Fixes a lot of bugs. The next release will be the first "release
candidate" instead of a beta.
* PAM: Don't call pam_setcred() unless setcred=yes PAM passdb
argument was given.
* Moved around settings in dovecot-example.conf to be in more logical
groups.
+ Local delivery agent (deliver binary) works again.
+ LDAP: Added support for SASL binding. Patch by Geert Jansen
+ ssl_verify_client_cert: Check CRLs. If auth_verbose=yes, log
invalid sent certificates. If verbose_ssl=yes, log even the valid
certificates. When using the username from the certificate, use
CommonName. Based on patch by HenkJan Wolthuis
+ PAM: Set PAM_TTY which is needed by some PAM plugins
+ dovecot --exec-mail ext <binary path> can now be used to start
binaries which want dovecot.conf to be read, for example the
convert-tool.
- Expunging needed to be done twice if client used STORE +FLAGS.SILENT
command to set the \Deleted flags
- Added sql_escape_string() to lib-sql API and use it instead of
normal \-escaping.
- ACL plugin fixes
- DIGEST-MD5: Trying to use subsequent authentication crashed
dovecot-auth.
- Fetching BODY when BODYSTRUCTURE was already cached caused the
reply to be broken in some cases
- Lots of fixes for index file handling
- dbox fixes and changes
- mbox syncing broke if some extraneous/broken headers were removed
(eg. extra X-IMAPbase headers in mails)
- Running Dovecot from inetd work now properly with POP3
- Quota plugin fixes for calculating the quota correctly
Changelog:
Evolution-Data-Server 1.6.2, 2006-05-29
----------------------------------------
Bug fixes since 1.6.2 :
http://go-evolution.org/Evo2.6.2#Evolution-Data-Server
And on that page:
From Evolution
(There is currently no text in this page)
Changes 2.2.6:
* The 8-bit literal (literal8) in IMAP4 response was supported.
* The missing timeout handling was added for SMTP.
* The failure of URI security check when they have leading space
was fixed.
Changes 2.2.5:
* The character corruption and crash bug when using Japanese
half-width kana on sending messages was fixed.
* The execution failure when using the accessibility module was fixed.
* The bug that new/unread count becoming negative value was fixed.
* The bug that bold face was disabled in the folder selection dialog
with GLib 2.10 and Pango 1.12 was fixed.
* The incorrect progressbar display when expired messages exist was
fixed.
* [SECURITY] Fix bug in encoding of usernames that contain '='. This
fixes the security advisories noted here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2659http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834http://secunia.com/advisories/20519/
* Implemented "Purge" option for mail filters.
* Invoke Courier filters in alphabetical order, and uses 050 exit code
to accept a message without running the remaining filters, which gets
converted to a 250 ESMTP code.
* Fix improper parsing of ident/pfix tokens in SPF.
* New command line tool "aliaslookup" to look up mail aliases.
* Added support for the koi8-u character set.
* Fix monthly rotation of sent folder on multilingual systems.
* Miscellaneous small i18n fixes.
* New "any message" webmail filter option.
* Improve the "message limit exceeded" error message.
* New checkbox on the login form enables/disables soft timeout.
* Create an invisible frame at login time that reloads at
timeoutsoft/2 intervals, thus keeping the session alive
* Fix bug where overriding TIMEOUTSOFT via environment variables may
cause calendar session to timeout prematurely
Pkgsrc changes:
- The module is now available on CPAN, so changed MASTER_SITES accordingly.
- Changed HOMEPAGE to CPAN site because Jason Long's web site seems to
be down occasionally.
- Added Crypt::OpenSSL::Bignum as a requirement (listed in Makefile.PL)
because Mail::DKIM uses objects of that type (returned by
Crypt::OpenSSL::RSA::get_key_parameters).
- New requirement: security/p5-Digest-SHA
Relevant changes since version 0.14:
====================================
* implemented signing and verifying of a SHA-256 digest
* various new tests and a few bug fixes
Use a better boundary check, which doesn't depend on PATH_MAX >> NAME_MAX.
Both changes are from DragonFly and have been reported upstream.
Install only man pages, not the catpages. The installation was
inconsistent before.
Bump revision. OK from tv@.
Pkgsrc changes:
- patch-bb for no longer necessary (integrated upstream).
Changes since version 3.1.2:
============================
- bug 4926: given a certain set of parameters to spamd and a specially
formatted input message, users could cause spamd to execute arbitrary
commands as the spamd user
- bug 4932: the userstate dir and userprefs file would not be created
under certain conditions.
