Security fixes in this version:
MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.21/releasenotes/
- v1.1.12's MAILBOXDIR changes broke accessing mails in some setups
- v1.1.12's login_executable -D checking changes caused dovecot to
crash at startup if protocols setting contained only pop3.
- mbox: pop3_lock_session=3Dyes was broken with mail_privileged_group.
* Added :MAILBOXDIR= to mail_location to specify the root dir for
mailboxes. dbox users should migrate to ":MAILBOXDIR=mailboxes",
because that's going to be the default in v1.2+.
+ Linux: Adding -D parameter to login_executable makes login processes
dump core to login_dir if they crash.
- IMAP: SELECT didn't always return first unseen message in reply
- POP3: pop3_lock_session=yes didn't use mail_privileged_group while
dotlocking.
- mbox: Don't crash if >=8192 bytes long line begins with "From ".
- Maildir: More fixes to handling over 26 keywords.
- Several logging fixes and improvements
- Fixed authentication caching with non-plaintext mechanisms when using
a blocking passdb (e.g. MySQL)
- Fixed DIGEST-MD5 authentication with user@domain style usernames.
1) Fix a bug when using SMTP/LMTP which can cause the mbox to be written
with trailing ^M's which causes the www interface to stop working.
2) Add a custom configuration option in dspam.conf of "StripRcptDomain" which,
if selected, strips the RCPT TO domain from email processed through DSPAM.
This is off by default.
PKGREVISION++
Changes since version 4.0.1:
- SpamAssassassin support
- Native LDAP support via OpenLDAP (off by default in pkgsrc)
- DKIM support (not supported in pkgsrc)
- P0f support
- A lot of bug fixes
pkgsrc related changes:
- Optional "curl" support for external URL checking
pkgsrc changes
- add PKG_DESTDIR_SUPPORT= user-destdir
distribution changes:
- Use US-ASCII as failover when Unicode searching fails (#1485762)
- Fix errors handling in IMAP command continuations (#1485762)
- Fix FETCH result parsing for servers returning flags at the end of result (#1485763)
- Fix datetime columns defaults in mysql's DDL (#1485641)
- Fix attaching more than nine inline images (#1485759)
- Support 'UNICODE-1-1-UTF-7' alias for UTF-7 encoding (#1485758)
- Fix mime-type detection using a hard-coded map (#1485311)
- Don't return empty string if charset conversion failed (#1485757)
- Disable concurrent autocomplete query results display (#1485743)
- Fix new lines stripped from message footer (#1485751)
- Fix IE problem with mouse click autocomplete (#1485739)
- Fix html body washing on reply/forward + fix attachments handling (#1485676)
- Fix multiple recipients input parsing (#1485733)
- Fix replying to message with html attachment (#1485676)
- Use default_charset for messages without specified charset (#1485661, #1484961)
- Support non-standard "GMT-XXXX" literal in date header (#1485729)
- Added TNEF support to decode MS Outlook attachments (winmail.dat)
- Fix "value continuation" MIME headers by adding required semicolon (#1485727)
- Fix pressing select all/unread multiple times (#1485723)
- Fix selecting all unread does not honor new messages (#1485724)
- Fix some base64 encoded attachments handling (#1485725)
- Support NGINX as IMAP backend: better BAD response handling (#1485720)
- Performance fix: don't fetch attachment parts headers twice to parse filename
- Fix checking for recent messages on various IMAP servers (#1485702)
- Performance fix: Don't fetch quota and recent messages in "message view" mode
- Fix displaying of alternative-inside-alternative messages (#1485713)
- Fix MDNSent flag checking, use arbitrary keywords (asterisk) flag (#1485706)
- Fix creation of folders with '&' sign in name
- Fix parsing of email addresses without angle brackets (#1485693)
- Save spellcheck corrections when switching from plain to html editor (and spellchecking is on)
- Fix large search results on server without SORT capability (#1485668)
- Get rid of preg_replace() with eval modifier and create_function usage (#1485686)
- Bring back <base> and <link> tags in HTML messages
- Fix XSS vulnerability through background attributes as reported by Julien Cayssol
- Fix problems with backslash as IMAP hierarchy delimiter (#1484467)
- Secure vcard export by getting rid of preg's 'e' modifier use (#1485689)
- Fix authentication when submitting form with existing session (#1485679)
- Allow absolute URLs to images in HTML messages/sigs (#1485666)
- Fix message body which contains both inline attachments and emotions
- Fix SQL query execution errors handling in rcube_mdb2 class (#1485509)
- Fix address names with '@' sign handling (#1485654)
- Improve messages display performance
- Fix messages searching with 'to:' modifier
mail delivery with non local NSS passwd source, such as LDAP.
