| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
${PREFIX}.
|
|
|
|
* Fix several cross site scripting vulnerabilities
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0337
|
|
|
|
Changes:
BUGFIX: File descriptor leaks when connection to delivery host fails
BUGFIX: Decoding NUL characters causes message truncation
BUGFIX: Many files not written to group directory when using managed groups
BUGFIX: Some LDAs/MTAs truncate message when single dots not properly quoted
BUGFIX: 7BIT encoding contains 8BIT characters
BUGFIX: Messages to multiple local recipients may fail to decode completely
|
|
on tech-pkg.
Bump PKGREVISION.
|
|
related changes.
|
|
- Introduce poppassd own options.mk.
No functional change to poppassd pkgsrc itself and this should fix
poppassd build problem reported by Martti Kuparinen on tech-pkg@.
|
|
to avoid accidently sharing options.mk between poppassd and qpopper.
No functional change to qpopper pkgsrc itself.
|
|
"-ldb" to "-ldb4" so that the configure script doesn't use a system
libdb.so instead of the pkgsrc libdb4.so. This fixes PR pkg/23615.
|
|
Yannick Gravel in a private mail.
|
|
Changes:
BUGFIX: Delivery of false positives fails in managed groups
BUGFIX: LMTP/SMTP delivery fails on non-250 2xx response code
BUGFIX: Messages missing a terminating boundary fail to receive a signature
|
|
|
|
Changes in 2.52
* mimedefang.pl.in (item_contains_virus_fprotd): Remove all references
to $` and $', which can SIGNIFICANTLY slow down Perl regexp matching.
* mimedefang.c(mfconnect): Do not call set_dsn from mfconnect, because
the Milter API specifies that you can't call smfi_setreply from the
connect callback.
* mimedefang-filter.5.in: Document the fact that filter_relay
cannot set the text of the SMTP reply code.
* mimedefang.pl: We don't detect and load Perl modules until
the detect_and_load_perl_modules() function is called.
*** NOTE INCOMPATIBILITY ***
You *MUST* call detect_and_load_perl_modules() inside your filter
before you can rely on the %Features hash being set correctly,
and before you can rely on SpamAssassin being loaded!!!
Changes in 2.51
Note: There was no public 2.50 release; the 2.50 version was a
private release that was available only with CanIt.
* Added "-q" option to mimedefang. This permits the multiplexor
to queue new incoming connections. It may make higher utilization
of slaves and improve throughput.
* ESMTP arguments in MAIL FROM: and RCPT TO: are now available
to the Perl filter. See the mimedefang-filter(5) man page for
details.
* Documentation fixes: We don't refer to non-multiplexor mode
any more, because that mode hasn't been available for ages.
* The "tick" facility has been enhanced to permit multiple tick
types. At any given instance, only one tick of a given type
can be active, but ticks of different types can be active at
the same time.
* Log a warning if a message has more than one Subject: header.
|
|
x11-clients.buildlink3.mk. Packages that need bdftopcf should say:
USE_TOOLS+= bdftopcf
|
|
an underscore.
|
|
|
|
|
|
need it).
|
|
pkgsrc as patches/patch-ai):
Security
- Added the ability for Mailman generated passwords (both member and list
admin) to be more cryptographically secure. See new configuration
variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and
ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called
reset_pw.py which can be used to reset all member passwords. Passwords
generated by Mailman are now 8 characters by default for members, and 10
characters for list administrators.
- A potential cross-site scripting hole in the driver script has been
closed. Thanks to Florian Weimer for its discovery. Also, turn
STEALTH_MODE on by default.
Internationalization
- Chinese languages are now supported. They have been moved from 'big5'
and 'gb' to 'zh_TW' and 'zh_CN' respectively for compliance to the IANA
spec. Note, however, that the character sets were changed from 'Big5'
or 'GB2312' to 'UTF-8' to cope with the insufficient codecs support in
Python 2.3 and earlier. You may have to install Chinese capable codecs
(like CJKCodecs) separately to handle the incoming messages which are in
local charsets, or upgrade your Python to 2.4 or newer.
Behavior or defaults changes
- VERP_PROBES is disabled by default.
- bin/withlist can be run without a list name, but only if -i is given.
Also, withlist puts the directory it's found in at the end of sys.path,
making it easier to run withlist scripts that live in $prefix/bin.
