| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* Bug fix: quoted string handling in the mailbox name parsing routine
Changes 2004f:
* Bug fix: TCP code
* New SSL/TLS routines
|
|
|
|
"A vulnerability in UW-imapd can be exploited by malicious users to
cause a DoS (Denial of Service) or compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the
"mail_valid_net_parse_work()" function when copying the user supplied
mailbox name to a stack buffer. This can be exploited to cause a
stack-based buffer overflow via a specially crafted mailbox name that
contains an single opening double-quote character, without the
corresponding closing double-quote.
Successful exploitation allows arbitrary code execution, but requires
valid credentials on the IMAP server."
http://secunia.com/advisories/17062/
www.idefense.com/application/poi/display?id=313&type=vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2933
Patch from 2004g.
|
|
Changes (note that relnotes say -2004d, but it is indeed -2004e):
=====
imap-2004d is a maintenance release, released concurrently with Pine
4.63, and consists primarily of bugfixes
There is now a workaround for RedHat breaking flock(). However, since
RedHat has said that they don't support flock(), there is no guarantee
that they won't break it in the future. So you may want to consider some
other Linux distribution or BSD instead. See:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123415
for the gruesome details.
There are no user-visible functional enhancements in this version.
=====
OTHER CHANGE: Multiple newsrc and MSA support needed by Pine 4.63.
|
|
|
|
|
|
private key. Bump package revision to 2.
|
|
No change to default build, so no version bump
|
|
* maintenance release, consisting primarily of critical bugfixes
* now has a supported NNTP proxy capability
* OSF/1 port (Digital UNIX, Tru64) now uses flocksim instead of flcksafe
* The unix[nt] and mmdf drivers now prevent mail_append() from writing Status:,
X-Status:, X-UID, X-IMAP[base]:, and X-Keywords: header lines to a
traditional UNIX or MMDF format mailbox
|
|
* mailutil has three new commands: delete, rename, and prune
* IPv6 support now exists for UNIX and W2K
* The NNTP driver now supports NNTP SASL and TLS
* imapd now supports the LITERAL+ and SASL-IR initial-response extensions
* The IMAP driver has some additional checks to reduce the amount of network
traffic, including executing "silly searches" (searches of sequence numbers
only) locally
* The IMAP, POP, SMTP, and NNTP drivers now have diagnostic code to provide
better information about servers which violate SASL's empty challenge
requirements (e.g. with the PLAIN mechanism).
* There is a new mail_fetch_overview_sequence() function which is like
mail_fetch_overview() but takes a sequence number string as an argument.
There should have been a flags argument and FT_UID bit as in all the other
mail_fetch_???() functions but compatibility with the past... :-(
* The overview_t callback (from mail_fetch_overview()) now has a fourth
argument which contains the message sequence number (as opposed to the UID
which is in the second argument). It turned out that some applications were
calling mail_msgno() (which can be moderately expensive) to get the sequence
number, and c-client already knew it.
* Many declarations which are completely internal to a driver have been removed
from the driver .h file, and in those cases where there are no external
declarations left the .h file has been eliminated entirely. As part of this,
the mbox driver routines are now incorporated with the unix driver routines
as opposed to being a separate file. The mbox driver still needs to be lunk
in order to get the mbox functionality.
|
|
default user mailboxes to their home directory, specify the name of
the mailbox file.
|
|
imap-2002e is a minor release, released concurrently with Pine 4.57, and
contains primarily bugfixes. Programs written for imap-2002d should build
with this version without modification.
The NNTP client code now tries to perform better with legacy NNTP servers
which do not comply with the current NNTP protocol specification draft, most
notably Netscape Collabra.
Delivery notifications now work reliably with SMTP servers that support it.
The following changes are primarily of concern to developers and power users:
There is a "limited advertise" option in env_unix.c which, if set, will only
advertise the user's own namespace and the #shared/ namespace.
It is now possible to build the IMAP toolkit with a separate SSL KEY file
from the certificate file (SSLKEYS vs. SSLCERTS).
A new BODY structure element, sparep, is available for the main program to
use as a pointer for its own purposes; as well as a SET_FREEBODYSPAREP
function, similar to SET_FREEENVELOPESPAREP, SET_FREEELTSPAREP, etc.
|
|
|
|
introduced
|
|
imap-2002c is a minor release, released concurrently with Pine 4.55, and
contains primarily bugfixes. Programs written for imap-2002 will build
with this version without modification
imap-2002d is a minor release, released concurrently with Pine 4.56, and
contains primarily bugfixes. Programs written for imap-2002 should build
with this version without modification, with one exception. That exception
is the ngbogus envelope flag, which stopped being used in imap-2002c and is
now gone for good.
See RELNOTES for additional information
|
|
should close PR pkg/19430 and PR pkg/20491.
|
|
|
|
version 2002a). This version fixes a buffer overflow described
in Cert Vulnerability Note VU#961489.
|
|
|
|
occurred because gss_import_name() was segfaulting if /etc/krb5.conf
was not found. To fix it, I swapped the krb5_init_context() and
the gss_import_name() calls, since krb5_init_context() will fail
if krb5 is not configured and I can fail appropriately.
