   Last updated: 4 October 2000
   Copyright 2000 QUALCOMM Incorporated.  All rights reserved.


This document contains the changes since the last release.



Changes from 3.1fc1 to 3.1 (final)
---------------------------------

 <none>


Changes from 3.1b12 to 3.1fc1
-----------------------------

 1.  Allow Content-Length: header to be CONTLEN_FUZZ too big.
 2.  Only add 'idirafter' when using gcc.


Changes from 3.1b11 to 3.1b12
-----------------------------

 1.  --enable-auto-delete now requires expire=0 (and sets it
     that way by default).
 2.  Fixed link error for 'strip_domain' when --enable-scram
     used.
 3.  Fixed compilation problems with SCRAM.
 4.  Add '-idirafter /usr/local/include' since some systems
     (often BSD) don't search there by default, yet gdbm install
     puts files there.
 5.  Fixed standalone mode to avoid looping before quit, and to
     handle differences in wait3(3C) return values.
 6.  Issue error 4 instead of crashing if PAM appdata pointer is 
     null (known bug in Solaris PAM fixed in Solaris 7 and patch
     106257-05).
 7.  Added '--disable-update-abort' to set NOUPDATEONABORT.
 8.  Moved UnixWare case before default in configure.
 9.  Fixed authentication in stand-alone mode on BSDI.
10.  Fixed tracing in stand-alone mode.


Changes from 3.1b10 to 3.1b11
-----------------------------

 1.  Added check for UnixWare.
 2.  Removed srandom() prototype from popper.h (incorrect
     on some platforms).
 3.  Now using loginrestrictions() instead of our own code
     on AIX to check if accounts are expired, locked out, etc.
 4.  Added check for UnixWare (and a few misc. things) to configure.
 5.  Selecting both HOMEDIRMAIL and TEMP-DROP no longer causes an
     invalid path to be generated.
 6.  Fixed some warnings.
 7.  Now trimming domain name from user name.


Changes from 3.1b9 to 3.1b10
----------------------------

 1.  More frequent checks for EOF when sending message.
 2.  Avoid error messages from getopt in standalone mode.
 3.  Fix compile errors on some platforms by making snprint.c's
     use of TRUE/FALSE/BOOL identical to other files.
 4.  Added check for libdl and libpam in configure script.  Should
     help compilation with PAM on non-Linux systems.
 5.  Eased compilation with PAM on OSes other than Linux and Solaris
     by moving PAM section before OS-specific ones in pop_pass.c, to
     eliminate need to use '&& !defined(USE_PAM)' in each OS section.
 6.  Added '--enable-auth-file=path' to permit access only to users
     listed in the specified file.  Format is one user per line.
 7.  Added '--enable-nonauth-file=path' to deny access to users listed
     in the specified file.  Format is one user per line.


Changes from 3.1b8 to 3.1b9
---------------------------

 1.  standalone mode no longer usurps parameters.


Changes from 3.1b7 to 3.1b8
---------------------------

 1.  popauth now has logging and tracing.
 2.  Reorganized popauth command-line syntax.
 3.  Now users can use popauth to list their own entry.
     Use '-list ALL' to list all users.
 4.  Added vlogit() function.
 5.  Added check for sys/time.h.
 6.  Standalone mode now becomes a daemon (unless compiled
     with _DEBUG).
 7.  Corrected exit() vs _exit() for standalone mode.
 8.  Enhanced logging and tracing for standalone mode.
 9.  Added --enable-low-debug for low-level heavy-duty debugging.


Changes from 3.1b6 to 3.1b7
---------------------------

 1.  Fixed null sometimes returned to clients when mangling.
 2.  Fixed LIST crash when mangle used on unrecognized MIME type.
 3.  Fixed --enable-shy so version is reported in log.
 4.  Added '--enable-standalone' to create standalone POP daemon
     instead of being run out of inetd.  Can specify IP address
     and/or port number to bind to as parameter 1, e.g.,
     'popper 199.46.50.7:8110 -S' or 'popper 8110 -S -T600'.
     If not specified, IP address defaults to all available.  The
     default port is 110 except when _DEBUG (not simply DEBUG) is
     defined, then it is 8765.
 5.  Fixed EDQUOT not defined on some systems.
 6.  BULLDB access now uses usleep(3C) if available, resulting in
     many more access attempts with a shorter maximum delay.
 7.  Added run-time options 'bulldb-nonfatal' (-B) and
     'bulldb-max-retries' to allow fine control over BULLDB access
     behavior.  'bulldb-nonfatal' allows a session to continue if
     the bulletin database can't be locked.  'bulldb-max-retries'
     sets the maximum number of attempts to lock the database.  This
     value should only be changed if you know if your system has
     usleep(3C) or not.  On systems with usleep(3C), this can be a
     large value (the default is 75).  On systems without usleep(3C),
     this should remain small (the default is 10).
 8.  Timestamp in tracefile now omits name of day of week and year, and
     shows milliseconds if system has gettimeofday(3C).


