greetdelay introduces a small delay before an SMTP greeting. It can
also optionally enforce RFC 2821's recommendation that SMTP clients
not send any commands before receiving the greeting message.
With a delay of 30s it has done me a world of good.
* Update qregex patch (PR pkg/34760) to 20060423:
- qregex adds the matched regex pattern to its log entries if the
LOGREGEX environment variable is set.
* Update realrcptto patch to 20061210:
- Logging uses substdio_puts() and substdio_flush() instead of
substdio_putsflush(). This makes log entries less likely to be
interleaved. Thanks to Matthew Dempsky for finding this.
- For QMAILRRTENYALL, use error code 554 after DATA, not 550.
Thanks to ... sorry, I lost track of who found this.
- Log stat() errors for .qmail files. Thanks to Chris Bensend for
suggesting this.
* Update tls-smtpauth combined patch to 20060105. TLS changes:
- bug: qmail-remote loops on malformed server response (B. Shupp,
A. Meltzer)
- no STARTTLS advertised when control/servercert.pem absent (Jason
Haar)
- control/notlshosts (Albert Weichselbraun)
- control/tlshosts/exhaustivelist
- scripts honor conf-users (Sven Verdoolaege)
- strerror declaration in tls.c compile problem (Renato Botelho,
Bill Shupp)
- chown uid.gid deprecated, should be uid:gid (Bill Shupp)
SMTP AUTH changes:
- includes the evaluation of the 'Auth' and the 'Size' parameter
in the 'Mail From:' command.
- uses DJB functions to copy FDs.
- corrects some minor mistakes displaying the 'Auth' userid.
- uses keyword "ESMTPA" in Received header in case of authentication
to comply with RFC 3848.
pkgsrc changes:
* Note SPECIAL_PERMS on qmail-queue binary (from dsainty@).
- Fixed text files to not overwrite the "text/top" and "text/bottom"
files unconditionally. Also rewrote places where the filename was
duplicated in the tags.
- (Un)subscribe requests initiated and confirmed by a moderator are now
marked in the Log as "+mod" or "-mod". This is accomplished by the
addition of another pair of subscribe/unsubscribe confirmation
commands ("rc.cookie" and "wc.cookie") to ezmlm-manage to
differentiate between moderated (un)subscribe requests and
(un)subscribe requests iniated and confirmed by a moderator.
2.3.0 provides the new printing function and new mail notification by
the tray icon. 2.3.0 also includes various usability improvements.
In Win32 version, the included GTK+ library has been updated to the
latest 2.10.6, and it introduces the improvements of usability and
bugfixes.
or USE_X11BASE set, but don't include mk/x11.buildlink3.mk directly or
via buildlink3.mks
- introduce BUILDLINK_PREFIX.libXpm as alias for BUILDLINK_PREFIX.xpm
in the !modular case
- fix some cases where the check for libX11 couldn't work at all by using
C++ for compilation without including the proper headers
Verified using a full X11_TYPE=xorg bulk build without additional
breakage. Discussed with salo@, wiz@ and send to packages@ for feedback.
MFSA 2006-74 Mail header processing heap overflows
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escallation using watch point
MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
For more info, see http://www.mozilla.com/en-US/thunderbird/releases/1.5.0.9.html
packages with the modular Xorg equivalent. Those are falling back
to the old location by default, so this commmit doesn't change
dependencies.
graphics/xpm ==> x11/libXpm
fonts/Xft2 ==> x11/libXft
x11/Xfixes ==> x11/libXfixes
x11/xcursor ==> x11/libXcursor
x11/Xrender ==> x11/libXrender
x11/Xrandr ==> libXrandr
- On Redhat Linux, a Postfix daemon could lock up while logging a
warning from a signal handler before exiting. This is remedied
by a low-cost re-entrancy guard for signal handlers that never
return.
- Message headers longer than 65535 broke the Milter protocol. To
make matters worse the cleanup server could then dereference a
null pointer. When Milter support is enabled, the length of each
message header is now limited to 60000.
- Several fixes to improve worst-case behavior of the (new) queue
manager with multi-recipient mail. The queue manager now reads
new recipients earlier from the queue file, instead of becoming
starved while waiting for the slowest in-memory recipients to
complete; and it now reads recipients in smaller chunks to avoid
spending too much time not talking to delivery agents.
- With remote SMTP server tarpit delays larger than the Postfix
SMTP client's smtp_rset_timeout (default: 20s), the client would
get out of sync with the server while reusing a connection. The
symptoms were "recipient rejected .. in reply to DATA".
- On FreeBSD 6.2, some Postfix daemon processes would complain once
with "Error 0" after "postfix reload" and then recover. This
warning is now logged only when the problem persists.
* 2.3.0beta6 (development)
* The new printing function was implemented.
- Each page is now rendered by Cairo.
- The native print dialog is used.
- Page number is printed for each page.
- The option "Use external program for printing" was added.
- The printing of MIME part was implemented.
* Cc: was added to the header view.
* The option "Inherit recipients on reply to self messages" was added.
* Pilot-link (libpisock) 0.12 was supported.
* The window position and the layout of the 'Add Address' dialog was
modified.
* The default directory of the file selection dialog was changed
(in Win32, 'My Documents' is used. In Unix, the home directory is used).
* The UI is now updated periodically on manual filtering.
* The new mail notification on the tray icon is reset when any message
is read now.
* The encoding setting of the message view in new window is enabled also
on reply.
* Win32: The bug that the window was sometimes not displayed at the top
when the tray icon was clicked was fixed.
