84bb8a032a
Add PKG_DESTDIR_SUPPORT; Add LICENSE `$Cambridge: hermes/src/prayer/docs/DONE,v 1.66 2011/06/27 13:39:56 dpc22 Exp $ 27/06/2010 ========== Release: Prayer 1.3.4 22/06/2011 ========== draft.c fixes: Fold long lines of addresses before the entry which reaches 78 characters when possible, rather than after the first entry which crosses that boundary. Long standing bug bear of mine but several support functions needed to be rewritten to use scratch string in place of output buffer. Long subject lines which are not RFC1522 encoded need to be folded. separately. Reported by Andrey N. Oktyabrski <ano@bestmx.ru>. RFC1522 is not allowed to fold lines in the middle of a UTF-8 multibyte character. Reported by Andrey N. Oktyabrski <ano@bestmx.ru>. Tidy library: Add support for tidyp fork of (apparently abandoned) tidy library. Fix cross site scripting problem: MSIE and Chrome think that <!---> is a complete comment. Allows people to hide scripts inside <!---><script>...<!--->. Strip all comments (which is something that the old sanitiser had been doing already) Sieve blocks should check "From: " address in body as well as envelope sender address. Check "Sender: " as well for completeness. Linux needs IPPROTO_IPV6 to bind to '0.0.0.0' and '::' 01/11/2010 ========== Mike Brudenell <mike.brudenell@york.ac.uk> reported problem with RFC 2183/RFC 2231 quoting with vey long filenames, or filenames with strange characters from ASCII range. 20/07/2010 ========== Release: Prayer 1.3.3 08/07/2010 ========== Better handling of complex multipart messages: Rather than just displaying the first text/plain or text/html that we can find in the top, (leaving people to access sections for the other parts), display the entire tree: multipart/alternative are handled as before, but with other multipart messages, recurse into the subtrees and repeat. Given: 1 (Nested multipart) 1.1 text/html 1.2 text/plain 2 text/plain we display sections 1.1 and 2. Previously we would display section 2, which is a bit of a disaster if section (1) was the original message and a listserver has helpfully tagged on a message footer as a separate bodypart Combine os_*.c back into a single file (which is where I started off many years back). Eliminates lots of repeated code. 07/07/2010 ========== Bugs ==== os_bind_inet_socket(unsigned long port, char *interface) If interface resolves to multiple IP addresses then only binds to the first. Should really walk along ai->ai_next and bind to each IP address in turn. Unfortuanetly this means that os_bind_inet_socket() needs to return an array of sockfds rather than a single int. Parent routines probably aren't going to play ball either. Most likely cause will be a hostname which generates both IPv4 and IPv6 addresses. Unfortanately it is a probably that we are going to have to solve eventually. 05/07/2010 ========== Fix XSS problems reported by: Jacob H. Hilton <jhh40@cam.ac.uk> Dr Andrew C Aitchison <A.C.Aitchison@dpmms.cam.ac.uk> Rather than trying to spot dangerous tags by simple substring matching in C, I now feed the html through Tidy library (http://tidy.sourceforge.net/), and then prune unwanted nodes from the parse tree before setting it to the pretty printer. The only problem is that the Tidy library doesn't provide any public API for manipulating the parse tree (although it does provide a public API for walking the tree!?), so I had to dig around to find the private functions required to remove and manipulate nodes. Javascript embedded into CSS is also a problem: I need to strip off CSS character entities before looking for dangerous expressions. The final part is still a simple string match: I hope that I don't end up having to generate parse trees for CSS as well as the HTML. Now passes full test suite at: https://secure.grepular.com/email_privacy_tester/ Better vacation screen Subject line Phrasing Coping with multiple logins as single user from single browser: SessionID stored in HTTP Cookie: second login blats first Can store SessionID in URL (Prayer does this if no cookies available) Not secure: leaks in HTTP "Referrer" header with links from HTML email. Solution: Use HTTP Cookie keyed by PID of login session. Smaller cleanups: Improve gap between words in spell check (Cambridge house style) Remove extra blank lines after postpone, restore cycle.
126 lines
4.3 KiB
Text
126 lines
4.3 KiB
Text
$NetBSD: patch-defaults_Config,v 1.1 2011/06/30 01:17:38 schnoebe Exp $
|
|
|
|
--- defaults/Config.orig 2011-06-17 15:22:57.000000000 +0000
|
|
+++ defaults/Config
|
|
@@ -16,9 +16,9 @@ MUTEX_SEMAPHORE = false # Use SYSV
|
|
TIDY_ENABLE = true # Use libtidy for HTML sanitisation.
|
|
|
|
# Following depend on the way that you have configured c-client
|
|
-CCLIENT_SSL_ENABLE = false # C-client was built with SSL support
|
|
-CCLIENT_PAM_ENABLE = false # C-client was built with PAM support
|
|
-CCLIENT_KERB_ENABLE = false # C-client was built with Kerberos support
|
|
+CCLIENT_SSL_ENABLE = true # C-client was built with SSL support
|
|
+CCLIENT_PAM_ENABLE = true # C-client was built with PAM support
|
|
+CCLIENT_KERB_ENABLE = true # C-client was built with Kerberos support
|
|
|
|
# Probably don't need the following
|
|
RAVEN_ENABLE = false # Only of use in Cambridge at the moment.
