| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security update for postfix
- pkgsrc/mail/postfix/Makefile 1.219, 1.220
- pkgsrc/mail/postfix/distinfo 1.119
- pkgsrc/mail/postfix/patches/patch-aa 1.21
- pkgsrc/mail/postfix/patches/patch-ag 1.25
- pkgsrc/mail/postfix/patches/patch-ai 1.22
- pkgsrc/mail/postfix-current/Makefile 1.100, 1.101
- pkgsrc/mail/postfix-current/distinfo 1.46
- pkgsrc/mail/postfix-current/patches/patch-aa 1.19
- pkgsrc/mail/postfix-current/patches/patch-ag 1.17
- pkgsrc/mail/postfix-current/patches/patch-ai 1.20
Module Name: pkgsrc
Committed By: ghen
Date: Fri Aug 22 20:29:55 UTC 2008
Modified Files:
pkgsrc/mail/postfix: Makefile
pkgsrc/mail/postfix-current: Makefile
Log Message:
Add some (http) mirrors.
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Sep 4 08:25:20 UTC 2008
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
pkgsrc/mail/postfix/patches: patch-aa patch-ag patch-ai
Log Message:
Updated mail/postfix to 2.5.5
Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a
denial of service attack by a local user. There is no breach of
data confidentiality or data integrity. This problem was found by
the Postfix author during routine source code maintenance.
An on-line version of this announcement is available at
http://www.postfix.org/announcements/20080902.html
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Sep 4 08:25:31 UTC 2008
Modified Files:
pkgsrc/mail/postfix-current: Makefile distinfo
pkgsrc/mail/postfix-current/patches: patch-aa patch-ag patch-ai
Log Message:
Updated mail/postfix-current to 2.6.20080903
Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a
denial of service attack by a local user. There is no breach of
data confidentiality or data integrity. This problem was found by
the Postfix author during routine source code maintenance.
An on-line version of this announcement is available at
http://www.postfix.org/announcements/20080902.html
|
|
security update for clamav
- pkgsrc/mail/clamav/Makefile 1.87
- pkgsrc/mail/clamav/buildlink3.mk 1.16
- pkgsrc/mail/clamav/distinfo 1.54
- pkgsrc/mail/clamav/patches/patch-ad 1.15
- pkgsrc/mail/clamav/patches/patch-af 1.6
- pkgsrc/mail/clamav/patches/patch-ah 1.16
- pkgsrc/mail/clamav/patches/patch-ba removed
Module Name: pkgsrc
Committed By: martti
Date: Thu Sep 4 06:44:07 UTC 2008
Modified Files:
pkgsrc/mail/clamav: Makefile buildlink3.mk distinfo
pkgsrc/mail/clamav/patches: patch-ad patch-af patch-ah
Removed Files:
pkgsrc/mail/clamav/patches: patch-ba
Log Message:
Updated mail/clamav to 0.94
* Lots of bug fixes
I removed patch-ba and tested this on NetBSD/i386 3.1.1_PATCH and
NetBSD/amd64 4.0_STABLE and everything seems to work...
|
|
thunderbird, thunderbird-gtk1: update package for security fixes
revisions pulled up:
pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.36
pkgsrc/mail/thunderbird/PLIST 1.24
pkgsrc/mail/thunderbird/distinfo 1.46
pkgsrc/mail/thunderbird-gtk1/PLIST 1.14
pkgsrc/mail/thunderbird/patches/patch-af 1.5
pkgsrc/mail/thunderbird/patches/patch-ap 1.5
pkgsrc/mail/thunderbird/patches/patch-dw 1.2
Module Name: pkgsrc
Committed By: ghen
Date: Fri Aug 22 09:42:15 UTC 2008
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
pkgsrc/mail/thunderbird-gtk1: PLIST
pkgsrc/mail/thunderbird/patches: patch-af patch-ap patch-dw
Log Message:
Update thunderbird and thunderbird-gtk1 to 2.0.0.16.
