| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security fix for fetchmail
- pkgsrc/mail/fetchmail/Makefile 1.163
- pkgsrc/mail/fetchmail/distinfo 1.38
- pkgsrc/mail/fetchmail/patches/patch-aa 1.6
Module Name: pkgsrc
Committed By: tron
Date: Sun Sep 23 12:48:46 UTC 2007
Modified Files:
pkgsrc/mail/fetchmail: Makefile distinfo
Added Files:
pkgsrc/mail/fetchmail/patches: patch-aa
Log Message:
Add fix for security vulnerability reported in CVE-2007-4565.
Bump package revision.
|
|
security update for thunderbird15
Revisions pulled up:
- pkgsrc/mail/thunderbird15/Makefile-thunderbird.common 1.3
- pkgsrc/mail/thunderbird15/distinfo 1.3
- pkgsrc/mail/thunderbird15/PLIST 1.2
- pkgsrc/mail/thunderbird15-gtk1/PLIST 1.2
Module Name: pkgsrc
Committed By: ghen
Date: Fri Aug 24 14:53:32 UTC 2007
Modified Files:
pkgsrc/mail/thunderbird15: Makefile-thunderbird.common PLIST distinfo
pkgsrc/mail/thunderbird15-gtk1: PLIST
Log Message:
Update thunderbird15 and thunderbird15-gtk1 to 1.5.0.13.
Security fixes in this version:
MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
MFSA 2007-18 Crashes with evidence of memory corruption (rv:1.8.1.5)
For more info, see
http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.13.html
|
|
security update for thunderbird
Revisions pulled up:
- pkgsrc/mail/thunderbird/Makefile-thunderbird.common 1.27, 1.28
- pkgsrc/mail/thunderbird/PLIST 1.23
- pkgsrc/mail/thunderbird/distinfo 1.40, 1.41
- pkgsrc/mail/thunderbird-gtk1/PLIST 1.13
Module Name: pkgsrc
Committed By: ghen
Date: Thu Jul 26 12:29:37 UTC 2007
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common PLIST distinfo
pkgsrc/mail/thunderbird-gtk1: PLIST
Log Message:
Update thunderbrd and thunderbird-gtk1 to 2.0.0.5.
Security fixes in this version:
MFSA 2007-15 Security Vulnerability in APOP Authentication
MFSA 2007-12 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.5/releasenotes/
---
Module Name: pkgsrc
Committed By: ghen
Date: Thu Aug 2 08:48:30 UTC 2007
Modified Files:
pkgsrc/mail/thunderbird: Makefile-thunderbird.common distinfo
Log Message:
Update thunderbrd and thunderbird-gtk1 to 2.0.0.6.
Security fixes in this version:
MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.6/releasenotes/
|
|
latest update for clamav
- pkgsrc/mail/clamav/Makefile 1.77-1.79
- pkgsrc/mail/clamav/buildlink3.mk 1.14
- pkgsrc/mail/clamav/distinfo 1.45-1.47
- pkgsrc/mail/clamav/options.mk 1.3
- pkgsrc/mail/clamav/patches/patch-aa 1.16
- pkgsrc/mail/clamav/patches/patch-ah 1.10
Module Name: pkgsrc
Committed By: xtraeme
Date: Wed Jul 11 17:44:22 UTC 2007
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo options.mk
Log Message:
Update to 0.91:
ClamAV 0.91 is the first release to enable the anti-phishing technology
in default builds. This technology combines heuristics with special
signatures and provides effective protection against phishing threats.
