Notes:
First "stable" release ever. Introduces an install script, some new features and many bug fixes.
Changes:
- Added interactive installer script
- Allow to send mail with BCC recipients only
- Remember decision to display images for a certain message during session
- Remember search results
- Add Received header on outgoing mail
- Implement Message-Disposition-Notification (Receipts)
- Don't create default folders by default
- Fixed some potential security risks (audited by Andris)
- Filter linked/imported CSS files
- Improve message compose screen
and many bug fixes. See http://trac.roundcube.net/wiki/Changelog for details.
Add "AutoRestartCount" and "AutoRestartRate" configuration
parameters to limit runaway restart loops.
Feature request #SF1735573: Add "AlwaysAddARHeader" option, which
will add an Authentication-Results of "none" for unsigned
messages from domains without a "strict" policy.
Feature request #SF1807748: Reload the configuration file on
receipt of SIGUSR1. Requested by Florian Sager.
Feature request #SF1811969: Add _FFR_BODYLENGTH_DB which adds a
"BodyLengthDBFile" feature, allowing a per-recipient decision
on whether or not to use an "l=" tag when signing. Patch
contributed by Daniel Black.
Feature request #SF1841955: Add an "Include" facility to the
configuration file.
Feature request #SF1876941: Make the syslog facility selectable.
Based on a patch from Jose-Marcio Martins da Cruz of Ecole
des Mines de Paris.
Feature request #SF1876943: Add _FFR_AUTHSERV_JOBID allowing the
job ID to be included as part of the "authserv-id" in
Authentication-Results: headers. Based on a patch from
Jose-Marcio Martins da Cruz of Ecole des Mines de Paris.
Feature request #SF1890581: Attempt to clean up a UNIX domain
socket in the non-AutoRestart case as well. Requested
by Daniel Black.
Add "MilterDebug" configuration file option for requesting debugging
output from the filter.
Add "FixCRLF" configuration file option which activates the
DKIM_LIBFLAGS_FIXCRLF flag (see below).
Update to draft-ietf-dkim-ssp-03. In doing so, rename the
"UseSSPDeny" configuration option to "UseASPDiscard".
Handle an error from dkim_getsighdr() properly in mlfi_eom().
When VERIFY_DOMAINKEYS is active, don't short-circuit mlfi_eoh()
between dk_verify() and dk_eoh() or a segmentation fault below
dk_body() could result.
LIBDKIM: Feature request #SF1823059: Export key, signature and
policy syntax checking capability via the API. Based on
a patch from Chris Behrens of Concentric Network Corporation.
LIBDKIM: Assert defaults for "c" and "q" tags when parsing
signature headers. Patch from Chris Behrens of Concentric
Network Corporation.
LIBDKIM: Better handling of truncated DNS replies; instead of
just giving up if the "tc" (truncated) bit is set in the
reply, see if there was enough of a reply returned to be able
to complete the request.
LIBDKIM: Fix recycling bug in header canonicalizations which was
causing signatures other than the first one to fail in most
cases.
LIBDKIM: Add new dkim_chunk() interface.
LIBDKIM: Enforce DKIM_OPTS_QUERYMETHOD library option even if there
were no valid signatures.
LIBDKIM: New DKIM_LIBFLAGS_FIXCRLF which requests that "naked"
CRs and LFs be converted to CRLFs during canonicalization
when signing.
LIBDKIM: Fix bounds checking in dkim_canon_selecthdrs().
LIBAR: Eliminate a possible race condition in ar_dispatcher().
LIBAR: Timeouts passed to select() can't be bigger than 10^8.
Problem noted by S. Moonesamy of Eland Systems.
BUILD: Feature request #SF1876242: Install the filter in EBINDIR
and everything else in UBINDIR.
Note that the changes for the security hole fix were quite large. I tested with
several auth configurations myself and they seemed to work, but it's possible I
left a bug somewhere in there breaking someone's configuration. So make sure to
test that it works after upgrading.
Of course it would be really nice if Dovecot had a proper test suite where
testing all configurations could be automated and run before each release. I've
already started this with my imaptest tool (http://imapwiki.org/ImapTest), but
it only does IMAP tests and a lot of things are still missing. Some help would
be nice here.
* Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd
and shadow if blocking=yes) where user could specify extra fields
in the password. The main problem here is when specifying
"skip_password_check" introduced in v1.0.11 for fixing master user
logins, allowing the user to log in as anyone without a valid
password.
- mail_privileged_group was broken in some systems (OS X, Solaris?)
- IMAP THREAD: Fixed some correctness problems
long. Patch appended to PHP bug 42862, so the fix may be incorporated in
later PHP releases and thus this patch can be reverted.
http://bugs.php.net/bug.php?id=42862
Bump PKGREVISION of php-imap
* mail_extra_groups setting was commonly used insecurely. This setting
is now deprecated. Most users should switch to using
mail_privileged_group setting, but if you really need the old
functionality use mail_access_groups instead.
- mbox: Dropped some of the physical size fetch optimizations added
in v1.0.8. This makes some commands slower, but should fix the rest
of the problems.
- IMAP: SEARCH BEFORE/ON/SINCE didn't handle timezones correctly.
- ldap: auth_bind was doing lookups using subtree scope instead of
the scope specified in config file.
- zlib plugin crashfixes by Richard Platel
- master passdbs: pass=yes setting was broken with blocking passdbs
(e.g. MySQL)
Security fixes in this version:
MFSA 2008-12 Heap buffer overflow in external MIME bodies
MFSA 2008-07 Possible information disclosure in BMP decoder
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.12/releasenotes/
of some log entries have changed since 2.6.3; see UPGRADING.txt.
Also, pkgsrc no longer installs the random extra utilities that are
explicitly marked as unnecessary for spamdyke operation. From the
changelog:
VERSION 3.1.6 -- 2/11/2008
Fixed a serious bug in middleman() -- when the remote server sent its message
data and QUIT command in a burst and disconnected before spamdyke read() all
of the data, the last data returned from read() was printed twice. This
could cause message corruption, especially in the case of attachments.
Fixed a serious bug in middleman() -- when the remote server sent its data
in bursts of 4096 bytes AND there were two lines of text in the data
AND the 4096th character was not a newline AND there was a delay between the
data bursts, memmove()ing the buffered data was causing corruption because
the moved data was not being properly re-terminated. While processing the
remaining buffered data (and waiting for another burst from the remote
server), strchr() would seek past the end of the data to an old newline
character and middleman() would erroneously conclude the next line of data
was complete, ready for processing. Many thanks to Andreas Galatis and
Dragomir Denev for reporting and helping me reproduce this one.
Added a -W flag to sendrecv to introduce a delay between message data bursts.
Added a -o flag to smtpdummy to save the message data to a file.
VERSION 3.1.5 -- 1/22/2008
Fixed sendrecv to correctly process corrupted TLS negotiations instead of
covering up bugs in spamdyke.
Fixed spamdyke to not add garbage output at the beginning of TLS passthrough
negotiations. This was causing SSL handshakes to fail. Thanks to Ronnie
Tartar for reporting this one.
VERSION 3.1.4 -- 1/21/2008
Fixed all of the Makefiles to remove a symbols directory Leopard's gcc seems
to create when compiling in debug mode.
Fixed middleman() to log the timeout message only once.
Fixed middleman() to not expect input from the child process when the child
process' input is being ignored or after the child process has exited.