- bin/newlist grew two new options: -u/--urlhost and -e/--emailhost which
lets the user provide the web and email hostnames for the new mailing
list. This is a better way to specify the domain for the list, rather
than the old 'mylist@hostname' syntax (which is still supported for
backward compatibility, but deprecated).
Compatibility
- Python 2.4 compatibility issue: time.strftime() became strict about the
'day of year' range. (1078482)
New Features
- New feature: automatic discards of held messages. List owners can now
set how many days to hold the messages in the moderator request queue.
cron/checkdb will automatically discard old messages. See the
max_days_to_hold variable in the General Options and
DEFAULT_MAX_DAYS_TO_HOLD in Defaults.py. This defaults to 0
(i.e. disabled). (790494)
- New feature: subject_prefix can be configured to include a sequence
number which is taken from the post_id variable. Also, the prefix is
always put at the start of the subject, i.e. "[list-name] Re: original
subject", if mm_cfg.OLD_STYLE_PREFIXING is set No. The default style
is "Re: [list-name]" if numbering is not set, for backward compatibility.
If the list owner is using numbering feature by "%d" directive, the new
style, "[list-name 123] Re:", is always used.
- List owners can now cusomize the non-member rejection notice from
admin/<listname>/privacy/sender page. (1107169)
- Allow editing of the welcome message from the admin page (1085501).
- List owners can now use Scrubber to get the attachments scrubbed (held
in the web archive), if the site admin permits it in mm_cfg.py. New
variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME and
SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for scrubber
behavior. (904850)
Documentation
- Most of the installation instructions have been moved to a latex
document. See admin/www/mailman-install/index.html for details.
Bug fixes and other patches
- Mail-to-news gateway now strips subject prefix off from a response
by a mail user if news_prefix_subject_too is not set.
- Date and Message-Id headers are added for digests. (1116952)
- Improved mail address sanity check. (1030228)
- SpamDetect.py now checks attachment header. (1026977)
- Filter attachments by filename extensions. (1027882)
- Bugs and patches: 955381 (older Python compatibility), 1020102/1013079/
1020013 (fix spam filter removed), 665569 (newer Postfix bounce
detection), 970383 (moderator -1 admin requests pending), 873035
(subject handling in -request mail), 799166/946554 (makefile
compatibility), 872068 (add header/footer via unicode), 1032434
(KNOWN_SPAMMERS check for multi-header), 1025372 (empty Cc:), 789015
(fix pipermail URL), 948152 (Out of date link on Docs), 1099138
(Scrubber.py breaks on None part), 1099840/1099840 (deprecated %
insertion), 880073/933762 (List-ID RFC compliance), 1090439 (passwd
reminder shunted), 1112349 (case insensitivity in acceptable_aliases),
1117618 (Don't Cc for personalized anonymous list), 1190404 (wrong
permission after editing html)
|
|
|
|
Replace PAM with pam.
|
|
|
|
- Thanks to taca@ and gavan@ for feedback and patch review
- This also enables experimental PAM support (on platforms that support it)
- Security fixes included
- From the ChangeLog:
Changes from 4.0.7 to 4.0.8:
> ---------------------------
> 1. Fix compilation error on HPUX.
> 2. Fix some compilation warnings.
> 3. Update man page with '-x' option.
> 4. Fix problems with 'make install'
>
>
> Changes from 4.0.6 to 4.0.7:
> ---------------------------
> 1. Fix '-V' for standalone.
> 2. Include 'man' directory in tarball.
>
>
> Changes from 4.0.5 to 4.0.6:
> ----------------------------
> 1. Minor fixes for true64.
> 2. Patch from Uli Zappe to fix SCRAM compilation bugs.
> 3. Minor fixes for true64.
> 4. poppassd now runs smbpasswd as user, not root, to avoid exploit
> 5. Remove -traditional-cpp from the compiler options for Darwin
> builds (otherwise build fails)
> 6. Open stdout and stderr as O_WRONLY instead of O_RDONLY so that
> should anything actually be written to them it will show up
> 7. When configured as --with-pam and required,
> include <pam/pam_appl.h> instead of <security/pam_appl.h>
> (otherwise build fails)
> 8. strdup the pw.pw_name field from getpwnam so that it's still
> valid by the time genpath is called; also added corresponding
> free (without this fix when the bug manifests, clients are
> erroneously told there are 0 messages in the mail drop
> regardless of the actual number)
> 9. Add a pam bug workaround at the beginning of main to do a
> pam_start and pam_end immediately when the program starts up
> in order to avoid bogus authentication failed messages from
> pam_authenticate later (only when configured as --with-pam)
> [ Thanks to Kyle McKay for changes 5-9 ]
> 10. Fixed error in configure script for Mac OS / Darwin.
