| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
A daemon which provides TLS client policy for Postfix via socketmap,
according to domain MTA-STS policy. The current support for RFC8461
is limited - the daemon lacks some minor features:
* Fetch error reporting
* Fetch ratelimit (but actual fetch rate partially restricted with
`cache_grace` config option).
The server has a configurable cache backend which allows storing
cached STS policies in memory (`internal`), a file (`sqlite`) or
in a Redis database (`redis`).
|
|
Restore patches accidently removed by me.
Noted by tnn@ and thanks much.
Bump PKGREVISION.
|
|
|
|
pkgsrc changes:
* Add "USE_TOOLS+= pax" to plugins.mk.
* Add some note to MESSAGES.
* update DESCR.
1.6.0 (2022-07-28)
We proudly announce the release of the next major version 1.6 of Roundcube
webmail. With this milestone we cleaned up the codebase and bring full
support for PHP 8.1. The most noteworthy changes, as already announced with
the beta release, are:
* PHP 8.1 support
* Dropped support for PHP < 7.3
* Support responses (snippets) in HTML format
* Option to purge deleted mails older than 30, 60 or 90 days
* Unified and simplified services connection config options
* Removed the Classic and Larry skins from the release packages
* SQLite: Use foreign keys, require SQLite >= 3.6.19
See the full changelog in the release notes on the Github download page.
Breaking Changes to 1.5 and prior versions
The following config options have either been removed or renamed:
1. IMAP:
* renamed default_host to imap_host
* removed default_port option (non-standard port can be set via
imap_host)
* set "localhost:143" as a default for imap_host
2. SMTP:
* renamed smtp_server to smtp_host
* removed smtp_port option (non-standard port can be set via smtp_host)
* set "localhost:587" as a default for smtp_host
3. LDAP:
* removed port option from ldap_public array (non-standard port can be set
via host)
* removed use_tls option from ldap_public array (use tls:// prefix in host)
4. Managesieve:
* removed managesieve_port option (non-standard port can be set via
managesieve_host)
* removed managesieve_usetls option (set tls:// prefix to managesieve_host)
|
|
This makes the package break later in 'make install' when it finds out
that updates.spamassassin.org does not exist.
Bump PKGREVISION.
|
|
|
|
The package changed with the addition of its libepoll-shim dependency.
Otherwise, we can get:
ERROR: libepoll-shim>=0.0.20210418 is not installed; can't buildlink files.
|
|
This is now handled centrally via OPSYS_EXPLICIT_LIBDEPS support in libiconv
and gettext-lib.
|
|
This is a bug-fix release, fixing a $edit_headers bug on MacOS, along with
several other small issues. It also changes $query_command to be stricter
when parsing results, and adds '%s' expando support to $pager.
|
|
|
|
removing firefox78.
|
|
Recent libtool update appears to have exposed more of these.
|
|
1.5.3 (2022-06-26)
* Enigma: Fix initial synchronization of private keys
* Enigma: Fix double quoted-printable encoding of pgp-signed messages with
no attachments (#8413)
* Fix various PHP8 warnings (#8392)
* Fix mail headers injection via the subject field on mail compose (#8404)
* Fix bug where small message/rfc822 parts could not be decoded (#8408)
* Fix setting HTML mode on reply/forward of a signed message (#8405)
* Fix handling of RFC2231-encoded attachment names inside of a
message/rfc822 part (#8418)
* Fix bug where some mail parts (images) could have not be listed as
attachments (#8425)
* Fix bug where attachment icons were stuck at the top of the messages list
in Safari (#8433)
* Fix handling of message/rfc822 parts that are small and are multipart
structures with a single part (#8458)
* Fix bug where session could time out if DB and PHP timezone were different
(#8303)
* Fix bug where DSN flag state wasn't stored with a draft (#8371)
* Fix broken encoding of HTML content encapsulated in a RTF attachment
(#8444)
* Fix problem with aria-hidden=true on toolbar menus in the Elastic
skin (#8517)
* Fix bug where title tag content was displayed in the body if it contained
HTML tags (#8540)
* Fix support for DSN specification without host e.g. pgsql:///dbname
(#8558)
|
|
3.7.0 (2022-02-07)
* Support to inline the content of small cidr:, pcre:, and regexp:
tables in Postfix parameter values. An example is the new
smtpd_forbidden_commands default value, "CONNECT GET POST
regexp:{{/^[^A-Z]/ Thrash}}", to quickly drop connections from
clients that send garbage.
