--
This note is to announce the availability of the Pine Message System version
4.44. The purpose of this release is to fix a security bug with the treatment
of quotes in the URL-handling code. The bug allows a malicious sender to
embed commands in a URL. This bug is present in all versions of UNIX Pine.
There is no vulnerability from this bug in PC-Pine.
- never create an ldap FLAVORized Pico package since it does not pertain
to Pico and do not mistakenly register a dependency on ldap with the
package either
Pine has historically built against an internal copy
of the c-client library, however c-client development
has progressed beyond what is shipped with pine.
(It would appear that all new development work is
being done via UW's imap server codebase.) This change
allows pine to utilize improvements/bugfixes in the
c-client library. A consequence of this change is
that the recently reported vulnerability to BugTraq
regarding malformed X-keywords header has been fixed.
This leads to three packages:
pine, pine+pico, pico
Note that pine does not depend on pico, since it links with the static
libpico library.
The old pine package corresponds to the newer pine+pico package.
- remove FAKE=Yes and license type
- remove configure script and integrate it into the Makefile
- add #!/bin/sh to DEINSTALL
- re-arrange INSTALL script a bit and remove bogus PIDFILE variable
o patch doc to reflect proper location of config files
o add INSTALL/DEINSTALL scripts
o call INSTALL script from a post-install target in Makefile
o remove de-install message from packing list (now in DEINSTALL script)
THIS PORT IS NOW FROZEN FOR 2.5
At one point bsd.port.mk put out erroneous PLIST-auto, with @cwd, @pkgname,
and @pkgdep lines.
These are actually added by make package, and shouldn't usually be put
inside the PLIST, as this is extra information to update.
I left a few @cwd in, mainly for the perl modules, which want to live under
/usr to work.
Porters: please make sure you use bsd.port.mk 1.75 or later when
updating ports. That version of the makefile adds all sums. Previous
versions of the makefile will still work for people installing ports.
