- Remove qmail-qfilter-*-queue shell scripts, which would conflict with
the C programs of the same name included in mail/qmail 1.03nb29 with
the "qmail-rejectutils" option (enabled by default).
- Bump mail/qmail dependency to 1.03nb29.
- Shorten and improve MESSAGE.
Remove unneeded options:
- Unconditionally apply netqmail (which includes a local patch; remove it)
- Unconditionally apply bigdns, maildiruniq, outgoingip, rcptcheck, remote
- Unconditionally apply the TLS + SMTP AUTH _patch_ (not the options)
- Record all applied patches (mandatory and optional) in QMAILPATCHES
- Remove badrcptto, qregex, realrcptto, viruscan (moved to rejectutils)
Simplify packaging:
- Extract a standalone patch <https://schmonz.com/qmail/rejectutils> to
repackage the mutually conflicting recipient- and content-checking
patches as separate programs, along with wrappers for running checks
in sequence
- Extract a standalone patch <https://schmonz.com/qmail/destdir> to
build to a staging area, as non-root, without hardcoded IDs
- Run the destdir patch's `install-destdir` to make or repair the queue
and set special file permissions, obviating the need for a dependency
on mail/queue-fix and handcrafted SPECIAL_PERMS
- While here, run `instcheck` to ensure we've installed just like `make
setup check` as root would have
- Install INSTALL and SENDMAIL docs under their original names,
even on Darwin
- Avoid building catpages, since we don't install them, and remove nroff
from USE_TOOLS
Default-enable more useful options:
- "eai" (new) permits UTF-8 almost everywhere in email
- "qmail-rejectutils" (new) adds several tools for selectively
rejecting messages
- "syncdir" forces synchronous link() and related syscalls
- "tls" and "sasl", instead of causing patch conflicts, cause the TLS
and SMTP AUTH code to be included (!)
2017-07-14 Richard Russon <rich@flatcap.org>
* Translations
- Update German translation
* Docs
- compile-time output: use two lists
- doxygen: add config file
- doxygen: tidy existing comments
* Build
- fix hcachever.sh script
* Upstream
- Fix crash when $postponed is on another server.
2017-07-07 Richard Russon <rich@flatcap.org>
* Features
- Support Gmail's X-GM-RAW server-side search
- Include pattern for broken threads
- Allow sourcing of multiple files
* Contrib
- vombatidae colorscheme
- zenburn colorscheme
- black 256 solarized colorscheme
- neonwolf colorscheme
- Mutt logos
* Bug Fixes
- flags: update the hdr message last
- gpgme S/MIME non-detached signature handling
- menu: the thread tree color
- Uses CurrentFolder to populate LastDir with IMAP
- stabilise sidebar sort order
- colour emails with a '+' in them
- the padding expando '%>'
- Do not set old flag if mark_old is false
- maildir creation
- Decode CRLF line endings to LF when copying headers
- score address pattern do not match personal name
- open attachments in read-only mode
- Add Cc, In-Reply-To, and References to default mailto_allow
- Improve search for mime.types
* Translations
- Update Chinese (Simplified) translation
* Coverity defects
- dodgy buffers
- leaks in lua get/set options
- some resource leaks
* Docs
- update credits
- limitations of new-mail %f expando
- escape <>'s in nested conditions
- add code of conduct
- fix ifdef examples
- update mailmap
- Update modify-labels-then-hide
- fix mailmap
- drop UPDATING files
* Website
- Changes pages (diff)
- Update Arch distro page
- Update NixOS distro page
- Add new Exherbo distro page
- Update translation hi-score table
- Update code of conduct
- Update Newbies page
- Add page about Rebuilding the Documentation
- Add page of hard problems
* Build
- remove unnecessary steps
- drop instdoc script
- move smime_keys into contrib
- fixes for Solaris
- don't delete non-existent files
- remove another reference to devel-notes.txt
- Handle native Solaris GSSAPI.
