Age | Commit message (Collapse) | Author | Files | Lines |
|
security fix for mutt-devel
Revisions pulled up:
- pkgsrc/mail/mutt-devel/Makefile 1.50
- pkgsrc/mail/mutt-devel/distinfo 1.30
- pkgsrc/mail/mutt-devel/patches/patch-ae 1.5
Module Name: pkgsrc
Committed By: tonio
Date: Tue Jun 20 14:07:31 UTC 2006
Modified Files:
pkgsrc/mail/mutt-devel: Makefile distinfo
Log Message:
Add fix for imap code from mutt's cvs repository:
A malicious IMAP server could cause at least DoS
Bomp PKGREVISION
---
Module Name: pkgsrc
Committed By: tonio
Date: Tue Jun 20 14:08:05 UTC 2006
Added Files:
pkgsrc/mail/mutt-devel/patches: patch-ae
Log Message:
The patch for imap/browse
|
|
security fix for mutt
Revisions pulled up:
- pkgsrc/mail/mutt/Makefile via patch
- pkgsrc/mail/mutt/distinfo 1.30
- pkgsrc/mail/mutt/patches/patch-ae 1.4
Module Name: pkgsrc
Committed By: tron
Date: Tue Jun 20 09:14:47 UTC 2006
Modified Files:
pkgsrc/mail/mutt: Makefile PLIST distinfo
Added Files:
pkgsrc/mail/mutt/patches: patch-ae
Log Message:
Add fix from the "mutt" CVS repository for a buffer overflow in the
IMAP code which could be exploited by a malicious IMAP server.
Bump package revision.
|
|
security fix for sendmail812
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Jun 14 18:57:34 UTC 2006
Modified Files:
pkgsrc/mail/sendmail812: Makefile distinfo
Added Files:
pkgsrc/mail/sendmail812/patches: patch-ah patch-ai patch-aj patch-ak
Log Message:
Bump PKGREVISION.
A malformed MIME structure with many parts can cause sendmail to
crash while trying to send a mail due to a stack overflow,
e.g., if the stack size is limited (ulimit -s). This
happens because the recursion of the function mime8to7()
was not restricted. The function is called for MIME 8 to
7 bit conversion and also to enforce MaxMimeHeaderLength.
To work around this problem, recursive calls are limited to
a depth of MAXMIMENESTING (20); message content after this
limit is treated as opaque and is not checked further.
|
|
security fix for sendmail
Patch provided by the submitter.
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Jun 14 18:53:54 UTC 2006
Modified Files:
pkgsrc/mail/sendmail: Makefile distinfo
Added Files:
pkgsrc/mail/sendmail/patches: patch-aj patch-ak patch-al patch-am
Log Message:
Bump PKGREVISION.
A malformed MIME structure with many parts can cause sendmail to
crash while trying to send a mail due to a stack overflow,
e.g., if the stack size is limited (ulimit -s). This
happens because the recursion of the function mime8to7()
was not restricted. The function is called for MIME 8 to
7 bit conversion and also to enforce MaxMimeHeaderLength.
To work around this problem, recursive calls are limited to
a depth of MAXMIMENESTING (20); message content after this
limit is treated as opaque and is not checked further.
|
|
security update for sylpheed
Revisions pulled up:
- pkgsrc/mail/sylpheed/Makefile 1.92, 1.93, 1.96
- pkgsrc/mail/sylpheed/distinfo 1.48, 1.49, 1.50
- pkgsrc/mail/sylpheed/options.mk 1.2
Module Name: pkgsrc
Committed By: xtraeme
Date: Wed Mar 29 22:04:57 UTC 2006
Modified Files:
pkgsrc/mail/sylpheed: Makefile distinfo
Log Message:
Update to:
* 2.2.3 (stable)
* The sorting of the result of the query search was enabled.
* The printing of messages now follows the state of 'Show all headers'.
* Relative path is allowed for signature files.
* The To, Cc, and Bcc button of the address book are now always enabled.
* The window position of the address book is now preserved.
* The toggle of the Cc entry on the composition window was enabled.
* The appearance of the address book was modified.
* Unix: The support of metamail command was removed, and it was replaced
with the alternative implementation.
* Win32: libwimp.dll was updated, and the appearance of the UI was
improved.
* Win32: zlib1.dll was updated.
* Win32: The application icon was updated.
* Win32: The unnecessary message catalog files were removed to reduce the
archive size.
---
Module Name: pkgsrc
Committed By: chris
Date: Wed Mar 29 22:54:42 UTC 2006
Modified Files:
pkgsrc/mail/sylpheed: Makefile distinfo options.mk
Log Message:
Update sylpheed to 2.2.4. Changes are:
* MIME filename encoding with RFC 2322 parameter value extension was
supported.
* The clear button for the quick search entry was added.
