| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Changes:
o Message address fields are now parsed differently, fixing some
issues with spaces. Affects only clients which use FETCH ENVELOPE
command.
o Message MIME parser was somewhat broken with missing MIME boundaries
o mbox: Don't allow X-UID headers in mails to override the UIDs we
would otherwise set. Too large values can break some clients and
cause other trouble.
o passwd-file userdb wasn't working
o PAM crashed with 64bit systems
o non-SSL inetd startup wasn't working
o If UID FETCH notices and skips an expunged message, don't return
a NO reply. It's not needed and only makes clients give error
messages.
|
|
changed after perl5-configure had been run and the Makefile created.
For some people, this resulted in a message
Makefile out-of-date with respect to Makefile.PL
at the build stage.
Omitting the first substitution (sa1) and the corresponding part of
patch-ab solved this. This patch had been unnecessary for some time
anyway.
This should resolve pkg/29255.
|
|
PKG_OPTION_VAR -> PKG_OPTIONS_VAR
|
|
|
|
changes since 0.80 (summarized to include only the significant
changes. other changes are documentation updates and misc. bug fixes.
see the full ChangeLog for details).
Sat Feb 5 16:48:46 CET 2005 (tk)
---------------------------------
* libclamav: activate RIFF code (patch by Trog)
Sat Feb 5 16:17:41 CET 2005 (tk)
---------------------------------
* libclamav/scanners.c: do not report Suspected.Zip on standard breaking zip
archives created by ICEOWS (problem reported by
Hamacker <sirhamacker*vidy.com.br> and Dirk Mueller
<mueller*kde.org>)
Sat Feb 5 09:39:48 GMT 2005 (trog)
-----------------------------------
* libclamav/special.c: support for big-endian system in RIFF code.
Fri Feb 4 10:02:08 GMT 2005 (trog)
-----------------------------------
* libclamav/special.c: check RIFF files for MS05-002. Not yet activated.
Thu Feb 3 21:09:34 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Speed improvements in the handling of bounce messages
Wed Feb 2 08:32:46 GMT 2005 (njh)
----------------------------------
* clamav-milter: Call watchdog when neither SESSION nor --external is
given
Tue Feb 1 14:47:21 GMT 2005 (njh)
----------------------------------
* libclamav/blob.c: Sanitise tab characters in filenames ("Heinz Martin"
<Martin*hemag.ch>)
Decode encapsulated messages that have for some reason
been base64 encoded (even though they're already
7 bit)
Tue Feb 1 08:54:46 GMT 2005 (njh)
----------------------------------
* clamav-milter: Delete X-Virus-Status in clamfi_eom not in
clamfi_header. Patch by Jef Poskanzer
<jef*acme.com>
X-Virus-Status now says that virus that it's infected
with. Suggestion by "Hank Beatty"
<hbeatty*starband.net>
Mon Jan 31 11:05:20 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Empty lines should the end of the headers,
but some base64 decoders, e.g. uudeview, are
broken and will handle this type of entry,
decoding the base64 content that's after the
text that's after the header
Sun Jan 30 15:18:02 GMT 2005 (njh)
----------------------------------
* clamav-milter: SESSION is on now by default, to test clamd
PACKADDR is now uses unsinged to remove warning on
Sun's C compiler, patch by
"Dugal James P." <jpd*louisiana.edu>
Don't check compatibility with sendmail.cf if sendmail
is running on a different machine
Fri Jan 28 08:51:08 GMT 2005 (njh)
----------------------------------
* clamav-milter: Some error messages still talked about --internal
Scanmail not set warning is now only given if
DisableDefaultScanOptions is set
Thu Jan 27 14:11:13 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Scan sendmail queue df* files
Thu Jan 27 10:55:35 GMT 2005 (njh)
----------------------------------
* clamav-milter: Don't scan emails intended for the --quarantine address,
that stops scanning of emails generated with
viruses if --outgoing has been set
Downgraded scanmail not defined if --external isn't
given from error to warning
Added -i flag when calling sendmail, suggested by
Michal Jaegermann <michal*harddata.com>
Thu Jan 27 01:35:35 CET 2005 (tk)
---------------------------------
* freshclam/manager.c: add support for HTTP/1.0 ansers in IMS (--no-dns) mode
(patch by Sven Strickroth <sstrickroth*gym-oha.de>)
Wed Jan 26 19:27:57 CET 2005 (tk)
---------------------------------
V 0.81
Tue Jan 25 08:12:51 GMT 2005 (njh)
----------------------------------
* clamav-milter: Internal mode is now the default. Removed --internal
option, added --external.