Other important changes and add-ons in this version include:
- unpacker for NSIS (Nullsoft Scriptable Install System) self-extracting
archives
- unpacker for ASPack 2.12
- new implementation of the Aho-Corasick pattern matcher providing
better detection for wildcard enabled signatures
- support for nibble matching and floating offsets
- improved handling of .mdb files (fixes long startup times)
- extraction of PE files embedded into other executables
- better handling of PE & UPX
- removed dependency on libcurl (improves stability)
- libclamav.dll available under Windows
- IPv6 support in clamav-milter
- many other improvements and bugfixes
---
Module Name: pkgsrc
Committed By: martti
Date: Tue Jul 17 06:54:31 UTC 2007
Modified Files:
pkgsrc/mail/clamav: Makefile buildlink3.mk distinfo
pkgsrc/mail/clamav/patches: patch-ah
Log Message:
Updated mail/clamav to 0.91.1
- libclamav/others.c: bump f-level
- libclamav/unrar/unrarvm.c: fix another occurrence of bb#555, thanks to
Ludwig Nussel <ludwig.nussel*suse.de>
- sigtool/sigtool.c: increase MAX_DEL_LOOKAHEAD, requested by Sven
- libclamav/scanner.c: don't search for embedded PEs in zip files larger
than 1 MB (bb#573)
- clamav-milter: Fix memory leak when load balancing
- clamav-milter: Chroot handling no longer marked as experimental
- libclamav/nsis: fix macro collision on AIX - bb#570
- libclamav/phishcheck.c: fix (null) FOUND
- libclamav: rename x86 macroes due to collisions on HPUX
- libclamav: Fix warnings on HP-UX
---
Module Name: pkgsrc
Committed By: martti
Date: Wed Jul 18 06:57:59 UTC 2007
Modified Files:
pkgsrc/mail/clamav: Makefile distinfo
Added Files:
pkgsrc/mail/clamav/patches: patch-aa
Log Message:
Updated mail/clamav to 0.91.1nb1
Fix for https://wwws.clamav.net/bugzilla/show_bug.cgi?id=580
|
|
|
|
not being updated. If you need civilized access to a Hotmail account,
try freepops. This addresses PR 36569.
|
|
- fixed an ancestral wrong compilation flag for regexes, no more REG_NEWLINE
- supereva.lua: plugin updates
- libero.lua: fixed bug for attachments
- libero.lua: changed pattern matching
- hotmail.lua: update the logout url, try to handle an expired session better
- supereva.lua, tin.lua: fixed attachments in tin and supereva, added dada.net
- libero.lua: fixed mlex
- aol.lua: use the "classic" web interface
- added patch by Viruzzo to mimer and supereva.lua
pkgsrc changes:
* List a few popular supported services in DESCR to help address PR 36569.
|
|
(possible code injection by remote IMAP servers due to missing
validation of an integer value used as array index)
bump PKGREVISION
|
|
Prompted by report from Peter Avalos that exim 4.66 would not build
against openssl 0.9.8e
Changelog:
MH/01 Fix for bug #448, segfault in Dovecot authenticator when interface_address
is unset (happens when testing with -bh and -oMi isn't used). Thanks to
Jan Srzednicki.
PH/01 Added a new log selector smtp_no_mail, to log SMTP sessions that do not
issue a MAIL command.
PH/02 In an ACL statement such as
deny dnslists = X!=127.0.0.2 : X=127.0.0.2
if a client was not listed at all, or was listed with a value other than
127.0.0.2, in the X list, but was listed with 127.0.0.2 in the Y list,
the condition was not true (as it should be), so access was not denied.
The bug was that the ! inversion was incorrectly passed on to the second
item. This has been fixed.
PH/03 Added additional dnslists conditions == and =& which are different from
= and & when the dns lookup returns more than one IP address.
PH/04 Added gnutls_require_{kx,mac,protocols} to give more control over the
cipher suites used by GnuTLS. These options are ignored by OpenSSL.
PH/05 After discussion on the list, added a compile time option ENABLE_DISABLE_
FSYNC, which compiles an option called disable_fsync that allows for
bypassing fsync(). The documentation is heavily laced with warnings.
SC/01 Updated eximstats to collate all SpamAssassin rejects into one bucket.
PH/06 Some tidies to the infrastructure of the Test Suite that is concerned
with the auxiliary C programs that it uses: (1) Arrange for BIND_8_COMPAT
to be defined when compiling on OSX (Darwin); (2) Tidies to the Makefile,
including adding "make clean"; (3) Added -fPIC when compiling the test
dynamically loaded module, to get rid of a warning.
MH/02 Fix for bug #451, causing paniclog entries to be written if a bounce
message fails, move_frozen_messages = true and ignore_bounce_errors_after
= 0s. The bug is otherwise harmless.
PH/07 There was a bug in the dovecot authenticator such that the value of
$auth1 could be overwritten, and so not correctly preserved, after a
successful authentication. This usually meant that the value preserved by
the server_setid option was incorrect.
PH/08 Added $smtp_count_at_connection_start, deliberately with a long name.
PH/09 Installed PCRE release 7.0.
