| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This release fixes a bug in ACL plugin, which could be considered a security
bug: If Maildir is used with default settings (INBOX is same as Maildir root
dir) and user set some ACLs to INBOX, those ACLs were copied to all newly
created mailboxes. This should have been done only for "default ACLs", but with
Maildir the INBOX directory is the same as the default ACL directory, so this
mixup happened. This bug exists only in v1.2.x releases.
Other fixes:
- Fixed iconv() crash when it was processing several kilobytes of broken
continuous input. This mainly could have caused a problem with IMAP SEARCH.
Possibly also with some Sieve checks.
- If MIME encoded-words contained line feeds, Dovecot logged cache corruption
errors.
- mbox: Renaming mailbox under newly created dir didn't move index directory.
- mbox: When generating envelope to From_-line, don't append a second
@owndomain if username already has one.
|
|
- Now allow more than one plugin to control the compose form submit action.
- When sorting by received date, the received date is now shown on the
message list.
- Explicitly disable browser caching for left_main and right_main pages
(#2983134).
- Fix error with SpamCop reporting plugin not being able to send report as
emails (#1795310).
- Fix typo in SpamCop plugin.
- Reduced default time security tokens stay valid from 30 days to 2 days
(reduces chances of session data growing too large)
- Several speed enhancements for recent fixes regarding the display of
encoded subjects, including a fix for messages with invalid subject
encoding (includes #2987016 amongst several other issues reported via
mailing list, etc.) (Many thanks to Zdenek Pytela for the untiring help
diagnosing and testing.)
- Fixed minor vulnerability in Mail Fetch plugin.
[CVE-2010-1637/TEHTRI-SA-2010-009]
- Now properly quote personal part of encoded addresses when replying.
- Now fill in default subject when forwarding as attachment (#2936541).
- Implement header folding that doesn't add extraneous spaces so unfolding
is less ambiguous (#1951776).
- Fixed issues caused by use of PostgreSQL keyword "user" in SquirrelMail's
default preferences database schema (#2943483).
- Fixed attachment filename decoding problems (#2994865).
- Now default search criteria to the TO header when searching the sent folder.
- Fixed literal processing of 8-bit usernames/passwords during login.
[CVE-2010-2813]
|
|
pkgsrc changes:
* accept bdb3 and bdb5, rename db4 option to bdb.
* accept tokyocabinet for db engine.
* buildlink with libiconv for UNICODE support.
-------------------------------------------------------------------------------
1.2.2 2010-10-08 (released)
2010-07-05
* Use a better PRNG for random sleeps. That is arc4random() where
available, and drand48() elsewhere.
* Assorted fixes for issues found with clang analyzer:
+ Fix a potential NULL deference
+ Fix a potential division by zero
+ Remove dead assignments and increments
* Update Doxyfile and source contrib/bogogrep.c for docs, too.
2010-07-03
* Security bugfix, CVE-2010-2494:
Fix a heap corruption in base64 decoder on invalid input.
Analysis and patch by Julius Plenz <plenz@cis.fu-berlin.de>.
Please see doc/bogofilter-SA-2010-01 for details.
2010-04-07
* Updated sendmail milter contrib/bogofilter-milter.pl to v1.??????
(thanks to Jonathan Kamens)
2010-04-01
* Bump supported/minimum SQLite3 versions and warning threshold.
See doc/README.sqlite for details.
* Mark BerkeleyDB 4.8.26 and 5.0.21 supported.
Note that Berkeley DB 5.0's SQLite3 compatibility API is NOT
supported, it causes shifts in scores and write failures under
contention. Bogofilter can use Berkeley DB 5.0's native interface,
and using that is more efficient than the added SQL shim layer.
2010-03-06
* Make t.maint more robust; ignore .ENCODING token. To fix test
failures on, for instance, FreeBSD with unicode enabled.
2010-02-15
* Fix several compiler warnings "array subscript has type 'char'", by
casting the arguments to unsigned char.
A security audit was conducted and showed that all affected
functions either received the relevant input from the user running
bogofilter, or the input had already been pre-validated by the token
lexer.
2010-02-14
* Split error messages for ENOENT and EINVAL into new function.
* Avoid divison by zero in robx computation by checking if there are at
least one ham message and one spam message registered.
