also when TLS/SSL is active. Fixes performance problems
  with GnuTLS, reported by Dimitrios Apostolou.
- Fixed a potential problem with VPATH builds.
- Small optimization in insert_sorted() in pop3.c, by Dimitrios Apostolou.
- Updated gnulib to 2008-02-26. Imported havelib module.
- Use locale-independent c_toupper() instead of toupper() to avoid problems
  with the tr_TR.UTF-8 locale. Reported by S.Çağlar Onur for msmtp. Thanks!
- Support for the Max OS X keychain was added by Jay Soffian (originally for
  msmtp). Thanks a lot!
- Fix typos in the man page.
- Fix network input/output timeouts for W32. Bug reported and fixed by
  Shoorick. Thanks!

Version 1.0.12:
- Gnulib update to 2007-11-27.
- Don't count already retrieved messages twice. This fixes a segfault when
  only_new is off and header or size filtering is on. The bug was introduced in
  the previous change; no released version is affected.
- If a filter decides to delete a mail, then additionally mark it as
  retrieved. This prevents to filter the mail again in a later session when 
  the 'keep' option is set.
- Fix default UIDLS file on the W32 platform: Use '\' as directory separator,
  not '/'. Reported by Ricky Thomas.

Version 1.0.11:
- Update the license of the source code to GPLv3 or later, and change the 
  license of the documentation to the GFDLv1.2 or later.
- Gnulib update to 2007-07-15.
- Add new option -Q / --half-quiet to print only status information but no
  progress information. Suggested by Dimitrios Apostolou.
- Set the default timeout to 180 seconds = 3 minutes. This prevents sessions
  from hanging forever. Suggested by Dimitrios Apostolou.
- Make the POP3 commands UIDL, LIST, and DELE abortable. This is useful for
  mailboxes with many thousand mails.
- Update the UIDL state after mail retrieval, and save this state in case of
  errors in DELE or QUIT. Only update the UIDL state again after successful
  DELE and QUIT, and then save this state. This prevents an incorrect UIDL
  state if the DELE commands are aborted, for example. Bug reported by 
  Dimitrios Apostolou.

Version 1.0.10:
- Fix UIDL handling: the first character of UIDs was ignored.
- Improve APOP timestamp checks. Thanks to Carlos Martín Nieto for a
  discussion of this.
- Add documentation on how to find the right CA certificate for
  tls_trust_file. Thanks to Bryan Kam for suggestions.
- Improve the documentation for TLS vs. SSL and STARTTLS vs. POP3-over-TLS.
  Thanks to Carlos Martín Nieto for suggestions.
- Update the spanish translation (Carlos Martín Nieto).

Version 1.0.9:
- Require either tls_trust_file or tls_certcheck=off for TLS sessions, so that
  mpop is not silently vulnerable to man-in-the-middle attacks.
- Gnulib update 2007-04-07.
- Protect against the man-in-the-middle attack on APOP authentication as
  described in CVE-2007-1558. This is done by doing sanity checks on the
  APOP timestamp in the server greeting. 
  However, this probably makes attacks only harder. It will not make them
  impossible. Therefore, APOP authentication is never used automatically 
  anymore unless TLS is active.
- Do not use NTLM authentication automatically anymore unless TLS is active.
  NTLM is not an open standard and must therefore be considered broken.

Version 1.0.8:
- Move build-aux files to separate directory build-aux.
- Gnulib update 2007-03-19.
- Improve and generalize workaround for pop.gmail.com RFC violations. This
  enables automatic pipelining support for pop.gmail.com and some other 
  servers.
- Provide a hstrerror() function for systems that lack getaddrinfo() (so that
  gethostbyname() must be used instead) and that do not provide hstrerror()
  themselves. Needed for Solaris 2.6. Reported and tested by Chris Green.

Version 1.0.7:
- Add a workaround for the Comcast.net POP3 server: allow more than one space
  before the UID in an UIDL response, even though RFC 1939 says it must be
  exactly one. Reported and fixed by Benji Fisher.

Version 1.0.6:
- Updated copyright info to 2007.
- Added an "auto" setting for pipelining and made it the default. "on" and
  "off" now force pipelining on or off regardless of server capabilities.
  Thanks to Jeremy C. Reed for suggestions on this.
- Gnulib update to 2007-01-10.
- Switch to autoconf-2.61 and automake-1.10, to avoid problems with configure
  trying to run "sh /usr/bin/install" where /usr/bin/install is not a shell
  script on NetBSD. Reported by Jeremy C. Reed.
- Put the POP3_PIPELINE_MIN and POP3_PIPELINE_MAX definitions into #ifndef ...
  #endif so that they can easily be set via CFLAGS. Thanks to Jeremy C. Reed
  for the patch.
- Remove the obsolete "extern int errno;" declaration. It does not conform to
  POSIX and causes trouble. Thanks to Jeremy C. Reed for the patch.
- Added AC_SYS_LARGEFILE to configure.ac, for large file support. Removed the
  unnecessary AC_C_CONST and AC_HEADER_STDC.

