NEW features of cdrtools-3.01:
This is the first localization step for cdrtools. All programs now (hopefully)
call gettext() for all strings that need localization.
- The next step will include dgettext() calls for the libraries.
- The following step will include the extracted strings
- The last step will include German translations and install support
for the resulting binary message object files.
uploads are blocked irrespective of what is set in the configuration files.
Remove MESSAGE as licence has changed, it is now entirely GPL.
Bump PKGREVISION.
Changes with nginx 1.9.4 18 Aug 2015
*) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer"
directives of the stream module are replaced with the
"proxy_buffer_size" directive.
*) Feature: the "tcp_nodelay" directive in the stream module.
*) Feature: multiple "sub_filter" directives can be used simultaneously.
*) Feature: variables support in the search string of the "sub_filter"
directive.
*) Workaround: configuration testing might fail under Linux OpenVZ.
Thanks to Gena Makhomed.
*) Bugfix: old worker processes might hog CPU after reconfiguration with
a large number of worker_connections.
*) Bugfix: a segmentation fault might occur in a worker process if the
"try_files" and "alias" directives were used inside a location given
by a regular expression; the bug had appeared in 1.7.1.
*) Bugfix: the "try_files" directive inside a nested location given by a
regular expression worked incorrectly if the "alias" directive was
used in the outer location.
*) Bugfix: in hash table initialization error handling.
*) Bugfix: nginx could not be built with Visual Studio 2015.
Changes with nginx 1.9.3 14 Jul 2015
*) Change: duplicate "http", "mail", and "stream" blocks are now
disallowed.
*) Feature: connection limiting in the stream module.
*) Feature: data rate limiting in the stream module.
*) Bugfix: the "zone" directive inside the "upstream" block did not work
on Windows.
*) Bugfix: compatibility with LibreSSL in the stream module.
Thanks to Piotr Sikora.
*) Bugfix: in the "--builddir" configure parameter.
Thanks to Piotr Sikora.
*) Bugfix: the "ssl_stapling_file" directive did not work; the bug had
appeared in 1.9.2.
Thanks to Faidon Liambotis and Brandon Black.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used; the bug had appeared in 1.9.2.
Thanks to Matthew Baldwin.
Changes with nginx 1.9.2 16 Jun 2015
*) Feature: the "backlog" parameter of the "listen" directives of the
mail proxy and stream modules.
*) Feature: the "allow" and "deny" directives in the stream module.
*) Feature: the "proxy_bind" directive in the stream module.
*) Feature: the "proxy_protocol" directive in the stream module.
*) Feature: the -T switch.
*) Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf,
fastcgi_params, scgi_params, and uwsgi_params standard configuration
files.
*) Bugfix: the "reuseport" parameter of the "listen" directive of the
stream module did not work.
*) Bugfix: OCSP stapling might return an expired OCSP response in some
cases.
Changes with nginx 1.9.1 26 May 2015
*) Change: now SSLv3 protocol is disabled by default.
*) Change: some long deprecated directives are not supported anymore.
*) Feature: the "reuseport" parameter of the "listen" directive.
Thanks to Yingqi Lu at Intel and Sepherosa Ziehau.
*) Feature: the $upstream_connect_time variable.
*) Bugfix: in the "hash" directive on big-endian platforms.
*) Bugfix: nginx might fail to start on some old Linux variants; the bug
had appeared in 1.7.11.
*) Bugfix: in IP address parsing.
Thanks to Sergey Polovko.
Changes with nginx 1.9.0 28 Apr 2015
*) Change: obsolete aio and rtsig event methods have been removed.
*) Feature: the "zone" directive inside the "upstream" block.
*) Feature: the stream module.
*) Feature: byte ranges support in the ngx_http_memcached_module.
Thanks to Martin Mlynar.
*) Feature: shared memory can now be used on Windows versions with
address space layout randomization.
Thanks to Sergey Brester.
*) Feature: the "error_log" directive can now be used on mail and server
levels in mail proxy.
*) Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work if not specified in the first "listen" directive for a
listen socket.
