version 3.009: Tue 18 Aug 09:49:44 CEST 2020
Improvements:
- for file-per-message based folders, you can now address the message
via its filename. rt.cpan.org#132823 [Alexander Adolf]
version 3.008: Fri 4 Oct 08:34:32 CEST 2019
Fixes:
- MH reading message did not unlock after processing.
rt.cpan.org#130193 [Sergey Poznyakoff]
Improvements:
- test suite can now run in parallel [Corion, Max Maischein]
1.300034 2019-12-02 22:21:58-05:00 America/New_York
- add documentation for the SMTP "hosts" parameter!
1.300033 2019-11-26 14:44:51-05:00 America/New_York
- no changes since 1.300031
1.300032 2019-11-15 00:32:03-05:00 America/New_York (TRIAL RELEASE)
- SMTP transport can now accept a "hosts" init arg instead of just
"host"; this argument is an arrayref of host names to try in order
(thanks, Marc Bradshaw!)
1.949 2020-05-24 10:25:36-04:00 America/New_York
- no changes since trial release
1.948 2020-05-09 14:57:17-04:00 America/New_York (TRIAL RELEASE)
- fixes to handling of content-type parameters (thanks, dlucredativ and
Pali Rohár)
1.947 2020-05-09 14:30:06-04:00 America/New_York (TRIAL RELEASE)
- add $Email::MIME::MAX_DEPTH and refuse to parse deeper than that many
parts; current default: 10
1.024 2020-05-24 10:19:20-04:00 America/New_York
- no changes since stable release
1.023 2020-05-09 14:51:41-04:00 America/New_York (TRIAL RELEASE)
- All of this release is thanks to Pali Rohár, who suffered through a
long period of waiting while RJBS, the maintainer, let the module
languish. Thank you for your patience, Pali and everybody else.
- silence an uninitalized value warning
- avoid allowing non-Latin digits in numbers
- add new functions build_content_type() and build_content_disposition
----- July 2010 - Version 1.8 released -----
3. Complete overhaul of ppf_mime. Determine the MIME message boundary
using more reliable (albeit more complex) means, and special case
a lot of client behavior to allow verification of a wider variety
of messages. For display, de-code more of the MIME en-coding so that
the messages are much more readable. Use the same tricks to display
decrypted messages in ppf_mime_decrypt.
These changes have several major benefits:
a. Support for PGP/MIME messages generated by well over a dozen MUAs.
b. Support for verifying signatures on attachments, and a clear
indication that attachments are signed (or not).
c. Greatly improved readability. With the exception of text coloring
(URLs, signatures, etc.), 8-bit characters, and some types of
messages sent with format=flowed, messages displayed by the filter
are identical to the display in Alpine.
2. For ppf_{decrypt|encrypt|sign|verify} add 'clear' commands so that
nothing is left behind in the "user interface" area between scripts.
For _verify, add a message indicating that we are verifying, along
with a helpful hint about delays caused by auto-key-retrieve.
1. Add /opt/bin and /opt/local/bin to the gpg[2] search path in configure
in case it is located there, and that's not going to be $PREFIX.
----- April 2010 - Version 1.7 released -----
2. Add support for the OpenPGP header in ppf_sign and ppf_encrypt, and
use the same method to sanitize the key ID as was already done for
the other headers.
1. Use a more reliable method to find the signature and message parts
in the ppf_mime script.
Changelog:
What's new in notmuch 0.31
=========================
Emacs
-----
Notmuch now supports Emacs 27.1. You may need to set
`mml-secure-openpgp-sign-with-sender` and/or
`mml-secure-smime-sign-with-sender` to continue signing messages.
The minimum supported major version of GNU Emacs is now 25.1.
Add support for moving between threads after notmuch-tree-from-search-thread.
New `notmuch-unthreaded` mode (added in Notmuch 0.30)
Unthreaded view is a mode where each matching message is shown on a
separate line.
The main key entries to unthreaded view are
'u' enter a query to view in unthreaded mode (works in hello,
search, show and tree mode)
'U' view the current query in unthreaded mode (works from search,
show and tree)
Saved searches can also specify that they should open in unthreaded
view.
Currently it is not possible to specify the sort order: it will
always be newest first.
Notmuch-Mutt
------------
The shell pipeline executed by notmuch-mutt, which symlinked matched
files to a maildir for mutt to access is replaced with internal perl
processing. This search operation is now more portable, and somewhat
faster.
Library
-------
Improve exception handling in the library. This should
largely eliminate terminations inside the library due to uncaught
exceptions or internal errors. No doubt there are a few uncovered
code paths still; please report them as bugs.