Version 1.0.5:
- Remove gnulib module nanosleep. This fixes more build problems.

Version 1.0.4:
- Gnulib update. Remove the gettimeofday module. There are no local changes
  to the gnulib code anymore.
- Do not use the gnulib gettimeofday module anymore. Use a local replacement
  in delivery.c instead.
- Do not use nanosleep() on W32 anymore. Use Sleep() instead.
  Do not use nanosleep() on DJGPP anymore. Use usleep() instead.
- Update gettext files to gettext-0.16.
- Improved the configure check for the OpenSSL libraries. This fixes a build
  failure on Mac OS X. Reported for msmtp by Michael Williams, who also tested
  the fix. Thanks!
- Fix a bug in string_replace(). This bug did not affect mpop.

Version 1.0.3:
- Improved configuration file examples in the documentation.
- Fix GNU SASL support: replace #ifdef HAVE_GSASL with #ifdef HAVE_LIBGSASL.
  The old code did not actually use GNU SASL. This bug was introduced in 1.0.2.
- Prevent to write UIDLs files that we cannot read back:
  - Do not allow UIDs to start with a space.
  - Allow UIDLs file lines to be long enough to hold the longest
    UID that we would accept from a server.
- Added spanish translation by Carlos Martín Nieto. Thanks a lot!
- Correct the documentation of "~/.mpop_uidls" in mpop.1 and mpop.texi.
- Gnulib update. Removes the initialization of pkgdata_DATA from
  gnulib/Makefile.am, thanks to a fix by Bruno Haible. 'make install' will no
  longer create an empty directory $(pkgdatadir) anymore (the default for
  $(pkgdatadir) is /usr/local/share/mpop). Reported by Roman Bogorodskiy.

Version 1.0.2:
- Gnulib update. The modules nanosleep and gettimeofday still differ from the
  official gnulib source.
- Disable SSLv2 because it has known flaws. This only affects the OpenSSL
  version because GNU TLS does not implement SSLv2.
- Add new command tls_force_sslv3 and option --tls-force-sslv3 to force
  TLS/SSL version SSLv3. This might be needed to use SSL with some old and 
  broken servers. Closes msmtp Debian bug #374610, reported by Marko Mäkelä.
  Thanks to Julien Louis for tracking this problem down and testing the patch.
- Changed detection of libgnutls so that it works with version >= 1.2.0 again.
- Improvements for the build system:
  - Quote arguments of M4 macros.
  - Use AC_LIB_HAVE_LINKFLAGS to detect libraries. Do not use *-config scripts
    or pkg-config. This avoids problems that are reported in this thread:
    http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/
    1610/focus=1610 .
  - Use HAVE_LIB* macros instead of USE_* or others, for consistency.
- Link with LIB_NANOSLEEP as determined by the gnulib nanosleep module. This
  fixes build problems on Solaris. Reported by Daniel Rechsteiner for msmtp. 
  Thanks!
- Allow '+' and '/' in Return-Path mail addresses; do not replace them with '_'.
  Fix documentation of which characters are allowed and which are replaced,
  both in the code and in the user documentation for %F expansion.

Version 1.0.1:
- Changed the default UIDLS file from "~/.mpop_uidls" to
  "~/.mpop_uidls/%U_at_%H".
- Gnulib update. The modules nanosleep and gettimeofday still differ from the
  official gnulib source.
- Update to gettext-0.15.
- Improve error message if directories for the UIDLS files cannot be created.
- Allow to use special files like /dev/null to be used as an MBOX file,
  by ignoring an fsync() failure if and only if (errno == EINVAL). Suggested by
  Marco Ferra. Thanks!
- Make error messages of the maildir and mbox delivery methods more verbose.
- Fixed types of variables that are changed by signal handlers: they are
  'volatile sig_atomic_t' now.
- Adapt --version output to the latest GNU conventions.
- Clean up #includes.
- Move check for delivery information from main() into check_account().
- Added support for %U and %H expansion in UIDLS file names. This allows to 
  have per-account UIDLS files with just one setting in the defaults
  section.
- Automatically create directories needed to store the UIDLS file.
- Gnulib update. Added the xstrndup module. The modules nanosleep and
  gettimeofday still differ from the official gnulib source.
- Move string_replace from delivery.c to tools.[ch] to make it available to
  other modules.
- Renamed os_env.[ch] to tools.[ch].
- Replace __MINGW__ with W32_NATIVE in os_env.h.
- Check that the first command in the configuration file is either account or 
  defaults. This fixes a crash (NULL pointer dereferencing) when the first 
  command in the file is valid but does not belong to an account.
- W32 port: Fixed the replacements for the WIFEXITED and WEXITSTATUS macros in
  delivery.c. Thanks to Gizbern for the bug report.
- Minor documentation improvements.
- Enable network connection timeouts on DJGPP/Watt32. Thanks to Gisle Vanem for
  pointing out that this works just like it does with UNIX. The DJGPP/Watt32
  port is now on par with the UNIX port.
- Update README.dos.
- Don't check configuration file permissions on Cygwin.

