branch of src). Changes from version 20050106:
Teach pkg_add(1) and pkg_delete(1) to pass PKG_METADATA_DIR and
PKG_REFCOUNT_DBDIR in the environment when running the +* scripts.
PKG_METADATA_DIR is the location of the +* files after the package is
registered. PKG_REFCOUNT_DBDIR is the location of the reference counts
database directory. If PKG_REFCOUNT_DBDIR is left unset, then it
defaults the the location of the package database directory with
".refcount" appended to the path, e.g. /var/db/pkg.refcount.
pkgviews users should explicitly set PKG_REFCOUNT_DBDIR in the shell
environment to ensure that all packages will use the same refcount
database.
These changes allow the +INSTALL and +DEINSTALL script to keep state
in +* files within ${PKG_METADATA_DIR}, and to store reference counts
in ${PKG_REFCOUNT_DBDIR} to handle usage of resources outside of
${LOCALBASE}.
version 1.01 include:
* Added parameters for 5167 Avery (tm) stock. Also added many new
Avery (tm) parameters.
* Added new parameter set 'freetype', to allow the user to place a text
string anywhere they want. Particular use is for numbering the pages.
* Code now escapes special PostScript characters (){}[]<>/% in the
input so that they will print properly and not crash the PS interpreter.
* Changed to honor user-defined number of columns.
* Added y_gap to Avery(tm) labels
* Updated calibration plot in BasicData to arbitrary paper size
* Added all of the component and label definition stuff.
* Added pagesize so that various paper sizes are actually handled correctly.
Changes in exim version 4.44
1. Change 4.43/35 introduced a bug that caused file counts to be
incorrectly computed when quota_filecount was set in an appendfile
transport
2. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
place.
3. Give more explanation in the error message when the command for a transport
filter fails to execute.
4. There are several places where Exim runs a non-Exim command in a
subprocess. The SIGUSR1 signal should be disabled for these processes. This
was being done only for the command run by the queryprogram router. It is
now done for all such subprocesses. The other cases are: ${run, transport
filters, and the commands run by the lmtp and pipe transports.
5. Some older OS have a limit of 256 on the maximum number of file
descriptors. Exim was using setrlimit() to set 1000 as a large value
unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
systems. I've change it so that if it can't get 1000, it tries for 256.
6. "control=submission" was allowed, but had no effect, in a DATA ACL. This
was an oversight, and furthermore, ever since the addition of extra
controls (e.g. 4.43/32), the checks on when to allow different forms of
"control" were broken. There should now be diagnostics for all cases when a
control that does not make sense is encountered.
7. $recipients is now available in the predata ACL (oversight).
8. Tidy the search cache before the fork to do a delivery from a message
received from the command line. Otherwise the child will trigger a lookup
failure and thereby defer the delivery if it tries to use (for example) a
cached ldap connection that the parent has called unbind on.
9. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
of $address_data from the recipient verification was clobbered by the
sender verification.
10. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
was its contents. (It was OK if the option was not defined at all.)
11. A "Completed" log line is now written for messages that are removed from
the spool by the -Mrm option.
12. $host_address is now set to the target address during the checking of
ignore_target_hosts.
13. When checking ignore_target_hosts for an ipliteral router, no host name was
being passed; this would have caused $sender_host_name to have been used if
matching the list had actually called for a host name (not very likely,
since this list is usually IP addresses). A host name is now passed as
"[x.x.x.x]".
14. Changed the calls that set up the SIGCHLD handler in the daemon to use the
code that specifies a non-restarting handler (typically sigaction() in
modern systems) in an attempt to fix a rare and obscure crash bug.
15. Narrowed the window for a race in the daemon that could cause it to ignore
SIGCHLD signals. This is not a major problem, because they are used only to
wake it up if nothing else does.
16. A malformed maildirsize file could cause Exim to calculate negative values
for the mailbox size or file count. Odd effects could occur as a result.