* The bug that bold face was disabled in GtkTreeView with GLib 2.10
and Pango 1.12 was fixed.
* Win32: libwimp.dll was updated.
* Win32: The bug that subfolders were duplicated when rebuilding
folder tree while the settings were shared between Win32 and Unix
was fixed.
* Win32: The uninstaller was modified so that it only removes files
and folders created by the installer.
Also remove extra blank lines at the end of options.mk to appease pkglint.
---
Module Name: pkgsrc
Committed By: xtraeme
Date: Sat Jun 10 23:38:36 UTC 2006
Modified Files:
pkgsrc/mail/sylpheed: Makefile distinfo
Log Message:
Update to 2.2.6.
Changes 2.2.6:
* The 8-bit literal (literal8) in IMAP4 response was supported.
* The missing timeout handling was added for SMTP.
* The failure of URI security check when they have leading space
was fixed.
Changes 2.2.5:
* The character corruption and crash bug when using Japanese
half-width kana on sending messages was fixed.
* The execution failure when using the accessibility module was fixed.
* The bug that new/unread count becoming negative value was fixed.
* The bug that bold face was disabled in the folder selection dialog
with GLib 2.10 and Pango 1.12 was fixed.
* The incorrect progressbar display when expired messages exist was
fixed.
|
|
security update for spamassassin
Revisions pulled up:
- pkgsrc/mail/spamassassin/Makefile 1.71, 1.72
- pkgsrc/mail/spamassassin/PLIST 1.19
- pkgsrc/mail/spamassassin/distinfo 1.37, 1.38
- pkgsrc/mail/spamassassin/options.mk 1.6
- pkgsrc/mail/spamassassin/patches/patch-ab 1.12
- pkgsrc/mail/spamassassin/patches/patch-ad removed
- pkgsrc/mail/spamassassin/patches/patch-az removed
Module Name: pkgsrc
Committed By: heinz
Date: Fri May 26 20:53:00 UTC 2006
Modified Files:
pkgsrc/mail/spamassassin: Makefile PLIST distinfo options.mk
pkgsrc/mail/spamassassin/patches: patch-ab
Added Files:
pkgsrc/mail/spamassassin/patches: patch-bb
Removed Files:
pkgsrc/mail/spamassassin/patches: patch-ad patch-az
Log Message:
Updated to version 3.1.2.
Pkgsrc changes:
- The updates for rule files go into $VARBASE/spamassassin/.
- This above directory and the directory sa-update-keys for the GPG keys
are now handled automatically by OWN_DIRS.
- The growing number of *.pre files are managed in a loop in the Makefile.
They are no longer contained in the static PLIST.
- Removed some unnecessary trailing slashes.
- Patching init.pre in order to disable the SPF plugin broke the spf.t
test. This is now fixed, although in a rather ugly way :-/.
- patch-ab no longer needs to use BSD_INSTALL_DATA_DIR because we create
the directories through INSTALLATION_DIRS.
- patch-ad and patch-az were removed (changes integrated upstream).
- patch-bb fixes a small documentation error.
- Fixed some warnings by pkglint about the SUBST framework in Makefile
and options.mk.
Relevant changes since version 3.1.1:
=====================================
- bug 4802: implement DKIM plugin, including whitelist_from_dkim support
- bug 3838: work around Perl bug causing captured RE variables to become
tainted -- thanks to Mark Martinec for pointing out the bug with
Perl itself
- bug 4850: re-enable the Razor2 plugin by default due to a service
policy change
- bug 4826: Razor2 plugin needs to load Mail::SpamAssassin::Timeout module
- bug 4827: M::SA::first_existing_path() would return the last array
entry passed in if none of the paths were found. Now return undef
instead and handle the error when it happens.
- bug 4813: generally open RE causes sendmail received header get read
in as qmail in error
- bug 4839: Logger.pm converts control chars including tab into
underscores which confuses a bunch of users when checking debug output.
Convert tab into space instead, etc.
- bug 4884: if a null message is passed in, there are several variables
which end up undefined causing warnings. fake an empty message if no
input is given.
- bug 4793: when replacing tags in a message (_TAG_), leave the tags
that don't exist alone instead of just removing them
- bug 4861, 4760: handle dccifd and dccproc failover properly, backport
relays_internal and relays_external code, backport bug 4760 fix so
that it's not possible to be in internal_networks without being in
trusted_networks as well
- bug 4901: deal more properly with failures in bgsend(). also, use
the proper variable to show when errors occur.
- bug 4867: fetchmail changed header formats at some point making Received
parsing fail in certain conditions
- bug 4699: use M::SA::Timeout for spamd copy_config call and allow for
empty $@ values
- bug 3754: if there's a problem opening a file via sa-learn or
spamassassin, return an error exit value.