Fixed middleman() to correctly handle a rare situation -- when the child
process was too slow responding that spamdyke's idle timeout was passed
AND spamdyke was processing TLS data AND there was still data in the SSL
buffer, spamdyke would loop infinitely, consuming 100% CPU. This was a
very tricky bug to find and fix. Thanks to Pablo Gonzalez and Paolo for
reporting this one and helping me debug it.
Fixed middleman() to send message data to the child process line-by-line,
even when the buffer is full.
Added a new test program: smtpdummy. This one simulates an SMTP server and
can add delays after specific commands.
Changed sendrecv to use a 64K buffer for input and output data.
Changed sendrecv to kill the its child process after its timeout expires.
Changed sendrecv to optionally continue sending data in bursts after the end
for the message data. Some mail servers do this.
Changed sendrecv to deliberately send corrupt data while TLS is active.
Changed test regression_009 to build its message payload at runtime instead
of including a 0.75M file. This file was unnecesarily increasing the size
of the spamdyke tarball.
Fixed compiling on Solaris. Again. Thanks to Davide Bozzelli for reporting
this. Again. Sigh.
VERSION 3.1.3 -- 1/3/2008
Fixed the format string LOG_INFO_DNS_TXT to assign the parameters correctly
and prevent bus errors when the DNS response text is long. Thanks to
Stephan Rosenke for reporting this one.
VERSION 3.1.2 -- 12/11/2007
Fixed smtp_filter() to set a flag after some SMTP commands to force
middleman() to wait for input from the child process before proceeding.
Some (nonspammer) mail servers send their data in bursts without waiting for
responses. This was causing spamdyke to skip logging (but not filtering)
if the DATA command was sent in a burst with RCPT TO. Thanks to Sebastien
Guilbaud and Bucky Carr for reporting this one.
Added a "-b" flag to sendrecv to simulate servers that send their message data
(but not their SMTP commands) in bursts.
VERSION 3.1.1 -- 11/12/2007
Added excessive logging to search_domain_directory() to log the directory
search pattern.
Changed all calls to spamdyke_log() to use the macros SPAMDYKE_LOG_NONE(),
SPAMDYKE_LOG_ERROR(), SPAMDYKE_LOG_INFO(), SPAMDYKE_LOG_DEBUG() and
SPAMDYKE_LOG_EXCESSIVE() instead. The macro tests the current log level
without forcing a function call and also paves the way toward eliminating
some logging code at compile-time.
Fixed process_access() to correctly search for the RELAYCLIENT variable in
spamdyke's environment. Thanks to Steve Cole for reporting this one.
VERSION 3.1.0 -- 11/5/2007
Changed the "graylist-dir" and "no-graylist-dir" options to take multiple
directories for servers that are hosting so many domains that they can't
create enough domain folders in one place (wow).
Added minimum and maximum values to all integer options and changed
set_config_value() to generate error messages when values are out of range.
Change usage() to print minimum and maximum integer values.
Alphabetized the option list by long option name and changed
process_config_file() to use a binary search algorithm when identifying
directives, a theoretical improvement from O(n/2) to O(log n).
Changed prepare_settings() to create an array of options indexed by the short
option code. This introduces some constant-time work (O(1)) and greater
memory usage.
Changed process_command_line() to use the indexed array of options,
theoretically reducing command line parsing work from O(n/2) to O(1).
This is a win if the command line has many parameters or if it has
parameters that are near the end of the unindexed option array.
Testing confirms a small performance gain.
Added command line options "config-test-smtpauth-username" and
"config-test-smtpauth-password".
Changed config_test_smtpauth() to run the authentication command(s) if a
username and password are provided. This incorporates the functionality of
checkpassword into spamdyke.
Added the command line option "config-test-user" to change user and group IDs
before running the configuration tests. This makes it easier to simulate
running as the mail server.
Changed process_config_file() and process_command_line() to print errors and
stop when they encounter an option that is not legal in that location. At
the moment, "help", "version", "config-test",
"config-test-smtpauth-username", "config-test-smtpauth-password" and
"config-test-user" are not valid in files; all options are valid on the
command line.
Changed config_test_dir_read() and config_test_graylist() to never examine the
"." or ".." folders, even if readdir() and/or stat() report they are not
folders. Thanks to Paulo Henrique for reporting this one.
Changed set_config_value() to remove trailing slashes from directory paths.
Added test_spamdyke_binary() to check if the spamdyke binary is setuid root
(it should not be).
Renamed test_settings() to config_test().
Moved all of the configuration test functions to config_test.[ch] -- they were
cluttering up configuration.c.
Made a few small updates to the help message text.
Added additional vchkpw exit codes to exec_checkpassword() to explain why
vchkpw exited, since it doesn't follow DJB's published checkpassword API.
Moved md5.[ch] from the "utils" folder to the "spamdyke" folder and updated
Makefile to compile them into spamdyke.
Removed passwordcheck from the "utils" folder since spamdyke now contains its
functionality.
Added a README file to the "utils" folder to answer the biggest FAQ about
those utilities.
Fixed exec_command() to connect the output pipe to the child process's stdin
instead of file descriptor 3. The bug was due to copying
exec_checkpassword() and forgetting to change the value.
Renamed exec_checkpassword() to exec_checkpassword_argv() and changed its
arguments to expect a filename and an argument array.
Added exec_checkpassword() to parse a command string into an argument array
and call exec_checkpassword_argv().
Renamed exec_command() to exec_command_argv() and changed its
arguments to expect a filename and an argument array.
Added exec_command() to parse a command string into an argument array
and call exec_command_argv().
Fixed numerous bugs in exec_command_argv() that were preventing it from
actually gathering any input from the child process.
Changed exec_command_argv() and exec_checkpassword_argv() to always log their
child process errors to syslog, regardless of the user's preferences.
Otherwise, the errors will be lost.
Added the function find_path() to search the PATH for the given command
without executing it.
Changed exec_command_argv() and exec_checkpassword_argv() to use find_path()
to locate the executable before fork()ing to catch typos. The child
processes then use execve() to execute the command instead of exec_path().
Otherwise, the parent has a hard time determining that the child process
quit because the command path was invalid.
Changed exec_command_argv() and exec_checkpassword_argv() not to wait
indefinitely for the child to exit after the timeout expires.
Changed dns_txt(), dns_ptr_lookup() and dns_mx() to limit the total number of
queries they will recursively perform. This is to prevent a DoS situation
where some domain has an unreasonable number of chained (non-circular) CNAME
records. The limit is (arbitrarily) set at 16.
Added the function config_test_child_capabilities() to test the qmail binary
for SMTP AUTH and TLS patches. Depending on what is found, recommendations
for spamdyke flags are made.
Changed check_rdns_keywords() to allow top-level domains (like .com) to be
used as keywords. This allows a way to reject connections from remote
servers with rDNS names that contain the IP address and a two-letter country
code. Unlike check_country_code(), specific country codes can now be
chosen.
Fixed do_spamdyke() not to wait indefinitely for all child processes to exit.
This behavior was causing problems with DJB's recordio because recordio
fork()s and uses its parent process to exec() spamdyke. This is very
unusual. Changing wait(NULL) to waitpid() fixes the problem. Thanks to
Bob Hutchinson for reporting this one.
