series, users are encouraged to read /usr/pkg/share/doc/sympa/NEWS for
details. Summary of new features:
*** New bulk.pl daemon installed with Sympa. This daemon is dedicated to
mail distribution and allows to parallelize this process on a single
server as well as on multiple servers.
*** [Olivier Lumineau, CRU] Fresh new web CSS for the web interface.
*** Replace storage of password with encryption by md5 fingerprint. This
make remind password impossible. So now a one time ticket table is created
ticket are sent by email as an authentication token. Ticket can be used
for lost password, create account, moderation request . It should be
generalized to all operation that need a email chalenge.
*** New propertie in object message : spam_status . This feature is used in
modindex (listing of message waiting for moderation) to show message
tagued as spam.
4 new parameters :
- antispam_feature default off
- antispam_tag_header_name default X-Spam-Status
- antispam_tag_header_spam_regexp default ^\s*Yes
- antispam_tag_header_ham_regexp default ^\s*No
*** DKIM : Sympa now supports DKIM for message diffusion and control.
*** web_tt2/Makefile.am, web_tt2/ca.tt2, web_tt2/lca.tt2,
wwsympa/wwsympa.fcgi.in: It is now possible to create Custom actions
at the list or robot level. These custom actions allow you to create
new pages in the Sympa web interface. for now, you can only display
informations using this method. any post treatment (such as form
submission) must be handled outside of Sympa. See
https://www.sympa.org/manual_6.1/customizing#custom_actions for more
details.
*** [Submitted by J. jourdan] "suspension of membership." The user can suspend
his subscription to the lists
that he subscribes. For a finite length or not. Added a calendar in
javascript to select a date.
Also, lots of translastion updates, and bug fixes (including security ones)
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.
sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
escalation vulnerabilities) and updated translations:
* Sympa was not fully compliant to the RFC 2616, leading for example
to possible unwanted list deletion by administrators using prefetching
tools. This was fixed by replacing all the threatening GET requests
by POST requests;
* Use of sprint() function for creating SQL queries lead to possible
SQL injection through cookie manipulation;
* The use of files in /tmp lead to vulnerabilities.
Features:
po/ja.po, po/web_help_ja.po: update Japanese translation of the user
interface, add Japanese translation of online help
po/ru.po: Updated Russian translation.
src/Commands.pm: [#3990][Submitted by A. Berstein, electricembers.net] The
quiet option has been reactivated for the "reject" mail command.
Bug fixes:
wwsympa/archived.pl: [Reported by M. Kretchner, INRIA] It was impossible
to remove a message from web archives or rebuild these archives.
check_perl_modules.pl: [Reported by M. Gorecka-Wolniewicz,
Nicolaus Copernicus univ., Torun] In some cases, CAS logout didn't work.
src/task_manager.pl, wwsympa/archived.pl, wwsympa/bounced.pl: [#3957]
[Reported by O. Berger, Telecom & Management SudParis] When launching
Sympa daemons (other than sympa.pl) with an unknown option, the daemon
was still launched instead of failing to launch.
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
Fix CVE-2008-1648 (denial of service)
Several new translations (some of them disabled, because of missing locale
support on NetBSD-3).
Introduction of HTTP session in order to replace a lot of cookies, for better
usability and security. This also allows some new features, from
listing active session in admin page to crawler detection.
per list custom user attributes (defined by the list owner)
per list custom list parameters for use in authorization scenarios and
mail templates
LDAP alias manager can now be LDAPS
XSS protection
Session hijacking protection
The performances mainly regarding the web interface have been
significantly improved.
new SOAP features allow remote list creation, ADD and DEL of list members
Automatic list creation when a message is sent for the list.
each operations that changes the status of messages/subscriptions/list config
is now logged in a structured DB entry.
Generalization of UTF-8
and more ... See http://www.sympa.org/ for complete list.
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
an extra html/ directory being created in docs. Changes html/ to html/.
to avoid this extra directory on netbsd-4. Should definitively fix
pkg/36007.
Bump PKGREVISION.
Main changes since 4.1.2:
Full virtual robot support ; you can now create 2 lists with the same name in
different virtual robots
Message topics : list messages can be tagged with topics. List owner defines
a set of topics for the list. List members can select topics and only
receive related messages.
Sympa is now VERP enabled
new return_path_suffix parameter in sympa.conf
new 'digest_max_size' list parameter. If a digest exceeds this limit, then
multiple messages are sent.
New set of web templates, CSS and XHTML compatible.
RSS channels are providing the following features :
* latest messages in list archives
* latest documents in web repository
* latest created mailing lists
* most active mailing lists
Also, lots of other small features, translations and bug fixes.
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
No need to bump PKGREVISION or something, this was harmless:
some directories were made twice while installing from pkgsrc (by do-install
target and by INSTALL script) and binary packages were safe because the
INSTALL script creates them.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
Too many changes and bugfixes to list here, see installed file
${PREFIX}/share/doc/sympa/NEWS.
Highlights of package changes: use regular PREFIX, pervasive use of
bsd.pkg.install.mk framework, add dependencies on mhonarc package and
openssl, use bsd.options.mk framework to select MySQL or PostgreSQL support,
introduce SYMPA_VARBASE to select "/var" directory
(defaults to ${VARBASE}/sympa).
Take stewardship with previous maintainer blessing.
XXX Better startup script(s) than the ones I use should be provided, so
I'm not including them in this package.
