| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security fix for sendmail
Revisions pulled up:
- pkgsrc/mail/sendmail/Makefile 1.84
- pkgsrc/mail/sendmail/Makefile.common 1.32
- pkgsrc/mail/sendmail/distinfo 1.27
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Mar 22 19:56:37 UTC 2006
Modified Files:
pkgsrc/mail/sendmail: Makefile Makefile.common distinfo
Log Message:
Update sendmail to address the current security issue
Bump to nb2
This will change the internal version of sendmail to 8.13.5.20060308
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
|
|
security fix for sendmail812
Revisions pulled up:
- pkgsrc/mail/sendmail812/Makefile 1.8
- pkgsrc/mail/sendmail812/Makefile.common 1.10
- pkgsrc/mail/sendmail812/distinfo 1.4
Module Name: pkgsrc
Committed By: tv
Date: Wed Mar 22 21:19:06 UTC 2006
Modified Files:
pkgsrc/mail/sendmail812: Makefile Makefile.common distinfo
Log Message:
Update sendmail (with vendor patch) to address the current security issue:
http://www.kb.cert.org/vuls/id/834865
Bump to nb2.
This will change the internal version of sendmail to 8.12.11.20060308.
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
|
|
security update for squirrelmail
Revisions pulled up:
- pkgsrc/mail/squirrelmail/Makefile 1.65, 1.66, 1.68, 1.69
- pkgsrc/mail/squirrelmail/PLIST 1.17
- pkgsrc/mail/squirrelmail/buildlink3.mk 1.6, 1.7
- pkgsrc/mail/squirrelmail/distinfo 1.30
- pkgsrc/mail/squirrelmail/patches/patch-ab removed
- pkgsrc/mail/squirrelmail/patches/patch-ac removed
- pkgsrc/mail/squirrelmail/patches/patch-ad removed
- pkgsrc/mail/squirrelmail/patches/patch-ae removed
- pkgsrc/mail/squirrelmail/patches/patch-af removed
- pkgsrc/mail/squirrelmail/patches/patch-ag removed
- pkgsrc/mail/squirrelmail/patches/patch-ah removed
- pkgsrc/mail/squirrelmail/plugin.mk 1.3
- pkgsrc/mail/squirrelmail-decode/Makefile 1.3
- pkgsrc/mail/squirrelmail-locales/Makefile 1.11, 1.12, 1.13, 1.14
- pkgsrc/mail/squirrelmail-locales/PLIST 1.5, 1.6, 1.7
- pkgsrc/mail/squirrelmail-locales/distinfo 1.4
- pkgsrc/mail/ja-squirrelmail/Makefile 1.23, 1.24, 1.26
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jan 20 23:56:59 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile
Log Message:
Use SUBST framework. Replace some "find foo | xargs bar" with
"find foo -exec bar {} \;" while here, the former is faster, but can't
cope with all quoting issues and is also more likely to hit argument
length limits. CONFLICT to ja-squirrelmail.
---
Module Name: pkgsrc
Committed By: joerg
Date: Fri Jan 20 23:57:26 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
Log Message:
Use SUBST. Use find foo -exec bar {} \; instead of find foo | xargs bar.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 3 10:26:17 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile
Log Message:
s/SMDIRDIR/SMDIR/ and bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 3 10:26:44 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
Log Message:
s/SMDIRDIR/SMDIR/ and bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: martti
Date: Fri Feb 17 07:04:25 UTC 2006
Modified Files:
pkgsrc/mail/ja-squirrelmail: Makefile
pkgsrc/mail/squirrelmail: Makefile buildlink3.mk plugin.mk
pkgsrc/mail/squirrelmail-locales: Makefile
Log Message:
Fixed warnings found by pkglint -Wall.