PH/10 The acl_not_smtp_start ACL was, contrary to the documentation, not being
run for batched SMTP input. It is now run at the start of every message
in the batch. While fixing this I discovered that the process information
(output by running exiwhat) was not always getting set for -bs and -bS
input. This is fixed, and it now also says "batched" for BSMTP.
PH/11 Added control=no_pipelining.
PH/12 Added $sending_ip_address and $sending_port (mostly Magnus Holmgren's
patch, slightly modified), and move the expansion of helo_data till after
the connection is made in the smtp transport (so it can use these
values).
PH/13 Added ${rfc2047d: to decoded RFC 2047 strings.
PH/14 Added log_selector = +pid.
PH/15 Flush SMTP output before delaying, unless control=no_delay_flush is set.
PH/16 Add ${if forany and ${if forall.
PH/17 Added dsn_from option to vary the From: line in DSNs.
PH/18 Flush SMTP output before performing a callout, unless control =
no_callout_flush is set.
PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender
was true (the default) a successful delivery failed to delete the retry
item, thus causing premature timeout of the address. The bug is now
fixed.
PH/20 Added hosts_avoid_pipelining to the smtp transport.
PH/21 Long custom messages for fakedefer and fakereject are now split up
into multiline reponses in the same way that messages for "deny" and
other ACL rejections are.
PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep,
with slight modification.
PH/23 Applied sieve patches from the maintainer "tracking the latest notify
draft, changing the syntax and factoring some duplicate code".
PH/24 When the log selector "outgoing_port" was set, the port was shown as -1
for deliveries of the second and subsequent messages over the same SMTP
connection.
PH/25 Applied Magnus Holmgren's patch for ${addresses, ${map, ${filter, and
${reduce, with only minor "tidies".
SC/02 Applied Daniel Tiefnig's patch to improve the '($parent) =' pattern match.
PH/26 Added a "continue" ACL modifier that does nothing, for the benefit of its
expansion side effects.
PH/27 When a message times out after an over-quota error from an Exim-imposed
quota, the bounce message says "mailbox is full". This message was not
being given when it was a system quota that was exceeded. It now should
be the same.
MH/03 Made $recipients available in local_scan(). local_scan() already has
better access to the recipient list through recipients_list[], but
$recipients can be useful in postmaster-provided expansion strings.
PH/28 The $smtp_command and $smtp_command_argument variables were not correct
in the case of a MAIL command with additional options following the
address, for example: MAIL FROM:<foo@bar> SIZE=1234. The option settings
were accidentally chopped off.
PH/29 SMTP synchronization checks are implemented when a command is read -
there is a check that no more input is waiting when there shouldn't be
any. However, for some commands, a delay in an ACL can mean that it is
some time before the response is written. In this time, more input might
arrive, invalidly. So now there are extra checks after an ACL has run for
HELO/EHLO and after the predata ACL, and likewise for MAIL and RCPT when
pipelining has not been advertised.
PH/30 MH's patch to allow iscntrl() characters to be list separators.
PH/31 Unlike :fail:, a custom message specified with :defer: was not being
returned in the SMTP response when smtp_return_error_details was false.
This has been fixed.
PH/32 Change the Dovecot authenticator to use read() and write() on the socket
instead of the C I/O that was originally supplied, because problems were
reported on Solaris.
PH/33 Compile failed with OpenSSL 0.9.8e. This was due to a coding error in
Exim which did not show up earlier: it was assuming that a call to
SSL_CTX_set_info_callback() might give an error value. In fact, there is
no error. In previous releases of OpenSSL, SSL_CTX_set_info_callback()
was a macro that became an assignment, so it seemed to work. This has
changed to a proper function call with a void return, hence the compile
error. Exim's code has been fixed.
PH/34 Change HDA_SIZE in oracle.c from 256 to 512. This is needed for 64-bit
cpus.
PH/35 Applied a patch from the Sieve maintainer which fixes a bug in "notify".
PH/36 Applied John Jetmore's patch to add -v functionality to exigrep.
PH/37 If a message is not accepted after it has had an id assigned (e.g.
because it turns out to be too big or there is a timeout) there is no
"Completed" line in the log. When some messages of this type were
selected by exigrep, they were listed as "not completed". Others were
picked up by some special patterns. I have improved the selection
criteria to be more general.
PH/38 The host_find_failed option in the manualroute router can now be set
to "ignore", to completely ignore a host whose IP address cannot be
found. If all hosts are ignored, the behaviour is controlled by the new
host_all_ignored option.
