Patch provided by Martin Wilke via PR 34396.
Modify to avoid interaction when buildling.
Authen-SASL 2.10 -- Sat Mar 25 13:11:47 CST 2006
Enhancements
* Added Authen::SASL::Perl::GSSAPI
* Added error method to Authen::SASL to obtain error from last connection
Bug Fixes
* Authen::SASL::Perl::DIGEST_MD5
- Fixed response to server to pass digest-uri
- Correct un-escaping behaviour when reading the challenge,
- check for required fields (according to the RFC),
- allow for qop not to be sent from the server (according to the RFC),
- add a callback for the realm.
Authen-SASL 2.09 -- Tue Apr 26 06:55:10 CDT 2005
Enhancements
* authname support in Authen::SASL::Perl::DIGEST_MD5
* flexible plugin selection in Authen::SASL using import()
i.e. use Authen::SASL qw(Authen::SASL::Cyrus);
* new documentation for
- Authen::SASL::Perl::ANONYMOUS
- Authen::SASL::Perl::CRAM_MD5
- Authen::SASL::Perl::EXTERNAL
- Authen::SASL::Perl::LOGIN
- Authen::SASL::Perl::PLAIN
- Authen::SASL::Perl
* updates in the tests
Authen-SASL 2.08 -- Tue May 25 11:24:21 BST 2004
Bug Fixes
* Fix the handling of qop in Digest-MD5
Authen-SASL 2.07 -- Sat Apr 10 09:06:21 BST 2004
Bug Fixes
* Fixed test bug if Digest::HMAC_MD5 was not installed
* Fixed order of values sent in the PLAIN mechanism
Enhancements
* Added support in the framework for server-side plugins
2003-11-01 18:48 Graham Barr
* lib/Authen/SASL.pm:
Release 2.06
2003-10-21 19:59 Graham Barr
* MANIFEST, lib/Authen/SASL/Perl.pm,
lib/Authen/SASL/Perl/ANONYMOUS.pm,
lib/Authen/SASL/Perl/CRAM_MD5.pm,
lib/Authen/SASL/Perl/DIGEST_MD5.pm,
lib/Authen/SASL/Perl/EXTERNAL.pm, lib/Authen/SASL/Perl/LOGIN.pm,
lib/Authen/SASL/Perl/PLAIN.pm, t/order.t:
Add ordering so we always pich the best of the available methods instead of
just the first
2003-10-17 22:12 Graham Barr
* lib/Authen/SASL.pm:
Release 2.05
2003-10-17 22:06 Graham Barr
* MANIFEST, Makefile.PL:
use Module::Install to generate Makefile and add SIGNATURE and META.yml
2003-10-17 21:19 Graham Barr
* lib/Authen/SASL/Perl/DIGEST_MD5.pm:
Fix typo
2003-10-17 21:17 Graham Barr
* lib/Authen/SASL/: Perl.pm, Perl/DIGEST_MD5.pm:
Don't call die in DIGEST_MD5, but call set_error and return an empty list
2003-10-17 21:16 Graham Barr
* lib/Authen/SASL.pod:
Update docs to reflect that client_start and client_step return an emtpy list on error
(PKG_SYSCONFDIR already includes "stunnel" by default, so avoid the
package adding another and making $PREFIX/etc/stunnel/stunnel/stunnel.conf;
the pidfile does not normally belong under $PREFIX as $PREFIX/var/run is
not normally cleaned/checked by OS-supplied processes.)
* keychain 2.6.6 (08 Sep 2006)
08 Sep 2006; Aron Griffis <agriffis@gentoo.org>:
Make --lockwait -1 mean forever. Previously 0 meant forever but was
undocumented. Add more locking regression tests #137981
* keychain 2.6.5 (08 Sep 2006)
08 Sep 2006; Aron Griffis <agriffis@gentoo.org>:
Break out of loop when empty lockfile can't be removed #127471. Add locking
regression tests:
100_lock_stale 101_lock_held 102_lock_empty 103_lock_empty_cant_remove
* keychain 2.6.4 (08 Sep 2006)
08 Sep 2006; Aron Griffis <agriffis@gentoo.org>:
Add validinherit function so that validity of SSH_AUTH_SOCK and friends can be
validated from startagent rather than up front. The advantage is that warning
messages aren't emitted unnecessarily when --inherit *-once.