- drop configure options --enable-exact-address
- drop configure option --with-exec-shell
- drop configure option --enable-nfs-fix
- drop configure option --disable-warnings
- Completely remove dotlock
- More sophisticated check for BDB version + support for DB6 (non default)
* Tidy
- drop VirtIncoming
- split mutt_parse_mailboxes into mutt_parse_unmailboxes
- tidy some buffy code
- tidy the version strings
* Upstream
- Add ~<() and ~>() immediate parent/children patterns
- Add L10N comments to the GNUTLS certificate prompt
- Add more description for the %S and %Z $index_format characters
- Add config vars for forwarded message attribution intro/trailer
- Block SIGWINCH during connect()
- Improve the L10N comment about Sign as
- Auto-pad translation for the GPGME key selection "verify key" headers
- Enable all header fields in the compose menu to be translated
- Force hard redraw after $sendmail instead of calling mutt_endwin
- Make GPGME key selection behavior the same as classic-PGP
- Rename 'sign as' to 'Sign as'; makes compose menu more consistent
- Change the compose menu fields to be dynamically padded
Moll in NetBSD/pkgsrc#4. From the DESCR:
mailsend is a simple command line program to send mail via SMTP protocol.
The program does not use any config file and everything needed to compose
mails (and attachments) is driven via command line parameters.
- bugfix: if password_command parameter was used with a non-existent program,
getmail would error out during the handling of that condition and not report
the problem correctly.
- new release numbering scheme; previous version numbers were just getting
too high.
- catch and ignore/exit cleanly after reset connection in IMAP IDLE mode.
Thanks: Stephan Schulz.
- allow specifying an expected SSL certificate hostname, for when the
server's certificate does not match the domain name used to connect to
it. Thanks: "Andre".
- fix error message not actually giving the header field name incorrectly
specified as containing the envelope recipient address. Thanks: Hardy
Braunsdorf.
- add new password_command configuration parameter for retrievers, allowing
getmail to retrieve the account password from any arbitrary external
command. Suggestion: "ng0".
Upstream changes:
2017-04-14: Marc Bradshaw <marc@marcbradshaw.net>
* commit aac893fdbaa7f8ccd5d37fa7f20d1785406cda51
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Mar 17 14:53:53 2017 +1100
Avoid use of $_ in read loop
RT 106485: Mail::DKIM::PrivateKey->load tampering $_ and <FILE>
* commit 06934f259e392b2a3cf94560e6051d9e522d0bf3
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Mar 17 14:44:44 2017 +1100
Ensure PrivateKey file is closed properly.
Store PrivateKey file handle in lexical variable and close it
once we are done.
RT 120638: Mail::DKIM::PrivateKey does not close FILE
* commit 9e7c1c4cb78a6cb1cf396ece4379c7ed2c44c974
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Feb 27 12:08:11 2015 +1100
Allow greater control over signed headers
* commit 8291c034dc7db4394e9df80e70b8cbe8428a38c2
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Jan 23 09:54:02 2015 +1100
Allow greater control over which headers are signed by Signer
NEWS:
Changes of Sylpheed
* 3.6.0 (stable)
* The Japanese manual was updated.
* 3.6.0beta1 (development)
* The feature to use multiple signatures in one account was added.
* The edit group dialog of the address book was improved to allow
multilple selection and display its available list with folder tree.
* The menu 'Tools - Open configuration/attachments folder' was added.
* Printing settings and page setup are now saved.
* The Japanese manual was updated.
* IMAP: SUBSCRIBE command is explicitly issued for a newly created folder
by CREATE.
* Unix: the search location of SSL certificates for OpenBSD was added
(#222).
* Win32: a notice about not removing user data in the installer was
modified.
Changelog:
52.2.1
Fixed Problems with Gmail (folders not showing, repeated email download, etc.) introduced in version 52.2.0.