Don't use clamd's SESSION mode, since that causes
problems with clamd/freshclam when freshclam
is run. SESSION mode can be enabled from
the source code. Most people can use SESSION
mode safely, but it has caused problems on BSD
Mon Jan 24 13:56:19 GMT 2005 (njh)
----------------------------------
* libclamav/message.c: Some Exploit.IE.CrashSOS were not being caught,
found by Carsten.Borchardt*drs-systemberatung.de
Sat Jan 22 13:45:42 GMT 2005 (njh)
----------------------------------
* clamav-milter: If forwarding to a quarantine user fails log as LOG_ERR
not LOG_DEBUG
Try to santity check that the input socket name is the
same as the same given to sendmail
Redirect stdout and stderr to LogFile, if that is set
--quarantine didn't redirect to the given email address
if --internal was used (reported by N Fung
<nsfung*yahoo.com>)
Sun Jan 16 06:28:59 CET 2005 (tk)
---------------------------------
* libclamav/pe.c: attempt to detect W32.Parite.B using cryptanalysis (thanks
to aCaB for info on detection)
Fri Jan 14 16:12:21 GMT 2005 (trog)
-----------------------------------
* libclamav/filetypes.c: add a few more HTML filetype markers
Fri Jan 14 14:53:59 GMT 2005 (trog)
-----------------------------------
* libclamav/htmlnorm.c: RFC2397 ("data" URL scheme) support.
* libclamav/scanner.c: scan RFC2397 data.
Wed Jan 12 08:58:29 GMT 2005 (njh)
----------------------------------
* clamav-milter: Fixed DNS resolution error messages which could print
the incorrect hostname that is not being resolved. Patch from
Yar Tikhiy <yar*comp.chem.msu.su>
Tue Jan 11 02:27:24 CET 2005 (tk)
---------------------------------
* libclamav/scanners.c: Fix possible crash when handling file information in
corrupted zip archives (problem reported by
Reinhard Max <max*suse.de>)
Sun Jan 9 21:24:58 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Some HTML.Phishing.Bank-41 were getting through
Sun Jan 9 11:38:39 GMT 2005 (njh)
----------------------------------
* libclamav/mbox.c: Add support for messages that break RFC2047
Sat Jan 8 02:53:20 CET 2005 (tk)
---------------------------------
* libclamav/filetypes.c: Add support for mail files parsed by CMU Sieve
(samples provided by Stefan Kaltenbrunner
<stefan*kaltenbrunner.cc>)
Wed Jan 5 21:09:14 GMT 2005 (njh)
----------------------------------
* libclamav/message.c: Fix crash caused when looking for non-existant
uuencoded files. This happens when the stated encoding
method is wrong so we have to try all methods and
including those which will fail
Mon Dec 27 05:01:54 CET 2004 (tk)
---------------------------------
* freshclam/manager.c: use If-Modified-Since in --no-dns mode (based on code
by Reini Urban <rurban*x-ray.at>)
Mon Dec 27 01:09:20 CET 2004 (tk)
---------------------------------
* libclamav/scanners.c: Add missing ArchiveBlockMax rule for recursion limit
(reported by HR <haavard*zyf.no-ip.org>)
Sun Dec 19 17:01:56 GMT 2004 (njh)
----------------------------------
* clamav-milter: Correctly warn that --max_childen must be given in SESSION
mode if LocalSocket is used and MaxThreads isn't given in
clamd.conf. max_children is needed to know how many sessions
to initiate to clamd(s)
Tue Dec 14 11:36:43 GMT 2004 (trog)
-----------------------------------
* libclamav/vba_extract.c:
- Add signature for MacOffice 2004
- Guess endianness of unknown versions of MS Office.