Version 1.0.0:
- Gnulib update. Added gettimeofday module.
  Note that a locally modified copy of gnulib was used. It contains patches for
  the getpass, nanosleep, and gettimeofday modules, plus the additional module 
  sys_select. All of these changes were submitted to the bug-gnulib@gnu.org
  mailing list, but they are not integrated yet.
- Removed some W32 specific defines from delivery.c because they are not 
  necessary with current MinGW versions.
- Removed ftruncate-for-W32 hack in uidls.c, because newer MinGW versions have
  ftruncate().
- Renamed README.win32 to README.w32. Updated README.w32 and README.dos.
- Replace '#ifdef _WIN32' with '#ifdef W32_NATIVE', where W32_NATIVE is defined
  in config.h if the following is true:
  '#if (defined _WIN32 || defined __WIN32__) && !defined __CYGWIN__'.
  The reason is that Cygwin defines _WIN32 nowadays, but we want the UNIX API
  on that platform.
- Include config.h in list.c.
- Fix warnings emitted for configure.ac by autoreconf.
- Added -a, --all-accounts option to query all accounts in the configuration
  file (suggested by Jimmy Lolla). Changed short option for --auth-only from 
  -a to -A.
- Fixed handling of weird UIDs:
  1. When checking for control characters, use c_iscntrl() instead of iscntrl(),
     to be independent of the user's locale.
  2. Use POP3_EUNAVAIL as the error code for "Server does not support the UIDL 
     command". All other error codes are critical.
  Bug reported by Marcelo. Thanks!
- Lock the UIDLS file once and keep the lock as long as the UIDLS data is used.
  This prevents loss of UIDs (and therefore multiple deliveries of the 
  corresponding mails) when multiple mpop processes use the same UIDLS file.
- lock_file(): If another process holds a lock on the file, then wait 1/10 
  second instead of 1 second before the next try.
- Gnulib update. Added nanosleep module.
- Improve error handling for file locking: differentiate between timeouts and
  other errors.

Version 0.8.5:
- Improve checks for libraries in configure.ac. The ./configure options have
  changed! See INSTALL for more info.
- Improve --version output.
- Add (optional) support for Internationalized Domain Names (IDN) via
  GNU Libidn.
- Initialize TLS only if pop3_connect() succeeded.
- Move SSL_LIBS and GSASL_LIBS into LIBS; do not put them in Makefile.am.
- Fix memory leak in GNU SASL variant of pop3_auth().
- Fix memory leak in GnuTLS variant of tls_cert_info_get().
- mpop_serverinfo(): If auth fails and this is ignored, then reset
  the error message and error string.
- Sync pop3_auth() with smtp_auth() from msmtp. Affects only comments.
- mpop_serverinfo(): Only resend CAPA if authentication succeeded.
- pop3_auth(), GNU SASL variant: 
  - Check if authentication data is complete before trying to start
    authentication.
  - Never call password_callback() when no user name is given.
- Prevent a double free if an invalid argument to the auth command is given.
- Prevent a double free if an invalid argument to --auth is given.
- Replace crypto.[ch] with gnulib hmac-md5 module.
- Gnulib update. Add hmac-md5 module.
- net.c, tls.c: allow all network operations to be interrupted with CTRL+C,
  and print an appropriate error message in this case.
- tls.c: if an error occurs, clean up *after* building the error message. This
  fixes a potential segfault in the OpenSSL version of tls_start().
- net_open_socket(): don't let net_close_socket() clobber errno.
- net_open_socket(): print correct error message if getaddrinfo() returns 
  EAI_SYSTEM.
- MDA delivery method: handle SIGPIPE. Now mpop gives a proper error message
  if the MDA process dies without reading the mail data.
  This also affects filtering since the filter delivery method largely reuses
  the MDA delivery method code.
- delivery_method_mda_open(): flush stdout and stderr before calling the MDA,
  so that its output won't be intermingled with mpop's output.
- Fixed a comment in net.h.
- net_get_canonical_hostname(): Only call freeaddrinfo() if getaddrinfo()
  succeeded. Reported and fixed by Raúl Núñez de Arenas Coronado.
- Removed the simple_mbox delivery method because it is unnecessary.
- Minor documentation improvements.