Added dns_initialize() and dns_get() to perform DNS queries by sending UDP
packets instead of using the resolver library to do it. The resolver
functions are just too slow and they try to do too much unnecessary work.
dns_get() performs multiple requests for records (one for each kind of
desired record) and, if no responses are received, sends requests to the
secondary nameservers as well. Timeouts and retransmission times can now
be controlled. This has resulted in a significant speedup in DNS
resolutions; testing shows as much as a 10x performance increase in some
situations.
Changed dns_txt(), dns_ptr_lookup() and dns_mx() to search all of the answers
for the desired answer type before recursively querying CNAME answers. Some
nameservers always put the CNAME answers first, even if other answer types
are also given. This should allow spamdyke to find answers faster when
domain admins have used a lot of CNAMEs.
Added dns_a() to perform A record queries and changed all uses of
gethostbyname() to use dns_a() instead.
Changed dnsa, dnsmx, dnsns, dnsptr, dnssoa and dnstxt in the "utils" folder to
only perform their specific queries, not ask for CNAME records as well.
Changed dnsa, dnsmx, dnsns, dnsptr, dnssoa and dnstxt in the "utils" folder to
send their own UDP packets instead of using the resolver library.
Added dnscname to the "utils" folder to perform CNAME queries.
Added dnsany to the "utils" folder to perform ANY queries and perform
recursive CNAME lookups.
Added "log-target" option to allow logging to stderr instead of syslog. Some
people apparently like using the qmail-style "multilog" instead of syslog.
I can't understand why but I'm here to serve. Thanks to John Hallam for
suggesting this one.
Changed all of the error messages about unexpected file types to specify what
file type was found -- "non-regular file" was too vague to be useful.
Changed the header in the files created by full logging to include the
spamdyke version.
Changed tls_end_inner() to use SSL_get_shutdown() to see if a shutdown signal
has already been received. If SSL_shutdown() is used on a closed file
descriptor, spamdyke will crash with SIGPIPE.
Changed all instances of read(), write(), SSL_read() and SSL_write() to read
or write as many bytes as possible in each call. This should provide a
significant performance increase. The single-byte read()s and write()s
were only used because I had badly misunderstood the relationship between
select() and read()/write() -- blocking only occurs when select() indicates
a file descriptor is not ready. If it is ready, read() and write() will
handle as many bytes as they can without blocking. Thanks to Trog for
setting me straight on this one.
Rewrote most of sendrecv in the "tests" folder to use a multi-byte read().
Also took the opportunity to make sendrecv much faster and more polite, so
it doesn't consume 100% CPU while waiting for qmail output.
Fixed compiling errors on 64 bit Linux systems (Debian Etch x86_64 and Gentoo
AMD64). Thanks to Juha-Pekka Jarvenpaa and FireBall for reporting this.
Added config_test_file_type() to use stat() to find a file's type if readdir()
either doesn't report it (Solaris) or reports "unknown" for all files (XFS).
Thanks to Paulo Henrique for reporting this one.
Fixed compiling errors on Solaris. Thanks to Limperis Antonis for reporting
this.
Changed the logging severity of the "unable to write X bytes to file
descriptor" to debug instead of error. 99% of the time, the error occurs
because the remote client disconnected unexpectedly and there's nothing
the administrator can do about it anyway.
Changed do_spamdyke() to ignore SIGPIPE signals.
Changed do_spamdyke(), exec_command_argv() and exec_command_checkpassword()
to change the SIGPIPE signal handler back to default for child processes
after fork()ing but before exec()ing.
Added a new logging level: excessive (4). It's to be used for printing very
detailed debugging statements.
Changed process_access() to permit access when no matching lines are found in
the access file. Although DJB's tcprules documentation doesn't explicitly
say so, no matching lines should allow access. Thanks to Steve Cole for
reporting this one.
VERSION 3.0.1 -- 9/12/2007
Fixed "configure" to remove the "_beta1" tag from the version number. That
should never have been published.
Changed usage() to show that optional values to long commands must be
separated by an equals sign. getopt_long() is really becoming a hassle.
Thanks to Richard Kreider for reporting this one.
Fixed find_address() to accept addresses that aren't correctly delimited with
<> characters and/or have multiple (illegal) spaces after the colon. Thanks
to Davide Bozzelli for reporting this one.
Fixed prepare_settings() to set the idle timeout seconds to the correct
variable instead of setting the connection timeout variable. Thanks to
Carlo Blohm for reporting this one.
Fixed smtp_filter() to print the rejection message to HELO and EHLO, even if
those commands appear in an improper place in the protocol.
Fixed smtp_filter() to print the rejection message with an error code in
response to STARTTLS if the command is given in an improper place in the
protocol.
Added some regression tests to find these bugs in the future.
Fixed the usage statement in sendrecv to show the -w flag.
VERSION 3.0.0 -- 9/11/2007
Added command line options never-graylist-rdns-dir, always-graylist-rdns-dir
and rdns-whitelist-dir to search domain directory structures just like
rdns-blacklist-dir.
Added the command line option rdns-blacklist-file to search a file just like
rdns-whitelist-file.
Moved the command line option labels into configuration.c so they can be
shared with the config file parser.
Changed process_command_line() to build the list of short options from the
list of long options instead of hardcoding them. Less maintenance this way.
Modified check_rdns_keywords(), search_file() and search_tcprules_file() to
correctly track line numbers and return the matching line number instead of
just 1.
Changed logging to allow the amount of information to be turned up or down.
This should make spamdyke less chatty in the syslog for small errors.
Modified smtp_filter() and run_tests() to report the matching filename and
line number from check_rdns_keywords(), search_file() and
search_tcprules_file() in syslog if the logging level is high enough.
Fixed find_address() to locate the real email address and ignore BATV tags,
relay paths and bang paths. Thanks to Walter Russo for reporting this one
(again).
Changed middleman() to obey minimums and maximums for the amount of time to
select() for traffic. If spamdyke waits too long, the qmail process might
not get wait()ed for a while, leaving a lot of defunct/zombie processes
around. On a busy server, this could be a problem. Thanks to Jason M for
reporting this one.
Added process_config_file() to process configuration files instead of
requiring all configuration to be done on the command line. At the moment,
the file just uses the same (long option) directives as the command line.
Added test_settings() to run tests on every configuration option and
(hopefully) identify misconfigurations before someone makes them on a live
server.
Added the command line option "config-test" to run test_settings().
Renamed log_writeln() and log_write_rejection() to output_writeln() and
output_write_rejection(), respectively, to make it clearer what they're
doing.
Changed smtp_filter() to allow multiple authentication attempts. Some
clients retry authentication several times, presumably to deal with servers
that can't use the authentication method they prefer.
Changed middleman() to collect (and send) whole lines of input instead of
single characters. Single character write()s were causing problems with
Nagios and Windows clients.
Changed output_write_rejection() to create a single output line and send it
to output_writeln() all at once instead of sending a piece at a time. This
keeps packets together for stupid Windows clients that just can't handle
reassembling TCP packets correctly.
Changed main() to always run spamdyke (as opposed to starting qmail without
spamdyke listening) even if a whitelist is matched. This way, spamdyke
can report all traffic to syslog, not just traffic that _may_ be filtered.
Changed smtp_filter() and middleman() to catch the return codes from qmail
when the remote client gives the recipient address. Now, if spamdyke
doesn't block the recipient command but qmail does (e.g. for relaying),
spamdyke will log the correct message.
Incorporated GNU autoconf to create a "configure" script for spamdyke and the
"utils" folder. The days of "make no_tls" and "make bsd" are thankfully
over.
