| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
- perform hostname-vs-certificate matching of SSL certificate if
validating the certifcate. Thanks: "mancha".
- fix missing plaintext versions of documentation.
Updating this leaf package during the freeze for the security fix.
|
|
|
|
|
|
- add extended SSL options for IMAP retrievers, allowing certificate
verification and other features. Thanks: Steven Murdoch.
- fix missing plaintext versions of documentation. Thanks: Osamu Aoki.
- fix "Header instance has no attribute 'strip'" error which cropped
up in some configurations. Thanks: Krzysztof Warzecha.
Updating this leaf package during the freeze for security improvements
and bugfixes.
|
|
|
|
|
|
* Sync with thunderbird 24.4.0
|
|
Changelog:
Fixed in Thunderbird 24.4
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
|
|
Fix buffer overrun caused by not updating a string length after
address expansion.
http://dev.mutt.org/hg/mutt/rev/9bf7593e3c08
|
|
|
|
|
|
|
|
|
|
|
|
* 3.3.1 (stable)
* IMAP: "INBOX" folder became case insensitive as specified in RFC 3501.
* IMAP: server name for cache directory is escaped now
(fixes cache creation when using IPv6 address for server name on Windows).
* IMAP: the bug that double-quote (") and backslash (\) in
folder/username/password were not escaped and could not be used on IMAP4
was fixed.
* IMAP: parsing of folder names that contain brackets was fixed.
* Config.guess and config.sub included in the tarball were updated to the
latest version.
* The bug that 'File - Folder - Move folder...' menu didn't work was
fixed.
* The bug that MIME nest level restriction was not working was fixed.
* Many defects discovered by Coverity Scan were fixed:
- FILE handle resource leaks
- memory leaks
- possible buffer overrun
- strict error checks
- correct null pointer checks
* Win32: the tray icon is recreated when explorer.exe crashes now.
* Win32: the included SSL certificates were updated
(based on ca-certificates_20111211_all.deb in Ubuntu 12.04.4 LTS).
|
|
the security vulnerability reported in CVE-2014-0467.
|
|
|
|
* Add stunnel 5 support
|
|
|
|
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
|
|
Changelog:
Version 1.4.32:
- A recipient list on the command line is now parsed as if it appeared in a
mail header.
|
|
* Sync with thunderbird 24.3.0
|
|
|
|
|
|
|
|
|
|
PR pkg/48636 by YAMAMOTO Takashi.
|
|
Update of version number only.
|
|
|
|
|
|
|
|
|
|
|
|
- fixed handling of the 'owner' setting for ezmlm-idx > v5
- updated ezmlm-idx version detection
- allow "@" in the path of a mailing list
- add modules Mail::Ezmlm::GpgKeyRing and Mail::Ezmlm::GpgEzmlm
- fixed issues of Mail::Ezmlm::GpgEzmlm with ezmlm-idx v0.4x lists
- added check for external dependency to the test script
|
|
In my experience, pop3 server wasn't crashed but it failed to remove
messages in INBOX.
v2.2.12 2014-02-14 Timo Sirainen <tss@iki.fi>
- pop3 server was crashing in v2.2.11
|
|
|
|
Fix PKGNAME.
Fix MASTER_SITES.
The file I get from there is one byte smaller, so update distinfo.
Mark as not ready for python-3.x.
|
|
|
|
Sender-Policy-Framework queries in Python.
|
|
|
|
+ acl plugin: Added an alternative global ACL file that can contain
mailbox patterns. See http://wiki2.dovecot.org/ACL for details.
+ imap proxy: Added proxy_nopipelining passdb setting to work around
other IMAP servers' bugs (MS Exchange 2013 especially).
+ Added %{auth_user}, %{auth_username} and %{auth_domain} variables.
See http://wiki2.dovecot.org/Variables for details.
+ Added support for LZ4 compression.
+ stats: Track also wall clock time for commands.
+ pop3_migration plugin improvements to try harder to match the UIDLs
correctly.
- imap: SEARCH/SORT PARTIAL reponses may have been too large.