Changes with nginx 1.7.12 07 Apr 2015
*) Feature: now the "tcp_nodelay" directive works with backend SSL
connections.
*) Feature: now thread pools can be used to read cache file headers.
*) Bugfix: in the "proxy_request_buffering" directive.
*) Bugfix: a segmentation fault might occur in a worker process when
using thread pools on Linux.
*) Bugfix: in error handling when using the "ssl_stapling" directive.
Thanks to Filipe da Silva.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.7.11 24 Mar 2015
*) Change: the "sendfile" parameter of the "aio" directive is
deprecated; now nginx automatically uses AIO to pre-load data for
sendfile if both "aio" and "sendfile" directives are used.
*) Feature: experimental thread pools support.
*) Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
"scgi_request_buffering", and "uwsgi_request_buffering" directives.
*) Feature: request body filters experimental API.
*) Feature: client SSL certificates support in mail proxy.
Thanks to Sven Peter, Franck Levionnois, and Filipe Da Silva.
*) Feature: startup speedup when using the "hash ... consistent"
directive in the upstream block.
Thanks to Wai Keen Woon.
*) Feature: debug logging into a cyclic memory buffer.
*) Bugfix: in hash table handling.
Thanks to Chris West.
*) Bugfix: in the "proxy_cache_revalidate" directive.
*) Bugfix: SSL connections might hang if deferred accept or the
"proxy_protocol" parameter of the "listen" directive were used.
Thanks to James Hamlin.
*) Bugfix: the $upstream_response_time variable might contain a wrong
value if the "image_filter" directive was used.
*) Bugfix: in integer overflow handling.
Thanks to Régis Leroy.
*) Bugfix: it was not possible to enable SSLv3 with LibreSSL.
*) Bugfix: the "ignoring stale global SSL error ... called a function
you should not call" alerts appeared in logs when using LibreSSL.
*) Bugfix: certificates specified by the "ssl_client_certificate" and
"ssl_trusted_certificate" directives were inadvertently used to
automatically construct certificate chains.
This module contains an interface to the GNU Recode library. The GNU Recode
library converts files between various coded character sets and surface
encodings. When this cannot be achieved exactly, it may get rid of the
offending characters or fall back on approximations. The library recognises or
produces nearly 150 different character sets and is able to convert files
between almost any pair. Most RFC 1345 character sets are supported.
(These security fixes are already done by bind-9.9.7pl2nb1.)
--- 9.9.7-P3 released ---
4170. [security] An incorrect boundary check in the OPENPGPKEY
rdatatype could trigger an assertion failure.
(CVE-2015-5986) [RT #40286]
4168. [security] A buffer accounting error could trigger an
assertion failure when parsing certain malformed
DNSSEC keys. (CVE-2015-5722) [RT #40212]
(Already fixed by bind-9.10.2pl3nb1.)
--- 9.10.2-P4 released ---
4170. [security] An incorrect boundary check in the OPENPGPKEY
rdatatype could trigger an assertion failure.
(CVE-2015-5986) [RT #40286]
4168. [security] A buffer accounting error could trigger an
assertion failure when parsing certain malformed
DNSSEC keys. (CVE-2015-5722) [RT #40212]
-----------------------
- Changes for xlog version 2.0.13 - 2015-apr-19
* Fixed date in cabrillo3 output to be: yyyy-mm-dd
* Fixed date in EDI output to be: yymmdd
* Fixed QSORecords in EDI output
* Updated cty.dat to 20150420 (cty-2505)
* Fixed Bug #44547: Added JT9 modes
* Fixed Bug #44259: broken dupe checking
This is essentially a bugfix release, with:
- additional fixes to the helper utilities (panel-notify, wifibrowser...)
- minor improvement to the "network" applet and settings(1) utility
- build fixes
- set LICENSE= gnu-gpl-v2
(upstream)
- Update 0.9.30 to 0.9.31.2
----------------------------
2007-12-21 rein couperus <rein@couperus.com>
* changed searchlog.c ('possible calls')
2007-12-18 rein couperus <rein@couperus.com>
* changed cluster_bg.c to fix possible buffer overflow
* changed searchlog.c -> compare now starts at beginning of callsign.
