This version extends the log messages to show why a blacklist is
matched. It also fixes a few minor bugs.
Added a filter to sendrecv so input containing "\r\n" will be
translated into CRLF without being interpreted as a line
terminator (so multiple commands can be sent in a single "packet")
and input containing "\0" will be translated into NULL bytes
so NULL characters don't have to be embedded in the test scripts.
Added support for the RSET command to smtpdummy.
Added a "priority" field to the input file for dnsdummy to force
some responses to be sent after others, no matter what order
they were received.
Fixed nihdns_mx() to query names for A records using the query
types configured for MX queries, not A queries. Thanks to Eric
Shubert for reporting this one.
Changed smtp_filter() and middleman() to discard any buffered
input after TLS is started. This prevents the injection of
commands into a secure session by sending extra input in the
same packet as the "STARTTLS" command. Not really a security
problem but good practice anyway. Thanks to Eric Shubert for
reporting this one.
Fixed a bug in examine_entry() that was cutting off 1-3 characters
from the end of target_entry every time it was called.
Changed check_ip_in_rdns_keyword() to return the line number of
the matching file as its return value and the name of the
matchine file in a reference variable.
Added reject_reason and strlen_reject_reason to struct rejection_data
to allow the triggered filter to return some text to indicate
why it triggered.
Changed set_rejection() to accept new parameters to set reason
text within the rejection structure if available.
Changed set_rejection() to accept a new parameter to append to
the rejection text if available.
Added reset_rejection() to change either the rejection text or
the reason text within an existing rejection_data structure
without erasing previously-set values.
Changed nihdns_rbl(), check_dnsrbl() and check_rhsbl() not to
accept a format string or build part of the rejection message.
That job belongs to the caller(s).
Changed filter_rdns_blacklist(), filter_rdns_blacklist_file(),
filter_rdns_blacklist_dir(), filter_ip_blacklist(),
filter_ip_in_rdns_blacklist(), filter_dns_rbl(), filter_dns_rhsbl(),
filter_sender_blacklist(), filter_sender_rhsbl() and
filter_recipient_blacklist() to save the reason for their
rejection in the reject_reason variable in rejection_data.
Changed the log messages showing ALLOWED/DENIED to always output
the "reason:" field and fill it with the text returned by the
triggered filter so the sysadmin can figure out what happened
or "(empty)" if no text was saved. Thanks to Eric Shubert for
suggesting this one.
Changed the way DNS timeout values are read from the configuration
file, the command line, /etc/resolv.conf and the environment
so that values given in the config file or on the command line
are not overridden by values in /etc/resolv.conf or the
environment. Thanks to Teodor Milkov for reporting this one.
Changed the reject-empty-rdns filter, the IP-related black/whitelist
filters and the IP-related RBL filters to skip their tests if
the incoming IP address is 0.0.0.0. This is for connections
from IPv6 hosts -- those filters can be skipped until full IPv6
support can be added. Thanks to Daniel Anliker for suggesting
this.
Changed the way the flag FILTER_DECISION_TRANSIENT_DO_NOT_FILTER
is handled by smtp_filter() and middleman() so a transient
non-rejection (e.g a recipient whitelist) isn't held over to
later recipients. The interaction between the recipient whitelist
and the graylist filter was fixed in version 4.0.0 but an issue
still remained between recipient whitelists and other non-transient
rejections like the missing rDNS filter. Thanks to bischowski
for reporting this one.
Changed smtpdummy to use memchr() instead of strchr() so testing
input with NULL bytes will work correctly.
(Old versions do not resolve.) Also, add pointer (in comment) to
debianized version on github.
(no actual changes to the package; update to 0.11 is due but probably hard)
distinction between host and guest addresses and 64-bit host addresses
give it fits.
If anyone wants to try making it work, let me know as I have partial
patches.
2. Use MMFLAGS instead of MFLAGS as the compiler flags make variable.
The latter interacts somewhat poorly with make's own usage of the same
identifier. Do this by SUBST at post-extract time so nothing ever sees
the original form, and adjust patches to match.
Does not build (it cannot parse NetBSD's stdlib.h) but no longer
explodes randomly.
by casting string objects to const char * before passing to printf.
While here, switch PKG_DESTDIR_SUPPORT from "destdir" to "user-destdir"
(no reason I can see for the former, it appears to date way back) and
add patch comments.
PKGREVISION -> 9, since with netbsd-5 and older -current the issue wasn't
fatal at compile time.
MAKE_JOBS_SAFE. Fix that and remove BROKEN.
Not that it builds; now I get "Not a HASH reference at
/usr/pkg/lib/perl5/vendor_perl/5.14.0/XML/Doctype.pm line 322."
but IIRC that's a readily fixable problem for someone with Perl
knowledge.
support for it. There is ostensibly alpha support so it might be
possible to make it work (although the number of cast warnings I see
makes me dubious) but it certainly isn't going to get fixed anytime
soon.
(Leaf package, so ok during freeze.)
