Some changes different from patches provided in that PR are:
- patch-aj, patch-aq, and patch-as not changed (they appeared to
be identical to previous patches)
- DragonFly support also added to configure script (patch-aa)
because compilation failed due to missing crypt
- and install-sysconf target removed from the installation target
in Makefile.in (patch-ah). Just let the pkgsrc framework install
this since it now will allow it to be removed correctly on
deinstall.
- use "pam" instead of "PAM" as option name in the post-install
target.
This removes patch-ai.
This also now uses openssh-4.2p1-hpn11.diff patch.
I didn't test with kerberos and hpn-patch options. I did test with
PAM on Linux. (The PR reported that kerberos and hpn-patch options
were tested for compiling.) I tested on NetBSD 2.0.2, Linux,
and DragonFly.
This includes two security fixes and several bug fixes and many
improvemens. The changes are listed at
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.htmlhttp://www.mindrot.org/pipermail/openssh-unix-announce/2005-May/000079.html
TODO: get some of these patches committed upstream.
* Release 2.5.3
Fix file descriptor leak when IP address lookup fails.
Fix problem with running a server in "reverse" mode and detached -- only
apparent on Windows.
Add "maxconnections" to alleviate DoS attack.
Check for target port 0 to avoid DoS.
Linux 64-bit port (a result of the "Linux on POWER" contest) courtesy of
Stew Benedict <stewb@linuxcontrol.net>. Use the "linux64" OS target.
Upgraded version of bzip2 and zlib.
no longer correct since update to libevent 1.x; it now uses libtool and
generates a shlib.
Remove the offending bl3 line, and bump all dependents' PKGREVISIONs, since
the binary pkg changes for any OS that doesn't have a sufficient builtin
libevent version (or the package has requested a non-builtin version).
the required -Rpath options or the openssl version will not be
correctly determined when using pkgsrc openssl.
- when running qmake as part of the configure stage, be sure to
run in the configure environment so that QMAKESPEC is picked up.
patch provided by eggert at macvaerk dot dtu dot dk
in PR 31127
changes:
Version 2.3.3 is a maintenance release over 2.3.2. Besides fixing known
problems and providing some optimizations, no new features were added.
If using SpamAssassin older than 3.1, an upgrade of either SA to 3.1,
or an upgrade of amavisd-new to 2.3.3 is recommended.
- privacy: add a safety fuse / workaround around calls to SA to detect
SA's failure (in SA versions before 3.1) to catch a failed exec() in a
forked process, which could produce runaway process clones. See SA bug
report #4370. An incident of a mail copy being delivered to unrelated
recipient reported by Joel Nimety;
- privacy: turn warning into a fatal error when a quarantine ID of a message
requested for a quarantine release does not match the requested mail_id;
- security: require minimal version 1.35 of Compress::Zlib to avoid
vulnerability in the zlib compression library;
- the dsn_cutoff_level should have been ignored if undefined according to
documentation, but was not, causing DSN to be suppressed regardless of
spam level; discovered by Gary V;
- ensure the banned check is not performed if all recipients agree
it is not needed, even in presence of $banned_namepath_re;
undesired behaviour (not strictly incorrect) reported by Joel Nimety;
- missing import of lookup_ip_acl in module Amavis::In::AMCL caused
failure in sendmail milter setup when using the new AM.PDP protocol;
reported by Mic And;
- document and explicitly define handling of syntactically invalid IP address
in lookup_ip_acl: it matches a zero-length-mask net, a constant lookup table,
or a hash entry with an undef key, but no other entries in IP lookup tables;
syntactically invalid IP addresses are now logged;
- fix parsing if IPv6 address in $notify_method and $forward_method in case
of dynamic destination override (the use of '*' in method fields);
- check during startup that $myhostname is a fully qualified domain name
(or 'localhost', if you must), and abort if it isn't, otherwise a non-FQDN
can end up in places where RFC 2822 does not allow it; if uname(3) does not
provide a FQDN, then an assignment to $myhostname must be done explicitly
in amavisd.conf;
- when quarantining to a single file in mbox format the 'From ...' line
needs an English date, regardless of current locale; fixed by globally
setting locale LC_TIME to "C";
- pass on the parameter BODY=8BITMIME on MAIL FROM when submitting to MTA
when original message reception indicated it is needed (RFC 1652).