Removed PKG_DESTDIR_SUPPORT=destdir, no longer needed since 2011.
2.1.20 (31-Mar-2015)
- A path traversal vulnerability has been discovered and fixed (CVE-2015-2775)
- There is a new Address Change sub-section in the web admin
Membership Management section
- The Russian translation has been updated by Danil Smirnov.
- The Polish translation has been updated by Stefan Plewako.
- A LookupError in SpamDetect on a message with RFC 2047 encoded headers
in an unknown character set is fixed.
- Fixed a bug in CommandRunner that could process the second word of a
body line as a command word and a case sensitivity in commands in
Subject: with an Re: prefix.
- Fixed a bug in CommandRunner that threw an uncaught KeyError if
the input to the list-request address contained a command word
terminated by a period.
- Changed the response to an invalid confirmation to be more generic.
Not all confirmations are subscription requests.
- Changed the default nonmember_rejection_notice to be more user friendly.
- Added "If you are a list member" qualification to some messages from the
options login page.
- Changed the 'Approve' wording in the admindbdetails.html template to
'Accept/Approve' for better agreement with the button labels.
- Added '(by thread)' to the previous and next message links in the
archive to emphasize that even if you got to the message from a
subject, date or author index, previous and next are still by thread.
2.1.19 (28-Feb-2015)
- The subscribe_auto_approval feature backported from the 2.2 branch and
described above has been enhanced to accept entries of the form
@listname to auto approve members of another list.
- There is a new list attribute dmarc_wrapped_message_text and a
DEFAULT_DMARC_WRAPPED_MESSAGE_TEXT setting to set the default for new
lists. This text is added to a message which is wrapped because of
dmarc_moderation_action in a separate text/plain part that precedes the
message/rfc822 part containing the original message. It can be used to
provide an explanation of why the message was wrapped or similar info.
- There is a new list attribute equivalent_domains and a
DEFAULT_EQUIVALENT_DOMAINS setting to set the default for new lists which
in turn defaults to the empty string. This provides a way to specify one
or more groups of domains, e.g., mac.com, me.com, icloud.com, which are
considered equivalent for validating list membership for posting and
moderation purposes.
- There is a new WEB_HEAD_ADD setting to specify text to be added to the
<HEAD> section of Mailman's internally generated web pages. This doesn't
apply to pages built from templates, but in those cases, custom templates
can be created.
- There is a new DEFAULT_SUBSCRIBE_OR_INVITE setting. Set this to Yes
to make the default selection on the admin Mass Subscriptions page
Invite rather than Subscribe.
- There is a new list attribute in the Bounce processing section.
bounce_notify_owner_on_bounce_increment if set to Yes will cause
Mailman to notify the list owner on every bounce that increments a
list member's score but doesn't result in a probe or disable. There
is a new configuration setting setting
DEFAULT_BOUNCE_NOTIFY_OWNER_ON_BOUNCE_INCREMENT to set the default
for new lists. This in turn defaults to No.
- Mailman's log files, request.pck files and heldmsg-* files are no
longer created world readable to protect against access by untrusted
local users. Note that permissions on existing log files won't be
changed so if you are concerned about this and don't rotate logs or
have a logrotate process that creates new log files instead of letting
Mailman create them, you will need to address that.
- The Python Powered logo image has been replaced in the misc/ directory
in the source distribution. Depending on how you've installed these
images, you may need to copy PythonPowered.png from the misc/ directory
in the source or from the $prefix/icons/ installed directory to another
location for your web server.
- The Polish translation has been updated by Stefan Plewako.
- The Interlingua translation has been updated by Martijn Dekker.
- The Japanese message catalog has been updated by SATOH Fumiyasu.
