| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
obsoleted by the security/courier-authlib package:
courier-auth, courier-authldap, courier-authmysql, courier-authpgsql
|
|
|
|
to build this package doesn't support it.
|
|
|
|
BUGFIX: Signature not written to some email, making them untrainable.
BUGFIX: DSPAM Segfaults if dspam_process() fails after loading a signature.
|
|
|
|
|
|
Please see the Changelogs in the src distributions for more details.
* When mail is sent using SMTP, 'Bcc:' fields are not passed to the
server anymore (Bugreport by Matthew Fischer.)
* When replying to a message part for which a 'pipe-type/subtype'
variable was set, quotes were inserted in the text sent to the pipe
instead of in the output received from it (since v. 11.14 or so).
* A message that is already marked as answered is not marked again if
it is replied to and the 'markanswered' variable is set.
* Nail no longer generates an error if renaming a message in a maildir
folder fails because both the old and the new link have the same name
(i.e. if the rename operation was superfluous).
* The new 'sendcharsets' variable was incorrectly named 'charsets' in
nail.rc in the last version. If nail 11.20 was the first version of
nail you ever installed, you should correct this by hand since the
file is not overwritten by 'make install'. (Bugreport by Matthew
Fischer.)
* Mozilla NSS error reports are more detailed now.
* For the 'touch', 'mbox', 'unread', and 'new' commands, a following 'next'
command will advance to the next message as if the current one had been
printed, as it has been the case with traditional mailx (Bugreport by
Michael Sipser).
* Files in maildir folders are now read in the order obtained from
readdir().
* When the variables 'sign' or 'Sign' are set to the empty string, they
are treated as if they had been unset for the '~a' or '~A' commands.
|
|
include:
* log login failures.
* Replace 'nodsn' control file with 'wbnodsn' account option. Replace
'nochangepass' control file with 'wbnochangepass' account option.
Replace 'nochangingfrom' control file with 'wbnochangingfrom' account
option. Replace usexsender with 'wbusexsender' and noimages with
'wbnoimages'.
* Fix off-by 1 in GPG key export.
|
|
include:
* Support for MySQL and LDAP lookups via courier-authlib.
* Honor maildir delivery quotas.
* Bug fixes in MIME handling.
* Plug memory leaks.
* Replace dotlock with lockmail, which supports more types of locking.
|
|
include minor bugfixes, and fixing a major typo where the maildiracl
and maildirkw utilities were actually just copies of the maildirmake
utility.
|
|
3.0.5 include:
* Implemented IMAP and POP3 proxy aggregator. With a proxy
aggregator, the mail accounts are split between multiple,
independent servers, with an IMAP/POP3 server running on each
individual server. A separate, proxy server sits in front and
accepts ordinary IMAP and POP3 connections. It reads the login
ID, determines which server the account is located on, connects
to the server, and logs in. Then, for the lifetime on the login
session the front-end server takes itself out of the loop, and
forwards all session traffic between the IMAP/POP3 client, and
the back-end server.
* Use courier-authlib for user authentication.
* IPv6 support.
* Minor bug fixes.
Please note when updating that the locations of the userdb files has
changed to be within the courier-authlib config directory, e.g.
/usr/pkg/etc/authlib/userdb*.
|
|
|
|
|
|
BDB_DEFAULT points to.
|
|
|
|
can be disabled if desired.
use PKG_OPTIONS.clamav as the PKG_OPTIONS_VAR, since we want to
inherit any options set for clamav.
no PKGREVISION bump as defaults unchanged.
|
|
months-ago request.
|
|
Sympa's CVS repository via Sympa's homepage.
Bump PKGREVISION to 2.
|
|
subst.mk instead.
|
|
changes since 0.12:
0.13 Fri Oct 22 06:44:19 PM 2004
- Updated example code to use the new CL_SCAN_*
constants.
- Added CL_SCAN_STDOPT to exports.