Version 0.8.4:
- Minor Win32 portability/cross-compilation updates.
- Gnulib update.
- Documentation updates.
- The only_new command and --only-new option were re-added, but with slightly
  different meaning and a different default value. The default behaviour is
  completely compatible to all 0.8.x version.
- Fix UIDLS file handling: make sure that uids appear in ascending order.
  Older versions wrote unsorted uid lists. If such a file is read, detect this
  and sort the lists.
- Print --debug output to stdout instead of stderr, since it is requested
  output. Noted by Aliaksandr Lakhanko.
- Changes taken from msmtp:
  - configure.ac: Rely on PKG_CHECK_MODULES to find GSASL, do not fall back to
    manual detection, to prevent using an incompatible version of GSASL.
    Problem reported by Jari Aalto.
  - Gnulibs sysexit_.h now defines EX_OK; there's no need to use a locally
    modified version anymore.
  - Use a locally modified version of gnulibs sysexit_.h that defines EX_OK to
    0, since the gnulib maintainers apparently won't fix this file.
    Include the sysexits.h header after all other system headers to override 
    previous definitions of EX_OK on systems that use EX_OK for other purposes.
    This is needed on Interix, reported by Ben Collver.

Version 0.8.3:
- gnulib update.
- Expect sorted UIDLS files. This means that files written by versions prior
  to 0.5.0 are not accepted anymore.
- Fixed -d and -P output for "delivery" when maildir is used.
- Changes taken from msmtp:
  - adapted configure.ac for new pkg-config version
  - Use gnulib socklen module for socklen_t.
  - W32: Enable maildir delivery.
  - W32/DJGPP: Use all files/streams in binary mode.
  - W32: Allow %HOME% to override default user configuration directory.
  - W32: Enable getpass and netrc functionality.
  - Do not rely on a failing malloc setting errno in xalloc_die()
  - Shut down a GnuTLS TLS session with GNUTLS_SHUT_WR instead of
    GNUTLS_SHUT_RDWR. This prevents session hangs in certain situations.
    It is safe to do this because we never reuse a connection when TLS was shut
    down. Thanks to Jens Kammler for the problem report!
  - Make the GnuTLS code accept old version 1 CA certificates when verifying
    certificates.
  - Renamed LOCK_(READ|WRITE) to OSENV_LOCK_(READ|WRITE) in os_env.[ch] to avoid
    name clashes with <fcntl.h>

Version 0.8.2:
- gnulib update
- unified all "... aborted" error messages to "operation aborted"
- Updated README. Removed README.gsasl.
- Don't accept empty UIDs or UIDs containing control characters.
- Whitespace fixes, cleanups
- Removed TODO file
- Changes taken from msmtp:
  - Removed the OpenSSL exception note from the license information. This was
    necessary because mpop uses GPL'ed gnulib modules.
  - Avoid system call in net_puts() when there's no data to send
  - Updated netrc.c from fetchmail-6.2.6pre4
  - Renamed the --disable-win32-ipv6 configure option to
    --enable-win2000-and-older, because it applies to more than just IPv6
    support.
  - Retry gnutls_handshake() when the non-fatal error E_INTERRUPTED occurs.
  - Properly handle OpenSSL errors that occur due to interrupted system calls:
    retry the operation. This also fixes the "cannot read from TLS connection:
    operation timed out" message when CTRL+C was pressed. Now the correct error
    message is printed: "<operation> aborted".

Version 0.8.1:
- Really delete stale messages (messages that were retrieved and delivered
  successfully in a previous session) instead of just ignoring them.
- Fix error messages for network input/output timeouts. This affects reading
  and writing raw sockets, OpenSSL connections, and GnuTLS connections.
- Only send QUIT when necessary
- Cosmetic change in --pretend/--debug configuration dump

Version 0.8.0:
- gnulib update
- Fix handling of servers that do not use pipelining.
- Replace the connect_timeout setting with a timeout setting that not only
  applies to connection attempts but also to input/output operations.
- Never retrieve mails that were already successfully deliverd.
  Remove the now useless only_new command and only-new option.
- Always record received messages in the UIDLs file, even in case of errors
  or certain signals. This means that the state of a session is now always
  correctly saved in the UIDLs file.
- Changed failure error message.
- Lock the UIDLs file so that multiple instances of mpop can safely coexist.
- Switch mbox locking in delivery.c to the new lock_file() function.
- Added a new function lock_file() to os_env.[ch], used for platform independent
  file locking.
- Enable or disable pipelining automatically if ther server supports the CAPA
  command. The "pipelining" command is ignored unless the server does not
  support CAPA. Thanks to Vo^ Danh for his feedback.
- Minor documentation improvements
- Fixed possible memory leak in pop3_get_addr()
- Clarified some comments and error messages.
- Replaced combinations of static buffers and snprintf with variable buffers
  and xasprintf in mpop.c

