Here's the email I got from Frederik Vermeulen, author of the TLS patch for qmail, on April 2:
#################################
Hello,
you were concerned in the development and/or packaging of qmail tls patch.
I have been notified by cert of a (relatively low-impact) flaw that has been made public today.
See
http://www.kb.cert.org/vuls/id/555316
A patch is on
http://inoa.net/qmail-tls/vu555316.patch
A new version of the complete qmail-tls patch is on
http://inoa.net/qmail-tls/netqmail-1.06-tls-20110119.patch
Thank you for reviewing and/or packaging this fix.
Regards,
Frederik
#################################
This was sent to any concerned parties, including folks that wrap it into larger cumulative patches, like myself.
Here's a direct download link for the most recent qmail-toaster patch on github:
https://github.com/shupp/legacy-qmail-related/raw/master/patches/qmail-toaster-0.9.1.patch.bz2According to the notes at the top, it uses this version of the TLS patch:
http://inoa.net/qmail-tls/netqmail-1.05-tls-20070408.patchSo it's out of date, and needs to be updated.
For those of you wanting to try and run the toaster docs yourself, the BTS.php template class is available here:
https://github.com/shupp/BTS/blob/master/branches/BTS/BTS.phpJust put it in your include_path for PHP.
Lastly, I did make an attempt a couple of years ago to move the toaster over to source forge. It appears to still be there:
http://billslinuxqmail.sourceforge.net/toasterLooks like Rick Widmer did some work on it, so I can't speak to its current state. But you're welcome to try that out. At least the translations work!
Sorry for the short notice folks, but given the security issue, it was the right thing to do.
Regards,
Bill