I also changed slightly how the documentation is installed by the
main Makefile, because the ${CP} was relying on the non-existence
of the target directory.
|
|
NetBSD and off for everything else.
|
|
* Bugfixes
* SSL is now fully integrated into the IMAP toolkit
* Full client and server TLS support
* The server certificate must be signed by a trusted certificate authority
* RFC 1730 (IMAP4 as opposed to IMAP4rev1) support is turned off by default
in imapd
|
|
|
|
2000b. Pkgsrc changes include:
- Reduce the number of patches.
- Install full set of headers for c-client.
- Install library as libc-client.* and make compatibility links
from libc-client.* to libimapuw.*. Other software that use the
c-client library seem to look for libc-client.*; no software looks
for libimapuw.*.
- Install the IMAP RFCs along with the rest of the UW-IMAP
documentation.
- Introduce a new compile-time knob, CCLIENT_MBOX_FMT, that controls
the default format for new mailboxes created by c-client programs.
|
|
|
|
to the Makefile to use existing make variables instead of defining a new
do-build target.
|
|
and PR pkg/11671.
|
|
the new source code breaks CRAM-MD5 authentification.
|
|
Fixes a bunch of security problems. (This is the same imap-lib
that also comes with pine-4.30). Sorry, no detailed list available. ;(
|
|
|
|
Fixes a security problem in folder handling described in
http://www.securityfocus.com/advisories/2646
Will be used by upcoming pine-pkg
|
|
The most notable user-visible change is the ability of the ipopd daemon to
forward requests to the imapd daemon, thus allowing POP2 and POP3 mail
clients to check IMAP mail.
Most notable operational changes from earlier versions:
. New, faster mailbox update logic is now available for the unix driver
on UNIX and Amiga. The old way is still being done for MMDF and the
unixnt driver on NT.
. External file locking is now available via a setgid mail program named
/etc/mlock (this is defined by LOCKPGM in the c-client Makefile). If
c-client is unable to create a <mailbox>.lock file in the directory
by itself, it will try to call mlock to do it. A sample mlock program
is part of the imap-utils. This is primarily for the benefit of those
paranoid souls who have their mail spool directories protected 775
instead of the recommended 1777.
. SASL authentication is supported in the IMAP and POP3 servers, and in
the IMAP, POP3, and SMTP client code. There is no support for NNTP
SASL yet
. CRAM-MD5 is supported by default for IMAP and POP3 clients. To enable
server support, read file imap-4.7/docs/md5.txt
. The mbox driver is now enabled by default. If the file "mbox" exists on
the user's home directory and is in UNIX mailbox format, then when INBOX
is opened this file will be selected as INBOX instead of the mail spool
file. Messages will be automatically transferred from the mail spool file
into the mbox file
To disable this behavior, delete "mbox" from the EXTRADRIVERS list in the
top-level Makefile and rebuild
. IMAP4rev1 protocol is now supported. The UNIX format support now maintains
unique identifiers (UIDs) and keyword flags for each message, and keeps an
invisible message at the start of the file which contains the UID base
information and a list of assigned keywords. There is no way to disable
this behavior, since it would disable IMAP4rev1 support. This message may
show up if you access the mailbox as a file using older mail software (e.g.
Pine 3.9x). It is invisible with IMAP or POP access, or with access as a
file using Pine 4.0x.
. Support for additional mailbox formats
. No longer keeps entire mailbox in memory for UNIX format files
. Multilingual searching of the following charsets are supported:
US-ASCII, UTF-8, ISO-8859-1, ISO-8859-2, ISO-8859-3, ISO-8859-4,
ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-9,
ISO-8859-10, ISO-8859-11, ISO-8859-13, ISO-8859-14, ISO-8859-15,
KOI8-R, KOI8-U (alias KOI8-RU), TIS-620, VISCII,
ISO-2022-JP, ISO-2022-KR, ISO-2022-CN, ISO-2022-JP-1, ISO-2022-JP-2,
GB2312 (alias CN-GB), CN-GB-12345, BIG5 (alias CN-BIG5),
EUC-JP, EUC-KR, Shift_JIS
All ISO-2022-?? charsets are treated identically, and support ASCII,
JIS Roman, hankaku katakana, ISO-8859-[1 - 10], TIS, GB 2312, JIS X 0208,
JIS X 0212, KSC 5601, and planes 1 and 2 of CNS 11643.
EUC-JP includes support for JIS X 0212 and hankaku katakana
. Fast sorting including IMAP server-based sort
. Fast ordered-subject threading including IMAP server-based threading
|
|
|
|
|
|
imap-4.5 is a maintenace update, with minor bugfixes to imap-4.4 and
optional support for CRAM-MD5.
|
|
/etc/c-client.cf.
|
|
|
|
|
|
(Includes my official update of imap-uw to 4.2, which I forgot to commit.)
|
|
|
|
including POP2 and POP3 servers.
|