Security fixes in this version:
MFSA 2008-34 Remote code execution by overflowing CSS reference counter
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-26 Buffer length checks in MIME processing
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-21 Crashes with evidence of memory corruption
For more info, see
+http://www.mozilla.com/en-US/thunderbird/2.0.0.16/releasenotes/
|
|
turba: fix plist
revisions pulled up:
pkgsrc/mail/turba/Makefile 1.30
pkgsrc/mail/turba/PLIST 1.12
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Jul 31 19:54:04 UTC 2008
Modified Files:
pkgsrc/mail/turba: Makefile PLIST
Log Message:
Add js directory which should fix PR 39253
PKGREVISION++
|
|
imp: fix package plist
revisions pulled up:
pkgsrc/mail/imp/Makefile 1.49
pkgsrc/mail/imp/PLIST 1.12
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Jul 31 19:48:20 UTC 2008
Modified Files:
pkgsrc/mail/imp: Makefile PLIST
Log Message:
Add js directory which should fix PR 39253
PKGREVISION++
|
|
postfix-current: update package for fixes
revisions pulled up:
pkgsrc/mail/postfix-current/Makefile 1.99
pkgsrc/mail/postfix-current/distinfo 1.45
Module Name: pkgsrc
Committed By: martti
Date: Mon Aug 18 07:19:13 UTC 2008
Modified Files:
pkgsrc/mail/postfix-current: Makefile distinfo
Log Message:
Updated mail/postfix-current to 2.6.20080814
20080804
Bugfix: dangling pointer in vstring_sprintf_prepend().
File: util/vstring.c.
20080814
Security: some systems have changed their link() semantics,
and will hardlink a symlink, contrary to POSIX and XPG4.
Sebastian Krahmer, SuSE. File: util/safe_open.c.
The solution introduces the following incompatible change:
when the target of mail delivery is a symlink, the parent
directory of that symlink must now be writable by root only
(in addition to the already existing requirement that the
symlink itself is owned by root). This change will break
legitimate configurations that deliver mail to a symbolic
link in a directory with less restrictive permissions.
|
|
postfix-current: update package for fixes
revisions pulled up:
pkgsrc/mail/postfix-current/Makefile 1.98
pkgsrc/mail/postfix-current/distinfo 1.44
Module Name: pkgsrc
Committed By: martti
Date: Wed Aug 13 07:34:44 UTC 2008
Modified Files:
pkgsrc/mail/postfix-current: Makefile distinfo
Log Message:
Updated mail/postfix-current to 2.6.20080726
* Lots of bug fixes
|
|
postfix: update package for security fixes
revisions pulled up:
pkgsrc/mail/postfix/Makefile 1.218
pkgsrc/mail/postfix/distinfo 1.118
Module Name: pkgsrc
Committed By: martti
Date: Mon Aug 18 07:13:41 UTC 2008
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.5.4
20080804
Bugfix: dangling pointer in vstring_sprintf_prepend().
File: util/vstring.c.
20080814
Security: some systems have changed their link() semantics,
and will hardlink a symlink, contrary to POSIX and XPG4.
Sebastian Krahmer, SuSE. File: util/safe_open.c.
The solution introduces the following incompatible change:
when the target of mail delivery is a symlink, the parent
directory of that symlink must now be writable by root only
(in addition to the already existing requirement that the
symlink itself is owned by root). This change will break
legitimate configurations that deliver mail to a symbolic
link in a directory with less restrictive permissions.
|
|
(CVE-2007-5740).
|
|
|
|
|
|
* fix handling of .cld files
* libclamav/ole2_extract.c, sigtool: make sigtool compatible with the new
OLE2 scan scheme (bb#1086)
* libclamav/petite.c: fix another out of bounds memory read (bb#1000)
Reported by Secunia (CVE-2008-2713)
* clamd/others.c: add missing checks for recv() failures (bb#1079)
* libclamav/scanners.c: add missing check for file open failure (bb #1083).