Fix --eval for fish, and add new testcases:
053_start_with_--eval_ksh
054_start_with_--eval_fish
055_start_with_--eval_csh
* keychain 2.6.3 (07 Sep 2006)
07 Sep 2006; Aron Griffis <agriffis@gentoo.org>:
Support fish: http://roo.no-ip.org/fish/
Thanks to Ilkka Poutanen for the patch.
Changelog:
* gpglist: do not die with with-fingerprint (Closes: #382019).
* gpg-key2ps: add --list-key to gpg call (works around #382794).
* caff: when set, use $ENV{'GNUPGHOME'} to find secring.gpg. Suggested by
Gerfried Fuchs.
- Hook class comparison function. Accept NULL, equal, not equal operator.
- Introduce better error checking in the idmef-class API, which is now
considered public and might be used by external application. Rename
error code to reflect the API.
- Change to the way IDMEF listed element are handled. Specifying negative
number as the position of the element from the low level API now allow
to position the element at the specified (reversed) index. Using the
high level API a negative index permit to address a list of element
backward (replace an element).
- Build fixes for SWIG > 1.3.27.
- Modify idmef_value_match() so that it always unroll listed value
(do it for both val1 and val2. Remove assertion, and let
idmef_value_type_compare() return an error code in case there is an issue.
- Handle path using IDMEF_LIST_APPEND or IDMEF_LIST_PREPEND as
path using an undefined list index on idmef_path_get() call.
- Make criteria parser accept (*) list index.
- Implement comparison function for all IDMEF object.
* Portability fixes.
* Pth is not anymore linked by means of weak symbol tricks. It is
now required to link to the pth version of libassuan. New aufoconf
macros are provided to to check for this. The pth version is only
build if Pth is available.
* configure does now check that descriptor passing is available. A
way to check at runtime for this is also provided
* New "relax" flag for trustlist.txt to allow root CA certificates
without BasicContraints.
* [gpg2] Removed the -k PGP 2 compatibility hack. -k is now an
alias for --list-keys.
* [gpg2] Print a warning if "-sat" is used instead of "--clearsign".
* Regular man pages for most tools are now build directly from the
Texinfo source.
* Included translations from gnupg 1.4.5.
* The gpg code from 1.4.5 has been fully merged into this release.
The configure option --enable-gpg is still required to build this
gpg part. For production use of OpenPGP the gpg version 1.4.5 is
still recommended. Note, that gpg will be installed under the name
gpg2 to allow coexisting with an 1.4.x gpg.
* API change in gpg-agent's pkdecrypt command. Thus an older gpgsm
may not be used with the current gpg-agent.
* The scdaemon will now call a script on reader status changes.
* gpgsm now allows file descriptor passing for "INPUT", "OUTPUT" and
"MESSAGE".
* The gpgsm server may now output a key listing to the output file
handle. This needs to be enabled using "OPTION list-to-output=1".
* The --output option of gpgsm has now an effect on list-keys.
* New gpgsm commands --dump-chain and list-chain.
* gpg-connect-agent has new options to utilize descriptor passing.
* A global trustlist may now be used. See doc/examples/trustlist.txt.
* When creating a new pubring.kbx keybox common certificates are
imported.
* Enhanced pkcs#12 support to allow import from simple keyBags.
* Exporting to pkcs#12 now create bag attributes so that Mozilla is
able to import the files.
* Pkcs#12 files are now created with a MAC. This is for better
interoperability.
* Fixed uploading of certain keys to the smart card.
* New command APDU for scdaemon to allow using it for general card
access. Might be used through gpg-connect-agent by using the SCD
prefix command.
* Support for the CardMan 4040 PCMCIA reader (Linux 2.6.15 required).
* Scdaemon does not anymore reset cards at the end of a connection.
* Kludge to allow use of Bundesnetzagentur issued X.509 certificates.
* Added --hash=xxx option to scdaemon's PKSIGN command.
* A couple of bug fixes for OCSP.
* OCSP does now make use of the responder ID and optionally included
certificates in the response to locate certificates.
* No more lost file descriptors when loading CRLs via HTTP.
* HTTP redirection for CRL and OCSP has been implemented.
* Man pages are now build and installed from the texinfo source.
