-Mon May 08 21:47:00 2000 Dan Harkless <dan-nmh@dilvish.speed.net>
+Mon May 08 23:46:29 2000 Dan Harkless <dan-nmh@dilvish.speed.net>
* Doug informed me that the way I had restored the "lost" version
histories was wrong, because `cvs checkout's of old versions of
file in that directory). `cvs diff' will no longer be able to
diff pre-move versions vs. post-move versions -- you'll have to do
a lot of manual gyrations with `cvs checkout' and then use `diff'.
-
+
+ * I had alphabetized the --configure options in the --help output
+ awhile back, but Shantonu added --enable-apop just under
+ --enable-pop. Put it in alphabetical order and clarified what
+ --enable-apop does vs. --enable-pop and --with-krb4. Also changed
+ --with-mts help line from "mail transport agent" to "mail
+ transport agent/service" so the 's' in "mts" doesn't seem to come
+ out of nowhere.
+
+ * Added two steps to "releasing nmh" in README.developers. After
+ making the tarball, it's a good idea to diff the tree vs. the CVS
+ tree to make sure no files got left out, and then to chown the
+ files so that they're owned by root, preventing a Trojaning attack
+ by a malicious remote user with a UID matching yours.
+
Sat May 06 08:28:09 2000 Dan Harkless <dan-nmh@dilvish.speed.net>
* Restored lost version histories for those moved files by doing a
ac_default_prefix=/usr/local
# Any additions from configure.in:
ac_help="$ac_help
+ --enable-apop enable client-side support for POP3 and APOP"
+ac_help="$ac_help
--enable-debug enable nmh code debugging"
ac_help="$ac_help
--enable-masquerade[='draft_from mmailid username_extension']
ac_help="$ac_help
--enable-mhe enable mhe support (DEFAULT)"
ac_help="$ac_help
- --enable-pop enable client-side support for pop"
-ac_help="$ac_help
- --enable-apop enable client-side support for apop"
+ --enable-pop enable client-side support for plain POP3"
ac_help="$ac_help
--with-hesiod=PREFIX specify location of Hesiod"
ac_help="$ac_help
- --with-krb4=PREFIX specify location of Kerberos V4 for kpop support"
+ --with-krb4=PREFIX specify location of Kerberos V4 for KPOP support"
ac_help="$ac_help
--with-editor=EDITOR specify the default editor"
ac_help="$ac_help
- --with-mts=MTS specify the mail transport agent"
+ --with-mts=MTS specify the mail transport agent/service"
ac_help="$ac_help
--with-pager=PAGER specify the default pager"
ac_help="$ac_help
--with-smtpservers='SMTPSERVER1[ SMTPSERVER2...]'
- specify the default smtp server(s) [localhost]"
+ specify the default SMTP server(s) [localhost]"
ac_default_prefix=/usr/local/nmh
# Initialize some variables set by options.
echo "configuring for nmh-$VERSION"
+# Check whether --enable-apop or --disable-apop was given.
+if test "${enable_apop+set}" = set; then
+ enableval="$enable_apop"
+ :
+fi
+
+if test x"$enable_apop" = x"yes"; then
+ cat >> confdefs.h <<\EOF
+#define APOP 1
+EOF
+ APOPLIB=md5.o
+ enable_pop=yes
+fi
+
# Check whether --enable-debug or --disable-debug was given.
if test "${enable_debug+set}" = set; then
enableval="$enable_debug"
enable_pop=yes
fi
-# Check whether --enable-apop or --disable-apop was given.
-if test "${enable_apop+set}" = set; then
- enableval="$enable_apop"
- :
-fi
-
-if test x"$enable_apop" = x"yes"; then
- cat >> confdefs.h <<\EOF
-#define APOP 1
-EOF
- APOPLIB=md5.o
- enable_pop=yes
-fi
-
# Check whether --with-hesiod or --without-hesiod was given.
if test "${with_hesiod+set}" = set; then
withval="$with_hesiod"
else
echo "$ac_t""no" 1>&6
fi
- for ac_prog in gawk mawk nawk awk
+ for ac_prog in mawk gawk nawk awk
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
s%@build_vendor@%$build_vendor%g
s%@build_os@%$build_os%g
s%@VERSION@%$VERSION%g
-s%@masquerade@%$masquerade%g
s%@APOPLIB@%$APOPLIB%g
+s%@masquerade@%$masquerade%g
s%@POPLIB@%$POPLIB%g
s%@POPSED@%$POPSED%g
s%@MTS@%$MTS%g
dnl CHECK COMMAND LINE OPTIONS
dnl --------------------------
+dnl Do you want client-side support for apop?
+AC_ARG_ENABLE(apop,
+[ --enable-apop enable client-side support for POP3 and APOP])
+if test x"$enable_apop" = x"yes"; then
+ AC_DEFINE(APOP)dnl
+ APOPLIB=md5.o
+ enable_pop=yes
+fi
+AC_SUBST(APOPLIB)dnl
+
dnl Do you want to debug nmh?
undefine([debug])dnl
AC_ARG_ENABLE(debug,
dnl Do you want client-side support for pop?
undefine([pop])dnl
AC_ARG_ENABLE(pop,
-[ --enable-pop enable client-side support for pop])
+[ --enable-pop enable client-side support for plain POP3])
dnl The old redundant --enable-nmh-pop is deprecated and undocumented.
if test x"$enable_nmh_pop" = x"yes"; then
enable_pop=yes
fi
-dnl Do you want client-side support for apop?
