diff --git a/CHANGELOG.TXT b/CHANGELOG.TXT index 1a612501..60df8eac 100644 --- a/CHANGELOG.TXT +++ b/CHANGELOG.TXT @@ -9,6 +9,12 @@ # Last update: # $Id$ +Version 3.0.1 - 2016/09/19 - SVN r1870 +------------------------------------------------- + + - add missing Smarty files to Debian package + (no changes to PostfixAdmin, therefore only released as Debian packages) + Version 3.0 - 2016/09/11 - SVN r1861 ------------------------------------------------- @@ -452,8 +458,21 @@ Version 3.0 beta1 (2.91) - 2014/05/06 - SVN r1670 - postfixadmin.docs: removed redundant changelog file - debian/postfixadmin.postrm: Call wwwconfig scripts only if they are existing +Version 2.3.8 - 2015/10/07 - SVN r1814 (postfixadmin-2.3 branch) +---------------------------------------------------------------- + + - fix query to enable/disable alias in edit-mailbox for PostgreSQL (#311) + - don't prefill username in users/ login on failed logins - fixes (probably + harmless) XSS + - fix show_gen_status() to properly escape mail addresses in query (#356) + - fix escaping in create-admin, create-mailbox and fetchmail templates - + fixes (harmless) XSS on form validation errors + - don't echo the password back to the browser in the fetchmail form + - allow MariaDB in Debian package dependencies + Version 2.3.7 - 2014/02/20 - SVN r1651 (postfixadmin-2.3 branch) ---------------------------------------------------------------- + - SECURITY: fix SQL injection in show_gen_status() - lt.lang, da.lang translation update - when enabling/disabling a mailbox, also update the corresponding alias diff --git a/config.inc.php b/config.inc.php index ce37328a..3da5cda6 100644 --- a/config.inc.php +++ b/config.inc.php @@ -137,7 +137,7 @@ $CONF['smtp_client'] = ''; // system = whatever you have set as your PHP system default // cleartext = clear text passwords (ouch!) // mysql_encrypt = useful for PAM integration -// authlib = support for courier-authlib style passwords +// authlib = support for courier-authlib style passwords - also set $CONF['authlib_default_flavor'] // dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5 // IMPORTANT: // - don't use dovecot:* methods that include the username in the hash - you won't be able to login to PostfixAdmin in this case @@ -146,6 +146,7 @@ $CONF['smtp_client'] = ''; $CONF['encrypt'] = 'md5crypt'; // In what flavor should courier-authlib style passwords be encrypted? +// (only used if $CONF['encrypt'] == 'authlib') // md5 = {md5} + base64 encoded md5 hash // md5raw = {md5raw} + plain encoded md5 hash // SHA = {SHA} + base64-encoded sha1 hash diff --git a/debian/control b/debian/control index 861cf7cf..50659f22 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Homepage: http://postfixadmin.sourceforge.net Package: postfixadmin Architecture: all -Depends: debconf (>= 0.5), dbconfig-common, wwwconfig-common, apache2 | lighttpd | httpd, libapache2-mod-php | php-cgi | php, php-imap, php-mysql | php-pgsql | php-mysqlnd | php-sqlite3, mysql-client | postgresql-client, ${misc:Depends} +Depends: debconf (>= 0.5), dbconfig-common, wwwconfig-common, apache2 | lighttpd | httpd, libapache2-mod-php | php-cgi | php, php-imap | php5-imap, php-mysql | php5-mysql | php-pgsql | php-mysqlnd | php-sqlite3, mysql-client | postgresql-client, ${misc:Depends} Recommends: postfix-mysql | postfix-pgsql, virtual-mysql-server | postgresql | sqlite, zendframework, dovecot-core | courier-authlib-mysql | courier-authlib-postgresql, php-cli Description: Virtual mail hosting interface for Postfix Postfixadmin is a web interface to manage virtual users and domains diff --git a/model/FetchmailHandler.php b/model/FetchmailHandler.php index e14157c6..4f14e09a 100644 --- a/model/FetchmailHandler.php +++ b/model/FetchmailHandler.php @@ -39,7 +39,7 @@ class FetchmailHandler extends PFAHandler { 'sslfingerprint'=> pacol( $extra, $extra, $extra, 'text', 'pFetchmail_field_sslfingerprint','' ), 'extra_options' => pacol( $extra, $extra, $extra, 'text', 'pFetchmail_field_extra_options', 'pFetchmail_desc_extra_options' ), 'mda' => pacol( $extra, $extra, $extra, 'text', 'pFetchmail_field_mda' , 'pFetchmail_desc_mda' ), - 'date' => pacol( 0, 0, 1, 'text', 'pFetchmail_field_date' , 'pFetchmail_desc_date' , 1 ), + 'date' => pacol( 0, 0, 1, 'text', 'pFetchmail_field_date' , 'pFetchmail_desc_date' , '2000-01-01' ), 'returned_text' => pacol( 0, 0, 1, 'text', 'pFetchmail_field_returned_text', 'pFetchmail_desc_returned_text' ), 'active' => pacol( 1, 1, 1, 'bool', 'active' , '' , 1 ), 'created' => pacol( 0, 0, 0, 'ts', 'created' , '' ),