ARC is a technology proposal, put forward by a consortium of organizations,
intended to allow a chain of message handlers (typically email operators)
to confirm handling by trusted upstream handlers in an attempt to confirm
the valid use of certain identifiers in the message.
ARC is still experimental, and its specification may change. This package
is intended for use by operators willing to take part in the experiment and
provide their feedback to the development team.
ChangeLog:
Notes
This is a big release and a lot has changed.
If you find any problems, please let us know as soon as you can.
Thanks ❤️💎 Sponsors
Special thanks to our sponsors:
Mark Korondi (@kmARC)
[private]
Marco Candrian
@pbwn
Scott Kostyshak (@scottkosty)
Ander Punnar (@4nd3r)
@angelus2014
Ingo Hoffmann
Andy Smith
Nick Price (@DominoTree)
❤️ Thanks
Many thanks to our new contributors:
Rayford Shireman (@rayfordshire)
Whitney Cumber (@whitney-cumber)
Paulo Matos (@pmatos)
Pierre Colin (@Pierre-Colin)
Ilya Kurdyukov (@ilyakurdyukov)
Anna (navi) Figueiredo Gomes (@navi-desu)
Michal Siedlaczek (@elshize)
Igor Serebryany (@igor47)
Mohammad AlSaleh (@MoSal)
Paul Dino Jones (@Spacefreak18)
Carlos Henrique Lima Melara (@charles2910)
Leon Philman (@leonphilman)
Darrel Glud (@darrel-glud)
Frank Grüllich (@FrankGruellich)
Brett Holman (@holmanb)
Roberto Alvarado (@Robdres)
Albert Kim (@alkim0)
raf (@raforg)
Andrij Mizyk (@andmzk)
Maarten van Gompel (@proycon)
Chris X Weichenberger (@the-x-at)
and our regular contributors:
Tobias Stoeckmann (@stoeckmann)
Austin Ray (@Austin-Ray)
Marius Gedminas (@mgedmin)
Gerrit Rüsing (@kbcb)
Emir Sari (@bitigchi)
Pietro Cerutti (@gahr)
Jakub Jindra (@jindraj)
Marco Sirabella (@mjsir911)
Jakub Wilk (@jwilk)
Róbert Horváth (@r001)
Страхиња Радић (@Strahinja)
David Purton (@dcpurton)
Reto Brunner (@brunnre8)
🎁 Features
Use DT_SLIST for charset variables
Support viewing html with embedded images
Account command, see the feature page
Check that sendmail and inews don't contain shell meta characters
Browser: add mailbox_folder_format config variable
Enter: add function kill-whole-line
Account command: add macOS keychain sample provider
Account command: add GPG+JSON sample provider
Expose italics attribute for colour scheme
Allow source in hooks to point to relative paths
Resolve alternates when subscribing/unsubscribing
Notmuch: allow specifying configuration file
Notmuch: allow usage of notmuch profiles
Add GNU SASL support for authentication (--gsasl configure option)
Extend colour objects to support patterns
Detect and fixup maildirs with missing "new" and "tmp" directories
Generate standard MIME types as application/pkcs7-* instead of legacy application/x-pkcs7-*
Compose: add Smime: pseudo header
Handle more X-Mutt pseudo-headers with edit_headers
Use socket_timeout to time out read/write operations
Allow %[fmt] in $folder_format
Respect attribution_locale in indent_string and post_indent_string
Pattern: add ~K to search Bcc, include Bcc in ~C, %C, ~L, and ~p
Colour postponed emails list
Allow querying user-defined variables ($my_var) with -Q
Dump user-defined variables ($my_var) with -D
Generate purely random Message-ID headers
Allow an empty sidebar_divider_char
Fix handling and display of group addresses
🪲 Bug Fixes
Fix status_on_top to work on complex windows, e.g., attach
Imap: fix off-by-one error causing bogus "Progress message 10/9" message
Attach: fix segfault when viewing HTML attachment in compose mode
Allow for longer expansions in e.g., index_format
Accept unpadded base64-encoded data, as some mailers produce
Fix hangup when trying to add email address from help screens
Handle corrupted header caches
Fix slowdown when changing folders
Improve error detection for invalid color regexes
Distinguish between old/new with mark_old unset
Parse mboxes with unconventional From lines
Fix hostname detection for hostname ending with a "."