- doveadm backup: Fixed assert-crash when syncing mailbox deletion.
|
|
- MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
- MFSA 2014-12 NSS ticket handling issues
- MFSA 2014-09 Cross-origin information leak through web workers
- MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
- MFSA 2014-04 Incorrect use of discarded images by RasterImage
- MFSA 2014-02 Clone protected content with XBL scopes
- MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
- Improved handling of reply-to (bug 933555)
|
|
packages, use PKG_OPTIONS_NONEMPTY_SETS instead. Bump PKGREVISION.
|
|
anymore.
|
|
|
|
|
|
The main changes in no particular order are:
* Support for PKI-less TLS server certificate verification with
DANE (DNS-based Authentication of Named Entities) where the CA
public key or the server certificate is identified via DNSSEC
lookup. This requires a DNS resolver that validates DNSSEC
replies. The problem with conventional PKI is that there are
literally hundreds of organizations world-wide that can provide
a certificate in anyone's name. DANE limits trust to the people
who control the target DNS zone and its parent zones.
* Support for LMDB databases. Originally developed as part of
OpenLDAP, LMDB is the first persistent Postfix database that
can be shared among multiple writers such as postscreen daemons
(Postfix already supported shared non-persistent memcached
caches). Postfix currently requires LMDB version 0.9.11 or
later. See LMDB_README for details and limitations.
* A new postscreen_dnsbl_whitelist_threshold feature to allow
clients to skip postscreen tests based on their DNSBL score.
This can eliminate email delays due to "after 220 greeting"
protocol tests, which otherwise require that a client reconnects
before it can deliver mail. Some providers such as Google don't
retry from the same IP address, and that can result in large
email delivery delays.
* The recipient_delimiter feature now supports different delimiters,
for example both "+" and "-". As before, this implementation
recognizes exactly one delimiter character per email address,
and exactly one address extension per email address.
* Advanced master.cf query/update support to access service
attributes as "name = value" pairs. For example to turn off
chroot on all services use "postconf -F '*/*/chroot = n'", and
to change/add a "-o name=value" setting use "postconf -P
smtp/inet/name = value". This was developed primarily to allow
automated tools to manage Postfix systems without having to
parse Postfix configuration files.
|
|
|
|
|
|
minor feature additions.
8.14.8/8.14.8 2014/01/26
Properly initialize all OpenSSL algorithms for versions before
OpenSSL 0.9.8o. Without this SHA2 algorithms may not
work properly, causing for example failures for certs
that use sha256WithRSAEncryption as signature algorithm.
When looking up hostnames, ensure only to return those records
for the requested family (AF_INET or AF_INET6).
On system that have NEEDSGETIPNODE and NETINET6
this may have failed and cause delivery problems.
Problem noted by Kees Cook.
A new mailer flag '!' is available to suppress an MH hack
that drops an explicit From: header if it is the
same as what sendmail would generate.
Add an FFR (for future release) to use uncompressed IPv6 addresses,
i.e., they will not contain "::". For example, instead
of ::1 it will be 0:0:0:0:0:0:0:1. This means that
configuration data (including maps, files, classes,
custom ruleset, etc) have to use the same format.
This will be turned on in 8.15. It can be enabled in 8.14
by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_IPV6_FULL')
in your devtools/Site/site.config.m4 file.
Add an additional case for the WorkAroundBrokenAAAA check when
dealing with broken nameservers by ignoring SERVFAIL
errors returned on T_AAAA (IPv6) lookups at delivery time.
Problem noted by Pavel Timofeev of OCS.
If available, pass LOGIN_SETCPUMASK and LOGIN_SETLOGINCLASS to
setusercontext() on deliveries as a different user.
Patch from Edward Tomasz Napierala from FreeBSD.
Avoid compiler warnings from a change in Cyrus-SASL 2.1.25.
Patch from Hajimu UMEMOTO from FreeBSD.
Add support for DHParameters 2048-bit primes.
CONFIG: Accept IPv6 literals when evaluating the HELO/EHLO argument
in FEATURE(`block_bad_helo'). Suggested by Andrey Chernov.
LIBSMDB: Add a missing check for malloc() in libsmdb/smndbm.c.
Patch from Bill Parker.
LIBSMDB: Fix minor memory leaks in libsmdb/ if allocations
fail. Patch from John Beck of Oracle.
Portability:
Add support for Darwin 12.x and 13.x (Mac OS X 10.8 and 10.9).
On Linux use socklen_t as the type for the 3rd argument
for getsockname/getpeername if the glibc version is at
least 2.1.
Added Files:
devtools/OS/Darwin.12.x
devtools/OS/Darwin.13.x
|
