kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/mail/qpopper/distinfo

20 lines
1.1 KiB
Text
Raw Normal View History

Update qpopper package to 4.0.9. Changes from 4.0.8 to 4.0.9: ----------------------------- 1. Fix crash if too many MDEF commands entered.
2006-05-05 04:51:35 +02:00
$NetBSD: distinfo,v 1.15 2006/05/05 02:51:35 taca Exp $
Add NetBSD RCS Ids.
1998-08-07 15:16:49 +02:00
Update qpopper package to 4.0.9. Changes from 4.0.8 to 4.0.9: ----------------------------- 1. Fix crash if too many MDEF commands entered.
2006-05-05 04:51:35 +02:00
SHA1 (qpopper4.0.9.tar.gz) = 5629aa86d92fe10565021980882dffb733ce73d9
RMD160 (qpopper4.0.9.tar.gz) = b48a68cd9e282bfb3d78c6b53f3dee7c97bdf77d
Size (qpopper4.0.9.tar.gz) = 2767261 bytes
- Update qpopper to 4.0.8 - Thanks to taca@ and gavan@ for feedback and patch review - This also enables experimental PAM support (on platforms that support it) - Security fixes included - From the ChangeLog: > Changes from 4.0.7 to 4.0.8: > --------------------------- > 1. Fix compilation error on HPUX. > 2. Fix some compilation warnings. > 3. Update man page with '-x' option. > 4. Fix problems with 'make install' > > > Changes from 4.0.6 to 4.0.7: > --------------------------- > 1. Fix '-V' for standalone. > 2. Include 'man' directory in tarball. > > > Changes from 4.0.5 to 4.0.6: > ---------------------------- > 1. Minor fixes for true64. > 2. Patch from Uli Zappe to fix SCRAM compilation bugs. > 3. Minor fixes for true64. > 4. poppassd now runs smbpasswd as user, not root, to avoid exploit > 5. Remove -traditional-cpp from the compiler options for Darwin > builds (otherwise build fails) > 6. Open stdout and stderr as O_WRONLY instead of O_RDONLY so that > should anything actually be written to them it will show up > 7. When configured as --with-pam and required, > include <pam/pam_appl.h> instead of <security/pam_appl.h> > (otherwise build fails) > 8. strdup the pw.pw_name field from getpwnam so that it's still > valid by the time genpath is called; also added corresponding > free (without this fix when the bug manifests, clients are > erroneously told there are 0 messages in the mail drop > regardless of the actual number) > 9. Add a pam bug workaround at the beginning of main to do a > pam_start and pam_end immediately when the program starts up > in order to avoid bogus authentication failed messages from > pam_authenticate later (only when configured as --with-pam) > [ Thanks to Kyle McKay for changes 5-9 ] > 10. Fixed error in configure script for Mac OS / Darwin. > 11. Support chained certs for OpenSSL [from Daniel Senie]. > 12. Fixes to compile better on Linux [from Daniel Senie]. > 13. X-UIDL header no longer written when Update_status_hdrs is false > [thanks to Helge Oldach] > 14. Now calling SSL_shutdown() again if it fails the first time. > 15. Now logging TLS errors when compiled with debugging and debug is > enabled (instead of either) [thanks to Maks N. Polunin]. > 16. Config file now always closed (not just on error). > 17. When using pam, Kerberos tickets are now destroyed. > Otherwise dead tickets accumulate in cache directory which runs > out of space quickly on busy server. Problem noted by Rodney > McDuff ITS UQ. (Directory permissions on ticket cache dir need > to be 1777). > 18. Always log "Servicing request" (instead of just when debugging is > on). This allows start of pop sessions to be logged always which > is useful for diagnosis of problems. > 19. Worked around problem on some systems causing SIGALRM to be masked, > leaving hung pop processes which should have timed out waiting > for a command from the client. > [ Thanks to David Shrimpton for changes 16-19 ] > 20. Now defaulting to "EXPIRE NEVER" instead of "EXPIRE 0". > 21. Fix core dump on 64-bit Solaris 2.8 [thanks to Kenny Nguyen] > 22. Log facility set on command line now applies to daemon as well. > [Thanks to Helge Oldach] > 23. '-y' to set log facility on command line now works again. > 24. Allow '-V' as synonym for '-v' (to see version). > 25. Process user and spool config files as user, not as root (fix > security hole reported by Jens Steube) > 26. Added "xtnd_xmit" as a boolean option to