---
Module Name: pkgsrc
Committed By: heinz
Date: Mon Jun 5 23:01:01 UTC 2006
Modified Files:
pkgsrc/mail/spamassassin: Makefile distinfo
Removed Files:
pkgsrc/mail/spamassassin/patches: patch-bb
Log Message:
Updated to version 3.1.3.
Pkgsrc changes:
- patch-bb for no longer necessary (integrated upstream).
Changes since version 3.1.2:
============================
- bug 4926: given a certain set of parameters to spamd and a specially
formatted input message, users could cause spamd to execute arbitrary
commands as the spamd user
- bug 4932: the userstate dir and userprefs file would not be created
under certain conditions.
|
|
security fix for squirrelmail
Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.71, 1.73
- pkgsrc/mail/squirrelmail/distinfo 1.31, 1.32
- pkgsrc/mail/squirrelmail/patches/patch-ab 1.12
- pkgsrc/mail/squirrelmail/patches/patch-ac 1.3
- pkgsrc/mail/ja-squirrelmail/MESSAGE 1.3
- pkgsrc/mail/ja-squirrelmail/Makefile 1.27, 1.28, 1.30
- pkgsrc/mail/ja-squirrelmail/PLIST 1.4
- pkgsrc/mail/ja-squirrelmail/distinfo 1.9, 1.10, 1.11
- pkgsrc/mail/ja-squirrelmail/patches/patch-ab 1.3
- pkgsrc/mail/ja-squirrelmail/patches/patch-ac 1.3
- pkgsrc/mail/ja-squirrelmail/patches/patch-ad removed
- pkgsrc/mail/ja-squirrelmail/patches/patch-ae removed
- pkgsrc/mail/ja-squirrelmail/patches/patch-af removed
- pkgsrc/mail/ja-squirrelmail/patches/patch-ag removed
- pkgsrc/mail/ja-squirrelmail/patches/patch-ah removed
Module Name: pkgsrc
Committed By: martti
Date: Tue Apr 11 05:24:20 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile distinfo
Added Files:
pkgsrc/mail/squirrelmail/patches: patch-ab
Log Message:
Updated mail/squirrelmail to 1.4.6nb1
* added patch for Ukrainian translation (needed by the new
* squirrelmail-locales)
---
Module Name: pkgsrc
Committed By: taca
Date: Fri May 5 02:46:54 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: MESSAGE Makefile distinfo
Removed Files:
pkgsrc/mail/ja-squirrelmail/patches: patch-ab patch-ac patch-ad
patch-ae patch-af patch-ag patch-ah
Log Message:
Update ja-squirrelmail package to 1.4.6 after talking with martti@.
Prior to this release, there are security vulnerability the same as
squirrelmail 1.4.5.
This update made with temporary Japanese patch based on the patch
for 1.4.5.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri May 5 05:32:36 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile PLIST distinfo
Added Files:
pkgsrc/mail/ja-squirrelmail/patches: patch-ab
Log Message:
Updated ja-squirrelmail to 1.4.6nb1
* sync with squirrelmail-1.4.6nb1
---
Module Name: pkgsrc
Committed By: tron
Date: Sun Jun 4 12:31:31 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile distinfo
pkgsrc/mail/squirrelmail: Makefile distinfo
Added Files:
pkgsrc/mail/ja-squirrelmail/patches: patch-ac
pkgsrc/mail/squirrelmail/patches: patch-ac
Log Message:
Add fix for security issue 2006-06-01 from SquirrelMail CVS repository.
Bump package revision.
|
|
security update for firefox and thunderbird
Revisions pulled up:
- pkgsrc/www/firefox/Makefile 1.35
- pkgsrc/www/firefox/Makefile-firefox.common 1.30, 1.33
- pkgsrc/www/firefox/distinfo 1.49, 1.50
- pkgsrc/www/firefox-gtk1/Makefile 1.13
- pkgsrc/www/firefox/patches/patch-fa removed
- pkgsrc/www/firefox/patches/patch-fb removed
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.15
- pkgsrc/mail/thunderbird/PLIST 1.14
- pkgsrc/mail/thunderbird/distinfo 1.23
- pkgsrc/mail/thunderbird-gtk1/PLIST 1.5
Module Name: pkgsrc
Committed By: ghen
Date: Thu May 4 05:16:13 UTC 2006
Modified Files:
pkgsrc/www/firefox: Makefile Makefile-firefox.common distinfo
pkgsrc/www/firefox-gtk1: Makefile
Removed Files:
pkgsrc/www/firefox/patches: patch-fa patch-fb
Log Message:
Update Firefox to 1.5.0.3, which is identical to our 1.5.0.2nb2 (except
for the advertized version), so there's no reason to upgrade. :-)
Fixes a denial of service vulnerability (MFSA 2006-30).