* To make the maillog_file feature more useful, including stdout
logging from a container, the postlog(1) command is now set-gid
postdrop, so that unprivileged programs can use it to write
logging through the postlogd(8) daemon. This required hardening
the postlog(1) command against privilege escalation attacks.
* Support for library APIs: OpenSSL 3.0.0, PCRE2, Berkeley DB 18.
* Postfix programs now randomize the initial state of in-memory
hash tables, to defend against hash collision attacks involving
a large number of attacker-chosen lookup keys. Presently, the
only known opportunity for such attacks involves remote SMTP
client IPv6 addresses in the anvil(8) service, and requires
making hundreds of short-lived connections per second while
cycling through thousands of different client IP addresses.
* Updated defense against remote clients or servers that 'trickle'
SMTP or LMTP traffic. This replaces the old per-record deadlines
with per-request deadlines and minimum data rates.
* Many typofixes by raf and Wietse.
3.7.1 (2022-04-18)
* (problem introduced: Postfix 2.7) The milter_header_checks maps
are now opened before the cleanup(8) server enters the chroot
jail. Problem reported by Jesper Dybdal.
* In an internal client module, "host or service not found" was
a fatal error, causing the milter_default_action setting to be
ignored. It is now a non-fatal error, just like a failure to
connect. Problem reported by Christian Degenkolb.
* The proxy_read_maps default value was missing up to 27 parameter
names. The corresponding lookup tables were not automatically
authorized for use with the proxymap(8) service. The parameter
names were ending in _checks, _reply_footer, _reply_filter,
_command_filter, and _delivery_status_filter.
* (problem introduced: Postfix 3.0) With dynamic map loading
enabled, an attempt to create a map with "postmap regexp:path"
would result in a bogus error message "Is the postfix-regexp
package installed?" instead of "unsupported map type for this
operation". This happened with all non-dynamic map types (static,
cidr, etc.) that have no 'bulk create' support. Problem reported
by Greg Klanderman.
* In PCRE_README, "pcre2 --libs" should be "pcre2 --libs8". Problem
reported by Carlos Velasco.
* Documented in the postlogd(8) daemon manpage that the Postfix
>= 3.7 postlog(1) command can run with setgid permissions.
3.7.2 (2022-04-28)
This reverts an overly complex change in the postscreen SMTP engine
(made during Postfix 3.7 development), and replaces it with much
simpler code. The bad change was crashing postscreen on some systems
after receiving malformed input (for example, a TLS "hello" message).
|
|
Various benchmarks show this to be the best available option.
|
|
|
|
|
|
3.2: 26 Mar 2022
* [Conf] Score MIME_OBFUSCATED_ARCHIVE to 8 points
* [Conf] Set one_shot for URIBL rules by default
* [CritFix] Fix upstreams name resolution when there is also a port
* [Feature] Add ROC feature to neural network plugin
* [Feature] Add public suffic compilation utility
* [Feature] Add support of Cloudmark
* [Feature] Allow hyperscan for ppc64, as vectorscan now suports it.
