pkgsrc/mail/spamdyke/distinfo

13 lines
798 B
Text
Raw Normal View History

$NetBSD: distinfo,v 1.35 2020/07/02 08:50:09 schmonz Exp $
Update to 5.0.1. From the changelog: Fixed a typo in the README file for the OpenSSL "dhparam" command. Thanks to Eric Shubert for reporting this one. Removed unused variables from the dns* commands in the utils folder to fix compiler warnings. Fixed a bug in read_file() that returned uninitialized pointers if a file contained blank lines or comments at the top, causing segfaults when they were free()d. Thanks to Jeffrey Gordon and Quinn Comendant for reporting this one. Changed the directory naming scheme in the "generator" program to include the flowchart step numbers in the name. The old pattern was just too hard to follow visually and far too difficult to search for a specific test. Added more steps to the recipient validation flowchart and spamdyke-qrv's recipient validation filter to correctly handle addresses that are forwarded to an external address. Thanks to Stephen Marley for reporting this one. Changed search_file() in spamdyke-qrv to return a "not found" result when the file does not exist, instead of an error. Added a delay loop to exec_command_argv() in spamdyke and spamdyke-qrv to work around a race condition -- sometimes the child process will close its pipes in preparation for exiting and the parent's waitpid() will fire before the child has fully exited. This leads to erroneous returns showing the child has not exited when it really only needed another timeslice or two. This is fixed by looping with nanosleep() to wait a few tenths of a second after seeing this return code. Added a way to stop a test script run by creating a file named "stop". This allows it to be stopped without killing the process and potentially leaving the test platform in a partially (mis)configured state. Fixed the accessor function for the header-blacklist-entry and header-blacklist-file options to find their data in the filter_settings object instead of the option_set object. This is because the data is moved from the option_set immediately after it is set so the blacklist effect is cumulative when set from configuration directories. Reading from the wrong location meant the config-test feature was never testing those options at all. Thanks to Stefan for reporting this one. Fixed a pair of bugs in process_config_file(): one that would add empty values to the end of a list of blacklist/whitelist files if a directive was followed by a blank line and a commented-out directive (causing errors when the values are used), the other that would throw errors if a line in a configuration file contained only one space. Thanks to Les Fenison for reporting these. Fixed a bug in middleman() that would return an improper greeting when injecting both AUTH and STARTTLS banners into the EHLO response. Clients seeing this improper greeting would hang forever and eventually timeout. Thanks to Elliot Denk for reporting this one and sending a patch! Fixed a major thinko in smtp_filter that was carrying over the rejection data between recipients, even if a recipient had a configuration directory file that altered the overall configuration. This was leading to some recipients being incorrectly rejected under very specific (and likely very rare) conditions, which just happened to be met on my own server. Fixed a bug in copy_base_options that was not copying the "reason" data from the last rejection. Fixed an infinite loop in dnsdummy when priorities over 0 are used. Fixed a typo in dnsdummy that was truncating data when the verbose flags were used (weird, yes). Changed dnsdummy to fork a child process to return each query. This was the easiest solution to implement to allow new queries to be processed while waiting n seconds to send answers to previous queries. This is a fragile and wasteful solution -- if dnsdummy were intended for production use, a queue would be a much better solution. Changed all of the "verbose"-level error messages to include the name of the function, file and line that generated it. Every other message prefixed with "ERROR" already did this, so this makes things more consistent. Renamed all of the "FILTER" messages and added a new logging macro to print them named SPAMDYKE_LOG_FILTER(). This way they can continue to be output without function, file and line information. Renamed the SPAMDYKE_LOG_CONFIG_TEST() macro to SPAMDYKE_LOG_CONFIG_TEST_ERROR() and changed it to use LOG_LEVEL_ERROR instead of having a special LOG_LEVEL_CONFIG_TEST setting. This way the config-test messages can be changed to emit file, function and lines if needed (or not). Added SPAMDYKE_LOG_CONFIG_TEST_INFO() and SPAMDYKE_LOG_CONFIG_TEST_VERBOSE() as analogs to SPAMDYKE_LOG_CONFIG_TEST_ERROR(). Changed dnsdummy to encode multiple answers in the same response, if its config file contains multiple matches for the same query. Fixed a bug in dnsdummy that was adding extra bytes to the end of each answer. This turned out to be covering a matching (compensating) bug