52.2.0
Fixed Embedded images not shown in email received from Hotmail/Outlook webmailer
Fixed Detection of non-ASCII font names in font selector
Fixed Attachment not forwarded correctly under certain circumstances
Fixed Multiple requests for master password when GMail OAuth2 is enabled
Fixed Large number of blank pages being printed under certain circumstances when invalid preferences were present
Fixed Messages sent via the Simple MAPI interface are forced to HTML
Fixed Calendar: Invitations can't be printed
Fixed Mailing list (group) not accessible from macOS or Outlook address book
Fixed Clicking on links with references/anchors where target doesn't exist in the message not opening in external browser
Fixed Various security fixes
#CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
#CVE-2017-7749: Use-after-free during docshell reloading
#CVE-2017-7750: Use-after-free with track elements
#CVE-2017-7751: Use-after-free with content viewer listeners
#CVE-2017-7752: Use-after-free with IME input
#CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
#CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
#CVE-2017-7757: Use-after-free in IndexedDB
#CVE-2017-7758: Out-of-bounds read in Opus encoder
#CVE-2017-7763: Mac fonts render some unicode characters as spaces
#CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks
#CVE-2017-7765: Mark of the Web bypass when saving executable files
#CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2, and Thunderbird 52.2
52.1.1
Fixed Large attachments may not be shown or saved correctly if the message is stored in an IMAP folder which is not synchronized for offline use
Fixed Unable to load full message via POP if message was downloaded partially (or only headers) before
Fixed Some attachments can't be opened or saved if the message body is empty
Fixed Crash when compacting IMAP folder
* This release adjusts Pigeonhole to several changes in the Dovecot API,
making it depend on Dovecot v2.2.31. Previous versions of Pigeonhole
will produce compile warnings with the recent Dovecot releases (but
still work ok).
- Fixed bug in handling of implicit keep in some cases. Implicit
side-effects, such as assigned flags, were not always applied
correctly. This is in essence a very old bug, but it was exposed by
recent changes.
- include extension: Fixed segfault that (sometimes) occurred when the
global script location was left unconfigured.
* LMTP: Removed "(Dovecot)" from added Received headers. Some
installations want to hide it, and there's not really any good reason
for anyone to have it.
+ Add ssl_alt_cert and ssl_alt_key settings to add support for
having both RSA and ECDSA certificates.
+ dsync/imapc, pop3-migration plugin: Strip trailing whitespace from
headers when matching mails. This helps with migrations from Zimbra.
+ acl: Add acl_globals_only setting to disable looking up
per-mailbox dovecot-acl files.
+ Parse invalid message addresses better. This mainly affects the
generated IMAP ENVELOPE replies.
- v2.2.30 wasn't fixing corrupted dovecot.index.cache files properly.
It could have deleted wrong mail's cache or assert-crashed.
- v2.2.30 mail-crypt-acl plugin was assert-crashing
- v2.2.30 welcome plugin wasn't working
- Various fixes to handling mailbox listing. Especially related to
handling nonexistent autocreated/autosubscribed mailboxes and ACLs.
- Global ACL file was parsed as if it was local ACL file. This caused
some of the ACL rule interactions to not work exactly as intended.
- auth: forward_* fields didn't work properly: Only the first forward
field was working, and only if the first passdb lookup succeeded.
- Using mail_sort_max_read_count sometimes caused "Broken sort-*
indexes, resetting" errors.
- Using mail_sort_max_read_count may have caused very high CPU usage.
- Message address parsing could have crashed on invalid input.
- imapc_features=fetch-headers wasn't always working correctly and
caused the full header to be fetched.
- imapc: Various bugfixes related to connection failure handling.
- quota=imapc sent unnecessary FETCH RFC822.SIZE to server when
expunging mails.
- quota=count: quota_warning = -storage=.. was never executed
- quota=count: Add support for "ns" parameter
- dsync: Fix incremental syncing for mails that don't have Date or
Message-ID headers.
- imap: Fix hang when client sends pipelined SEARCH +
EXPUNGE/CLOSE/LOGOUT.
- oauth2: Token validation didn't accept empty server responses.
- imap: NOTIFY command has been almost completely broken since the
beginning. I guess nobody has been trying to use it.