2009-08-13
* contrib/spamitarium.pl updated to version 0.4.0
(thanks to Tom Anderson)
2009-08-05
* Updated and integrated Ted Phelps's "Patch to prevent .ENCODING from
being discarded by bogoutil -m" (SourceForge Patch #1743984).
Thanks to Ted for debugging the issue and providing the patch (which
was for bogofilter v1.1.5).
2009-09-15
* Promoted to "stable"
1.2.1 2009-08-01 (released)
2009-08-01
* Update configure to use "host" rather than "target", to match the
newer autotools cross-build semantics. Untested.
Developers changing the build system and users who build from SVN
will now need automake 1.9 and autoconf 2.60.
2009-07-31
* Fix Christian Frommeyer's MIME decoding bug, Ubuntu/Launchpad Bug
#320829. As a side effect, also fixes misattribution of MIME bodies
as MIME headers with mime: tag. Original bug report:
https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/320829
Before this fix, bogofilter did not properly MIME-decode the first
line in a body. This was especially bad with Christian's samples
where the whole body was only one long base64 line.
2009-05-28
* Removed two scripts that are auto-built.
* Added test case for Stephen Davies' Q-P EOL problem (see below).
2009-05-25
* Fixed EOL problem in quoted_printable text. Problem reported by
Stephen Davies and identified by Pavel Kankovsky.
2009-03-28
* Promoted to "stable"
1.2.0 2009-02-21 (released) 2009-03-28 (declared stable)
2009-02-20
* Flex-2.5.35 has fix for memory allocation problem in 2.5.4,
2.5.31, and 2.5.33, making bogofilter's flex patch obsolete.
2009-02-12
* Bogofilter now uses listsort in place of qsort.
2009-01-31
* Added token-count=n, token-count-min=n, and token-count-max=n options.
* Minor code cleanups.
2009-01-21
* spamitarium.pl updated to version 0.3.0
(thanks to Tom Anderson)
2009-01-11
* For compatibility with Sun's Sun Studio 12 compiler, provide
a name for the anonymous union in typedef word_t.
Patch provided by Jack Bailey.
2008-10-20
* update bf_compact documentation by removing explicit Berkeley DB
references, as it has been fixed to work with other database drivers
in March 2008.
2008-10-15
* bf_compact, bf_copy and bf_tar now support transformed program names
(fixes Debian Bug#501947).
* Update sqlite3 adaptor to take advantage of sqlite3_prepare_v2()
API function that appeared in SQLite 3.3.9. The new _v2 interface
allows for more specific error messages when executing SQL
statements. Also enable extended result codes for more precise error
reporting.
2008-07-21
* Update doc/integrating-with-postfix: the script now suggests sendmail
-G -i (where -G will be ignored by Postfix before 2.3) to tell
Postfix it's a gateway submission, not an original injection; the
filter pipe(8) magic for master.cf now suggests flags=Rq (was
flags=R), as per Postfix's FILTER_README.
2008-07-09
* Drop support for systems that reverse setvbuf arguments. The last
systems to do that are reported to be shipped in 1987 by the autoconf
manual, so ditch them.
|
|
|
|
happening in the future. PR pkg/43654
|
|
(Since pkgsrc-2010Q2 has the 3.0 branch of thunderbird I will send a
separate diff to releng for the 3.0.6 security update.)
MFSA 2010-47 Cross-origin data leakage from script filename in error messages
MFSA 2010-46 Cross-domain data theft using CSS
MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent
character to vanish
MFSA 2010-43 Same-origin bypass using canvas context
MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
MFSA 2010-41 Remote code execution using malformed PNG image
MFSA 2010-40 nsTreeSelection dangling pointer remote code execution
MFSA 2010-39 nsCSSValue::Array index integer overflow
MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
|
|
Reported by Francois Tigeot.
|
|
PERL_SET_CONTEXT after forking or Perl gets confused.
In particular, setting signal-handling dispositions using
$SIG{FOO} = sub { ... } breaks.
* Clarify wording of mimedefang-filter man page.
* Remove obsolete code that used to attempt to generate working
directory names. Deactivate the no-longer-needed "-M" mimedefang
option.
* Add new "-y" option to mimedefang-multiplexor. This limits
the number of concurrent "recipok" commands on a per-domain basis.