permit/deny XTND XMIT > and 'x' as a command-line option to disable it. You should > disable it unless you really need it, and even then it is better > to move to SMTP AUTH. > 27. popauth now opens trace file as user, not root (fix security > hole reported by Jens Steube); also umask now set. > 28. Fix race crash on FreeBSD (thanks to Martin Haller). > 29. Resolve some compiler warnings. > 30. Fix check for libcrypt on FreeBSD. > 31. Added sample pam configuration file (also installed by 'make > install') > 32. Use generic error msg and sleep in more auth failure cases. > 33. Added code to use mkstemp() instead of our perfectly safe usage > of tempnam() because some compilers issue overly broad warnings > implying that all uses of tempnam() are unsafe. To bypass, > use '--enable-tempnam' with ./configure.
2005-06-01 22:55:16 +02:00
SHA1 (qpopper4.0.8-ipv6-20050515.diff.gz) = 3ccd51fa8fb1633c34dee19e6d50351cb649a3c1
RMD160 (qpopper4.0.8-ipv6-20050515.diff.gz) = 0ca9a8893e31933d8bf33a3cfa4d88fde511ed5e
Size (qpopper4.0.8-ipv6-20050515.diff.gz) = 11479 bytes
upgrade to 4.0.5. includes security fix. Changes from 4.0.4 to 4.0.5: ---------------------------- 1. Add debug trace call with OpenSSL library version. 2. Added 'tls-options' configuration file option. 3. Added 'tls-workarounds' boolean option. 4. STLS errors (except for timeout) no longer fatal. 5. Added sample xinetd configuration file. 6. Additional checks for networking libraries. 7. Pick up LDFLAGS from environment, if set. 8. Added '--enable-32-bit' and '--enable-64-bit' 9. Applied patch from Jeremy Chadwick to fix pathname trimming in standalone mode. 10. Fixed (non-root) buffer overflow. 11. Fixed '-no-mime' appended to user name (reported by Florian Heinz). 12. Fixed response message when identical MDEFs defined multiple times (reported by Florian Heinz).
2003-03-13 08:23:25 +01:00
SHA1 (patch-aa) = d1f4e56dbb8eb4b7cc250ca261435ec609f14c23
Update qpopper to 4.0.3 from 3.1.2. Here is brief new feature from Release note. 4.0 Supports TLS/SSL security. '-p' option now has value '4' to permit plain-text passwords under TLS/SSL. Now uses a cache file to retain spool index across sessions. This dramatically speeds up session start when no new mail has arrived. '-l' option added to specify TLS/SSL support. Lots of TLS/SSL options added. See the Administrator's Guide for details. '-v' option added to report current version and exit. 'make install' added. Lots of compile-time options now available at run-time. See the Administrator's Guide for details. Integrated poppassd into build. And here is changes from 4.0. Changes from 4.0.2 to 4.0.3: ---------------------------- 1. Don't call SSL_shutdown unless we tried to negotiate an SSL session. (As suggested by Kenneth Porter.) 2. Fix buffer overflow (reported by Gustavo Viscaino). 3. Fixed empty password treated as empty command (patch submitted by Michael Smith and others). 4. Added patch by Carles Xavier Munyoz to fix erroneous scanning for \n in getline(). 5. Fix from Arvin Schnell for warnings on 64-bit systems. 6. Added patch by Clifton Royston to change error message for nonauthfile and authfile tests. 7. Added 'uw-kludge' as synonym for 'uw-kluge'. Changes from 4.0.1 to 4.0.2: ---------------------------- 1. Added fix for XTND XMIT (sent in by Jacques Distler and others). 2. Fixed makefile problems with poppassd compile and install (sent in by Steven Champeon). 3. Increased maximum spool path length from 64 to 256. 4. Added more debug code when genpath() runs out of room. 5. Changed C++ style comments to C style in poppassd.c 6. Changed poppassd's UID check to be the same as Qpopper's (which is that if BLOCK_UID is defined we use that value, otherwise it defaults to 10). 7. Added poppassd expect strings for DEC True 64 (sent in by Andres Henckens). Changes from 4.0.1b1 to 4.0.1 (final): -------------------------------------- 1. Fixed typo in popper/pop_init.c if DONT_CHECK_HASH_SPOOL_DIR defined. Changes from 4.0 to 4.0.1b1: ---------------------------- 1. Messages with lines longer than 512 characters are no longer garbled when sent to the client. 2. Added patches from Michael C Tiernan to fix makefile problems.