Changes from 3.1b5 to 3.1b6
---------------------------

 1.  Fixed lots more warnings.
 2.  Allow lock to proceed even if user is over quota.
 3.  Added 'check-fmt' script to check for potential format mismatches
     in pop_msg, pop_log, logit, and DEBUG_LOGx calls.
 4.  Fixed potential format mismatches.


Changes from 3.1b4 to 3.1b5
---------------------------

 1.  Fixed several more warnings.
 2.  Revert to using "password expired" instead of "account expired"
     when password not changed within required period.
 3.  Fix for troglodyte OSes without srandom().
 4.  Increased patience locking spool during update.
 5.  Better error messages when unable to lock spool.
 6.  Msgs no longer incorrectly marked hidden when bulletins used.
 7.  Added '--with-kerberos5' for Kerberos V support (using patch from
     Ken Hornstein).  Also includes 'enable-any-kerberos-principal',
     KRB4 for Kerberos IV, KRB5_KRB4_COMPAT to allow for backwards
     compatibility, and NO_CROSSREALM.
 8.  Added '--enable-kuserok' to use kuserok() to vet users.
 9.  Added '--enable-ksockinst' to use getsockinst() for Kerberos
     instance.
10.  Errors on spool copies/appends when cleaning up now always abort.
     This fixes a case where mail could be lost if the user went over
     quota during the session and server mode is in use.
11.  Fixed crash on APOP command when no APOP database.

Changes from 3.1b3 to 3.1b4
---------------------------

 1.  Fix UID generation when OLD_STYLE_UIDL set to match 2.53.
 2.  Drac host now set by -D run-time option instead of reading file.
 3.  Fixed pop_log call in drac.c.
 4.  MAXHOSTNAMELEN now defined in popper.h if not defined by system.
 5.  Removed '-ls' from LIBS for IRIX.
 6.  Added --disable-optimizations to turn off optimizations.
 7.  Added '-f config-file' run-time option.  Additional run-time
     options read from specified file.  All current run-time options
     can now be set this way.  See INSTALL file for option names and
     syntax.
 8.  Added '-u' run-time option to read ~/.qpopper-options' file.
 9.  Changed gperf stuff to avoid problems on systems without gperf.
10.  Changed most uses of strncpy/strncat to strlcpy/strlcat, which
     guarantee to null-terminate the buffer, and are easier to use
     safely.
11.  Ensured null-termination after remaining uses of strncat.


Changes from 3.1b2 to 3.1b3
---------------------------

 1.  popauth passed-in password no longer prompts to confirm.
 2.  Added -help switch to popauth.
 3.  Fixed return value of Qtouchlock; added error checking.
 4.  Fixed stray control character in PAM section of pop_pass.c
 5.  No longer reporting "-1 hidden" msgs for users with bull errors.
 6.  Fixed crash un Qtouchlock() on NeXT.
 7.  Added '--disable-old-spool-loc' to not check for old .user.pop
     files in old locations when HASH_SPOOL or HOMEDIRMAIL used.
 8.  No longer checking for old .user.pop file in old locations unless
     HASH_SPOOL or HOMEDIRMAIL used.
 9.  Added '--disable-check-hash-dir' to not check for or create hash
     spool directories.  Use this if you pre-create the directories.
10.  Added '--enable-server-mode-group-include=group' and 
     '--enable-server-mode-group-exclude=group' to set server mode on
     or off by default for users in the specified group.
11.  Using passed-in passwd structure in pop_bull instead of calling
     getpwnam yet again.
12.  Removed redundant call on genpath from apop, rpop, and scram code.
13.  Deleted unused variables.
14.  Fixed typo in popauth causing failures.
15.  Applied patch from Kenneth Porter to fix many compiler warnings.
16.  Fixed lots and lots of compiler warnings.
17.  Fixed references to value.dptr for even pickier platforms.
18.  When SECURENISPLUS defined, now getting password as user and then
     as root, to handle case where 'compat' is used in 'nsswitch.conf'.
     Based on patch by Neil W. Rickert.
19.  Added '--enable-secure-nis-plus' to set SECURENISPLUS.
20.  Fixed check for BSD DBM files to avoid false positive with pedantic
     compilers.
21.  Deleted '--with-warnings' configure flag.
22.  '--enable-warnings' flag now sets correct CFLAGS on HP systems.