* Remove Anomy::HTMLCleaner support.
* use MIME::Parser::Filer's ignore_filename() call instead of
subclassing to override evil_filename(). Same effect, less code.
* refactor resend_message_one_recipient() to use
resend_message_specifying_mode() instead of reimplementing it.
* header_timezone() now generates a strictly RFC2822-compliant timezone
string without needing POSIX::strftime()
* Ensure that decode_mimewords() is called in scalar context.
|
|
options no longer exist in the current version of evolution.
It still doesn't build for me under Linux, but the spurious warnings about
unrecognised krb4 configure options are gone.
|
|
|
|
This switches to the gnome-2.30 release branch.
(untested, the old version didn't build anymore)
|
|
|
|
Upstream changes:
version 1.30: Thu Jun 3 12:00:37 CEST 2010
- typo. rt.cpan.org#55655 [Salvatore.Bonaccorso]
- xlsx must be encoded binary [Ben Prew]
- added f4v, f4p, f4a, f4b extensions for mpeg4
rt.cpan.org#55168 [Oskari Ojala]
version 1.29: Tue Mar 16 23:28:00 CET 2010
- added a zillions of new types from debian's /etc/mime.types.
implemented by [Roman V. Nikolaev]
- changed table format, hopefully to speed-up load times per
type, slightly compensating for the increased list.
|
|
|
|
|
|
emacs23. PKGREVISION++ as a precaution.
|
|
|
|
|
|
This switches to the gnome-2.30 release branch.
(It crashes more often than the old version for me. Any help welcome.)
|
|
|
|
This switches to the gnome-2.30 release branch.
|
|
|
|
- Update bundled enigmail to 1.1.2
- Update mozilla branch patches to 1.9.2 (from devel/xulrunner)
- While here fix PR pkg/43598 PLIST problem w/ enigmail
---8<---
Thunderbird 3.1 is based on the Gecko 1.9.2 platform to provide improved
performance, stability, web compatibility, and code simplification and
sustainability.
New features include:
Faster Search Results and Quick Filter Toolbar
* Faster Search Results
* Quick Filter Toolbar
User Experience Improvements
* New Migration Assistant
* Saved Files Manager
* Mail Account Setup Wizard
Performance Improvements
* Improvements to Stability, Memory, and Password Handling
|
|
|
|
Based on PR#43566, with additional clean up, exactly enable/disable options.
Version 1.4.21:
- No significant changes.
Version 1.4.20:
- Added support for authentication mechanism SCRAM-SHA-1 via GNU SASL.
- The new command tls_fingerprint allows one to trust one particular TLS
certificate, in case tls_trust_file cannot be used for some reason.
- The new script msmtp-gnome-tool.py manages Gnome Keyring passwords for msmtp.
Version 1.4.19:
- When using OpenSSL, msmtp now correctly handles NUL characters in the Common
Name and Subject Alternative Name fields of certificates. This fixes a
security problem. Note that msmtp is not affected by this problem if GnuTLS is
used.
|
|
Changed the option "hostname-file" to read /var/qmail/control/me by default.
Added the option "dns-resolv-conf" to read the nameserver from a file other
than /etc/resolv.conf if necessary. Multiple files can be read, if needed.
Changed all uses of strncpy() to memcpy() because strncpy() will fill the
remainder of the destination buffer with zeroes if the source string is
too short. This is not needed because all strings are being explicitly
terminated after copies anyway.
Added two new parameters to search_file() to allow the matching line data to
be returned to the caller.
Changed process_access() to save the contents of the RELAYCLIENT environment
variable, if set.
Added the timefilter program to the utils folder.
Reversed a small change to spamdyke_log() made 4.0.8 that will prevent buffer
overflows in obscure situations.
Changed is_ip_in_name() to look for more patterns of IP addresses in rDNS
names: 044.033.022.011, 44.033.022.011, 44.33.022.011 and 44.33.22.011.
Thanks to Eduard Svarc for suggesting this one.
Changed the syslog output to include an "encryption:" tag at the end that
shows the current status of TLS/SSL encryption. Thanks to Eric Shubert for
suggesting this one.
Added a "-R" option to smtpdummy so it will reject all recipients.
