that duse the c-client library do not have their callback function symbols
stripped at install time. Fixes the following:
PR pkg/34031
and indicates that this need not be reopened:
PR pkg/35592
also bump PKGREVISION and BUILDLINK_ABI_DEPENDS
- Add dkim-stats option to install dkim-stats(8) FFR
- Only install dkim-stats(8) man page if dkim-stats option has been specified
2.5.4 2008/04/17
* Skip signatures with errors in dkimf_authorsigok().
* Avoid a NULL dereference in dkimf_config_reload() when starting
without a configuration file.
* Fix an alignment problem in dkimf_checkip(). Problem reported
by Jeff A. Earickson.
* LIBDKIM: Fix bug #SF1942387: Per RFC4871, disallow "l=" values
that exceed the size of the canonicalized message body.
2.5.3 2008/04/14
* Add "AllowSHA1Only" configuration option which permits operation
of verifiers that only know about SHA1. Without this, a
filter compiled with only SHA1 support will refuse to start
in verifier mode.
* Add "LogWhy" configuration parameter and "-W" command line flag
to request detailed logging about why a message was not
signed by the filter. Intended for debugging; not intended
for normal operation.
* Another tweak to parameters passed to db->open(). Based on patches
from Jukka Salmi and S. Moonesamy.
* Fixes in ares_parse() to match the current syntax. In particular,
deal with the fact that some of our tokens can legally appear
in e-mail addresses. Problem noted by S. Moonesamy of
Eland Systems.
* LIBDKIM: Evaluate key granularity against the "i=" value rather than
the value of the From: header per RFC4871. Problem noted by
Jason Long.
* LIBDKIM: Remove the chartable stuff from dkim-tables.c as it is
not used anywhere.
* LIBDKIM: Fix bug #SF1940302: Perform stronger validation of the value
of the "h=" tag.
2008-03-13 Jeffrey Stedfast
* gmime/gmime-parser.c (parser_construct_message): Changed
content_length to an unsigned long rather than unsigned int, fixes
bug #521872. Thanks to Pawel Salek for this fix.
2008-03-10 Jeffrey Stedfast
* gmime/gmime-parser.c (parser_scan_mime_part_content): Don't let
size go negative.
2008-02-09 Jeffrey Stedfast
* gmime/gmime-filter-basic.c (filter_filter): Use the new macros
defined below.
* gmime/gmime-utils.c (rfc2047_encode_word): Use the new macros.
* gmime/gmime-utils.h: Added more accurate encoding-length macros
for base64, quoted-printable, and uuencode which are try to
minimize over-calculating the amount of output data that we
need. Also namespaced them.
2008-02-08 Jeffrey Stedfast
* src/uudecode.c (uudecode): Use g_strchomp() on the filename
parsed from the 'begin' line.
2008-02-07 Jeffrey Stedfast
* util/url-scanner.c (url_web_end): Handle IP address literals
within []'s. Fixes bug #515088.
2008-02-06 Jeffrey Stedfast
* gmime/gmime-utils.c (g_mime_utils_uuencode_step): Optimized.
2008-02-03 Jeffrey Stedfast
* gmime/gmime-stream-cat.c (stream_read): Removed an extra seek.
2008-02-02 Jeffrey Stedfast
Fix for https://bugzilla.novell.com/show_bug.cgi?id=333292 and
some other bugs I discovered while fixing it.
* gmime/gmime-parser.c (header_parse): Made an actual function
rather than a macro. Don't turn invalid headers into
X-Invalid-Headers, just ignore them. Instead of using
g_strstrip(), do our own lwsp trimming so we can do it before
malloc'ing - this helps reduce memory usage and memmove()
processing in g_strstrip().
(parser_step_headers): Validate the header field names as we go so
that we can stop when we come to an invalid header in some
cases. May now return with 3 states rather than only 1:
HEADERS_END (as before), CONTENT (suggesting we've reached body
content w/o a blank line to separate it from the headers), and
COMPLETE (which suggests that we've reached the next message's
From-line).
(parser_skip_line): Rearranged a bit: don't fill unless/until we
need to.
(parser_step): For HEADERS_END state, skip a line and increment
state to CONTENT. No-op for CONTENT and COMPLETE states.
(parser_scan_message_part): parser_step() can return more than
just HEADERS_END on 'success' when starting with HEADERS state, so
check for error rather than HEADERS_END.
(parser_construct_leaf_part): No need to parser_step() thru header
parsing, they should already be parsed by the time we get
here. Also, don't call parser_skip_line() directly to skip the
blank line between headers and content, use parser_step() to do
that for us.