Renamed all of the test folders to group them by function so it's easier to
see what tests exist. Sequential numbers just weren't working.
Changed dns_mx() to lookup the MX record before returning success. This means
the sender MX filter now requires a mail exchanger record _and_ at least one
mail exchanger must have an IP address. Before, the MX record was enough,
even if there was no corresponding A record.
Changed usage() to read the options and help text from get_spamdyke_options()
in configuration.c so the help message won't ever be out of sync with the
available options again.
Added the command line option "tls-privatekey-password-file" to allow the SSL
private key password to be read from a file instead of the command line.
This way, the password isn't visible to everyone who can view a process
list.
Changed search_file(), search_tcprules_file() and check_rdns_keywords() so
they no longer build their fscanf() patterns into a stack variable but
instead use a literal search pattern assembled at compile time with
STRINGIFY().
Added the command line options "hostname-file" and "hostname-command" to
support reading the local hostname from a file or from a command (e.g.
"hostname -f") instead of forcing it to be specified on the command line.
Changed middleman() and smtp_filter() to always monitor and trust
authentication carried out by qmail, even if "smtp-auth-command" was not
given. This means spamdyke will always disable its filters for
authenticated users even if it can't check the authentication itself.
I'm not sure why I didn't design spamdyke this way in the first place.
Added command line options recipient-whitelist-file and sender-whitelist-file
so specific sender and recipient addresses can bypass the filters. Sender
addresses are very easy to fake and recipient addresses are, of course,
known to spammers, so both of these options are ill-advised. I've only
added them due to popular demand.
Added command line option check-rhsbl to check righthand-side blacklists.
Both the server's rDNS domain name and the sender's email domain name are
checked.
Added command line options check-dns-whitelist and check-rhs-whitelist to
allow DNS RBLs and RHSBLs to act as whitelists instead of blacklists.
Anyone using DNS-based blacklists _and_ whitelists had better have some
seriously fast DNS servers.
Changed dns_txt(), dns_mx() and dns_ptr_lookup() to pass a stack of previous
queries whenever they recursively lookup CNAME records, to prevent a cylical
CNAME structure from leading to infinite recursion.
NOT BACKWARDS COMPATIBLE: Changed the syslog entry format: renamed "origin" to
"origin_ip", added "origin_rdns:" before the rDNS name, added "auth:"
before the authenticated username and added "reason:" before the rejection
reason when a timeout occurs.
Changed process_command_line() to assume the remote IP address is 0.0.0.0 if
the environment variable TCPREMOTEIP is not set.
Added a ton more test scripts for all of the new options and for testing
config files.
Added dnsa, dnsns and dnssoa to the "utils" folder for performing DNS queries
of A, NS and SOA records, respectively. Wouldn't it be AMAZING if the
libc maintainers added standard functions to do these queries?!
NOT BACKWARDS COMPATIBLE: Changed the "flag" options to take optional
arguments instead of simply assuming "true" when the option was given.
Unfortunately, getopt_long() is too stupid to handle them properly, which
means clustered options (e.g. -rRc) can no longer be used. They must be
separated (e.g. -r -R -c). Also, arguments given with the short version
must not be separated by a space (e.g. -l3).
NOT BACKWARDS COMPATIBLE: Renamed the long command line option "use-syslog"
to "log-level".
Fixed middleman() to completely bypass all processing when TLS passthrough is
active. The additional processing was buffering TLS traffic until the data
contained a newline character (purely by coincidence). This buffering was
preventing the passthrough from functioning properly. Thanks to Dominik
Dausch for reporting this one.
mailwrapper sendmail is invoked, rather than finding pkgsrc postfix's
/usr/pkg/sbin/sendmail. Systems not known to use mailwrapper remain
as they were, although they probably have residual similar problems.
(Perhaps mailwrapper support needs to be part of pkgsrc with a
mk/mailwrapper.mk to force inclusion and also set a sendmail
variable.) Discussed with tron@
"courier-gnutls" option/toggle that allows using GNU TLS instead of
defaulting to OpenSSL.
Bump the PKGREVISION of couriertcpd, courier-imap, and courier-mta to 1.
* A "consider new mail as read" action has been added.
* An optional message count has been added over the icon.
* A "Play a sound when new mail arrives" option has been added.
* Passwords are now stored using GNOME Keyring.
* Gmail label support has been added.
* Yahoo! Mail support has been added.
* Windows Live Hotmail support has been added.
* A number of minor issues have been fixed.
* And more, see the NEWS file.
+ Add full DESTDIR support.
+ New "gnutls" option to select between using GNU TLS and OpenSSL.
Default to "ssl".
+ New "wide-curses" option to select between curses and wide-curses
displays. Default to "curses".
* Add/fix GNU TLS support in cone.
The Turba Contact Manager versions H3 (2.2-RC3) and H3 (2.1.7) have been
released. These are security releases that fix unchecked access to contacts
in the same SQL table, if the unique key of another user's contact can be
guessed. All users are encouraged to upgrade to this version.
+ Update courier-maildir and maildrop dependencies to latest (0.58.0 and
2.0.4nb3).
+ Create necessary directories in the rc.d script in a start_precmd.
Bump the PKGREVISION to 2.
include:
+ Add full DESTDIR support.
+ Don't create empty, unused directories under
${PREFIX}/share/examples/courier.
+ Teach mkesmtpdcert generate certificates and keys using the either
GNUTLS or OpenSSL tools.
* Fix a memory stomp in local delivery agent.
* Get rid of the hard 30 minute timeout in sendmail(8).
* Rewrite input processing for submit(8) process to use non-blocking
I/O to read standard input. When the message source is local (or
dsn), get rid of the hard 30 minute timeout, and poll stdin with a
5 minute poll() timeout, at which point the timestamps on all open
control and data files are pinged, to keep courierd from purging
them based on their old timestamp. Continue to use a hard timeout
for all non-local mail.
from courier-0.58.0. Changes from version 4.2.1 include:
+ Teach mkimapdcert and mkpop3dcert to generate certificaties and keys
using either GNUTLS or OpenSSL tools.
* Remove \Draft flag from messages moved to the trash folder upon expunge
from the original folder.
* Make clock-skew check more reliable.
from <URL:http://cr.yp.to/distributors.html>:
What are the distribution terms for daemontools?
2007.12.28: I hereby place the daemontools package (in particular,
daemontools-0.76.tar.gz, with MD5 checksum
1871af2453d6e464034968a0fbcb2bfc) into the public domain. The
package is no longer copyrighted.
What are the distribution terms for djbdns?
2007.12.28: I hereby place the djbdns package (in particular,
djbdns-1.05.tar.gz, with MD5 checksum 3147c5cd56832aa3b41955c7a51cbeb2)
into the public domain. The package is no longer copyrighted.
What are the distribution terms for ucspi-tcp?
2007.12.28: I hereby place the ucspi-tcp package (in particular,
ucspi-tcp-0.88.tar.gz, with MD5 checksum
39b619147db54687c4a583a7a94c9163) into the public domain. The
package is no longer copyrighted.
Am I free to modify uncopyrighted packages and distribute modified
versions?
Yes. But this does not mean that modifications are _encouraged_!
And from <URL:http://cr.yp.to/qmail/dist.html>:
I hereby place the qmail package (in particular, qmail-1.03.tar.gz,
with MD5 checksum 622f65f982e380dbe86e6574f3abcb7c) into the
public domain. You are free to modify the package, distribute
modified versions, etc.