- Added backwards compatible constants.
|
|
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202
|
|
|
|
changes since 0.82 (summarized):
* clamd: change default value of StreamMaxPort to 2048
* freshclam: add support for Foreground (requested by Jeremy Kitchen
<kitchen*scriptkitchen.com>)
* clamav-milter: Added --whistlist-file and --sendmail-cf options
When in SESSION mode, not all sessions would send END
other changes are documentation and misc. bug fixes.
|
|
Changes:
o Message address fields are now parsed differently, fixing some
issues with spaces. Affects only clients which use FETCH ENVELOPE
command.
o Message MIME parser was somewhat broken with missing MIME boundaries
o mbox: Don't allow X-UID headers in mails to override the UIDs we
would otherwise set. Too large values can break some clients and
cause other trouble.
o passwd-file userdb wasn't working
o PAM crashed with 64bit systems
o non-SSL inetd startup wasn't working
o If UID FETCH notices and skips an expunged message, don't return
a NO reply. It's not needed and only makes clients give error
messages.
|
|
changed after perl5-configure had been run and the Makefile created.
For some people, this resulted in a message
Makefile out-of-date with respect to Makefile.PL
at the build stage.
Omitting the first substitution (sa1) and the corresponding part of
patch-ab solved this. This patch had been unnecessary for some time
anyway.
This should resolve pkg/29255.
|
|
PKG_OPTION_VAR -> PKG_OPTIONS_VAR
|
|
|
|
changes since 0.80 (summarized to include only the significant
changes. other changes are documentation updates and misc. bug fixes.
see the full ChangeLog for details).
Sat Feb 5 16:48:46 CET 2005 (tk)
---------------------------------
* libclamav: activate RIFF code (patch by Trog)
Sat Feb 5 16:17:41 CET 2005 (tk)
---------------------------------
* libclamav/scanners.c: do not report Suspected.Zip on standard breaking zip
archives created by ICEOWS (problem reported by
Hamacker <sirhamacker*vidy.com.br> and Dirk Mueller
<mueller*kde.org>)
Sat Feb 5 09:39:48 GMT 2005 (trog)
-----------------------------------
* libclamav/special.c: support for big-endian system in RIFF code.
Fri Feb 4 10:02:08 GMT 2005 (trog)
-----------------------------------
* libclamav/special.c: check RIFF files for MS05-002. Not yet activated.
Thu Feb 3 21:09:34 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Speed improvements in the handling of bounce messages
Wed Feb 2 08:32:46 GMT 2005 (njh)
----------------------------------
* clamav-milter: Call watchdog when neither SESSION nor --external is
given
Tue Feb 1 14:47:21 GMT 2005 (njh)
----------------------------------
* libclamav/blob.c: Sanitise tab characters in filenames ("Heinz Martin"
<Martin*hemag.ch>)
Decode encapsulated messages that have for some reason
been base64 encoded (even though they're already
7 bit)
Tue Feb 1 08:54:46 GMT 2005 (njh)
----------------------------------
* clamav-milter: Delete X-Virus-Status in clamfi_eom not in
clamfi_header. Patch by Jef Poskanzer
<jef*acme.com>
X-Virus-Status now says that virus that it's infected
with. Suggestion by "Hank Beatty"
<hbeatty*starband.net>
Mon Jan 31 11:05:20 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Empty lines should the end of the headers,
but some base64 decoders, e.g. uudeview, are
broken and will handle this type of entry,
decoding the base64 content that's after the
text that's after the header
Sun Jan 30 15:18:02 GMT 2005 (njh)
----------------------------------
* clamav-milter: SESSION is on now by default, to test clamd
PACKADDR is now uses unsinged to remove warning on
Sun's C compiler, patch by
"Dugal James P." <jpd*louisiana.edu>
Don't check compatibility with sendmail.cf if sendmail
is running on a different machine
Fri Jan 28 08:51:08 GMT 2005 (njh)
----------------------------------
* clamav-milter: Some error messages still talked about --internal
Scanmail not set warning is now only given if
DisableDefaultScanOptions is set
Thu Jan 27 14:11:13 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Scan sendmail queue df* files
Thu Jan 27 10:55:35 GMT 2005 (njh)
----------------------------------
* clamav-milter: Don't scan emails intended for the --quarantine address,
that stops scanning of emails generated with
viruses if --outgoing has been set
Downgraded scanmail not defined if --external isn't
given from error to warning
Added -i flag when calling sendmail, suggested by
Michal Jaegermann <michal*harddata.com>
Thu Jan 27 01:35:35 CET 2005 (tk)
---------------------------------
* freshclam/manager.c: add support for HTTP/1.0 ansers in IMS (--no-dns) mode
(patch by Sven Strickroth <sstrickroth*gym-oha.de>)
Wed Jan 26 19:27:57 CET 2005 (tk)
---------------------------------
V 0.81
Tue Jan 25 08:12:51 GMT 2005 (njh)
----------------------------------
* clamav-milter: Internal mode is now the default. Removed --internal
option, added --external.