- Mailman's character set for Romanian has been changed from iso-8859-2
to utf-8 and the templates and messages recoded. This change will
require running 'bin/arch --wipe' on any existing Romanian language
lists in order to recode the list's archives, and will require recoding
any edited templates in lists/LISTNAME/ro/*, templates/DOMAIN/ro/* and
templates/site/ro/*. It may also require recoding any existing
iso-8859-2 text in list attributes.
- Mailman's character set for Russian has been changed from koi8-r to
utf-8 and the templates and messages recoded. This change will
require running 'bin/arch --wipe' on any existing Russian language
lists in order to recode the list's archives, and will require recoding
any edited templates in lists/LISTNAME/ru/*, templates/DOMAIN/ru/* and
templates/site/ru/*. It may also require recoding any existing koi8-r
text in list attributes.
- Mailman's versions.py has been augmented to help with the above two
character set changes. The first time a list with preferred_language
of Romanian or Russian is accessed or upon upgrade to this release,
any list attributes which have string values such as description, info,
welcome_msg, etc. that appear to be in the old character set will be
converted to utf-8. This is done recursively for the values (but not
the keys) of dictionary attributes and the elements of list and tuple
attributes.
- The Russian message catalog and templates have been further updated by
Danil Smirnov.
- The Romanian message catalog has been updated.
- The Russian templates have been updated by Danil Smirnov.
- The Japanese translation has been updated by SATOH Fumiyasu.
- A minor change in the French translation of a listinfo subscribe form
message has been made.
- Because of privacy concerns with the 2.2 backport adding real name to
list rosters, this is controlled by a new ROSTER_DISPLAY_REALNAME
setting that defaults to No. You may wish to set this to Yes in
mm_cfg.py.
- Organization: headers are now unconditionally removed from posts to
anonymous lists. Regexps in ANONYMOUS_LIST_KEEP_HEADERS weren't kept
if the regexp included the trailing ':'. This is fixed too.
- The admindb interface has been fixed so the the detail message body
display doesn't lose part of a multi-byte character, and characters which
are invalid in the message's charset are replaced rather than the whole
body not being converted to the display charset.
- Fixed a bug in bin/rmlist that would throw an exception or just fail to
remove held message files for a list with regexp special characters in
its name.
- When applying DMARC mitigations, CookHeaders now adds the original From:
to Cc: rather than Reply-To: in some cases to make MUA 'reply' and
'reply all' more consistent with the non-DMARC cases.
- The Subject: of the list welcome message wasn't always in the user's
preferred language. Fixed.
- Accept email command in Subject: prefixed with Re: or similar with no
intervening space.
- Fixed a UnicodeDecodeError that could occur in the web admin interface
if 'text' valued attributes have unicode values.
- We now catch the NotAMemberError exception thrown if an authenticated
unsubscribe is submitted from the user options page for a nonmember.
- Fixed an archiving bug that would cause messages with 'Subject: Re:'
only to be indexed in the archives without a link to the message.
- The vette log entry for a message discarded by a handler now includes
the list name and the name of the handler.
- The options CGI now rejects all but HTTP GET and POST requests.
- A list's poster password will now be accepted on an Urgent: header.
- Fixed a bug which caused a setting of 2 for REMOVE_DKIM_HEADERS to be
ignored.
- Renamed messages/sr/readme.sr to README.sr.
- Moved the dmarc_moderation_action checks from the Moderate handler to
the SpamDetect handler so that the Reject and Discard actions will be
done before the message might be held by header_filter_rules, and the
Wrap Message and Munge From actions will be done on messages held by
header_filter_rules if the message is approved.
- <label> tags have been added around most check boxes and radio buttons
and their text labels in the admin and admindb web GUI so they can be
(de)selected by clicking the text.
- If checking DNS for dmarc_moderation_action and DNS lookup is not
available, log it.
- Handle missing From: header addresses for DMARC mitigation actions.