The maildirsize information is now recalculated if the size or filecount
end up negative.
17. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this
support for a long time. Removed HAVE_SYS_VFS_H.
18. Updated exipick to current release from John Jetmore.
19. Allow an empty sender to be matched against a lookup in an address list.
Previously the only cases considered were a regular expression, or an
empty pattern.
20. Exim went into a mad DNS lookup loop when doing a callout where the
host was specified on the transport, if the DNS lookup yielded more than
one IP address.
21. The RFC2047 encoding function was originally intended for short strings
such as real names; it was not keeping to the 75-character limit for
encoded words that the RFC imposes. It now respects the limit, and
generates multiple encoded words if necessary. To be on the safe side, I
have increased the buffer size for the ${rfc2047: expansion operator from
1024 to 2048 bytes.
22. Failure to deliver a bounce message always caused it to be frozen, even if
there was an errors_to setting on the router. The errors_to setting is now
respected.
23. If an IPv6 address is given for -bh or -bhc, it is now converted to the
canonical form (fully expanded) before being placed in
$sender_host_address.
24. Updated eximstats to version 1.33
25. Include certificate and key file names in error message when GnuTLS fails
to set them up, because the GnuTLS error message doesn't include the name
of the failing file when there is a problem reading it.
26. Expand error message when OpenSSL has problems setting up cert/key files.
As per change 25.
27. Reset the locale to "C" after calling embedded Perl, in case it was changed
(this can affect the format of dates).
28. exim_tidydb, when checking for the continued existence of a message for
which it has found a message-specific retry record, was not finding
messages that were in split spool directories. Consequently, it was
deleting retry records that should have stayed in existence.
29. eximstats updated to version 1.35
1.34 - allow eximstats to parse syslog lines as well as mainlog lines
1.35 - bugfix such that pie charts by volume are generated correctly
30. The SPA authentication driver was not abandoning authentication and moving
on to the next authenticator when an expansion was forced to fail,
contradicting the general specification for all authenticators. Instead it
was generating a temporary error. It now behaves as specified.
31. The default ordering of permitted cipher suites for GnuTLS was pessimal
(the order specifies the preference for clients). The order is now AES256,
AES128, 3DES, ARCFOUR128.
31. Small patch to Sieve code - explicitly set From: when generating an
autoreply.
32. Exim crashed if a remote delivery caused a very long error message to be
recorded - for instance if somebody sent an entire SpamAssassin report back
as a large number of 550 error lines. This bug was coincidentally fixed by
increasing the size of one of Exim's internal buffers (big_buffer) that
happened as part of the Exiscan merge. However, to be on the safe side, I
have made the code more robust (and fixed the comments that describe what
is going on).
33. Some experimental protocols are using DNS PTR records for new purposes. The
keys for these records are domain names, not reversed IP addresses. The
dnsdb PTR lookup now tests whether its key is an IP address. If not, it
leaves it alone. Component reversal etc. now happens only for IP addresses.
CAN-2005-0021
34. The host_aton() function is supposed to be passed a string that is known
to be a valid IP address. However, in the case of IPv6 addresses, it was
not checking this. This is a hostage to fortune. Exim now panics and dies
if the condition is not met. A case was found where this could be provoked
from a dnsdb PTR lookup with an IPv6 address that had more than 8
components; fortuitously, this particular loophole had already been fixed
by change 4.50/55 or 4.44/33 above.
If there are any other similar loopholes, the new check in host_aton()
itself should stop them being exploited. The report I received stated that
data on the command line could provoke the exploit when Exim was running as
exim, but did not say which command line option was involved. All I could
find was the use of -be with a bad dnsdb PTR lookup, and in that case it is
running as the user.
CAN-2005-0021
35. There was a buffer overflow vulnerability in the SPA authentication code
(which came originally from the Samba project). I have added a test to the
spa_base64_to_bits() function which I hope fixes it.