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Feb 27 07:12:14 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail: Makefile PLIST buildlink3.mk distinfo
Removed Files:
pkgsrc/mail/squirrelmail/patches: patch-ab patch-ac patch-ad patch-ae
patch-af patch-ag patch-ah
Log Message:
Updated squirrelmail to 1.4.6
This release is very important, and we strongly advise everybody to
update to the latest release.
Security Update
===============
This version contains a number of security updates that were brought
to our attention via a number of sources.
- In webmail.php, the right_frame parameter was not properly sanitized
to deal with very lenient browsers, which allowed for cross site
scripting or frame replacing. [CVE-2006-0188]
- In the MagicHTML function, some very obscure constructs were
discovered to be exploitable: 'u\rl' was interpreted as 'url' (privacy
concern), and comments could be inside keywords (allows for cross site
scripting). Both only affect Internet Explorer users. Found by Martijn
Brinkers and Scott Hughes. [CVE-2006-0195]
- The function sqimap_mailbox_select did not strip newlines from the
mailbox parameter, and thereby allowed for IMAP command injection.
Found by Vicente Aguilera. [CVE-2006-0377]
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Feb 27 07:13:00 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST distinfo
Log Message:
Updated squirrelmail-locales to 1.4.6
* sync with squirrelmail 1.4.6
---
Module Name: pkgsrc
Committed By: cube
Date: Wed Mar 1 06:39:52 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST
Log Message:
Fix PLIST.
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Mar 2 07:41:44 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-decode: Makefile
Log Message:
Fix pkglint -Wall warnings.
---
Module Name: pkgsrc
Committed By: salo
Date: Wed Mar 15 11:48:29 UTC 2006
Modified Files:
pkgsrc/mail/squirrelmail-locales: Makefile PLIST
Log Message:
Fix PLIST. (hi cube and martti!)
|
|
security fix for exim3
Revisions pulled up:
- pkgsrc/mail/exim3/Makefile 1.31
- pkgsrc/mail/exim3/distinfo 1.9
- pkgsrc/mail/exim3/patches/patch-ao 1.1
- pkgsrc/mail/exim3/patches/patch-ap 1.1
Module Name: pkgsrc
Committed By: joerg
Date: Mon Mar 6 22:49:16 UTC 2006
Modified Files:
pkgsrc/mail/exim3: Makefile distinfo
Added Files:
pkgsrc/mail/exim3/patches: patch-ao patch-ap
Log Message:
Fix parsing of IPv6 address possibly result in privilege escalation.
|
|
security fix for exim3
Revisions pulled up:
- pkgsrc/mail/exim3/Makefile 1.30
- pkgsrc/mail/exim3/distinfo 1.8
- pkgsrc/mail/exim3/patches/patch-ai 1.1
- pkgsrc/mail/exim3/patches/patch-aj 1.1
- pkgsrc/mail/exim3/patches/patch-ak 1.1
- pkgsrc/mail/exim3/patches/patch-al 1.1
- pkgsrc/mail/exim3/patches/patch-am 1.1
- pkgsrc/mail/exim3/patches/patch-an 1.1
Module Name: pkgsrc
Committed By: joerg
Date: Mon Feb 13 23:20:32 UTC 2006
Modified Files:
pkgsrc/mail/exim3: Makefile distinfo
Added Files:
pkgsrc/mail/exim3/patches: patch-ai patch-aj patch-ak patch-al
patch-am patch-an
Log Message:
Don't use shiped PCRE version, since it is very old and most likely
vulnerable. Bump revision.
|
|
security update for firefox and thunderbird
Updated via patch from the submitter, includes these changes:
Module Name: pkgsrc
Committed By: joerg
Date: Fri Dec 30 21:35:58 UTC 2005
Modified Files:
pkgsrc/mail/thunderbird/patches: patch-ab patch-ac patch-aq patch-ba
patch-bo patch-bs
Added Files:
pkgsrc/mail/thunderbird/patches: patch-ar patch-da patch-db patch-dc
patch-de patch-df patch-dg patch-dh patch-dj patch-dk patch-dl
patch-dm patch-do patch-ds patch-dt
Log Message:
Add DragonFly build support, partly based on the patches from
www/firefox.