* sigtool/sigtool.c: make use of the UNLINK command in cdiffs (bb#1080)
* sigtool/sigtool.c: verify MD5's in --run-cdiff
* libclamav/matcher-ac.c: fix handling of nodes which also match single
bytes (bb#1054)
* libclamav: faster loading of uncompressed .cld files, also fixes bb#1064
* merge r3816 from trunk (bb #947, AIX name collisions)
* freshclam/manager.c: add missing closesocket on error path (bb #1073).
|
|
|
|
The Maildir patch was altered on the master server without changing the
URL, so we have to alter DIST_SUBDIR, which affects the main distfile
as well. Emailed author to see if putting up versioned patchfile URLs is
feasible
The change in the Maildir patch:
- Fixed a bug which made Alpine not to delete folders correctly in
a #mc/ collection.
|
|
|
|
|
|
|
|
incompatibility with the claws-mail base package.
|
|
|
|
- Add patch from Fedora which makes the gtkspell option build again, with
the enchant-backed gtkspell.
- Add DESTDIR support, from mail/sylpheed-devel
Changes from 2.4.8
* New features
o The vertical 3-paned view mode was added.
o The feature to save SSL peer certificate was added.
o The option 'Treat HTML only message as attachment' was added.
o The feature to confirm missing attachments was added.
o The feature to confirm recipients before sending was added.
* Feature improvements
o To: header is also searched by quick search in Sent/Draft/Queue folders.
o 'Edit/Quick search' menu was added.
o Spaces in address and server entries on account preferences dialog are now
automatically removed when applied.
o The compose window now remembers the maximized state.
o The focus will not move from the text view to the summary view with
'Next/Prev' keyboard operation now.
o The alert dialog is displayed now when PGP signing/encryption failed.
* Bugfixes
o The bug that caused busy loop when initial connection was immediately
refused was fixed.
o The bug that the quote description dialog never appeared again after closing it with the close button was fixed.
o The new/unread status display on quick search filtered mode was fixed.
o The windres command will not be enabled on non-win32 platforms now.
o The address completion was fixed.
o Win32: --attach option was fixed.
o The sylpheed.desktop file was fixed.
o A crash bug was fixed.
o Content-Transfer-Encoding header with comments was supported.
o UTF-8 locale strings with suffix '.utf8' were supported.
o The 8KB restriction of template body size was removed.
|
|
|
|
http://secunia.com/advisories/28794/
Includes many bug fixes, see share/doc/mailman/NEWS for details.
|
|
Approved by agc.
|
|
Pkgsrc changes:
- p5-DB_File is now required on all systems, even those where Perl
already detects the native db-functions (dbopen,...) and thus
provides DB_File.
This should prevent subtle errors like the one in PR pkg/37751 at
the price of installing an additional package.
- Added explanation to patch-ay.
- patch-bc was adapted to the changes for the path of compiled rulesets.
- patch-bd is no longer necessary, the public key is now cross-verified.
- shut up some warnings from pkglint regarding "set -e" and quoted
variables.
Changes since version 3.2.4:
============================
3.2.5 is a minor bug-fix release. Summary of changes:
- bug 5775: newer gpg versions require keys to be cross-certified (backsig).
Did a cross-verify on our sa-update public key and re-exported. (If you
are already seeing "GPG validation failed" errors from sa-update, see
http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified .)
- bug 5899: add perl version string to the storage area for compiled
rulesets, to avoid crashes when perl is upgraded between major versions
(e.g perl 5.8.x to 5.10.0) and the ABI breaks
- bug 5496, bug 5910: clear some FORGED_MUA_OUTLOOK false positives,
particularly on the new-format Message-ID generated by the Outlook
Express version used in Windows XP service pack 3
- bug 5730: when using Postgres >= 8.1.0 with Bayes, this error occurs:
'WARNING: nonstandard use of \ in a string literal at character'. fix,
thanks to Tomasz Ostrowski
- bug 5769: fix 'sa-compile: eval failed: Can't find label NO' error,
caused in rare circumstances when sa-compile attempted to deal with
rules written using 'replace_rules' features
- bug 5858: fix circular reference memory leak caused by some messages
- bug 5815: update 2TLD list to include .rs CCTLD
- bug 4706: remove HG_HORMOME rules due to poor performance
- bug 5835: typo in POD docs for SPF plugin; thanks to Benny Pedersen for fix
- bug 5839: a missing or failed eval rule function could mistakenly count
as a rule hit, fixed
- trivial bugfix for the VBounce ruleset: __BOUNCE_FROM_DAEMON incorrectly
used + instead of *, so some From addresses were not being recognised as
bounce senders
|
|
copy from there.