This does not mean that modifications are encouraged!
pkgsrc will strive, as it has, to keep modifications to a tasteful
minimum. This addresses PR pkg/37964 by Aleksej Saushev.
* LIBDKIM: Fix bug #SF1867839: 64-bit portability in rfc2822.c.
Patch from Geoff Adams.
* Update for latest Authentication-Results: header draft.
* Take advantage of some more features that were introduced with
milter v2 in sendmail 8.14.0:
* Report "hardfail" instead of "fail" on authentication failures,
in compliance with the Authentication-Results: draft.
* Fix use of "UseSSPDeny" to include handling of unsigned messages.
* Replace "gentxt.csh" with more robust "dkim-genkey" utility.
And *lots* more (the package in pkgsrc was 2 years+ old)
See RELEASE_NOTES for all the details
* explicitly close current IMAP mailbox when selecting a new one,
so all servers expunge deleted mail. Thanks: Josh Triplett.
* include experimental spec file for creating RPM with rpmbuild.
Thanks: Dag Wieers, Rob Loos, Dries Verachtert.
* convert changelog to utf-8 encoding.
* update email addresses, etc. Domain for mailing lists has changed
to lists.pyropus.ca.
* add FAQ about memory errors on OS X. Thanks: Andres Gasson.
* drop log message level for stderr output of destination if
ignore_stderr is set, just like for filter. Thanks: Jeremy
Chadwick.
* Local feeds (/home/user/file.xml) should work
* Now really compatible with SunOS
* Don't wrap long subject headers
* New parameter CHARSET_LIST to override or supplement the order
in which charsets are tried against an entry
* Don't use blank content to generate id
* Using GMail as mail server should work
- TLS (SSL) support was streamlined further, and provides a new security level
based on certificate fingerprints instead of CA signatures. See TLS_README
for details.
- Milter support was updated from the Sendmail 8.13 feature set and now
includes most of the features that were introduced with Sendmail 8.14. See
MILTER_README for details.
- Stress-adaptive configuration was introduced. This allows the Postfix SMTP
server to temporarily adjust its rules under conditions of overload, such as
a malware attack or backscatter flood. See STRESS_README for details.
[pkgsrc: this obsoletes the "postfix-stress" option which provided the same
functionality via a distribution patch]
- The queue manager scheduler was refined. It now provides per-transport
scheduling controls and allows for adjustment of the sensitivity to mail
delivery (non-)errors. See SCHEDULER_README.
- Security was improved by introducing a Postfix-owned data_directory for
storage of randomness, caches and other non-queue data. This change avoids
future security loopholes due to untrusted data sitting in root-owned files
or in root-owned directories. Writes to legacy files in root-owned
directories are automatically redirected to files in the new data_directory.
No functionality has been removed, but it is a good idea to review the
RELEASE_NOTES file for the usual minor incompatibilities or limitations.
protocol pair. libspf2 is a library which allows email systems such as
Sendmail, Postfix, Exim, Zmailer and MS Exchange to check SPF records
and make sure that the email is authorized by the domain name that it
is coming from. This prevents email forgery, commonly used by spammers,
scammers and email viruses/worms.
pkgsrc change:
* Use INSTALLATION_DIRS
* Update HOMEPAGE.
Since changes are too many to write here, please refer pages linked from News
in http://tmail.rubyforge.org/.
Requested by minskim@ via private mail.
no IPv6 connectivity from the client to that site. Prior to this fix,
the fallback to IPv4 wasn't working properly. (The fix should be in
the next release of libetpan.)
* 2007-09-06: version 1.31
- support CIDR-style addresses in the client whitelist (Claudio Strizzolo)
- improve logging of unresolveable hosts (Adrian von Bidder, Heiko
Schlichting)
- updated whitelist
- fix unix socket permission issues (Martin F Krafft, Adrian von Bidder,
Leos Bitto, Debian bug #376910)
- fix regexps for matching hosts in whitelists (Antonello Nocchi)
- do maintenance after the current request and not before (Clifton Royston)
next stable release (expected by the end of January). Experimental releases
are now labeled 2.6-* but we'll track the 2.5.0 release candidates for now and
switch to 2.6 snapshots later.
Lots of changes, see HISTORY/RELEASES_NOTES for details.
Ok with martti.
default (this doesn't actually depend on Dovecot for building, the code is
shipped with Postfix).
Set the default value for smtpd_sasl_type to "dovecot" unless cyrus SASL is
enabled, too. This ensures backwards compatibility for most cases.
Ok with martti, joerg.
* Add preliminary DKIM support.
* Bugzilla 592: --help option is handled incorrectly if exim is invoked
as mailq or other aliases. Changed the --help handling significantly
to do whats expected. exim_usage() emits usage/help information.
* Added the -bylocaldomain option to eximstats.
* Bugzilla 619: Defended against bad data coming back from gethostbyaddr
* Bugzilla 613: Documentation fix for acl_not_smtp
* Bugzilla 628: PCRE update to 7.4 (work done by John Hall)
(disabled by default). This functionality will be included in Postfix 2.5 but
has been proven very succesful on the mailing lists so Wietse provided a patch
for Postfix 2.3 and 2.4.
See http://www.postfix.org/STRESS_README.html#adapt for configuration details.
Pkgsrc changes:
- none
Changes since version 0.29:
===========================
Version 0.30 - released 2008-01-10
* includes speed-up optimizations by Mark Martinec
* DomainKeys, implement proper identity matching...
a DomainKey-Signature's domain should match the From/Sender address
* several more test cases
* API improvements:
* accept additional arguments when creating Signer/Signature
* bugfixes:
* DomainKey-Signature headers were not "prettified"
* granularity ending with '*' was not checked correctly
* DomainKey-Signature granularity was checked against the wrong value
Pkgsrc changes:
- Due to "user-destdir" mode not working yet switched to "destdir" mode
for the time being.
- Explicitly listed licence information.
- Listed submitted bug identifiers for patch-ba and patch-bc.
