pkgsrc/mail/poppassd/MESSAGE
adrianp bc386bed51 - Update poppassd to 4.0.8
- Thanks to taca@ and gavan@ for feedback and patch review
- This also enables experimental PAM support (on platforms that support it)
- Security fixes included
- From the ChangeLog:
Changes from 4.0.7 to 4.0.8:
> ---------------------------
>  1.  Fix compilation error on HPUX.
>  2.  Fix some compilation warnings.
>  3.  Update man page with '-x' option.
>  4.  Fix problems with 'make install'
>
>
> Changes from 4.0.6 to 4.0.7:
> ---------------------------
>  1.  Fix '-V' for standalone.
>  2.  Include 'man' directory in tarball.
>
>
> Changes from 4.0.5 to 4.0.6:
> ----------------------------
>  1.  Minor fixes for true64.
>  2.  Patch from Uli Zappe to fix SCRAM compilation bugs.
>  3.  Minor fixes for true64.
>  4.  poppassd now runs smbpasswd as user, not root, to avoid exploit
>  5.  Remove -traditional-cpp from the compiler options for Darwin
>      builds (otherwise build fails)
>  6.  Open stdout and stderr as O_WRONLY instead of O_RDONLY so that
>      should anything actually be written to them it will show up
>  7.  When configured as --with-pam and required,
>      include <pam/pam_appl.h> instead of <security/pam_appl.h>
>      (otherwise build fails)
>  8.  strdup the pw.pw_name field from getpwnam so that it's still
>      valid by the time genpath is called; also added corresponding
>      free (without this fix when the bug manifests, clients are
>      erroneously told there are 0 messages in the mail drop
>      regardless of the actual number)
>  9.  Add a pam bug workaround at the beginning of main to do a
>      pam_start and pam_end immediately when the program starts up
>      in order to avoid bogus authentication failed messages from
>      pam_authenticate later (only when configured as --with-pam)
>      [ Thanks to Kyle McKay for changes 5-9 ]
> 10.  Fixed error in configure script for Mac OS / Darwin.
> 11.  Support chained certs for OpenSSL [from Daniel Senie].
> 12.  Fixes to compile better on Linux [from Daniel Senie].
> 13.  X-UIDL header no longer written when Update_status_hdrs is false
>      [thanks to Helge Oldach]
> 14.  Now calling SSL_shutdown() again if it fails the first time.
> 15.  Now logging TLS errors when compiled with debugging and debug is
>      enabled (instead of either) [thanks to Maks N. Polunin].
> 16.  Config file now always closed (not just on error).
> 17.  When using pam, Kerberos tickets are now destroyed.
>      Otherwise dead tickets accumulate in cache directory which runs
>      out of space quickly on busy server.  Problem noted by Rodney
>      McDuff ITS UQ.   (Directory permissions on ticket cache dir need
>      to be 1777).
> 18.  Always log "Servicing request" (instead of just when debugging is
>      on).   This allows start of pop sessions to be logged always which
>      is useful for diagnosis of problems.
> 19.  Worked around problem on some systems causing SIGALRM to be masked,
>      leaving hung pop processes which should have timed out waiting
>      for a command from the client.
>      [ Thanks to David Shrimpton for changes 16-19 ]
> 20.  Now defaulting to "EXPIRE NEVER" instead of "EXPIRE 0".
> 21.  Fix core dump on 64-bit Solaris 2.8 [thanks to Kenny Nguyen]
> 22.  Log facility set on command line now applies to daemon as well.
>      [Thanks to Helge Oldach]
> 23.  '-y' to set log facility on command line now works again.
> 24.  Allow '-V' as synonym for '-v' (to see version).
> 25.  Process user and spool config files as user, not as root (fix
>      security hole reported by Jens Steube)
> 26.  Added "xtnd_xmit" as a boolean option to permit/deny XTND XMIT
>      and 'x' as a command-line option to disable it.  You should
>      disable it unless you really need it, and even then it is better
>      to move to SMTP AUTH.
> 27.  popauth now opens trace file as user, not root (fix security
>      hole reported by Jens Steube); also umask now set.
> 28.  Fix race crash on FreeBSD (thanks to Martin Haller).
> 29.  Resolve some compiler warnings.
> 30.  Fix check for libcrypt on FreeBSD.
> 31.  Added sample pam configuration file (also installed by 'make
>      install')
> 32.  Use generic error msg and sleep in more auth failure cases.
> 33.  Added code to use mkstemp() instead of our perfectly safe usage
>      of tempnam() because some compilers issue overly broad warnings
>      implying that all uses of tempnam() are unsafe.  To bypass,
>      use '--enable-tempnam' with ./configure.
2005-06-01 21:00:39 +00:00

14 lines
502 B
Text

===========================================================================
$NetBSD: MESSAGE,v 1.3 2005/06/01 21:00:39 adrianp Exp $
In order to enable poppassd service, you should add the following line
to your /etc/services:
poppass 106/tcp poppassd
And /etc/inetd.conf:
poppass stream tcp nowait root ${PREFIX}/libexec/poppassd poppassd
poppass stream tcp6 nowait root ${PREFIX}/libexec/poppassd poppassd
===========================================================================