Note that mail forwarding may now fail if the feeding MTA requests
BODY=8BITMIME SMTP service extension (or just passes data with msb set),
but the MTA on the output side does not allow the use of the BODY parameter
in SMTP. In case of Postfix this may only happen when receiving service
on port 10025 is misconfigured and does not announce ESMTP capability
and support for the SMTP service extension 8BITMIME;
- RFC 2554 requires auth_param to be xtext-encoded addr-spec (no angle
brackets) or "<>", not the xtext-encoded addr-spec enclosed in angle
brackets (when specifying submitter during authentication); fixed;
- apply some sanity limit on collected bad-header samples to ensure that
a grossly broken mail does not unnecessarily fill up memory;
- when sending recipient warnings for viruses, banned files, or bad headers,
recipient address must not be rfc2822-quoted twice; fixed;
- fix interpretation of $defang_all to really imply all; previously it only
affected clean messages;
- in quarantined mail the reported spam score in X-Spam-Status header field
now includes maximum of all by-recipient score boosts (less surprising
when soft-whitelisting through @score_sender_maps is in use); suggested
by Mike Cappella and Gary V;
- when a policy delegation protocol attribute "request" is not "AM.PDP"
(perhaps it is a Postfix policy delegation request) don't attempt to find
and open a mail file;
- do_ascii and do_unarj: set environment variable TMPDIR or a command line
temporary directory option to "$tempdir/parts" instead of $TEMPBASE
to minimize possible pollution of top level directory;
- don't abort even if amavisd.conf returns undef as a final value,
as long as there are no errors reading or interpreting it;
- if during 'amavisd stop' or 'amavisd reload' the old running daemon does
not go away for one minute after sending it a SIGTERM, use a bigger
hammer and send it a SIGKILL; suggested by Sven Riedel;
- extend LDAP lookups to allow multiple search attributes (multiple
occurrences of %m in a query); a patch by Michael Hall (and a similar
one by Matthias Bandemer);
- LDAP lookup on an empty envelope address (e.g. a null return path)
adds another lookup key "<>", as it is difficult if not impossible
to have LDAP attributes with empty string as a value; by Michael Hall;
- LDAP.schema: drop "MUST ( mail )" from objectclass 'amavisAccount';
suggested by Michael Hall;
- updated comments and documentation, most notably the README.chroot;
- contributed file Macintosh.tar.gz updated by Dale Walsh;
COMPATIBILITY
- replaced 'hits=' with 'score=' in inserted X-Spam-Status header field
(and in some internal log entries) for compatibility with a changed
default in SpamAssassin 3.1;
- insert X-Spam-Score header field for compatibility with SA (previously
insertion of this header field was commented-out because the information
is redundant, as the score already appears in X-Spam-Status);
OPTIMIZATION
- speed up sending a mail header or full defanged (rewritten) mail over SMTP
back to MTA by a factor of 4 by buffering header fields into large chunks
to avoid bottleneck in Net::Cmd::datasend, which has lots of overhead for
line-by-line writes. Previously slow writes mostly affected mail messages
with extreme header lengths (such as results of a broken mail loop), or
when delivering defanged messages, particularly at sites with large MTA
mail size limits, sometimes to a point of exceeding timeout limits;
reported by Dominik Weber and Ralf Hildebrandt;
- move subroutine lookup_ip_acl() and associated ip_to_vec() into its own
dedicated new package Amavis::Lookup::IP; provide a constructor to pre-parse
IP lookup tables to speed up IP lookups in lookup_ip_acl; prepare pre-parsed
commonly used IP lookup tables (@mynetworks_maps, @publicnetworks_maps,
@inet_acl);
- optimized reading loop in SMTP DATA state, receiving data is now about
35% faster when mail size limit is not enforced (which is a default);
no speedup when mail size limit _is_ enforced;
- cache results of evaluated macros during a single call to expand(),
as macro calls often come in pairs, like: [?%e||\[%e\] ]
or [? %#T ||, Tests: [%T|,]]; together with the above optimization in
pre-parsed IP lookups it shaves off 25% of time in preparing main log entry;
- set locale LC_TIME to "C" globally, avoid changing and restoring locale
for every log write and when generating RFC2822 timestamps;
- added an optimization note in README.sql about indexes and about
SELECT count(*) in MySQL with InnoDB; investigation by Paolo Cravero;
---------------------------------------------------------------------------
June 29, 2005
amavisd-new-2.3.2 release notes
INCOMPATIBILITY with 2.3.1 and earlier versions:
If running amavisd daemon in chroot please note:
Each child process now opens its own syslog connection or a file descriptor
to a log file, and no longer inherits a connection from its parent.