---
Module Name: pkgsrc
Committed By: joerg
Date: Wed Jan 4 08:55:08 UTC 2006
Modified Files:
pkgsrc/mail/thunderbird: distinfo
Log Message:
Also commit distinfo. Reminded by wiz@.
---
Module Name: pkgsrc
Committed By: ghen
Date: Sun Feb 5 14:49:05 UTC 2006
Modified Files:
pkgsrc/mail/thunderbird: Makefile Makefile-thunderbird.common PLIST
distinfo
pkgsrc/mail/thunderbird-gtk1: Makefile PLIST
pkgsrc/mail/thunderbird/patches: patch-aa patch-ab patch-ac patch-af
patch-ag patch-ai patch-aj patch-al patch-ap patch-aq patch-aw
patch-ax patch-bb patch-bo patch-bq patch-br patch-db patch-de
patch-df
Removed Files:
pkgsrc/mail/thunderbird-gtk1: MESSAGE
pkgsrc/mail/thunderbird/patches: patch-bt patch-bw patch-cc patch-ce
patch-cf
Log Message:
Update to Thunderbird 1.5.
What's new:
* Automated update to streamline product upgrades. Notification of an
update is more prominent, and updates to Thunderbird may now be half
a megabyte or smaller. Updating extensions has also improved.
* Sort address autocomplete results by how often you send e-mail
to each recipient.
* Spell check as you type.
* Saved Search Folders can now search across multiple accounts.
* Built in phishing detector to help protect users against email scams.
* Podcasting and other RSS Improvements.
* Deleting attachments from messages.
* Integration with server side spam filtering.
* Reply and forward actions for message filters.
* Kerberos Authentication.
* Auto save as draft for mail composition.
* Message aging.
* Filters for Global Inbox.
* Improvements to product usability including redesigned options
interface, and SMTP server management.
* Many security enhancements.
For a more detailed list of changes, see
http://weblogs.mozillazine.org/rumblingedge/archives/2006/01/1-5.html
Ok with wiz.
---
Module Name: pkgsrc
Committed By: ghen
Date: Sun Feb 5 14:43:59 UTC 2006
Modified Files:
pkgsrc/www/mozilla: Makefile.common
Log Message:
Set CATEGORIES ?=www (instead of =) such that thunderbird (and later
sunbird) can override it. Ok for wiz.
---
odule Name: pkgsrc
Committed By: ghen
Date: Sun Feb 5 14:46:31 UTC 2006
Modified Files:
pkgsrc/www/firefox: Makefile Makefile-firefox.common PLIST distinfo
pkgsrc/www/firefox-gtk1: Makefile PLIST
Added Files:
pkgsrc/www/firefox/patches: patch-dw patch-dx
Removed Files:
pkgsrc/www/firefox/patches: patch-bugzilla-319004
Log Message:
Update to Firefox 1.5.0.1, a bug fix release for Firefox 1.5.
What's new:
* Improved stability.
* Improved support for Mac OS X.
* International Domain Name support for Iceland (.is) is now enabled.
* Fixes for several memory leaks.
* Several security enhancements.
For a more detailed list changes, see
http://www.squarefree.com/burningedge/releases/1.5.0.1.html
Ok with wiz.
|
|
security fix for mail/p5-Mail-Audit
Revisions pulled up:
- pkgsrc/mail/p5-Mail-Audit/Makefile 1.17
- pkgsrc/mail/p5-Mail-Audit/distinfo 1.5
- pkgsrc/mail/p5-Mail-Audit/patches/patch-aa 1.1
- pkgsrc/mail/p5-Mail-Audit/patches/patch-ab 1.1
Module Name: pkgsrc
Committed By: salo
Date: Thu Feb 2 12:08:14 UTC 2006
Modified Files:
pkgsrc/mail/p5-Mail-Audit: Makefile distinfo
Added Files:
pkgsrc/mail/p5-Mail-Audit/patches: patch-aa patch-ab
Log Message:
Security fix for SA18652 / CVE-2005-4536:
"Mail::Audit module logs to a temporary file with a predictable filename
in an insecure fashion when logging is turned on."