Stock LDAP uses getpwnam(3) to lookup recipients. As mandated by SUSv2,
getpwnam(3) does not set errno, so Sendmail has no way of distinguishing
a non existing user and an error with a remote NSS source. Therefore,
when the LDAP server goes down, Sendmail bounces mail to valid recipients.
A first workround is to remove F=w from Mlocal in sendmail.cf. This will
inhibit local recipient lookups, but it has a two drawbacks
- ~/.forward do not work anymore
- For multi-recipient mails with a single inexistent user, mail.local
cause a DSN reporting an error for all users, whereas all valid users
do get the message.
A better workaround is this patch, which calls getpwnam_r(3). This newer
API do set errno and do return an error code. Sendmail is therefore able
to detect that it had a transcient error in NSS, and it will react by
queuing the message. This is what you really want to happen when LDAP
is down.
I have not been able to get any feedback from Sendmail developers about
this patch.
two must be used to determine whether this package is built for use
with Sendmail (the default) or Postfix. Use an appropriate user (either
"smmsp" or "postfix") in the two cases. This avoid permission problems
between Postfix and milter-greylist.
Bump package revision because of these changes.
2.8.2 2009/02/17
Request a signature with an "i=" tag if signing for subdomains and
a keylist entry matches. Previously this only occurred when
using an explicit domain list. Problem noted by
S. Moonesamy of Eland Systems.
Fixes in and around dkim_socket_cleanup(). Problem noted by
S. Moonesamy of Eland Systems.
LIBDKIM: When logging a d2i_PUBKEY_bio() or EVP_PKEY_get1_RSA()
failure, also log the selector and domain involved so manual
diagnostics are possible.
LIBDKIM/LIBAR: Feature request #SF2380508: Add new test for
WITHOUT_LIBSM which removes references to libsm's sm_strl*()
functions, so that libdkim and libar can stand on their own
on systems which provide the strl*() functions. Requested by
Frederik Pettai.
LIBDKIM: Report DKIM_STAT_NOSIG if the caller commands that all
signatures should be ignored.
LIBDKIM: Plug a memory leak caused when responding to a malloc()
failure.
LIBDKIM: New signature error code DKIM_SIGERROR_KEYDECODE, used if
d2i_PUBKEY_BIO() or EVP_PKEY_get1_RSA fails in
dkim_sig_process().
LIBAR: Make reference to the "_res" structure more thread-safe.
BUILD: Make use of conf_dkim_filter_ENVDEF since site.config.m4.dist
refers to it. Problem noted by S. Moonesamy of Eland Systems.
which made the small calendar display only nonsense,
ride on recent update
And again: Please test the pkgs at least a little bit before
committing an update.
Evolution Exchange 2.24.5 2009-02-25
------------------------------------
Bug Fixes:
#545455 : Check for the correct href of the message before accessing
it. (Milan Crha)
Evolution 2.24.5 2009-02-25
---------------------------
Updated Translations:
Wouter Bolsterlee (nl)
Bug Fixes:
#333716 : Do not store incomplete or broken files in a cache. (Milan
Crha)
#529037 : Disconnect signals on ESource-s too, not only on ECal-s.
(Milan Crha)
#559027 : Do not set date for 'None' value. (Milan Crha)
#559719 : Use it's own/unique name for the property on the 'epl'
and free the widget only if it wasn't freed yet. (Milan Crha)
#559719 : Use it's own/unique name for the property on the 'epl'
and free the widget only if it wasn't freed yet. (Milan Crha)
#561465 : Expand 'Attendee' column instead of the last. (Milan
Crha)
#564229 : Do not use uninitialized variable. (Milan Crha)
#564229 : Initialize the EPluginUI registry during class initialization,
so that it's sure to be there when we need it. (Matthew Barnes)
#567089 : Do not crash when no From set yet. (Milan Crha)
#569700 : Stop reading from a network when operation was canceled.