1.6.1: 14 Jun 2017
* [Fix] Allow to init resolver without rspamd_config
* [Fix] Do not crash when resolver failed to initialize
* [Fix] Fix abstract context layout
* [Fix] Fix CGP helper reply parsing
* [Fix] Fix crashes when socket write errors occur
* [Fix] Fix parsing IPv6 nameservers in resolv.conf
* [Fix] Milter: Don't defer on "greylist" action
1.6.0: 12 Jun 2017
* [Conf] Add rspamd_proxy to the default configuration set
* [Conf] Add sample arc module config
* [Conf] Do away with systemd specifics completely
* [Conf] Increase min_bytes to avoid FP
* [Conf] Remove ratelimits from default configuration
* [CritFix] Fix accepting on IPv6 sockets
* [CritFix] Fix corruption when multiple fuzzy are defined
* [CritFix] Fix learn condition in fuzzy check
* [CritFix] Fix memory leak in fuzzy check
* [CritFix] Fix memory leak in maps scheduling
* [CritFix] Paese the last character in DKIM signature correctly
* [CritFix] Zero fill sockaddr_un
* [Feature] Add ability to add doc strings by example
* [Feature] Add API to verify DKIM (and ARC) signatures
* [Feature] Add compression/decompression to proxy
* [Feature] Add count to url structure
* [Feature] Add initial support of the new protocol reply
* [Feature] Add Lua plugin spamtrap
* [Feature] Add `monitored_address` for rbls
* [Feature] Add new schema for bayes tokens
* [Feature] Add preliminary ARC support to dkim code
* [Feature] Add preliminary support of ARC signing
* [Feature] Add rules to detect bad 8bit characters in From and To
* [Feature] Add scanning support for milter protocol
* [Feature] Add support for bidirectional symbols in rspamd_stats
* [Feature] Add support for static maps
* [Feature] Add support of maps with multiple regexps matches
* [Feature] Add `text_multiplier` param
* [Feature] Add the preliminary ARC plugin
* [Feature] Add top redirector targets rank
* [Feature] Allow async events to be registered from LUA rules
* [Feature] Allow storing bayes tokens in Redis
* [Feature] Allow to exclude specific domains from mx check
* [Feature] Allow to have a stack of watcher finalisers
* [Feature] Allow to pass hostname to `-i` flag in Rspamc
* [Feature] Allow to set custom user agent in url redirector
* [Feature] Allow to use custom callback when parsing resolv.conf
* [Feature] Allow to use domain from authenticated user
* [Feature] Bayes expiry plugin
* [Feature] Check dkim sign keys for modifications
* [Feature] DKIM signing: sign_networks/local address specific use_domain settings
* [Feature] DMARC: Support excluding domains from sampling
* [Feature] Expire processing items for URL redirector aggressively
* [Feature] Fix surbl monitored for IP lists, add `monitored_domain` option
* [Feature] Implement caching for dkim body hashes
* [Feature] Implement milter protocol scan reply
* [Feature] Improve omograph phishing detection
* [Feature] Initial support of self-scan in Rspamd proxy
* [Feature] Keep track of headers in milter interface
* [Feature] Milter headers: better controls for local/authenticated
* [Feature] Multimap: email:domain:tld filter
* [Feature] Preliminary DMARC reporting implementation
* [Feature] Reuse stemmers in the cache
* [Feature] Rework confighelp to load Lua plugins
* [Feature] Rework hfilter to use hyperscan if possible
* [Feature] Rework lua RSA API
* [Feature] Rmilter_headers: approximate rmilter's extended_spam_headers
* [Feature] Start integration of milter support in proxy
* [Feature] Store average words length and short words count
* [Feature] Store hash of headers order and names
* [Feature] Support MTA name header
* [Feature] Support multiple types of dkim signing in Lua