> 11. Support chained certs for OpenSSL [from Daniel Senie].
> 12. Fixes to compile better on Linux [from Daniel Senie].
> 13. X-UIDL header no longer written when Update_status_hdrs is false
> [thanks to Helge Oldach]
> 14. Now calling SSL_shutdown() again if it fails the first time.
> 15. Now logging TLS errors when compiled with debugging and debug is
> enabled (instead of either) [thanks to Maks N. Polunin].
> 16. Config file now always closed (not just on error).
> 17. When using pam, Kerberos tickets are now destroyed.
> Otherwise dead tickets accumulate in cache directory which runs
> out of space quickly on busy server. Problem noted by Rodney
> McDuff ITS UQ. (Directory permissions on ticket cache dir need
> to be 1777).
> 18. Always log "Servicing request" (instead of just when debugging is
> on). This allows start of pop sessions to be logged always which
> is useful for diagnosis of problems.
> 19. Worked around problem on some systems causing SIGALRM to be masked,
> leaving hung pop processes which should have timed out waiting
> for a command from the client.
> [ Thanks to David Shrimpton for changes 16-19 ]
> 20. Now defaulting to "EXPIRE NEVER" instead of "EXPIRE 0".
> 21. Fix core dump on 64-bit Solaris 2.8 [thanks to Kenny Nguyen]
> 22. Log facility set on command line now applies to daemon as well.
> [Thanks to Helge Oldach]
> 23. '-y' to set log facility on command line now works again.
> 24. Allow '-V' as synonym for '-v' (to see version).
> 25. Process user and spool config files as user, not as root (fix
> security hole reported by Jens Steube)
> 26. Added "xtnd_xmit" as a boolean option to permit/deny XTND XMIT
> and 'x' as a command-line option to disable it. You should
> disable it unless you really need it, and even then it is better
> to move to SMTP AUTH.
> 27. popauth now opens trace file as user, not root (fix security
> hole reported by Jens Steube); also umask now set.
> 28. Fix race crash on FreeBSD (thanks to Martin Haller).
> 29. Resolve some compiler warnings.
> 30. Fix check for libcrypt on FreeBSD.
> 31. Added sample pam configuration file (also installed by 'make
> install')
> 32. Use generic error msg and sleep in more auth failure cases.
> 33. Added code to use mkstemp() instead of our perfectly safe usage
> of tempnam() because some compilers issue overly broad warnings
> implying that all uses of tempnam() are unsafe. To bypass,
> use '--enable-tempnam' with ./configure.
|
|
- Thanks to taca@ and gavan@ for feedback and patch review
- This also enables experimental PAM support (on platforms that support it)
- Security fixes included
- From the ChangeLog:
> Changes from 4.0.7 to 4.0.8:
> ---------------------------
> 1. Fix compilation error on HPUX.
> 2. Fix some compilation warnings.
> 3. Update man page with '-x' option.
> 4. Fix problems with 'make install'
>
>
> Changes from 4.0.6 to 4.0.7:
> ---------------------------
> 1. Fix '-V' for standalone.
> 2. Include 'man' directory in tarball.
>
>
> Changes from 4.0.5 to 4.0.6:
> ----------------------------
> 1. Minor fixes for true64.
> 2. Patch from Uli Zappe to fix SCRAM compilation bugs.
> 3. Minor fixes for true64.
> 4. poppassd now runs smbpasswd as user, not root, to avoid exploit
> 5. Remove -traditional-cpp from the compiler options for Darwin
> builds (otherwise build fails)
> 6. Open stdout and stderr as O_WRONLY instead of O_RDONLY so that
> should anything actually be written to them it will show up
> 7. When configured as --with-pam and required,
> include <pam/pam_appl.h> instead of <security/pam_appl.h>
> (otherwise build fails)
> 8. strdup the pw.pw_name field from getpwnam so that it's still
> valid by the time genpath is called; also added corresponding
> free (without this fix when the bug manifests, clients are
> erroneously told there are 0 messages in the mail drop
> regardless of the actual number)
> 9. Add a pam bug workaround at the beginning of main to do a
> pam_start and pam_end immediately when the program starts up
> in order to avoid bogus authentication failed messages from
> pam_authenticate later (only when configured as --with-pam)
> [ Thanks to Kyle McKay for changes 5-9 ]
> 10. Fixed error in configure script for Mac OS / Darwin.
