* Many cosmetic improvements to watch-multiple-mimedefangs.tcl
* Fix md_get_bogus_mx_hosts so it checks A records iff a domain has
no MX records.
* Add a forward declaration of rebuild_entity to avoid warnings on
recent Perl versions.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
* A new action_add_entity function has been added.
* Deprecated defined(@array) construct has been removed.
* New load1 md-mx-ctrl command summarizes load in a more useful format than load
* watch-multiple-mimedefangs.tcl has been overhauled.
* Various other bugfixes and documentation cleanups.
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
* A new -G option causes files created by mimedefang to
be group-readable and sockets to be group readable/writable.
* The multiplexor snoops in on communications and saves the
Sendmail queue-ID for logging purposes. It logs the queue ID when
logging a slave's STDERR.
* MIMEDefang passes along the client port number, server IP address
and server port number to all filter functions. This feature was
sponsored by Scayl.
* In mimedefang.c, truncate overlong responses from the multiplexor. Also sanitize replies so "\r" doesn't get fed to smfi_setmlreply.
* If a slave process replies with a very long reply, have the multiplexor consume (and discard) the excess input so the multiplexor-to-slave protocol does not become de-synchronized.
* When mimedefang becomes a daemon, have it wait for a "go/no-go" message from the child before exiting. This should eliminate race conditions whereby the MTA starts before the milter socket is present.
* Avoid run-time errors from Unix::Syslog on some platforms.
* Restores compatibility with Postfix (which was broken in 2.70).
* Properly fixes signal-handling in child processes. 2.70 included a partial fix,
but signal-handling would break if you ran md-mx-ctrl reread.
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.
sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
PERL_SET_CONTEXT after forking or Perl gets confused.
In particular, setting signal-handling dispositions using
$SIG{FOO} = sub { ... } breaks.
* Clarify wording of mimedefang-filter man page.
* Remove obsolete code that used to attempt to generate working
directory names. Deactivate the no-longer-needed "-M" mimedefang
option.
* Add new "-y" option to mimedefang-multiplexor. This limits
the number of concurrent "recipok" commands on a per-domain basis.
* Remove Anomy::HTMLCleaner support.
* use MIME::Parser::Filer's ignore_filename() call instead of
subclassing to override evil_filename(). Same effect, less code.
* refactor resend_message_one_recipient() to use
resend_message_specifying_mode() instead of reimplementing it.
* header_timezone() now generates a strictly RFC2822-compliant timezone
string without needing POSIX::strftime()
* Ensure that decode_mimewords() is called in scalar context.
* Detect Sys::Syslog vs. Unix::Syslog at run-time
rather than when running ./configure.
* Bug fix: Don't change Content-Disposition to "inline" by default.
This was causing weird bugs with Outlook iCalendar attachments.
* Various crash fixes.
* Make relay_is_blacklisted and relay_is_blacklisted_multi handle
IPv6 addresses.
* Make the C code call smfi_setmlreply if the milter library supports it
and the Perl code returns a multi-line reply.
(And take over maintainer)
Release 2.67 adds the following features since 2.65 (there was no public
2.66 release):
* The ability for mimedefang-multiplexor to use poll rather than select.
This removes the FD_SETSIZE limit on the number of file descriptors
the multiplexor can handle.
* Support for FPROTD version 6 daemonized virus scanner.
2.65
There is only one change since 2.64: An error in the way the embedded
perl interpreter was initialized has been fixed. This fixes problems
on the Debian HPPA architecture and possibly others.
2.64
This is a minor bugfix release;
* Add support for NOD32 command-line scanner
* Add support for Sophos "savscan" scanner
Changes since 2.62:
* mimedefang-multiplexor.c: Relax the umask when creating the unprivileged
socket ("-a" command-line option.)
* mimedefang.c(eom): If we do not have a queue ID yet, try to obtain one
in eom. This is designed to improve operation with Postfix, which does
not assign a queue ID until after the first successful RCPT. Based on a
patch from Henrik Krohns.
* examples/init-script.in: Added MD_SKIP_BAD_RCPTS init script option
(suggested by John Nemeth)
* Remove support for OpenAntivirus. It's a dead product.
* mimedefang.pl.in(spam_assassin_status): Call $mail->finish() to prevent
temporary files from accumulating.
* redhat/mimedefang-init.in: Add configtest routine to check filter
syntax.
Changes since 2.61:
* A new "change_sender" action lets you change the envelope sender. Only
works with Sendmail/Milter 8.14.0 and newer!
* Clam interface code has been fixed to work properly with ClamAV 0.90
and later.
* Other minor improvements and bugfixes.
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
includes patch to work with clamav 0.90 and newer.
Changes since 2.59:
* SECURITY FIX: Versions 2.59 and 2.60 contained a programming error
that could lead to a buffer overflow. This is definitely
exploitable as a denial-of-service attack, and potentially may
allow arbitrary code execution. The bug is fixed in 2.61.
* If a message is going to end up being rejected,
discarded or tempfailed, we don't bother carrying out requests
to add/delete/modify headers or recipients, change the message
body, etc.
* mimedefang.c: Fix filter registration so MIMEDefang works
correctly against libmilter from Sendmail 8.14
Changes since 2.58:
* A new "watch-multiple-mimedefangs.tcl" tool that lets you keep an eye
on a cluster of MIMEDefang scanners.
* Fixes to the build scripts that should eliminate build problems on
Intel/AMD 64-bit architectures.
