procmail (3.22-26+deb10u1) buster; urgency=medium * Fix NULL pointer dereference. Closes: #769938. Reported by Jakub Wilk using American Fuzzy Lop. Patch from Stephen R. van den Berg. -- Santiago Vila Sun, 31 Jul 2022 20:10:00 +0200 procmail (3.22-26) unstable; urgency=medium * Fix buffer overflow in loadbuf(). Closes: #876511. Reported by Jakub Wilk using American Fuzzy Lop. For reference, this is CVE-2017-16844. -- Santiago Vila Thu, 16 Nov 2017 23:42:36 +0100 procmail (3.22-25) unstable; urgency=low * Use gzip -n to stop recording current time, and fix mtimes before building binary package. Closes: #774367. * Create md5sums in a reproducible way. -- Santiago Vila Fri, 15 May 2015 16:25:36 +0200 procmail (3.22-24) unstable; urgency=medium * Fix two memory corruption problems in formail. Closes: #769937. Reported by Jakub Wilk. Patch by Jan Darmochwal. Thanks a lot. The problems are the following: - Off-by-one heap overflow when parsing addresses that have left angle bracket, then a comma, but no right angle bracket: Wed, 11 Feb 2015 16:41:40 +0100 procmail (3.22-23) unstable; urgency=medium * Fixed heap overflow in procmail that made it to segfault on some unusual (but legit) .procmailrc files. Closes: #771958. Thanks a lot to Tero Marttila. -- Santiago Vila Wed, 03 Dec 2014 23:51:52 +0100 procmail (3.22-22) unstable; urgency=high * Fixed heap overflow in formail that made it to crash on messages having specially-crafted headers. Closes: #704675, #760443. For reference, this is CVE-2014-3618. -- Santiago Vila Thu, 04 Sep 2014 12:08:36 +0200 procmail (3.22-21) unstable; urgency=low * debian/patches: Try to correlate patches with bugs and Debian releases. * Really adopt remaining changes from procmail 3.23pre. No code changes here, just some documentation and RCS Id strings. As a result, this release now identifies itself as 3.23pre which is a lot closer to reality. * Removed obsolete Conflicts: suidmanager. -- Santiago Vila Tue, 15 Oct 2013 19:30:30 +0200 procmail (3.22-20) unstable; urgency=low * Added recommended targets build-arch and build-indep. * Build with hardening flags. Closes: #674658. * Added homepage control field. * Added lintian overrides. -- Santiago Vila Wed, 06 Jun 2012 23:05:24 +0200 procmail (3.22-19) unstable; urgency=low * Adopted remaining code changes from procmail 3.23pre. * Changed MTA recommends to "default-mta | mail-transport-agent". * Changed mailstat to use [:alnum:] instead of 0-9A-Za-z. Thanks to Juhan Kundla. Closes: #337048. * Document that the repetition operator is not supported. Thanks to Justin Pryzby. Closes: #452723. * Switch to 3.0 (quilt) source format, 27 patches. -- Santiago Vila Mon, 26 Apr 2010 00:23:26 +0200 procmail (3.22-18) unstable; urgency=low * Renamed function 'getline' to 'procmail_getline' to avoid namespace clash with modern POSIX. Fixes FTBFS with gcc 4.4. Closes: #549426. Patch from Ubuntu. Thanks a lot. -- Santiago Vila Wed, 21 Oct 2009 23:00:22 +0200 procmail (3.22-17) unstable; urgency=medium * Changed mailfold.c to fix off-by-one malloc error in writefolder() which made procmail to crash. Closes: #474298, #484352. * Do not ignore errors from make realclean. * Cleanup of debian/rules. -- Santiago Vila Thu, 3 Sep 2009 14:42:44 +0200 procmail (3.22-16) unstable; urgency=low * Changed formisc.c so that formail -n actually works (Closes: #151627). * Changed procmailex(5) so that it points to the examples directory in the Debian binary package, not the source (Closes: #355472). * Modified description to not use "real" as an adverb (Closes: #356828). -- Santiago Vila Sun, 30 Apr 2006 19:20:02 +0200 procmail (3.22-15) unstable; urgency=low * Use config.h to override things in autoconf.h that might not be detected by autoconf correctly. This undefines NO_COMSAT and gives proper values for