- fix the $OpenBSD$ tag in the port Makefile.
- remove unnecessary subshell.
- fix run-time dependencies.
patches from maintainer and myself; ok wilfried@
Sylpheed-claws is the bleeding edge branch of Sylpheed, an e-mail
client and news reader based on GTK+. Many features are supported
including POP3, IMAP, NNTP, multiple accounts, threading, filtering,
MIME attachments, APOP, SMTP AUTH, SSL, IPv6, GnuPG, internalization,
and more.
Lots of bug fixes and a new sequence menu.
The configuration is changed to allow the creation of a distibutable
package (before, the port relied on the local domain name as
discovered at configuration time). Now there is no default domain ...
i.e. the MTA should fully qualify addresses (as god intended).
pids on openbsd can be recycled in intervals smaller than one second
(previous it assumed that they couldnt). This prevents maildir
corruption on heavily loaded servers.
Also temporarily disable ipv6; it seems pretty broken right now.
detection scheme in configure to properly handle our -pthread and includes
db-3.1.17 directly into the port, removing the version constraint on the
db port.
This also addresses the CORE security advisory ID CORE-20030304-01.
--
Provides classes to deal with creation and manipulation of MIME
messages:
- Create MIME email, with HTML, attachments, embedded images, etc.
- Advanced method of creating MIME messages.
- Decodes MIME messages to a usable structure.
- An XML DTD to acompany the getXML() method of the decoding class.
- An XSLT stylesheet to transform the output of the getXML() method
back to an email.
buffer overflow identified by Core Security Technologies. The only differences
between 1.4 and 1.4.1 are bug fixes. If you are currently using 1.4, it's
probably a very good idea to update.
which_access open -> closed
who_access open -> closed
max_which_hits 0 -> 1
Those would allow a spammer to harvest all subscriber addresses
if not changed by the list admin. Reported on
http://online.securityfocus.com/archive/1/310113/2003-02-03/2003-02-09/0
Don't restrict the which arguments as the article suggests, though,
because with which_access list and max_which_hits 1, there's no
reason to destroy a useful command.
--
Security Fix
This version fixes a buffer overflow with the rarely used
option 'progress=2' (triggered by long attachment names),
and some other buffer overflows, disables the "mail" program
by default.
Fixes a segfault with headers encoded as quoted printable,
fixes an expires option to work in incremental mode, and adds
delete_older and delete_newer options to limit archive by date.
brad@ ok
---cut---
Well, I was going to wait until 2.50 release, but it seems to be taking and
this likely affects only few installations. Besides, it's been in their
public bugzilla for over a month. So:
Attacker may be able to execute arbitrary code by sending a specially
crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode
(-B option). Versions from 2.40 to 2.43 are affected.
Exim users especially should check if they're affected, the -B option is
used in several Exim+SpamAssassin HOWTOs.
The problem is with escaping '.' characters at the beginning of lines.
Off-by-one bounds checking error allows writing '.' character past a
buffer, overwriting the stack frame address. Depending on system this may
be exploitable. Pre-built Debian unstable/x86 package wasn't vulnerable, my
self compiled was.
---cut---
--
relaydb is a mail header analyzer that builds a database of IP addresses
either known as legitimate senders or spammers.
relaydb doesn't itself classify mails as legitimate or spam, that deci
sion needs to be reached through other means. Neither does relaydb block
spam itself. It merely provides a list of IP addresses to block through
other means, like spamd(8) and pf(4).
relaydb reads a single mail from stdin, analyzes the Received: header
lines and updates blacklist and whitelist counters for each IP address.
WWW: http://www.benzedrine.cx/relaydb.html
Initial version submitted to dhartmei@ who came back to me with this.
- multi-lingual support
- list creation/removal through web interface
- MIME base content filtering (demime et.al.)
- new architecture of mail delivery subsystem
- better, faster, cheaper, ... ;-)
naddy@ OK