Tue Dec 14 11:15:22 GMT 2004 (trog)
-----------------------------------
* sigtool/options.c sigtool/sigtool.c: New options: --vba and --vba-hex
* sigtool/vba.c sigtool/vba.h: New files. Code to extract VBA/Word6 macros
Tue Dec 7 23:40:30 CET 2004 (tk)
---------------------------------
* configure: added --disable-zlib-vcheck (allows building on potentially
buggy zlib versions (1.2.0 & 1.2.1))
Tue Dec 7 19:25:06 GMT 2004 (njh)
----------------------------------
* clamav-milter: Ensure that the daily quarantine directory is created
Tue Dec 7 02:48:08 CET 2004 (tk)
---------------------------------
* clamd: added support for file descriptor passing (patch by Richard Lyons
<frob-clamav*webcentral.com.au>)
Mon Dec 6 22:33:26 GMT 2004 (njh)
----------------------------------
* clamav-milter: Ensure the date is kept in the quarantine path
Wed Dec 1 22:29:33 GMT 2004 (njh)
----------------------------------
* clamav-milter: Added --internal flag (some functionality to do)
SESSIONS: Don't hang when StreamMaxLength is hit
Wed Dec 1 13:14:33 GMT 2004 (njh)
----------------------------------
* libclamav/mbox.c: Decode text/plain parts marked as being encoded,
reported by Trog
Mon Nov 29 00:23:55 CET 2004 (tk)
---------------------------------
* clamdscan: add support for --move and --remove options
Sun Nov 28 16:30:18 GMT 2004 (njh)
----------------------------------
* libclamav/message.c: Allow lower case hex in quoted-printable
messages
Sat Nov 27 14:40:55 GMT 2004 (njh)
----------------------------------
* libclamav/mbox.c: Honour section 7.2.6 of RFC1521
Sat Nov 27 13:18:42 GMT 2004 (njh)
----------------------------------
* libclamav: Assume x-uue is the same as x-uuencode
If uudecoding fails and other possibilities have been
registered, don't take the failure as fatal, also try
the other decoding methods
Thu Nov 25 18:38:06 CET 2004 (tk)
---------------------------------
* clamd: new directives StreamMinPort and StreamMaxPort (allow port range
specification for stream mode). Patch by Alexander Marx
<mad-ml*madness.at>)
Thu Nov 18 20:28:13 CET 2004 (tk)
---------------------------------
* libclamav: add support for Mac's HQX file format (patch by Nigel)
Thu Nov 18 11:03:14 CET 2004 (tk)
---------------------------------
* libclamav: try to detect (and mark as Suspected.Zip) zip archives with
modified information in local header
Fri Nov 12 09:44:23 GMT 2004 (njh)
----------------------------------
* libclamav/mbox.c: Draft of RFC1341 support is now on by default.
Fragments arriving out of order are not scanned (yet).
If you use clamav-milter to load balance clamd across
servers you will need to ensure that the partial
directory is on a shared directory (e.g. NFS)
Mon Nov 8 15:24:18 CET 2004 (tk)
---------------------------------
* clamd: new directive ExitOnOOM (stop deamon when libclamav reports out of
memory condition)
Wed Nov 3 12:47:41 GMT 2004 (njh)
----------------------------------
* libclamav/clamav-milter: Save the original subject as X-Original-Subject
when running in advisory or qurantine mode
SESSION mode: warn when no clamd can be reached
Wed Oct 27 13:36:14 BST 2004 (njh)
----------------------------------
* clamav-milter: Remove X-VIRUS-STATUS on incoming messages
Plug remote possibility of file descriptor leak
Return EX_OSERR if fork fails, not EX_TEMPFAIL
If clamav-milter points to more than one server, ensure
that the version information for that server is
added to the header
Update version information in the watchdog. There may
therefore be a delay between the server updating
and this being reflected in the headers
|
|
PR pkg/28606. bump PKGREVISION.
while here, silence the pre-configure and post-build targets.
|
|
Need smmsp=NO. Must stop smmsp and sendmail before editing rc.conf!
XXX: The version I built used /etc/aliases, not /usr/pkg/etc/exim/aliases
which is what this file output - but I wasn't installing the current version.
|
|
|
|
- Fix smrsh man page patch
- Tidy up MESSAGE
- Replace 8.13.1 errata with 8.13.3 errata
- Remove rename of file outside ${PREFIX} on db2 installs
> 8.13.3/8.13.3 2005/01/11
> Enhance handling of I/O errors, especially EOF, when STARTTLS
> is active.
> Make sure a connection is not reused after it has been closed
> due to a 421 error. Problem found by Allan E Johannesen
> of Worcester Polytechnic Institute.
