pkgsrc/mail/prayer
schnoebe 84bb8a032a Update to 1.3.4;
Add PKG_DESTDIR_SUPPORT;
Add LICENSE

`$Cambridge: hermes/src/prayer/docs/DONE,v 1.66 2011/06/27 13:39:56 dpc22 Exp $

27/06/2010
==========

Release: Prayer 1.3.4

22/06/2011
==========

draft.c fixes:
 Fold long lines of addresses before the entry which reaches 78 characters
 when possible, rather than after the first entry which crosses that
 boundary. Long standing bug bear of mine but several support functions
 needed to be rewritten to use scratch string in place of output buffer.

 Long subject lines which are not RFC1522 encoded need to be folded.
 separately. Reported by Andrey N. Oktyabrski <ano@bestmx.ru>.

 RFC1522 is not allowed to fold lines in the middle of a UTF-8 multibyte
 character. Reported by Andrey N. Oktyabrski <ano@bestmx.ru>.

Tidy library:
  Add support for tidyp fork of (apparently abandoned) tidy library.

Fix cross site scripting problem:
  MSIE and Chrome think that <!---> is a complete comment. Allows people to
  hide scripts inside <!---><script>...<!--->. Strip all comments (which is
  something that the old sanitiser had been doing already)

Sieve blocks should check "From: " address in body as well as
envelope sender address. Check "Sender: " as well for completeness.

Linux needs IPPROTO_IPV6 to bind to '0.0.0.0' and '::'

01/11/2010
==========

Mike Brudenell <mike.brudenell@york.ac.uk> reported problem with RFC
2183/RFC 2231 quoting with vey long filenames, or filenames with strange
characters from ASCII range.

20/07/2010
==========

Release: Prayer 1.3.3

08/07/2010
==========

Better handling of complex multipart messages:

 Rather than just displaying the first text/plain or text/html that we can
 find in the top, (leaving people to access sections for the other parts),
 display the entire tree: multipart/alternative are handled as before, but
 with other multipart messages, recurse into the subtrees and repeat. Given:

   1   (Nested multipart)
   1.1 text/html
   1.2 text/plain
   2   text/plain

 we display sections 1.1 and 2. Previously we would display section 2,
 which is a bit of a disaster if section (1) was the original message and
 a listserver has helpfully tagged on a message footer as a separate bodypart

Combine os_*.c back into a single file (which is where I started off
many years back). Eliminates lots of repeated code.

07/07/2010
==========

Bugs
====

os_bind_inet_socket(unsigned long port, char *interface)

  If interface resolves to multiple IP addresses then only binds to the
  first. Should really walk along ai->ai_next and bind to each IP address
  in turn. Unfortuanetly this means that os_bind_inet_socket() needs to
  return an array of sockfds rather than a single int. Parent routines
  probably aren't going to play ball either.

  Most likely cause will be a hostname which generates both IPv4 and IPv6
  addresses. Unfortanately it is a probably that we are going to have
  to solve eventually.


05/07/2010
==========

Fix XSS problems reported by:
  Jacob H. Hilton <jhh40@cam.ac.uk>
  Dr Andrew C Aitchison <A.C.Aitchison@dpmms.cam.ac.uk>

  Rather than trying to spot dangerous tags by simple substring matching in C,
  I now feed the html through Tidy library (http://tidy.sourceforge.net/),
  and then prune unwanted nodes from the parse tree before setting it to
  the pretty printer. The only problem is that the Tidy library doesn't
  provide any public API for manipulating the parse tree (although it does
  provide a public API for walking the tree!?), so I had to dig around to
  find the private functions required to remove and manipulate nodes.

  Javascript embedded into CSS is also a problem: I need to strip off CSS
  character entities before looking for dangerous expressions. The final
  part is still a simple string match: I hope that I don't end up having to
  generate parse trees for CSS as well as the HTML.

  Now passes full test suite at:

  https://secure.grepular.com/email_privacy_tester/

Better vacation screen
  Subject line
  Phrasing

Coping with multiple logins as single user from single browser:
  SessionID stored in HTTP Cookie: second login blats first
    Can store SessionID in URL (Prayer does this if no cookies available)
    Not secure: leaks in HTTP "Referrer" header with links from HTML email.
  Solution: Use HTTP Cookie keyed by PID of login session.

Smaller cleanups:
  Improve gap between words in spell check (Cambridge house style)
  Remove extra blank lines after postpone, restore cycle.
2011-06-30 01:17:37 +00:00
..
files Update to 1.3.4; 2011-06-30 01:17:37 +00:00
patches Update to 1.3.4; 2011-06-30 01:17:37 +00:00
DESCR
distinfo Update to 1.3.4; 2011-06-30 01:17:37 +00:00
Makefile Update to 1.3.4; 2011-06-30 01:17:37 +00:00
PLIST Changes 1.3.2: 2010-06-08 12:34:38 +00:00