Patch from Debian.
|
|
security update for pine (and update of pico)
Revisions pulled up:
- pkgsrc/editors/pico/Makefile 1.66
- pkgsrc/editors/pico/buildlink3.mk 1.8
- pkgsrc/editors/pico/distinfo 1.23
- pkgsrc/editors/pico/patches/patch-aa 1.16
- pkgsrc/editors/pico/patches/patch-ab removed
- pkgsrc/editors/pico/patches/patch-ac 1.11
- pkgsrc/editors/pico/patches/patch-ae 1.9
- pkgsrc/editors/pico/patches/patch-af 1.6
- pkgsrc/editors/pico/patches/patch-ag 1.4
- pkgsrc/editors/pico/patches/patch-ah 1.4
- pkgsrc/mail/pine/Makefile 1.108
- pkgsrc/mail/pine/PLIST 1.7
- pkgsrc/mail/pine/distinfo 1.32
Module Name: pkgsrc
Committed By: adam
Date: Thu Jan 12 21:00:52 UTC 2006
Modified Files:
pkgsrc/editors/pico: Makefile buildlink3.mk distinfo
pkgsrc/editors/pico/patches: patch-aa patch-ac patch-ae patch-af
patch-ag patch-ah
Removed Files:
pkgsrc/editors/pico/patches: patch-ab
Log Message:
Synchronised with pine-4.64
---
Module Name: pkgsrc
Committed By: adam
Date: Thu Jan 12 21:02:54 UTC 2006
Modified Files:
pkgsrc/mail/pine: Makefile PLIST distinfo
Log Message:
Changes 4.64:
* Fixed buffer overflow vulnerability
* Several features added
|
|
security update for mailman
Revisions pulled up:
- pkgsrc/mail/mailman/Makefile 1.30
- pkgsrc/mail/mailman/PLIST 1.9
- pkgsrc/mail/mailman/distinfo 1.10
- pkgsrc/mail/mailman/patches/patch-ac removed
- pkgsrc/mail/mailman/patches/patch-ai 1.3
- pkgsrc/mail/mailman/patches/patch-aj 1.1
Module Name: pkgsrc
Committed By: bouyer
Date: Sat Jan 21 16:14:24 UTC 2006
Modified Files:
pkgsrc/mail/mailman: Makefile PLIST distinfo
Added Files:
pkgsrc/mail/mailman/patches: patch-ai patch-aj
Removed Files:
pkgsrc/mail/mailman/patches: patch-ac
Log Message:
Upgrade to 2.1.7nb1.
Local change (which is why we have PKGREVISION=1)
Fix http://secunia.com/advisories/18449/ (CVE-2005-4153) based on debian
patches.
Changes between 2.1.6 and 2.1.7:
Security
- The fix for CAN-2005-0202 has been enhanced to issue an appropriate
message instead of just quietly dropping ./ and ../ from URLs.
- A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has
been solved in Mailman 2.1.6, there may be more cases where
ToDigest.send_digests() can block regular delivery. We put the
send_digests() calling part in a try/except clause and leave a message
in the error log if something happened in send_digests(). Daily call of
cron/senddigests will provide more detail to the site administrator.
- List administrators can no longer change the user's option/subscription
globally. Site admin can change these only if
mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.
- <script> tags are HTML-escaped in the edithtml CGI script.
- Since the probe message for disabled users may reach unintended
recipients, the password is excluded from sendProbe() and probe.txt.
Note that the default value of VERP_PROBE has been set to `No' from
2.1.6., thus this change doesn't affect the default behavior.