PH/39 In a list of hosts for manualroute, if one item (either because of multi-
homing or because of multiple MX records with /mx) generated more than
one IP address, and the following item turned out to be the local host,
all the secondary addresses of the first item were incorrectly removed
from the list, along with the local host and any following hosts (which
is what is supposed to happen).
PH/40 When Exim receives a message, it writes the login name, uid, and gid of
whoever called Exim into the -H file. In the case of the daemon it was
behaving confusingly. When first started, it used values for whoever
started the daemon, but after a SIGHUP it used the Exim user (because it
calls itself on a restart). I have changed the code so that it now always
uses the Exim user.
PH/41 (Following a suggestion from Tony Finch) If all the RCPT commands in a
message are rejected with the same error (e.g. no authentication or bad
sender address), and a DATA command is nevertheless sent (as can happen
with PIPELINING or a stupid MUA), the error message that was given to the
RCPT commands is included in the rejection of the DATA command. This is
intended to be helpful for MUAs that show only the final error to their
users.
PH/42 Another patch from the Sieve maintainer.
SC/02 Eximstats - Differentiate between permanent and temporary rejects.
Eximstats - Fixed some broken HTML links and added missing column headers
(Jez Hancock).
Eximstats - Fixed Grand Total Summary Domains, Edomains, and Email
columns for Rejects, Temp Rejects, Ham, and Spam rows.
SC/03 Eximstats - V1.58 Fix to get <> and blackhole to show in edomain tables.
PH/43 Yet another patch from the Sieve maintainer.
PH/44 I found a way to check for a TCP/IP connection going away before sending
the response to the final '.' that terminates a message, but only in the
case where the client has not sent further data following the '.'
(unfortunately, this is allowed). However, in many cases there won't be
any further data because there won't be any more messages to send. A call
to select() can be used: if it shows that the input is "ready", there is
either input waiting, or the socket has been closed. An attempt to read
the next input character can distinguish the two cases. Previously, Exim
would have sent an OK response which the client would never have see.
This could lead to message repetition. This fix should cure that, at
least in a lot of common cases.
PH/45 Do not advertise STARTTLS in response to HELP unless it would be
advertised in response to EHLO.
|
|
Reported by Travis Mikalson in PR 36522
|
|
Fixed a serious bug where spamdyke was closing the connection to qmail and
exiting as soon as the remote host exited. When the remote host sends its
SMTP data in one burst and closes the connection without waiting for the
response code from the DATA segment, qmail doesn't accept the message and
nothing gets delivered.
Added some code to log_writeln() to translate bare carriage returns into
carriage return/linefeed combinations. This allows poorly written remote
servers to send mail, most notably Microsoft web servers. Dogmatically
refusing to accept mail by refusing to be more flexible than RFC 822
will never change the world; let's be reasonable instead of bouncing
messages back to our friends who can't change their mail servers anyway.
Fixed smtp_filter() to accept parameters to AUTH LOGIN when the MUA sends the
authentication information with the command instead of waiting for the
prompts. Thanks to Carlo Blohm for reporting this one.
|
|
|
|
|
|
net/uucp to mk/defaults/mk.conf.
|
|
run as "root".
* Remove unnecessary passing of ROOT_USER and ROOT_GROUP to the
distribution Makefile. Instead, we simply use BSD_INSTALL_* macros
to do the installation and use SPECIAL_PERMS to clean up and special
permissions after the fact.
* Add a TODO section to the package Makefile that highlights the things
that need to be done to fix this package.
* Fix MESSAGE to refer to ${PREFIX}, not ${LOCALBASE}, for the location
of the installed files.
Bump PKGREVISION to 3 due to change in permissions for makevpopdb.
|
|
|
|
|
|
Bump PKGREVISION.
|
|
* deliver: If Return-Path doesn't contain user and domain, don't try
to bounce the mail (this is how it was supposed to work earlier too)
* deliver: %variables in mail setting coming from userdb aren't
expanded anymore (again how it should have worked). The expansion
could have caused problems if paths contained any '%' characters.
+ Print Dovecot version number with dovecot -n and -a
+ deliver: Added -e parameter to write rejection error to stderr and
exit with EX_NOPERM instead of sending the rejection by executing
sendmail.