Fix truncated SMTP lines in case of very long lines
Use smime_sign_as instead of pgp_sign_as when signing S/MIME messages
Set smime_sign_as instead of smime_default_key when signing
Fix wrong message being marked as read with $pager_read_delay = 1
Fix negative new-mail count on maildir
Skip zero width non-joiner character in the pager
Handle text/vcard as not being an attachment, same as for text/x-vcard
Fix hdr_order not sorting last header correctly
Make exiting via SIGINT more graceful
Fix unhook index-format-hook
Send: delete signature when sending fails
SMTP: try all available methods even if SASL is not compiled in
Fix decryption issue when postponing S/MIME encrypted mails
Avoid unnecessary refreshes
Fixed a number of memory leaks and crashes
🔧 Changed Config
New
$account_command - Shell command to retrieve account credentials
$mailbox_folder_format - printf-like format string for the browser's display of mailbox folders
$nm_config_file - Configuration file for notmuch. Use 'auto' to detect configuration.
$nm_config_profile - Configuration profile for notmuch.
Renamed for consistency (old names still work)
$ask_follow_up -> $ask_followup_to
$attribution -> $attribution_intro
$connect_timeout -> $socket_timeout
$implicit_autoview -> $implicit_auto_view
$message_cachedir -> $message_cache_dir
$post_indent_string -> $attribution_trailer
$tmpdir -> $tmp_dir
sidebar_whitelist -> sidebar_pin
unsidebar_whitelist -> sidebar_unpin
Changed default
attach_format = "%u%D%I %t%4n %T%d %> [%.7m/%.10M, %.6e%?C?, %C?, %s] "
More space for the attachment filename
sidebar_divider_char = "|"
Allow an empty divider char
Deprecated
$vfolder_format use $folder_format
🏴 Translations
100% 🇨🇿 Czech
100% 🇩🇪 German
100% 🇭🇺 Hungarian
100% 🇱🇹 Lithuanian
100% 🇧🇷 Portuguese (Brazil)
100% 🇷🇸 Serbian
100% 🇸🇰 Slovak
100% 🇹🇷 Turkish
99% 🇪🇸 Spanish
99% 🇺🇦 Ukrainian
94% 🇵🇱 Polish
72% Catalan
📚 Docs
Lots of updates and cleanups
🏗️ Build
Support building with Undefined Behaviour Sanitizer (--ubsan configure option)
Generate compile_commands.json (--compile-commands configure option)
Use pkg-config to locate most of the 3rd party dependencies
Fix curses for netbsd
Improve our CI stack
Create libparse - parsing functions that can be easily tested
Refactor commands / icommands
⚙️ Code
Lots of refactoring to make the code more organized, especially in these
areas: windowing, menu, browser, enter, function dispatching, key handling,
auto-completion
Fewer global variables
Removal of some unmaintained contrib code
New maintained sample config and examples are in the data directory
The contrib script mutt_oauth2.py received a lot of love
It was set after the include of bsd.prefs.mk to be able to use
MACHINE_PLATFORM, but needed to be before bsd.prefs.mk to take
effect. Switch to testing MACHINE_ARCH, and target all sparc64
7.0.4.3 (2023-03-13)
Active Support
* Implement SafeBuffer#bytesplice
[CVE-2023-28120]
Action View
* Ignore certain data-* attributes in rails-ujs when element is
contenteditable
[CVE-2023-23913]
6.1.7.3 (2023-03-13)
Active Support
* Implement SafeBuffer#bytesplice
[CVE-2023-28120]
Action View
* Ignore certain data-* attributes in rails-ujs when element is
contenteditable
[CVE-2023-23913]
pkgsrc changes:
---------------
* Remove LUA_VERSIONS_ACCEPTED since it is redundant with
lang/lua/luaversion.mk.