(parser_construct_multipart): Same as parser_construct_leaf_part()
(found_immediate_boundary): Now takes an 'end' argument so callers
can request a check against an end-boundary vs a part boundary.
(parser_scan_multipart_subparts): Check for errors with
parser_skip_line(). Set HEADERS state and use parser_step() to
parse headers rather than calling parser_step_headers()
directly. If, after parsing the headers, we are at the next
message (aka COMPLETE state) and we have no header list, then
break out of our loop and pretend we've found an
end-boundary. After parsing the content of each MIME part, check
that the boundary we found is our own and not a parent's (if it
belongs to a parent, break out).
(parser_construct_part): Loop parser_step() until we're at any
state past the header block (>= HEADERS_END).
(parser_construct_message): Same idea. Also, do error checking for
decoded content_length value.
2008-02-02 Jeffrey Stedfast
* gmime/gmime-iconv-utils.c (iconv_utils_init): Don't break if the
user's locale is unset (e.g. US-ASCII).
2008-01-31 Jeffrey Stedfast
* gmime/gmime-parser.c: Removed the need for 'unstep' state
information.
2008-01-27 Jeffrey Stedfast
* gmime/gmime-stream-buffer.c (stream_write): Don't modify the
passed-in arguments so that it makes debugging easier if there's
ever a bug.
2008-01-27 Jeffrey Stedfast
* gmime/gmime-stream-buffer.c (stream_read): Optimized the
BLOCK_READ code-path.
(stream_write): Optimized the BLOCK_WRITE code-path.
(stream_seek): Optimized the BLOCK_READ code-path.
(g_mime_stream_buffer_gets): Updated for the changes made to the
way bufptr is used in the BLOCK_READ case.
2008-01-14 Jeffrey Stedfast
* gmime/gmime-charset.c (g_mime_set_user_charsets): Deep copy the
string array. Fixes bug #509434.
2008-01-02 Jeffrey Stedfast
* gmime/gmime-message.c (message_write_to_stream): Reworked the
logic to be easier to understand what is going on.
* gmime/gmime-multipart.c (multipart_write_to_stream): In the case
where multipart->boundary is NULL /and/ we have a raw
header (suggesting a parsed message), do not set a boundary as it
will break the output because it will clobber the saved raw header
and GMimeMessage's write_to_stream() method will have skipped
writing its own headers if its toplevel part (us) have a raw
header set. In this case, also skip writing the end boundary.
2008-01-01 Jeffrey Stedfast
* gmime/gmime-utils.c (g_mime_utils_generate_message_id): Fixed a
Free Memory Read access (FMR) by not freeing 'name' before using
it's value. Also reworked to take advantage of uname(2) or
getdomainname() to get the domain name if available to avoid
having to do a DNS lookup.
2008-01-01 Jeffrey Stedfast
Fixes bug #506701
* gmime/gmime-utils.c (rfc2047_encode_get_rfc822_words): Don't
reset the word-type variable as it needs to be preserved when
breaking long words.
(rfc2047_encode): Switch on word->encoding - if 0, rfc2047 encode
as us-ascii.
2007-12-27 Jeffrey Stedfast
* gmime/gmime-utils.c (decode_8bit): Now takes a default_charset
argument which we use in place of the locale charet if
non-NULL. We also now always include this charset in our list of
charsets to check for a best-match (obviously this charset is
unlikely to be an exact fit if this function is getting called, so
we place it at the end of the list).
(rfc2047_decode_word): If given a valid charset in the
encoded-word token, always use that for charset conversion to UTF-8
even if it doesn't convert fully. We don't want to fall back to
the user's supplied charset list because it may contain iso-8859-1
which will likely always be a 'best-match' charset.
2007-12-26 Jeffrey Stedfast
* gmime/gmime-utils.c (g_mime_utils_decode_8bit): Made public.
* gmime/internet-address.c (decode_mailbox): Instead of doing our
own thing to convert raw 8bit/multibyte text sequences into UTF-8,
use the same function we use in gmime-utils.c's header decoder.
2007-12-25 Jeffrey Stedfast
* gmime/charset-map.c: New source file to generate the charset
map (moved out of gmime-charset.c)
* gmime/gmime-charset.c (main): Removed.
2007-12-25 Jeffrey Stedfast
* gmime/gmime-charset.c (main): Cleaned up the logic and made it
so that we can alias a block to a previous block if the blocks are
identical rather than just aliasing when all values in the block
are identical. Happens to make no difference in the output, but
the logic is now there if that ever changes.
2007-12-24 Jeffrey Stedfast
* gmime/gmime-charset-map-private.h: Regenerated.