> Avoid triggering an assertion when sendmail is interrupted while
> closing a connection. Problem found by Allan E Johannesen
> of Worcester Polytechnic Institute.
> Regression: a change in 8.13.2 caused sendmail not to try the
> next MX host (or FallbackMXhost if configured) when, at
> connection open, the current server returns a 4xy or 5xy
> SMTP reply code. Problem noted by Mark Tranchant.
>
> 8.13.2/8.13.2 2004/12/15
> Do not split the first header even if it exceeds the internal
> buffer size. Previously a part of such a header would
> end up in the body of the message. Problem noted by
> Simple Nomad of BindView.
> Do not complain about "cataddr: string too long" when checking
> headers that do not contain RFC 2822 addresses.
> Problem noted by Rich Graves of Brandeis University.
> If a server returns a 421 reply to the RSET command between
> message deliveries, do not attempt to deliver any more
> messages on that connection. This prevents bogus "Bad
> file number" recipient status. Problem noted by
> Allan E Johannesen of Worcester Polytechnic Institute.
> Allow trailing white space in EHLO command as recommended by RFC
> 2821. Problem noted by Ralph Santagato of SBC Services.
> Deal with clients which use AUTH but negotiate a smaller buffer size
> for data exchanges than the value used by sendmail, e.g.,
> Cyrus IMAP lmtp server. Based on patch by Jamie Clark.
> When passing ESMTP arguments for RCPT to a milter, do not cut
> them off at a comma. Problem noted by Krzysztof Oledzki.
> Add more logging to milter change header functions to
> complement existing logging. Based on patch from
> Gurusamy Sarathy of Active State.
> Include <lber.h> in include/sm/config.h when LDAPMAP is defined.
> Patch from Edgar Hoch of the University of Stuttgart.
> Fix DNS lookup if IPv6 is enabled when converting an IP address
> to a hostname for use with SASL. Problem noted by Ken Jones;
> patch from Hajimu UMEMOTO.
> CONFIG: For consistency enable MODIFY_MAILER_FLAGS for the prog
> mailer. Patch from John Beck of Sun Microsystems.
> LIBMILTER: It was possible that xxfi_abort() was called after
> xxfi_eom() for a message if some timeouts were triggered.
> Patch from Alexey Kravchuk.
> LIBMILTER: Slightly rearrange mutex use in listener.c to allow
> different threads to call smfi_opensocket() and smfi_main().
> Patch from Jordan Ritter of Cloudmark.
> MAIL.LOCAL: Properly terminate MBDB before exiting. Problem
> noted by Nelson Fung.
> MAIL.LOCAL: make strip-mail.local used a wrong path to access
> mail.local. Problem noted by William Park.
> VACATION: Properly terminate MBDB before exiting. Problem noted
> by Nelson Fung.
> Portability:
> Add support for DragonFly BSD.
> New Files:
> cf/ostype/dragonfly.m4
> devtools/OS/DragonFly
> include/sm/os/sm_os_dragonfly.h
> Deleted Files:
> libsm/vsscanf.c
|
|
|
|
|
|
|
|
and also they don't include version information in file name.
This is not an update.
|
|
* New IPv6 patch
|
|
-Replaced the generic "ezmlm response" subject with unique subjects.
-Fixed failure to build/link ezmlm-mktab in the Makefile.
-Fixed a typo in the ezmlm-manage man page. Thanks Charles Cazabon.
-Updated the pt_BR language texts. Thanks Glen Stewart.
-Fixed broken invocation of ezmlm-confirm in ezmlmrc. Thanks SATOH
Fumiyasu.
-Fixed ezmlmrc template problem with moderated lists.
-Fixed a deadlock between ezmlm-confirm and ezmlm-store.
|
|
When displaying 'rows of -', stop at 77 rather than 79 to avoid pine
wrapping the lines.
|
|
within NetBSD-current's bsd.own.mk, which conflicts with its usage in
pkgsrc. The package that use USE_PAM have been converted to use the
bsd.options.mk framework. This should fix PR pkg/29257.
|
|
-previously, if an SSL POP3 or IMAP server abruptly closed the connection
before getmail could finish logging in, getmail would exit instead of
proceeding to the next configured mail account. Fixed. Thanks: Matthias
Andree, Frank Benkstein, Thomas Schwinge.
-eliminate duplicate Return-Path: header fields. Thanks: Angles Puglisi.
|
|
according to the maintainer website.