upstream changes:
-----------------
3.4: 01 Nov 2022
* [CritFix] Restore compatibility with the integrations and headers alterations
* [Feature] Milter_headers: Add `x-rspamd-action` routine
* [Feature] Share hyperscan database among processes
* [Fix] Another corner case in url parsing
* [Fix] Another fix for the enable password
* [Fix] Another try to fix close method in lua_tcp
* [Fix] Fix additional fields in the Redis schema
* [Fix] Fix emoji joiner FP
* [Fix] Fix favicon.ico Content-Type header
* [Fix] Fix hang when close is used
* [Fix] Lua_tcp: Sigh, another try to fix `close` invocation
* [Fix] Mx_check: Cache the fact of a missing MX record
* [Fix] Try to fix parsing of the unencoded `>` characters in html attributes
* [Fix] Try to fix the case where password == enable_password
* [Project] (Re)implement hyperscan caching
* [Project] Rework cleanup
* [Project] Synchronize hyperscan caches via the main process
* [Rework] Convert multipattern to use hyperscan tools
* [Rework] Make http normalize path function a generic function
* [Rework] Split locked and unlocked files, as mmap does not need flock normally
* [Rework] Start movement of the hyperscan related routines into a single unit
* [Rework] Store the current worker, so other libraries could use this information
* [Rework] Use blocking socket for IPC between main and workers
* [Rework] Use more predictable size for commands buffers
* [Rules] Do not insert ONCE_RECEIVED_STRICT on RDNS missing
* [Rules] Reduce score of HTTP_TO_HTTPS - subject to remove completely
Changes:
===
1.8
===
Welcome to nmh, the new version of the classic MH mail handling system.
It's been nearly five years since the last release of nmh, and there have
been a number of significant changes since that last release. Long-time
MH and nmh users should read carefully the NOTABLE CHANGES section, as
there are some significant changes to nmh behavior. Otherwise, please
see the README and INSTALL files for help on getting started with nmh.
This release is dedicated to Norman Z. Shapiro, co-designer of the MH
Message Handling System. MH is the predecessor of nmh. Norm was an
active supporter of nmh development until he passed away in October of
2021. We are most grateful to Norm for his stewardship of MH and nmh.
https://en.wikipedia.org/wiki/Norman_Shapiro
For news of future releases, subscribe to the low-volume
https://lists.nongnu.org/mailman/listinfo/nmh-announce
---------------
NOTABLE CHANGES
---------------
- Support for Content-MD5 header fields, MIME content cache functionality,
and the message/partial MIME type have been removed.
- Gmail OAuth2/XOAUTH support for desktop applications has been effectively
dropped, so nmh no longer supports it. nmh support for Gmail API access
is experimental, please post to nmh-workers@nongnu.org if you'd like to
help with test and development.
- repl(1) -convertargs now allows editing of the composition draft between
translation and any encoding of text content. Because encoding can wrap
long lines, the use of a paragraph formatter has been removed from
mhn.defaults.
------------
NEW FEATURES
------------
- The default editor has been changed from 'vi' to 'prompter', to align with
historical practice and reduce packaging dependencies on external programs.
- A new -checkbase64 switch has been added to mhfixmsg(1).
- inc(1)/msgchk(1) now support STARTTLS for the POP protocol.
- All TLS-supported protocols now will send the SNI (server name indicator)
TLS extension.
- A new mh-format function %(ordinal) has been implemented to output the
appropriate ordinal suffix for numbers. Example: "%(num 22)%(ordinal)"
will output "22nd".
- show and mhl now decode more addresses in header fields.
- Added warning from all programs that read the profile if the profile
contains a post entry, which is ignored, but does not contain a
postproc entry. In other words, if you get this warning and want
to suppress it, your options include:
1) Remove your post profile entry.
2) Make your post profile entry a comment by prepending it with the #:
comment indicator.
3) Add a postproc entry that points to the post that you use. That can
be viewed with "mhparam postproc".
- scan(1) -file argument can be a Maildir directory.
- Updated mhn.defaults to prefer mpv(1) over xv(1) and replace mpeg_play(1),
and to use it for all video types, not just video/mpeg. And prefer all
other searched-for pdf viewers over acroread(1).
- Added mhshow-suffix-video.mp4 to mhn.defaults, for use by mhshow(1) and
send(1).
- Removed support from mhn.defaults for application/x-ivs and text/richtext.
- Changed interpretation of argument to mhfixmsg(1) -decodeheaderfieldbodies
switch to specify character set of the decoded field bodies.
- repl(1) -convertargs now allows editing of the composition draft between
translation and any encoding of text content.
- install-mh(1) now enables the mh-draft(5) draft folder facility.