Version 0.7.0:
- gnulib update
- cleaned up uidls.c
- The pipelining paramters pipeline_min and pipeline_max are no longer
  configurable in the configuration file or on the command line. They
  are compile time constants defined in pop3.c now.
- Pipelining will automatically be enabled for all servers that advertize
  this capability.
- Moved the pipeline_min and pipeline_max parameters into pop3_session_t,
  where they are properly hidden from the user of pop3.[ch].
- Added gnulib modules xvasprintf. Use xasprintf where appropriate to avoid
  the need for static buffers with unknown required length.
- Simplifications: 
  - eliminate some error conditions by using safe fallbacks
  - don't print special error messages when the system setup is obviously
    completely broken
- Updated all occurrences of the address of the FSF (all .h and .c files, 
  configure.ac, COPYING, mpop.texi)
- Added german translation
- Improved some error messages
- Added gettext support
- Minor documentation improvements
- Let gcc know about unused variables to suppress warnings. The UNUSED macro
  used for this purpose is written into config.h. The logic that defines it 
  to be empty when the compiler is not a recent gcc was taken from
  coreutils-5.2.1.
- Show the canonical hostname and network address of the POP3 server in 
  --serverinfo output (only if these informations are available).
- Prepend a Received: header to each received mail before delivering
- Update documentation of $USER, $LOGNAME
- Renamed paths.[ch] to os_env.[ch] and added new function get_username()
- Don't change count_newline_as_crlf when filtering in pop3_delivery()
- Some whitespace / style fixes
- Fixed error detection for strtol(): LONG_MAX is a valid return value if
  errno != ERANGE (errno must be reset before strtol).
- Handle the CAPA reply for the EXPIRE and AUTH keywords case insensitively
- Make maildir sequence numbers unique for a whole process lifetime, not only
  for the lifetime of one delivery method.
- Don't allow more than POP3_MAX_MESSAGES messages on the POP3 server, to
  protect against size_t overflows in memory allocations that depend on the
  total number of messages.
- Fixed replacement of '/' and ':' in hostnames for maildir filenames.
- Changes taken from msmtp:
  - Clarification and fixes of comments in paths.c
  - Remove superfluous password nulling in msmtp_password_callback()

Version 0.6.3:
- Improved maildir filenames.
- Maildir is now available on DJGPP systems, too, though you obviously need
  long filename support.
- Changes taken from msmtp:
  - Don't call gnutls_record_send() in the GnuTLS version of tls_puts() when
    there is no data to send.
    Thanks to Jesse Michael for identifying, reporting, and fixing this bug.
    This bug can break mpop versions compiled with GnuTLS support.

Version 0.6.2:
- Added %F (envelope from address) and %S (mail size) expansion for filter
  command.
- Integrated pop3_retr() and pop3_filter() into pop3_delivery().
- Added maildir delivery method. This is only available for UNIX systems, not
  for DJGPP and Win32. Porting the method should not be hard; patches are
  welcome.
- Added umask(077) to mbox delivery methods and did some cleanups
- gnulib update
- Changes taken from msmtp:
  - Removed the requirement for the configuration file to be a regular file.
    This allows tricks like msmtp -C<(echo "host ..."...) again.
    Closes Debian bug #306904.
  - Changed read buffer counter in net.[ch] from ssize_t to int. This fixes
    compilation on FreeBSD (ssize_t was unkown in net.h; unistd.h had to be
    included). Reported by Roman Bogorodskiy.
  - Corrected documentation: the netrc syntax is described in netrc(5) or
    ftp(1).    
  - Fixed a problem when using an IP address as a host name on certain old
    Windows systems without configured DNS: The gethostbyname() function may not
    be able to handle IP addresses. Work around this by trying inet_addr()
    first. Original report and patch by Dirk Heinemann.
    Note that newer Windows systems (XP and up) have getaddrinfo() and are 
    therefore not affected by this problem.

Version 0.6.1:
- Fixed an error in net_gets() that could corrupt mails with lines longer than
  1023 characters, including CRLF: A null character was inserted. Note that
  this cannot happen when TLS is used.
- Minor documentation improvements
- Changes taken from msmtp:
  - Correctly handle null characters in the input by replacing fgets() with
    stream_gets() and fputs() with fwrite()
  