UDP_protocolno and BIFF_serviceport (will hopefully fix Bug#348667). -- Santiago Vila Fri, 3 Feb 2006 00:09:08 +0100 procmail (3.22-14) unstable; urgency=low * Hardcode 127.0.0.1 as the address for localhost in config.h. The COMSAT variable should work again (Closes: #348667). -- Santiago Vila Wed, 18 Jan 2006 19:11:16 +0100 procmail (3.22-13) unstable; urgency=low * Make autoconf.h without cflags, then make everything else as usual. This should fix a build problem on s390, where strcspn is a macro. Thanks to Bastian Blank. Closes: #347563. -- Santiago Vila Thu, 12 Jan 2006 19:09:44 +0100 procmail (3.22-12) unstable; urgency=low * Removed references to binmail(1) from all manpages (Closes: #300894). * Removed PATH line from example .procmailrc (Closes: #334293). -- Santiago Vila Sat, 7 Jan 2006 17:47:30 +0100 procmail (3.22-11) unstable; urgency=low * Added Large File Support, using the output of "getconf LFS_CFLAGS". This will add -D_FILE_OFFSET_BITS=64 when the architecture needs it, and only when the architecture needs it (Closes: #236685). * Headers User-Agent: and NNTP-Posting-Date: are now recognized by formail when splitting messages (Closes: #295604). -- Santiago Vila Tue, 1 Mar 2005 16:35:56 +0100 procmail (3.22-10) unstable; urgency=low * Modified autoconf to hardcode 127.0.0.1 as the address for localhost, instead of taking the value from the machine on which the package is being built. Reported by Stephen Frost. Closes: #283529. -- Santiago Vila Thu, 2 Dec 2004 19:46:16 +0100 procmail (3.22-9) unstable; urgency=low * Changed Recommends: exim to exim4, since that's the default MTA package in sarge (Closes: #228572). -- Santiago Vila Tue, 20 Jan 2004 18:07:10 +0100 procmail (3.22-8) unstable; urgency=low * Fixed strange formail -l behaviour when there is a Content-Length: header. Thanks a lot to Henning Makholm for the patch (Closes: #217853). -- Santiago Vila Mon, 3 Nov 2003 20:01:24 +0100 procmail (3.22-7) unstable; urgency=low * Fixed bad nroff syntax in procmailrc(5), closes: #147173. * Added missing newline in procmail(1), closes: #180477. -- Santiago Vila Mon, 10 Mar 2003 00:09:20 +0100 procmail (3.22-6) unstable; urgency=low * Standards-Version: 3.5.8. -- Santiago Vila Thu, 26 Dec 2002 18:27:08 +0100 procmail (3.22-5) stable; urgency=medium * Patched pipes.c to fix a memory allocation bug (Closes: #171514). -- Santiago Vila Thu, 26 Dec 2002 18:09:38 +0100 procmail (3.22-4) unstable; urgency=low * Fixed a typo in procmail(1). Patch by the author (Closes: #142983). -- Santiago Vila Tue, 16 Apr 2002 19:16:20 +0200 procmail (3.22-3) unstable; urgency=medium * Fixed off-by-one bug in procmail.c which made the raw flag not to be cleared properly. Thanks to Gregory Stark (Closes: #134341). -- Santiago Vila Sun, 17 Feb 2002 16:43:02 +0100 procmail (3.22-2) unstable; urgency=medium * Modified mailfold.c to fix a segfault problem. Patch by the author. * The system-wide mail directory is /var/mail as per policy. -- Santiago Vila Thu, 29 Nov 2001 09:39:04 +0100 procmail (3.22-1) unstable; urgency=low * New upstream release, which uses the `standard' format for Maildir filenames and retries on name collision. It also contains some bug fixes from the 3.23pre snapshot dated 2001-09-13. * Removed `sendmail' from the Recommends field, since we already have `exim' (the default Debian MTA) and `mail-transport-agent'. * Removed suidmanager support. Conflicts: suidmanager (<< 0.50). * Added support for DEB_BUILD_OPTIONS in the source package. * README.Maildir: Do not use locking on the example recipe, since it's wrong to do so in this case. -- Santiago Vila Wed, 21 Nov 2001 09:40:20 +0100 procmail (3.15.2-1) stable; urgency=high * New upstream release, with improved security and robustness involving signal handlers. Author recommends upgrading to