New Features
- Always remove DomainKey (and similar) headers from messages sent to the
list. (1287546)
- List owners can control the content filter behavior when collapsing
multipart/alternative parts to its first subpart. This allows the
option of letting the HTML part pass through after other content
filtering is done.
Internationalization
- New language: Interlingua.
Bug fixes and other patches
- Defaults.py.in: SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is set to True for
safer operation.
- Fixed the bug where Scrubber.py munges quoted-printable by introducing
the 'X-Mailman-Scrubbed' header which marks that the payload is
scrubber-munged. The flag is referenced in ToDigest.py, ToArchive.py,
Decorate.py and Archiver. A similar problem in ToDigest.py where the
plain digest is generated is also fixed.
- Fixed Syslog.py to write quopri encoded messages when it fail to write
8-bit characters.
- Fixed MTA/Postfix.py to check aliases group permission in check_perms
and fixed mailman-install document on this matter (1378270).
- Fixed private.py to go to the original URL after authorization
(1080943).
- Fixed bounce log score messages to be more consistent.
- Fixed bin/remove_members to accept no arguments when both --fromall and
--file= options are specified.
- Changed cgi-bin and mail wrapper "group not found" error message to be
more descriptive of the actual problem.
- The list's ban_list now applies to address changes, admin mass
subscribes and invites, and to confirmations/approvals of address
changes, subscriptions and invitations.
- quoted-printable and base64 encoded parts are decoded before passing to
HTML_TO_PLAIN_TEXT_COMMAND (1367783).
- Approve: header is removed from posts, and treated the same as the
Approved: header. (1355707)
- Fixed the removal of the line following Approve[d]: line in body of
post. (1318883)
- The Approve[d]: <password> header is removed from all text/* parts in
addition the initial text/plain part. It must still be the first
non-blank line in the first text/plain part or it won't be found or
removed at all. (1181161)
- Posts are now logged in post log file with the true sender, not
listname-bounces. (1287921)
- Correctly initialize and remember the list's default_member_moderation
attribute in the web list creation page. (1263213)
- PEP263 charset is added to the config_list output. (1343100)
- Fixed header_filter_rules getting lost if accessed directly and
authentication was needed by login page. (1230865)
- Obscure email when the poster doesn't set full name in 'From:' header.
- Preambles and epilogues are taken into account when calculating message
sizes for holding purposes. (Mark Sapiro)
- Logging/Logger.py unicode transform option. (1235567)
- bin/update crashes with bogus files. (949117)
- Bugs and patches: 1212066/1301983 (Date header in create/remove notice)
|
|
SUBST fix for qmail-conf
Revisions pulled up:
- pkgsrc/mail/qmail-conf/Makefile 1.25
Module Name: pkgsrc
Committed By: joerg
Date: Sun Jan 8 18:38:26 UTC 2006
Modified Files:
pkgsrc/mail/qmail-conf: Makefile
Log Message:
djbdns's error.h needs the DJB cure as well.
|
|
security update for clamav
Revisions pulled up:
- pkgsrc/mail/clamav/Makefile 1.51
- pkgsrc/mail/clamav/distinfo 1.33
Module Name: pkgsrc
Committed By: xtraeme
Date: Tue Jan 10 19:00:00 UTC 2006
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
Log Message:
Update to 0.88:
A possible heap overflow in the UPX code has been fixed. General
improvements include better zip and mail processing, and support
for a self-protection mode.
The security of the UPX, FSG and Petite modules has been improved, too.
|
|
postfix packages bugfix update
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.175
- pkgsrc/mail/postfix/distinfo 1.95
- pkgsrc/mail/postfix/patches/patch-ai 1.15
- pkgsrc/mail/postfix-current/Makefile 1.55
- pkgsrc/mail/postfix-current/distinfo 1.20
- pkgsrc/mail/postfix-current/options.mk 1.12
Module Name: pkgsrc
Committed By: martti
Date: Tue Jan 10 06:38:15 UTC 2006
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
pkgsrc/mail/postfix/patches: patch-ai
Log Message:
Updated postfix to 2.2.8
Postfix 2.2.8 backs out a workaround for broken servers/firewalls
that created more problems than it solved.
