1. 22 Apr, 2018 6 commits
  2. 28 Dec, 2017 1 commit
  3. 24 Dec, 2017 1 commit
  4. 17 Jan, 2017 3 commits
  5. 09 Jan, 2017 3 commits
    • Ron Lee's avatar
      Drop the #define _BSD_SOURCE · 649963a0
      Ron Lee authored
      In theory, it is needed for vsyslog(3), but glibc 2.20 deprecated it in
      favour of _DEFAULT_SOURCE, and features.h in 2.24 now barks about it
      being defined without _DEFAULT_SOURCE.
      
      In practice, we don't need it at all here, since we aren't invoking the
      compiler in a way that disables the default modes, so the "BSD" guarded
      functions are already available to us by default anyway, and defining
      _DEFAULT_SOURCE would be a no-op.
      649963a0
    • Ron Lee's avatar
      Include ctype.h for isdigit · cf96d8d4
      Ron Lee authored
      It's no longer pulled in implicitly with libc6 2.24 and gcc 6.3.
      cf96d8d4
    • Johannes Berg's avatar
      make debug prefix configurable · 6b9003cb
      Johannes Berg authored
      The default remains "antispam: ", but you can now configure it
      to include, for example, the logged-in username.
      6b9003cb
  6. 05 Jan, 2017 5 commits
    • Ron Lee's avatar
      Drop the #define _BSD_SOURCE · b1762993
      Ron Lee authored
      In theory, it is needed for vsyslog(3), but glibc 2.20 deprecated it in
      favour of _DEFAULT_SOURCE, and features.h in 2.24 now barks about it
      being defined without _DEFAULT_SOURCE.
      
      In practice, we don't need it at all here, since we aren't invoking the
      compiler in a way that disables the default modes, so the "BSD" guarded
      functions are already available to us by default anyway, and defining
      _DEFAULT_SOURCE would be a no-op.
      b1762993
    • Ron Lee's avatar
      Include ctype.h for isdigit · 447a6c7b
      Ron Lee authored
      It's no longer pulled in implicitly with libc6 2.24 and gcc 6.3.
      447a6c7b
    • Ron Lee's avatar
      Release 2.0+20170102-1 · 94044e2d
      Ron Lee authored
      94044e2d
    • Ron Lee's avatar
      Don't Suggest dspam anymore · e1314d16
      Ron Lee authored
      The dspam package was abandoned upstream and dropped from Jessie.
      Closes: #818794
      e1314d16
    • Ron Lee's avatar
      Merge branch 'master' into debian · 215fbd7f
      Ron Lee authored
      215fbd7f
  7. 02 Jan, 2017 1 commit
  8. 15 Nov, 2016 1 commit
    • Ron Lee's avatar
      Fix the Vcs-Browser URL · 02b93c0b
      Ron Lee authored
      The cgit running there now apparently chokes on the ;a=summary query part.
      02b93c0b
  9. 04 Jul, 2015 4 commits
  10. 23 Feb, 2015 1 commit
    • Ron Lee's avatar
      Use the correct argc for pipe.ham_args · 963c046c
      Ron Lee authored
      This fixes a typo bug, where if the number of arguments set for
      antispam_pipe_program_spam_arg is not the same as what was set
      for antispam_pipe_program_notspam_arg, then we'll either scribble
      past the end of the allocated argv array, or populate it with
      pointers to whatever followed the real ham_args.
      
      Thanks to Peter Colberg who reported this, including a correct
      patch to fix it, to the security team.  The security implications
      of this seem somewhat limited, since you need to edit a config
      file as root to create the bad situation, and there is no path
      for remote injection of crafted data (whether it overflows or
      underflows) if you do, the argv array will just get some 'random'
      extra pointers to existing internal data.
      
      However it does pose a potential problem for a legitimate user
      who does legitimately need or want to pass a different number of
      arguments for the spam and ham cases, since that could crash
      dovecot, or confuse the hell out of their pipe program when it
      gets some random extra arguments.  It's probably gone unnoticed
      for this long because most uses will pass the same number of
      arguments for both of them, but that's not a necessary condition
      in the general case.
      963c046c
  11. 22 Feb, 2015 2 commits
    • Ron Lee's avatar
      Import the changelog from stable-jessie 2.0+20130912-2 · 2c1b767f
      Ron Lee authored
      (cherry picked from commit 2b6d4a0f)
      
      Bump the version of the unreleased 2.2.14 compatibility patched source
      to -3, to avoid any accidents, since we've now actually released a -2
      with minimal changes suitable for Jessie.
      2c1b767f
    • Ron Lee's avatar
      Use the correct argc for pipe.ham_args · 73988fa4
      Ron Lee authored
      This fixes a typo bug, where if the number of arguments set for
      antispam_pipe_program_spam_arg is not the same as what was set
      for antispam_pipe_program_notspam_arg, then we'll either scribble
      past the end of the allocated argv array, or populate it with
      pointers to whatever followed the real ham_args.
      
      Thanks to Peter Colberg who reported this, including a correct
      patch to fix it, to the security team.  The security implications
      of this seem somewhat limited, since you need to edit a config
      file as root to create the bad situation, and there is no path
      for remote injection of crafted data (whether it overflows or
      underflows) if you do, the argv array will just get some 'random'
      extra pointers to existing internal data.
      
      However it does pose a potential problem for a legitimate user
      who does legitimately need or want to pass a different number of
      arguments for the spam and ham cases, since that could crash
      dovecot, or confuse the hell out of their pipe program when it
      gets some random extra arguments.  It's probably gone unnoticed
      for this long because most uses will pass the same number of
      arguments for both of them, but that's not a necessary condition
      in the general case.
      
      (cherry picked from commit dce9a0cb)
      73988fa4
  12. 10 Nov, 2014 1 commit
    • Timo Sirainen's avatar
      use T_BEGIN/T_END · 31c81ae3
      Timo Sirainen authored
      Johannes: Timo's patch, adjusted to fix compilation and carry
                a backport for dovecot 1.0 in case somebody still
                uses that
      
      For the original (although modified by somebody else to compile):
      Acked-by: 's avatarPhil Carmody <phil@dovecot.fi>
      31c81ae3
  13. 29 Oct, 2014 2 commits
  14. 24 Oct, 2014 3 commits
    • Ron Lee's avatar
      Make a release suitable for dovecot 2.2.14 · 7e379a78
      Ron Lee authored
      7e379a78
    • Ron Lee's avatar
      Add a compatibility macro for t_push() · 2aa93d15
      Ron Lee authored
      This should fix things for the API change in dovecot 2.2.14 reported in:
      https://bugs.debian.org/765943
      2aa93d15
    • Ron Lee's avatar
      Include the patch level in the dovecot version checks · d17c6a9c
      Ron Lee authored
      Dovecot broke the t_push() API for 2.2.14 so just checking the major/minor
      versions is no longer enough.  Bonus points for it not actually exporting
      that version anywhere itself, so we still need to parse the full string to
      get it.
      
      There's a chance this might break some things for dovecot < 2.0 or so
      (based mostly on the theory that the patch=255 fallback coded into the
      dovecot-version.c parsing was put there for a reason), but we might be
      well past the stage of needing to worry about that now.  If someone
      tests it with an earlier version and it breaks there, we'll worry about
      that when they report how and where it breaks.
      d17c6a9c
  15. 04 Oct, 2014 2 commits
  16. 12 Sep, 2013 3 commits
  17. 07 Sep, 2013 1 commit