* [Feature] Support numeric arguments for Redis requests
* [Feature] Use headers hash in bayes metatokens
* [Feature] Use normal resolv.conf rules of rotation in Rspamd
* [Feature] Use version 2 proto for checking messages
* [Fix] Allow to follow symlinks when safe
* [Fix] Append MX name for authentication results as required
* [Fix] Change default text multiplier from 0.5 to 2.0
* [Fix] Check min_bytes for images as well
* [Fix] Deal with 7bit charsets properly
* [Fix] Deal with 8bit characters in email addresses
* [Fix] Deal with unpaired <a> tags
* [Fix] Detect confighelp in plugins initialisation
* [Fix] Disable certain checks for utf spoof detection
* [Fix] DKIM Signing: avoid nil index when From header is missing
* [Fix] Do not add exact hashes from different parts
* [Fix] Do not check DMARC if SPF or DKIM were not checked
* [Fix] Do not check URLs that are resolved to be redirected
* [Fix] Do not set bayes probability if we don't use it
* [Fix] Do not stop on illegal unicode points - replace them
* [Fix] Fix another race condition in arc checks
* [Fix] Fix arc count logic
* [Fix] Fix ARC signing
* [Fix] Fix brain-damaged spamc protocol for now
* [Fix] Fix calling for peak functions
* [Fix] Fix couple of issues in FORWARDED rule
* [Fix] Fix CTE propagation from parent containers to children parts
* [Fix] Fix errors processing in the controller
* [Fix] Fix format string in milter
* [Fix] Fix issues in SPF macros parsing
* [Fix] Fix logging format string
* [Fix] Fix logic of cached passwords check
* [Fix] Fix lowercasing of stemmed words
* [Fix] Fix LRU elements removal
* [Fix] Fix memory leak when accepting from unix sockets
* [Fix] Fix milter connections persistence
* [Fix] Fix objects merging in UCL
* [Fix] Fix order of operations to avoid race condition
* [Fix] Fix parsing of long regexp types
* [Fix] Fix passing data to log helper when many symbols defined
* [Fix] Fix pools management for milter session
* [Fix] Fix processing of the watchers
* [Fix] Fix queue id macro in milter
* [Fix] Fix R_BAD_CTE_7BIT rule
* [Fix] Fix Redis timeout set
* [Fix] Fix REPLYTO_UNPARSEABLE rule
* [Fix] Fix setting of email address
* [Fix] Fix some more issues about duplicated fuzzy requests
* [Fix] Fix spamc support in rspamd proxy
* [Fix] Fix syntax error in spamtrap plugin
* [Fix] Fix url counts for href urls
* [Fix] Fix url handling in the protocol
* [Fix] Multimap: Received IP filters with Redis
* [Fix] Oops, fix d9d0fa5e86db2f4470d34395a233b450478b2f60
* [Fix] Parse rgb[a](x,x,x[,x]) css colors
* [Fix] Phishing: strict_domains
* [Fix] Reduce maps aggressiveness
* [Fix] Reresolve upstreams even if there is a single server there
* [Fix] Rspamadm grep: Disable Lua patterns in string search by default
* [Fix] Skip text parts when checking binary parts in fuzzy check
* [Fix] Support v2 checks in controller
* [Fix] Treat empty address as valid
* [Fix] Try harder to detect CTE
* [Fix] Try to deal with v4 mapped to v6 addresses on accept
* [Fix] Use dkim signing callback properly
* [Fix] Use non-volatile memory for storing data
* [Fix] Use static maps instead of ugly hack for radix_from_config
* [Fix] Use the same pool for related sessions
* [Rework] Continue modularisation for lua library
* [Rework] Initial milter protocol support
* [Rework] Make log pipes worker agnostic, add scanners API
* [Rework] Move authentication results generation to a separate routine
* [Rework] Move common DKIM functions to a separate lua module
* [Rework] Move global functions to a separate directory
* [Rework] Prepare dkim module for ARC checks