---
Module Name: pkgsrc
Committed By: ghen
Date: Sat Jun 3 08:04:36 UTC 2006
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
pkgsrc/mail/thunderbird-gtk1: PLIST
pkgsrc/www/firefox: Makefile-firefox.common distinfo
Log Message:
Update www/firefox and www/firefox-gtk to 1.5.0.4, mail/thunderbird and
mail/thunderbird-gtk1 to 1.5.0.4 (salo has already updated
www/firefox-bin). Note that thunderbird skipped one release number
(again) to stay on par with firefox.
These updates provide:
* improvements to product stability,
* several important security fixes (see below).
Fixed in Firefox 1.5.0.4:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object
prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in Thunderbird 1.5.0.4:
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object
prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
|
|
portability build fix for dovecot
Revisions pulled up:
- pkgsrc/mail/dovecot/Makefile 1.52
- pkgsrc/mail/dovecot/distinfo 1.30
- pkgsrc/mail/dovecot/patches/patch-af 1.1
Module Name: pkgsrc
Committed By: ghen
Date: Sun May 21 13:48:51 UTC 2006
Modified Files:
pkgsrc/mail/dovecot: Makefile distinfo
Added Files:
pkgsrc/mail/dovecot/patches: patch-af
Log Message:
Fix a problem with non-C99 compilers (reported on NetBSD 1.6 and
Solaris). The patch is from dovecot CVS (see the thread following
http://www.dovecot.org/list/dovecot/2006-May/013389.html), via PR
pkg/33489. Bump PKGREVISION.
|
|
sync sendmail with HEAD
Revisions pulled up:
- pkgsrc/mail/sendmail/Makefile 1.87
- pkgsrc/mail/sendmail/Makefile.common 1.34
- pkgsrc/mail/sendmail/distinfo 1.28
- pkgsrc/mail/sendmail/patches/patch-ag 1.12
- pkgsrc/mail/sendmail/patches/patch-ai removed
- pkgsrc/mail/sendmail/patches/patch-aj removed
- pkgsrc/mail/sendmail/patches/patch-ak removed
- pkgsrc/mail/sendmail/patches/patch-al removed
Module Name: pkgsrc
Committed By: adrianp
Date: Fri May 12 22:23:09 UTC 2006
Modified Files:
pkgsrc/mail/sendmail: Makefile Makefile.common distinfo
pkgsrc/mail/sendmail/patches: patch-ag
Removed Files:
pkgsrc/mail/sendmail/patches: patch-ai patch-aj patch-ak patch-al
Log Message:
Update to sendmail 8.13.6
> 8.13.6/8.13.6 2006/03/22
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
> If a server returns 421 for an RSET command when trying to start
> another transaction in a session while sending mail, do
> not trigger an internal consistency check. Problem found
> by Allan E Johannesen of Worcester Polytechnic Institute.
> If a server returns a 5xy error code (other than 501) in response
> to a STARTTLS command despite the fact that it advertised
> STARTTLS and that the code is not valid according to RFC
> 2487 treat it nevertheless as a permanent failure instead
> of a protocol error (which has been changed to a
> temporary error in 8.13.5). Problem reported by Jeff
> A. Earickson of Colby College.
> Clear SMTP state after a HELO/EHLO command. Patch from John
> Myers of Proofpoint.
> Observe MinQueueAge option when gathering entries from the queue
> for sorting etc instead of waiting until the entries are
> processed. Patch from Brian Fundakowski Feldman.
> Set up TLS session cache to properly handle clients that try to
> resume a stored TLS session.
> Properly count the number of (direct) child processes such that
> a configured value (MaxDaemonChildren) is not exceeded.
> Based on patch from Attila Bruncsak.
> LIBMILTER: Remove superfluous backslash in macro definition
> (libmilter.h). Based on patch from Mike Kupfer of
> Sun Microsystems.
> LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
> This generates an error message from libmilter on
> Solaris, though other systems appear to just discard the
> request silently.
> LIBMILTER: Deal with sigwait(2) implementations that return
> -1 and set errno instead of returning an error code
> directly. Patch from Chris Adams of HiWAAY Informations
> Services.
> Portability:
> Fix compilation checks for closefrom(3) and statvfs(2)
> in NetBSD. Problem noted by S. Moonesamy, patch from
> Andrew Brown.
|
|
security update for dovecot
Revisions pulled up:
- pkgsrc/mail/dovecot/Makefile 1.47, 1.48, 1.49, 1.51
- pkgsrc/mail/dovecot/PLIST 1.9, 1.10
- pkgsrc/mail/dovecot/distinfo 1.26, 1.27, 1.28, 1.29
- pkgsrc/mail/dovecot/patches/patch-aa 1.6
- pkgsrc/mail/dovecot/patches/patch-ab 1.12
- pkgsrc/mail/dovecot/patches/patch-ac removed
- pkgsrc/mail/dovecot/patches/patch-ad removed
- pkgsrc/mail/dovecot/patches/patch-ae removed
Module Name: pkgsrc
Committed By: ghen
Date: Tue Apr 4 09:38:46 UTC 2006
Modified Files:
pkgsrc/mail/dovecot: Makefile PLIST distinfo
pkgsrc/mail/dovecot/patches: patch-aa patch-ab
Removed Files:
pkgsrc/mail/dovecot/patches: patch-ac patch-ad patch-ae
Log Message:
Update Dovecot from 1.0beta3 to 1.0beta5. The beta4 release had SSL issues
which were fixed again in beta5.
patch-ac and patch-ad were taken from CVS and are not needed anymore.