* gmime/gmime-charset.c (known_iconv_charsets): Map all of the
gb2312 aliases to GBK as GBK is a superset of gb2312 (apparently
some clients are tagging GBK as gb2312 which is missing some
glyphs contained within GBK).
(main): Added iso-8859-6 to the table for Arabic support.
2007-12-16 Jeffrey Stedfast
* gmime/gmime-utils.c (decode_8bit): When reallocing our output
buffer, we need to update outleft as well.
2007-12-08 Jeffrey Stedfast
* gmime/gmime-utils.c (rfc2047_encode_merge_rfc822_words):
Completely rewritten with new logic which will hopefully group
words more logically.
2007-12-08 Jeffrey Stedfast
Fixes bug #498720
* gmime/internet-address.c (internet_address_list_writer): Renamed
from the temporary internet_address_list_fold() name.
(_internet_address_to_string): New internal function that writes
an InternetAddress to a GString, doing proper folding and rfc2047
encoding if requested.
(internet_address_to_string): Use the new internal function.
* tests/test-mime.c: Added another addrspec test and fixed up some
exception strings to be a little more helpful.
2007-12-05 Jeffrey Stedfast
* configure.in: Fixed a bug where explicitly disabling largefile
support would add -D_FILE_OFFSET_BITS=no to the compiler
CFLAGS. Also added a blaring WARNING when -enable-largefile is
passed.
2007-11-23 Jeffrey Stedfast
Attempt at solving bug #498720 for address fields, altho it should
probably be made to handle folding single addresses in the case
where they are too long to fit within a single line.
* gmime/internet-address.c (internet_address_list_fold): New
function.
* gmime/gmime-message.c (write_structured): Renamed from
write_addrspec().
(write_addrspec): New header writer that writes
InternetAddressLists in a nicely folded manner.
2007-11-12 Jeffrey Stedfast
* gmime/internet-address.c (internet_address_destroy): No need to
check if ia != NULL, we know this is true already.
5.426 2008-03-07 Dave O'Neill <dmo@roaringpenguin.com>
* VERSION 5.426 RELEASED
* (bugfix) require File::Temp 0.18 or newer, as we need seek()
(RT#31032)
* (bugfix) Don't hang forever in t/Smtpsend.t (RT#31082)
* (bugfix) require Perl 5.8.0 or newer in Makefile.PL (RT#30927)
* (bugfix) encode_mimewords() no longer removes spaces between two
encoded words (RT#5462)
http://secunia.com/secunia_research/2008-11/advisory/http://www.frsirt.com/english/advisories/2008/1218
Changes since 0.92.1
This release introduces many new features and engine enhancements, please
see the notes below for the list of major changes. The most visible one
is the new logic in scan limits which affects some command line and config
options of clamscan and clamd. Please see clamscan(1) and clamd.conf(5)
and the example config file for more information on the new options.
Most important changes include:
* libclamav:
- New logic in scan limits: provides much more efficient protection against
DoS attacks but also results in different command line and config options
to clamscan and clamd (see below)
- New/improved modules: unzip, SIS, cabinet, CHM, SZDD, text normalisator,
entity converter
- Improved filetype detection; filetype definitions can be remotely updated
- Support for .cld containers (which replace .inc directories)
- Improved pattern matcher and signature formats
- More efficient scanning of HTML files
- Many other improvements
* clamd:
- NEW CONFIG FILE OPTIONS: MaxScanSize, MaxFileSize, MaxRecursion, MaxFiles
- ** THE FOLLOWING OPTIONS ARE NO LONGER SUPPORTED **: MailMaxRecursion,
ArchiveMaxFileSize, ArchiveMaxRecursion, ArchiveMaxFiles,
ArchiveMaxCompressionRatio, ArchiveBlockMax
* clamscan:
- NEW CMDLINE OPTIONS: --max-filesize, --max-scansize
- REMOVED OPTIONS: --block-max, --max-space, --max-ratio
* freshclam:
- NEW CONFIG OPTION CompressLocalDatabase
- NEW CMDLINE SWITCH --no-warnings
- main.inc and daily.inc directories are no longer used by ClamAV; please
remove them manually from your database directory
* Handle a potential DOS vulnerability on any host using TMail to
handle incomming email; a crafted email with carefully positioned
whitespace can cause the TMail library to go into an endless loop
causing denial of service attack on email services.
This version fixes a bug in the white/blacklist file processor that
was incorrectly matching domains when wildcards were used. Thanks
to Tom for reporting this one.
Update for draft-kucherawy-sender-auth-header-14.
