| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fix security problem, local root exploit. It is no need to install
poppassd as setuid. Noted on bugtraq mailing list.
http://www.securityfocus.com/archive/1/319811/2003-04-26/2003-05-02/0
|
|
Changes from 4.0.4 to 4.0.5:
----------------------------
1. Add debug trace call with OpenSSL library version.
2. Added 'tls-options' configuration file option.
3. Added 'tls-workarounds' boolean option.
4. STLS errors (except for timeout) no longer fatal.
5. Added sample xinetd configuration file.
6. Additional checks for networking libraries.
7. Pick up LDFLAGS from environment, if set.
8. Added '--enable-32-bit' and '--enable-64-bit'
9. Applied patch from Jeremy Chadwick to fix pathname trimming in
standalone mode.
10. Fixed (non-root) buffer overflow.
11. Fixed '-no-mime' appended to user name (reported by Florian
Heinz).
12. Fixed response message when identical MDEFs defined multiple
times (reported by Florian Heinz).
|
|
|
|
* Pass the LDFLAGS through to the build process so that the final binaries
are built with the appropriate -Wl,-R flags. This should fix pkg/18054.
* Use ROOT_{USER,GROUP} instead of hardcoding "root" and "wheel" when
installing poppassd.
|
|
It seems that there was some deadlock between pty and child exiting.
Bump PKGREVISION to 1.
|
|
- Share version with ../qpopper/Makefile.common.
|
|
* Fixed DOS attack seen on some systems.
* Fixed "noop has null function" log entry.
* Allow '-p' to be used when APOP not defined (noted by Daniel Senie).
* Enforce ClearTextPassword even without APOP (noted by Daniel Senie).
* Restrict clear-text-password=never to APOP.
* Restrict clear-text-password=tls to QPOP_SSL.
* Fixed qpopper hanging on I/O error on some platforms.
|
|
|
|
individual package Makefiles.
|
|
|
|
|
