Add PKG_DESTDIR_SUPPORT;
Add LICENSE
`$Cambridge: hermes/src/prayer/docs/DONE,v 1.66 2011/06/27 13:39:56 dpc22 Exp $
27/06/2010
==========
Release: Prayer 1.3.4
22/06/2011
==========
draft.c fixes:
Fold long lines of addresses before the entry which reaches 78 characters
when possible, rather than after the first entry which crosses that
boundary. Long standing bug bear of mine but several support functions
needed to be rewritten to use scratch string in place of output buffer.
Long subject lines which are not RFC1522 encoded need to be folded.
separately. Reported by Andrey N. Oktyabrski <ano@bestmx.ru>.
RFC1522 is not allowed to fold lines in the middle of a UTF-8 multibyte
character. Reported by Andrey N. Oktyabrski <ano@bestmx.ru>.
Tidy library:
Add support for tidyp fork of (apparently abandoned) tidy library.
Fix cross site scripting problem:
MSIE and Chrome think that <!---> is a complete comment. Allows people to
hide scripts inside <!---><script>...<!--->. Strip all comments (which is
something that the old sanitiser had been doing already)
Sieve blocks should check "From: " address in body as well as
envelope sender address. Check "Sender: " as well for completeness.
Linux needs IPPROTO_IPV6 to bind to '0.0.0.0' and '::'
01/11/2010
==========
Mike Brudenell <mike.brudenell@york.ac.uk> reported problem with RFC
2183/RFC 2231 quoting with vey long filenames, or filenames with strange
characters from ASCII range.
20/07/2010
==========
Release: Prayer 1.3.3
08/07/2010
==========
Better handling of complex multipart messages:
Rather than just displaying the first text/plain or text/html that we can
find in the top, (leaving people to access sections for the other parts),
display the entire tree: multipart/alternative are handled as before, but
with other multipart messages, recurse into the subtrees and repeat. Given:
1 (Nested multipart)
1.1 text/html
1.2 text/plain
2 text/plain
we display sections 1.1 and 2. Previously we would display section 2,
which is a bit of a disaster if section (1) was the original message and
a listserver has helpfully tagged on a message footer as a separate bodypart
Combine os_*.c back into a single file (which is where I started off
many years back). Eliminates lots of repeated code.
07/07/2010
==========
Bugs
====
os_bind_inet_socket(unsigned long port, char *interface)
If interface resolves to multiple IP addresses then only binds to the
first. Should really walk along ai->ai_next and bind to each IP address
in turn. Unfortuanetly this means that os_bind_inet_socket() needs to
return an array of sockfds rather than a single int. Parent routines
probably aren't going to play ball either.
Most likely cause will be a hostname which generates both IPv4 and IPv6
addresses. Unfortanately it is a probably that we are going to have
to solve eventually.
05/07/2010
==========
Fix XSS problems reported by:
Jacob H. Hilton <jhh40@cam.ac.uk>
Dr Andrew C Aitchison <A.C.Aitchison@dpmms.cam.ac.uk>
Rather than trying to spot dangerous tags by simple substring matching in C,
I now feed the html through Tidy library (http://tidy.sourceforge.net/),
and then prune unwanted nodes from the parse tree before setting it to
the pretty printer. The only problem is that the Tidy library doesn't
provide any public API for manipulating the parse tree (although it does
provide a public API for walking the tree!?), so I had to dig around to
find the private functions required to remove and manipulate nodes.
Javascript embedded into CSS is also a problem: I need to strip off CSS
character entities before looking for dangerous expressions. The final
part is still a simple string match: I hope that I don't end up having to
generate parse trees for CSS as well as the HTML.
Now passes full test suite at:
https://secure.grepular.com/email_privacy_tester/
Better vacation screen
Subject line
Phrasing
Coping with multiple logins as single user from single browser:
SessionID stored in HTTP Cookie: second login blats first
Can store SessionID in URL (Prayer does this if no cookies available)
Not secure: leaks in HTTP "Referrer" header with links from HTML email.
Solution: Use HTTP Cookie keyed by PID of login session.
Smaller cleanups:
Improve gap between words in spell check (Cambridge house style)
Remove extra blank lines after postpone, restore cycle.
- security fixes
- various bug fixes and small improvements
- new XHTML strict template tree
- add UTF-8 support
- add IPv6 support
- add Raven single sign-on authentication
Fix build problem with db4 following a hint by obache@
04/09/2006
==========
Release: Prayer 1.0.18
Important Security fix:
os_connect_unix() had a strcpy() which should have been strncpy() to
prevent buffer overrun. Prayer 1.0.17 was mostly safe.
By 28/06/2006
=============
Release: Prayer 1.0.17
Fix small foulup wuth gethostbyname() calculations when binding Prayer
to specific interfaces.
Cleanups to stop char vs unsigned char warnings with latest c-client.
Make sure that all internal draft messages consistently use CRLF.
Security audit for Prayer frontend following attack:
Optional Chroot environment (See chroot options in config file).
Stripped out debugging code.
04/11/2005
==========
Fix small foulups with abook_lookup:
Couldn't add last address to existing draft.
Block LDAP metacharacters from search.