Update the Sieve plugin accordingly to 1.1.5.
Major changes since 1.0:
* After Dovecot v1.1 has modified index or dovecot-uidlist files,
they can't be opened anymore with Dovecot versions earlier than
v1.0.2.
* See doc/wiki/Upgrading.1.1.txt (or for latest changes,
http://wiki.dovecot.org/Upgrading/1.1) for list of changes since
v1.0 that you should be aware of when upgrading.
+ IMAP: Added support for UIDPLUS and LIST-EXTENDED extensions.
+ IMAP SORT: Sort keys are indexed, which makes SORT commands faster.
+ When saving messages, update cache file immediately with the data
that we expect client to fetch later.
+ NFS caches are are flushed whenever needed. See mail_nfs_storage and
mail_nfs_index settings.
+ Out of order command execution (SEARCH, FETCH, LIST), nonstandard
command cancellation (X-CANCEL <tag>)
+ IMAP: STATUS-IN-LIST draft implementation
+ Expire plugin can be used to keep track of oldest messages in
specific mailboxes. A nightly run can then quickly expunge old
messages from the mailboxes that have them. The tracking is done
using lib-dict, so you can use either Berkeley DB or SQL database.
+ Namespaces are supported everywhere now.
+ Namespaces have new list and subscriptions settings.
+ Full text search indexing support with Lucene and Squat backends.
+ OTP and S/KEY authentication mechanisms (by Andrey Panin).
+ mbox and Maildir works with both Maildir++ and FS layouts. You can
change these by appending :LAYOUT=3Dmaildir++ or :LAYOUT=3Dfs to
mail_location.
+ LDAP: Support templates in pass_attrs and user_attrs
+ Support for listening in multiple IPs/ports.
+ Quota plugin rewrite: Support for multiple quota roots, warnings,
allow giving storage size in bytes or kilo/mega/giga/terabytes,
per-mailbox quota rules.
+ Filesystem quota backend supports inode limits, group quota and
RPC quota for NFS.
+ SEARCH and SORT finally compare non-ASCII characters
case-insensitively. We use i;unicode-casemap algorithm.
+ Config files support splitting values to multiple lines with \
|
|
=== 1.2.3.1 / 2008-04-11
* Closed #19429 - Installing TMail on Windows with the gem
|
|
Changes are unknown.
|
|
Too many changes since 2.0.2. See CHANGELOG for the complete list.
pkgsrc CHANGES:
This version does not depend on ruby-tmail any longer. The dependency
should have been removed when it was switched to use rubygems.
|
|
|
|
Taken from http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt
Bump PKGREVISION.
|
|
* Fixed unescaped output in the contact view.
* Improved importing of phone numbers.
* Fixed upgrade script.
The full list of changes (from version H3 (2.2)) can be viewed here:
http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.165&r2=1.181.2.170&ty=h
|
|
|
|
|
|
- another fix for the case of two "Content-Type" lines, hit
by a recent, now frequently appearing, spam message.
- various IMAP4 improvements by [David Golden]
- stop when message coersion is called but not possible.
- fixtest, to work with MIME::Entity changes.