Add `notmuch_message_get_flag_st` and
`notmuch_message_has_maildir_flag_st`, and deprecate the existing
non-status providing versions.
Move memory de-allocation from `notmuch_database_close` to
`notmuch_database_destroy`.
Handle relative filenames in `notmuch_database_index_file`, as
promised in the documentation.
Python Bindings
---------------
Documentation for the python bindings is merged into the main
sphinx-doc documentation tree. The merged documentation can be built
with e.g. `make sphinx-html`
Dependencies
------------
We now support building notmuch against Xapian 1.5 (the current
development version).
Test Suite
----------
Test suite fixes for compatibility with Emacs 27.1.
Build System
------------
Man pages are now compressed reproducibly.
* Lightning cannot be disabled by users in build time.
Remove mozilla-lightning option.
Changelog:
78.2.1
Changes
changed OpenPGP enabled by default
changed OpenPGP: Disabled the use of MD5/SM2/SM3 algorithms
Fixes
fixed OpenPGP: Users with sub-identities were unable to encrypt or sign messages when switching identities
fixed OpenPGP message security window did not support dark mode
78.2.0
Changes
changed OpenPGP Key generation now disabled when there is no default mail account configured
changed OpenPGP: Encrypt saved drafts when OpenPGP is enabled
changed Twitter search removed
changed Calendar: Event summary dialog is now themeable
changed MailExtensions: Some APIs now use defineLazyPreferenceGetter in order to benefit from caching
Fixes
fixed OpenPGP Key Manager search function did not work
fixed OpenPGP Key Properties dialog was sometimes too small
fixed OpenPGP: Encrypted email would not send if address contained uppercase characters
fixed OpenPGP: "Key ID" column could not be resized in Key Manage
fixed OpenPGP: Keys containing invalid UTF-8 strings could not be imported
fixed OpenPGP: Enable automatic signing for encrypted messages in additional scenarios
fixed Many more OpenPGP bug fixes and improvements
fixed IMAP fetch chunk size was always 65536 bytes
fixed IMAP server capabilities were not rechecked after upgrading to SSL/TLS connection
fixed Message Composer: Order of attachments could not be modified using drag & drop
fixed Composing messages with a "fixed width" font did not work
fixed Drag and drop of address book contacts did not work in some situations
fixed Address book migration failed when there was a dot in the file name
fixed Address book: "Always prefer display name over message header" was always checked when editing a contact
fixed Address book performance optimizations
fixed Dialog to add a new mail account from "Account Settings" did not open
fixed "Select All" (Ctrl+A) in message source did not work until focused with a mouse click
fixed Ctrl+scroll wheel not zooming in message reader
fixed Setting/changing a signature from a file lost when closing account settings
fixed Adaptive Junk Mail settings could not be disabled
fixed Message filter dialog fixes: Missing scrollbar, drop-down list not wide enough
fixed Various UX and theme improvements
78.1.1
Changes
changed Building OpenPGP shared library linked to system libraries now supported
changed MailExtension errors now shown in Developer Tools console by default
changed MailExtensions: Dynamic registration of calendar providers now supported
Fixesr
fixed OpenPGP improvements
fixed Message preview was sometimes blank after upgrading from Thunderbird 68
fixed Email addresses whitelisted for remote content not displayed in preferences
fixed Importing data from Seamonkey did not work
fixed Renaming a mail list did not update the side bar
fixed MailExtensions: messenger.* namespace was undefined
78.1.0
What's New
new OpenPGP support is now feature complete. Improvements: new Key Wizard, online searching for OpenPGP keys, and more
new The preferences tab now has a search field
Changes
changed Dark background in message reader is now disabled
Fixes
fixed Thunderbird startup was slow when using folder color customizations with many folders. Previously configured colors will not be migrated.