Add "subject" to "should_signhdrs" per RFC4871 section 5.5.
Fix bug #SF1911328: Restore proper behaviour of SignHeaders and
OmitHeaders, broken in the prior release's configuration
overhaul. Problem reported by Jason Molzen.
Fix bug #SF1912332: Fix parameters passed to db->open(). Problem
reported by Tony Earnshaw.
Fix bug #SF1912569: Initialize mutexes before entering test mode.
Patch from Kaspar Brand.
LIBDKIM: More boundary checking fixes in dkim_canon_selecthdrs().
Problem noted by Warren Horvath.
LIBDKIM: Fix bug #SF1820084: Return DKIM_STAT_MULTIDNSREPLY
if a DNS query returns multiple records.
2.5.2 2008/03/28
Preserve the sender's domain name outside of mlfi_eoh() as it's
now needed in mlfi_eom(). Problem noted by Andy Fiddaman.
Fix bug #SF1921873: Pass "-K" command line switch into the new
configuration handling code. Problem noted by Al Smith.
TOOLS: Fix flags portion of the TXT record output by dkim-genkey.
Problem noted by Michael Carland.
BUILD: Fix bug #SF1922422: Fix linker problems when POPAUTH is
defined.
* The vertical 3-paned view mode was added.
* The feature to save SSL peer certificate was added.
* The option 'Treat HTML only message as attachment' was added.
* The bug that caused busy loop when initial connection was
immediately refused was fixed.
* The bug that the quote description dialog never appeared again
after closing it with the close button was fixed.
* The new/unread status display on quick search filtered mode was fixed.
* The windres command will not be enabled on non-win32 platforms now.
+ Install as a Ruby gem.
* A _LOT_ more documentation...!
* Make ready for Ruby 1.9
* Fixed UNIXMbox code - readonly was not working and raising an exception.
* Multiple froms not being parsed correctly, added a test case to cover
this and show the correct handling
This library allows for the identification of a file's likely MIME
content type. The identification of MIME content type is based on a
file's filename extensions.
(Approved by agc for update during the freeze)
Changes from Alpine 1.00 to 1.10
New in Alpine 1.10
Version 1.10 addresses bugs found in previous releases and has
a few additions as well.
Additions include:
* Add the possibility of setting a default role (see Roles
Screen) which may be convenient if your work flow involves
acting in one role for a while then switching to another role
and staying in the new role for another period of time
* When Saving and the IMAP server problem "Message to save
shrank!" is encountered, ask the user if he or she wants to
continue with the risky Save anyway instead of aborting. This
may be helpful if your IMAP server is broken in this way but
be aware that it is possible there was a real error instead of
just a broken server implementation.
* Some configure adjustments for Kerberos detection and for SCO
OpenServer 5 support
* Hide INBOX in a collection if it also appears as an Incoming
Folder
* Show asterisks for feedback when the user is typing a password
* Performance improvement for threading of large folders
* Previously, the search used to find Pattern matches containing
To patterns searched for both To and Resent-To headers. The
relatively complicated search this produces causes problems
when using some deficient IMAP servers. Now the default is to
look only for To headers and ignore the presence of
Resent-To. The previous behavior may be restored with the Use
Resent-To in Rules feature.
