--- - branch: MAIN date: Sat May 23 20:50:02 UTC 2020 files: - new: '1.120' old: '1.119' path: pkgsrc/mail/qmail/Makefile pathrev: pkgsrc/mail/qmail/Makefile@1.120 type: modified - new: '1.47' old: '1.46' path: pkgsrc/mail/qmail/distinfo pathrev: pkgsrc/mail/qmail/distinfo@1.47 type: modified - new: '1.69' old: '1.68' path: pkgsrc/mail/qmail/options.mk pathrev: pkgsrc/mail/qmail/options.mk@1.69 type: modified - new: '0' old: '1.5' path: pkgsrc/mail/qmail/patches/patch-Makefile pathrev: pkgsrc/mail/qmail/patches/patch-Makefile@0 type: deleted id: 20200523T205002Z.6b0094db6c9bd71e5648d1aef4413d2a5bc44d4d log: "Update to notqmail 1.08 (as qmail-1.03nb49). From the changelog:\n\n## Fix bugs\n\n- Vulnerabilities we've inherited from qmail 1.03, reported by Qualys.\n \ - CVE-2005-1515: fix signedness wraparound in `substdio_{put,bput}()`.\n - CVE-2005-1514: fix possible signed integer overflow in `commands()`.\n - CVE-2005-1513: fix integer overflow in `stralloc_readyplus()`.\n - Fix several other places where variables could overflow.\n- `qmail-pop3d`: instead of running as root if root authenticates (and\n being a vector for a dictionary attack on the root password), exit 1\n to look just like a failed `checkpassword` login.\n- `qmail-inject`: do not parse header recipients if `-a` is given.\n- Correctly detect multiple IP addresses on the same interface.\n- Remove workaround for ancient DNS servers that do not properly\n support CNAME.\n- Fix possible integer overflow in `alloc()`.\n\n## Reduce bug likelihood\n\n- Remove `dnscname` and `dnsmxip` programs that were being built but not\n installed.\n- Remove `systype` and related platform detection.\n- Remove unused variable in `maildir.c`.\n- Reduce variable scope in `tcpto.c`.\n- Avoid local variables shadowing same-named globals.\n- Avoid needing `exit.h` in named-pipe bug check.\n- Add a `test` target and some unit tests, using Check.\n- Add missing function declarations in `cdbmss.h`, `scan.h`.\n- Add missing return types to `main()`.\n- Add `hier.h` for inclusion in `instcheck.c`, `instchown.c`, `instpackage.c`.\n- Use system headers and types instead of the `HASSHORTSETGROUPS` check.\n- Use system headers instead of redeclaring `exit()`, `read()`,\n `write()`, `malloc()`, `free()`, `fork()`, `uint32_t`.\n- Use C89 function signatures for code we've touched so far.\n- Automated builds:\n - TravisCI: move setting `MAKEFLAGS` out of the script and into\n the matrix.\n - Add FreeBSD builds with CirrusCI.\n - Add a GitHub Actions build.\n\n## Other changes\n\n- Remove DJB's TODO.\n- Replace many `pobox.com` URLs.\n- Acknowledge Erik Sjæ\x97¦lund's `qmail-local.c` bugfix that we've\n inherited from netqmail.\n- Avoid generating catted manpages by building with `NROFF=true`.\n- Optionally create a `systemd` service file.\n- Run an alternate `qmail-remote` by setting `QMAILREMOTE` in\n \ `qmail-send`'s environment.\n\n## Intent to remove\n\nIn the course of developing this release, we found programs that we\nintend to remove in the next release. We believe none of these remains\nnecessary or useful enough to be worth the cost of maintaining. If you\ndisagree, please let us know!\n\n- Remove `qsmhook`, long since replaced by `preline`.\n- Remove inefficient `maildirwatch`.\n- Remove obsolete mail client wrappers.\n- Remove `qmail-pop3d`, since Maildir is well supported by actively\n maintained POP3 servers.\n" module: pkgsrc subject: 'CVS commit: pkgsrc/mail/qmail' unixtime: '1590267002' user: schmonz