fixed Mail quota usage in status bar did not support terabyte folder sizes
fixed Changing Junk mail settings with keyboard toggled wrong setting
fixed Advanced IMAP server preferences not saved in Account Manager
fixed Address book migration updates and fixes
fixed Address book: Last Modified Date was not updated
fixed Dark mode improvements
fixed Various security fixes
Security fixes:
#CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
#CVE-2020-6514: WebRTC data channel leaks internal address to peer
#CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
#CVE-2020-15653: Bypassing iframe sandbox when allowing popups
#CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
#CVE-2020-15656: Type confusion for special arguments in IonMonkey
#CVE-2020-15658: Overriding file type when saving to disk
#CVE-2020-15657: DLL hijacking due to incorrect loading path
#CVE-2020-15654: Custom cursor can overlay user interface
#CVE-2020-15659: Memory safety bugs fixed in Thunderbird 78.1
78.0.1
What's New
new OpenPGP: Key revocation, extending key expiration, and secret key backup
Fixes
fixed Drag & Drop multiple attachments to macOS Finder created duplicate files
fixed Faceted search date and relevance settings not saved
fixed FileLink attachments included as a link and file when added from a network drive via drag & drop
fixed About Thunderbird dialog keyboard shortcuts did not work
fixed CC'd recipients sometimes displayed collapsed in header pane
fixed Incremental search in contacts sidebar did not always display local results when an LDAP server was also in use
fixed Contacts sidebar search results cleared after removing a contact
fixed OpenPGP: Messages with long Armor Header lines did not display
fixed OpenPGP: Messages containing non-UTF-8 text were not supported
fixed Various UI and theming fixes
fixed Chat: Participants list did not display operator flags
Changelog:
With "smtp_tls_connection_reuse = yes", tlsproxy(8) was using the wrong global
TLS context for connections that use DANE trust anchors or that use non-DANE
trust anchors. This resulted in a global certificate verify function pointer
race, between TLS handshakes that use trust achors and concurrent TLS
handshakes that use PKI. No memory was corrupted in the course of all this.
Reference: http://www.postfix.org/announcements/postfix-3.5.7.html
upstream changes:
-----------------
fetchmail-6.4.8 (released 2020-06-14, 27596 LoC):
## NEW TRANSLATION, with thanks to the translator:
* sr: Мирослав Николић (Miroslav Nikolić) [Serbian]
- Sorry, this was missed earlier because my translation scripts did not properly
report new translations.
# KNOWN BUGS AND WORKAROUNDS
(This section floats upwards through the NEWS file so it stays with the
current release information)
* Fetchmail does not handle messages without Message-ID header well
(See sourceforge.net bug #780933)
* Fetchmail currently uses 31-bit signed integers in several places
where unsigned and/or wider types should have been used, for instance,
for mailbox sizes, and misreports sizes of 2 GibiB and beyond.
Fixing this requires C89 compatibility to be relinquished.
* BSMTP is mostly untested and errors can cause corrupt output.
* Fetchmail does not track pending deletes across crashes.
* The command line interface is sometimes a bit stubborn, for instance,
fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some circumstances if
no or no global IPv6 addresses are configured.
(No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
messages. This will not be fixed, because the maintainer has no Kerberos 5
server to test against. Use GSSAPI.
---------------------------------------------------------------------------------
fetchmail-6.4.7 (released 2020-06-14, 27596 LoC):
## TRANSLATION UPDATE, with thanks to the translator:
* sv: Göran Uddeborg [Swedish]
-------------------------------------------------------------------------------
fetchmail-6.4.6 (released 2020-05-29, 27596 LoC):
## TRANSLATION UPDATE, with thanks to the translator:
* eo: Felipe Castro [Esperanto]
--------------------------------------------------------------------------------
fetchmail-6.4.5 (released 2020-05-07, 27596 LoC):
## REGRESSION FIX:
* fetchmail 6.4.0 and 6.4.1 changed the resolution of the home directory
in a way that requires SUSv4 semantics of realpath(), which leads to
'Cannot find absolute path for... directory' error messages followed by aborts
on systems where realpath() follows strict SUSv2 semantics and returns
EINVAL if the 2nd argument is NULL.
On such systems, for instance, Solaris 10, fetchmail requires PATH_MAX to be
defined, and will then work again. Regression reported by David Hough.
On systems that neither provide auto-allocation semantics for realpath(),
nor PATH_MAX, fetchmail will print this error and abort. Such systems
are unsupported, see README.
## CHANGES:
* Add a test program fm_realpath, and a t.realpath script, neither to be
installed. These will test resolution of the current working directory.
## TRANSLATION UPDATES in reverse alphabetical order of language codes,
## with my thanks to the translators:
* zh_CN: Boyuan Yang [Chinese (simplified)]
* sv: Göran Uddeborg [Swedish]
* sq: Besnik Bleta [Albanian]
* pl: Jakub Bogusz [Polish]
* ja: Takeshi Hamasaki [Japanese]
* fr: Frédéric Marchal [French]
* cs: Petr Pisar [Czech]
--------------------------------------------------------------------------------
fetchmail-6.4.4 (released 2020-04-26, 27530 LoC):
## UPDATED TRANSLATIONS - WITH THANKS TO THE TRANSLATOR:
* ja: Takeshi Hamasaki [Japanese]
--------------------------------------------------------------------------------
fetchmail-6.4.3 (released 2020-04-05, 27530 LoC):
## BUGFIXES:
* Plug memory leaks when parts of the configuration (defaults, rcfile, command
line) override one another.