* Add an Unknown Character Set to help with reading malformed
unlabeled messages
* Suppress User Agent When Sending option added
* Map some Shift-LeftArrow escape sequences to LeftArrow
* Add feature Warn if Blank Fcc
Bugs that have been addressed in this release include:
* Crash when encountering certain errors from an SMTP server
* Crash in composer caused by overflow in replace_pat()
* Hang when authenticating to an SMTP server that fails with a
"connection disconnected" error
* Bug in handling of trailing tab character in flowed text
* Security enhancement for mailcap parameter substitution
* Strip From Sigdashes on Reply did not work if the message being
replied to was not flowed text and Do Not Send Flowed Text was
not turned on
* Don't allow printer to be changed through hidden config screen
if system administrator didn't want it to be allowed
* Attempts are sometimes made to set the Forwarded flag when
alpine should know that it won't work, causing error messages
to appear
* A Reply Indent String of double-quote double-quote didn't work
right
* Quoting wasn't being done to protect special characters from
the MacOS X shell when URL-Viewers was not defined
* On MacOS X message attachments should be shown internally
instead of being shown using the Mail application
* When replying to a message with a charset of X-UNKNOWN Alpine
would sometimes set the outgoing charset to X-UNKNOWN, making
the result unreadable
* When the sending of a message failed lines with leading spaces
had one additional space inserted in each of those lines when
the user was returned to the composer
* The WhereIs command missed some index lines that contained
non-ascii characters because it was truncating the line being
searched so that it was shorter than what was visible on the
screen
* When composing, an attachment with a long name that causes
wrapping in just the wrong place would generate an error and
cause the send of the attachment to fail
* After calling the file browser to attach a file in the
composer, a resize of the window when back in the composer
would redraw the last screen that had been shown in the
browser instead of the current composer screen
* Possible crash in index screen when encountering unparseable
addresses or when using one of the PRIORITY tokens or the
HEADER token in the Index Format
* Problems with Header Color editing if the configuration option
Viewer Header Colors was inadvertently changed to the Empty
Value in the hidden config screen
* When resuming the final postponed message from an Exchange
server the user could get a certificate validation failure
because alpine was trying to validate the canonical name of
the folder instead of the name the user used
* Windows line endings in a mimetypes file on a Unix system cause
a failure to find a match
* Make matching of extension names case independent in mimetypes
files
* Windows dialog boxes for entering text were not working correctly
* Replying to or Forwarding multipart/alternative messages which
had a single text/html part did not work well
* Printing the print confirmation page caused a crash
* A To line with a long, quoted personal name could display
incorrectly if it was close to the same width as the screen
* When Enable Incoming Folders Checking and Incoming Checking
Includes Total are turned on hide (0/0) when the folder is
empty
* Folder completion while Saving didn't work if the collection
being saved to was the local home directory
While here, fix a minor DESTDIR botch.
0.1.14 beta-17
- (security) Using File::Spec->canonpath for normalization (trailing slashes)
Check ownership of real directories to avoid race attacks
for symlinks. Thanks to Robert Buchholz.
0.1.14 beta-16 (not released)
- (security) The check for symlinked directories was half complete.
perl ignores -l if the argument has a trailung slash.
Thanks to Andrej Kacian.
0.1.14 beta-15
- (security) $LOCKPATH and its contents weren't checked for being
a symlink which. Thanks to Chris Howells and Andrej Kacian.
- (fix) "dedicated" added to the exclusion list for dialup
checks. A better approach would be to let the user
configure dialup and exclude patterns.
0.1.14 beta-14
- (change) rbls.org link changed to robtext.com
- (change) results with 'rc:' as action are not cached
- (fix) regexp check for dynamic helo/client did hit also some
clients with "static"
- (fix) helo numeric check was too fuzzy.
- (fix) master didn't read config after policyd-weight reload
- (fix) HELO_SEEMS_DIALUP may have scored even if the IP is listed
for the sender domain.
- (fix) An interrupt of policyd-weight -s may cause a SIGPIPE
which killed the cache
- (change) Implemented $NS list. Useful for users with split
horizon DNS
- (fix) don't cache rejections which were deferred (4xx and friends)
- (fix) helo_numeric_score didn't catch [n.n.n.n] helos
- (fix) Header was not included if $dnsbl_checks_only = 1; and
$ADD_X_HEADER = 1; - Thanks to J. Genannt
- (fix) Corrected handling of [n.n.n.n] HELOs and address-literals
as sender (long standing issue)
- (change) Introduced @dnsbl_checks_only_regexps in order to skip
DNS checks for certain client hostnames
- (change) Added -D (Don't detach) switch for daemon-tools/runit users
- (change) Added signals handlers for most of signals so that they are
at least logged, also, provide a perl backtrace.
- (change) prerequisite steps for providing coredumps (build coredump
directories, chdir) - coredumps are non-trivial:
we start as root, change uid. At this moment coredumps
are denied by kernel in order to protect root-data. The only
workaround would be, to start cache and master via system()
after changing uid
- (change) In daemon mode wrongly crafted policy requests don't lead
to a child-exit anymore, only the connection is closed
- (change) log-facilities other than 'info' are now mentioned in log-lines
- (change) SMTP information such as client, helo, sender and to are now
logged in each log-message. If $DEBUG is set this also logs
the instance variable.
- (fix) rbl_lookup used sometimes 65536 as packet id which appeared
to cause problems
- (fix) Check for syslog absence. If syslog is not available then
log temporarily to $LOCKPATH/polw-emergency.log
- (tmpfix) Introduced $TRY_BALANCE which closes connections to smtpds after
they got their response in order to avoid too many established
smtpd->policyd-weight (child) connections.
instead of consisting of a pristine qmail tarball and netqmail
patch, 1.06 has the patch already applied. No user-visible changes
to pkgsrc, either; this just simplifies a weird build and will make
future upgrades (don't laugh!) easier.
jlam@ "looks fine"