3.6.7 is a maintenance release
BUGFIX: Using UIDInSignature, wrong UID is written to message when using groups
BUGFIX: PostgreSQL driver does not reconnect on failure in daemon mode
BUGFIX: X-DSPAM-Probability sometimes misreported when multiple algorithms used
BUGFIX: Agent segfaults when DeliveryHost or ClientHost not specified, --client
BUGFIX: Agent segfaults on some systems when syslog is used
BUGFIX: Agent segfaults when dlopen() to storage library fails
BUGFIX: Infinite loop created when deleting preference, not using extensions
BUGFIX: ATX (agent context) does not hold enough bits for 'flags' variable
3.6.6 is a maintenance release
MAINT: Phased out deprecated Berkeley DB drivers
MAINT: Phased out legacy tools (dspam_corpus, dspam_genaliases)
BUGFIX: When using logfile, write errors result in segfault
BUGFIX: Compiler warnings with sqlite_drv and sqlite3_drv
BUGFIX: MySQLUIDInSignature causes segfault on retrain
BUGFIX: trainPristine preference "off" does not override default
mail/thunderbird-gtk1 to 1.5.0.4, and www/seamonkey, www/seamonkey-gtk1
and www/seamonkey-bin to 1.0.2 (salo has already updated www/firefox-bin).
Note that thunderbird skipped one release number (again) to stay on par
with firefox.
These updates provide:
* improvements to product stability,
* several important security fixes (see below).
Fixed in Firefox 1.5.0.4:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in Thunderbird 1.5.0.4:
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
Fixed in SeaMonkey 1.0.2:
MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)
all PEAR packages to php?-pear-* and all Apache packages to ap13-* or
ap2-* respectively. Add new variables to simplify the Makefile
handling. Add CONFLICTS on the old names. Reset revisions of bumped
packages. ap-php will now depend on the default Apache and PHP version.
All programs using it have an implicit option of the Apache version
as well.
OK from jlam@ and adrianp@.
- fix attribute deletion error with Filter_classifier when
strip_delivered_to is set. Thanks: ?.
- do not consider qmail-local writing to stderr a delivery error.
Thanks: ?.
Remove nearly 2-year-old MESSAGE about upgrading from version 3.
Version 1.2.1 - 9 March 2006
----------------------------
- Buf fix; program fault when using the fetch*() family of functions.
Version 1.2 - 2 March 2006
--------------------------
- IPv6 support.
- Lua 5.1 compatibility.
- Bug fix; handle messages containing binary data.
- Bug fix; problems with CPU utilisation when the inactivity timeout timer was
set.
Pkgsrc changes:
- The updates for rule files go into $VARBASE/spamassassin/.
- This above directory and the directory sa-update-keys for the GPG keys
are now handled automatically by OWN_DIRS.
- The growing number of *.pre files are managed in a loop in the Makefile.
They are no longer contained in the static PLIST.
- Removed some unnecessary trailing slashes.
- Patching init.pre in order to disable the SPF plugin broke the spf.t
test. This is now fixed, although in a rather ugly way :-/.
- patch-ab no longer needs to use BSD_INSTALL_DATA_DIR because we create
the directories through INSTALLATION_DIRS.
- patch-ad and patch-az were removed (changes integrated upstream).
- patch-bb fixes a small documentation error.
- Fixed some warnings by pkglint about the SUBST framework in Makefile
and options.mk.
Relevant changes since version 3.1.1:
=====================================
- bug 4802: implement DKIM plugin, including whitelist_from_dkim support
- bug 3838: work around Perl bug causing captured RE variables to become
tainted -- thanks to Mark Martinec for pointing out the bug with
Perl itself
- bug 4850: re-enable the Razor2 plugin by default due to a service
policy change
- bug 4826: Razor2 plugin needs to load Mail::SpamAssassin::Timeout module
- bug 4827: M::SA::first_existing_path() would return the last array
entry passed in if none of the paths were found. Now return undef
instead and handle the error when it happens.
- bug 4813: generally open RE causes sendmail received header get read
in as qmail in error
- bug 4839: Logger.pm converts control chars including tab into
underscores which confuses a bunch of users when checking debug output.
Convert tab into space instead, etc.
- bug 4884: if a null message is passed in, there are several variables
which end up undefined causing warnings. fake an empty message if no
input is given.
- bug 4793: when replacing tags in a message (_TAG_), leave the tags
that don't exist alone instead of just removing them
- bug 4861, 4760: handle dccifd and dccproc failover properly, backport
relays_internal and relays_external code, backport bug 4760 fix so
that it's not possible to be in internal_networks without being in
trusted_networks as well
- bug 4901: deal more properly with failures in bgsend(). also, use
the proper variable to show when errors occur.
- bug 4867: fetchmail changed header formats at some point making Received
parsing fail in certain conditions
- bug 4699: use M::SA::Timeout for spamd copy_config call and allow for
empty $@ values
- bug 3754: if there's a problem opening a file via sa-learn or
spamassassin, return an error exit value.
non-tabs; else make(1) interprets it as a command line.