Version 0.6.0:
- Do tilde expansion for the following options, in case the shell did not do
  it: --tls-trust-file, --tls-key-file, --tls-cert-file, --delivery,
  --uidls-file
- Changed pipelining defaults from 5/50 to 20/100. This is an improvement for
  me; feel free to complain :-)
- Removed the obsolete mmda.sh script; use the built-in mbox delivery method
  instead.
- Allow an empty argument to the filter command; this disables filtering.
- Improved network input/output, including input buffering. Initiated by
  Dimitris Apostolou.
- net_gets()/tls_gets() now return the length of the string, and
  net_puts()/tls_puts() now take a length argument. This saves some strlen()
  calls. Original patch by Dimitris Apostolou.
- Minor fixes in pipelining from the POP3 server to the delivery method.
- Added a new delivery command and --delivery option to set the delivery method.
  There's now an mbox method in addition to the mda method. The mda command
  does not exit anymore. The new mda method has the ability to expand %F to
  the envelope from address of the current mail.
- Fixed detection of APOP capability. Reported by Dimitris Apostolou.
- Made output use less characters to make it suitable for dialup connections.
  Suggested by Dimitris Apostolou.
- Minor change in --serverinfo output.
- Updated documentation.
- Changes taken from msmtp:
  - Make the OpenSSL code accept self signed certificates in the default mode
    (tls_cert_check on, tls_trust_file unset). This should have been in 1.3.6, 
    but I forgot one case. The GnuTLS code always did this. 
    Reported by Luis A. Florit.
  - Accept CRLF line ends in the configuration files.
  - Fixed a memory leak in the tempfile() function.

Version 0.5.0:
- Removed redundant cat from mmda.sh
- Print human readable sizes (GB, MB, KB, bytes).
- Changed USER/PASS in output to USER.
- Changed pop3_auth_user to support pipelining.
- Don't reset capabilities before each CAPA.
- The POP3 implementation was restructured to be far more network efficient:
  POP3 pipelining is used for TOP, RETR, and DELE, and the LIST and UIDL are
  issued only once per session. 
  Pipelining can be enabled/disabled with the pipelining command and the
  --pipelining option. Parameters can be tweaked with pipeline_min,
  pipeline_max, and the corresponding options.
- The UIDLs management is now much faster, in particular the comparsion of 
  stored UIDs with the UIDs of the current POP3 session.
  Thanks to Dimitris Apostolou for the algorithm.
- Changes taken from msmtp:
  - Added support for .netrc
  - Minor fix in net.c: net_open_socket() could have wrongly reported success
    in very obscure situations.

Version 0.4.3:
- Updated AUTHORS
- Fixed a segfault bug (NULL pointer dereference) that could happen if
  --status-only was used or filtering fails because the server does not
  support TOP.

Version 0.4.2:
- Added -k as the short form of --keep
- Server information mode supports the RESP-CODES and AUTH-RESP-CODE
  capabilities now.
- Send one LIST command to get the sizes for all mails instead of one LIST
  command for each mail. This speeds up mail retrieval.
- Implemented the only_new command / -n,--only-new option to process only mails
  that have not been retrieved before. This works with the UIDL command. UIDLs
  are stored in ~/.mpop_uidls (configurable with uidls_fil/--uidls-file).
- Changes taken from msmtp:
  - Moved setting of default port from conf.c to mpop.c. Setting a port in a
    "defaults" section should now work correctly.
  - For all commands and options that accept the argument "on": also accept
    no argument, an treat that the same as "on".
  - Moved lib to gnulib and m4 to gnulib/m4
  - Use gnulib module sysexits.h
  - Replace xmalloc.[ch] with gnulib module xalloc
  - Simplify crypto.[ch]: Always use gnulib md5. This avoids error checking that
    was necessary because of the libgcrypt code.
  - Fixed some pedantic compiler/lint warnings
  - Minor output format changes
  - Rewrote the OpenSSL specific hostname matching code:
    - It only allows one form of wildcard in the certificate name: "*." as the
      two leftmost characters. See the comment for hostname_match() in tls.c
      for the reasons for this.
    - It does not require memrchr() anymore, therefore the gnulib memrchr module
      was removed.
    - It does not break with "tcc -b" anymore.
  - Only replace characters for which iscntrl() returns true with question marks
    in mpop_sanitize(). Replacing every character for which isprint() is false
    is too restrictive. Now UTF-8 is passed through.
  - Updated paths.c from msmtp. The changes have no effect for mpop.
  - Added missing const qualifiers
  - Move allocation of the defaults account into read_conffile() to keep conf.c
    in sync with msmtp. This change has no effect for mpop.
  - sanitize more strings before printing them
  - fixed compilation on systems that don't have socklen_t, for example MacOS X

Version 0.4.1:
- Enable the password callback when compiled with GNU SASL support but using 
  the built-in methods USER/PASS or APOP. I forgot this case when adding the
  callback support.
- Added new detectable POP3 capability, POP3_CAP_CAPA, because not all servers
  support the CAPA command. Don't send CAPA again (for example after STLS) if
  the server does not support it. Print CAPA information in server information
  mode. Only resend CAPA after AUTH in retrievel mode if absolutely necessary.
  This should never be the case, but some servers are not 100% RFC conformant;
  see the comments in the code.
- Changes taken from msmtp:
  - Better authentication error messages
  - Be more strict when checking the port/--port argument
  - Added the new connect_timeout command and --connect-timeout option.
    Suggested by Jim Fohlin.
  - configure.ac: only try to find GNU SASL manually if pkgconfig is not found
  - Added specialisation to account definitions. See documentation of the
    account command and the example files. Suggested by Jim Fohlin.