2001-06-10 17:08:40 +02:00
SHA1 (patch-ab) = 67d661adce74d0662cab5b644d2e57bfd1d5e3c7
Fix errno.
2006-01-08 18:34:47 +01:00
SHA1 (patch-ac) = 6df76adb260bee99eb4165f5ac8dff7a2e685a8a
SHA1 (patch-ad) = 24fe673113eff34f896c05c0f3d71ca235219525
Update qpopper to 4.0.3 from 3.1.2. Here is brief new feature from Release note. 4.0 Supports TLS/SSL security. '-p' option now has value '4' to permit plain-text passwords under TLS/SSL. Now uses a cache file to retain spool index across sessions. This dramatically speeds up session start when no new mail has arrived. '-l' option added to specify TLS/SSL support. Lots of TLS/SSL options added. See the Administrator's Guide for details. '-v' option added to report current version and exit. 'make install' added. Lots of compile-time options now available at run-time. See the Administrator's Guide for details. Integrated poppassd into build. And here is changes from 4.0. Changes from 4.0.2 to 4.0.3: ---------------------------- 1. Don't call SSL_shutdown unless we tried to negotiate an SSL session. (As suggested by Kenneth Porter.) 2. Fix buffer overflow (reported by Gustavo Viscaino). 3. Fixed empty password treated as empty command (patch submitted by Michael Smith and others). 4. Added patch by Carles Xavier Munyoz to fix erroneous scanning for \n in getline(). 5. Fix from Arvin Schnell for warnings on 64-bit systems. 6. Added patch by Clifton Royston to change error message for nonauthfile and authfile tests. 7. Added 'uw-kludge' as synonym for 'uw-kluge'. Changes from 4.0.1 to 4.0.2: ---------------------------- 1. Added fix for XTND XMIT (sent in by Jacques Distler and others). 2. Fixed makefile problems with poppassd compile and install (sent in by Steven Champeon). 3. Increased maximum spool path length from 64 to 256. 4. Added more debug code when genpath() runs out of room. 5. Changed C++ style comments to C style in poppassd.c 6. Changed poppassd's UID check to be the same as Qpopper's (which is that if BLOCK_UID is defined we use that value, otherwise it defaults to 10). 7. Added poppassd expect strings for DEC True 64 (sent in by Andres Henckens). Changes from 4.0.1b1 to 4.0.1 (final): -------------------------------------- 1. Fixed typo in popper/pop_init.c if DONT_CHECK_HASH_SPOOL_DIR defined. Changes from 4.0 to 4.0.1b1: ---------------------------- 1. Messages with lines longer than 512 characters are no longer garbled when sent to the client. 2. Added patches from Michael C Tiernan to fix makefile problems.
