Subject: CVS commit: pkgsrc
To: None <pkgsrc-changes@NetBSD.org>
From: Jeremy C. Reed <reed@netbsd.org>
List: pkgsrc-changes
Date: 12/01/2007 17:22:23
Module Name: pkgsrc
Committed By: reed
Date: Sat Dec 1 17:22:23 UTC 2007
Modified Files:
pkgsrc/doc: CHANGES-2007
pkgsrc/mail/mpop: Makefile distinfo
Log Message:
Update mpop to 1.0.12.
Add commented out LICENSE line (gnu-gpl-v3).
From ChangeLog:
Version 1.0.12:
- Gnulib update to 2007-11-27.
- Don't count already retrieved messages twice. This fixes a segfault when
only_new is off and header or size filtering is on. The bug was introduced in
the previous change; no released version is affected.
- If a filter decides to delete a mail, then additionally mark it as
retrieved. This prevents to filter the mail again in a later session when
the 'keep' option is set.
- Fix default UIDLS file on the W32 platform: Use '\' as directory separator,
not '/'. Reported by Ricky Thomas.
Version 1.0.11:
- Update the license of the source code to GPLv3 or later, and change the
license of the documentation to the GFDLv1.2 or later.
- Gnulib update to 2007-07-15.
- Add new option -Q / --half-quiet to print only status information but no
progress information. Suggested by Dimitrios Apostolou.
- Set the default timeout to 180 seconds = 3 minutes. This prevents sessions
from hanging forever. Suggested by Dimitrios Apostolou.
- Make the POP3 commands UIDL, LIST, and DELE abortable. This is useful for
mailboxes with many thousand mails.
- Update the UIDL state after mail retrieval, and save this state in case of
errors in DELE or QUIT. Only update the UIDL state again after successful
DELE and QUIT, and then save this state. This prevents an incorrect UIDL
state if the DELE commands are aborted, for example. Bug reported by
Dimitrios Apostolou.
Version 1.0.10:
- Fix UIDL handling: the first character of UIDs was ignored.
- Improve APOP timestamp checks. Thanks to Carlos Martín Nieto for a
discussion of this.
- Add documentation on how to find the right CA certificate for
tls_trust_file. Thanks to Bryan Kam for suggestions.
- Improve the documentation for TLS vs. SSL and STARTTLS vs. POP3-over-TLS.
Thanks to Carlos Martín Nieto for suggestions.
- Update the spanish translation (Carlos Martín Nieto).
Version 1.0.9:
- Require either tls_trust_file or tls_certcheck=off for TLS sessions, so that
mpop is not silently vulnerable to man-in-the-middle attacks.
- Gnulib update 2007-04-07.
- Protect against the man-in-the-middle attack on APOP authentication as
described in CVE-2007-1558. This is done by doing sanity checks on the
APOP timestamp in the server greeting.
However, this probably makes attacks only harder. It will not make them
impossible. Therefore, APOP authentication is never used automatically
anymore unless TLS is active.
- Do not use NTLM authentication automatically anymore unless TLS is active.
NTLM is not an open standard and must therefore be considered broken.
Version 1.0.8:
- Move build-aux files to separate directory build-aux.
- Gnulib update 2007-03-19.
- Improve and generalize workaround for pop.gmail.com RFC violations. This
enables automatic pipelining support for pop.gmail.com and some other
servers.
- Provide a hstrerror() function for systems that lack getaddrinfo() (so that
gethostbyname() must be used instead) and that do not provide hstrerror()
themselves. Needed for Solaris 2.6. Reported and tested by Chris Green.
To generate a diff of this commit:
cvs rdiff -r1.2553 -r1.2554 pkgsrc/doc/CHANGES-2007
cvs rdiff -r1.9 -r1.10 pkgsrc/mail/mpop/Makefile
cvs rdiff -r1.3 -r1.4 pkgsrc/mail/mpop/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.