Version 0.4.0:
- print error messages from get_account_list() directly instead of first
  putting them to 'errstr': very long error messages (caused by very long 
  account names) won't get truncated anymore.
- Added a "defaults" command (suggested for msmtp by Jim Fohlin). The
  default_mda command is therefore obsolete and no longer supported.
- Changes taken from msmtp:
  - Added a password callback function that reads a password via getpass() if
    needed. Suggested by lots of people.
  - Added a user configuration file permission check: It must have no more
    permissions than 0600. Suggested by lots of people.
  - Added a "defaults" command. Suggested by Jim Fohlin.
  - Added authentication mechanism EXTERNAL (both built-in and via GSASL).
  - Updated GnuTLS dependency to 1.2.0.
  - Accept self-signed certificates in the certificate chain in the default
    settings (tls_cert_check on, tls_trust_file unset).
    This only affects the OpenSSL code; the GnuTLS code did it already.
  - Improved the OpenSSL certificate name check (host name versus the
    subjectAltNames or the common name of the peer certificate). The
    improvements were partially taken from libesmtp-1.0.3r1, Copyright 2001-2004
    Brian Stafford, Released under the LGPL.
  - Add SSL_CFLAGS and GSASL_CFLAGS to CFLAGS in configure.ac. Should fix
    compilation on various systems, including RH9. (Jim Fohlin)
  - moved md5_hmac function from smtp.c to the new crypto.c file
  - When neither GnuTLS nor OpenSSL is used, always use the gnulib MD5
    implementation, even if the BSD MD5 API is available. The gnulib md5.h
    header shadows the system md5.h header, and trying to solve this results in
    a mess that isn't worth it.
    This fixes compilation with --disable-ssl on a system with the BSD MD5 API.
  - gnulib update
  - use automake 1.9.4

Version 0.3.1:
- minor man page cleanup
- updated msmtp files
- make most commands and all options require an argument
- allow empty configuration file
- Proceed with --serverinfo even without authentication, just print a warning
  about it. Before, --serverinfo was unusable if valid authentication data was
  not available.

Version 0.3.0:
- Use getservbyname() to get the default port for pop3 or pop3s. Use
  110/995 as fallback.
- added short explanation to the name of the exit codes returned by mda or
  filter (if they are from sysexits.h)
- added --mda option
- implemented filter command and --filter option to set a mail header filter
- updated TODO
- fixed several memory leaks reported by valgrind
- pop3_gets(): Do not return a partial POP3 input line in case of input errors
- Changes taken from msmtp:
  - Fixed built-in CRAM-MD5 authentication. The error was introduced when
    switching to the gnulib base64 implementation. Reported by Martin Hauke.
  - the SHA1 and MD5 fingerprints of the peer's certificate were added to the
    certificate information output
  - --serverinfo: always print port number
  - cleanups in conf.[ch]
  - fixed the setting of the default port
  - killed prototype for nonexistant function from conf.h

Version 0.2.0:
- Many many small improvements, some of which I forgot to mention...
- The progress output is now updated at most 100 times
- Completely new command line options; see man page
- Optional support for GSASL: replaces built-in PLAIN, LOGIN, and CRAM-MD5,
  and adds DIGEST-MD5, GSSAPI, and NTLM. USER/PASS and APOP are still
  built-in.
- Improved error message when the POP3 server sends an invalid reply
- Fixed signed/unsigned comparison in mpop_close_pipe()
- Allow TLS commands in configuration file even if TLS support is not compiled
  in (an error message results). This allows sharing of the same configuration
  file between different versions of mpop.
- Changes taken from msmtp:
  - use AM_CPPFLAGS = -I$(top_srcdir)/lib in src/Makefile.am and change 
    #include <md5.h> to #include "md5.h" in smtp.c to solve the MD5 build
    issues. Also replaced #include "../lib/base64.h" with #include "base64.h"
    and killed the #ifdef'ed inclusion of "getopt.h" in msmtp.c: always include
    <getopt.h>
  - replaced the GnuTLS check in configure.ac with the AM_PATH_LIBGNUTLS macro
    that comes with GnuTLS
  - fixed the --pretend option:
    - it now prohibits the execution of mpop_serverinfo() even if --serverinfo
      was given
    - the printed configuration contains only the information that is actually
      used
  - OpenSSL code in tls.c: allow Common Names of arbitrary length during 
    certificate check
  - minor cleanups in net.c, tls.c, and mpop.c
  - improvements to the Windows mkstemp() replacement function in paths.c
  - fixed a potential segmentation fault in DOS/DJGPP specific code in 
    tempfile()
  - added the field 'conffile' to account_t for better error messages in
    msmtp.c
  - added the field 'mask' to account_t and adjusted conf.c and msmtp.c
    accordingly
  - Require GNU SASL >= 0.2.4, because it contains a new DIGEST-MD5
    implementation.
  - Replaced base64.[ch] and md5_algo.[ch] with the gnulib modules base64 and
    md5. Moved md5_hmac() from md5_apps.c into smtp.c and removed md5_apps.[ch].
    Updated man page and AUTHORS accordingly. Removed README.md5.
  - The auth command is now required to activate authentication. It is not
    sufficient to use user/password anymore. This allows switching off
    authentication with --auth=off
  - Imported the gnulib module getopt: long option support for all platforms
  - reactivated xmalloc.c to make the code more readable
  - Rewrote expand_tilde() (from paths.c)
  - Error handling: eliminated merror.[ch]. Replaced it by an int return value
    and an additional argument 'char *errstr' where necessary. Various minor 
    changes to error messages. Eliminated static buffer in tls.c.