* Win32: The issue that the progress dialog was not updated while sending
large messages was fixed.
pkgsrc change:
* separate ja-patch into ja-patch and lite-patch.
ChangLog:
Version 1.4.9a - 3 December 2006
--------------------------------
- Security: Multiple IE cross site scripting issues related to the
widely acceptation of the word expression and url by IE.
- Security: Removing @import when sanitizing html mail.
Version 1.4.9 - 2 December 2006
-------------------------------
- Drop obsolete script plugins/make_archive.pl.
- Fixed Google translate form in translate plugin. Added new language
pairs.
- Added XMAGICTRASH extension tests in configtest utility. Removed code
that handled 'inbox.trash' as special folder in courier (#1354393).
- Allowed moving folders to trash in courier.
- Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message
(#1543573).
- Provide View Unsafe Images link on viewing a text/html attachment.
- Fix variable typo in folders_create.php (#1545316).
- Added Courier IMAP OUTBOX check to configtest utility.
- If mailbox name starts with slash or contains ../, error message is
generated. Safety check for insecure default UW IMAP setup (#1557078).
- Ignore message copy errors when messages are deleted. Allows to delete
messages when quota is exceeded (#614887, #646386, #1446026).
- Fixed unintended literal fetching (#1562271).
- Added global file based address book listing controls. Added line
length configuration option for local_file address book backend
(#1181561). Added address book data integrity checks in local_file
address book backend. Fixed eregi and object notices in local_file
and database address book backends. Added additional address book
field support.
- Fixed variable corruption in configtest utility.
- Checked if configuration file is readable in configuration utility
(#1568355).
- Special mailboxes marked in special_mailbox hook are no longer listed
in folder delete, rename and subscription options.
- Translate plugin: prevent PHP notice when viewing empty message.
- Add CEST and MEST (non-standard) timezone codes for +0200.
- Add <label> to From field in message list.
- Add support for parsing SpamAssassin's X-Spam-Status header (#1589520).
- Fix in bodystructure parser code related to strings ending with an
escape character.
- Added "attachment */*" hook
- Added third parameter $logout_link to logout_error hook that allows
plugin control over login page URI displayed on login error page.
- Security: close cross site scripting vulnerability in draft, compose
and mailto functionality [CVE-2006-6142].
- Security: work around an issue in Internet Explorer that would guess
the mime type of a file based on contents, not Content-Type header.
ChangLog:
Version 1.4.9a - 3 December 2006
--------------------------------
- Security: Multiple IE cross site scripting issues related to the
widely acceptation of the word expression and url by IE.
- Security: Removing @import when sanitizing html mail.
Version 1.4.9 - 2 December 2006
-------------------------------
- Drop obsolete script plugins/make_archive.pl.
- Fixed Google translate form in translate plugin. Added new language
pairs.
- Added XMAGICTRASH extension tests in configtest utility. Removed code
that handled 'inbox.trash' as special folder in courier (#1354393).
- Allowed moving folders to trash in courier.
- Fix misspelled constant PREG_SPLIT_NI_EMPTY in sqimap_get_message
(#1543573).
- Provide View Unsafe Images link on viewing a text/html attachment.
- Fix variable typo in folders_create.php (#1545316).
- Added Courier IMAP OUTBOX check to configtest utility.
- If mailbox name starts with slash or contains ../, error message is
generated. Safety check for insecure default UW IMAP setup (#1557078).
- Ignore message copy errors when messages are deleted. Allows to delete
messages when quota is exceeded (#614887, #646386, #1446026).
- Fixed unintended literal fetching (#1562271).
- Added global file based address book listing controls. Added line
length configuration option for local_file address book backend
(#1181561). Added address book data integrity checks in local_file
address book backend. Fixed eregi and object notices in local_file
and database address book backends. Added additional address book
field support.
- Fixed variable corruption in configtest utility.
- Checked if configuration file is readable in configuration utility
(#1568355).
- Special mailboxes marked in special_mailbox hook are no longer listed
in folder delete, rename and subscription options.
- Translate plugin: prevent PHP notice when viewing empty message.
- Add CEST and MEST (non-standard) timezone codes for +0200.
- Add <label> to From field in message list.
- Add support for parsing SpamAssassin's X-Spam-Status header (#1589520).
- Fix in bodystructure parser code related to strings ending with an
escape character.
- Added "attachment */*" hook
- Added third parameter $logout_link to logout_error hook that allows
plugin control over login page URI displayed on login error page.
- Security: close cross site scripting vulnerability in draft, compose
and mailto functionality [CVE-2006-6142].
- Security: work around an issue in Internet Explorer that would guess
the mime type of a file based on contents, not Content-Type header.
* 2.2.10 (stable)
* The change between folders became faster at GTK+ 2.10.x.
* The text insertion by the action was fixed again.
* The text redraw problem on the undo of large text was fixed.
* The crash that occurred when printing a message with empty Subject,
From and To was fixed.
* The window position and the layout of the 'Add Address' dialog was
modified.
* Libpisock 0.12 was supported.
* Win32: The bug that window position was reset when quitting Sylpheed
while window was hidden was fixed.
* Win32: The selection of the labels on the header view and the alert
dialog are now visible.
* Win32: The e-mail menu in the start menu now works when Sylpheed is
selected as a default mailer.
* Win32: The character corruption on printing when environment-dependent
Japanese characters are used was fixed.
- Add options exim-appendfile-maildir exim-appendfile-mailstore
exim-appendfile-mbx exim-lookup-cdb exim-tcp-wrappers exim-tls
All but exim-lookup-cdb default to off, to preserve previous
defaults.
