- security fixes
- various bug fixes and small improvements
- new XHTML strict template tree
- add UTF-8 support
- add IPv6 support
- add Raven single sign-on authentication
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
Fix build problem with db4 following a hint by obache@
04/09/2006
==========
Release: Prayer 1.0.18
Important Security fix:
os_connect_unix() had a strcpy() which should have been strncpy() to
prevent buffer overrun. Prayer 1.0.17 was mostly safe.
By 28/06/2006
=============
Release: Prayer 1.0.17
Fix small foulup wuth gethostbyname() calculations when binding Prayer
to specific interfaces.
Cleanups to stop char vs unsigned char warnings with latest c-client.
Make sure that all internal draft messages consistently use CRLF.
Security audit for Prayer frontend following attack:
Optional Chroot environment (See chroot options in config file).
Stripped out debugging code.
04/11/2005
==========
Fix small foulups with abook_lookup:
Couldn't add last address to existing draft.
Block LDAP metacharacters from search.
By 13/06/2005
=============
Release: Prayer 1.0.16
Fix silly bug when replying to multipart messages where the main message
and the text/plain subpart have different encoding (missing mail_body
call).
Add a limit_vm backstop to stop single runaway process from taking
over the system.
By 10/06/2005
=============
Release: Prayer 1.0.15 (1.0.13 and 14 internal releases only).
list screen doesn't set "current" message to middle of range. Means that
switching between various sort modes works more consistently.
Go fishing for text/plain or failing that text/html bodypart within top
level of multipart/mixed or multipart/alternate message when replying to a
message. Behaviour should now be consistent with cmd_forward and
cmd_display.
Include LDAP and local finger database lookups (latter for Cambridge use only)
Addressbook screen:
Addressbook sort (can be set on Manage => Preferences => Display)
Addressbook bulk removal
Import and Export CSV (Outlook) format address screen
Spellcheck:
Support native aspell as well as ispell, aspell in ispell compatibility mode.
Means that Quoted text is not checked if the following is set:
Manage => Preferences => Extra Compose =>
Skip quoted text on spell check
By 09/08/2005
=============
Spam whitelist
Test the Referer header on login. Two independant prayer.cf options:
referer_block_invalid and referer_log_invalid
Test the Referer: header before performing a /redirect/ action in
order to protect against URL redirector abuse
Doesn't work with "Save Target As". Remove entirely
Confirm on expunge.
Cleanup up account_message error reporting so consistent.
Fix format=flowed quoting problems.
Fix memory leak in mailbox download (2 x size of mail folder) until
next transfer or idle shutdown.
25/01/2005
==========
line_wrap_on_send preference not used by draft_init().
Fixed problems with multipart/alternate display and forwarding
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
* Apparently "mutex" is already claimed by a system header on Solaris.
* File locking on Linux (probably other operating systems) is pretty
dumb when lots of processes are trying to lock a single file
for serialisation: all of the processes are woken each time
that the file is unlocked. Most of the process will simply loop
inside the kernel and attempt to lock again. Presumably this
approach makes nonblocking locks and EINTR easier to do, but
it does mean that you can get occasional load average spikes.
Add MUTEX_SEMAPHORE to implement System V semaphore based lock,
which does not have this problem in Linux. Warning: System V
semaphores are a finite resource, and they are not released
automatically. See: prayer-sem-prune.
* Quotas now reported in MBytes rather than KBytes.
* Add download links for text/html and text/plain attachments
* Fix bug with body->type TYPEMESSAGE: c-client API very poorly
documented :(
* Strip out common HTML entity encodings that might be used in
HREFs with text/html attachments.
* Fix mydb_db3.c to work with DB4.
* Integrate into Tony's funky packaging system for Hermes and PPSW.
* Add interface to automatic spam folder pruning utility that I
wrote for Cyrus (controlled through special Sieve files).
* Fix uploads where mailboxes contain NUL characters (translate to
space?)
* Assorted minor bugfixes
* Fix nasty /redirect bug that I managed to introduce by switching
from url_encode to canon_encode to work around bug in Opera.
Missing a url_encode: infinite loop from dumb UAs :(. Otherwise
identical to 1.0.9.
* Few minor bug fixes, covered in CVS history.
pkgsrc changes:
* Rename the source rc.d script in the default RCD_SCRIPTS style.
* Respect ${VARBASE}.
* Avoid the DB_VERB_CHKPOINT flag with latest db4 (where it's been removed).
* Patch from jdc@ for 64-bit big-endian hosts.
XXX rc.d script doesn't stop all the prayer slaves
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
Creates user and group now.
"make reinstall" works again.
No change of ownership of /usr/pkg/sbin anymore.
New RCD script (needs work on non-NetBSD platforms regarding "ps" command
options).
Bump revision.
* Remove "Feel free to send more messages" text from vacation messages.
* Disable gzip for Opera attachment download.
* Fixed config->prayer_user expansion.
* fatal() shouldn't dump core if root.
* Fixed abook_list boundary condition when current entry is last on page.
* Added message download link for Message/RFC822 sections.
* Fix session_server() ping interval logic.
* Other bug-fixes
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
Prayer is a small and fast HTTP to IMAP gateway written entirely in C.
* Uses persistent connections to IMAP server and support servers.
* Target folders remain SELECTed: not a simple-minded proxy.
* Full caching (including sort/thread cache) for each open folder.
* Up to five persistent IMAP connections (typically one or two in use):
o INBOX and one other folder
o Postponed message folder stream
o Preferences stream
o Folder transfer stream
o Various optimisations/sharing to minimise actual IMAP connections
* Directory cache: single round trip to IMAP server for directory listing.
* Works well with UW IMAP server (even using Unix format mail folders).
* Little discernible load on a Pentium III class system running Linux with
5,000 logins/day (400 logins/hour, 150 concurrent logins)
* Uses 10% to 20% of the CPU and 400 MBytes of RAM on a PIII class system
with 23,000 logins/day (1,700 logins/hour, 850 concurrent logins peak)
* Aggressive HTTP/1.0 and 1.1 connection caching to reduce SSL overhead.
* Optional gzip compression of pages tunable by IP address range.