Don't use clamd's SESSION mode, since that causes
problems with clamd/freshclam when freshclam
is run. SESSION mode can be enabled from
the source code. Most people can use SESSION
mode safely, but it has caused problems on BSD
Mon Jan 24 13:56:19 GMT 2005 (njh)
----------------------------------
* libclamav/message.c: Some Exploit.IE.CrashSOS were not being caught,
found by Carsten.Borchardt*drs-systemberatung.de
Sat Jan 22 13:45:42 GMT 2005 (njh)
----------------------------------
* clamav-milter: If forwarding to a quarantine user fails log as LOG_ERR
not LOG_DEBUG
Try to santity check that the input socket name is the
same as the same given to sendmail
Redirect stdout and stderr to LogFile, if that is set
--quarantine didn't redirect to the given email address
if --internal was used (reported by N Fung
<nsfung*yahoo.com>)
Sun Jan 16 06:28:59 CET 2005 (tk)
---------------------------------
* libclamav/pe.c: attempt to detect W32.Parite.B using cryptanalysis (thanks
to aCaB for info on detection)
Fri Jan 14 16:12:21 GMT 2005 (trog)
-----------------------------------
* libclamav/filetypes.c: add a few more HTML filetype markers
Fri Jan 14 14:53:59 GMT 2005 (trog)
-----------------------------------
* libclamav/htmlnorm.c: RFC2397 ("data" URL scheme) support.
* libclamav/scanner.c: scan RFC2397 data.
Wed Jan 12 08:58:29 GMT 2005 (njh)
----------------------------------
* clamav-milter: Fixed DNS resolution error messages which could print
the incorrect hostname that is not being resolved. Patch from
Yar Tikhiy <yar*comp.chem.msu.su>
Tue Jan 11 02:27:24 CET 2005 (tk)
---------------------------------
* libclamav/scanners.c: Fix possible crash when handling file information in
corrupted zip archives (problem reported by
Reinhard Max <max*suse.de>)
Sun Jan 9 21:24:58 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Some HTML.Phishing.Bank-41 were getting through
Sun Jan 9 11:38:39 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Add support for messages that break RFC2047
Sat Jan 8 02:53:20 CET 2005 (tk)
---------------------------------
* libclamav/filetypes.c: Add support for mail files parsed by CMU Sieve
(samples provided by Stefan Kaltenbrunner
<stefan*kaltenbrunner.cc>)
Wed Jan 5 21:09:14 GMT 2005 (njh)
----------------------------------
* libclamav/message.c: Fix crash caused when looking for non-existant
uuencoded files. This happens when the stated encoding
method is wrong so we have to try all methods and
including those which will fail
Mon Dec 27 05:01:54 CET 2004 (tk)
---------------------------------
* freshclam/manager.c: use If-Modified-Since in --no-dns mode (based on code
by Reini Urban <rurban*x-ray.at>)
Mon Dec 27 01:09:20 CET 2004 (tk)
---------------------------------
* libclamav/scanners.c: Add missing ArchiveBlockMax rule for recursion limit
(reported by HR <haavard*zyf.no-ip.org>)
Sun Dec 19 17:01:56 GMT 2004 (njh)
----------------------------------
* clamav-milter: Correctly warn that --max_childen must be given in SESSION
mode if LocalSocket is used and MaxThreads isn't given in
clamd.conf. max_children is needed to know how many sessions
to initiate to clamd(s)
Tue Dec 14 11:36:43 GMT 2004 (trog)
-----------------------------------
* libclamav/vba_extract.c:
- Add signature for MacOffice 2004
- Guess endianness of unknown versions of MS Office.