Changes in Dovecot 1.0beta4:
* Changed the default lock_method back to fcntl. Apparently flock
gives problems with some systems.
* mbox: mailboxes beginning with '.' are now also listed
* Replaced mail_use_modules and mail_modules settings with mail_plugins
and mail_plugin_dir. Now instead of loading all plugins from the
directory, you'll have to give a list of plugins to load. If the
plugin couldn't be loaded, the process exits instead of just
ignoring the problem (this is important with ACL plugin).
+ Added support for "master users" who can log in as other people.
The master username can be given either in authorization ID
string with SASL PLAIN mechanism or by setting
auth_master_user_separator and giving it within the normal username
string.
+ Added ACL plugin with ACL file backend. This however doesn't mean
that there yet exists a proper shared folder support. If master user
logged in as someone else, the ACLs are checked as the master user.
+ Added some Dovecot extensions to checkpassword passdb, see ChangeLog
+ Updated passwd-file format to allow specifying any key=value fields
+ Maildir++ quota support and several quota fixes
+ passdb supporting extra fields: Added "allow_nets" option which takes
a comma separated list of IPs/networks where to allow user to log in.
+ NFS: Handle ESTALE errors the best way we can
+ IMAP now writes to log when client disconnects
+ In shared mailboxes (if dovecot-shared file exists) \Seen flags are
now kept only in index files, so as long as each user has a separate
index file they have separate \Seen flags.
- Fixes to DIGEST-MD5 realm handling so it works with more clients
- BODYSTRUCTURE -> BODY conversion from cache file was broken with
mails containing message/rfc822 parts.
- Fixed several memory leaks
- We could have sent client FETCH notifications about messages before
telling about them with EXISTS
- Compiling fixes for Solaris and some other OSes
- Fixed problem with internal timeout handling code, which caused eg.
outlook-idle workaround to break.
- If /dev/urandom didn't exist, we didn't seed OpenSSL's random number
generator properly. Patch by Vilmos Nebehaj.
- Maildir: Recent flags weren't always immediately removed from mails
when mailbox was opened.
- Several changes to SSL proxying code, hopefully making it work
better.
Changes in Dovecot 1.0beta5:
- Beta4's SSL proxying rewrite worked worse than I thought.
Reverted it back to original code.
- Filesystem quota plugin now looks up the mount path correctly.
---
Module Name: pkgsrc
Committed By: xtraeme
Date: Wed Apr 12 18:19:16 UTC 2006
Modified Files:
pkgsrc/mail/dovecot: Makefile distinfo
Log Message:
Update to 1.0beta6:
v1.0.beta6 2006-04-12
* The login and master usernames were reversed when using
master_user_separator (now the order is UW-IMAP compatible).
* Killing dovecot master process now kills all IMAP and POP3
processes also.
+ -a parameter to dovecot prints now all settings that Dovecot uses.
-n prints all settings that are different from defaults.
+ Added pop3_lock_session setting
+ %M modifier returns string's MD5 sum. Patch by Ben Winslow
- PLAIN SASL authentication wasn't working properly, causing failed
logins with some clients (broken in beta4)
- Fixes to Maildir++ quota, should actually work now
- Don't crash if passwd-file has entries without passwords
(eg. deny=yes databases)
- Fixed prefetch userdb to work nicely with other userdbs
- If master process runs out of file descriptors, don't go to
infinite loop (unlikely to have happened unless the OS's default
fd limit was too low)
- Fixed non-plaintext password lookups from LDAP. Patch by Lior Okman
- %U modifier was actually lowercasing the string. Patch by
Ben Winslow
---
Module Name: pkgsrc
Committed By: ghen
Date: Fri Apr 14 19:01:53 UTC 2006
Modified Files:
pkgsrc/mail/dovecot: Makefile distinfo
Log Message:
Update dovecot to 1.0beta7:
+ Added shutdown_clients setting to control if existing imap/pop3 processes
should be killed when master is.
- Master login fixes, PLAIN authentication was still broken..
---
Module Name: pkgsrc
Committed By: grant
Date: Fri May 12 11:02:48 UTC 2006
Modified Files:
pkgsrc/mail/dovecot: Makefile distinfo
Log Message:
update dovecot to 1.0beta8.
changes since 1.0beta7:
* Fixed a security hole with mbox: "1 LIST .. *" command could
list all directories and files under the mbox root directory, so
if your mails were stored in eg. /var/mail/%u/ directory, the
command would list everything under /var/mail.
