| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Solaris). The patch is from dovecot CVS (see the thread following
http://www.dovecot.org/list/dovecot/2006-May/013389.html), via PR
pkg/33489. Bump PKGREVISION.
|
|
|
|
2006-03-17 David F. Skoll
* VERSION 5.420 RELEASED
* Fix regression introduced in 5.419 -- quoted-printable
encoding would sometimes fail on "textual" MIME parts.
|
|
version 1.74: Tue Feb 28 08:39:14 CET 2006
- Help from [Jun Kuriyama]
|
|
|
|
> 8.13.6/8.13.6 2006/03/22
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
> If a server returns 421 for an RSET command when trying to start
> another transaction in a session while sending mail, do
> not trigger an internal consistency check. Problem found
> by Allan E Johannesen of Worcester Polytechnic Institute.
> If a server returns a 5xy error code (other than 501) in response
> to a STARTTLS command despite the fact that it advertised
> STARTTLS and that the code is not valid according to RFC
> 2487 treat it nevertheless as a permanent failure instead
> of a protocol error (which has been changed to a
> temporary error in 8.13.5). Problem reported by Jeff
> A. Earickson of Colby College.
> Clear SMTP state after a HELO/EHLO command. Patch from John
> Myers of Proofpoint.
> Observe MinQueueAge option when gathering entries from the queue
> for sorting etc instead of waiting until the entries are
> processed. Patch from Brian Fundakowski Feldman.
> Set up TLS session cache to properly handle clients that try to
> resume a stored TLS session.
> Properly count the number of (direct) child processes such that
> a configured value (MaxDaemonChildren) is not exceeded.
> Based on patch from Attila Bruncsak.
> LIBMILTER: Remove superfluous backslash in macro definition
> (libmilter.h). Based on patch from Mike Kupfer of
> Sun Microsystems.
> LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
> This generates an error message from libmilter on
> Solaris, though other systems appear to just discard the
> request silently.
> LIBMILTER: Deal with sigwait(2) implementations that return
> -1 and set errno instead of returning an error code
> directly. Patch from Chris Adams of HiWAAY Informations
> Services.
> Portability:
> Fix compilation checks for closefrom(3) and statvfs(2)
> in NetBSD. Problem noted by S. Moonesamy, patch from
> Andrew Brown.
|
|
> Major changes compared to the Turba H3 (2.1) version are:
> * Fixed losing sessions when editing address books.
> * Added upgrade script for Oracle to upgrade from 1.2 to 2.x.
> * Fixes and improvements to the create_default_histories.php and
> public_to_horde_share.php scripts.
> * Updated Danish, Dutch, German, Greek, Estonian and Japanese translations.
> * Small bugfixes and improvements.
>
> The full list of changes (from version H3 (2.1)) can be viewed here:
>
> http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.68&r2=1.181.2.80&ty=h
|
|
>
> Major changes compared to the Ingo H3 (1.1) version are:
> * Restored backward compatibility with Horde 3.0.x.
> * Enabled the filter setting to stop further filtering by default.
> * Small bug fixes and improvements.
> * New translations: Estonian, Greek.
> * Updated translations: Danish, Dutch, German.
>
> The full list of changes (from version H3 (1.1)) can be viewed here:
>
> http://cvs.horde.org/diff.php/ingo/docs/CHANGES?r1=1.55.2.39&r2=1.55.2.49&ty=h
|
|
|
|
|
|
|
|
changes since 1.0beta7:
* Fixed a security hole with mbox: "1 LIST .. *" command could
list all directories and files under the mbox root directory, so
if your mails were stored in eg. /var/mail/%u/ directory, the
command would list everything under /var/mail.
+ Unless nfs_check=no or mmap_disable=yes, check for the first login
if the user's index directory exists in NFS mount. If so, refuse to
run. This is done only on first login to avoid constant extra
overhead.
+ If we have plugins set and imap_capability unset, figure out the
IMAP capabilities automatically by running imap binary at startup.