this version on any system where it is installed setuid or setgid. * This release fixes also Bug #108417: procmail -p -m resets PATH. -- Santiago Vila Thu, 30 Aug 2001 20:05:06 +0200 procmail (3.15.1-4) unstable; urgency=low * Don't add an extra newline when delivering to a Maildir folder. Please note that the MTA may still add a newline on their own. Exim users should check the `suffix' variable, for example. Patch by the author. Closes: #78623. -- Santiago Vila Sat, 14 Apr 2001 17:18:29 +0200 procmail (3.15.1-3) unstable; urgency=low * Clarified formail -X behaviour, patch by the author (Closes: #77388). * Updated QuickStart. -- Santiago Vila Sun, 25 Mar 2001 10:45:56 +0200 procmail (3.15.1-2) unstable; urgency=low * Fixed lockfile -l endless loop (Closes: #82006). Patch by the author. -- Santiago Vila Sun, 28 Jan 2001 19:44:49 +0100 procmail (3.15.1-1) unstable; urgency=low * New upstream release. A race to create the mailspool would bounce one of the messages due to an internal error. -- Santiago Vila Mon, 8 Jan 2001 20:09:34 +0100 procmail (3.15-3) unstable; urgency=low * Fixed formatting error in procmailrc(5). Patch by the author. (Closes: #80437). -- Santiago Vila Sun, 31 Dec 2000 17:20:47 +0100 procmail (3.15-2) unstable; urgency=low * formail -l is now documented. Patch by the author (Closes: #72275). -- Santiago Vila Fri, 1 Dec 2000 19:54:22 +0100 procmail (3.15-1) unstable; urgency=low * New upstream release. Maildir support is now built-in. * Really change default PATH to "$HOME/bin:/usr/local/bin:/usr/bin:/bin". * Modified the note in QuickStart about refiltering an old mail folder. * Use SEARCHLIBS="" in debian/rules clean target to speed it up. * Modified ft_dotlock in src/foldinfo.h to be in compliance with locking policy, following a hint by the author. * Removed (versioned) dependency on debianutils, since mailstat does not use temporary files anymore. * Made the .forward example in procmail(1) not to depend on the build environment by modifying src/autoconf so that buggy_SENDMAIL is never defined. -- Santiago Vila Mon, 28 Aug 2000 12:51:05 +0200 procmail (3.13.1-4) stable; urgency=high * Fixed weird formail -rk behavior (patch from the author, backported from procmail-3.15). Thanks to Ben Collins for the report. * s/smail/exim/ in `Recommends:' field. -- Santiago Vila Tue, 22 Aug 2000 13:04:50 +0200 procmail (3.13.1-3) unstable; urgency=medium * Standards-Version: 3.1.1 * Updated location of licenses in copyright file. * LOCKINGTEST=100 again, to use fcntl() and dot-locking, as required by latest policy. -- Santiago Vila Wed, 1 Dec 1999 12:37:35 +0100 procmail (3.13.1-2) unstable; urgency=low * Modified procmail(1) and QuickStart to reflect the fact that exim does not accept the exec keyword in .forward files (Bugs #33460 and #37771). * Modified formail to recognize exim's Envelope-To: header (Bug#40718). Patch by Philip Guenther. * Standards-Version: 3.0.0. -- Santiago Vila Mon, 19 Jul 1999 20:09:25 +0200 procmail (3.13.1-1) stable unstable; urgency=high * New upstream release, 3.13 missed a couple possible overflows. * Applied `procmail-locking.patch' from Bruce Guenter, since no directory delivery mechanism requires locking (Bug #35210). -- Santiago Vila Thu, 8 Apr 1999 13:56:33 +0200 procmail (3.13-1) stable unstable; urgency=high * New upstream release. procmail 3.12 breaks smartlist (Bug #35115). -- Santiago Vila Fri, 2 Apr 1999 14:24:24 +0200 procmail (3.12-1) frozen unstable; urgency=high * New upstream release. Fixes some security bugs. * #define GROUP_PER_USER in config.h to allow writeable rcfiles when the group is the user's default group. * Added KNOWN_BUGS to the doc directory. * suid procmail to avoid non-suidness window when upgrading. -- Santiago Vila Thu, 4 Mar 1999 10:28:28 +0100 procmail (3.10.7-7) frozen