+ Unless nfs_check=no or mmap_disable=yes, check for the first login
if the user's index directory exists in NFS mount. If so, refuse to
run. This is done only on first login to avoid constant extra
overhead.
+ If we have plugins set and imap_capability unset, figure out the
IMAP capabilities automatically by running imap binary at startup.
The generated capability list isn't updated until Dovecot is
restarted completely, so if you add or remove IMAP plugins you
should restart. If you have problems related to this, set
imap_capabilities setting manually to work around it.
+ Added auth_username_format setting
- pop3_lock_session setting wasn't really working
- Lots of fixes related to quota handling. It's still not working
perfectly though.
- Lots of index handling fixes, especially with mmap_disable=yes
- Maildir: saving mails could have sometimes caused "Append with UID
n, but next_uid = m" errors
- flock() locking never timeouted because ignoring SIGALRM caused the
system call just to be restarted when SIGALRM occurred (probably not
with all OSes though?)
- kqueue: Fixed "Unrecognized event". Patch by Vaclav Haisman
---
Module Name: pkgsrc
Committed By: jwise
Date: Fri May 12 15:47:39 UTC 2006
Modified Files:
pkgsrc/mail/dovecot: PLIST
Log Message:
Fix missing file (lib/dovecot/pop3/lib01_quota_plugin.so) in PLIST.
|
|
update checksum for qmail Darwin patch
Revisions pulled up:
- pkgsrc/mail/qmail/distinfo 1.15
Module Name: pkgsrc
Committed By: schmonz
Date: Thu May 11 20:10:10 UTC 2006
Modified Files:
pkgsrc/mail/qmail: distinfo
Log Message:
The descriptive text at the beginning of panther.patch has been changed;
update checksums.
|
|
security update for clamav
Revisions pulled up:
- pkgsrc/mail/clamav/Makefile 1.58
- pkgsrc/mail/clamav/distinfo 1.35
Module Name: pkgsrc
Committed By: xtraeme
Date: Sun Apr 30 06:50:00 UTC 2006
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
Log Message:
Update to 0.88.2:
This release improves virus detection, fixes zip handling on 64-bit
architectures and possible security problem in freshclam.
|
|
security update for thunderbird
Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile 1.18
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.12
- pkgsrc/mail/thunderbird/distinfo 1.22
- pkgsrc/mail/thunderbird/patches/patch-ab 1.9
- pkgsrc/mail/thunderbird-gtk1/Makefile 1.9
Module Name: pkgsrc
Committed By: ghen
Date: Sun Apr 23 14:14:07 UTC 2006
Modified Files:
pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common
distinfo
pkgsrc/mail/thunderbird-gtk1: Makefile
pkgsrc/mail/thunderbird/patches: patch-ab
Log Message:
Update to Thunderbird 1.5.0.2 (1.5.0.1 was skipped to stay in sync with
Firefox).
Thunderbird 1.5.0.2 offers improved stability, and several security fixes:
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be
circumvented
MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
MFSA 2006-26 Mail Multiple Information Disclosure
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-21 JavaScript execution in mail when forwarding in-line
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
MFSA 2006-08 "AnyName" entrainment and access control hazard
MFSA 2006-07 Read beyond buffer while parsing XML
MFSA 2006-06 Integer overflows in E4X, SVG and Canvas
MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
MFSA 2006-04 Memory corruption via QueryInterface on Location, Navigator
objects
MFSA 2006-02 Changing postion:relative to static corrupts memory
MFSA 2006-01 JavaScript garbage-collection hazards
For a detailed ChangeLog, see:
http://weblogs.mozillazine.org/rumblingedge/archives/2006/02/1-5-0-2.html
|
|
security update for mailman
Revisions pulled up:
- pkgsrc/mail/mailman/MESSAGE 1.4
- pkgsrc/mail/mailman/Makefile 1.33
- pkgsrc/mail/mailman/PLIST 1.10
- pkgsrc/mail/mailman/distinfo 1.11
- pkgsrc/mail/mailman/patches/patch-ai removed
- pkgsrc/mail/mailman/patches/patch-aj removed
Module Name: pkgsrc
Committed By: bouyer
Date: Mon Apr 10 20:33:12 UTC 2006
Modified Files:
pkgsrc/mail/mailman: MESSAGE Makefile PLIST distinfo
Removed Files:
pkgsrc/mail/mailman/patches: patch-ai patch-aj
Log Message:
Upgrade mailman to 2.1.8rc1, fix a cross-site scripting issue.
pkgsrc changes:
- install the admin/www/mailman-*.{pdf,ps,txt} documentation file, and
change MESSAGES to point to mailman-install.txt
changes between 2.1.7 and 2.1.8rc1:
- A cross-site scripting hole in the private archive script of 2.1.7
has been closed. Thanks to Moritz Naumann for its discovery.
- Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net
and several others.
- Updated email library to 2.5.7 which will encode payload into qp/base64
upon setting. This enabled backing out the scrubber related patches
including 'X-Mailman-Scrubbed' header in 2.1.7.
- Fix SpamDetect.py potential hold/reject loop problem.
- A warning message from email package to the stderr can cause error
in Logging because stderr may be detached from the process during
the qrunner run. We chose not to output errors to stderr but to
the logs/error if the process is running under mailmanctl subprocess.
- DKIM header cleansing was separated from Cleanse.py and added to
-owner messages too.
- Fixes: Lose Topics when go directly to topics URL (1194419).
UnicodeError running bin/arch (1395683). edithtml.py missing import
(1400128). Bad escape in cleanarch. Wrong timezone in list archive
index pages (1433673). bin/arch fails with TypeError (1430236).
Subscription fails with some Language combinations (1435722).
Postfix delayed notification not recognized (863989). 2.1.7 (VERP)
mistakes delay notice for bounce (1421285). show_qfiles: 'str'
object has no attribute 'as_string' (1444447). Utils.get_domain()
wrong if VIRTUAL_HOST_OVERVIEW off (1275856).
|
|
postfix update
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.179
- pkgsrc/mail/postfix/distinfo 1.97
Module Name: pkgsrc
Committed By: martti
Date: Fri Apr 7 09:08:30 UTC 2006
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.2.10
- "sendmail -t" did not remove the CR from lines ending in CRLF.
- Workaround for fatal errors in PCRE maps when an expression in
() matches empty text (the PCRE library returns an inappropriate
error code).
- Fixes for non-security bugs that Coverity found in code that
handles impossible error conditions.
|
|
security update for clamav
Revisions pulled up:
- pkgsrc/mail/clamav/Makefile 1.56
- pkgsrc/mail/clamav/distinfo 1.34
Module Name: pkgsrc
Committed By: grant
Date: Fri Apr 7 11:20:37 UTC 2006
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
Log Message:
update clamav to 0.88.1.
changes since 0.88:
* Bugfixes:
- libclamav/matcher.c: properly handle partial reads in cli_scandesc()
- libclamav/mbox.c: sync with CVS, fixes detection of Worm.Bagle.CT
- freshclam: fix support for LocalIPAddress
Patch by Anton Yuzhaninov <citrin*citrin.ru>
- docs/man: multiple manpage typo fixes
Patch by A. Costa <agcosta*gis.net>)
- shared/output.c: properly handle return value of vsnprintf
Thanks to Anton Yuzhaninov <citrin*rambler-co.ru>
- libclamav/htmlnorm.c: fix typo spotted by Gianluigi Tiesi
<sherpya*netfarm.it>
- sigtool/sigtool.c: fix possible crash in build(), thanks to Sven
- clamd/session.c: remove static timeout (5s) for SESSION
Pointed out by Joseph Benden <joe*thrallingpenguin.com>
- libclamav/pe.c: fix possible integer overflow reported by Damian Put
Note: only exploitable if file size limit (ArchiveMaxFileSize) disabled
- libclamav/scanners.c: properly report archive unpacking errors
Problem spotted by David F. Skoll <dfs*roaringpenguin.com>
- libclamav/others.c: fix possible crash in cli_bitset_test()
Reported by David Luyer <david_luyer*pacific.net.au>
- libclamav/zziplib: fix possible crash on FreeBSD
Reported by Robert Rebbun <robert*desertsurf.com>
- clamav-milter: fall back if sendfile() fails
|
|
|
|
|
|
the distfile
|
|
the distfile.
|
|
pkg/33139 by Ben Colver.
|
|
dependency. Fixes build of plugins on DragonFly, where patch-ab
is needed.
|
|
It's Just Broken (TM). Bump revision.
|
|
PR-responsible person (such as I am ;) a little easier.
|
|
http://www.kb.cert.org/vuls/id/834865
Bump to nb2.
This will change the internal version of sendmail to 8.12.11.20060308.
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
|
|
Bump to nb2
This will change the internal version of sendmail to 8.13.5.20060308
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
|
|
doing courier-specific things, like accepting the values of certain
environment variables for things like location of the mail folder for
local delivery. This addresses PR pkg/32369 in a way that still allows
for a future courier-mta package that just uses the maildrop package.
|
|
- pkglint -Wall fixes
|
|
scripts prior to revision 1.43 of bsd.pkginstall.mk.
|
|
files. Passing --infodir directly doesn't work since only the final
--infodir is honored by configure scripts, and bsd.pkg.mk adds the
last one based on the setting for GNU_CONFIGURE_INFODIR. Drop the
obsolete use of INFO_DIR.