Changes since version 3.2.3:
============================
3.2.4 is a major bug-fix release, with a few minor new features. Summary of
changes:
- bug 5599: allow load distribution of SA nameserver queries across all
nameservers listed in resolv.conf, using 'dns_options rotate'. thanks
to Pawel Sasin <hannibal /at/ wp-sa.pl>
- bug 5673: 'ALL' header was including spurious extra spaces between header
names and values. fix
- bug 5594: several major sa-compile fixes. major increase in overall speed;
cache results between runs to further increase speed; and fix a danger of
massive memory usage
- bug 5556: fix a variety of sa-compile portability issues, and support for
5.6.x perls
- bug 5514: make 'score set for a non-existent rule' a debug message, instead
of a lint warning, since it's a very frequent FAQ
- bug 5493: sa-compile fails to correctly deal with escaped backslashes. fix
- bug 5672: remove DNS_FROM_SECURITYSAGE (DNSBL lookups against
securitysage.com) due to unreliability
- bug 5476: update Bonded Sender (now Sender Score Certified) rules, and add
a rule for their strictly-confirmed-opt-in-required zone
- bug 5538: remove FORGED_MUA_AOL_FROM and FORGED_AOL_TAGS entirely; they're
obsolete, given the current capabilities of AOL mail user agents
- bug 5632: remove all completewhois.com DNSBL lookups, site seems to have
disappeared without warning
- bug 5715: allow for more than one sa-update MIRRORED.BY file host in DNS,
for redundancy
- bug 5662: DKIM changes: recognize author signature and multiple signatures
for whitelisting (with Mail::DKIM 0.29); disable useless
"check_dkim_signsome"; new eval rules "check_dkim_valid_author_sig" and
"check_dkim_valid" (an alias for a "check_dkim_verified" misnomer); new
tags _DKIMIDENTITY_ and _DKIMDOMAIN_; updated terminology; verification
speedup with Mail::DKIM 0.30 (or its pre-releases)
- bug 5696: sa-compile: cut regexp base strings at Unicode high codepoints,
to avoid corruption of patterns containing UTF-8
- bug 5637: bayes_file_mode is handled incorrectly when creating bayes.mutex,
resulting in incorrect permissions on that file; fix by Mihaly Barasz
- bug 5612: DB_File version 4.2.x has a bug that loops infinitely if files
named '__db.{filename}' are present; work around. thanks to J. Nick
Koston for the report and fix
- bug 5606: too-early init_learner() call causes root's user prefs file to
be read when spamd is started; this is inappropriate. fix
- bug 4179: if allow_user_rules is 1, user rules are not unique to each
user; one user's user rules can appear in later scans for other users
that are run using the same spamd process. fix
- bug 5680: ALL_TRUSTED can fire if a trusted MSA or webmail system receives
the message from an untrusted X-Originating-IP: header. fix
- bug 5626: in the 'spamassassin' script, install a signal handler for SIGHUP,
SIGINT, SIGTERM and SIGPIPE to ensure that temporary files are removed
- bug 5557: some temporary files are left not cleaned up on Windows; fix
- bug 5661: speed up Bayes SQL queries by allowing the use of indexes when
expiring
- bug 5611: support 'spamd --nouser-config -u username', which setuids to
'username' but does not read user_prefs files from anywhere
- bug 5665: spamd may fail to notice that a child has completed exiting,
and keeps in the child list in state 'K', eventually filling up the
child list with 'ghost' children. fix
- bug 5735: spamc should allow retry_sleep 0
- bug 5728: spamd: require -u with --sql-config or --ldap-config
- bug 5682: remove FH_HOST_ALMOST_IP, FH_HOST_EQ_D_D_D_D, due to false
positives and redundancy with RDNS_DYNAMIC; remove FH_HOST_EQ_D_D_D_DB
due to no hits
- bug 5681: look up IP addresses found in 'X-Yahoo-Post-IP' and
'X-SenderIP' headers, too, thanks to Martin Blapp
- Bug 5589: Refined async events handling and DNS lookup completions
- bug 5586: RDNS_NONE has false positives if the MTA doesn't put the hostname
in the Received header, like Communigate Pro. add an exception for this
- bug 5748: fix locale problem with use of external sort in sa-compile
# Several GUI improvements
The colour preferences have been split into tabs.
Improve the way 'Find in current message' search results are
shown by vertically centering the selected text in the
Message View.
Improvements to the 'List URIs' dialogue.
Filtering/Processing Match Type dialogue has been reworked.
Several other layout improvements.
# Several address book improvements
Added Custom Attributes, which can be edited from
'/Tools/Edit custom attributes...' and are used from the
'Name' drop down list on the 'Edit Person Details' dialogue.
Always add a new contact if any value is set, instead of
silently rejecting it when an email address is not set.
Better guessing of contact name from incomplete name
information.
Better display of contacts that have no name set, in contact
lists, group contents, find duplicate results.
Error messages don't show in the status bar anymore, alert
panels are used instead.
Several other GUI improvements.
# Added optional Tooltips to the Message List. This is enabled by the
'Show tooltips' option on the '/Display/Summaries' Preferences page
and is only possible with GTK+ >= 2.12
# Much improved handling of Return Receipts, both outgoing and
incoming.
# Added the option to use the system defaults for External Programs
preferences on the '/Message View/External Programs' page.
# Added "select first email in list" to the list of possible
selections in the 'Set default selection on entering a folder'
options on the '/Display/Summaries' preferences page.
# IMAP: Added IMAP tags support. (Note: 'Bandwidth-efficient' mode
prevents fetching of tags.)
# IMAP: Optimised flag handling and message copying.
# Improved printed page layout for built-in GTK+ printing
Bold fonts are now used where appropriate and a demarcation
between header and body has been added.
# Optimised filtering on flags/tags changes.
# MAEMO: Added LED flashing for new mail alerts
# MAEMO: Made all of the left of column in the Folder List a hotspot
for expanding/collapsing the tree.
# Updated translations: Brazilian Portuguese, French, German,
Hungarian, Italian, and Spanish
Pkgsrc changes:
- none
Relevant changes since version 0.28:
====================================
Version 0.29 - released 2007-11-08
* verifiers can now access all parsed signatures and their results,
not just signatures that were fully tested
* signer policies can now specify what private key file to use
* some other minor API improvements
* bugfixes:
* for DomainKeys signatures, fixed a compatibility issue handling
the h= tag
* for DKIM, signature expirations had been ignored
* for DKIM, signature identities did not have to match the domain
* for DKIM, public key granularity field had been ignored
Based on packaged by URA Hiroshi in pkgsrc-wip
and Tetsuya Isaki via private mail.
IM provides a series of user interface commands (imput, imget, imls, ...)
and backend Perl5 modules to integrate E-mail and NetNews user interface.
They are designed to be used both from Mew version 1.x and on command line.
* The encoding method of MIME headers is now determined by outgoing
encoding rather than the value of MB_CUR_MAX.
* The memory leaks and warnings in LDAP search were fixed.
* The beep on folders with one message when using GTK+ 2.12 was removed.
* Win32: The crash that occurred when trying to display some TIFF files was fixed.
* Win32: Settings are now automatically saved on the shutdown of system.
v1.0.8 and v1.0.9 were a bit bad releases. Hopefully one day I've managed to
have written a proper test suite which can be run before doing any releases..
* Security hole with LDAP+auth cache: If base setting contained
%variables they weren't included in auth cache key, which broke
caching. This could have caused different users with same passwords
to log in as each other. [pkgsrc: this was fixed in dovecot-1.0.9nb1]
- LDAP: Fixed potential infinite looping when connection to LDAP
server was lost and there were queued requests.
- mbox: More changes to fix problems caused by v1.0.8 and v1.0.9.
- Maildir: Fixed a UIDLIST_IS_LOCKED() assert-crash in some conditions
(caused by changes in v1.0.9)
- If protocols=none, don't require imap executables to exist
There are three types Mozilla mirrors.
(http://www.mozilla.org/mirroring.html)
* mozilla-current
contains only the current version of Firefox and Thunderbird
* mozilla-release
contains Firefox, Thunderbird, and Sunbird releases
* mozilla-all
complete archive
Define following variables for mozilla master sites:
MASTER_SITE_MOZILLA_ALL = mozilla-all
MASTER_SITE_MOZILLA = mozilla-release
and change some packages to use appropriate variable.
Update contents of MASTER_SITE_MOZILLA with master and primary mirrors
taken from http://www.mozilla.org/mirrors.html and add some sample definitions.
This release provides various bugfixes, optimisations and improvements
to the scanning engine. The new features include support for ARJ and
SFX-ARJ archives, AutoIt, basic SPF parser in clamav-milter (to reduce
phishing false-positives), faster scanning and others (see ChangeLog).
