Overview of Changes from GLib 2.12.11 to GLib 2.12.12
=====================================================
* Bug fixes:
418862 g_base64_decode will give critical warning when first par...
356843 "make check" fails if /bin/sh is pdksh
418217 g_unichar_toupper/_totitle broken for single to multiple ...
432895 param_string_validate() frees and modifies static strings
420686 g_key_file_to_data alters original data
* Translation updates: (da,es,eu,gl,ja,ro,ru,sr,
sr@Latn,ta,zh_CN)
Moved portions of spamdyke's code from spamdyke.c into new .c and .h files to
make it a little easier to understand and maintain.
Added base64_encode() and base64_decode() to transfer data to/from base64
format.
Added md5() to produce an MD5 digest of a data block. Turns out this wasn't
necessary for spamdyke, only for test_smtpauth_crammd5. Oops.
Renamed the "make openbsd" command to "make bsd" since apparently all *BSD
distributions don't need -lresolv.
Renamed search_ip_file() to search_tcprules_file() and extended it to support
IP ranges, rDNS names and remote info like tcprules does (according to
http://cr.yp.to/ucspi-tcp/tcprules.html). This makes the IP black/
whitelist files much more flexible. This will be much handier in the next
version (AKA The Great Configuration Overhaul).
Modified middleman() and smtp_filter(), added exec_checkpassword() so spamdyke
can do SMTP AUTH, either by offering it itself or observing the qmail
traffic. LOGIN, PLAIN and CRAM-MD5 are supported.
Changed the STRLEN_ macros in spamdyke.h to use a single STRLEN() macro so the
preprocessor will count characters instead of doing it by hand. Much safer
this way.
Removed "-a"'s (max number of recipients per message) dependence on "-d"
(local domains file). With SMTP AUTH, the local access file and whitelists,
this shouldn't be necessary.
Added process_access() to process local access files (e.g. /etc/tcp.smtp) and
export environment variables based on the source of the incoming connection.
Added relay prevention based on the content of the local access file(s) and
the list(s) of local domains. Connections from remote sources that are
granted relay permission in the access file(s) are allowed to relay. Users
who authenticate with SMTP AUTH are allowed to relay. All others must send
to local addresses only.
Added a series of test scripts to exercise all of spamdyke's filters and
options. This should make it easier to regression test new versions.
Changed search_file() and search_tcprules_file() to compare domain names in a
case insensitive manner.
Changed canonicalize_path() to reduce all file paths to lowercase. This was
causing graylisting to be inconsistant. Reported by bcarr@purgatoire.org.
Major changes from 1.7.2:
- Added reporting capabilities
Clients will automatically report to the serve the success or
failures
of ktcheck and lapply. Also added a new tool "repo" that will log
custom messages to the radmind server.
Other Changes:
- Fixed bug in daemon that caused "success" or "no error" to be logged
instead of actual error message. [BUG #1660749]
Thanks to Gabrielle Singleton for reporting the problem.
- ra.sh uses more portable find options. [ Bug #1385630 ]
Thanks Sean Sweda for the patch.
- fsdiff displays the command file name when reporting command
file line errors. [ Feature #1592739 ]
- Makefile.in using POSIX sub-make methodology [ Bug #1641044 ]
- Fixed build problem for Suse 10. [ Bug #1677170 ]
Thanks cdr3 for reporting the problem.
- ktcheck exits on all non 2xx server responses to avoid all
cascading error messages
- Added optional path to ra.sh for update & create
- Including configure.ac in source distribution
- ra.sh auto now does pre/post apply.
Thanks Sean Sweda for the patch.
- Updated copyright information
- Cleaned up formatting of STAT SPEC
- Cleaned up server's debug information
pkglintification
Remove bdb option (this has been removed from src)
Rename some options as they are (currently) DSPAM specific
Change MASTER_SITES
Fix permissions on installed files
Thanks to xtraeme@ for reviewing the changes
* jonz: removed depricated oracle driver
* jonz: fix for dynamic storage drivers api
* jonz: added connect check for pgsql
* jonz: fix for segfault on undefined DeliveryHost or ClientHost
* jonz: fix for segfault in vsyslog()
* jonz: fix for segfault in dlopen() failure
* jonz: added OSB tokenizer
* jonz: fix for segfault on log write err
* jonz: segfault fix for UIDInSignature
See the CHANGELOG for all the details:
http://dspam.nuclearelephant.com/text/CHANGELOG-3.8.0.txt
package is returned rather than querying the source package. First, this
is more correct, and second, it greatly speeds up pkgsrc, especially
when many packages are already installed.
2806 7.0.240 crash with focus autocommand in GUI when splitting window
1379 7.0.241 ":windo throw 'foo'" loops forever
2274 7.0.242 (extra) Win32: crash when using -register without OLE feature
1997 7.0.243 (extra) Win32: No "Edit with Vim" menu with MSVC 2005
(This is most likely the last 7.0.x version as the 7.1 is now in beta cycle)
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals
(MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare()
(MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
(MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix for
(MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables().
(by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
library. (by Stanislav Malyshev)
* Fixed a header injection via Subject and To parameters to the mail() function
(MOPB-34 by Stefan Esser)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)
* Fixed substr_compare and substr_count information leak
(MOPB-14 by Stefan Esser) (Stas, Ilia)
* Fixed a remotely trigger-able buffer overflow inside make_http_soap_request()
(by Ilia Alshanetsky)
* Fixed a buffer overflow inside user_filter_factory_create().
(by Ilia Alshanetsky)
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals
(MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare()
(MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
(MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix for
(MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables().
(by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
library. (by Stanislav Malyshev)
* XSS in phpinfo() (MOPB-8 by Stefan Esser)
===============
Version 0.2.38
===============
* Fix 100% CPU problem introduced in 0.2.37 (Joe Marcus Clarke)
* Fix libesddsp not linking against libesd (Loïc Minier)
* Fix file descriptor leaks (Pierre Ossman)
* Fix a build problem with the read/write wrapper (Jean Bréfort)
* chdir to "/" when starting up (Dan Winship)
* Only install the esddsp man page if we build the binary
This is the Perl API for (the consumer half of) OpenID, a distributed
identity system based on proving you own a URL, which is then your
identity. More information is available at:
http://openid.net/
Pkgsrc changes:
- MAINTAINER cannot take care of the package anymore.
- Marked the package as supporting installation to DESTDIR.
- It's a pure Perl package.
Changes since version 1.12:
===========================
1.17 2007-01-25
- I made the same test count mistake as was in 1.14 again. This
release fixes the test count (again) when running on a system that
doesn't support negative epochs (like Win32). Patched by Kenichi
Ishigaki (again).
1.16 2007-01-23
- The leap year fix in 1.14 was pretty broken, as it checked after
converting the year to Perl's internal (year - 1900) format.
1.15 2007-01-22
- Fix Local.t test count when running on a system that doesn't support
negative epochs (like Win32). Patched by Kenichi Ishigaki.
1.14 2007-01-21
- Fixed leap year check to produce the right answer for years outside
of the 32-bit epoch range (such as 1900 and 2100). See rt.perl.org
#31241. Reported by Nathan Zook.
1.13 2006-08-09
- Switched to using Test::More for the tests.
- Fixed a bug that occurred around the DST change for Europe/London
(and probably other time zones with a positive UTC offset). If
given, the hour immediately after the change (2:00 AM for
Europe/London), then the returned epoch was 3600 seconds too
large. Reported by Roger Picton. See RT #11662.