CAN-2005-0022
36. The daemon start-up calls getloadavg() while still root for those OS that
need the first call to be done as root, but it missed one case: when
deliver_queue_load_max is set with deliver_drop_privilege. This is
necessary for the benefit of the queue runner, because there is no re-exec
when deliver_drop_privilege is set.
37. Caching of lookup data for "hosts =" ACL conditions, when a named host list
was in use, was not putting the data itself into the right store pool;
consequently, it could be overwritten for a subsequent message in the same
SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked
the caching.)
38. Sometimes the final signoff response after QUIT could fail to get
transmitted in the non-TLS case. Testing !tls_active instead of tls_active
< 0 before doing a fflush(). This bug looks as though it goes back to the
introduction of TLS in release 3.20, but "sometimes" must have been rare
because the tests only now provoked it.
this, we only need some simple logic in java-env.mk to automatically
generate an ALTERNATIVES file for us.
There are two exceptions, though: fastjar and jikes (pointed out by tv@),
which do not use this file; they have to be handled manually.
Bump PKGREVISION for all affected packages.
While doing this, remove the java-wrapper package, obsoleted by the new
functionality provided by pkg_alternatives.
- Substitute default values for GREP, PKG_INFO, and SED at buildtime
- Add -P dir, to set binary package dir
- Remove the need for a copy of pkgsrc when using -b
- List 'missing' packages at the end alog wwith Installed and Failed
- Output various messages to stdout and to logfile (if active)
- As ever, there are few problems that cannot be helped by
adding another layer of abstraction
Various cleanups.
fiberlamp thanks to Tim Auckland. Run by itself using -mode and press
middle button to give it a kick.
life mode fixes for -mode life +fullrandom and also labeling for
-neighbors 6 . Conway life would occasionally be initialized with
a bad lifeform. More interesting forms of High life would never come
up. No labeling problem fixed on given rules.
Fixed a problem with configure if g++ is used from say /usr/local where
no other packages are used from there.
Changed VPATH to set without appending / as it seems to cause problems
on NetBSD with an /install directory.
juggle mode improvements added thanks to Tim Auckland
More objects to juggle (clubs, torches, knives, rings, and bowling balls)
toneclock mode thanks to Jouk Jansen.
enabled multibyte support for more than one fontset thanks to
Michal Cihar <michal.cihar AT suse.cz>.
ifs and strange modes now use a real Gaussian generator but does not
seem to make a difference... thanks, I guess, to Tim Auckland. :)
configure change for PAM so it will work on FreeBSD thanks to
Spencer Visick <visick AT eng.utah.edu>.
Fixed PAM goof.
date: Tue Jan 11 07:22:47 PST 2005
changes:
- allow new() to be called from object reference
- make -weak and -init work together
- add tests for -Base filtering
version: 0.21
date: Tue Jan 11 07:28:06 PST 2005
changes:
- WAFL blocks and phrase matching is now case-insensitive, and dashes
(-) are converted to underscores. (Dave Rolsky)
- Redo Spoon::Hook into Spoon::Hooks
- Call $hub->add_hook
- Hooks removed when hub goes out scope
- Spoon::Config can take glob params
- Add hook points to support KwikiPagePrivacy
- Add a domain field to cookies
- AUTOLOAD class object pointers. replaces load_class in most cases.
- Add pre_process and post_process hook points in hub
- Have a load_dynamic method for Registry
imap-2004c:
fixes to quoted-printable encoding and CRAM-MD5 authentication.
NNTP proxy in imapd now supports the LIST and LSUB commands.
imap-2004b:
There are new ports for Solaris with Blastwave Community Open
Source Software (gcs) and Mandrake Linux (lmd).
SET_SNARFINTERVAL now controls how frequently local drivers
will move new mail from the mail spool as well as from a
maildrop. Maildrops are still tied to a minimum interval of
1 minute, but there is now no minimum for the spool file.