in spamdyke's DNS parsing code. I really hate it when that happens! Fixed a serious bug in nihdns_expand() that was causing spamdyke to incorrectly parse DNS responses with multiple answers; it would use the first answer, then skip the wrong number of bytes, causing it to conclude any subsequent answers were corrupted. Changed nihdns_expand() to return separate values for the number of bytes in the decoded string and the number of bytes the string occupies in the DNS packet. Due to packet compression, the numbers can be very different. Changed generator to add records to the named configuration so domains will resolve correctly during testing. Since using port numbers in resolv.conf is not allowed, there is no easy way to use dnsdummy for these tests. Discovered qmail-send does not check the percenthack or virtualdomains files when resolving forward addresses, only locals and assign. Updated spamdyke-qrv to behave the same way. Refined the success/failure detection in generator after learning more about qmail's behavior. If only it had some kind of accurate documentation... Extended the tests created by generator to also test conditions where spamdyke-qrv calls vpopmail to look up addresses. This increased the number of spamdyke-qrv tests more than tenfold! Added a "diagnostic output" flag to spamdyke-qrv to print the decision path it used to evaluate the address. Also added a test to the test generator to compare the diagnostic output with the expected decision path, to catch tests that may be producing the desired effect for the wrong reason. Fixed a bug in set_config_value() to make it possible to set CONFIG_TYPE_NAME_MULTIPLE options to "none" or unset specific values. Thanks to Konstantin for reporting this one. Added flags to smtpdummy to advertise STARTTLS support in response to EHLO. It doesn't actually do TLS, it just advertises it. Fixed smtp_filter() to block a client's STARTTLS command if tls-level is "none". Thanks to Les Fenison for reporting this one. Added a flag to the configure script for both spamdyke and spamdyke-qrv to compile with the address sanitizer library to catch memory access errors. Adjusted the version string to show when the sanitizer is in use. Changed the test scripts to always compile spamdyke with the address sanitizer (if available) when testing. The tests run a lot slower, but the sanitizer is too awesome to not use. Fixed a buffer underrun in examine_entry that was causing segfaults when searching files where wildcards are allowed at the beginning of the lines. Thanks to Dirk Kannapinn for reporting this one. Discovered a horrible problem with snprintf()'s %n format -- it returns the number of bytes it _would_have_ written *if* there were infinite space, not the number of bytes *actually* written as the man page states. So using %n at the end of the format string as a substitute for immediately calling strlen() is not safe. Good thing I don't ever do that, right? ...wait, I use that feature EVERYWHERE! (grrrrr) Thanks to the Google Address Sanitizer team for finding this one. Whoever implemented the %n feature in glibc can report to me any time for a free punch in the throat. I want my weekend back. Reverted the (apparently) useless change from 4.3.0 to use %n in snprintf() instead of the return value and replaced snprintf() with a macro named SNPRINTF() that explicitly compares the return value with the size of the buffer and returns the number of bytes ACTUALLY written. Fixed a harmless buffer overrun in sub_examine_tcprules_entry() that could have overwritten one byte of another variable on the stack with a null byte. Since the address was valid and that other variable is set just after the overwrite anyway, it wasn't actually a problem. But fixing it makes the address sanitizer happy, so it's fixed. Fixed a pair of huge buffer overruns in config_test_file_read() and config_test_file_read_write() that could load 63K of file contents past the end of the buffer (on the stack). Fortunately, these functions are only used by the config-test feature, never during normal operation. Fixed a buffer overflow in find_address() that would overwrite a single byte in the caller's stack with a null byte when parsing BATV addresses. From what I can tell, the effect of this bug would be to either truncate the parsed address or cause a segfault. Added undo_softlimit() to try to increase the "soft" limits on address space, stack size and memory size to maximum if they are less than infinite (and squawk if they cannot be reset to maximum). This will (hopefully) prevent problems caused by DJB's "softlimit" program, which is a useless piece of trash many qmail install guides *still* recommend using. Fixed a bug in the logging code of tls_read() that was using an "error" message to log at "verbose" level. The error message had more printf() format specifiers than the verbose logger was providing, which was leading to segfaults when the message was printed. Many thanks to Konstanin for a lot of help tracking this one down.