* List the info files directly in the PLIST.
* Fix the build and the PLIST when using xemacs.
Bump the PKGREVISION to 2.
|
|
Standardise MESSAGE
|
|
|
|
|
|
2006-01-09 - etpan-0.7 - alfie
* release 0.7 - Figure Number Five
bugfix release
2005-12-26 - etpan-0.6cvs2 - hoa
* src/etpan-thread-manager.c
fixed API breakage.
* src/etpan-msg-list-app.c
cleanup
2005-02-28 - etpan-0.6cvs1 - hoa
* configure.in
fixed detection of LDAP libraries.
Thanks to Alfons Hoogervorst.
Fixes build after libetpan update.
|
|
|
|
Astonishment that programs build w/o ssl support by default, and it's
nearly inconceivable that someone would have all the gnome stuff this
needs and not ssl. Works with remote imaps (dovecot) on current/i386.
PGKREVISION++.
Perhaps ssl should globally default to yes, like inet6.
|
|
|
|
pkginstall framework. In the case of libtool-base, avoid using
FILES_SUBST_SED where it isn't needed.
|
|
|
|
INSTALL/DEINSTALL script creation within pkgsrc.
If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts. If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:
INSTALL_SRC= ${PKGDIR}/INSTALL
DEINSTALL_SRC= # emtpy
As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts. By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).
In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework. The only public variables relating to the templates are:
INSTALL_SRC INSTALL_TEMPLATE
DEINSTALL_SRC DEINSTALL_TEMPLATE
HEADER_TEMPLATE
The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.
|
|
Pkgsrc changes:
- Generic option "online-tests" replaces "spamassassin-test-net".
- Removed underscore from package-internal variables (pkglint
complained).
- patch-ay disables the SPF plugin to avoid confusing warnings in the log
files.
- patch-az fixes http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4826.
Relevant changes since version 3.1.0:
=====================================
- better validate a number of different configuration options
- support new Mail::DomainKeys API, which changed incompatibly between
0.18 and 0.80 without warning
- more properly handle new Received header formats
- bug 4788: backport sa-update from 3.2 along with the local_state_dir
code, etc.
- bug 4760: strictly validate trusted/internal network configurations
- bug 4696: consolidated fixes for timeout bugs
- bug 3710: add timeout to connect so spamc -t works
- bug 4363: if a message uses CRLF for line endings, use it for header
rewrites as well
- bug 4748: add ExpressionEngine and Google redirector patterns
- bug 3815: add _RELAYCOUNTRY_ tag so that the RelayCountry plugin can
put in the list of countries relayed through
- bug 4090: x86_64 platforms (linux specifically) have an issue compiling
libspamc.so causing RPM build failures
- bug 4791: fix issue where perl would throw a UTF-8 warning for certain
messages
- bugs 4606, 4609: Adjust MIME parsing limits
- bug 4780: fix IP_ADDRESS & LOCALHOST regexes to correctly parse IPv6
addresses
- bug 4728: DUL rules should only use the last external IP, not all but
the first of the external IPs
- bug 4700: certain privileged configuration settings can inject code,
due to a bad fix for bug 3846. Back that out
|
|
(we've patched them). Wanted to wait with this for dovecot1.0beta4 but this
takes longer than I thought. Not worth bumping PKGREVISION, IMO.
Ok with tv.
|
|
Changes 2.56:
An off-by-one error in the multiplexor that could restart slaves
unnecessarily was fixed. Compilation errors on some systems were fixed.
A handful of other minor bugs were fixed.
Changes 2.55:
A new option allows you to reserve some slaves for connections from
localhost; this helps clientmqueue runs to succeed on busy servers.
Modern Vexira anti-virus scanners are supported; versions older than
Spring 2005 are no longer supported. A new "filter_helo" callback lets
you take action in response to HELO/EHLO. A new "action_insert_header"
function lets you prepend headers (rather than just appending them).
A new function lets you reject mail from hosts with bogus MX records;
for example, MX records that resolve to private IP networks or the
loopback address.
|
|
|
|
|
|
early stages of development".
(Sorry I can't recall where I got this. It has been in my pkgsrc since
at least Dec. 20.)
|
|
PKGREVISION since the installed +DEINSTALL script changes significantly.
|
|
instead.
XXX This package really needs an overhaul to use modern pkgsrc
XXX conventions.
|
|
20060217
Bugfix: don't terminate with a non-standard exit status
when the pipe-to-command feature has a problem before it
executes the command. File: global/pipe_command.c.
20060223
Bugfix: detect integer overflow when multiplying time values
with non-trivial time units. File: global/conv_time.c.
20060307
Bugfix: reset the msg_cleanup() fatal error handler in child
processes. See also change 20060217. Files: postlock/postlock.c,
master/multi_server.c, global/mail_run.c, util/vstream_popen.c.
|