- field attributes which contained a '\' where considered
empty. Reported by [Ricardo Signes]
- Message rebuild with nested message failed. Fixed by
[Mat Johns]
|
|
bsd.prefs.mk. Reported by Steven M. Bellovin for xorg packages.
|
|
Changes since version 8.14.2:
* the MTA accessed storage after it free()d it. This was a regression
introduced in 8.14.2, but the bug only showed up on a few operating
systems.
* ruleset processing: the function cataddr() could cause the addition of
the BlankSub character between some tokens when it should not happen
and thus failures in rule matching. It seems that none of the default
rules were affected by this bug and hence the problem did not show up
for default configurations.
* the libmilter state engine did not deal correctly with milters that
requested the omission of protocol steps during the negotiation callback.
Approved by John Nemeth.
|
|
Three pkgsrc patches integrated, plus changes since 1.1:
----- November 2007 - Version 1.6 released -----
1. Check for gpg2 first, and prefer it if available.
----- November 2007 - Version 1.5 released -----
3. Add a --- Status --- line for the beginning and end of the PGP
stuff which includes a timestamp to help avoid a socially engineered
message that includes the "good signature" output in the same format
as what we print.
2. Make sure that all --- Status --- messages are 76 characters long.
1. When displaying MIME messages after verification, substitute a space
for the MIME'ified =20 character at the end of a line, and substitute
an = sign for the MIME'ified =3D. This greatly improves readability
of the verified message.
----- July - October 2007 - Version 1.4 developed, not released -----
NB: Support for older versions of pgp, and PGP from PGP Inc. has
been dropped in this version. GnuPG is now a requirement. This is
in line with the requirements for other PGP addons such as enigmail
for Thunderbird.
Benjamin R. Haskell, pine-pgp ~ benizi.com was instrumental in helping
to suggest methods for and test the results of changes 1-5 in this
version. Thanks!
6. Fix error handling in ppf_mime_decrypt, and make use of the $cfile
variable instead of guessing which file has the message.
5. Look for gpg in PREFIX/bin, /usr/bin, and /bin in that order.
4. Move "build" of the scripts to an all target in the Makefile.
3. Change to using csplit since command line options for both
GNU and BSD versions are compatible, unlike split.
2. Improve portability for users of GNU make and mktemp.
1. Add error handling for failed TDIR creation in ppf_decrypt,
ppf_verify, and ppf_mime*.
----- October 2006 - Version 1.3 released -----
6. Include more mail headers in the grep'ed output of the MIME scripts,
and try to strip more MIME headers from the message.
5. Use local for function variables.
4. Remove commented out code for really old versions of pgp.
3. Do a better job of finding the crucial bits of a MIME message, and
fail more gracefully if we do not.
2. Fix bug that prevented ppf_mime* from working with messages sent by
Evolution, KMail, and any other MIME client that interprets RFC 3156
the same way. (Thanks to Bjoern A. Zeeb <bzeeb@zabbadoz.not> for the tip!)
1. Update e-mail and web addresses.
----- April 2005 - Version 1.2 released -----
7. Update copyright for this year, and use my full given name.
6. For sign and encrypt, scan the headers to determine the right user.
This requires adding _INCLUDEALLHDRS_ to the filter line.
5. Add a message to tell users why their password is needed for ppf_decrypt.
4. Create symlinks in PREFIX/bin for the ppf_mime* scripts.
3. Add User-Agent to the list of headers to display in mime filters.
2. Add a first pass at a ppf_mime_decrypt script. More work is
needed here, see BUGS.
1. In some past version of Pine, the display of filter output changed,
so adjust the line length of some of the messages to accommodate.
|
|
|
|
|
|
from <URL:http://cr.yp.to/distributors.html>:
What are the distribution terms for dot-forward?
2008.06.01: I hereby place the dot-forward package (in particular,
dot-forward-0.71.tar.gz, with MD5 checksum
1fefd9760e4706491fb31c7511d69bed) into the public domain. The
package is no longer copyrighted.
What are the distribution terms for ezmlm?
2008.06.01: I hereby place the ezmlm package (in particular,
ezmlm-0.53.tar.gz, with MD5 checksum 108c632caaa8cdbfd3041e6c449191b2)
into the public domain. The package is no longer copyrighted.