Changes since 1.2.0:
1.3.1
=====
- it is now possible to run an arbitrary command on a selected
attachment
- made elmo less conservative about the format of the message
- updated translations
- several bugfixes
1.3.0
=====
- rewritten networking
- full-asynchronous, working POP3 support, you don't have to bother
whether the message has been already fetched or not any more
- elmo checks your POP3 accounts and plays sound, when there is mail
waiting on one of them
|
|
Changes in 2.5 PL7
- a few display issues fixed (from Kenneth Reek)
- buffer overflow in frm fixed
Changes in 2.5 PL6
- Fixed message-id in the In-Reply-To header.
- Actually show the -r option in the usage
- Whacked a few more places where we might follow a symlink in tmpdir
- Fastmail didn't grok commas correctly.
- Change lock.c to not use errno unless there's an errno
|
|
- use "test -r" instead of "test -e"
- use ${INSTALL_*}
|
|
Changes since 1.2.3.1:
1.3.1:
Fixing dumb compiling bugs [BUG: #1108485]. GCC lets me write incorrect code!
Small modifications to tnef.spec.in as suggested by jmsl@users.sf.net
[BUG: #1102128]
Corrected type problems to improve portability to 64 bit systems and Mac.
1.3:
Adding feature to allow for saving of RTF data.
|
|
Changes since 1.0.0:
* Gpgme-1.0 has been supported (thanks to Toshio Kuratomi).
- A warning is displayed if a key for encryption is untrusted.
- The status of signature validity became more descriptive.
- Signatures inside nested multipart are now recognized.
* Messages are not retrieved multiple times anymore after POP3
session is aborted.
* Other bugfixes have been made.
Changes since 1.0.0rc:
* The first official release.
* The escaping of special characters in action commands has been
modified.
* The crash on deleting a remote account has been fixed.
Changes since 1.0.0beta4:
* The IMAP4 parser has been fixed for 64-bit platforms.
* Users are now asked to switch to online mode when sending in
offline.
* The line-joining problem of auto-wrapping has been fixed.
* Special characters are now properly escaped when executing action
commands.
* Some compiler warnings have been removed.
Changes since 1.0.0beta3:
* The Japanese manual has been updated.
* Some icons have been modified, and unused icons have been removed.
* The menu strings have been fixed.
* The workaround for invalid CR characters on POP3 has been made.
|
|
bump to pine-pgp-filters-1.1nb1
|
|
Changes in Exim version 4.44
1. Change 4.43/35 introduced a bug that caused file counts to be
incorrectly computed when quota_filecount was set in an appendfile
transport
2. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
place.
3. Give more explanation in the error message when the command for a transport
filter fails to execute.
4. There are several places where Exim runs a non-Exim command in a
subprocess. The SIGUSR1 signal should be disabled for these processes. This
was being done only for the command run by the queryprogram router. It is
now done for all such subprocesses. The other cases are: ${run, transport
filters, and the commands run by the lmtp and pipe transports.
5. Some older OS have a limit of 256 on the maximum number of file
descriptors. Exim was using setrlimit() to set 1000 as a large value
unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
systems. I've change it so that if it can't get 1000, it tries for 256.
6. "control=submission" was allowed, but had no effect, in a DATA ACL. This
was an oversight, and furthermore, ever since the addition of extra
controls (e.g. 4.43/32), the checks on when to allow different forms of
"control" were broken. There should now be diagnostics for all cases when a
control that does not make sense is encountered.
7. $recipients is now available in the predata ACL (oversight).
8. Tidy the search cache before the fork to do a delivery from a message
received from the command line. Otherwise the child will trigger a lookup
failure and thereby defer the delivery if it tries to use (for example) a
cached ldap connection that the parent has called unbind on.
9. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
of $address_data from the recipient verification was clobbered by the
sender verification.
10. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
was its contents. (It was OK if the option was not defined at all.)
11. A "Completed" log line is now written for messages that are removed from
the spool by the -Mrm option.
12. $host_address is now set to the target address during the checking of
ignore_target_hosts.
13. When checking ignore_target_hosts for an ipliteral router, no host name was
being passed; this would have caused $sender_host_name to have been used if
matching the list had actually called for a host name (not very likely,
since this list is usually IP addresses). A host name is now passed as
"[x.x.x.x]".