* mimedefang generates the COMMANDS file more safely and more efficiently.
* Various other minor improvements and bug-fixes.
Changes since 2.57:
* Various minor bug-fixes, including a memory leak.
Changes since 2.56:
* Various minor bug-fixes
* New md-mx-ctrl hload command shows load over past 1, 4, 12 and 24 hours.
* New multiplexor scheduling algorithm tries to keep a given command on a
given set of slaves.
INSTALL/DEINSTALL script creation within pkgsrc.
If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts. If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:
INSTALL_SRC= ${PKGDIR}/INSTALL
DEINSTALL_SRC= # emtpy
As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts. By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).
In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework. The only public variables relating to the templates are:
INSTALL_SRC INSTALL_TEMPLATE
DEINSTALL_SRC DEINSTALL_TEMPLATE
HEADER_TEMPLATE
The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.
Changes 2.56:
An off-by-one error in the multiplexor that could restart slaves
unnecessarily was fixed. Compilation errors on some systems were fixed.
A handful of other minor bugs were fixed.
Changes 2.55:
A new option allows you to reserve some slaves for connections from
localhost; this helps clientmqueue runs to succeed on busy servers.
Modern Vexira anti-virus scanners are supported; versions older than
Spring 2005 are no longer supported. A new "filter_helo" callback lets
you take action in response to HELO/EHLO. A new "action_insert_header"
function lets you prepend headers (rather than just appending them).
A new function lets you reject mail from hosts with bogus MX records;
for example, MX records that resolve to private IP networks or the
loopback address.
allows the user to define DEFANG_USER and DEFANG_GROUP in the
MAKECONF file. Fixes PR 32540.
- Added the configurable variables to BUILD_DEFS, so that they are shown
during the build process.
- Bumped PKGREVISION.
Changes 2.54:
a few minor enhancements and fixes.
Changes 2.53:
mostly work around bugs and deficiencies in third-party packages
commonly used with MIMEDefang.
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
Changes in 2.52
* mimedefang.pl.in (item_contains_virus_fprotd): Remove all references
to $` and $', which can SIGNIFICANTLY slow down Perl regexp matching.
* mimedefang.c(mfconnect): Do not call set_dsn from mfconnect, because
the Milter API specifies that you can't call smfi_setreply from the
connect callback.
* mimedefang-filter.5.in: Document the fact that filter_relay
cannot set the text of the SMTP reply code.
* mimedefang.pl: We don't detect and load Perl modules until
the detect_and_load_perl_modules() function is called.
*** NOTE INCOMPATIBILITY ***
You *MUST* call detect_and_load_perl_modules() inside your filter
before you can rely on the %Features hash being set correctly,
and before you can rely on SpamAssassin being loaded!!!
Changes in 2.51
Note: There was no public 2.50 release; the 2.50 version was a
private release that was available only with CanIt.
* Added "-q" option to mimedefang. This permits the multiplexor
to queue new incoming connections. It may make higher utilization
of slaves and improve throughput.
* ESMTP arguments in MAIL FROM: and RCPT TO: are now available
to the Perl filter. See the mimedefang-filter(5) man page for
details.
* Documentation fixes: We don't refer to non-multiplexor mode
any more, because that mode hasn't been available for ages.
* The "tick" facility has been enhanced to permit multiple tick
types. At any given instance, only one tick of a given type
can be active, but ticks of different types can be active at
the same time.
* Log a warning if a message has more than one Subject: header.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
Changes in 2.48:
This is a bugfix release for 2.46 and 2.47, which contained several
embarrassing bugs.
Changes in 2.46:
This release has a mechanism for Perl slaves to report back their status
to the multiplexor. This allows you to see exactly what each scanning
slave is doing at a given point in time. This release also features
support for the "csav" virus-scanner from Command Software, and better
support for Trend Micro's command line scanner. The algorithm that
reconstructs MIME messages after modification is greatly improved and
avoids creating useless multipart containers with only a single sub-part.
A few smaller changes fix minor bugs and tighten up security.
Changes in 2.45:
The multiplexor has a new "-a" option to allow non-privileged users to
run a restricted set of status commands. "watch-mimedefang" has been
completely revamped and gives a lot of useful information about email
server load. It can monitor a remote server over an SSH tunnel. The
notification facility has two new messages, indicating a busy timeout and
the unexpected death of a Perl slave. There is a new set of RBL functions
that perform parallel DNS lookups to reduce latency. In addition, many
minor features have been added, bugs have been fixed, and documentation
has been cleaned up.
Changes in 2.44:
This release features support for two new Sendmail 8.13 features: the
SOCKETMAP map type, and Sendmail's built-in quarantine mechanism. There are
also some minor bugfixes and documentation cleanups, as well as a fix for a
memory leak with the embedded Perl interpreter on some platforms.
Changes in 2.43:
Various Perl functions can request the C code to delay before returning;
this permits tarpitting without tying up a Perl slave. The multiplexor has
an additional option to run a "tick" function on a periodic basis. There
are minor bugfixes and documentation improvements.
Changes in 2.42:
The multiplexor causes closelog() to avoid problems with embedded Perl
slaves. Support for SpamAssassin's upcoming 3.0.0 Perl API was added. A few
other small bugs were fixed.
Changes in 2.41:
This is a bugfix release only. The most important change is to stop the
action_quarantine_entire_message from sending out notifications each time
it is invoked. A few other minor bugs were fixed.
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