Tue Dec 14 11:15:22 GMT 2004 (trog)
-----------------------------------
* sigtool/options.c sigtool/sigtool.c: New options: --vba and --vba-hex
* sigtool/vba.c sigtool/vba.h: New files. Code to extract VBA/Word6 macros
Tue Dec 7 23:40:30 CET 2004 (tk)
---------------------------------
* configure: added --disable-zlib-vcheck (allows building on potentially
buggy zlib versions (1.2.0 & 1.2.1))
Tue Dec 7 19:25:06 GMT 2004 (njh)
----------------------------------
* clamav-milter: Ensure that the daily quarantine directory is created
Tue Dec 7 02:48:08 CET 2004 (tk)
---------------------------------
* clamd: added support for file descriptor passing (patch by Richard Lyons
<frob-clamav*webcentral.com.au>)
Mon Dec 6 22:33:26 GMT 2004 (njh)
----------------------------------
* clamav-milter: Ensure the date is kept in the quarantine path
Wed Dec 1 22:29:33 GMT 2004 (njh)
----------------------------------
* clamav-milter: Added --internal flag (some functionality to do)
SESSIONS: Don't hang when StreamMaxLength is hit
Wed Dec 1 13:14:33 GMT 2004 (njh)
----------------------------------
* libclamav/mbox.c: Decode text/plain parts marked as being encoded,
reported by Trog
Mon Nov 29 00:23:55 CET 2004 (tk)
---------------------------------
* clamdscan: add support for --move and --remove options
Sun Nov 28 16:30:18 GMT 2004 (njh)
----------------------------------
* libclamav/message.c: Allow lower case hex in quoted-printable
messages
Sat Nov 27 14:40:55 GMT 2004 (njh)
----------------------------------
* libclamav/mbox.c: Honour section 7.2.6 of RFC1521
Sat Nov 27 13:18:42 GMT 2004 (njh)
----------------------------------
* libclamav: Assume x-uue is the same as x-uuencode
If uudecoding fails and other possibilities have been
registered, don't take the failure as fatal, also try
the other decoding methods
Thu Nov 25 18:38:06 CET 2004 (tk)
---------------------------------
* clamd: new directives StreamMinPort and StreamMaxPort (allow port range
specification for stream mode). Patch by Alexander Marx
<mad-ml*madness.at>)
Thu Nov 18 20:28:13 CET 2004 (tk)
---------------------------------
* libclamav: add support for Mac's HQX file format (patch by Nigel)
Thu Nov 18 11:03:14 CET 2004 (tk)
---------------------------------
* libclamav: try to detect (and mark as Suspected.Zip) zip archives with
modified information in local header
Fri Nov 12 09:44:23 GMT 2004 (njh)
----------------------------------
* libclamav/mbox.c: Draft of RFC1341 support is now on by default.
Fragments arriving out of order are not scanned (yet).