14. Changed the calls that set up the SIGCHLD handler in the daemon to use the
code that specifies a non-restarting handler (typically sigaction() in
modern systems) in an attempt to fix a rare and obscure crash bug.
15. Narrowed the window for a race in the daemon that could cause it to ignore
SIGCHLD signals. This is not a major problem, because they are used only to
wake it up if nothing else does.
16. A malformed maildirsize file could cause Exim to calculate negative values
for the mailbox size or file count. Odd effects could occur as a result.
The maildirsize information is now recalculated if the size or filecount
end up negative.
17. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this
support for a long time. Removed HAVE_SYS_VFS_H.
18. Updated exipick to current release from John Jetmore.
19. Allow an empty sender to be matched against a lookup in an address list.
Previously the only cases considered were a regular expression, or an
empty pattern.
20. Exim went into a mad DNS lookup loop when doing a callout where the
host was specified on the transport, if the DNS lookup yielded more than
one IP address.
21. The RFC2047 encoding function was originally intended for short strings
such as real names; it was not keeping to the 75-character limit for
encoded words that the RFC imposes. It now respects the limit, and
generates multiple encoded words if necessary. To be on the safe side, I
have increased the buffer size for the ${rfc2047: expansion operator from
1024 to 2048 bytes.
22. Failure to deliver a bounce message always caused it to be frozen, even if
there was an errors_to setting on the router. The errors_to setting is now
respected.
23. If an IPv6 address is given for -bh or -bhc, it is now converted to the
canonical form (fully expanded) before being placed in
$sender_host_address.
24. Updated eximstats to version 1.33
25. Include certificate and key file names in error message when GnuTLS fails
to set them up, because the GnuTLS error message doesn't include the name
of the failing file when there is a problem reading it.
26. Expand error message when OpenSSL has problems setting up cert/key files.
As per change 25.
27. Reset the locale to "C" after calling embedded Perl, in case it was changed
(this can affect the format of dates).
28. exim_tidydb, when checking for the continued existence of a message for
which it has found a message-specific retry record, was not finding
messages that were in split spool directories. Consequently, it was
deleting retry records that should have stayed in existence.
29. eximstats updated to version 1.35
1.34 - allow eximstats to parse syslog lines as well as mainlog lines
1.35 - bugfix such that pie charts by volume are generated correctly
30. The SPA authentication driver was not abandoning authentication and moving
on to the next authenticator when an expansion was forced to fail,
contradicting the general specification for all authenticators. Instead it
was generating a temporary error. It now behaves as specified.
31. The default ordering of permitted cipher suites for GnuTLS was pessimal
(the order specifies the preference for clients). The order is now AES256,
AES128, 3DES, ARCFOUR128.
31. Small patch to Sieve code - explicitly set From: when generating an
autoreply.
32. Exim crashed if a remote delivery caused a very long error message to be
recorded - for instance if somebody sent an entire SpamAssassin report back
as a large number of 550 error lines. This bug was coincidentally fixed by
increasing the size of one of Exim's internal buffers (big_buffer) that
happened as part of the Exiscan merge. However, to be on the safe side, I
have made the code more robust (and fixed the comments that describe what
is going on).
33. Some experimental protocols are using DNS PTR records for new purposes. The
keys for these records are domain names, not reversed IP addresses. The
dnsdb PTR lookup now tests whether its key is an IP address. If not, it
leaves it alone. Component reversal etc. now happens only for IP addresses.
CAN-2005-0021
34. The host_aton() function is supposed to be passed a string that is known
to be a valid IP address. However, in the case of IPv6 addresses, it was
not checking this. This is a hostage to fortune. Exim now panics and dies
if the condition is not met. A case was found where this could be provoked
from a dnsdb PTR lookup with an IPv6 address that had more than 8
components; fortuitously, this particular loophole had already been fixed
by change 4.50/55 or 4.44/33 above.
If there are any other similar loopholes, the new check in host_aton()
itself should stop them being exploited. The report I received stated that
data on the command line could provoke the exploit when Exim was running as
exim, but did not say which command line option was involved. All I could
find was the use of -be with a bad dnsdb PTR lookup, and in that case it is
running as the user.
CAN-2005-0021
35. There was a buffer overflow vulnerability in the SPA authentication code
(which came originally from the Samba project). I have added a test to the
spa_base64_to_bits() function which I hope fixes it.