> 11. Support chained certs for OpenSSL [from Daniel Senie].
> 12. Fixes to compile better on Linux [from Daniel Senie].
> 13. X-UIDL header no longer written when Update_status_hdrs is false
> [thanks to Helge Oldach]
> 14. Now calling SSL_shutdown() again if it fails the first time.
> 15. Now logging TLS errors when compiled with debugging and debug is
> enabled (instead of either) [thanks to Maks N. Polunin].
> 16. Config file now always closed (not just on error).
> 17. When using pam, Kerberos tickets are now destroyed.
> Otherwise dead tickets accumulate in cache directory which runs
> out of space quickly on busy server. Problem noted by Rodney
> McDuff ITS UQ. (Directory permissions on ticket cache dir need
> to be 1777).
> 18. Always log "Servicing request" (instead of just when debugging is
> on). This allows start of pop sessions to be logged always which
> is useful for diagnosis of problems.
> 19. Worked around problem on some systems causing SIGALRM to be masked,
> leaving hung pop processes which should have timed out waiting
> for a command from the client.
> [ Thanks to David Shrimpton for changes 16-19 ]
> 20. Now defaulting to "EXPIRE NEVER" instead of "EXPIRE 0".
> 21. Fix core dump on 64-bit Solaris 2.8 [thanks to Kenny Nguyen]
> 22. Log facility set on command line now applies to daemon as well.
> [Thanks to Helge Oldach]
> 23. '-y' to set log facility on command line now works again.
> 24. Allow '-V' as synonym for '-v' (to see version).
> 25. Process user and spool config files as user, not as root (fix
> security hole reported by Jens Steube)
> 26. Added "xtnd_xmit" as a boolean option to permit/deny XTND XMIT
> and 'x' as a command-line option to disable it. You should
> disable it unless you really need it, and even then it is better
> to move to SMTP AUTH.
> 27. popauth now opens trace file as user, not root (fix security
> hole reported by Jens Steube); also umask now set.
> 28. Fix race crash on FreeBSD (thanks to Martin Haller).
> 29. Resolve some compiler warnings.
> 30. Fix check for libcrypt on FreeBSD.
> 31. Added sample pam configuration file (also installed by 'make
> install')
> 32. Use generic error msg and sleep in more auth failure cases.
> 33. Added code to use mkstemp() instead of our perfectly safe usage
> of tempnam() because some compilers issue overly broad warnings
> implying that all uses of tempnam() are unsafe. To bypass,
> use '--enable-tempnam' with ./configure.
|
|
USE_TOOLS and any of "autoconf", "autoconf213", "automake" or
"automake14". Also, we don't need to call the auto* tools via
${ACLOCAL}, ${AUTOCONF}, etc., since the tools framework takes care
to symlink the correct tool to the correct name, so we can just use
aclocal, autoconf, etc.
|
|
|
|
Several changes are involved since they are all interrelated. These
changes affect about 1000 files.
The first major change is rewriting bsd.builtin.mk as well as all of
the builtin.mk files to follow the new example in bsd.builtin.mk.
The loop to include all of the builtin.mk files needed by the package
is moved from bsd.builtin.mk and into bsd.buildlink3.mk. bsd.builtin.mk
is now included by each of the individual builtin.mk files and provides
some common logic for all of the builtin.mk files. Currently, this
includes the computation for whether the native or pkgsrc version of
the package is preferred. This causes USE_BUILTIN.* to be correctly
set when one builtin.mk file includes another.
The second major change is teach the builtin.mk files to consider
files under ${LOCALBASE} to be from pkgsrc-controlled packages. Most
of the builtin.mk files test for the presence of built-in software by
checking for the existence of certain files, e.g. <pthread.h>, and we
now assume that if that file is under ${LOCALBASE}, then it must be
from pkgsrc. This modification is a nod toward LOCALBASE=/usr. The
exceptions to this new check are the X11 distribution packages, which
are handled specially as noted below.
The third major change is providing builtin.mk and version.mk files
for each of the X11 distribution packages in pkgsrc. The builtin.mk
file can detect whether the native X11 distribution is the same as
the one provided by pkgsrc, and the version.mk file computes the
version of the X11 distribution package, whether it's built-in or not.
