Dear OpenBSD porters, Please update mail/fetchmail to release 6.6.6, or apply the patch listed below via URI.
Thanks in advance. --------------- The 6.6.6 critical bug fix release of fetchmail is now available at the usual locations, including<https://downloads.sourceforge.net/project/fetchmail/branch_6.6/>. People who cannot update but use IMAP should set "keep" or use "--keep" on the command line immediately to avoid accidentally deleting the wrong message in case your upstream IMAP server sees multiple clients on the same mailbox OR expunge automatically when a \Deleted flag is STOREd on a message. A proper fix for this would be too large and/or risky and/or introduce breaking changes, so is unsuitable for 6.6.x. The patch is available at: <https://gitlab.com/fetchmail/fetchmail/-/commit/85e120fa67a91b5156ecf386a880215993c892e0.patch> Context information:https://gitlab.com/fetchmail/fetchmail/-/work_items/91 The source archive is available at: <https://downloads.sourceforge.net/project/fetchmail/branch_6.6/fetchmail-6.6.6.tar.xz/download> The detached GnuPG signature is available at: <https://downloads.sourceforge.net/project/fetchmail/branch_6.6/fetchmail-6.6.6.tar.xz.asc/download> The SHA256 hashes for the tarballs are: SHA2-256(fetchmail-6.6.6.tar.xz)= da99f8c573c4d9e63f493c7e24447126aea25b53b4c076ec79266874e29b1975 Here are the release notes: -------------------------------------------------------------------------------- fetchmail-6.6.6 (released 2026-06-24, 32443 LoC): ## CRITICAL BUGFIX FOR IMAP: * The IMAP client, which has always used message indexes for the selected mailbox, did not abort when receiving an EXPUNGE response - which changes message numbers inside the mailbox. Unlike UIDs, the message numbers are not stable and fetchmail does not have internal interfaces to track which messages are deleted, and adding those to a 6.6.X release would be too risky, and switching to UID is also too big a change, so we have no choice but to abort the session when seeing an EXPUNGE response without our own EXPUNGE request, to avoid marking the wrong message as seen/deleted or skip the wrong one, or assume the wrong message size. Earl Chew reported this versus Yahoo Mail via Gitlab Work Item #91, which automatically expunges messages that are marked with the \Deleted flag. This has one new message for which we do not have translations yet, it is urgent to get the fix in the field. -------------------------------------------------------------------------------