Fixes the following message on NetBSD 2.1:
make: "/export/SRC/netbsd/pkgsrc/mail/mailman/Makefile" line 31: Unassociated shell command "# use 'postfix' for postfix"
and add a commend what to change for postfix.
Before, this used group 'guest', which didn't work with any mailer,
so that's not perfect, but a step in the right direction.
2006-03-17 David F. Skoll
* VERSION 5.420 RELEASED
* Fix regression introduced in 5.419 -- quoted-printable
encoding would sometimes fail on "textual" MIME parts.
> 8.13.6/8.13.6 2006/03/22
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
> If a server returns 421 for an RSET command when trying to start
> another transaction in a session while sending mail, do
> not trigger an internal consistency check. Problem found
> by Allan E Johannesen of Worcester Polytechnic Institute.
> If a server returns a 5xy error code (other than 501) in response
> to a STARTTLS command despite the fact that it advertised
> STARTTLS and that the code is not valid according to RFC
> 2487 treat it nevertheless as a permanent failure instead
> of a protocol error (which has been changed to a
> temporary error in 8.13.5). Problem reported by Jeff
> A. Earickson of Colby College.
> Clear SMTP state after a HELO/EHLO command. Patch from John
> Myers of Proofpoint.
> Observe MinQueueAge option when gathering entries from the queue
> for sorting etc instead of waiting until the entries are
> processed. Patch from Brian Fundakowski Feldman.
> Set up TLS session cache to properly handle clients that try to
> resume a stored TLS session.
> Properly count the number of (direct) child processes such that
> a configured value (MaxDaemonChildren) is not exceeded.
> Based on patch from Attila Bruncsak.
> LIBMILTER: Remove superfluous backslash in macro definition
> (libmilter.h). Based on patch from Mike Kupfer of
> Sun Microsystems.
> LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
> This generates an error message from libmilter on
> Solaris, though other systems appear to just discard the
> request silently.
> LIBMILTER: Deal with sigwait(2) implementations that return
> -1 and set errno instead of returning an error code
> directly. Patch from Chris Adams of HiWAAY Informations
> Services.
> Portability:
> Fix compilation checks for closefrom(3) and statvfs(2)
> in NetBSD. Problem noted by S. Moonesamy, patch from
> Andrew Brown.
> Major changes compared to the Turba H3 (2.1) version are:
> * Fixed losing sessions when editing address books.
> * Added upgrade script for Oracle to upgrade from 1.2 to 2.x.
> * Fixes and improvements to the create_default_histories.php and
> public_to_horde_share.php scripts.
> * Updated Danish, Dutch, German, Greek, Estonian and Japanese translations.
> * Small bugfixes and improvements.
>
> The full list of changes (from version H3 (2.1)) can be viewed here:
>
> http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.68&r2=1.181.2.80&ty=h
>
> Major changes compared to the Ingo H3 (1.1) version are:
> * Restored backward compatibility with Horde 3.0.x.
> * Enabled the filter setting to stop further filtering by default.
> * Small bug fixes and improvements.
> * New translations: Estonian, Greek.
> * Updated translations: Danish, Dutch, German.
>
> The full list of changes (from version H3 (1.1)) can be viewed here:
>
> http://cvs.horde.org/diff.php/ingo/docs/CHANGES?r1=1.55.2.39&r2=1.55.2.49&ty=h
changes since 1.0beta7:
* Fixed a security hole with mbox: "1 LIST .. *" command could
list all directories and files under the mbox root directory, so
if your mails were stored in eg. /var/mail/%u/ directory, the
command would list everything under /var/mail.
+ Unless nfs_check=no or mmap_disable=yes, check for the first login
if the user's index directory exists in NFS mount. If so, refuse to
run. This is done only on first login to avoid constant extra
overhead.
+ If we have plugins set and imap_capability unset, figure out the
IMAP capabilities automatically by running imap binary at startup.
The generated capability list isn't updated until Dovecot is
restarted completely, so if you add or remove IMAP plugins you
should restart. If you have problems related to this, set
imap_capabilities setting manually to work around it.
+ Added auth_username_format setting
- pop3_lock_session setting wasn't really working
- Lots of fixes related to quota handling. It's still not working
perfectly though.
- Lots of index handling fixes, especially with mmap_disable=yes
- Maildir: saving mails could have sometimes caused "Append with UID
n, but next_uid = m" errors
- flock() locking never timeouted because ignoring SIGALRM caused the
system call just to be restarted when SIGALRM occurred (probably not
with all OSes though?)