Version 0.1.4:
- Check that the value of numbers from the LOGIN-DELAY and EXPIRE responses to
  the CAPA command is >= 0
- Made mmda.sh work in more environments, including Solaris. Return EX_USAGE or
  EX_IOERR instead of 1 on errors.
- Changed error code in case of too long authentication data from 
  EX_SOFTWARE to EX_DATAERR
- Changes taken from msmtp:
  - Portability improvement: added missing declaration of h_errno to net.c. 
    Thanks to Marco for reporting this.
  - New configure option --disable-win32-ipv6 to disable IPv6 on Windows and 
    thus build binaries that run on any Windows version, not just XP and newer. 
    See the updated README.win32 file. Thanks to Thomas Davies for pointing out 
    this problem.
  - Fixed typos in conffile.c error message
  - Fixed typo in tls.c error message (OpenSSL code only)
  - Changed error messages: "bla [blub]" -> "bla: blub"
  - Improved some TLS error messages
  - Changed return code in case of authentication error from EX_DATAERR
    to EX_NOPERM
  - Changed return code in case of missing/invalid configuration file or 
    nonexistent account from EX_NOINPUT/EX_DATAERR to EX_CONFIG
  - net.c, Windows specific code: moved translation of error code from 
    WSAStartup() from net_lib_init() to wsa_strerror()
  - OpenSSL specific code in tls.c: minor cleanup in openssl_io_error()
  - Clarified usage instructions of merror() in merror.h
  - Make the output of -h/--help and -v/--version consistent with the GNU 
    utilities by including copyright and no-warranty notice (version) and
    a short description and the bug report address (--help).
  - Add missing declarations of optarg and optind to mpop.c, needed for
    getopt() handling. No compiler complained so far, though.
  - updated automake files to version 1.8.5
  - configure.ac: check that pkg-config exists before trying to use it
  - configure.ac: improved detection of network settings.
  - configure.ac: improved checks for OpenSSL and GnuTLS
  - configure.ac: fixed display of warning when neither OpenSSL nor GnuTLS 
    is found and --disable-ssl was not explicitly used
  - updated README.win32, README.dos
  - Use getaddrinfo() on Windows (but not gai_strerror()). This enables 
    IPv6 support for Windows.
  - clarified an error message in tls.c (only OpenSSL affected):
    "cannot establish TLS connection" -> "TLS handshake failed"

Version 0.1.3:
- do not expect POP3 responses to end with '\n' (a similar problem was
  reported for msmtp by Ralph Siemsen)
- do not reset the POP3 server with the RSET command when an error occured.
  This prevents double download of mails.
- pop3 error messages are sanitized before printed in an error message: 
  non-printable characters (!isprint(c)) are replaced with a question mark.
- removed all `...' quoting from error messages: `bla' -> bla

Version 0.1.2:
- updated msmtp sources to 1.2.1
- fixed IMPLEMENTATION info with -S/--serverinfo: it is not converted 
  to uppercase anymore.
- fixed the -q/--quiet flag
- made the mmda.sh script work with Solaris /bin/sh
- if an error occurs during mail retrieval, an extra error message containing
  the account name and configuration file gets printed.
- prefer SASL AUTH PLAIN over USER/PASS authentication when both are 
  available, because PLAIN needs only one command/response step and USER/PASS 
  needs two
- erase POP3 server message buffer at the start of pop3_auth()
- -S/--serverinfo: don't print server greeting string if its length is zero

Version 0.1.1:
- The following configuration file commands were implemented:
  default_mda, killsize, skipsize
- The exit status of the MDA is now checked correctly
- Many cleanups

Version 0.1.0:
- initial public release; 90% of the code comes from msmtp
  read the TODO file to find out about missing and untested features!