* fetchmail terminated the placeholder command string too late and included
garbage from the heap at the end of the string. Workaround: don't use place-
holders %h or %p in the --plugin string. Bug added in 6.4.0 when merging
Gitlab merge request !5 in order to fix an input buffer overrun.
Faulty commit 418cda65f752e367fa663fd13884a45fcbc39ddd.
Reported by Stefan Thurner, Gitlab issue #16.
* Fetchmail now checks for errors when trying to read the .idfile,
Gitlab issue #3.
* Fetchmail's error messages that reports that the defaults entry isn't the
first was made more precise. It could be misleading if there was a poll or
skip statement before the defaults.
## CHANGES:
* Fetchmail documentation was updated to require OpenSSL 1.1.1.
OpenSSL 1.0.2 reached End Of Life status at the end of the year 2019.
Fetchmail will tolerate, but warn about, 1.0.2 for now on the assumption that
distributors backport security fixes as the need arises.
Fetchmail will also warn if another SSL library that is API-compatible
with OpenSSL lacks TLS v1.3 support.
* If the trust anchor is missing, fetchmail refers the user to README.SSL.
## INTERNAL CHANGES:
* The AC_DECLS(getenv) check was removed, its only user was broken and not
accounting for that AC_DECLS always defines HAVE_DECL_... to 0 or 1, so
fetchmail never declared a missing getenv() symbol (it was testing with
#ifdef). Remove the backup declaration. getenv is mandated by SUSv2 anyways.
## UPDATED TRANSLATIONS - WITH THANKS TO THE TRANSLATORS:
* sq: Besnik Bleta [Albanian]
* zh_CN: Boyuan Yang [Chinese (simplified)]
* pl: Jakub Bogusz [Polish]
* cs: Petr Pisar [Czech]
* fr: Frédéric Marchal [French]
* sv: Göran Uddeborg [Swedish]
* eo: Felipe Castro [Esperanto]
upstream changes:
-----------------
Fixed in Postfix versions 3.5.6, 3.4.16, 3.3.14, 3.2.19:
* One fix for memory leaks in the Postfix TLS library was back-ported to the wrong place, resulting in undefined program behavior.
Fixed in Postfix versions 3.5.6, 3.4.16:
* The workaround for allowed TLS protocol versions did not explictly override the system-wide OpenSSL configuration, for sessions where the remote SMTP client sends SNI. It's better to be safe than sorry.
Fixed in Postfix versions 3.5.5, 3.4.15, 3.3.13, 3.2.18:
* Workaround for unexpected TLS interoperability problems when Postfix runs on OS distributions with system-wide OpenSSL configurations.
* Memory leaks in the Postfix TLS library, the largest one involving multiple kBytes per peer certificate.
Update based on wip/mailman by Jesus Cea.
Clean some pkglint while here.
2.1.34 (26-Jun-2020)
i18n
- The Spanish translation has been updated by Omar Walid Llorente.
Bug Fixes and other patches
- The fix for LP: #1859104 can result in ValueError being thrown on
attempts to subscribe to a list. This is fixed and extended to apply
REFUSE_SECOND_PENDING to unsubscription as well. (LP: #1878458)
- DMARC mitigation no longer misses if the domain name returned by DNS
contains upper case. (LP: #1881035)
- A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to prevent
mailbombing of a member of a list with private rosters by repeated
subscribe attempts. (LP: #1883017)
- Very long filenames for scrubbed attachments are now truncated.
(LP: #1884456)
Although the package itself builds when pkgsrc is bootstrapped in
unprivileged mode, the pkgsrc +INSTALL/+DEINSTALL scripts fail, causing
bulk build noise:
=> Creating binary package /wrk/mail/qmail/work/.packages/qmail-1.03nb49.tgz
fatal: unable to find user alias
===========================================================================
ERROR: instchown exited 111.
Permissions are likely wrong, and/or the queue may be uninitialized.
===========================================================================
pkg_add: install script returned error status
pkg_add: 1 package addition failed
2020-08-21 Richard Russon <rich@flatcap.org>
* Bug Fixes
- fix maildir flag generation
- fix query notmuch if file is missing
- notmuch: don't abort sync on error
- fix type checking for send config variables
* Changed Config
- `$sidebar_format` - Use `%D` rather than `%B` for named mailboxes
* Translations
- 96% Lithuanian
- 90% Polish
The check whether a block of memory is tainted erroneously returns true
if the block in question starts the very next byte after a block in the
tainted pool. Depending on the memory allocator, this can cause problems.
For example, on NetBSD/amd64 9.0, this seems to allocate the first tainted
block immediately before log_buffer. This leads to a recursive error in
log_write the first time anything is written to the log, leading to a
segmentation fault when the stack fills up.