+ dovecot --log-error logs now a warning, an error and a fatal
- Trying to start Dovecot while it's already running doesn't anymore
wipe out login_dir and break the running Dovecot.
- maildir: Fixed "UID larger than next_uid" errors which happened
sometimes when dovecot-uidlist file didn't exist but index files did
(usually because mailbox didn't have any messages when it was
selected for the first time)
- maildir: We violated maildir spec a bit by not having keyword
characters sorted in the filename.
- maildir: If we don't have write access to cur/ directory, treat the
mailbox as read-only. This fixes some internal error problems with
trying to use read-only maildirs.
- maildir: Deleting a symlinked maildir failed with internal error.
- mbox: pop3_uidl_format=%m wasn't working right
- mbox: If non-filesystem quota was enabled, we could have failed
with "Unexpectedly lost From-line" errors while saving new messages
- mysql auth: %c didn't work. Patch by Andrey Panin
- APPEND / SEARCH: If internaldate was outside valid value for time_t,
we returned BAD error for APPEND and SEARCH never matched. With 64bit
systems this shouldn't have happened. With 32bit systems the valid
range is usually for years 1902..2037.
- COPY: We sent "Hang in there.." too early sometimes and checked it
too often (didn't break anything, but was slower than needed).
- deliver: Postfix's sendmail binary wasn't working with mail_debug=yes
- Don't corrupt ssl-parameters.dat files when running multiple Dovecot
instances.
- Cache compression caused dovecot.index.cache to be completely deleted
with big endian CPUs if 64bit file offsets were used (default)
- Fixed "(index_mail_parse_header): assertion failed" crash
|
|
Pkgsrc changes:
- Removed requirement for p5-Mail-ListDetector, Mail::Audit::List is no
longer part of this module. p5-Mail-Audit is a leaf package in pkgsrc,
so this has no further impact.
- New requirements are p5-File-HomeDir and p5-File-Tempdir.
- No compiler needed.
- Security fixes in patch-aa and patch-ab are finally integrated with
v2.219.
Changes since version 2.1:
==========================
2.219 2007-06-14
For security reasons, the log is now ~/mail-audit.log, not
/tmp/username-audit.log
fix bug: logging wasn't working when processing mime messages
add optional "reason" argument to ignore method
_log method renamed to log and documented
2.218 2007-03-06
remove List, Razor, and PGP plugins to their own dists
this is the first step in paring down Mail::Audit
2.217 2007-03-05
make the test skipped in 2.216 pass reliable (thanks to HDP for idea)
2.216 2007-02-26
skip a test that doesn't pass reliably
2.215 2007-02-19
subclass File::Tempdir to avoid cleaning up in forked child
2.214 2007-02-15
refactor internals of emergency and default destinations
2.213 2007-02-15
add a no_log option
2.212 2006-10-31
try to avoid letting temp dirs linger too long
2.211 2006-09-19
fix Mail::Audit::List breakage; it needs tests!; rt #20934
2.210 2006-09-19
use File::HomeDir to reduce unix-o-centrism
2.203 2006-07-21
update PEP information
2.202 2006-07-21
test fix: don't rely on default mbox not existing; force it to fail
prune list of sysexits.h-like error code constants
2.201 2006-07-16
use File::Temp a few places where it's indicated
add a munge_name arg to Mail::Audit::List
pipe now returns the exit status of the pipe
fix directory permissions
fixed bugs in proc2ma (ticket 2982, thanks MARKSTOS)
2.200_05 2006-06-04
more testing
more tweaking
more frustration
2.200_04 2006-06-04
log now uses on-object filehandles, rather than globals
delivery to msgprefix completely removed, as it was never implemented
exit behavior somewhat encapsulated for testability
PGP plugin now replaces, rather than adds, content type headers
more tests
2.200_03 2006-06-01
our first meaningful tests!
also some POD tests
POD cleaned up
many undocumented modules given a _-prefix
removed undocumented, bizarre inreplyto_and_references method
2.200_02 2006-05-30
various code cleanup, including perltidy
extra options, previously an optional hashref passed as first arg,
should now be passed as the last arg; factored out and deprecation
warning added; they were mostly undocumented
moved to Module::Install
2.200_01 2006-05-24
maintenance assumed by RJBS
changes inherited from Meng Wong
|
|
Fix build problem with db4 following a hint by obache@
04/09/2006
==========
Release: Prayer 1.0.18
Important Security fix:
os_connect_unix() had a strcpy() which should have been strncpy() to
prevent buffer overrun. Prayer 1.0.17 was mostly safe.