Upstream changelog:
2009.08.14: Changes between NTL 5.5.1 and 5.5.2
New routines MulAddTo and MulSubFrom for computing x += a*b and x
-= a*b, where x and a are ZZ's and b is a ZZ or a long. In the case
where b is a long, this may be much faster than writing mul(t, a, b);
add(x, x, t). See ZZ.txt for details. These new routines are used in a
number of places in NTL to get faster algorithms (for example, the LLL
routine).
Fixed a relatively benign indexing bug in GF2EX discovered by
Berend-Benjamin Tams using the valgrind tool.
2009.05.05: Changes between NTL 5.5 and 5.5.1
If using GMP (via either NTL_GMP_LIP or NTL_GMP_HACK), then the
new version (4.3.0) of GMP implements the XGCD functionality
differently, so that the coefficients do not always agree with those
returned by the classical extended Euclidean algorithm. This version
of NTL corrects the coefficients, so that the "classical" coefficients
are always produced, regardless of GMP's implementation. This version
of NTL also works around a bug in GMP 4.3.0's XGCD code (although that
bug should be fixed in GMP 4.3.1).
The configure script has been slightly modified: there is a new
configuration variable DEF_PREFIX, whose value can be used to set
PREFIX, GMP_PREFIX, and GF2X_PREFIX in one stroke. Also, the (somewhat
esoteric) configure variables GMP_LIBDIR, GMP_INCDIR, GF2X_LIBDIR, and
GF2X_INCDIR have slightly different meanings now.
2009.04.08: Changes between NTL 5.4.2 and 5.5
Added the ability to generate a shared library (with help from Tim
Abbott). Details.
Fixed some standardization issues (with help from Tim Abbot):
default location of installed documentation files now conforms to
standards; use of EOF now conforms to standards.
Added a callback mechanism to NTL's error reporting function. See
ErrorCallback in tools.txt.
Added support for the gf2x library for speeding up arithmetic in
GF2X (with help from Emmanuel Thom?). Details.
In conjuction with the above, I also changed the GF2X so that it
works better with very large polynomials: large blocks of memory are
released, recursive HalfGCD algorithms are used for large polynomials.
Fixed a bug in void TraceMod(zz_p& x, const zz_pX& a, const
zz_pXModulus& F) (reported by Luca De Feo).
Fixed a performance issue in various versions of SetCoeff
(reported by Luca De Feo).
Fixed the declaration of mat_zz_p transpose(const mat_zz_p& a)
(reported by Benoit Lacelle).
2008.03.05: Changes between NTL 5.4.1 and 5.4.2
Fixed a bug in the sub(ZZ_pEX, ZZ_pE, ZZ_pEX) and sub(zz_pEX,
zz_pE, zz_pEX) routines (reported by Charanjit Jutla). Under certain
circumstances, these could outout wrong answers.
2007.05.09: Changes between NTL 5.4 and 5.4.1
Fixed rounding bug in expm1 (reported by Paul Zimmermann).
Fixed memory leak in several LLL routines (reported by Friedrich Bahr).
Fixed infinite loop in several LLL routines (this only occurred on
machines, like x86, with double rounding).
Improved GF2X timing tests (suggested by Paul Zimmermann).
2005.03.24: Changes between NTL 5.3.2 and 5.4
By default, NTL now compiles in ISO mode (using namespaces,
etc.). You can always revert to traditional mode by unsetting the flag
NTL_STD_CXX (either pass NTL_STD_CXX=off to the configure script, or
manually edit the config.h file).
Some bug fixes:
The sqrt and log1p routines for the RR class would produce
incorrectly rounded results in certain circumstances (although this
only affected the relative error of the result very marginally).
The SqrRootPrec routine for the RR class could not be called,
because it was defined incorrectly.
Thanks to Paul Zimmermann for finding (and fixing) these bugs!
Paul has also validated NTL's RR class by cross-checking it with the
MPFR library.
Some performance enhancements:
Added a new MulModPrecon inline function for computing (a * b)
% n for single precision numbers, when b and n are fixed for several
computations. On some platforms this can be twice as fast or more than
the old MulMod2 routine. This indirectly affects a lot of computations
that are done via homomorphic imaging (polynomial multiplication over
zz_p, ZZ_p, and ZZ, matrix computations over zz_p and ZZ).
Rewrote the small prime FFT to take advantage of the new
MulModPrecon, and to be more cache friendly.
Improved the performance of the GF2X multiplication
routine. On some platforms, it can be twice as fast as the old
one. Thanks (again) to Paul Zimmermann for suggesting some of these
improvements and supplying some of the code.
Miscellany:
Rewrote several of the installation scripts in Perl (the old
shell scripts were getting too messy to maintain). However, the syntax
for all of the command-line interfaces remains identical.
2004.05.21: Changes between NTL 5.3.1 and 5.3.2
Some bug fixes.
Re-wrote SqrRootMod to make it run faster.
vigra (which is 1.8.0) to fix build with recent libpng.
I'm not sure if the resolution handling changes (search for "254") are
desirable or not. if something goes wrong, try reverting that.
The package should probably be changed to use pkgsrc vigra, but I
don't want to do that right now.