(Milan Crha)
#569986 : bar rendering. (Srinivasa Ragavan)
#572399 : Do not read from invalid iterator after call of row
changed. (Milan Crha)
#572543 : Always look for alternative apps for application/octet-stream.
(Milan Crha)
#572975 : Destroy file chooser dialog early enough to not have
hidden any other windows below it. (Milan Crha)
Evolution-Data-Server 2.24.5 2009-02-25
---------------------------------------
Bug Fixes:
#477535 : Randomly mail status changes were not getting stored in
server. Fixed the issue by unsetting correct flags. (Sankar P)
#567008 : Avoiding the clearing of the uids in the spool summary
if forceindex is true. (Jeff Cai)
- update module to 1.27
Upstream changes:
version 1.27: Tue Feb 3 12:23:08 CET 2009
- fix application/ogg to .ogx. Add other oggs [John Drago]
- alternative for ogg in test scripts,
- test by_mediatype with regexp parameter.
- do not use /bin/pwd in t/pod.t
version 1.26: Wed Dec 17 09:01:27 CET 2008
- added many ooxml types [Joe Spooner]
version 1.25: Sat Nov 29 15:00:20 CET 2008
- added application/jsoni
rt.cpan.org #36812 [Christopher H. Laco]
- added text/x-component
rt.cpan.org#41293 [Stephen Steneker]
0.09 Sun May 02 2004
- added PREREQ_PM to Makefile.PL
0.08 Sun May 02 2004
- Changed whitelisted() function to also check for RELAY since
according to the sendmail spec, RELAY implies OK.
- Switched to using BerkeleyDB package instead of File_DB since
File_DB didn't seen to be working with BDB 4.2 libraries
- No longer include a test.db file. Call /usr/sbin/makemap at
`make test` time.
Pkgsrc changes:
o Adjust dependencies to match new requirements.
Upstream changes:
version 3.14: Mon Feb 16 14:18:09 CET 2009
Fixes:
- isparent() when list() returns nothing.
rt.cpan.org#42932 [Phil Lobbes]
- Quote more characters in Massage(): add CTL, [, ], % and *
rt.cpan.org#42932 [Phil Lobbes]
- message_string() will only complain about a difference between
reported message size and actually received size; it will not
try to correct it anymore.
rt.cpan.org#42987 [Phil Lobbes]
- No error when empty text in append_string()
rt.cpan.org#42987 [Phil Lobbes]
- login() should not try authenticate() if auth is empty or undef
rt.cpan.org#43277 [Phil Lobbes]
version 3.13: Thu Jan 15 10:29:04 CET 2009
Fixes:
- "othermessage" in bodystructure parser should expect an MD5,
not bodyparams. Fix and test(!) by [Michael Stok]
Improvement:
- minor simplifications in code of run() and _imap_command()
- get_bodystructure trace message fix [Michael Stok]
- add Domain option for NTLM authentication.
Pkgsrc changes:
o Fix typo in HOMEPAGE url
o Get rid of nasty interactive bits by redirecting stdin to /dev/null
Upstream changes:
Version 3.024
add git repo link to metadata
Pkgsrc changes:
o Adjust dependency on p5-Email-MIME-Creator to match new requirement
Upstream changes:
0.13 2009-02-22 14:06:00
- bcc: POD corrections thanks to Lance Brown <lance@bearcircle.net>
0.12 2009-01-22 06:52:00
- Fixing tests for new versions of MIME::Creator
- Better structure of the code so that ::Template can also handle
plain text views
- Added onto troubleshooting
Pkgsrc changes:
o Adjust dependency on p5-Email-MIME-Modifier to match new requirement.
Upstream changes:
1.455 2009-01-20
fix a horrendous bug that would let you end up with:
Content-Type: image/jpeg; charset="utf-8"