If you use clamav-milter to load balance clamd across
servers you will need to ensure that the partial
directory is on a shared directory (e.g. NFS)
Mon Nov 8 15:24:18 CET 2004 (tk)
---------------------------------
* clamd: new directive ExitOnOOM (stop deamon when libclamav reports out of
memory condition)
Wed Nov 3 12:47:41 GMT 2004 (njh)
----------------------------------
* libclamav/clamav-milter: Save the original subject as X-Original-Subject
when running in advisory or qurantine mode
SESSION mode: warn when no clamd can be reached
Wed Oct 27 13:36:14 BST 2004 (njh)
----------------------------------
* clamav-milter: Remove X-VIRUS-STATUS on incoming messages
Plug remote possibility of file descriptor leak
Return EX_OSERR if fork fails, not EX_TEMPFAIL
If clamav-milter points to more than one server, ensure
that the version information for that server is
added to the header
Update version information in the watchdog. There may
therefore be a delay between the server updating
and this being reflected in the headers
|
|
PR pkg/28606. bump PKGREVISION.
while here, silence the pre-configure and post-build targets.
|
|
Need smmsp=NO. Must stop smmsp and sendmail before editing rc.conf!
XXX: The version I built used /etc/aliases, not /usr/pkg/etc/exim/aliases
which is what this file output - but I wasn't installing the current version.
|
|
|
|
- Fix smrsh man page patch
- Tidy up MESSAGE
- Replace 8.13.1 errata with 8.13.3 errata
- Remove rename of file outside ${PREFIX} on db2 installs
> 8.13.3/8.13.3 2005/01/11
> Enhance handling of I/O errors, especially EOF, when STARTTLS
> is active.
> Make sure a connection is not reused after it has been closed
> due to a 421 error. Problem found by Allan E Johannesen
> of Worcester Polytechnic Institute.
> Avoid triggering an assertion when sendmail is interrupted while
> closing a connection. Problem found by Allan E Johannesen
> of Worcester Polytechnic Institute.
> Regression: a change in 8.13.2 caused sendmail not to try the
> next MX host (or FallbackMXhost if configured) when, at
> connection open, the current server returns a 4xy or 5xy
> SMTP reply code. Problem noted by Mark Tranchant.
>
> 8.13.2/8.13.2 2004/12/15
> Do not split the first header even if it exceeds the internal
> buffer size. Previously a part of such a header would
> end up in the body of the message. Problem noted by
> Simple Nomad of BindView.
> Do not complain about "cataddr: string too long" when checking
> headers that do not contain RFC 2822 addresses.
> Problem noted by Rich Graves of Brandeis University.
> If a server returns a 421 reply to the RSET command between
> message deliveries, do not attempt to deliver any more
> messages on that connection. This prevents bogus "Bad
> file number" recipient status. Problem noted by
> Allan E Johannesen of Worcester Polytechnic Institute.
> Allow trailing white space in EHLO command as recommended by RFC
> 2821. Problem noted by Ralph Santagato of SBC Services.
> Deal with clients which use AUTH but negotiate a smaller buffer size
> for data exchanges than the value used by sendmail, e.g.,
> Cyrus IMAP lmtp server. Based on patch by Jamie Clark.
> When passing ESMTP arguments for RCPT to a milter, do not cut
> them off at a comma. Problem noted by Krzysztof Oledzki.
> Add more logging to milter change header functions to
> complement existing logging. Based on patch from
> Gurusamy Sarathy of Active State.
> Include <lber.h> in include/sm/config.h when LDAPMAP is defined.
> Patch from Edgar Hoch of the University of Stuttgart.
> Fix DNS lookup if IPv6 is enabled when converting an IP address
> to a hostname for use with SASL. Problem noted by Ken Jones;
> patch from Hajimu UMEMOTO.
> CONFIG: For consistency enable MODIFY_MAILER_FLAGS for the prog
> mailer. Patch from John Beck of Sun Microsystems.
> LIBMILTER: It was possible that xxfi_abort() was called after
> xxfi_eom() for a message if some timeouts were triggered.