Changes from 3.1b1 to 3.1b2
---------------------------

 1.  Fixed case where buffer passed to pop_msg without format.
 2.  EUIDL no longer includes extra newline for single message.
 3.  --enable-shy now makes banner very brief and omits the
     IMPLEMENTATION tag from the CAPA response unless the user
     is authenticated.
 4.  Added DRAC support, based on patches by Mike McHenry,
     Forrest Aldrich, Steven Champeon, and others.
 5.  Applied patches from Jeffrey C. Honig at BSDI which:
     - Adds BSD/OS authentication support.
     - Adds the Kerberos K_GETSOCKINST define to enable a call to
       k_getsockinst().  It gets the IP address of the local end
       of a connection and looks up the host name and uses that
       for the instance.  This allows using different instances
       for different virtual addresses on the same machine.
     - Disables the check for the principal name being the same as
       the specified user name when KUSEROK is defined.  KUSEROK does
       all the necessary validation.  It's more work for the client
       to figure out what the principal name in the ticket is and it
       doesn't really matter since this userid is ignored.
     - Adds run-time flags: '-S' enables server mode; '-K' allows
       specification of the Kerberos service to use, same as the
       compile time KERBEROS_SERVICE define.
     - Changes references to the BSDI define to be __bsdi__ which is
       defined automatically on BSD/OS.
 6.  Allow password to be passed as extra parameter to popauth so it
     can be used in a scripted environment (based on patch by Dejan
     Ilic).
 7.  Added clear text handling options when APOP or SCRAM available:
     use '-p 0|1|2|3' run-time option; 0 is default; 1 means clear text
     passwords are never permitted for any user; 2 means they are
     always permitted (even if an APOP or SCRAM entry exists), which
     allows them to be used as a fallback; 3 means they are permitted
     on the local interface (127.*.*.*) only.
 8.  Fixed bug causing spool duplication in server mode when 
     KEEP_TEMP_DROP defined.
 9.  maillock calls now show file and line number where called.
10.  UIDs now deterministic when NO_STATUS set.
11.  Removed '-Z' switch for old-style locking.
12.  Added '--enable-old-uidl' to encode UIDLs in old (pre-3.x)
     style.  This is only useful if you set NO_STATUS and you have
     existing users who keep mail on the server and have old spools.
13.  Added '--disable-status' to prevent Qpopper from writing 'Status'
     or 'X-UIDL' headers (--disable-status sets NO_STATUS).  This forces
     UIDs for each message to be recalculated in each session.
14.  Added '--keep-temp-drop' to prevent Qpopper from deleting the temp
     drop files.
15.  No longer accessing APOP datum ptr after closing db.
16.  Corrected blank padding for minimum-width '%s' in snprintf().
17.  Deleted spurious declarations from popper.h, fixing "multiple
     common" link errors.
18.  Cast value.dptr to char * when dereferencing to avoid errors on
     IRIX, using patch from Rick Troxel.
19.  Added '--disable-check-pw-max' to prevent Qpopper from checking
     for expired passwords.
20.  Added return values to pop_exit ring, pop_sendline.
21.  Various fixes for irix from Peter Evans.
22.  Now checking for spool in /var before /usr.
23.  AUTO_DELETE now checks if msg already deleted and updates
     bytes_deleted; also skips loop if msgs_deleted >= msg_count (thanks
     to Roman Shterenzon for the suggestion).
24.  FillMangleInfo now returns 0 on success instead of random (patch
     by Neil Harkin).
25.  Applied patch by Clifton Royston to make XTND XMIT translate
     network EOL (CRLF) to local EOL ('\n').
26.  XTND XMIT now only recognizes initial ".\n' as end-of-msg (instead
     of any line which starts with and ends with ".").
27.  Added code to check for expired accounts on AIX (from Mathieu
     Legare).
28.  Added '-ls' to LIBS on AIX, updated INSTALL for AIX (suggestion by
     Kim Lewall).
30.  Added '-ls' to LIBS for IRIX.
31.  Fixed crash in rpop.
32.  Fixed APOP on OpenBSD.
33.  APOP keys no longer traced (unless TRACE_APOP_KEYS defined).
34.  Don't omit body lines that look like X-UIDL or STATUS headers.

Changes from 3.0.1 to 3.1b1
---------------------------

 1.  Added '--enable-drop-dir=spool-dir' ./configure option to
     specify the location of the mail spool.  The default is to
     search for it as previous.
 2.  Added '-L msgs' run-time flag to specify the number of msgs
     we process during initialization and cleanup before checking
     if we need to refresh the mail lock.  Default is 500.  The
     value should be small enough to be able to be processed in
     60 seconds.
 3.  Added '-Z' run-time flag to revert to old (pre-3.x) locking.
     This is dangerous and will likely be removed prior to release.
 4.  Added '--enable-timing' ./configure option to write log records
     with elapsed time for authentication, initialization, and 
     cleanup.