2001-06-10 17:08:40 +02:00
SHA1 (patch-ae) = 1e06159f56c78e63a7960d4d9ca80535752099b2
Fix errno.
2006-01-08 18:34:47 +01:00
SHA1 (patch-af) = a2100b026a0bab0be8c99c211ec0bd14d4405f32
Update qpopper to 4.0.3 from 3.1.2. Here is brief new feature from Release note. 4.0 Supports TLS/SSL security. '-p' option now has value '4' to permit plain-text passwords under TLS/SSL. Now uses a cache file to retain spool index across sessions. This dramatically speeds up session start when no new mail has arrived. '-l' option added to specify TLS/SSL support. Lots of TLS/SSL options added. See the Administrator's Guide for details. '-v' option added to report current version and exit. 'make install' added. Lots of compile-time options now available at run-time. See the Administrator's Guide for details. Integrated poppassd into build. And here is changes from 4.0. Changes from 4.0.2 to 4.0.3: ---------------------------- 1. Don't call SSL_shutdown unless we tried to negotiate an SSL session. (As suggested by Kenneth Porter.) 2. Fix buffer overflow (reported by Gustavo Viscaino). 3. Fixed empty password treated as empty command (patch submitted by Michael Smith and others). 4. Added patch by Carles Xavier Munyoz to fix erroneous scanning for \n in getline(). 5. Fix from Arvin Schnell for warnings on 64-bit systems. 6. Added patch by Clifton Royston to change error message for nonauthfile and authfile tests. 7. Added 'uw-kludge' as synonym for 'uw-kluge'. Changes from 4.0.1 to 4.0.2: ---------------------------- 1. Added fix for XTND XMIT (sent in by Jacques Distler and others). 2. Fixed makefile problems with poppassd compile and install (sent in by Steven Champeon). 3. Increased maximum spool path length from 64 to 256. 4. Added more debug code when genpath() runs out of room. 5. Changed C++ style comments to C style in poppassd.c 6. Changed poppassd's UID check to be the same as Qpopper's (which is that if BLOCK_UID is defined we use that value, otherwise it defaults to 10). 7. Added poppassd expect strings for DEC True 64 (sent in by Andres Henckens). Changes from 4.0.1b1 to 4.0.1 (final): -------------------------------------- 1. Fixed typo in popper/pop_init.c if DONT_CHECK_HASH_SPOOL_DIR defined. Changes from 4.0 to 4.0.1b1: ---------------------------- 1. Messages with lines longer than 512 characters are no longer garbled when sent to the client. 2. Added patches from Michael C Tiernan to fix makefile problems.
2001-06-10 17:08:40 +02:00
SHA1 (patch-ag) = 4b187ab978ead4b751290fe483f6d6a6bf959089
SHA1 (patch-al) = 63fdc28b9c1d292d55464cda13c529ffb2a47b34
Don't run qpopauth -init -safe during installation, it destroys the symmetry between installation from source and from binary package. Annoate MESSAGE accordingly, so that those using apop can do it themselves. Bump revision
2006-05-02 10:39:37 +02:00
SHA1 (patch-am) = fba92571d9225f8c5cacb38a4621127a19151352
- add a patch for fixing bulldir vulnerability with "-u" option. - update PKGREVISION to 1.