-----------------
OBSOLETE FEATURES
-----------------
- The generation and verification of a Content-MD5 field has been removed
without deprecation. The related -check and -nocheck options now error.
- The MIME content cache functionality has been mostly non-functional since
the development on nmh, and consequently all of the content caching code
and related switches (-cache/-rcache/-wcache) have been removed.
- Support for generating and reassembling message/partial messages has been
removed; it seems that this has been broken since 1.5 and there is very
little support across MUAs.
- Marked Gmail OAuth2/XOAUTH support as being unsupported.
- Support for the MHPDEBUG environment variable was removed. It was
deprecated in nmh 1.7. The pick(1) -debug switch replaced it.
- The 'libdir' mhparam(1) component was removed. It was deprecated in
nmh 1.7, when it was replaced by a new 'libexecdir' component.
---------
BUG FIXES
---------
- Fixed bcc to work with sendmail/pipe, and better documented that dcc
doesn't work with it [Bug 55700].
- An -attendee switch has been added to mhical(1), for use when more than one
(or zero) attendees match a user's mailbox.
- Fixed inc(1) and %(me) function escape to not obey Local-Mailbox profile
component.
- Fixed source charset in mhfixmsg textcharset verbose output.
- Fixed mhfixmsg charset determination of content added with -reformat.
- Fixed file descriptor leak in mhfixmsg when run on multiple input files.
- Fixed mhfixmsg(1) -decodeheaderfilebodies to support mixed encoded/undecoded.
- Fixed memory corruption in post(1) and inc(1) when using XOAUTH2,
with 4 or more entries in the oauth-authservice file.
- Added alias expansion to From: address for use by sendfrom.
- Removed extra space added before header field bodies by dist(1) to $mhdraft.
- Fixed display of iCalendar object with multiple VEVENTS using a VTIMEZONE.
- Fixed allowable encodings with MIME message types to get closer to RFC 2046.
- Detect other files regardless of backup prefix [Bug #49476].
- Copy if hard link by refile(1) or send(1) fails with EACESS [Bug 56575].
Himalaya is a CLI based on the himalaya-lib that allows you to manipulate
your emails using commands in your console.
Features:
Folder listing
Envelopes listing, searching and sorting
Email composition based on $EDITOR
Email manipulation (copy/move/delete)
Multi-accounting
Account listing
Account synchronization for offline usage
IMAP, Maildir and Notmuch support
IMAP IDLE mode for real-time notifications
PGP end-to-end encryption
Completions for various shells
JSON output
...
2.229
- Make pass "make linuxtests win32tests win64tests mactests"
2.228
- Doc. --oauthaccesstoken1 needs --password1 presence. This is a bug.
2.227
- Bugfix. Fixed memory measurement on MacOS and Win32 Win64
2.226
- 1966 unit tests
2.225
- *** empty log message ***
2.224
- typo connexions connections
2.223
- Default is now like --noemailreport1 --noemailreport2, no final email report. Popular demand.
- Added a stat value: memory footprint times time spent during the sync. Unity MiB * hour. Line "Memory consumption at the end".
2.222
- Remove --memorystress from CGI options.
2.221
- CGI context. Refuse to serve when the cpu load is greater than 1 per cpu. A load of 3.9 with 4 cores is ok.
2.220
- CGI context. Refuse to server when memory left is less than 1 GB.
2.219
- heavy load by cpu limit from 6 to 3. Because 6 is too big on ks6
2.218
- Typo. memory_consumption_all_pids_percent with only 2 decimals.
2.217
- CGI context. Bring back to exit on heavy load by cpu. limit is a load of 6 per core, roughly the number of processes running constantly per core.
2.216
- typo seconde second
2.215
- Added --exitonload option. Only available in CGI context for now.
2.214
- load_percent_threshold is now room for two average imapsync processes.
2.213
- Filtering buggy flags is now case insensitive. \Junk or \JUNK or \jUnK etc.
- Refactoring. Added sub tests_filterbuggyflags()
2.212
- Bugfix. Do not crash when Proc::ProcessTable field pctmem does not exist.
2.211
- Last commit 2.210 did not pass the unit tests. Fixed.
2.210
- Added filtering \JUNK flag in cgi context or with --filterbuggyflags
2.209
- Enhancement. heavy_load_percent_threshold now based on memory_footprint_average_bytes 300 MB
2.208
- 90%
2.207
- memory limit to quit from 100% to 50%. Quick fix.