The generated capability list isn't updated until Dovecot is
restarted completely, so if you add or remove IMAP plugins you
should restart. If you have problems related to this, set
imap_capabilities setting manually to work around it.
+ Added auth_username_format setting
- pop3_lock_session setting wasn't really working
- Lots of fixes related to quota handling. It's still not working
perfectly though.
- Lots of index handling fixes, especially with mmap_disable=yes
- Maildir: saving mails could have sometimes caused "Append with UID
n, but next_uid = m" errors
- flock() locking never timeouted because ignoring SIGALRM caused the
system call just to be restarted when SIGALRM occurred (probably not
with all OSes though?)
- kqueue: Fixed "Unrecognized event". Patch by Vaclav Haisman
|
|
update checksums.
|
|
e.g. bin/paths.py wasn't always compiled before. Bump revision.
|
|
|
|
Make configure work with non sh shells
Fixes from Jukka Salmi and Lubomir Sedlacik on tech-pkg@
|
|
|
|
|
|
general idea is that the client should never know that it's not talking to
the real IMAP server. The only thing that makes this a slightly unique Imap
Proxy server is that it caches server connections.
|
|
Based upon the 2.1.17 update by Fredrik Carlsson in PR 32487
Changes:
The usual: fixes, new features.
|
|
Addresses PR 32739 by John Kohl.
Bump PKGREVISION.
|
|
the main Sylpheed branch". Improve this description.
(Okayed by maintainer.)
|
|
RELEASE 3.6.5-STABLE
MAINT: PgSQL SQL tuning
MAINT: WebUI aesthetic and functional fixes
MAINT: Added --disable-syslog and --with-logfile= configuration flags
MAINT: Added -t flag for dspam_stats to total stats
MAINT: Markov result used as X-DSPAM-Confidence when Markov used
MAINT: Support for separate read/write servers to be used with mysql_drv
BUGFIX: Spam are quarantined when --deliver=summary
BUGFIX: Admin graphs malformatted when subject contains newline character
BUGFIX: WebUI does not use MAX_COL_LEN
BUGFIX: Output for dspam_admin aggr pref incorrect
BUGFIX: Flat-file preference writes fail on some systems
BUGFIX: Failure to connect to ClamAV causes segmentation fault
BUGFIX: NULL username in system causes segmentation fault
BUGFIX: ClamAV processing and cleanup issues
BUGFIX: Fragment files overwritten on retrain
BUGFIX: Miscellaneous invalid read / segmentation fault bugs
BUGFIX: If TrainingMode not specified in dspam.conf or passed in, segmentation fault
BUGFIX: No output returned when using --deliver=summary with dspamc
RELEASE 3.6.4-STABLE
DOC: Documented user preferences in README
MAINT: Added dspam_train tool, replacing most functions of dspam_corpus
MAINT: Code cleanup and performance improvements
MAINT: Significant improvements in accuracy, specifically reduced false pos.
MAINT: Removed experimental neural collaboration functions
MAINT: Added ClassAlias configuration directive to dspam.conf
MAINT: Added undo option for retraining via WebUI
MAINT: Added storeFragments support to WebUI
MAINT: Added mass-retraining support to WebUI
BUGFIX: DSPAM segfaults when invalid UID specified using UIDInSignature
BUGFIX: No output when using --classify with --client
BUGFIX: dspam_corpus overrides default dspam.conf settings
BUGFIX: Multi-driver builds fail when preferences-extension is not supported
|
|
* sync with squirrelmail-1.4.6nb1
|
|
Nothing changes but use qpopper 4.0.9 distribution.
|
|
Changes from 4.0.8 to 4.0.9:
-----------------------------
1. Fix crash if too many MDEF commands entered.
|
|
Prior to this release, there are security vulnerability the same as
squirrelmail 1.4.5.
This update made with temporary Japanese patch based on the patch
for 1.4.5.
|
|
symmetry between installation from source and from binary package.