* [Feature] Allow to skip DNS resolution for keep-alive connections
* [Feature] Aws_s3: Allow to store large parts separately
* [Feature] BIMI: Add preliminary version of the BIMI plugin
* [Feature] JSON endpoint for querying maps
* [Feature] Lua_magic: Add a sane CSV heuristic
* [Feature] Lua_mime: Add schema for message transfer
* [Feature] Output average scan time in /stat endpoint
* [Feature] Show average scan time in `rspamc stat` output
* [Fix] Add guards to avoid race condition on TCP connection
* [Fix] Allow spaces in DKIM key records
* [Fix] Apply the similar fix to the url_reputation
* [Fix] Avoid overwriting whitelisted_signers_map
* [Fix] Backport PR from libucl
* [Fix] Clear SSL errors
* [Fix] ClickHouse cleanup of old partitions
* [Fix] Do not double call error handler on ssl errors in the timeout path
* [Fix] Do not forget to clear pointers on IOC reset
* [Fix] External_relay: Remove useless check of the map value
* [Fix] Find suspicious url encodings that could break url extraction
* [Fix] Fix HTTP(s) client timeout
* [Fix] Fix exclude flags setting
* [Fix] Fix expanding of the variables
* [Fix] Fix host header usage in lua_http
* [Fix] Fix http maps shared memory cache cleanup
* [Fix] Fix logic in HTML processing FSM
* [Fix] Fix parsing of the compound mailto urls
* [Fix] Fix processing captures from pcre2
* [Fix] Fix removing from khash
* [Fix] Fix stuctured headers pushing
* [Fix] Further fix for i386 compilation
* [Fix] Improve duplicate settings error reporting
* [Fix] Lua: task:remove_result didn't work in some cases
* [Fix] Output service parts as well
* [Fix] Phishing: Deal with phishing + redirected URL
* [Fix] Phishing: Fix finding domains in the phishing map
* [Fix] Plug memory leak by using mempool for a copied address
* [Fix] Properly find the request and the number of requested entries
* [Fix] Rbl: Fix inversed logic of the url_full_hostname
* [Fix] Read file maps if they were not pre-read during preload
* [Fix] Restrict x86_64 assembly to x86_64
* [Fix] Return a real number of recipients when dealing with aliases
* [Fix] Rework unshedule DNS request function
* [Fix] Support definition of ungrouped symbol in conf file, use group info from lua or other conf file
* [Fix] Unschedule DNS request when clearing IO channel
* [Fix] When checking for phishing, we need to convert punicode -> UTF8, not vice versa
* [Fix] lua_cfg_transform - actions without score (discard)
* [Fix] lua_cfg_transform - silly break break actions
* [Fix] ratelimit - symbol per bucket
* [Project] BIMI: Fix helper integration issues
* [Project] Further DNS over TCP architecturing
* [Project] Rdns: Add more functions for TCP based requests
* [Project] Rdns: Add preliminary reading logic for TCP channels
* [Project] Rdns: Add reaper for inactive TCP connections
* [Project] Rdns: Add timeout logic for TCP requests
* [Project] Rdns: Do not treat TCP channels failure as fatal
* [Project] Rdns: Fix TCP connection mess
* [Project] Rdns: Fix TCP stuff cleanup
* [Project] Rdns: Fix various ownership issues
* [Project] Rdns: Implement TCP writing logic
* [Project] Rdns: Initial support of TCP IO channels
* [Project] Rdns: More fixes in TCP handling
* [Project] Rdns: Restore the previous EDNS0 size
* [Project] Rdns: Send truncated replies via TCP
* [Project] Rdns: Unregister TCP requests
* [Rework] Allow to restore SSL handlers after keepalive pooling
* [Rework] Allow to set a different behaviour for actions from settings
* [Rework] Include SSL flag into keepalive hash
* [Rework] Make `rspamadm dmarc_report` default behaviour more sane
* [Rework] Mempool: Use explicit alignment
* [Rework] Rdns: Use faster and more compact hash table for DNS requests
* [Rework] Rework SSL flag operations
* [Rework] Take disabled flag into account
* [Rework] Timeouts are now global per event and not reseted by IO activity
* [Rework] Use xxh3 as a default hash and fix memory/alignment issues
* [Rules] Fix old rules to stop global functions usage
* [Rules] Fix symbol for DKIM temporary failure
* [Rules] Remove ancient and inefficient rules
* [Rules] Slightly reduce MULTIPLE_FROM score
|
|
|
|
|
|
|
|
Rails 7.0.3.1 (2022-07-12) updates databases/ruby-activerecord70 only.