By 28/06/2006
=============
Release: Prayer 1.0.17
Fix small foulup wuth gethostbyname() calculations when binding Prayer
to specific interfaces.
Cleanups to stop char vs unsigned char warnings with latest c-client.
Make sure that all internal draft messages consistently use CRLF.
Security audit for Prayer frontend following attack:
Optional Chroot environment (See chroot options in config file).
Stripped out debugging code.
04/11/2005
==========
Fix small foulups with abook_lookup:
Couldn't add last address to existing draft.
Block LDAP metacharacters from search.
By 13/06/2005
=============
Release: Prayer 1.0.16
Fix silly bug when replying to multipart messages where the main message
and the text/plain subpart have different encoding (missing mail_body
call).
Add a limit_vm backstop to stop single runaway process from taking
over the system.
By 10/06/2005
=============
Release: Prayer 1.0.15 (1.0.13 and 14 internal releases only).
list screen doesn't set "current" message to middle of range. Means that
switching between various sort modes works more consistently.
Go fishing for text/plain or failing that text/html bodypart within top
level of multipart/mixed or multipart/alternate message when replying to a
message. Behaviour should now be consistent with cmd_forward and
cmd_display.
Include LDAP and local finger database lookups (latter for Cambridge use only)
Addressbook screen:
Addressbook sort (can be set on Manage => Preferences => Display)
Addressbook bulk removal
Import and Export CSV (Outlook) format address screen
Spellcheck:
Support native aspell as well as ispell, aspell in ispell compatibility mode.
Means that Quoted text is not checked if the following is set:
Manage => Preferences => Extra Compose =>
Skip quoted text on spell check
By 09/08/2005
=============
Spam whitelist
Test the Referer header on login. Two independant prayer.cf options:
referer_block_invalid and referer_log_invalid
Test the Referer: header before performing a /redirect/ action in
order to protect against URL redirector abuse
Doesn't work with "Save Target As". Remove entirely
Confirm on expunge.
Cleanup up account_message error reporting so consistent.
Fix format=flowed quoting problems.
Fix memory leak in mailbox download (2 x size of mail folder) until
next transfer or idle shutdown.
25/01/2005
==========
line_wrap_on_send preference not used by draft_init().
Fixed problems with multipart/alternate display and forwarding
|
|
For some reason, the script creates the pid file itself, instead
of using '-p' option to freshclamd. sig_stop=KILL seems unnecessary,
too.
Bump PKGREVISION.
|
|
use the same UUCP_{USER,GROUP} variables as net/uucp.
|
|
|
|
|
|
|
|
in SPECIAL_PERMS usage.
* Consistently use 4555 for setuid and 2555 for setgid programs.
|
|
|
|
setting and instead just chmod the qmqtool script to 0700 at install
time.
|
|
to define how long clamsmtpd should wait for clamd.
PKGREVISION++
|
|
(2.0.0.1-2.0.0.3 skipped to keep the version on par with Firefox?)
Security fixes in this version:
MFSA 2007-15 Security Vulnerability in APOP Authentication
MFSA 2007-12 Crashes with evidence of memory corruption
For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.4/releasenotes/
|
|
|
|
|
|
Pkgsrc changes:
- Added some comments to patch files.
- Adapting patch-aq to changes in the README file.
- Added forgotten direct requirement for p5-Compress-Zlib.
- Since 3.2.0 at least version 3.43 of p5-HTML-Parser is needed.
- Installation to DESTDIR is possible as root.
- Substituted correct paths in spamc.pod (source file for spamc.1).
- Added VARBASE to BUILD_DEFS to silence pkglint warnings.
Changes since version 3.2.0:
============================
3.2.1 is a major bug-fix release, including a potential local DoS. The
major highlights are:
- bug 5480: fix for CVE-2007-2873: a local user symlink-attack DoS
vulnerability. It only affects systems where spamd is run as root, is used
with vpopmail or virtual users via the "-v"/"--vpopmail" OR
"--virtual-config-dir" switch, AND with the "-x"/"--no-user-config AND
WITHOUT the "-u"/"--username" switch AND with the "-l"/"--allow-tell" switch.
This is not default on any distro package, and is not a common configuration.