2.206
- Added dependency. Perl module Proc::ProcessTable. Not mandatory anyway. For now.
- CGI context. Exit when 100% of RAM memory is used by processes. Exit with status value 69 and message "EX_UNAVAILABLE: service unavailable".
- Added the % of RAM used by all processes in the memory infi line.
2.205
- perlcritic. Change all "= shift ;" to " = shift @ARG ;"
2.204
- Do not report final emails when --dry or --justfolders
2.203
- Bugfix. Allow quota like: QUOTA "user-defined quota (konsoleH)" (STORAGE 988 48829 MESSAGE 20 20)
- Enhancement. Added --memorystress to check memory crunching in normal run.
2.202
- CGI context. Do not append the log file name to ../list_all_logs_auto.txt when there is no parameters.
2.201
- Moved all getppid to mygetppid (it adds a comment on Windows, where ppid is too complicated to get.
2.200
- typo. "check the certificate server" => "check the server certificate."
2.199
- Enhancement. Added the local ip address for the imap connexions. It can help configuring firewalls to allow the imap source IP.
2.198
- Added SERVER_NAME SERVER_ADDR SERVER_ADMIN variables and values to the output.
2.197
- Bugfix. --tests --testslive was listing 0 folders.
- Added message "Use --noemailreport1 to avoid it" after putting the email final report in INBOX.
2.196
- Bugfix. Dates were not displayed under Windows because POSIX::strftime %e is not portable.
- Bugfix. Several other places where dates were wrong on Windows.
2.195
- Added warning "parsing headers of folder ... It can take time for huge folders. Be patient."
2.194
- Bugfix. --var HTTP_COOKIE=proximapsync_runs=31 was not working because of the second =
2.193
- Refactor. Deglobalized $debuglist $debugflags
- Refactor. Added sync->{ permanentflags2 }
2.192
- Bugfix. Do not allow --skipcrossduplicates and --usecache. Exit EX_USAGE 64
2.191
- Added --var to pass values from proximapsync for variables REMOTE_ADDR REMOTE_HOST HTTP_REFERER HTTP_USER_AGENT SERVER_SOFTWARE SERVER_PORT HTTP_COOKIE
2.190
- Bugfix. Do not turn on --delete2duplicates when --syncduplicates is on, unless --delete2duplicates is given.
2.189
- Upped ERRORS_MAX_CGI from 20 to 500
2.188
- Refactor. Changed setlogfile() to be usable for different logs by proximapsync.
2.187
- Documented why total sizes can differ even when the sync is perfect.
2.186
- Bugfix. Redirect STDERR to STDOUT in all cases, --log or --nolog
2.185
- Added option --emailreport1 and --emailreport2. On by default. Use --noemailreport1 and --noemailreport2 to avoid final emails reports in each INBOX.
2.184
- Added final report to source account also.
2.183
- Added folder name in the debug output of header identificators
2.182
- Bugfix. GMT is good but the tests had to be changed also...
2.181
- Bugfix. Use GMT in tests_email_report_message_id
- Bugfix. Make the email report w3c validated. Crazy man!
2.180
- Enhancement. Append a final email report on account2 at the end of the synchronization. Will be optionnal soon.
2.179
- README reread, grammarly on it.
- Added "Posta inviata" so \Sent with --automap
2.178
- Added tests_compress_ssl()
2.177
- Bugfix. 1849 -> 1848 unit tests
2.176
- Bugfix. memory consumption on Mac was not relevant. Use RSS instead of VSZ, on Mac only. Linux stays with VSZ.
2.175
- Bugix. Darwin, fixed loadavg tests, no more W/t/loadavg.out needed.
2.174
- Added advice for:
- ERR_APPEND_SIZE
- ERR_CONNECTION_FAILURE_HOST1
- ERR_CONNECTION_FAILURE_HOST2
- ERR_AUTHENTICATION_FAILURE_USER1
- ERR_AUTHENTICATION_FAILURE_USER2
2.173
- Bugfix. Made reconnect mechanism works with --oauthdirect1 --oauthdirect2 --oauthaccesstoken1 --oauthaccesstoken2
2.172
- Added some tests to tests_get_options_from_string() and tests_get_options_extra()
- I can not have the unknown options back with Getopt::Long::GetOptionsFromString(), just the unknown values, ie, caca but not --caca
2.171
- Added --ssl1 --ssl2 --tls1 --tls2 --compress1 --compress2 to get_options_from_string()
2.170
- Added --keepalive1 --keepalive2 --reconnectretry1 --reconnectretry2 in get_options_from_string()
2.169
- Added --keepalive1 and --keepalive2 options. On by default.