> Patch from Alexey Kravchuk.
> LIBMILTER: Slightly rearrange mutex use in listener.c to allow
> different threads to call smfi_opensocket() and smfi_main().
> Patch from Jordan Ritter of Cloudmark.
> MAIL.LOCAL: Properly terminate MBDB before exiting. Problem
> noted by Nelson Fung.
> MAIL.LOCAL: make strip-mail.local used a wrong path to access
> mail.local. Problem noted by William Park.
> VACATION: Properly terminate MBDB before exiting. Problem noted
> by Nelson Fung.
> Portability:
> Add support for DragonFly BSD.
> New Files:
> cf/ostype/dragonfly.m4
> devtools/OS/DragonFly
> include/sm/os/sm_os_dragonfly.h
> Deleted Files:
> libsm/vsscanf.c
|
|
|
|
|
|
|
|
and also they don't include version information in file name.
This is not an update.
|
|
* New IPv6 patch
|
|
-Replaced the generic "ezmlm response" subject with unique subjects.
-Fixed failure to build/link ezmlm-mktab in the Makefile.
-Fixed a typo in the ezmlm-manage man page. Thanks Charles Cazabon.
-Updated the pt_BR language texts. Thanks Glen Stewart.
-Fixed broken invocation of ezmlm-confirm in ezmlmrc. Thanks SATOH
Fumiyasu.
-Fixed ezmlmrc template problem with moderated lists.
-Fixed a deadlock between ezmlm-confirm and ezmlm-store.
|
|
When displaying 'rows of -', stop at 77 rather than 79 to avoid pine
wrapping the lines.
|
|
within NetBSD-current's bsd.own.mk, which conflicts with its usage in
pkgsrc. The package that use USE_PAM have been converted to use the
bsd.options.mk framework. This should fix PR pkg/29257.
|
|
-previously, if an SSL POP3 or IMAP server abruptly closed the connection
before getmail could finish logging in, getmail would exit instead of
proceeding to the next configured mail account. Fixed. Thanks: Matthias
Andree, Frank Benkstein, Thomas Schwinge.
-eliminate duplicate Return-Path: header fields. Thanks: Angles Puglisi.
|
|
according to the maintainer website.
Changes since 1.2.0:
1.3.1
=====
- it is now possible to run an arbitrary command on a selected
attachment
- made elmo less conservative about the format of the message
- updated translations
- several bugfixes
1.3.0
=====
- rewritten networking
- full-asynchronous, working POP3 support, you don't have to bother
whether the message has been already fetched or not any more
- elmo checks your POP3 accounts and plays sound, when there is mail
waiting on one of them
|
|
Changes in 2.5 PL7
- a few display issues fixed (from Kenneth Reek)
- buffer overflow in frm fixed
Changes in 2.5 PL6
- Fixed message-id in the In-Reply-To header.
- Actually show the -r option in the usage
- Whacked a few more places where we might follow a symlink in tmpdir
- Fastmail didn't grok commas correctly.
- Change lock.c to not use errno unless there's an errno
|
|
- use "test -r" instead of "test -e"
- use ${INSTALL_*}
|
|
Changes since 1.2.3.1:
1.3.1:
Fixing dumb compiling bugs [BUG: #1108485]. GCC lets me write incorrect code!
Small modifications to tnef.spec.in as suggested by jmsl@users.sf.net
[BUG: #1102128]
Corrected type problems to improve portability to 64 bit systems and Mac.
1.3:
Adding feature to allow for saving of RTF data.
|
|
Changes since 1.0.0:
* Gpgme-1.0 has been supported (thanks to Toshio Kuratomi).
- A warning is displayed if a key for encryption is untrusted.
- The status of signature validity became more descriptive.
- Signatures inside nested multipart are now recognized.
* Messages are not retrieved multiple times anymore after POP3
session is aborted.
* Other bugfixes have been made.
Changes since 1.0.0rc:
* The first official release.