-AC_ARG_ENABLE(apop,
-[ --enable-apop enable client-side support for apop])
-if test x"$enable_apop" = x"yes"; then
- AC_DEFINE(APOP)dnl
- APOPLIB=md5.o
- enable_pop=yes
-fi
-AC_SUBST(APOPLIB)dnl
-
dnl Do you want support for hesiod
AC_ARG_WITH(hesiod,
[ --with-hesiod=PREFIX specify location of Hesiod])
dnl Do you want client-side support for kpop
AC_ARG_WITH(krb4,
-[ --with-krb4=PREFIX specify location of Kerberos V4 for kpop support])
+[ --with-krb4=PREFIX specify location of Kerberos V4 for KPOP support])
if test x"$with_krb4" != x -a x"$with_krb4" != x"no"; then
enable_pop=yes
AC_DEFINE(KPOP)dnl
dnl What method of posting should post use?
undefine([mts])dnl
AC_ARG_WITH(mts,
-[ --with-mts=MTS specify the mail transport agent])
+[ --with-mts=MTS specify the mail transport agent/service])
if test x"$with_mts" = x"smtp"; then
MTS="smtp"
undefine([smtpservers])dnl
AC_ARG_WITH(smtpservers,
[ --with-smtpservers='SMTPSERVER1[ SMTPSERVER2...]'
- specify the default smtp server(s) [localhost]])
+ specify the default SMTP server(s) [localhost]])
if test -n "$with_smtpservers"; then
smtpservers="$with_smtpservers"
else
To make a public release of nmh (we'll use version 1.0.4 and my mhost.com
account, danh, as examples here):
-1. % echo 1.0.4 > VERSION
+ 1. % echo 1.0.4 > VERSION
-2. Put a comment like "Released nmh-1.0.4." in the ChangeLog.
+ 2. Put a comment like "Released nmh-1.0.4." in the ChangeLog.
-3. % cvs commit ChangeLog VERSION
+ 3. % cvs commit ChangeLog VERSION
-4. % cvs tag nmh-1_0_4
- (cvs treats dots specially, so underscores are substituted here.)
+ 4. % cvs tag nmh-1_0_4
+ (cvs treats dots specially, so underscores are substituted here.)
-5. % make nmhdist
+ 5. % make nmhdist
-6. Preferably make an MD5 hash and/or a PGP signature of nmh-1.0.4.tar.gz.
+ 6. Untar nmh-1.0.4.tar.gz and `diff -r' it vs. your CVS tree. Make sure no
+ files got left out of the distribution that should be in it (due to someone
+ forgetting to update the DIST variables in the makefiles).
-7. Preferably test out the tarball, making sure you can uncompress and untar it,
- and configure, make, install, and use nmh from it.
+ 7. If you have root access on your machine, it's good at this point to do:
-8. % scp -p nmh-1.0.4.tar.gz* danh@mhost.com:/home/ftp/pub/nmh
+ % chown -R 0:0 nmh-1.0.4
+ % tar cvf nmh-1.0.4.tar nmh-1.0.4
+ % gzip nmh-1.0.4.tar
-9. Send an announcement to exmh-users@redhat.com, exmh-workers@redhat.com,
- mh-users@ics.uci.edu, and nmh-announce@mhost.com. If the release fixes
- significant security holes, also send an announcement to
- bugtraq@securityfocus.com. The exmh lists require you to be subscribed in
- order to post. Note that you don't need to post separately to comp.mail.mh,
- as the mh-users mailing list is apparently bidirectionally gatewayed to it.
+ If you leave the files in the archive as being owned by yourself, your UID
+ may coincide with one of a user on a machine where nmh is being installed,
+ making it possible for that user to Trojan the nmh code before the system
+ administrator finishes installing it.
- Preferably, the announcement should contain the MD5 hash generated above, and
- should be PGP-signed. It should include the FTP URL for the tarball as well
- as the URL of the website. It should contain a brief summary of visible
- changes, as well as the URL of the cvsweb diff page that would show a
- detailed list of changes. The changes between 1.0.3 and 1.0.4 would be shown
- by:
+ 8. Preferably make an MD5 hash and/or a PGP signature of nmh-1.0.4.tar.gz.
- http://www.mhost.com/cgi-bin/cvsweb/nmh/ChangeLog?r1=1.40&r2=1.71
+ 9. Preferably test out the tarball, making sure you can uncompress and untar
+ it, and configure, make, install, and use nmh from it.
+
+10. % scp -p nmh-1.0.4.tar.gz* danh@mhost.com:/home/ftp/pub/nmh
+
+11. Send an announcement to exmh-users@redhat.com, exmh-workers@redhat.com,
+ mh-users@ics.uci.edu, and nmh-announce@mhost.com. If the release fixes
+ significant security holes, also send an announcement to
+ bugtraq@securityfocus.com. The exmh lists require you to be subscribed in
+ order to post. Note that you don't need to post separately to comp.mail.mh,
+ as the mh-users mailing list is apparently bidirectionally gatewayed to it.
+
+ Preferably, the announcement should contain the MD5 hash generated above,
+ and should be PGP-signed. It should include the FTP URL for the tarball as
+ well as the URL of the website. It should contain a brief summary of
+ visible changes, as well as the URL of the cvsweb diff page that would show
+ a detailed list of changes. The changes between 1.0.3 and 1.0.4 would be
+ shown by:
+
+ http://www.mhost.com/cgi-bin/cvsweb/nmh/ChangeLog?r1=1.40&r2=1.71
projects / mmh / commitdiff