* CVE-2011-1947
- use timeouts for IMAP STARTTLS/POP3 STLS negotiation which could cause
fetchmail freezes if a server was hanging.
* security improvements to defang X.509 certificate abuse
- require wildcard CN/subject alternative names to start with "*." not just "*"
- don't allow wildcards to match domain literals (such as 10.9.8.7) or
wildcards in domain literals ("*.168.23.23").
- don't allow wildcarding top-level domains.
in the correct paths, do a mv/rm dance in the port Makefile. This
greatly simplifies the port maintainance.
Remove config and man pages for binaries that aren't shipped (part of
the linux-only zarafa-licensed).
While here, regen WANTLIB.
Committing now because this version performs _much_ better than what we
currently have in tree (see HOMEPAGE for details).
Quick&dirty upgrade steps (but you should follow the README):
------------------------------------------------------------------------
# /etc/rc.d/zarafa stop
===> Make sure _all_ zarafa processes are stopped and BACKUP YOUR DB!
# pkg_add -u zarafa zarafa-webaccess zarafa-libvmime
===> merge configuration (compare /usr/local/share/examples/zarara/*.cfg
with their counterparts under /etc/zarafa/.
# /usr/local/bin/zarafa-server
===> this will only do sanity checks but not start the server
# pkg_add py-mysql
# python2.6 /usr/local/share/doc/zarafa/zarafa7-upgrade
# /etc/rc.d/zarafa start
------------------------------------------------------------------------
tested by robert@ and myself
ok robert@
with pkgpath/dependency marker tweaks from myself. Looks good to pea@.
This means we are now using subpackages rather than flavours; if upgrading
from a flavoured version, you will need to add the relevant module yourself.
e.g.: dovecot-$VER-ldap will be upgraded to dovecot-$VER, you must
pkg_add dovecot-ldap.
- use a shorter comment reminding to bump dovecot-pigeonhole for updates
(and place it next to the version variables)
- bdb support is no more, drop the flavour
ok Brad
PLIST and delete everything under the @sample'd directory instead of the
directory itself to prevent a warning from pkg_delete(1) trying to
remove a non existing directory and to help preventing left-over files
and directories.
ok aja@
See http://www.postfix.org/CVE-2011-1720.html for info: this is a memory
corruption bug affecting users of -sasl2 packages who have enabled SASL
using auth mechanisms other than PLAIN/LOGIN. (This is not an especially
common configuration as the affected mechanisms require keeping plaintext
passwords on mail servers).
OK jasper@, Brad (maintainer).