|
|
@@ -32,22 +32,18 @@ CC = gcc
|
|
# Location of make program (GNU make required)
|
|
MAKE = gmake
|
|
# Location of install program (GNU install or compatible required)
|
|
-INSTALL = install
|
|
+INSTALL = install -c
|
|
|
|
# Base Compiler options for GCC (use CPPFLAGS and LDFLAGS if passed in)
|
|
ifdef CPPFLAGS
|
|
- BASECFLAGS = $(CPPFLAGS)
|
|
+ BASECFLAGS += $(CPPFLAGS)
|
|
else
|
|
- BASECFLAGS = -Wall -g -O2
|
|
+ BASECFLAGS += -Wall -g -O2
|
|
endif
|
|
ifdef INCLUDES
|
|
BASECFLAGS += $(INCLUDES)
|
|
endif
|
|
-ifdef LDFLAGS
|
|
- BASELDFLAGS = $(LDFLAGS)
|
|
-else
|
|
- BASELDFLAGS = -g
|
|
-endif
|
|
+BASELDFLAGS =
|
|
|
|
# Minimal libraries needed by Linux
|
|
BASE_LIBS = -lcrypt -lutil
|
|
@@ -72,9 +68,9 @@ BASE_LIBS = -lcrypt -lutil
|
|
# which points to ../../imap/c-client. This just reduces the amount of
|
|
# noise output on each line when building the package.
|
|
#
|
|
-CCLIENT_DIR=../c-client
|
|
-CCLIENT_INCLUDE=-I $(CCLIENT_DIR)
|
|
-CCLIENT_LIBS=./$(CCLIENT_DIR)/c-client.a
|
|
+CCLIENT_DIR=${BUILDLINK_PREFIX.imap-uw}
|
|
+CCLIENT_INCLUDE=-I $(CCLIENT_DIR)/include/c-client
|
|
+CCLIENT_LIBS=$(CCLIENT_DIR)/lib/libc-client.a
|
|
|
|
#
|
|
# Following works with imap-devel RPM package from Redhat 7.
|
|
@@ -108,8 +104,8 @@ FENCE_INCLUDE=
|
|
FENCE_LIBS=-lmcheck
|
|
|
|
# Tidy library (required if TIDY_ENABLE set)
|
|
-TIDY_INCLUDE=-I/usr/include/tidy
|
|
-TIDY_LIBS=-ltidy
|
|
+TIDY_INCLUDE=-I ${BUILDLINK_PREFIX.tidy}/include/tidy
|
|
+TIDY_LIBS=-L${BUILDLINK_PREFIX.tidy}/lib -Wl,-R${BUILDLINK_PREFIX.tidy}/lib -ltidy
|
|
# Add following if using tidyp fork.
|
|
# TIDY_IS_TIDYP=true
|
|
|
|
@@ -126,8 +122,8 @@ PAM_INCLUDE =
|
|
PAM_LIBS = -lpam
|
|
|
|
# Kerberos (required if CCLIENT_KERB_ENABLE set)
|
|
-KERB_INCLUDE = -I/usr/kerberos/include
|
|
-KERB_LIBS = -L/usr/kerberos/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
|
|
+KERB_INCLUDE = -I${KRB5BASE}/include
|
|
+KERB_LIBS = -L${KRB5BASE}/lib -Wl,-R${KRB5BASE}/lib -lkrb5 -lcom_err
|
|
|
|
# SSL definitions (required if SSL_ENABLE or CCLIENT_SSL_ENABLE set)
|
|
#
|
|
@@ -147,8 +143,8 @@ OPENSSL=openssl
|
|
# DB definitions (required if SESSION_CACHE_ENABLE set)
|
|
#
|
|
# Following suitable for Redhat Linux which has DB 3 preinstalled
|
|
-DB_INCLUDE=
|
|
-DB_LIBS=-ldb
|
|
+DB_INCLUDE=-I${BDBBASE}/include/${BDB_TYPE}
|
|
+DB_LIBS=-L${BDBBASE}/lib -Wl,-R${BDBBASE}/lib -l${BDB_TYPE}
|
|
|
|
# Following suitable for FreeBSD with DB 4 package installed
|
|
#DB_INCLUDE=-I/usr/local/include/db4
|
|
@@ -162,20 +158,20 @@ DB_LIBS=-ldb
|
|
# RW_GROUP. It is important that nothing else can read the certificate file.
|
|
|
|
# Build root (used by Redhat RPM system)
|
|
-BROOT=
|
|
+BROOT=${DESTDIR}
|
|
|
|
# Directory, User and group for read-write files: log files, sockets etc
|
|
VAR_PREFIX = /var/spool/prayer
|
|
-RW_USER = prayer
|
|
-RW_GROUP = prayer
|
|
+RW_USER = ${PRAYER_USER}
|
|
+RW_GROUP = ${PRAYER_GROUP}
|
|
|
|
# Root Directory, User and group for read-only configuration files.
|
|
# Default configuration and permissions does not allow prayer user to
|
|
# update prayer configuration file.
|
|
|
|
-PREFIX = /usr/local/prayer
|
|
-RO_USER = root
|
|
-RO_GROUP = prayer
|
|
+#PREFIX = /usr/local/prayer
|
|
+RO_USER = ${ROOT_USER}
|
|
+RO_GROUP = ${PRAYER_GROUP}
|
|
|
|
# Access permissions for general objects (wrt above users and groups)
|
|
PUBLIC_EXEC = 0755
|
|
@@ -188,6 +184,6 @@ PRIVATE_DIR = 0750
|
|
PRIVATE_FILE = 0640
|
|
|
|
# Location of configuration files and binaries
|
|
-PRAYER_CONFIG_FILE = ${PREFIX}/etc/prayer.cf
|
|
+PRAYER_CONFIG_FILE = ${PKG_SYSCONFDIR}/prayer.cf
|
|
BIN_DIR = ${PREFIX}/sbin
|
|
-ACCOUNTD_CONFIG_FILE = ${PREFIX}/etc/prayer-accountd.cf
|
|
+ACCOUNTD_CONFIG_FILE = ${PKG_SYSCONFDIR}/prayer-accountd.cf
|