To get a consistent behaviour of the anti-phishing module on all platforms,
libclamav now includes the regex library from OpenBSD.
This package is DESTDIR ready.
libSieve 2.2.6
--------------
- Fix for bracketed comments (thanks to Daniel Shahaf).
- More graceful handling of malformed addresses (thanks to Paul Stevens).
- Return header and address errors separately from script parse errors.
(pkgsrc notice: we were using the original, known-to-be-good 1.4.12
distfile so all your servers should be fine)
Due to the package compromise of 1.4.11, and 1.4.12, we are forced to
release 1.4.13 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the
package alterations introduce a high risk security issue, allowing
remote inclusion of files. These changes would allow a remote user the
ability to execute exploit code on a victim machine, without any user
interaction on the victim's server. This could grant the attacker the
ability to deploy further code on the victim's server.
We *STRONGLY* advise all users of 1.4.11, and 1.4.12 upgrade
immediately.
While here, pkglint clean and add DESTDIR support.
This is strictly a maintenance release. No new functionality was added.
Changes since 2.2.8-rc1
none
Bugs fixed since 2.2.7
0000655: [Database layer] MIME headers are incorrectly parsed into cached tables (paul)
0000656: [Command-Line programs (dbmail-users, dbmail-util)] dbmail-export: bogus date in "From_" lines (paul)
+ Maildir: Don't wait on dovecot-uidlist.lock when we just want to
find out a new filename for the message.
- mbox: v1.0.8 changes sometimes caused FETCH to fail with
"got too little data", disconnecting the client.
- Fixed a memory leak when FETCHing message header/body multiple
times within a command (e.g. BODY[1] BODY[2])
- IMAP: Partial body fetching was still slow with mboxes
- USER_DESTDIR support added
- new maintainer for the package
- ok'ed by rillig
Changelog:
version 2.02: Fri Nov 30 09:57:48 CET 2007
Fixes:
- Mail::Internet uses Mail::Util::mailaddress, which is
not exported by default.
rt.cpan.org#31082 [Dave], rt.cpan.org#31070 [Friedrich Haubensak]
and [Slaven Rezic]
Improvements:
- use 3-arg open() in Mail::Util.
rt.cpan.org#20726 [Steve@sliug] and [Paul@city-fan]
version 2.01: Wed Nov 28 10:48:24 CET 2007
Changes:
- Remove work-around for Perl 5.8.0. unicode bug from
Mail::Address::_extract_name().
Result of rt.cpan.org#30661 [Josh Clark]
- Requires on Perl 5.8.1 minimum
Fixes:
- Mail::Mailer::testfile now also shows Cc destinations, the
setting of 'outfile' now works, and it will produce an error
when the data cannot be written. All thanks to [Slaven Rezic]
version 2.00_03: Tue Sep 25 12:27:28 CEST 2007
- folding of header fields sometimes ended prematurely.
Reported by [Anthony W. Kay]
- add $sender as 4th argument to Mail::Mailer::*::exec() where
missing. Discovered by [David Hand]
- add Date::Format and Date::Parse to Makefile.PL.
version 2.00_02: Sat Jul 21 12:29:20 CEST 2007
- parts of the documentation were lost, discovered by [Ricardo Signes]
- rt.cpan.org #28093 smtp timeout
check for local mail server can have short timeout.
Patch by [Alexandr Ciornii]
- rt.cpan.org #28411 syntax error in Mail::Mailer::smtp
reported by [Andreas Koenig]
version 2.00_01: Wed Jun 20 14:42:35 CEST 2007
- reorganized installation of MailTools, in a modern way. This
may break installation on very old releases of Perl.
- added t/pod.t
- restructured most code, no functional changes.
- added and cleaned a lot of documentation, using OODoc to
generate nice manuals in POD and HTML.
- extracted Mail::Field::Generic from Mail::Field
- added misteriously missing Mail::Field::AddrList::addr_list()
NOTE: includes a critical bug fix in the attachment handling
- Enabled user selection of address format when adding from address
book during message composition.
- Fixed issue with adding attachments in PHP 4.x environments (#1805471).
- Backport size setting on "newmail" popup window.
- Added a "short_open_tag" configuration test.
- Undefined notice in error message box when no default folder prefix is set.
- Undefined index error when downloading. Possibly caused by using tabs and
opening multiple mailboxes.
- PAGE_NAME might not be defined in all plugins, which might cause a
"not defined" error on session timeouts.
- Fixed outgoing messages to allow addresses such as "0@..." or "000@...",
etc. (#1818398).
- Fixed issue with in-reply-to and reference headers not being retained on
reply (#1810659).
- Revived logout_error hook (#1800015).
- Allow custom session handlers to work correctly (and be defined at the
application level with SquirrelMail).
- Fix off-by-one in bodystructure parsing triggered by servers sending
a body location part (e.g. Sun Java System Messaging Server). Thanks
John Callahan (#1808382).
- Invalid initialization of To: header (#1772893).
- Includes cleanup in include/validate.php.
- Cleanup in multiple files to remove unneeded includes.
- Added sort by size (#812233 and #159997, plus multiple list requests).
Patch provided by Christopher E. Brown.
- Fix bug in sitewide SMTP settings still using authenticated user, rather
than configured settings (#1835942).
- Fixed mailto: functionality.
- Added mailto: link handling when viewing messages.
- Handle PHP's insistence on setting the value to 'deleted' for destroyed
sessions
Release notes:
* Fix make clean target in dfasyn/ (Benj. Mako Hill)
* Limit number of messages that are examined when an end boundary is
missing in an mbox (Chung-chieh Shan)
* Avoid examining . and .. when traversing MH folder hierarchy (Steven Lumos)
* Fix various bugs in the name/value parser
* Add some RFC2231 support to the name/value parser (continuations)
* Fix indexing when existing database only contains 1 message
Add commented out LICENSE line (gnu-gpl-v3).
From ChangeLog:
Version 1.0.12:
- Gnulib update to 2007-11-27.
- Don't count already retrieved messages twice. This fixes a segfault when
only_new is off and header or size filtering is on. The bug was introduced in
the previous change; no released version is affected.
- If a filter decides to delete a mail, then additionally mark it as
retrieved. This prevents to filter the mail again in a later session when
the 'keep' option is set.
- Fix default UIDLS file on the W32 platform: Use '\' as directory separator,
not '/'. Reported by Ricky Thomas.
Version 1.0.11:
- Update the license of the source code to GPLv3 or later, and change the
license of the documentation to the GFDLv1.2 or later.
- Gnulib update to 2007-07-15.
- Add new option -Q / --half-quiet to print only status information but no
progress information. Suggested by Dimitrios Apostolou.
- Set the default timeout to 180 seconds = 3 minutes. This prevents sessions
from hanging forever. Suggested by Dimitrios Apostolou.
- Make the POP3 commands UIDL, LIST, and DELE abortable. This is useful for
mailboxes with many thousand mails.
- Update the UIDL state after mail retrieval, and save this state in case of
errors in DELE or QUIT. Only update the UIDL state again after successful
DELE and QUIT, and then save this state. This prevents an incorrect UIDL
state if the DELE commands are aborted, for example. Bug reported by
Dimitrios Apostolou.
Version 1.0.10:
- Fix UIDL handling: the first character of UIDs was ignored.
- Improve APOP timestamp checks. Thanks to Carlos Martín Nieto for a
discussion of this.
- Add documentation on how to find the right CA certificate for
tls_trust_file. Thanks to Bryan Kam for suggestions.