More details of the vulnerability can be read at
<http://spamassassin.apache.org/advisories/cve-2007-2873.txt>.
- bug 5488: zero some rules causing false positives: FH_HOST_EQ_D_D_D_DB and
FH_HOST_EQ_D_D_D_D.
- bug 5257: re-raise autolearn ham threshold to 1.0; the lower value
used in 3.2.0 was creating problems.
- bug 5422: in spamd, deleting hash entries from the SIGCHLD signal handler is
unsafe, causes corruption of the data structure, and results in 'prefork:
ordered child N to accept, but they reported state '1', killing rogue'
errors. fix.
- bug 5102: tighten up regexp for FORGED_HOTMAIL_RCVD to avoid some FPs.
- bug 5457: spamc build and test should handle not having zlib available.
- bug 5379: spamd could crash at startup if its preloading temporary directory
already exists. fix.
- bug 4616: spamc config can cause command line options to be ignored. fix.
- bug 5485: zero score DK/DKIM_POLICY_SIGNSOME rules since they'll always fire
due to defaults (unless there's an explicit SIGNALL policy).
- bug 5492: VBounce rule was looking in header instead of body for whitelisted
relays. fix.
- bug 5487: prevent multiple "urirhssub"s using the same zone from overwriting
each other.
- bug 5432 - Change default in Win32 build to not build spamc.
- bug 5446: add --updatedir option to sa-compile and remove inaccurate re2c
required version info from pod.
- bug 5436: add omitted "ifplugin" statements to the configuration, which would
otherwise cause lint errors if the default plugins were disabled.
- bug 5477: prevent Rule2XSBody info message from appearing on stderr during
spamd startup.
|
|
Pkgsrc changes:
none
Changes since version 0.25:
===========================
Version 0.26 - released 2007-05-24
* recognize and generate v=1 signatures (DKIM is now RFC 4871)
|
|
Changelog:
Version 0.20 20 March 2007
* Cache uncompressed mbox data (Chris Mason, further work by me)
* Fix gaps in date ranges for search
* Unlock database if mairix is interrupted (Paul Fox)
* Add fast index option (-F)
* Fix conditional compilation errors for compressed mbox
* Reimplement MIME header parsing
* Add capability to search on names of attachments
* Add capability to search on state of message flags
* Create maildir-format mfolder filenames correctly with regard to flags
* Various bug fixes (Oliver Braun, Matthias Teege)
Version 0.19 15 July 2006
* mairix.spec fixes (André Costa)
* bug fix: freeing of message structures (Karsten Petersen)
* Add new -x (--excerpt-output) option, an alternative mode for searching. This displays the key headers from the matching messages on stdout.
* Add notes about the mairix-users mailing list and the SourceForge page to README.
* Fix configuration + compilation to allow building with gzip support but without bzlib support.
* Rename internal functions like zopen() to avoid name conflicts on MacOS X. (Vincent Lefevre)
* Remove a spurious ; in bison input file (Vincent Lefevre)
* Improve output given in various error conditions (based on patch by Karsten Petersen)
Version 0.18 10 March 2006
* Support bzip2'd mbox folders
* Fix bugs in parsing mbox folders containing unquoted 'From ' lines inside MIME body parts
* Fix bug in parsing content-type data containing quotes with whitespace before
* Clone the message flags (when both the source folder and mfolder are both of maildir type)
* New manpages mairix.1 and mairixrc.5 are included, and the old texinfo-based documentation is deprecated into the old_docs/ directory.
* Upgrade scanners to new version of dfasyn
* Support Mew's MH folder subtype
Version 0.17.1 16 December 2005
* Fix detection of MH folder subtype used by nnml (Gnus)
* Fix filename format generated in the /cur/ directory for maildir mfolders.
* Syntax fix in configure script
Version 0.17 14 November 2005
* Support gzipped mbox folders (any file matched by a mbox= line in the config file is considered as a gzipped mbox if its name ends in .gz)
* Rework directory traversal for the '...' construct to speed up indexing and the check that mfolder isn't going to overwrite a real folder when searching.
* Check whether database exists before attempting to do searching.
* Matched new maildir messages go in /new/ subdirectory of maildir mfolder.
* Fix lots of compiler warnings generated by gcc4.x
* Don't create and immediately scrub database entries for empty mbox folders.