* [Rework] Propagate ucl variables from the command line
* [Rework] Remove multiple metrics support from Rspamd
* [Rework] Stop using name 'rmilter' for the modern protocol
* [Rework] Use LFU algorithm in LRU cache
* [Rules] Fix received TLS rules
* [Rules] Improve URL_COUNT_ODD rule
* [WebUI] Fix add header filter in history
* [WebUI] Use modern protocol for checking messages
1.5.9:
* [Conf] Increase min_bytes to avoid FP
* [Conf] Remove ratelimits from default configuration
* [CritFix] Fix accepting on IPv6 sockets
* [CritFix] Zero fill sockaddr_un
* [Feature] Add `text_multiplier` param
* [Fix] Check min_bytes for images as well
* [Fix] Do not add exact hashes from different parts
* [Fix] Fix memory leak when accepting from unix sockets
* [Fix] Fix some more issues about duplicated fuzzy requests
* [Fix] Phishing: strict_domains
* [Fix] Skip text parts when checking binary parts in fuzzy check
* [Minor] Add the same duplicates protection for all fuzzy hashes types
* [Minor] Fix braces
* [Minor] Fix test
* [Minor] SPOOF_DISPLAY_NAME: Use all SMTP/MIME recipients
* [Minor] Validate assumed spoofed display name domains to contain a dot
1.5.8:
* [CritFix] Fix memory leak in fuzzy check
* [CritFix] Fix memory leak in maps scheduling
* [Feature] Multimap: email:domain:tld filter
* [Fix] DKIM Signing: avoid nil index when From header is missing
* [Fix] Do not set bayes probability if we don't use it
* [Fix] Do not stop on illegal unicode points - replace them
* [Fix] Fix brain-damaged spamc protocol for now
* [Fix] Fix Redis timeout set
* [Fix] Fix spamc support in rspamd proxy
* [Fix] Multimap: Received IP filters with Redis
* [Fix] Parse rgb[a](x,x,x[,x]) css colors
* [Fix] Reresolve upstreams even if there is a single server there
* [Fix] Treat empty address as valid
* [Fix] Try harder to detect CTE
* [Fix] Try to deal with v4 mapped to v6 addresses on accept
* [Minor] Add `wsf` and `hta` bad archive extensions
* [Minor] Fix configuration option
* [Minor] Fix result parsing for SAVAPI
* [Minor] Further logging improvements
* [Minor] Improve logging of errors
* [Minor] Prevent MID_CONTAINS_FROM from firing on empty address
* [Minor] Reduce digit->number transmission penalty
* [Minor] Relax CTYPE_MISSING_DISPOSITION rule
1.5.7:
* [CritFix] Fix corruption when multiple fuzzy are defined
* [CritFix] Fix learn condition in fuzzy check
* [Feature] Add rules to detect bad 8bit characters in From and To
* [Feature] DKIM signing: sign_networks/local address specific use_domain settings
* [Feature] Support numeric arguments for Redis requests
* [Fix] Deal with 8bit characters in email addresses
* [Fix] Fix couple of issues in FORWARDED rule
* [Fix] Fix passing data to log helper when many symbols defined
* [Fix] Fix R_BAD_CTE_7BIT rule
* [Fix] Fix REPLYTO_UNPARSEABLE rule
* [Fix] Fix setting of email address
* [Fix] Rspamadm grep: Disable Lua patterns in string search by default
* [Minor] Add Lua 5.3 workaround
* [Minor] Add lua methods to detect if a part has 8bit characters
* [Minor] Allow session-less lua dns requests
* [Minor] Allow to append greylist end time to message reported
* [Minor] Avoid `nil` table
* [Minor] Disable dkim_signing if redis is specified but not configured
* [Minor] Fix build with pcre2
* [Minor] Fix rule
* [Minor] Fix warnings
* [Minor] Format floating point number
* [Minor] Push email flags to the lua API
* [Minor] Silence some warnings
* [Minor] Silence warning
* [Minor] Try all hostname regexps to find the most significant one
* [WebUI] Fix add header filter in history
Note: CVE-2017-7692 is already fixed by 1.4.23pre14605nb1.