- Improve the documentation for TLS vs. SSL and STARTTLS vs. POP3-over-TLS.
Thanks to Carlos Martín Nieto for suggestions.
- Update the spanish translation (Carlos Martín Nieto).
Version 1.0.9:
- Require either tls_trust_file or tls_certcheck=off for TLS sessions, so that
mpop is not silently vulnerable to man-in-the-middle attacks.
- Gnulib update 2007-04-07.
- Protect against the man-in-the-middle attack on APOP authentication as
described in CVE-2007-1558. This is done by doing sanity checks on the
APOP timestamp in the server greeting.
However, this probably makes attacks only harder. It will not make them
impossible. Therefore, APOP authentication is never used automatically
anymore unless TLS is active.
- Do not use NTLM authentication automatically anymore unless TLS is active.
NTLM is not an open standard and must therefore be considered broken.
Version 1.0.8:
- Move build-aux files to separate directory build-aux.
- Gnulib update 2007-03-19.
- Improve and generalize workaround for pop.gmail.com RFC violations. This
enables automatic pipelining support for pop.gmail.com and some other
servers.
- Provide a hstrerror() function for systems that lack getaddrinfo() (so that
gethostbyname() must be used instead) and that do not provide hstrerror()
themselves. Needed for Solaris 2.6. Reported and tested by Chris Green.
* VERSION 5.425 RELEASED
* (bugfix) A stub for MIME::Parser's tmp_recycling() method has been
re-added to preserve compatibility. Since recycling of tempfiles
never worked and has been removed, any code calling tmp_recycling()
should stop attempting to use the feature.
* VERSION 5.424 RELEASED
* (bugfix) [rt.cpan.org #29864] - lines in $entity->body() should be
newline-terminated.
+ Authentication: Added "password_noscheme" field that can be used
instead of "password". "password" treats "{prefix}" as a password
scheme while "password_noscheme" treats it as part of the password
itself. So "password_noscheme" should be used if you're storing
passwords as plaintext. Non-plaintext passwords never begin
with "{", so this isn't a problem with them.
- IMAP: Partial body fetching was sometimes non-optimal, causing
the entire message to be read for every FETCH command.
- deliver failed to save the message when envelope sender address
contained spaces.
- Maildir++ quota: We could have randomly recalculated quota when
it wasn't necessary.
- Login process could have crashed after logging in if client sent
data before "OK Logged in" reply was sent (i.e. before master had
replied that login succeeded).
- Don't assert-crash when reading dovecot.index.logs generated by
Dovecot v1.1.
- Authentication: Don't assert-crash if password beings with "{" but
doesn't contain "}".
- Authentication cache didn't work when using settings that changed
the username (e.g. auth_username_format).
actually need them at all. Add a "fam" option to cone which allows
it to be notified by the OS about changes to local Maildirs. Bump
the PKGREVISION to 1.
v2.1.5
------
[mjr] Fix some fatal errors caused by the IMSP driver when deleting certain
contacts and while adding contacts to lists in certain cases.
[mjr] Fix adding contacts to a new contact list in a source other than the
source the contacts being added are from.
[jan] Fix paging through search results from another than the default address
book (Bug 5137).
[cjh] Fix copy/moving contacts to a new contact list (Bug 5144).
v4.1.5
------
[cjh] Lower memory usage when downloading folders (Andrew Morgan
<morgan@orst.edu>).
[mms] Fix detection of default namespace information when no namespaces are
defined on the server (Bug 5538).
[mms] Don't lose message bodies when moving messages to trash when over quota
(Bug 5470).
[cjh] Remove unused defaults in Fetchmail_imap (Bug 2799).
[jan] Fix empty folder name appearing on Cyrus and servers with similar
namespaces (Bug 5138).
[jan] Only show reply options in iCalendar viewer if a reply is requested.
[cjh] Remove non-responsive www.keyserver.net and wwwkeys.pgp.net from
PGP options (Bug 5323).
[jan] Fix moving messages when over quota on Dovecot servers (Bug 5270).
[jan] Fix parsing of certain distribution lists (Bug 5134).
[mms] Fix rare occurrence where an action perfomed on the mailbox screen would
instead be performed on the INBOX (Bug 5202).
[mms] Don't show save attachments prompt in compose screen if configured to
automatically link all attachments (Request 5189).
security problems:
- MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
- MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
Cone is a text-based mail client. Cone seamlessly handles multiple
POP3, IMAP accounts, and local mail folders. Cone is also a simple
newsreader. Cone's interface is foolproof enough to be used by
inexperienced users, but it also offers advanced features for power
users. Cone also serves as a platform for development of a new
experimental network mail access protocol, SMAP, that offers additional
functionality not available with IMAP or POP3.
SQLgrey is a postfix policy service implementing a greylisting policy. It is
written in Perl and uses DBI to access an SQL database. Its goal is reducing
the SPAM reaching user mailboxes.
This should make the pkg build again, and resolve PR pkg/37354
by Jan Danielsson.
(I verified that the pkg installs fine and that I get an "exchange
server" dialog in evolution. I couldn't test against an exchange
server however -- would be nice if someone did it.)
- Improved the documentation for -Y. (Thanks to Justin Gombos
for the suggestion.)
- Dropped tzip support in Mail::Mbox::MessageParser
- Added -L flag to follow symbolic links. (Thanks to Peter Teuben
for prompting the idea.)
- Fixed grepmail so that it works with Mail::Mbox::MessageParser 1.5000
(Thanks to Paul for the bug report, and Alexey Tourbin for the fix.)
- Fixed testspeed.pl to properly call report() instead of get_report() on new
versions of Benchmark::Timer
New message parser (less memory consuming)
Works with PHP safe_mode
Create valid HTML
New LDAP integration
Search for contacts
Improve message compose screen
IPv6 Compatability
Improved XHTML validation
Identify mailboxes case-sensitive
Lowered status message time from 5 to 3 seconds to improve responsiveness
See http://trac.roundcube.net/wiki/Changelog for all the details
Changelog includes:
! --enable-exact-address works again
+ $message_cache_clean (clean cache on sync)
+ %P expando for $pager_format
Improved autoconf code for bdb
Large file support for mutt_pretty_size()
bugfixes
"--enable-inet6" or "--disble-inet6 anymore and decides automatically
whether to enable IPv6 support.
Pointed out by Matthias Andree in private e-mail.
This switches to the new gnome-2.20 branch.
pkgsrc change: require the "time/zonetab" pkg on NetBSD. The zone.tab
file is needed for the "ical" stuff to work correctly.
netbiff is a mail notification utility, like the traditional
xbiff, but designed to handle multiple mailboxes. It can provide
a graphical interface and/or execute shell commands when new
mail is received.
netbiff is the main interface program. It reads a configuration
and communicates with several backend mail checkers. It uses
either GTK or a terminal to display messages to the user.
netbiffd-imap checks for mail on an IMAP connection. It supports
checking multiple folders, and can connect using TCP, SSL,
or an SSH tunnel.
netbiffd-file checks for updates to a specific file using its
mtime field. The behavior is identical to the original xbiff.
* Honor PKG_SYSCONFDIR and VARBASE.
* Added sqlite and ldap option.
* Fixes PLIST when db driver != mysql.
* Install more documentation.
* Install initial create tables sql script files.
* Rename timsieved's rc script to similar name with other scripts.
Bump PKGREVISION.