Completely rewrote find_address() to completely conform to RFC 2822 when
parsing addresses, including quoting, comments, folded whitespace and
all the rest.
Added the option "reject-identical-sender-recipient" to block any messages
where the sender and recipient are the same. Thanks to almost everyone
on the mailing list for suggesting this one.
Changed nihdns_mx() to tolerate MX records that contain IP addresses (illegal)
instead of names.
Fixed Makefile.in to use the CPPFLAGS variable from the "configure" script, if
the user provided it in an environment variable. Thanks to Iavor Stoev for
reporting this one.
Fixed the "configure" script to correctly include header files on FreeBSD 7.0.
Thanks to Andrew Khon for reporting this one.
Added a "-S" flag to sendrecv to prevent it from starting a TLS session when
it sees "STARTTLS".
Improved sendrecv's usage display to document what each option does.
Changed do_spamdyke() to set the stdin and stdout file descriptors to
nonblocking before calling middleman(). This works around a bug in the SSL
library that will block forever waiting for input, even after SSL_pending()
and/or select() has already indicated the socket is ready. Thanks to
Teodor Milkov for identifying this problem more than a year ago and trog for
producing a patch to fix it!
Fixed process_config_file() to reject configuration file lines with
bad/missing characters.
Fixed process_config_file() to print an "unknown option" error message instead
of an "illegal option" message when an unknown option is found in a
configuration file.
Added option "rejection-text-identical-sender-recipient" to set the rejection
message for the identical sender/recipient filter.
Created dnsdummy to simulate a nameserver but exit after a short while for
testing spamdyke's DNS routines.
Converted all DNS-related tests to use dnsdummy and removed all references to
spamdyke.org and silence.org. This will also allow the removal of the
(hundreds of) bogus entries from the spamdyke.org zone file.
Removed the use of getprotobyname() from dns.c and used the defined protocol
values in netinet/in.h.
Changed nihdns_query() to retry DNS queries via TCP if the response received
via UDP has the "truncation" flag set (indicating the answers are too large
for a UDP packet). Thanks to Roland Moelle for suggesting this one.
Added option "dns-tcp" to control if spamdyke will retry DNS queries via TCP.
Added option "dns-spoof" to control if spamdyke will attempt to detect DNS
spoofing and, if so, what it should do about it.
Fixed smtp_filter() to offer and accept SMTP AUTH (when appropriate) even if
the connection is already whitelisted. Thanks to Ratko Rudic for
reporting this one.
|
|
|
|
-fix crap code from bad svn merge that slipped into 4.18.0, triggering
exceptions in MDA_external configs. Thanks: Paul Howarth.
|
|
-fix missing import introduced in 4.18.0. Thanks: Paul Howarth.
|
|
|
|
|
|
-update broken link in FAQ. Thanks: Stefan Kangas.
-strip a few extra problematic (on non-Unix systems) characters when
generating oldmail filenames; backslash was requested by Andy Ross.
If upgrading and your current oldmail file contains any of these
characters:
\ ; < > |
... then rename it, replacing runs of one or more of those characters with
a single "-".
-improve clarity of message logged by getmail when an external program exits
0 but getmail considers it failed because it wrote to stderr. Thanks:
Chris Dennis.
|
|
This is a bugfix release which fixes various UI issues.
|
|
|
|
|
|
ChangeLog for Dovecot 1.2.12:
- deliver: Don't crash when a message with Auto-submitted: header gets
rejected.
- lib-storage: Fixed header searches to work correctly when there are
multiple headers with same name.
- dict client: Disconnect from dict server after 1 second of idling.
- dict: If process crashed, it wasn't automatically restarted
- dict file: If dict file's group permissions equal world permissions,
don't try to change its gid.
- maildir: Fixed a memory leak when copying with hardlinks.
- maildir: Expunging last messages may have assert-crashed if their
filenames had just changed.
Changelog for Sieve 0.1.17:
- Made sure source code positions for compiler messages are recorded
at start of tokens.
- Fixed a few potential memory leaks in the Sieve compiler and the
spam/virustest extensions.
- Made command line tools return proper exit status upon failure.
|
|
from postfix-license, of the same level of importance as changing the
name of the copyright holder, rather than in the nature of the terms.