2015-05-03 16:22:08 +02:00
SHA1 (spamdyke-5.0.1.tgz) = 4de76158a98b3ee33e7002160446ae36de7c96d2
RMD160 (spamdyke-5.0.1.tgz) = 7237108ebf0ff2a5c02b7e305985a11e93720f8d
SHA512 (spamdyke-5.0.1.tgz) = a022c8a8d4a8d74f5249f8e2d901d3de423ee853bbaffaf7e86cece1d19880d9039135892ef6ccb8a2a0fb11532c487402dc97a8dd6d89c9de431752c55f6eb9
Update to 5.0.1. From the changelog: Fixed a typo in the README file for the OpenSSL "dhparam" command. Thanks to Eric Shubert for reporting this one. Removed unused variables from the dns* commands in the utils folder to fix compiler warnings. Fixed a bug in read_file() that returned uninitialized pointers if a file contained blank lines or comments at the top, causing segfaults when they were free()d. Thanks to Jeffrey Gordon and Quinn Comendant for reporting this one. Changed the directory naming scheme in the "generator" program to include the flowchart step numbers in the name. The old pattern was just too hard to follow visually and far too difficult to search for a specific test. Added more steps to the recipient validation flowchart and spamdyke-qrv's recipient validation filter to correctly handle addresses that are forwarded to an external address. Thanks to Stephen Marley for reporting this one. Changed search_file() in spamdyke-qrv to return a "not found" result when the file does not exist, instead of an error. Added a delay loop to exec_command_argv() in spamdyke and spamdyke-qrv to work around a race condition -- sometimes the child process will close its pipes in preparation for exiting and the parent's waitpid() will fire before the child has fully exited. This leads to erroneous returns showing the child has not exited when it really only needed another timeslice or two. This is fixed by looping with nanosleep() to wait a few tenths of a second after seeing this return code. Added a way to stop a test script run by creating a file named "stop". This allows it to be stopped without killing the process and potentially leaving the test platform in a partially (mis)configured state. Fixed the accessor function for the header-blacklist-entry and header-blacklist-file options to find their data in the filter_settings object instead of the option_set object. This is because the data is moved from the option_set immediately after it is set so the blacklist effect is cumulative when set from configuration directories. Reading from the wrong location meant the config-test feature was never testing those options at all. Thanks to Stefan for reporting this one. Fixed a pair of bugs in process_config_file(): one that would add empty values to the end of a list of blacklist/whitelist files if a directive was followed by a blank line and a commented-out directive (causing errors when the values are used), the other that would throw errors if a line in a configuration file contained only one space. Thanks to Les Fenison for reporting these. Fixed a bug in middleman() that would return an improper greeting when injecting both AUTH and STARTTLS banners into the EHLO response. Clients seeing this improper greeting would hang forever and eventually timeout. Thanks to Elliot Denk for reporting this one and sending a patch! Fixed a major thinko in smtp_filter that was carrying over the rejection data between recipients, even if a recipient had a configuration directory file that altered the overall configuration. This was leading to some recipients being incorrectly rejected under very specific (and likely very rare) conditions, which just happened to be met on my own server. Fixed a bug in copy_base_options that was not copying the "reason" data from the last rejection. Fixed an infinite loop in dnsdummy when priorities over 0 are used. Fixed a typo in dnsdummy that was truncating data when the verbose flags were used (weird, yes). Changed dnsdummy to fork a child process to return each query. This was the easiest solution to implement to allow new queries to be processed while waiting n seconds to send answers to previous queries. This is a fragile and wasteful solution -- if dnsdummy were intended for production use, a queue would be a much better solution. Changed all of the "verbose"-level error messages to include the name of the function, file and line that generated it. Every other message prefixed with "ERROR" already did this, so this makes things more consistent. Renamed all of the "FILTER" messages and added a new logging macro to print them named SPAMDYKE_LOG_FILTER(). This way they can continue to be output without function, file and line information. Renamed the SPAMDYKE_LOG_CONFIG_TEST() macro to SPAMDYKE_LOG_CONFIG_TEST_ERROR() and changed it to use LOG_LEVEL_ERROR instead of having a special LOG_LEVEL_CONFIG_TEST setting. This way the config-test messages can be changed to emit file, function and lines if needed (or not). Added SPAMDYKE_LOG_CONFIG_TEST_INFO() and SPAMDYKE_LOG_CONFIG_TEST_VERBOSE() as analogs to SPAMDYKE_LOG_CONFIG_TEST_ERROR(). Changed dnsdummy to encode multiple answers in the same response, if its config file contains multiple matches for the same query. Fixed a bug in dnsdummy that was adding extra bytes to the end of each answer. This turned out to be covering a matching (compensating) bug in spamdyke's DNS parsing code. I really hate it when that happens! Fixed a serious bug in nihdns_expand() that was causing spamdyke