Character set conversions now map non-breaking space to space
if the destination character set doesn't have nbsp. JIS Roman
yen sign is now mapped to Unicode yen sign.
* Fixed compilation against GTK+ version 2.4.
* Added spanish translations and manual by Baltasar Perez, EB8AKF. Thanks!
* A new option added to the preferences dialog which allows showing/hiding
of columns in the spots window.
Uses GTK 2.4.0 or greater
KDE Desktop and mime integration
Preview widget added to open dialog
New menu added enabling switching of logs
Log sorting by date and time
Search dialog history added
Use of Xml to save and load preferences
Fixed bug in the integration of hamlib library
Fixed Locator distance calculation
Fixed Memory leak
Fixed logs filename creation
include:
* Added the new Bandwidth Monitoring module, for generating simple
reports of network traffic by port, time and host on Linux systems.
* Added the Cluster Copy module, for copying files to multiple servers
either on schedule or manually.
* Added the Backup Configuration Files module, for backing up and
restoring config files known to Webmin.
* Several improvements to the Linux firewall module, including pre-
and post commands, cluster support and the ability to reset the
firewall configuration.
* Support for selecting specific MySQL and PostgreSQL tables to back
up, and improved searching in the MySQL module.
* Automatic email notification for users approaching their disk quotas.
* The timezone can now be set in the System Time module on Linux,
Solaris and FreeBSD.
* Added the new Sarg Squid access reporting module. Thanks to Omar
Armas for sponsoring its development.
* Added support for NFSv4 to the Disk and Network Filesystems module.
* In the MySQL and PostgreSQL modules, all databases can now be backed
up at once, either manually or on a configured schedule.
* Added the ability to delete multiple users at once to the Users and
Groups module.
* Added support for MD5 encryption for Webmin passwords, to avoid the
8-character effective password length limit.
* The BIND module can now create and edit delegation-only zones.
* When PAM is used for Unix authentication, expired passwords are now
detected and the user is prompted to select a new password (if this
feature is enabled on the Webmin Configuration module).
Tomcat 5.0.30 (yoavs)
General
update Update web.xml files to 2.4 schema (from 2.3 DTD) where applicable. (yoavs)
update 32235: align conf/web.xml MIME types with Apache HTTPD. (yoavs)
fix 31132: Modified startup scripts for better OS/400 -x/-r handling. (yoavs)
update 22679: Added misc note on accessing session ID to SSL-HowTo. (yoavs)
update When the package protection is not used, do not create the doPrivileged objects so we don't suffer the performance hit (jfarcand)
update 32282: Modify Windows Uninstaller to remove webapps and webapps/ROOT only if user asks to remove everything. (yoavs)
Catalina
fix 31273: Add support for derefaliases in JNDIRealm. (markt)
fix 31623: Better OS400 support in setclasspath.sh. (yoavs)
fix 31592: Allow specification of digest encoding for realms. (yoavs)
update 31945: Added and updated Connector documentation. (yoavs)
update 31739: Minor documentation corrections for realm-howto and AJP docs. (yoavs)
fix 31753: Minor inconsistencies in JDBC and DataSourceRealm#authenticate. (yoavs)
update 31683: Minor clarifications to realm documentation. (yoavs)
fix 31851: UserTransaction in DefaultContext broken. (yoavs)
fix 32130: Check for null or empty file listing in FileStore#keys. (yoavs)
update 32276: Add developer info to Realm How-To. (yoavs)
fix 32082: Add protected getPrincipals method to MemoryRealm for easier extension. (yoavs)
fix 32023: CGIServlet fails to handle post message with multipart/form data. (yoavs)