* The escaping of special characters in action commands has been
modified.
* The crash on deleting a remote account has been fixed.
Changes since 1.0.0beta4:
* The IMAP4 parser has been fixed for 64-bit platforms.
* Users are now asked to switch to online mode when sending in
offline.
* The line-joining problem of auto-wrapping has been fixed.
* Special characters are now properly escaped when executing action
commands.
* Some compiler warnings have been removed.
Changes since 1.0.0beta3:
* The Japanese manual has been updated.
* Some icons have been modified, and unused icons have been removed.
* The menu strings have been fixed.
* The workaround for invalid CR characters on POP3 has been made.
|
|
bump to pine-pgp-filters-1.1nb1
|
|
Changes in Exim version 4.44
1. Change 4.43/35 introduced a bug that caused file counts to be
incorrectly computed when quota_filecount was set in an appendfile
transport
2. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
place.
3. Give more explanation in the error message when the command for a transport
filter fails to execute.
4. There are several places where Exim runs a non-Exim command in a
subprocess. The SIGUSR1 signal should be disabled for these processes. This
was being done only for the command run by the queryprogram router. It is
now done for all such subprocesses. The other cases are: ${run, transport
filters, and the commands run by the lmtp and pipe transports.
5. Some older OS have a limit of 256 on the maximum number of file
descriptors. Exim was using setrlimit() to set 1000 as a large value
unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
systems. I've change it so that if it can't get 1000, it tries for 256.
6. "control=submission" was allowed, but had no effect, in a DATA ACL. This
was an oversight, and furthermore, ever since the addition of extra
controls (e.g. 4.43/32), the checks on when to allow different forms of
"control" were broken. There should now be diagnostics for all cases when a
control that does not make sense is encountered.
7. $recipients is now available in the predata ACL (oversight).
8. Tidy the search cache before the fork to do a delivery from a message
received from the command line. Otherwise the child will trigger a lookup
failure and thereby defer the delivery if it tries to use (for example) a
cached ldap connection that the parent has called unbind on.
9. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
of $address_data from the recipient verification was clobbered by the
sender verification.
10. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
was its contents. (It was OK if the option was not defined at all.)
11. A "Completed" log line is now written for messages that are removed from
the spool by the -Mrm option.
12. $host_address is now set to the target address during the checking of
ignore_target_hosts.
13. When checking ignore_target_hosts for an ipliteral router, no host name was
being passed; this would have caused $sender_host_name to have been used if
matching the list had actually called for a host name (not very likely,
since this list is usually IP addresses). A host name is now passed as
"[x.x.x.x]".
14. Changed the calls that set up the SIGCHLD handler in the daemon to use the
code that specifies a non-restarting handler (typically sigaction() in
modern systems) in an attempt to fix a rare and obscure crash bug.
15. Narrowed the window for a race in the daemon that could cause it to ignore
SIGCHLD signals. This is not a major problem, because they are used only to
wake it up if nothing else does.
16. A malformed maildirsize file could cause Exim to calculate negative values
for the mailbox size or file count. Odd effects could occur as a result.
The maildirsize information is now recalculated if the size or filecount
end up negative.
17. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this
support for a long time. Removed HAVE_SYS_VFS_H.
18. Updated exipick to current release from John Jetmore.
19. Allow an empty sender to be matched against a lookup in an address list.
Previously the only cases considered were a regular expression, or an
empty pattern.
20. Exim went into a mad DNS lookup loop when doing a callout where the
host was specified on the transport, if the DNS lookup yielded more than
one IP address.
21. The RFC2047 encoding function was originally intended for short strings
such as real names; it was not keeping to the 75-character limit for
encoded words that the RFC imposes. It now respects the limit, and
generates multiple encoded words if necessary. To be on the safe side, I
have increased the buffer size for the ${rfc2047: expansion operator from
1024 to 2048 bytes.