The fourth major change is that the buildlink3.mk files for X11 packages
that install parts which are part of X11 distribution packages, e.g.
Xpm, Xcursor, etc., now use imake to query the X11 distribution for
whether the software is already provided by the X11 distribution.
This is more accurate than grepping for a symbol name in the imake
config files. Using imake required sprinkling various builtin-imake.mk
helper files into pkgsrc directories. These files are used as input
to imake since imake can't use stdin for that purpose.
The fifth major change is in how packages note that they use X11.
Instead of setting USE_X11, package Makefiles should now include
x11.buildlink3.mk instead. This causes the X11 package buildlink3
and builtin logic to be executed at the correct place for buildlink3.mk
and builtin.mk files that previously set USE_X11, and fixes packages
that relied on buildlink3.mk files to implicitly note that X11 is
needed. Package buildlink3.mk should also include x11.buildlink3.mk
when linking against the package libraries requires also linking
against the X11 libraries. Where it was obvious, redundant inclusions
of x11.buildlink3.mk have been removed.
|
|
|
|
Replace undocumented DELIVER_CONF_PREFIX with plain PKG_SYSCONFDIR handling.
Remove unneeded inclusion of bsd.man.mk.
|
|
|
|
|
|
|
|
|
|
Changes made between 0.6.4.1 and 1.0 (2005/05/26).
Corrected the source code to not break C strict aliasing rules (this
only affected auth_pam.c).
With Sun PAM (Solaris, HP-UX), insist on only one PAM message per call
to the conversation function because of differences in the layout of
the "msg" parameter.
Bumped the default limits to values that are way too high for most
systems (I'm sure these will still be insufficient for some, though,
but hopefully those systems actually got experienced sysadmins).
Added comments suggesting that these defaults be decreased on
particular installs.
|
|
user settable variable. Set PKG_SUGGESTED_OPTIONS instead. Also,
make use of PKG_OPTIONS_LEGACY_VARS.
Reviewed by wiz.
|
|
Dieter Baron, tested by Jukka Salmi.
|
|
Change suggested by Jukka Salmi.
|
|
Main changes are:
* The MIME view and the attachment list of the compose window were
reimplemented using GtkTreeView.
* An option to toggle cursor in the message view was added.
* The backward search button was added to the summary and message
search dialog.
* The PGP Sign and Encrypt check button were added to the compose
window.
* The drag and drop of messages in the summary view to external
applications was enabled.
* The writing of summary cache and mark was optimized so that it
will be written only if it is required.
* The ~/.sylpheed-2.0/tmp/ directory is cleaned up on exit now.
* Errors are detected now when messages are sent with sendmail
command.
* The phishing URL checking was modified so that it works even if
non-ascii space is put at the head of link strings.
* Several bugs of the summary view were fixed.
* The column width of the folder view is now remembered.
* The drag and drop of attached files with non-ascii filename was
fixed.
* The attaching of files with locale-encoded filename by drag and
drop was fixed.
* A bug that caused crash when timeout happened while scanning
IMAP4 folder tree was fixed.
* On IMAP4, a bug that only the first response of the SEARCH
command was recognized was fixed.
* Bcc header fields in mailto URL are no longer interpreted to
conform to RFC 2368.
|
|
permission correctly.
|
|
|
|
|
|
Makefile.
|
|
|
|
|
|
- From the changelog:
> Changes to the Cyrus IMAP Server since 2.1.17
> Fix single byte overflow in imapd annotate extension.
>
> Changes to the Cyrus IMAP Server since 2.1.16
> Fix several security issues in imapd and in mysasl_canon_user.
>
> Changes to the Cyrus IMAP Server since 2.1.15
> Clean up a timeout bug in fud proxy code.
> Fix a number of bugs with the murder and altnamespace handling.
> Detect fork() failures when launching sendmail in lmtpd
> Enable telemetry logging in lmtpd/lmtpproxyd
> Allow APOP to be disabled via an imap option
> Fix reconstruct to handle missing cyrus.header files
> Add the quotawarnkb option
> Update MUPDATE to look for IANA assigned port numbers.
|
|
QPOPPER_MASTER_SITES and QPOPPER_HOMEPAGE defined in
../qpopper/Makefile.common.
No functional change.
|
|
- Sort PLIST.
- Share MASTER_SITES and HOMEPAGE with poppassd package with introducing
QPOPPER_MASTER_SITES and QPOPPER_HOMEPAGE in Makefile.common.
|