CAN-2005-0022
36. The daemon start-up calls getloadavg() while still root for those OS that
need the first call to be done as root, but it missed one case: when
deliver_queue_load_max is set with deliver_drop_privilege. This is
necessary for the benefit of the queue runner, because there is no re-exec
when deliver_drop_privilege is set.
37. Caching of lookup data for "hosts =" ACL conditions, when a named host list
was in use, was not putting the data itself into the right store pool;
consequently, it could be overwritten for a subsequent message in the same
SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked
the caching.)
38. Sometimes the final signoff response after QUIT could fail to get
transmitted in the non-TLS case. Testing !tls_active instead of tls_active
< 0 before doing a fflush(). This bug looks as though it goes back to the
introduction of TLS in release 3.20, but "sometimes" must have been rare
because the tests only now provoked it.
|
|
Changes:
1.3 [2005-01-27]
- Fixed crasher when outgoing connection couldn't be established
- Removed erroneous chown line from clamsmtpd.sh
|
|
Bump BUILDLINK_DEPENDS of pico, and the PKGREVISION of both pico and pine.
To help avoid this problem in the future, add a comment to pico/Makefile,
indicating where the shlib version is maintained and when it should be bumped.
|
|
> apply a patch from evution CVS:
> 2005-01-20 Not Zed <NotZed@Ximian.com>
> * camel-lock-helper.c (main): since malloc(MAXINT+1) returns a
> valid pointer, validate the length of the path before using it.
> set maximum path to 65000 characters. Spotted by Max Vozeler
> <max@hinterhof.net>
>
> This fixes the security vulnerability refered to as CAN-2005-0102.
> bump PKGREVISION
|
|
|
|
- Explicitly add "--disable-ipv6" when inet6 is disabled.
- Fix compile error when inet6 is disabled. This should fix PR pkg/28805.
|
|
Bump PKG_REVISION.
|
|
like "*.orig" by find(1).
|
|
like "*.orig" by find(1).
|
|
|
|
> apply a patch from evution CVS:
> 2005-01-20 Not Zed <NotZed@Ximian.com>
> * camel-lock-helper.c (main): since malloc(MAXINT+1) returns a
> valid pointer, validate the length of the path before using it.
> set maximum path to 65000 characters. Spotted by Max Vozeler
> <max@hinterhof.net>
>
> This fixes the security vulnerability refered to as CAN-2005-0102.
> bump PKGREVISION
|
|
2005-01-20 Not Zed <NotZed@Ximian.com>
* camel-lock-helper.c (main): since malloc(MAXINT+1) returns a
valid pointer, validate the length of the path before using it.
set maximum path to 65000 characters. Spotted by Max Vozeler
<max@hinterhof.net>
This fixes the security vulnerability refered to as CAN-2005-0102.
bump PKGREVISION
|
|
Additions include:
* Enable-Newmail-in-Xterm-Icon now also sets the title bar text to
indicate new mail
* New feature Enable-Newmail-Short-Text-in-Icon
* New UNIX Pine feature NewMail-FIFO-Path
* New feature NewMail-Window-Width
* Select command may use the pattern from an existing Rule (for
example, an Indexcolor Rule) for its selection criteria
* Beginning of Month and Beginning of Year options in Rules
* Some additional tokens having to do with the current date may be
used in the folder name that is used as a target in a Filter Rule.
For example, you may filter messages to a folder named for the
current month by using the _CURYEAR_ and _CURMONTH_ tokens in the
folder name. The (long) list of all such tokens is here.
* Three additional tokens for use with Keywords may be used in the
Index-Format. They are SUBJKEYINIT, KEY, and KEYINIT (in addition
to the old SUBJKEY).
* Keywords may be displayed in color using Keyword Colors, available
from the Setup/Kolor screen
* The Keyword-Surrounding-Chars option may be used to slightly
modify the display of SUBJKEYINIT and SUBJKEY tokens.
* The Enable-Flag-Screen-Keyword-Shortcut option adds a shortcut
method of setting keywords
* When performing an aggregate reply (or forward), if the Role that
would be selected when replying (or forwarding) to each individual
message in the set is the same for all the messages, then that
role is used just like it would be when replying (or forwarding)
to any one of those messages.