By 13/06/2005
=============
Release: Prayer 1.0.16
Fix silly bug when replying to multipart messages where the main message
and the text/plain subpart have different encoding (missing mail_body
call).
Add a limit_vm backstop to stop single runaway process from taking
over the system.
By 10/06/2005
=============
Release: Prayer 1.0.15 (1.0.13 and 14 internal releases only).
list screen doesn't set "current" message to middle of range. Means that
switching between various sort modes works more consistently.
Go fishing for text/plain or failing that text/html bodypart within top
level of multipart/mixed or multipart/alternate message when replying to a
message. Behaviour should now be consistent with cmd_forward and
cmd_display.
Include LDAP and local finger database lookups (latter for Cambridge use only)
Addressbook screen:
Addressbook sort (can be set on Manage => Preferences => Display)
Addressbook bulk removal
Import and Export CSV (Outlook) format address screen
Spellcheck:
Support native aspell as well as ispell, aspell in ispell compatibility mode.
Means that Quoted text is not checked if the following is set:
Manage => Preferences => Extra Compose =>
Skip quoted text on spell check
By 09/08/2005
=============
Spam whitelist
Test the Referer header on login. Two independant prayer.cf options:
referer_block_invalid and referer_log_invalid
Test the Referer: header before performing a /redirect/ action in
order to protect against URL redirector abuse
Doesn't work with "Save Target As". Remove entirely
Confirm on expunge.
Cleanup up account_message error reporting so consistent.
Fix format=flowed quoting problems.
Fix memory leak in mailbox download (2 x size of mail folder) until
next transfer or idle shutdown.
25/01/2005
==========
line_wrap_on_send preference not used by draft_init().
Fixed problems with multipart/alternate display and forwarding
* Apparently "mutex" is already claimed by a system header on Solaris.
* File locking on Linux (probably other operating systems) is pretty
dumb when lots of processes are trying to lock a single file
for serialisation: all of the processes are woken each time
that the file is unlocked. Most of the process will simply loop
inside the kernel and attempt to lock again. Presumably this
approach makes nonblocking locks and EINTR easier to do, but
it does mean that you can get occasional load average spikes.
Add MUTEX_SEMAPHORE to implement System V semaphore based lock,
which does not have this problem in Linux. Warning: System V
semaphores are a finite resource, and they are not released
automatically. See: prayer-sem-prune.
* Quotas now reported in MBytes rather than KBytes.
* Add download links for text/html and text/plain attachments
* Fix bug with body->type TYPEMESSAGE: c-client API very poorly
documented :(
* Strip out common HTML entity encodings that might be used in
HREFs with text/html attachments.
* Fix mydb_db3.c to work with DB4.
* Integrate into Tony's funky packaging system for Hermes and PPSW.
* Add interface to automatic spam folder pruning utility that I
wrote for Cyrus (controlled through special Sieve files).
* Fix uploads where mailboxes contain NUL characters (translate to
space?)
* Assorted minor bugfixes
* Fix nasty /redirect bug that I managed to introduce by switching
from url_encode to canon_encode to work around bug in Opera.
Missing a url_encode: infinite loop from dumb UAs :(. Otherwise
identical to 1.0.9.
* Few minor bug fixes, covered in CVS history.
pkgsrc changes:
* Rename the source rc.d script in the default RCD_SCRIPTS style.
* Respect ${VARBASE}.
* Avoid the DB_VERB_CHKPOINT flag with latest db4 (where it's been removed).
* Patch from jdc@ for 64-bit big-endian hosts.
XXX rc.d script doesn't stop all the prayer slaves
Creates user and group now.
"make reinstall" works again.
No change of ownership of /usr/pkg/sbin anymore.
New RCD script (needs work on non-NetBSD platforms regarding "ps" command
options).
Bump revision.
* Remove "Feel free to send more messages" text from vacation messages.
* Disable gzip for Opera attachment download.
* Fixed config->prayer_user expansion.
* fatal() shouldn't dump core if root.
* Fixed abook_list boundary condition when current entry is last on page.
* Added message download link for Message/RFC822 sections.
* Fix session_server() ping interval logic.
* Other bug-fixes
Prayer is a small and fast HTTP to IMAP gateway written entirely in C.
* Uses persistent connections to IMAP server and support servers.
* Target folders remain SELECTed: not a simple-minded proxy.
* Full caching (including sort/thread cache) for each open folder.
* Up to five persistent IMAP connections (typically one or two in use):
o INBOX and one other folder
o Postponed message folder stream
o Preferences stream
o Folder transfer stream
o Various optimisations/sharing to minimise actual IMAP connections
* Directory cache: single round trip to IMAP server for directory listing.
* Works well with UW IMAP server (even using Unix format mail folders).
* Little discernible load on a Pentium III class system running Linux with
5,000 logins/day (400 logins/hour, 150 concurrent logins)
* Uses 10% to 20% of the CPU and 400 MBytes of RAM on a PIII class system
with 23,000 logins/day (1,700 logins/hour, 850 concurrent logins peak)
* Aggressive HTTP/1.0 and 1.1 connection caching to reduce SSL overhead.
* Optional gzip compression of pages tunable by IP address range.