Annoate MESSAGE accordingly, so that those using apop can do it
themselves. Bump revision
|
|
* application/smil is 8bit
* application/x-javascript becomes application/javascript.
* New MIME type: application/ecmascript
|
|
|
|
|
|
the @exec/@unexec hack. This is still nasty, but easier than fighting
pkg_install. Leave a comment around to not resort this.
tron@: *sigh*
|
|
|
|
|
|
functional change.
|
|
This release improves virus detection, fixes zip handling on 64-bit
architectures and possible security problem in freshclam.
|
|
ftp://ftp.horde.org/pub/ to a backup
|
|
|
|
users and groups in time for the "configure" phase. Retire this
package.
|
|
be created just before its "configure" phase, obviating the need
for the hackish dependency on a qmail-users package. Since the new
functionality in bsd.pkginstall.mk also records and enforces numeric
UIDs and GIDs in binary packages, remove the note on that matter
from MESSAGE.
Bump PKGREVISION.
|
|
+ Add an INSTALL script that detects the presence of the old
sqwebmail state directory and that informs the admin to move it
to the new location.
+ Install some more of the HTML documentation in the location expected
by courier-mta.
* Complete re-implementation of the LDAP addressbook.
* Increase the maximum size of the CGI environment to avoid certain
classes of browser/website problems.
|
|
+ Install some more of the HTML documentation in the location expected
by courier-mta.
+ Moved the default locations for the imapd and pop3d SSL certificates
into ${PKG_SYSCONFDIR}. These paths may be changed directly in the
imapd-ssl and pop3d-ssl configuration files by modifying TLS_CERTFILE.
* New capability to control announcements of IMAP ACL support when
starting imapd.
* Optimization: Skip going through the motions of outputting the results
of a SORT if the number of sorted messages is 0.
* Have CREATE and RENAME also create courierimapuidlist.
* Log total bytes sent/received in IMAP and POP3 sessions.
|
|
+ Install the makedat documentation; even though "makedat" is part
of courier-authlib, that package installs no doucmentation for
it, and "makedat" is used quite frequently in conjunction with
maildrop.
* fix for RFC822 compliance -- encode spaces that precede a newline.
|
|
+ Install some of the HTML documentation in the locations expected by
courier-mta.
* fixes to the Maildir+ quota support.
|
|
|
|
courier-0.53.1 as mail/courier-mta.
The Courier mail transfer agent (MTA) is a modular multiprotocol mail
server that's designed to strike a balance between reasonable performance,
flexibility and features.
This package differs from traditional courier-mta packages in that
the webmail, imap/pop3, and maildrop components are not included
because they are supplied by the mail/sqwebmail, mail/courier-imap,
and mail/maildrop packages, respectively. When Courier-MTA is installed
together with Courier-IMAP and SqWebMail, they form an integrated
mail/groupware server suite that provides ESMTP, IMAP, POP3, webmail,
and mailing list services within a single, consistent, framework. A
web-based administration and configuration tool is included for
comprehensive configuration of the entire Courier software suite.
Many thanks to Yarema <yds@CoolRat.org> whose Courier port for FreeBSD
was an invaluable reference.
|
|
pkgsrc/mk/install/usergroupfuncs:1.7 already handle this case.
|
|
Firefox).
Thunderbird 1.5.0.2 offers improved stability, and several security fixes:
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
MFSA 2006-26 Mail Multiple Information Disclosure
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-21 JavaScript execution in mail when forwarding in-line
MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
MFSA 2006-08 "AnyName" entrainment and access control hazard
MFSA 2006-07 Read beyond buffer while parsing XML
MFSA 2006-06 Integer overflows in E4X, SVG and Canvas
MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
MFSA 2006-04 Memory corruption via QueryInterface on Location, Navigator objects
MFSA 2006-02 Changing postion:relative to static corrupts memory
MFSA 2006-01 JavaScript garbage-collection hazards
For a detailed ChangeLog, see:
http://weblogs.mozillazine.org/rumblingedge/archives/2006/02/1-5-0-2.html
|
|
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
|