to incorrectly parse DNS responses with multiple answers; it would use the first answer, then skip the wrong number of bytes, causing it to conclude any subsequent answers were corrupted. Changed nihdns_expand() to return separate values for the number of bytes in the decoded string and the number of bytes the string occupies in the DNS packet. Due to packet compression, the numbers can be very different. Changed generator to add records to the named configuration so domains will resolve correctly during testing. Since using port numbers in resolv.conf is not allowed, there is no easy way to use dnsdummy for these tests. Discovered qmail-send does not check the percenthack or virtualdomains files when resolving forward addresses, only locals and assign. Updated spamdyke-qrv to behave the same way. Refined the success/failure detection in generator after learning more about qmail's behavior. If only it had some kind of accurate documentation... Extended the tests created by generator to also test conditions where spamdyke-qrv calls vpopmail to look up addresses. This increased the number of spamdyke-qrv tests more than tenfold! Added a "diagnostic output" flag to spamdyke-qrv to print the decision path it used to evaluate the address. Also added a test to the test generator to compare the diagnostic output with the expected decision path, to catch tests that may be producing the desired effect for the wrong reason. Fixed a bug in set_config_value() to make it possible to set CONFIG_TYPE_NAME_MULTIPLE options to "none" or unset specific values. Thanks to Konstantin for reporting this one. Added flags to smtpdummy to advertise STARTTLS support in response to EHLO. It doesn't actually do TLS, it just advertises it. Fixed smtp_filter() to block a client's STARTTLS command if tls-level is "none". Thanks to Les Fenison for reporting this one. Added a flag to the configure script for both spamdyke and spamdyke-qrv to compile with the address sanitizer library to catch memory access errors. Adjusted the version string to show when the sanitizer is in use. Changed the test scripts to always compile spamdyke with the address sanitizer (if available) when testing. The tests run a lot slower, but the sanitizer is too awesome to not use. Fixed a buffer underrun in examine_entry that was causing segfaults when searching files where wildcards are allowed at the beginning of the lines. Thanks to Dirk Kannapinn for reporting this one. Discovered a horrible problem with snprintf()'s %n format -- it returns the number of bytes it _would_have_ written *if* there were infinite space, not the number of bytes *actually* written as the man page states. So using %n at the end of the format string as a substitute for immediately calling strlen() is not safe. Good thing I don't ever do that, right? ...wait, I use that feature EVERYWHERE! (grrrrr) Thanks to the Google Address Sanitizer team for finding this one. Whoever implemented the %n feature in glibc can report to me any time for a free punch in the throat. I want my weekend back. Reverted the (apparently) useless change from 4.3.0 to use %n in snprintf() instead of the return value and replaced snprintf() with a macro named SNPRINTF() that explicitly compares the return value with the size of the buffer and returns the number of bytes ACTUALLY written. Fixed a harmless buffer overrun in sub_examine_tcprules_entry() that could have overwritten one byte of another variable on the stack with a null byte. Since the address was valid and that other variable is set just after the overwrite anyway, it wasn't actually a problem. But fixing it makes the address sanitizer happy, so it's fixed. Fixed a pair of huge buffer overruns in config_test_file_read() and config_test_file_read_write() that could load 63K of file contents past the end of the buffer (on the stack). Fortunately, these functions are only used by the config-test feature, never during normal operation. Fixed a buffer overflow in find_address() that would overwrite a single byte in the caller's stack with a null byte when parsing BATV addresses. From what I can tell, the effect of this bug would be to either truncate the parsed address or cause a segfault. Added undo_softlimit() to try to increase the "soft" limits on address space, stack size and memory size to maximum if they are less than infinite (and squawk if they cannot be reset to maximum). This will (hopefully) prevent problems caused by DJB's "softlimit" program, which is a useless piece of trash many qmail install guides *still* recommend using. Fixed a bug in the logging code of tls_read() that was using an "error" message to log at "verbose" level. The error message had more printf() format specifiers than the verbose logger was providing, which was leading to segfaults when the message was printed. Many thanks to Konstanin for a lot of help tracking this one down.
2015-05-03 16:22:08 +02:00
Size (spamdyke-5.0.1.tgz) = 383720 bytes
SHA1 (patch-configuration.c) = 81548b8a7cc557446d3ecfca3546a129b04a2173
SHA1 (patch-configure) = 308cde4c9f54c30ce11c7d7c415ebe7caf51732e
SHA1 (patch-configure.ac) = 23ed678900fbb9b9d1a2613e9267607ac59eb5b8
SHA1 (patch-md5.c) = d30f421e28fbc6b87c4dc78f4a2e7f5048c61a45
SHA1 (patch-spamdyke.h) = 689d4774d78b60a4dd2fbb62a99b218aca9b500b
SHA1 (patch-tls.c) = 1cc05d30dfd3736727c6203a81ebb24c44cd2c1f