- compose_send hook now has $draft flag in hook arguments
- Fixed insufficient sendmail command argument escaping (thanks
to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo
Cavallarin for bringing this to our attention). [CVE-2017-7692]
- Upgraded preferences for the delete_move_next plugin. Automatic
user preference updates are included, but note that if your
installation is new, or all user prefs have been converted from
"on"/"off" to 0/1 then you can add the following to SquirrelMail's
config/config_local.php to avoid convertign legacy values over and over:
$do_not_convert_delete_move_next_legacy_preferences = TRUE;
- Added ability to control the display of the "Check Spelling"
button provided by the squirrelspell plugin, which allows
administrators to offer this plugin but keep it out of the way
for users who do not want it. Put sqspell_show_button=0 in
default preferences if it should be hidden by default
pkgsrc change: Add support for NetBSD 8.
This announcement (June 13, 2017) includes changes that were released
with an earlier update (June 10, 2017). The announcement was postponed
to avoid confusion due to repeated notification.
Fixed in all supported releases:
* Security: Berkeley DB versions 2 and later try to read settings
from a file DB_CONFIG in the current directory. This undocumented
feature may introduce undisclosed vulnerabilities resulting in
privilege escalation with Postfix set-gid programs (postdrop,
postqueue) before they chdir to the Postfix queue directory,
and with the postmap and postalias commands depending on whether
the user's current directory is writable by other users. This
fix does not change Postfix behavior for Berkeley DB versions
< 3, but it does reduce postmap and postalias 'create' performance
with Berkeley DB versions 3.0 .. 4.6.
Fixed in Postfix 3.2 and later:
* The SMTP server receive_override_options were not restored at
the end of an SMTP session, after the options were modified by
an smtpd_milter_maps setting of "DISABLE". Milter support
remained disabled for the life time of the smtpd process.
* After the Postfix 3.2 address/domain table lookup overhaul, the
check_sender_access and check_recipient_access features ignored
a non-default parent_domain_matches_subdomains setting.
to 180000000 bytes. From Nathan Arthur in private mail.
Allow path to tcpserver to be overridden in rc.conf (e.g., by
sslserver from net/ucspi-ssl). From Thomas Lazar in private mail.
Detach processes and their loggers from the controlling terminal
with pgrphack(8).
Include qmailqread in the services driven by the LWQ-style qmail
rc.d script.
Unconditionally depend on mail/mess822, now that it's correctly
marked public-domain. Remove qmail-run-ofmipd option.
Bump version.
Notmuch 0.24.2 (2017-06-01)
===========================
Command Line Interface
----------------------
Fix output from `notmuch dump --include=properties` to not include tags.
Emacs
-----
Fix filename stashing in tree view.
2017-06-09 Richard Russon <rich@flatcap.org>
* Contrib
- unbind mappings before overwriting in vim-keys
* Bug Fixes
- latest coverity issues (#624)
- don't pass colour-codes to filters
- Don't set a colour unless it's been defined.
- crash if no from is set or founds
- ifdef command
* Translations
- fix translations
- fix some remaining translation problems
* Docs
- explain binding warnings
- don't document unsupported arches
* Build
- fix make git_ver.h
- allow xsltproc and w3m calls to fail
- fix make dist
* Upstream
- Add a mutt_endwin() before invoking $sendmail
- Restore setenv function
- Fix tag-prefix to not abort on $timeout
- Change km_dokey() to return -2 on a timeout/sigwinch
- Enable TEXTDOMAINDIR override to make translation testing easier
- Fix "format string is not a string literal" warnings
2017-06-02 Richard Russon <rich@flatcap.org>
* Features
- Warn on bindkey aliasing
- Drop PATCHES, tidy 'mutt -v' output
- Add %z format strings to index_format
- Add debug_level/debug_file options
* Bug Fixes
- Fix nntp group selection
- Fix status color
- Tidy up S/MIME contrib
- Do not try to create Maildir if it is an NNTP URI
- Fix missing NONULL for mutt.set() in Lua
* Translations
- Fix German PGP shortkeys