- The Postfix 2.2.6 paranoia about malformed remote server replies
caused "multiple delivery" problems or "no delivery" problems with
broken servers/firewalls. Postfix still logs a warning but no longer
defers delivery.
---
Module Name: pkgsrc
Committed By: martti
Date: Tue Jan 10 06:39:00 UTC 2006
Modified Files:
pkgsrc/mail/postfix-current: Makefile distinfo options.mk
Log Message:
Updated postfix-current to 2.3-20060103
|
|
run-time directory handling fix for mail/{postfix,postfix-current}
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.173
- pkgsrc/mail/postfix-current/Makefile 1.53
Module Name: pkgsrc
Committed By: martti
Date: Sat Dec 31 15:16:18 UTC 2005
Modified Files:
pkgsrc/mail/postfix: Makefile
pkgsrc/mail/postfix-current: Makefile
Log Message:
Add ${POSTFIX_QUEUE_DIR}/etc to OWN_DIRS. Suggested by Jeremy C. Reed.
|
|
improve rc script usability of mail/postfix and mail/postfix-current
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.172
- pkgsrc/mail/postfix-current/Makefile 1.52
- pkgsrc/mail/postfix-current/files/postfix.sh 1.4
- pkgsrc/mail/postfix/files/postfix.sh 1.5
Module Name: pkgsrc
Committed By: martti
Date: Fri Dec 30 06:29:41 UTC 2005
Modified Files:
pkgsrc/mail/postfix: Makefile
pkgsrc/mail/postfix-current: Makefile
pkgsrc/mail/postfix-current/files: postfix.sh
pkgsrc/mail/postfix/files: postfix.sh
Log Message:
Make sure ${spooletcdir} exists. Bump PKGREVISION as this affects
the binary package.
|
|
3.0. If one of these is important to you, please fix it in time
for pkgsrc-2006Q1, or it may be removed.
|
|
server does not report the TOP capability, which is optional and is
not used by Mutt. This patch squelches the error and allows mutt to
fetch mail from pop3s servers lacking TOP.
|
|
compiling in order to fix an infinite loop error on Solaris.
Bump the PKGREVISION to 2.
|
|
|
|
accepted bdb
|
|
|
|
|
|
|
|
|
|
Change homepage to http://fetchmail.berlios.de/ and update MASTER_SITES.
Changes introduced since 6.2.5:
fetchmail-6.2.5.X is a security fix branch that forked off
fetchmail-6.2.5. It does not change for anything but security and the
most severe bug fixes. Note that no 6.2.5.X security audits are planned
except when a particular bug is reported, and that 6.2.5.X is unsafe to
use on some systems, particularly those that lack a *working and secure*
snprintf implementation.
The fetchmail 6.2.5.X branch will be discontinued early in 2006.
fetchmail-6.2.5.5 2005-12-19 Matthias Andree
* SECURITY FIX CVE-2005-4348: fix null pointer dereference in
multidrop mode when the message is empty. Reported by Daniel Drake
<http://article.gmane.org/gmane.mail.fetchmail.user/7573> and others
(Debian Bug #343836). Fix by Sunil Shetye.
* Fix Debian bug #301964, fetchmail leaks sockets when SSL negotiation
fails. Fix suggested by Goswin Brederlow.
* Add fetchmail-SA-2005-{01,02,03}.txt
fetchmail-6.2.5.4 2005-11-13 Matthias Andree
* Also ship pre-built rcfile_y.[ch] for systems that don't have flex,
yacc or bison.
* On FreeBSD, add /usr/local/include to CPPFLAGS so that libintl.h is found.