unstable; urgency=medium * New Maildir patches from Bruce Guenter. Should fix Bug #30320: procmail: maildir does not use From_ lines. -- Santiago Vila Thu, 31 Dec 1998 13:27:20 +0100 procmail (3.10.7-6) frozen unstable; urgency=medium * Patched mailfold.c to avoid the unnecessary one second wait when delivering to MH folders (patch by the author). * src/locking.c: Applied a bugfix patch from the author. -- Santiago Vila Wed, 13 May 1998 21:50:19 +0200 procmail (3.10.7-5) frozen unstable; urgency=medium * Added a patch for Maildir support. The "new" procmail should be completely backwards compatible with the "previous" one, in the sense that its behaviour should be just the same for already existing .procmailrc files which do not use the new syntax for Maildir folders. * Added a small README.Maildir explaining how to use this feature. -- Santiago Vila Mon, 4 May 1998 19:39:55 +0200 procmail (3.10.7-4) frozen unstable; urgency=low * Added a small note in QuickStart about refiltering an old mail folder. * mailstat(1): The log file is truncated to zero length (Bug #21022). * PATH=/usr/local/bin:/usr/bin:/bin for the example in procmail(1). * Standards-Version: 2.4.1. -- Santiago Vila Fri, 17 Apr 1998 18:00:14 +0200 procmail (3.10.7-3) frozen unstable; urgency=medium * Patched src/recommend.c so that the mail spool directory is not touched. This will allow the package to be built using fakeroot. * Patched mailstat so that it uses tempfile. -- Santiago Vila Tue, 24 Mar 1998 21:43:08 +0100 procmail (3.10.7-2) unstable; urgency=low * Default PATH is now "$HOME/bin:/usr/local/bin:/usr/bin:/bin". * Added "fetchmail" to the Recommends: line as one more option. * Added /usr/doc/procmail/QuickStart (experimental). * Compressed changelog.Debian. * Removed debstd dependency. * Pristine source. -- Santiago Vila Sat, 31 Jan 1998 20:30:06 +0100 procmail (3.10.7-1) unstable; urgency=low * Upgraded to 3.11pre7. Sources are now GPLed, hurrah! * Added explicit SEARCHLIBS, to avoid unneeded dependency on libdl. * First libc6 release. -- Santiago Vila Wed, 18 Jun 1997 20:43:28 +0200 procmail (3.10.4-2) frozen unstable; urgency=low * Rebuilt using latest debmake to avoid a problem with suidmanager. -- Santiago Vila Sat, 17 May 1997 20:52:59 +0200 procmail (3.10.4-1) frozen unstable; urgency=low * Upgraded to 3.11pre4. Side effect: It can be built using libc6. * Removed NFS_ATIME_HACK patch, since it is no longer needed. -- Santiago Vila Sat, 12 Apr 1997 19:06:46 +0200 procmail (3.10-8) unstable; urgency=low * Rewritten copyright file. * initmake unmodified (source). * Patched to recognize NFS_ATIME_HACK variable in .procmailrc or /etc/procmailrc. Default value is "yes" (i.e. wait a second). * Added a small note about this in /usr/doc/procmail/README.Debian. -- Santiago Vila Sun, 23 Mar 1997 12:04:34 +0100 procmail (3.10-7) unstable; urgency=low * Put CFLAGS settings &c in ./Makefile, not in debian/rules. * Removed fix-substvars script, since it's no longer needed with new libc5-5.4.20. * Man page for mailstat changed slightly. * Some minor debian/rules changes. * Added MD5 sums. -- Santiago Vila Fri, 21 Feb 1997 20:53:30 +0100 procmail (3.10-6) unstable; urgency=low * Use debmake. * suidmanager support. * Removed `mailstat' from examples, it's already in /usr/bin. * Removed also `dirname' (which was "for the deprived"). * Added `fix-substvars' script to depend on libc5 >= 5.4.0. -- Santiago Vila Mon, 23 Dec 1996 16:34:02 +0100 procmail (3.10-5) unstable; urgency=low * Updated to Standards-Version 2.1.2.2. * Changed "Depends: MTA" to "Recommends: MTA". * Added extended package description in control file. * Added the symlink changelog.gz -> HISTORY.gz. * Added an "experimental" man page for mailstat. * New maintainer. -- Santiago Vila Sat, 21 Dec 1996 23:32:11 +0100