* Delete/No Delete prompt added to Save command so that the source
message may be deleted or not on a Save-by-Save basis
* Status-Message-Delay option now allows reducing the status message
delays Pine sometimes adds
* New feature Save-Partial-Msg-Without-Confirm
* New feature Disable-Take-Fullname-in-Addresses
* New feature Sort-Default-FCC-Alpha
* New feature Sort-Default-Save-Alpha
* For selecting messages by Status, add the possibility of selecting
based on Recent or Unseen status
* Allow Take command to take addresses from html and enriched text
subtypes, as well as from plain text
Bugs that have been addressed in this release include:
* Crash when sending a message with a Role that sets the To header
if the Empty-Header-Message is set to
* Pine hangs in composer after alternate editor or speller is run
and new mail arrives that causes an External Categorizer command
to be executed
* Crash in MESSAGE INDEX when using a threaded sort. The crash is
most common when the sort is Reversed.
* Pine could crash or hang when the window was resized down to 3
lines or fewer while in the composer
* In the Role editor the "To Folders" command for the "Set Fcc"
action did not work
* After running Pine for a long time, it would slow down until
restarted
* Export command in FOLDER LIST did not work with dual-use folders
* When the Send-Without-Confirm option was turned on, flowed text
was not produced and the Fcc-Without-Attachments feature did not
work
* Display bug, folder was not un-highlighted
* When viewing a message from the separate thread index, new mail
arrival could cause Pine to leave the MESSAGE TEXT screen and drop
back to the MESSAGE INDEX screen on its own
* When the UnDelete command was typed in the composer with the
cursor in the middle of a header line, the text was inserted at
the beginning of the line instead of at the location of the cursor
* When some messages from a thread were selected (not including the
top of the thread), the view was Zoomed, and the feature
Slash-Collapses-Entire-Thread was turned on; the collapse command
caused messages to disappear from the view entirely
* Incorrect character conversions were possible when going from
ISO-8859-X to ISO-8859-1
* Quell-Charset-Warning will now also quell the short comment
included in header lines about the charset being different from
yours in addition to quelling the editorial comment at the top of
a message. This is the stuff that looks like "[ISO-8859-2]" in a
header line.
* If the Down Arrow key was held down it caused Pine to do a new
mail check for each repeated character, which caused a delay when
the key was held down by mistake. Changed that so that it does at
most one check per second.
* An unnecessary sort of the folder (causing a delay) was happening
when closing if a filter rule depended on message state
* Mouse in xterm failed when clicking in the folder screen
* Enable-Dot-Folders feature did not allow adding folders with names
beginning with dot
* When replying to a TEXT/ENRICHED message Pine was failing to
filter out the ENRICHED markup
* Crash caused by malformed ISO-2022-JP in header
* Crash when changing Inbox-Path if INBOX was not the current folder
* Adding a collection on a Cyrus server did not work if the folder
already existed (Pine tried to create it and failed)
* Pine gave incorrect messages when deleting dual-use
folders/directories
* Saving an attached message to INBOX from another collection did
not work correctly (it tried to create INBOX in the collection
instead)
* In some circumstances, Pine could announce "No messages expunged
from folder " after an expunge command that actually worked
correctly
* Allow alternate editor to use quoted arguments
* News drop folders weren't using the correct newsrc with
Enable-Multiple-Newsrcs enabled
* Error decoding some 8-bit headers, typically showing up as a
garbage character at the end of a name
|
|
|
|
messages.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
imap-2004c:
fixes to quoted-printable encoding and CRAM-MD5 authentication.
NNTP proxy in imapd now supports the LIST and LSUB commands.
imap-2004b:
There are new ports for Solaris with Blastwave Community Open
Source Software (gcs) and Mandrake Linux (lmd).
SET_SNARFINTERVAL now controls how frequently local drivers
will move new mail from the mail spool as well as from a
maildrop. Maildrops are still tied to a minimum interval of
1 minute, but there is now no minimum for the spool file.
Character set conversions now map non-breaking space to space
if the destination character set doesn't have nbsp. JIS Roman
yen sign is now mapped to Unicode yen sign.
|
|
|
|
python*-pth packages into meta-packages which will install the non-pth
packages. Bump PKGREVISIONs on the non-pth versions to propagate the
thread change, but leave the *-pth versions untouched to not affect
existing installations.
Sync all PYTHON_VERSIONS_AFFECTED lines in package Makefiles.
|
|
of this package (perhaps xtraeme@ or schmontz@ who made most changes?)
|
|
related code
|