When running in chroot jail and logging to syslog, the syslog client
routines need syslogd socket to be present in the chroot subtree to be
able to establish a connection with syslogd, otherwise logging output
may be lost. Additional syslogd sockets (to be made available in the
jail) may be requested from the syslogd daemon, see its documentation.
This requirement is equivalent to the requirement of chrooted Postfix
services (see Postfix documentation file BASIC_CONFIGURATION_README).
BUG FIXES since 2.3.1:
- do not enforce $MAXFILES limit during top-level MIME decoding to avoid
tempfailing mail; MIME parts are still counted, so a limit exceeded may
still be reported during subsequent decoding, but this is handled more
gracefully and does not cause preserved temporary directories to be left
behind; reported by Marcin Lemanski; suggested by Stephane Lentz and
Robert LeBlanc (noted in the 2.0 release notes);
- use recv() instead of read() to get results from daemonized virus scanners
in an attempt to avoid a bogus Perl I/O status on some Linux installations
(reported by Sander Steffann); we now get a meaningful status codes like
ECONNRESET instead of a bogus EBADF (Bad file descriptor);
- ignore status ECONNRESET when reading results of a daemonized virus scanner
from a socket, specific to some Linux versions; thanks to Sander Steffann
for the initial report and extensive help in debugging the Perl problem;
- run_av and other similar code sections: replace line-by-line reads by
block-by-block reads wherever possible to avoid inappropriate status report
EBADF (Bad file descriptor) caused by Perl I/O bug when last line is not
terminated by a newline. The problem was affecting reading response from
some command line virus checkers; reported by Sander Steffann;
- ignore status EAGAIN when reading results on a pipe from a forked process;
the status EAGAIN seems to be an artifact of Perl I/O on some installations;
reported by several people to cause problems on FreeBSD with Perl 5.8.7
(but Perl 5.8.6 is fine); thanks to Bart Matterne for testing and feedback;
- allow one level of indirection when collecting %needed_protocols;
global setting $protocol='COURIER' did not work, a workaround was needed
with previous version, e.g.: $policy_bank{'QMQPqq'}={protocol=>'QMQPqq'};
reported by Nicklas Bondesson and Martin Orr;
- fix a bug (introduced with 2.3.0) in Courier and QMQPqq setups, where global
information about processed message wasn't always reset and could leak
into processing of a subsequent message; reported by Nicklas Bondesson;
- SQL: fix arguments in calls to last_insert_id(), failing under PostgreSQL
(MySQL didn't mind); pointed out by Henrik Krohns;
- if module SAVI is loaded, insist it is version 0.30 or later;
incompatibility with earlier versions reported by Andrzej Kukula;
- make use of the new Net::Server 0.88 hook run_n_children_hook() to
reload SAVI database; removes a need to apply SAVI patch to Net::Server;
the Net::Server hook was suggested by Paul B. Henson and others,
and incorporated into Net::Server 0.88 by Paul Seamons;
- reopen log file or syslog connection in each child process to make it use
its own file descriptor; also minimizes transients when syslogd is restarted
and its socket re-created, as reported by Les Ault. When running in chroot
please make sure a syslogd socket is also available in the chroot jail,
see README.chroot for syslogd options (and BASIC_CONFIGURATION_README
in Postfix documentation for the Postfix equivalent);
- close log file or syslog in forked process before exec, just to play nicely;
- do_lha: fix extracting archive member filename in case of broken archive
or empty name (avoid interpreting creation date as a file name);
do not increment OpsDecByLha counter for empty archives, which are
most likely not lha archives at all;
- obey $final_bad_header_destiny D_DISCARD or D_REJECT even for messages
with bad headers from mailing lists or with a null envelope sender (DSN);
previously such messages were passed; undesired behaviour reported
by Cami Sardinha.