Bump rev
CVE-2015-5722 - Parsing malformed keys may cause BIND to exit due to a failed
assertion in buffer.c
https://kb.isc.org/article/AA-01287/0
CVE-2015-5986 - An incorrect boundary check can trigger a REQUIRE assertion
failure in openpgpkey_61.c
https://kb.isc.org/article/AA-01291/0
Reviewed by wiz@
Regularly-scheduled bugfix release.
convert: fix git copy file content conversions
filesets: ignore unit case in size() predicate for single value
help: fix typo familar -> familiar
help: fix typo in scripting documentation
hg: avoid auto sharing when the clone destination is remote
hgweb: fix trust of templates path (BC)
histedit: backout ebb5bb9bc32e
largefiles: ensure lfutil.getstandinmatcher() only matches standins
match: fix a case-only rename + explicit path commit on icasefs (issue4768)
parsers: fix memory leak in compute_phases_map_sets
rebase: lock the repo during the full rebase operation
revset: prevent crash caused by empty group expression while optimizing "and"
revset: prevent crash caused by empty group expression while optimizing "or"
strip: use the 'finally: tr.release' pattern during stripping
update: wlock the repo for the whole 'hg update' command
wix: avoid an abort with 'hg help -k foo'
0.9.10:
* Do not dereference null pointer on learning.
* Fix some extreme cases in BAYES.
* Add a workaround to avoid bad HTML messages breaking.
* Build with -O2 flags by default.
* Add constraints to limit DNS requests count per task.
* Add workaround for SURBL DNS flood.
* Set error if rspamd cannot learn anything.
0.9.9:
* Don't use RWL_SPAMHAUS_WL (unknown result) for whitelisting (by @fatalbanana)
* Import updated public suffix list (by @fatalbanana)
* Remove debug message
* Fix settings (by @fatalbanana)
* Remove duplicated symbol registration
* Use WAL for fuzzy storage
* RBL fixes (by @fatalbanana):
- silence errors;
- yield unknown results from RBLs;
- fix scoring for DNSWL;
- fix use of RBL name as symbol;
- ignore RBL names that would not be yielded;
* Support captures in regular expressions
* Add captures support to lua_regexp
* Support dist on FreeBSD and Darwin
* Add RCVD_IN_DNSWL_NONE as whitelisting exclusion (by @fatalbanana)
* Multiple fixes to URL detection:
- support port definition;
- fix query and path recognition;
- fix parsing of multiple slashes in URL;
- fix parsing query just after port;
- fix path field in `url:to_table` method;
- improve support of IP based URLs.
* Set ignore_whitelists = true for RECEIVED_SPAMHAUS_XBL (by @fatalbanana)
* Add GTUBE support
* Ignore User header in SA mode
0.9.8:
* Fix critical bug in bayes classifier (#305)
* Fix critical bug in RBL module (by @fatalbanana)
* Fix and rework settings plugin.
* Fix get_all_opts for a case of non-iterable options.
* Use tld for redirector's matching.
0.9.7:
* Add whitelist_exception setting to RBL module (by @fatalbanana)
* Don't use RWL_MAILSPIKE_POSSIBLE or DNSWL_BLOCKED for whitelisting (by
@fatalbanana)
* Fix extreme cases in bayes classifier.
* Fix parsing of urls with '?' at the end of hostname.
* Update interface.
* Fix number of issues with webui interaction.
* Fix saving maps.
* Allow user@ and @domain matches in multimap.
* Fix issues with bounces From processing.
* Fix abs/fabs misuse.
* Fix builds on suse and arch linux distributions.
0.9.6:
* Fix memory leak if mime cannot be parsed.
* Fix dkim cache expiration.
* Fix issues with redirector HTTP response.
* Fix abnormal connection closing with certains messages with a high score
(issue #296)
* Fix redirector installation.
* Use specific POE loop for some systems.
* Fix number of issues in URL redirector.
* Fix selecting URLs for sending to redirector.
* Prevent crash on pending replies in async code (Thanks, @switch-st)
* Clear `REDIS_CONNECTED` flag when connection is closed (Thanks, Jerry Jacobs)
* Add MacOS X addapter (Thanks, @dizzus)
* Add Qt adapter (Thanks, Pietro Cerutti)
* Add Ivykis adapter (Thanks, Gergely Nagy)
All adapters are provided as is and are only tested where possible.