22. Failure to deliver a bounce message always caused it to be frozen, even if
there was an errors_to setting on the router. The errors_to setting is now
respected.
23. If an IPv6 address is given for -bh or -bhc, it is now converted to the
canonical form (fully expanded) before being placed in
$sender_host_address.
24. Updated eximstats to version 1.33
25. Include certificate and key file names in error message when GnuTLS fails
to set them up, because the GnuTLS error message doesn't include the name
of the failing file when there is a problem reading it.
26. Expand error message when OpenSSL has problems setting up cert/key files.
As per change 25.
27. Reset the locale to "C" after calling embedded Perl, in case it was changed
(this can affect the format of dates).
28. exim_tidydb, when checking for the continued existence of a message for
which it has found a message-specific retry record, was not finding
messages that were in split spool directories. Consequently, it was
deleting retry records that should have stayed in existence.
29. eximstats updated to version 1.35
1.34 - allow eximstats to parse syslog lines as well as mainlog lines
1.35 - bugfix such that pie charts by volume are generated correctly
30. The SPA authentication driver was not abandoning authentication and moving
on to the next authenticator when an expansion was forced to fail,
contradicting the general specification for all authenticators. Instead it
was generating a temporary error. It now behaves as specified.
31. The default ordering of permitted cipher suites for GnuTLS was pessimal
(the order specifies the preference for clients). The order is now AES256,
AES128, 3DES, ARCFOUR128.
31. Small patch to Sieve code - explicitly set From: when generating an
autoreply.
32. Exim crashed if a remote delivery caused a very long error message to be
recorded - for instance if somebody sent an entire SpamAssassin report back
as a large number of 550 error lines. This bug was coincidentally fixed by
increasing the size of one of Exim's internal buffers (big_buffer) that
happened as part of the Exiscan merge. However, to be on the safe side, I
have made the code more robust (and fixed the comments that describe what
is going on).
33. Some experimental protocols are using DNS PTR records for new purposes. The
keys for these records are domain names, not reversed IP addresses. The
dnsdb PTR lookup now tests whether its key is an IP address. If not, it
leaves it alone. Component reversal etc. now happens only for IP addresses.
CAN-2005-0021
34. The host_aton() function is supposed to be passed a string that is known
to be a valid IP address. However, in the case of IPv6 addresses, it was
not checking this. This is a hostage to fortune. Exim now panics and dies
if the condition is not met. A case was found where this could be provoked
from a dnsdb PTR lookup with an IPv6 address that had more than 8
components; fortuitously, this particular loophole had already been fixed
by change 4.50/55 or 4.44/33 above.
If there are any other similar loopholes, the new check in host_aton()
itself should stop them being exploited. The report I received stated that
data on the command line could provoke the exploit when Exim was running as
exim, but did not say which command line option was involved. All I could
find was the use of -be with a bad dnsdb PTR lookup, and in that case it is
running as the user.
CAN-2005-0021
35. There was a buffer overflow vulnerability in the SPA authentication code
(which came originally from the Samba project). I have added a test to the
spa_base64_to_bits() function which I hope fixes it.
CAN-2005-0022
36. The daemon start-up calls getloadavg() while still root for those OS that
need the first call to be done as root, but it missed one case: when
deliver_queue_load_max is set with deliver_drop_privilege. This is
necessary for the benefit of the queue runner, because there is no re-exec
when deliver_drop_privilege is set.
37. Caching of lookup data for "hosts =" ACL conditions, when a named host list
was in use, was not putting the data itself into the right store pool;
consequently, it could be overwritten for a subsequent message in the same
SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked
the caching.)
38. Sometimes the final signoff response after QUIT could fail to get
transmitted in the non-TLS case. Testing !tls_active instead of tls_active
< 0 before doing a fflush(). This bug looks as though it goes back to the
introduction of TLS in release 3.20, but "sometimes" must have been rare
because the tests only now provoked it.
|