2002-05-04 07:59:04 +02:00
SHA1 (patch-an) = 43e7c20b9c3cfd978255748236efbcbaf2f929ce
- Update qpopper to 4.0.8 - Thanks to taca@ and gavan@ for feedback and patch review - This also enables experimental PAM support (on platforms that support it) - Security fixes included - From the ChangeLog: > Changes from 4.0.7 to 4.0.8: > --------------------------- > 1. Fix compilation error on HPUX. > 2. Fix some compilation warnings. > 3. Update man page with '-x' option. > 4. Fix problems with 'make install' > > > Changes from 4.0.6 to 4.0.7: > --------------------------- > 1. Fix '-V' for standalone. > 2. Include 'man' directory in tarball. > > > Changes from 4.0.5 to 4.0.6: > ---------------------------- > 1. Minor fixes for true64. > 2. Patch from Uli Zappe to fix SCRAM compilation bugs. > 3. Minor fixes for true64. > 4. poppassd now runs smbpasswd as user, not root, to avoid exploit > 5. Remove -traditional-cpp from the compiler options for Darwin > builds (otherwise build fails) > 6. Open stdout and stderr as O_WRONLY instead of O_RDONLY so that > should anything actually be written to them it will show up > 7. When configured as --with-pam and required, > include <pam/pam_appl.h> instead of <security/pam_appl.h> > (otherwise build fails) > 8. strdup the pw.pw_name field from getpwnam so that it's still > valid by the time genpath is called; also added corresponding > free (without this fix when the bug manifests, clients are > erroneously told there are 0 messages in the mail drop > regardless of the actual number) > 9. Add a pam bug workaround at the beginning of main to do a > pam_start and pam_end immediately when the program starts up > in order to avoid bogus authentication failed messages from > pam_authenticate later (only when configured as --with-pam) > [ Thanks to Kyle McKay for changes 5-9 ] > 10. Fixed error in configure script for Mac OS / Darwin. > 11. Support chained certs for OpenSSL [from Daniel Senie]. > 12. Fixes to compile better on Linux [from Daniel Senie]. > 13. X-UIDL header no longer written when Update_status_hdrs is false > [thanks to Helge Oldach] > 14. Now calling SSL_shutdown() again if it fails the first time. > 15. Now logging TLS errors when compiled with debugging and debug is > enabled (instead of either) [thanks to Maks N. Polunin]. > 16. Config file now always closed (not just on error). > 17. When using pam, Kerberos tickets are now destroyed. > Otherwise dead tickets accumulate in cache directory which runs > out of space quickly on busy server. Problem noted by Rodney > McDuff ITS UQ. (Directory permissions on ticket cache dir need > to be 1777). > 18. Always log "Servicing request" (instead of just when debugging is > on). This allows start of pop sessions to be logged always which > is useful for diagnosis of problems. > 19. Worked around problem on some systems causing SIGALRM to be masked, > leaving hung pop processes which should have timed out waiting > for a command from the client. > [ Thanks to David Shrimpton for changes 16-19 ] > 20. Now defaulting to "EXPIRE NEVER" instead of "EXPIRE 0". > 21. Fix core dump on 64-bit Solaris 2.8 [thanks to Kenny Nguyen] > 22. Log facility set on command line now applies to daemon as well. > [Thanks to Helge Oldach] > 23. '-y' to set log facility on command line now works again. > 24. Allow '-V' as synonym for '-v' (to see version). > 25. Process user and spool config files as user, not as root (fix > security hole reported by Jens Steube) > 26. Added "xtnd_xmit" as a boolean option to permit/deny XTND XMIT > and 'x' as a command-line option to disable it. You should > disable it unless you really need it, and even then it is better > to move to SMTP AUTH. > 27. popauth now opens trace file as user, not root (fix security > hole reported by Jens Steube); also umask now set. > 28. Fix race crash on FreeBSD (thanks to Martin Haller). > 29. Resolve some compiler warnings. > 30. Fix check for libcrypt on FreeBSD. > 31. Added sample pam configuration file (also installed by 'make > install') > 32. Use generic error msg and sleep in more auth failure cases. > 33. Added code to use mkstemp() instead of our perfectly safe usage > of tempnam() because some compilers issue overly broad warnings > implying that all uses of tempnam() are unsafe. To bypass, > use '--enable-tempnam' with ./configure.
2005-06-01 22:55:16 +02:00
SHA1 (patch-ap) = 14ad2349ba690bbdc679a24a8b96da5681af1f18
Reference in a new issue Copy permalink