databases/ruby-activerecord70
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
|
|
Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only.
databases/ruby-activerecord61
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
|
|
Rails 6.0.5.1 (2022-07-12) updates databases/ruby-activerecord60 only.
databases/ruby-activerecord60
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
|
|
Rails 5.2.8.1 (2022-07-12) updates databases/ruby-activerecord52 only.
databases/ruby-activerecord52
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
|
|
Bump PKGREVISION
|
|
|
|
|
|
|
|
Use PKGNAME_NOREV instead of PKGNAME for DISTNAME.
|
|
New stuff we've added since 4.95:
- A new ACL condition: seen. Records/tests a timestamp against a key.
- A variant of the "mask" expansion operator to give normalised IPv6.
- UTC output option for exim_dumpdb, exim_fixdb.
- An event for failing TLS connects to the daemon.
- The ACL "debug" control gains options "stop", "pretrigger" and "trigger".
- Query-style lookups are now checked for quoting, if the query string is
built using untrusted data ("tainted"). For now lack of quoting is merely
logged; a future release will upgrade this to an error.
- The expansion conditions match_<list-type> and inlist now set $value for
the expansion of the "true" result of the ${if}. With a static list, this
can be used for de-tainting.
Notable removals since 4.95:
- the "allow_insecure_tainted_data" main config option and the
"taint" log_selector. These were deprecated in the 4.95 release.
|
|
This unbreaks the build, and should probably be pulled up.
|
|
|
|
|
|
2.3.19.1
- doveadm deduplicate: Non-duplicate mails were deleted. v2.3.19 regression.
- auth: Crash would occur when iterating multiple backends.
Fixes: Panic: file userdb-blocking.c: line 125 (userdb_blocking_iter_next): assertion failed: (ctx->conn != NULL)
|
|
makedefs already contains the FreeBSD 12 stanza but not version 13.
From cubadevelop via Github Pull Request.
Fixes NetBSD/pkgsrc#97
|
|
Bump PKGREVISION.
|
|
7.0.3 (2022-05-12)
* No change except version.
|
|
7.0.3 (2022-05-12)
* No change except version.
|
|
Ruby on Rails 6.1.6 (2022-05-12)
Active Support
* Fix and add protections for XSS in ActionView::Helpers and ERB::Util.
Add the method ERB::Util.xml_name_escape to escape dangerous characters in
names of tags and names of attributes, following the specification of XML.
Action View
* Fix and add protections for XSS in ActionView::Helpers and ERB::Util.
Escape dangerous characters in names of tags and names of attributes in
the tag helpers, following the XML specification. Rename the option
:escape_attributes to :escape, to simplify by applying the option to the
whole tag.
Action Pack
* Allow Content Security Policy DSL to generate for API responses.
|
|
Ruby on Rails 6.0.5 (2022-05-12)
Active Support
* Fix tag helper regression.
Action Text
* Disentangle Action Text from ApplicationController
Allow Action Text to be used without having an ApplicationController
defined.
This makes sure:
- Action Text attachments render the correct URL host in mailers.
- an ActionController::Renderer isn't allocated per request.
- Sidekiq doesn't hang with the "classic" autoloader.
|
|
Ruby on Rails 5.2.8 (2022-05-12)
Active Support
* Fix tag helper regression.
Action View
* Make `LoadInterlockAwareMonitor` work in Ruby 2.7.
* Retain Ruby 2.2 compatibility.
|
|
This is a bug-fix release, fixing a variety of small issues.
|
|
|
|
|
|
pkgsrc changes:
- Remove OAUTHBEARER patches for IMAP, part of 2.1 release
Changes:
2.1
---
- Add support for LMTP
- Add support for XOAUTH2 for IMAP
- Add support for OAUTHBEARER for IMAP
- Several bug fixes and improvements
|
|
|
|
|
|
|