Note, that you need to update libksba to version 1.0.0 for this
release.
from PKG_OPTIONS, and also comments out the libcrack module in the PLIST.
However this means nothing to the PAM configure script, which will find a
system libcrack and install the libcrack module. When the pkgsrc bulk
build deinstalls PAM, it detects the leftover libcrack module and marks
PAM and its dependents failed.
Fix this by adding a --disable-crack option to the configure script.
New in 2.1.22
-------------
* Added support for spliting big data blocks (bigger than maxbuf)
into multiple SASL packets in sasl_encodev
* Various sasl_decode64() fixes
* Increase canonicalization buffer size to 1024 bytes
* Call do_authorization() after successful APOP authentication
* Allow for configuration file location to be configurable independently
of plugin location (bug # 2795)
* Added sasl_set_path function, which provides a more convenient way
of setting plugin and config paths. Changed the default
sasl_getpath_t/sasl_getconfpath_t callbacks to calculate
the value only once and cache it for later use.
* Fixed load_config to search for the config file in all directories
(bug # 2796). Changed the default search path to be
/usr/lib/sasl2:/etc/sasl2
* Don't ignore log_level configuration option in default UNIX syslog
logging callback
* (Windows) Minor IPv6 related changes in Makefiles for Visual Studio 6
* (Windows) Fixed bug of not setting the CODEGEN (code generation option)
nmake option if STATIC nmake option is set.
* Several fixed to DIGEST-MD5 plugin:
- Enable RC4 cipher in Windows build of DIGEST-MD5
- Server side: handle missing realm option as if realm="" was sent
- Fix DIGEST-MD5 to properly advertise maxssf when both DES and RC4
are disabled
- Check that DIGEST-MD5 SASL packet are no shorter than 16 bytes
* Several changes/fixed to SASLDB plugin:
- Prevent spurious SASL_NOUSER errors
- Added ability to keep BerkleyDB handle open between operations
(for performance reason). New behavior can be enabled
with --enable-keep-db-open.
* Better error checking in SQL (MySQL) auxprop plugin code
* Added support for HTTP POST password validation in saslauthd
* Added new application ("pluginviewer") that helps report information
about installed plugins
* Allow for building with OpenSSL 0.9.8
* Allow for building with OpenLDAP 2.3+
* Several quoting fixes to configure script
* A large number of other minor bugfixes and cleanups
** Parse "group" configuration parameters of GnuPG.
** epg-verify-file and epg-verify-string now return the plaintext
after successful verification.
** Obey the decoding coding-system determined by
decode-coding-inserted-region.
** Improved progress display.
** Allow file names starting with "-".
---------------------------------------------------------------------------
June 27, 2006
amavisd-new-2.4.2 release notes
SUMMARY OF CHANGES:
- new feature: "pen pals soft-whitelisting" lowers spam score of received
replies to a message previously sent by a local user to this address;
- new feature: added command line options to override certain configuration
settings from a config file, see below;
- documentation bug fixes, especially on the use of SQL data type TIMESTAMP;
- zoo decoder interface routine can now use utility unzoo(1) or zoo(1);
---------------------------------------------------------------------------
May 8, 2006
amavisd-new-2.4.1 release notes
INCOMPATIBLE CHANGE WITH 2.4.0:
- notification templates incompatibility with 2.4.0 (but not with versions
2.3.3 or older): major contents category numbers are renumbered due to a
newly inserted category CC_SPAMMY; it affects the use of macro ccat_maj
in templates (one field added), and only affect users which provide
non-default templates based on 2.4.0 templates; older templates (2.3.3
or earlier) are unaffected as they do not use macro ccat_maj;
---------------------------------------------------------------------------
April 3, 2006
amavisd-new-2.4.0 release notes
The most important changes since 2.3.3 at a glance:
Delivery status notifications (DSN) are now supported, both as a SMTP
protocol extension and in notifications. Header fields like X-Amavis
and X-Spam are now prepended to mail header for DomainKeys compatibility.
Configuration variables can be chosen based on mail contents category,
which is now represented explicitly. A built-in macro expander is enhanced,
providing new macros and call types. Added support for passive operating
system fingerprinting with the use of p0f, supplying collected information
as a header field to SpamAssassin. Provide compatibility with Net::Server
0.91 and later.