* Avoid automatically picking up HESIOD implementations that lack
hesiod_getmailhost, such as the one in FreeBSD's base system.
* Fix makedepend for separated build (where the build is not run from
the source directory), but prevent packaging from separated build, it
yields bogus results.
* Fix resolv.h autodetection.
* Add +HESIOD to version printout if appropriate.
fetchmail-6.2.5.3 2005-11-12 Matthias Andree
* SECURITY FIX CVE-2005-3088: fetchmailconf: fix password exposure: use
umask 077 before opening output file and restore umask later.
* Critical fix: fix IMAP timeouts, counting message count down on
servers that do not send EXISTS counts after EXPUNGE. Debian Bug#314509.
* Ship pre-built rcfile_l.c for systems that don't have flex.
* Build environment: Update included gettext. Fix
--with-included-gettext. Fix parallel build (make -j). Fix "always
rebuild fetchmail" syndrome.
* Do not link against -ll or -lfl (not needed).
fetchmail-6.2.5.2
(patch Fri Jul 22 01:52 GMT 2005,
tarball Sat Jul 23 21:34 GMT 2005)
* README: Added a note about release status - READ IT!
* Note: Due to a Makefile.in bug, you may need to use GNU make.
* SECURITY FIX CVE-2005-2335: truncate UIDL replies, lest malicious or
compromised POP3 servers overflow fetchmail's stack. Debian bug
#212762. This is a remote root exploit.
Thanks: Miloslav Trmac for pointing out the fix in 6.2.5.1 was buggy.
Thanks: Ludwig Nussel for a much simpler fix.
* Critical fix: omit blank between MAIL FROM: and <user@example.org>,
as this causes mail loss with some listeners.
* Fix: POP2 driver wouldn't properly check authentication failure.
* Sunil Shetye's fix to force fetchsizelimit to 1 for APOP and RPOP.
|
|
sys_nerr and sys_errlist on DragonFly and FreeBSD. Only define
it manually for platforms other than NetBSD, DragonFly, FreeBSD and
Interix.
|
|
pkgsrc work.
|
|
Changes 2.54:
a few minor enhancements and fixes.
Changes 2.53:
mostly work around bugs and deficiencies in third-party packages
commonly used with MIMEDefang.
|
|
o Updated automake admin dir to compile with latest SuSE
o Updated documentation slightly
o Status Window patch for multiple-monitors
o Added CRAM-MD5 and APOP login support for POP and IMAP
o Fixed advanced options like keepalive propogating from the setup
dialog to the code that actually uses it
|
|
to avoid problems with bulk builds with CHECK_FILES=yes. Suggested
by Johnny Lam on tech-pkg@ list.
|
|
|
|
- use post-patch instead of pre-configure
|
|
http://secunia.com/advisories/17511/ (denial of service).
|
|
"pkglint --autofix" change.
|
|
Fix a mismatch between prototype and implementation in favour
of matching the local return variable's type.
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
|
|
|
|
- Quiet pkglint; changing make macro in double quotation into :Q modifier.
Bump PKGREVISION.
|
|
- sync with pkgsrc/mail/squirrelmail
|
|
- avoid corrupted attachment downloads (pkg/32175).
|
|
- Add missing schema file to GCONF2_SCHEMA.
Bump PKGREVISION.
|
|
|
|
|
|
detected in bulk build.
|
|
|
|
it allows you to keep track of your feeds through email. You create
an OPML file listing your feeds and Newspipe will collect them,
convert them to e-mail messages and send them to your mailbox.
This means you can read, organize and archive news feeds using your
current mail client (or even webmail), without needing to use a
separate program. Newspipe can send you news items as plaintext or
HTML mail, both as single items or grouped in a digest.
|
|
|
|
PKGREVISION.
|
|
-fix harmless copy and paste error in IMAPRetrieverBase class.
Thanks: Henry Miller.
|