- kqueue: Fixed "Unrecognized event". Patch by Vaclav Haisman
general idea is that the client should never know that it's not talking to
the real IMAP server. The only thing that makes this a slightly unique Imap
Proxy server is that it caches server connections.
RELEASE 3.6.5-STABLE
MAINT: PgSQL SQL tuning
MAINT: WebUI aesthetic and functional fixes
MAINT: Added --disable-syslog and --with-logfile= configuration flags
MAINT: Added -t flag for dspam_stats to total stats
MAINT: Markov result used as X-DSPAM-Confidence when Markov used
MAINT: Support for separate read/write servers to be used with mysql_drv
BUGFIX: Spam are quarantined when --deliver=summary
BUGFIX: Admin graphs malformatted when subject contains newline character
BUGFIX: WebUI does not use MAX_COL_LEN
BUGFIX: Output for dspam_admin aggr pref incorrect
BUGFIX: Flat-file preference writes fail on some systems
BUGFIX: Failure to connect to ClamAV causes segmentation fault
BUGFIX: NULL username in system causes segmentation fault
BUGFIX: ClamAV processing and cleanup issues
BUGFIX: Fragment files overwritten on retrain
BUGFIX: Miscellaneous invalid read / segmentation fault bugs
BUGFIX: If TrainingMode not specified in dspam.conf or passed in, segmentation fault
BUGFIX: No output returned when using --deliver=summary with dspamc
RELEASE 3.6.4-STABLE
DOC: Documented user preferences in README
MAINT: Added dspam_train tool, replacing most functions of dspam_corpus
MAINT: Code cleanup and performance improvements
MAINT: Significant improvements in accuracy, specifically reduced false pos.
MAINT: Removed experimental neural collaboration functions
MAINT: Added ClassAlias configuration directive to dspam.conf
MAINT: Added undo option for retraining via WebUI
MAINT: Added storeFragments support to WebUI
MAINT: Added mass-retraining support to WebUI
BUGFIX: DSPAM segfaults when invalid UID specified using UIDInSignature
BUGFIX: No output when using --classify with --client
BUGFIX: dspam_corpus overrides default dspam.conf settings
BUGFIX: Multi-driver builds fail when preferences-extension is not supported
Prior to this release, there are security vulnerability the same as
squirrelmail 1.4.5.
This update made with temporary Japanese patch based on the patch
for 1.4.5.
symmetry between installation from source and from binary package.
Annoate MESSAGE accordingly, so that those using apop can do it
themselves. Bump revision
be created just before its "configure" phase, obviating the need
for the hackish dependency on a qmail-users package. Since the new
functionality in bsd.pkginstall.mk also records and enforces numeric
UIDs and GIDs in binary packages, remove the note on that matter
from MESSAGE.
Bump PKGREVISION.
+ Add an INSTALL script that detects the presence of the old
sqwebmail state directory and that informs the admin to move it
to the new location.
+ Install some more of the HTML documentation in the location expected
by courier-mta.
* Complete re-implementation of the LDAP addressbook.
* Increase the maximum size of the CGI environment to avoid certain
classes of browser/website problems.
+ Install some more of the HTML documentation in the location expected
by courier-mta.
+ Moved the default locations for the imapd and pop3d SSL certificates
into ${PKG_SYSCONFDIR}. These paths may be changed directly in the
imapd-ssl and pop3d-ssl configuration files by modifying TLS_CERTFILE.
* New capability to control announcements of IMAP ACL support when
starting imapd.
* Optimization: Skip going through the motions of outputting the results
of a SORT if the number of sorted messages is 0.
* Have CREATE and RENAME also create courierimapuidlist.
* Log total bytes sent/received in IMAP and POP3 sessions.
+ Install the makedat documentation; even though "makedat" is part
of courier-authlib, that package installs no doucmentation for
it, and "makedat" is used quite frequently in conjunction with
maildrop.
* fix for RFC822 compliance -- encode spaces that precede a newline.
courier-0.53.1 as mail/courier-mta.
The Courier mail transfer agent (MTA) is a modular multiprotocol mail
server that's designed to strike a balance between reasonable performance,
flexibility and features.
This package differs from traditional courier-mta packages in that
the webmail, imap/pop3, and maildrop components are not included
because they are supplied by the mail/sqwebmail, mail/courier-imap,
and mail/maildrop packages, respectively. When Courier-MTA is installed
together with Courier-IMAP and SqWebMail, they form an integrated
mail/groupware server suite that provides ESMTP, IMAP, POP3, webmail,
and mailing list services within a single, consistent, framework. A
web-based administration and configuration tool is included for
comprehensive configuration of the entire Courier software suite.
Many thanks to Yarema <yds@CoolRat.org> whose Courier port for FreeBSD
was an invaluable reference.