Such messages are still let through with $final_bad_header_destiny set to
D_BOUNCE, as otherwise they will be lost because a bounce is suppressed
for null sender messages and for mail from mailing list. This behaviour
is retained for backwards compatibility, but may need to be reconsidered.
- fix regexp for extracting am_id from amavis-milter helper program requests;
- if fork/exec fails, try to commit suicide in forked process with
POSIX::_exit(1) first, before trying kill('KILL',$$) as a last resort;
- updated $log_templ example in amavisd.conf-sample to match the default;
pointed out by Gary V;
- further reduce a couple of more frequent Perl warnings about the use of
uninitialized values in expressions;
- pre-load additional Perl modules required by SA 3.1 plugins;
- require minimal versions of modules: Time::HiRes 1.49, Archive::Zip 1.14;
- replaced nonexistent variable @sa_spam_modifies_subj_maps by
@spam_modifies_subj_maps in commented-out example in amavisd.conf-sample;
noticed by Joachim Schoenberg;
LDAP CHANGES by Michael Hall:
All the LDAP changes are transparent to the user.
- rewritten some of the code similar to the restructuring of the SQL code
in version amavisd-new-2.3.0. A new package Amavisd::LDAP::Connection was
added which is a LDAP connection object, and the old connection-related code
in Amavis::Lookup::LDAP has been moved to the new package. Amavisd-new will
now try to reconnect (once) while processing a message, similar to SQL;
- added the ability to specify a '%d' (domain) token in the LDAP base DN;
based on idea from Alexander Wittig;
- updated default LDAP port based on whether SSL/TLS is being used or not;
based on idea from Timo Veith;
- updated the search code to query for multiple records and return the results
sorted in 'make_query_keys' order versus doing a query for each key.
As a result performance is enhanced, and the tweaks 'ldap_get_all', and
'use_query_keys' (recently added) are no longer applicable or needed
and have been removed;
- improved LDAP error reporting and misc changes to multivalued attributes;
- documentation changes (amavisd.conf-default, README.lookups);
MINOR IMPROVEMENTS:
- macro %c (commonly used in a log template) reports spam score no longer
as a single number, but as an explicit sum of a SA score and a by-sender
boost score (from @score_sender_maps) when boost score is nonzero;
suggested by Ed Walker;
- enhancement to amavisd-release: if its only command line argument is '-',
then read arguments from stdin, one release request per line, ignoring empty
lines; input lines have the same format as command line arguments, i.e.:
mail_file
mail_file secret_id
mail_file secret_id alt_recip1 alt_recip2 ...
- better handle cases where a persistent temporary file email.txt
as prepared by the SMTP server module gets replaced as a result
of some user program modification (e.g. when invoking altermime);
problems reported by Dinesh Shah and Leonardo Rodrigues;
Bcrypt is a cross platform file encryption utility. Encrypted files
are portable across all supported operating systems and processors.
Passphrases must be between 8 and 56 characters and are hashed
internally to a 448 bit key. However, all characters supplied are
significant. The stronger your passphrase, the more secure your data.