* Docs
- Remove feature muttrc files
- Merge README.notmuch into manual
- Remove unneded scripts
- Remove README.SECURITY
- Remove BEWARE and devel-notes.txt
- Update Makefiles
- Delete TODO files
- Remove legacy files
- Don't generate vim-neomutt syntax file
- Remove LaTeX/pdf manual generation
- Add missing docs for expandos
- Fix sidebar howto examples
- Remove some upstream references
- Drop refs to patches
- Improve PR template and CONTRIBUTING.md
* Website
- Fix list items in newbie-tutorial's Mailing List Guidelines
- Remove configure options that no longer exist
- fix newbie tutorial
- document signing tags / releases
- config: drop unused paginate command
- script: split tests up into several
- convert credits page to markdown
- simpify 404 page
- improve newbie tutorial
- remove help.html and integrate its content elsewhere
- make: "graphviz" program is needed for generating diagram
- improve getting started guide // include legacy files
- dev: add list of architectures/operating systems
- numerous small fixes
* Build
- Remove typedefs and rename ~130 structs
- Add separate hcache dir
- Move crypto files to ncrypt dir
- Split up mutt.h, protos.h
- Always build: sidebar, imap, pop, smtp, compressed, nntp
- Remove --enable-mailtool configure option
- Make dotlock optional
- Change gpgme requirement back to 1.1.0
- Remove check_sec.sh
- Fix safe_calloc args
- Remove unused macros
- Remove unused option: SmimeSignOpaqueCommand
- Move configure-generated files
- Update distcheck build flags
- Drop obsolete iconv check
- Unused prototypes - unsupported systems
- Drop many configure tests for things defined in POSIX:2001
- Kill useless crypthash.h file
- Run clang-format on the code
- Fail early if ncursesw cannot be found
- Add names prototype arguments
- Abbreviate pointer tests against NULL
- Initialise pointers to NULL
- Reduce the scope of for loop variables
- Coverity: fix defects
* Upstream
- Convert all exec calls to use mutt_envlist(), remove setenv function
- Note that mbox-hooks are dependent on $move
- Refresh header color when updating label
- Remove glibc-specific execvpe() call in sendlib.c
- Add color commands for the compose menu headers and security status
- Fix sidebar count updates when closing mailbox
- Don't modify LastFolder/CurrentFolder upon aborting a change folder operation
- Change message modifying operations to additively set redraw flags
- Improve maildir and mh to report flag changes in mx_check_mailbox()
- Add $header_color_partial to allow partial coloring of headers
- Rename REDRAW_SIGWINCH to REDRAW_FLOW
- Create R_PAGER_FLOW config variable flag
- Turn IMAP_EXPUNGE_EXPECTED back off when syncing
- Add $history_remove_dups option to remove dups from history ring
- Also remove duplicates from the history file
- Don't filter new entries when compacting history save file
- Move the IMAP msn field to IMAP_HEADER_DATA
- Fix imap expunge to match msn and fix index
- Fix cmd_parse_fetch() to match against MSN
- Start fixing imap_read_headers() to account for MSN gaps
- Add msn_index and max_msn to find and check boundaries by MSN
- Properly adjust fetch ranges when handling new mail
- Small imap fetch fixes
- Don't abort header cache evaluation when there is a hole
- Fix mfc overflow check and uninitialized variable
- Fix potential segv if mx_open_mailbox is passed an empty string
- Don't clean up idata when closing an open-append mailbox
- Don't clean up msn idata when closing an open-append mailbox
- Fix memory leak when closing mailbox and using the sidebar
- Change imap body cache cleanup to use the uid_hash
- Convert classic s/mime to space delimit findKeys output
- Add self-encrypt options for PGP and S/MIME
- Change $postpone_encrypt to use self-encrypt variables first
- Automatic post-release commit for mutt-1.8.3
- Add note about message scoring and thread patterns
== Version 2.5.5 - 2017-06-09 Jeremy Daer <jeremydaer@gmail.com>
Security:
* #1097 – SMTP security: prevent command injection via To/From
addresses. (jeremy)
Bugs:
* #633 – Cope with message parts that have an empty Content-Type
(ThomasKoppensteiner, zeepeeare)
* #689 - Fix Exim delivery method broken by #477 in 2.5.4. (jethrogb)