Everyone believes that postfix is Open Source, and this causes postfix
to fall under DEFAULT_ACCEPTABLE_LICENSES.
ok martti@
|
|
* courier-analog.in: Typo.
* courier-analog.in: Combine all RCPT TO errors together
Based on patch(es) from PR pkg/42989 by Brian Candler
|
|
* gpglib/list.c: Handle GnuPG 2 --with-colons output format changes.
* gpglib/mimegpgfork.c: GnuPG 2 wants --batch when specifying
passphrase-fd.
* rfc2045/rfc2045reply.c (mkreply): Fix sender's name in the
reply salutation.
* html/en-us/newmsg.html: Ditto.
* Big quota patch (with some changes).
(See the Changelog for the previous releases)
Based on patch(es) from PR pkg/42989 by Brian Candler
|
|
* maildrop/mailbot.c (main): Set close-on-exec bit on opened files.
* rfc2045/rfc2045reply.c (mkreply): Fix sender's name in the
reply salutation.
* rfc2045/reformime.sgml: Document the -c option to reformime.
* Big quota patch (with some changes).
(See the Changelog for the previous releases)
Based on patch(es) from PR pkg/42989 by Brian Candler
|
|
* tcpd/configure.in: Check if explicit linking with libgpg-error is required.
* imapd.c (main): Fix typo in alert message.
* Big quota patch (with some changes).
* imapd.c (main): Dummy FAM/Gamin initialization, report an error
during login, upon a failure.
* imapd.c (imapenhancedidle): Make FAM error more meaningful.
* pop3dserver.c (main): "disableinsecurepop3" account option disables
non-SSL logins.
* imapd.c (chkdisabled): "disableinsecureimap" account option disables
non-SSL logins.
(See the Changelog for the previous releases)
Based on patch(es) from PR pkg/42989 by Brian Candler
|
|
* gpglib/list.c: Handle GnuPG 2 --with-colons output format changes.
* gpglib/mimegpgfork.c: GnuPG 2 wants --batch when specifying passphrase-fd.
* tcpd/configure.in: Check if explicit linking with libgpg-error is required.
* tcpd/libcouriergnutls.c (tls_connect): Fix bad call to
gnutls_server_name_set(). Affects Courier compiled with GnuTLS support.
* maildrop/mailbot.c (main): Set close-on-exec bit on opened files.
* courier/doc/courier.sgml: Move the SPF section to a separate refsect2
to work around misformatting by the manpage stylesheet.
* rfc2045/rfc2045reply.c (mkreply): Fix sender's name in the reply salutation.
* html/en-us/newmsg.html: Ditto.
* rfc2045/reformime.sgml: Document the -c option to reformime.
* imapd.c (main): Fix typo in alert message.
* Big quota patch (with some changes).
(See the Changelog(s) for previous releases)
Based on patch(es) from PR pkg/42989 by Brian Candler.
|
|
|
|
(missed those and *emacs* the first time round because they pull
in their png dependencies via default-on options; they were included
in the test bulk build though)
|
|
it start after ntpdate runs.
|
|
Also add some patches to remove use of deprecated symbols and fix other
problems when looking for or compiling against libpng-1.4.x.
|
|
|
|
* This is the latest development release
|
|
implementation (for SMTP-based content filters), improves robustness,
and has updates for changes in system or library interfaces.
* Bugfix (introduced Postfix 2.6) in the XFORWARD implementation,
which sends remote SMTP client attributes through SMTP-based
content filters. The Postfix SMTP client did not skip "unknown"
SMTP client attributes, causing a syntax error when sending
an "unknown" client PORT attribute.
* Robustness: skip LDAP queries with non-ASCII search strings,
instead of failing with a database lookup error.
* Safety: Postfix processes now log a warning when a matchlist
has a #comment at the end of a line (for example mynetworks
or relay_domains).
* Portability: OpenSSL 1.0.0 changes the priority of anonymous
cyphers.
* Portability: Mac OS 10.6.3 requires <arpa/nameser_compat.h>
instead of <nameser8_compat.h>.
* Portability: Berkeley DB 5.x is now supported.
|
|
- security fixes
- various bug fixes and small improvements
- new XHTML strict template tree
- add UTF-8 support
- add IPv6 support
- add Raven single sign-on authentication
|