In addition to encrypting your data, bcrypt will by default overwrite
the original input file with random garbage three times before deleting
it in order to thwart data recovery attempts by persons who may gain
access to your computer.
- MiniLZO updated to version 2.01 and moved to separate directory.
- Collision between system LZO header files and MiniLZO header file fixed.
- Will now test for liblzo functionality in liblzo2 too.
- Minilibtasn1 is now 0.2.14 (no code changes).
- Some code changes to avoid GTK-DOC warnings.
- API and ABI modifications:
No changes since last version.
* Various build fixes, to make version info not say 0.5.5 any more.
Changes 0.5.6:
* Use libtool -export-symbols-regex instead of GNU ld script.
* Fix license with new FSF address.
* Test for socklen_t, needed for libgcrypt on some platforms.
* A few configure/build fixes.
* Don't use malloc.h.
- Fixed the autoconvert feature of cvm-vmailmgr to set the permissions
and ownership of the created password table to that of the original.
- Added a feature to all qmail-based modules to treat all domains as
local if $CVM_QMAIL_ASSUME_LOCAL is set.
changes:
-manpage added
-fix for BUG#210: use start_tls on referrals if configured to do so
-when handling new password policy control, only fall through to account
management module if a policy error was returned (CERT VU#778916)
pkgsrc change: use /etc/pam_ldap.conf as config file, to distinguish
from nss_ldap
- Added an "autoconvert" mode to cvm-vmailmgr, which converts encrypted
passwords to plain-text on successful authentication if
$VMAILMGR_AUTOCONVERT is set.
Okayed by lha@. I tested on Linux and DragonFly. I got this from
Joerg Sonnenberger.
On DragonFly, the configure errored like:
/usr/include/openssl/md5.h:110: error: syntax error before "size_t"
In file included from conftest.c:34:
/usr/include/openssl/sha.h:109: error: syntax error before "size_t"
This caused tests to break and it ended up building and installing libdes
and des.h, md4.h, and related headers.
So later libgssapi needed this libdes which was not buildlinked which
broke kdelibs3 build.
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
Here's an excerpt from the rather long RELEASE_NOTES included in the
distribution:
QUICK OVERVIEW:
Provides more flexible configuration of decoders. Allows recipients to have
individual banning rules. Assigns a long-term unique id to each message,
reducing clashes and facilitating retrieval of information. The daemon can
store information to a SQL database for logging, reporting and quarantine
retrieval, optionally storing entire message to a SQL database. File-based
quarantine can disperse files to 62 subdirectories. Provides a quarantine
release mechanism. Reconnects to SQL if connection is broken. Can skip
quarantining high-score spam. Compatibility with IPv6-enabled Postfix
is improved.
SECURITY:
- require minimal version 1.05 of Convert::UUlib to avoid a known security
problem in the underlying uulib (likely to be exploitable);
- src/racoon/dnssec.c: fix bogus test on function result
- src/racoon/isakmp.c: Improved in/out SA addresses check in
purge_remote()
- src/libipsec/{key_debug.c|pfkey.c|pfkey_dump.c}: de-lint, warnings
- src/racoon/privsep.c: Fixed a %d -> %zu in port_check()
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.
header in the buildlink directory that just pulls in /usr/include/des.h.
This should allow packages that purposely include <openssl/des_old.h> on
post-0.9.7 versions of OpenSSL to find it on NetBSD.
changes:
* Better documentation [Adam Schreiber]
* Keyring backups not world readable. [Adam Schreiber]
* Nautilus context menu items cleaned up.
* Better file association for armor encoded keys.
* Create agent socket inside user"s home directory.
* Clearer status text for key operations.
* Cleaned up menus and added GNOME features like dynamic
accelerator assignment (ie: using GtkUIManager).
* HIG polish and UI fixes. [Jim Pharis, Flavio daCosta]
* Better command line handling and aded command line
help. [Adam Schreiber]
* Many bug and crasher fixes.
-translation updates