fix 32269: JNDIRealm fails with InvalidNameException to authenticate users if LDAP distinguished name (DN) contains slash or double quote character(s). (yoavs)
Coyote
Jasper
fix Fixed default compiler target VM setting (to 1.3) so that compilation on J2SE 5.0 works out of the box. (yoavs)
update Exposed compilerSourceVM and compilerTargetVM options to JspC. (yoavs)
update Updated JspC usage messages to include recently added configurable parameters. (yoavs)
fix 29866: JspReader#skipUntil may try to read beyond the end of the file. (yoavs)
fix 32330: JspC changes context classloader. (yoavs)
Cluster
Webapps
fix 31707: Broken JavaScript confirmation in HTML manager. (yoavs)
update Removed hard-coded admin context path. (yoavs)
fix 31732: Fix Japanese localization of Manager's list command. (yoavs)
update 31656: Make admin webapp build on Struts 1.2. (yoavs)
update 32019: Remove maxlength=64 on env entry value in admin webapp. (yoavs)
Tomcat 5.0.29 (yoavs)
General
update Added Xalan note in RELEASE-NOTE section on XML parsers. (yoavs)
fix 30756: Bad syntax in sample web.xml. (yoavs)
update Enhanced Japanese resource bundles. (yoavs)
fix 30568: Incomplete setup.html documentation for launching jsvc. (yoavs)
Catalina
update Use CatalinaDigester on shutdown so you can use a sytem property to configure the port. (funkman)
fix Fix memory leak when Security Manager is turned on. (jfarcand)
fix 28914: threadPriority attribute ignored. (yoavs)
fix 30763: added failOnError attribute to UndeployTask. (yoavs)
fix 30624: Enhanced null checking in RealmBase#findSecurityConstraints. (yoavs)
fix Added explicit close of randomIS DataInputStream to ManagerBase for better resource handling. (yoavs)
update Added processTlds context attribute to allow disabling TLD processing. (yoavs)
update Backport if-else logic for SSI servlet from 4.1 (funkman)
update StandardClassLoader: Output the name of the repository if it failed to load. (funkman)
fix 31001: Missing domain attribute in MBean description for createStandardService. (yoavs)
fix 30636: NPE in DigesterFactory when resources cannot be located. (yoavs)
fix 30415: Directories ending in .war not handled well. (yoavs)
fix 31052: BeanFactory swallows root cause of exception. (yoavs)
fix 29914: Better lifecycle support for DefaultContext. (yoavs)
fix Set the FORM notes even when caching so that clustering with SSO works properly. (remm)
fix 30869: Make sure JAAS realm name is legal. (yoavs)
fix 31277: Clarified automatic application deployment section of Host configuration page. (yoavs)
fix 28631: JAASRealm enhancements to support custom user, role class names, use Commons-Logging. (yoavs)
fix 31364: Missing resource in org.apache.catalina.core.LocalString.properties. (yoavs)
fix 31362: Missing -Xdebug in catalina.bat when using JPDA and Security. (yoavs)
fix 30949: Make sure ApplicationDispatcher unwraps requests even if include fails. (yoavs)
fix 31511: Don't call setenv.bat if not found in *using-launcher scripts. (yoavs)
fix 31549: Add name of resource to load failed messaged in WebappClassLoader. (yoavs)
Webapps
fix 29526: Manager redeployment locked JAR because of context.xml stream. (yor "dangerous" manager tasks. (yoavs)
fix 29485: Added JavaScript confirmation prompts to HTML Manager actions. (yoavs)
fix 31058: Ensure StatusTransformer escapes query string for XML. (yoavs)
fix CGI Servlet: Revert the fix for 27090 as it introduced a JDK 1.4 dependency. (markt)
Jasper
fix 30984: Added compilerTargetVM option to Jasper. (yoavs)
fix 31171: Wrap to avoid ClassCastException in PageContextImpl. (yoavs)
fix 31257: Added specification of endorsed dirs if forking. (yoavs)
fix 31510: Set response=null in JspWriterImpl#recycle to aid in JBoss memory leak. (yoavs)
Coyote
fix 31018: Race condition in SystemLogHandler. (yoavs)