What are the distribution terms for fastforward?
2008.06.01: I hereby place the fastforward package (in particular,
fastforward-0.51.tar.gz, with MD5 checksum
6dc619180ba9726380dc1047e45a1d8d) into the public domain. The
package is no longer copyrighted.
Set DJB_RESTRICTED=no in these packages (and in ezmlm-idx, by
extension). Add commented-out LICENSE=public-domain. As usual,
pkgsrc will strive to keep modifications to a tasteful minimum.
|
|
* libclamav/petite.c: fix possible invalid memory access (bb#1000)
Reported by Damian Put
* clamdscan/clamdscan.c: don't show scan summary when clamd cannot be
contacted (bb#1041)
* libclamav/hashtab.[ch], scanners.c: avoid using C99 flexible array members
(bb #1039)
* libclamav/unzip.c: correct the previous fix
* libclamav/unzip.c: check for unprefixed bz2 - bb#1038
* libclamav/ole2_extract.c: revert last commit
* libclamav/ole2_extract.c: use cli_unlink
* libclamav/ole2_extract.c: partial scan of broken ole files
* contrib/init/RedHat: check for already running clamav-milter (bb #823)
* libclamav/regex: avoid name collisions on AIX (bb #947)
sync with libc: minor cleanups
* doc/clamdoc.tex: add a note about forking daemons (bb#906)
* libclamav/Makefile.am: link .la files first, this
should avoid linking to old libclamav as in bb #931
* libclamav/readdb.h: read daily.cfg stored inside .cld containers (bb#1006)
* libclamav/mbox.c, shared/network.c: prevent uninitialized use of hostent
structure (bb #1003).
* libclamav/mspack.c: downgrade some error messages (bb#911)
* clamav-milter: retrieve db version from daily.cld (bb#942)
* libclamav/scanners.c: don't return CL_EMAX* error codes to
applications (bb#1001)
* clamscan/manager.c: print information about clean files when the RAR
code is not compiled-in (bb#999)
* libclamav/unzip.c: remove detection of Suspect.Zip and
Exploit.Zip.ModifiedHeaders (bb#997)
* libclamav: scan for embedded PEs inside OLE2 files (bb#914)
* libclamav/cvd.c: add work-around for zlib issues with mixed data (bb#932)
* libclamav/others.h: explicitely cast some constants (bb#936)
* sigtool/sigtool.c: bb#938 (sigtool --list-sigs not working with .cld files)
* libclamav/dconf.h: fix flag code assignment (bb #952)
* libclamav/iana_tld.h, libclamav/phishcheck.c: update TLD list (bb #925)
|
|
patches from upstream CVS, bump PKGREVISION
|
|
|
|
-fix PLIST, from Hasso Tepper per PR pkg/38852
|
|
is read-only but is faster than Berkeley DB and uses less memory. Use the
TinyCDB implementation which is in the public domain and a bit faster than
DJB's original CDB.
|
|
Since v1.1.0 release is getting near, this could well be the last v1.0
release. I'll still fix important bugs, but if the bugfix is large or
affects only few people it'll probably get fixed only in v1.1 releases.
* mbox: Enable mail_privileged_group while creating INBOX.
- IMAP: Fixed a rare crash in FETCH BODY/BODYSTRUCTURE
- IMAP: If mailbox is selected with EXAMINE, ignore flag changes
- proxy: Login success reply was sent in two IP packets, which
confused some IMAP/POP3 clients
- ACL plugin leaked memory a bit
- dovecot-auth: allow_nets setting with network masks didn't work
correctly with big endian machines.
|
|
|
|
Should fix build failure on Solaris.
|
|
|
|
* The compose window now remembers the maximized state.
* The focus will not move from the text view to the summary view with 'Next/Prev' keyboard operation now.
* The alert dialog is displayed now when PGP signing/encryption failed.
* The sylpheed.desktop file was fixed.
|