* Fix usage() info for bare word in searching
* Allow '.' on the ends of numeric filenames in MH folders (to work with Evolution)
* Update .PHONY target so that 'make install' etc are more reliable.
* Add --version switch
* Fix bug with size argument passed to memset
* Add X-source-folder header to indicate the original folder of a match found in an mbox.
|
|
Add DESTDIR support. Bump revision.
|
|
|
|
Version 1.3 - 13 February 2007
------------------------------
- Perl Compatible Regular Expression (PCRE) support.
- Compile against Lua 5.1 by default.
- Bug fix; program fault in some cases and when namespace prefix was empty
- Bug fix; program fault on some platforms when running in verbose mode
|
|
This release is largely a bug-fix release, but it does contain a couple of
small new features (next-unread-mailbox, $message_cache_clean).
The "change_folder_next" patches are gone, since a similar feature was added,
and it is now possible to use
bind index , next-unread-mailbox
to use , to cycle mailboxes with new mail
|
|
|
|
Noted by OBATA Akio.
|
|
|
|
Fixed smtp_filter() to accept parameters to AUTH PLAIN when the MUA sends the
authentication information with the command instead of waiting for another
prompt.
Changed find_address() to strip BATV tags from addresses so whitelist/
blacklist matching can still take place. Reported by Walter Russo.
Added utils/passwordcheck to help troubleshoot SMTP AUTH problems.
Added more logging to exec_checkpassword() to aid troubleshooting.
|
|
pkgsrc changes: set INSTALLATION_DIRS.
2007-01-30 Dave McMurtrie <davemcmurtrie@gmail.com>
* Version 1.2.5 released.
2007-01-30 Dave McMurtrie <davemcmurtrie@gmail.com>
* common.h: Updated version string to 1.2.5.
2006-10-03 Dave McMurtrie <davemcmurtrie@gmail.com>
* common.h: Updated version string to 1.2.5rc2.
* main.c: Patch by Matt Selsky to log ssl peer verify at Debug
level instead of err level.
* Makefile.in: Patch by Matt Selsky to set the permissions on
the configuration files to 755 instead of 644.
2006-08-15 Dave McMurtrie <davemcmurtrie@gmail.com>
* imapcommon.c: No longer exit() from IMAP_Line_Read() on
failed sanity check.
2006-02-16 Dave McMurtrie <davemcmurtrie@gmail.com>
* pimpstat.c: Patch by Matt Selsky to fix spelling error.
* main.c: Fixed string format bug (Debian DSA 852-1) found by
Steve Kemp. Added version string to startup log message.
* common.h: Patch by Matt Selsky to add a version string.
* request.c: Patch by Matt Selsky to add cmd_version function.
* README: Patch by Matt Selsky to add info about p_version command.
Updated the imapproxy-info mailing list URL.
|
|
which use it. This fixes the build of courier-maildir (which includes
courier-mta/Makefile.common) since -r1.60 of mk/bsd.options.mk.
|
|
-make updatefile honour symlinks, so users can alias one server's oldmail
state file to another (for split-horizon DNS and other strange
configurations). Thanks: Scott Hepler.
|
|
|
|
just explain a little better how RoundCube is setup in pkgsrc.
* While were here update to 20070528
2007/05/28 (thomasb)
---------
- Fixed buggy imap_root settings (closes 1484379)
- Prevent default events on subject links (1484399)
- Typo in rcube_smtp.inc
2007/05/23 (estadtherr)
----------
- Upgrade to TinyMCE v2.1.1.1
2007/05/18 (thomasb)
----------
- Use HTTP-POST requests for actions that change state
2007/05/17 (thomasb)
----------
- Updated Catalan, Russian, Portuguese, Slovak and Chinese translations
- Renamed localization folder for Chinese (Big5)
- Chanegd Slovenian language code from 'si' to 'sl'
- Added Sinhala (Sri-Lanka) localization
- Use global filters and bind username/ for Ldap searches (1484159)
- Hide quota display if imap server does not support it
- Hide address groups if no LDAP servers configured
- Add link to message subjects (closes 1484257)
- Better SQL query for contact listing/search (closes 1484369)
2007/05/13 (thomasb)
----------
- Updated Norwegian (bokmal), Czech, Danish and Portuguese (standard) translation
- Fixed marking as read in preview pane (closes 1484364)
- CSS hack to display attachments correctly in IE6
- Wrap message body text (closes 1484148)
|
|
|