- See https://metacpan.org/pod/Mail::IMAPClient#Keepalive
- Use --nokeepalive1 and --nokeepalive2 to disable Keepalive.
2.168
- Added --debugflags --errorsmax --folder --timeout in options from file
2.167
- Moved the call to extra options after the chdir of the CGI context.
2.166
- Now read extra options on the first line of the file ./options_extra.txt if it is present and readable.
2.165
- cpu_time rounded with 2 decimals.
- Added 4 tests when no compression is on.
2.164
- Compression no more on by default. Just to see.
2.163
- Bugfix. imapsync --version was buggy in docker context.
2.162
- Docker. Current working directory changed from /var/tmp to /var/tmp/uid_$EFFECTIVE_USER_ID
2.161
- Bugfix. inline doc mentioned always --nocompress1
2.160
- Added inline documentation about --nocompress1 and --nocompress2
2.159
- Dependency. Added use Compress::Zlib
- Enhancement. Added compression in imap. On by default no matter the capability announced. Use --nocompress1 and --nocompress2 to turn it off.
2.158
- Added README help for --truncmess
2.157
- Refactor. Deglobalized $debugcontent. Added debugcontent() function.
- 1800 unit tests.
2.156
- Added comment for ERR_FLAGS "Many STORE errors with FLAGS. Retry with the option --noresyncflags"
- Refactored errors_incr() and errors_listing()
- Bugfix. errors_incr() existed with CATCH_ALL
2.155
- Like --useheader X-Gmail-Received --useheader Message-Id when --gmail1 --gmail2
2.154
- Bugfix. Added 'E&AwE-le&AwE-ments envoye&AwE-s' in possible_special
2.153
- Does not checknoabletosearch if --justfolders
- When creating folder check if selectable and consider ok if selectable
2.152
- Added inline advice on error ERR_OVERQUOTA
- Added inline advice on error ERR_TRANSFER_EXCEEDED
- Renamed function bytes_display_string() bytes_display_string_bin()
- bytes_display_string_bin converts bytes to human KiB MiB GiB TiB PiB
- Added function bytes_display_string_dec() to convert bytes to human decimal KB MB GB TB PB (1000 base)
2.151
- Bugfix. load average on macosx was sometimes buggy. locale float 3,14 instead of 3.14
2.150
- Refactor. Deglobalized warn_release variable
2.149
- Removed --fast option.
2.148
- Bugfix. abort didn't do charset=UTF-8; same for heavy load 503 Service Unavailable
2.147
- Bugfix. The maximum number a pid can be is 2^22, not 2^32.
2.146
- 1742 unit tests.
2.145
- Bugfix. Up the maximum number a pid can be. From 99999 to 2^32. See https://unix.stackexchange.com/questions/16883/what-is-the-maximum-value-of-the-process-id
2.144
- Just an experimental loaddelay forced to 0.
2.143
- Bugfix. Under docker context --version was buggy, too verbose.
2.142
- Removed that hard limit --maxsize 35_651_584 set by --gmail2 since CAPABILITY is used and good.
2.141
- cpu_time param
msmtp 1.8.23 is released
2023-01-30
This release fixes XOAUTH2 authentication with some servers, updates the
msmtpq scripts, and updates the translations (including a new Swedish
translation).
msmtp 1.8.22 is released
2022-08-08
This is a hotfix release that fixes building with libgsasl, which was
accidentally broken in version 1.8.21 (released earlier today).
It also updates the msmtpq script.
msmtp 1.8.21 is released
2022-08-07
Changes in this release:
- A new configuration command eval replaces the current configuration file
line with the output of a command (similar to passwordeval, but more
general).
- A Message-ID header is now generated if none is present in the mail. This
can be changed with the new command set_msgid_header.
- The optional msmtpd service now adds a Received header.
Furthermore, a few minor problems were corrected and the documentation and
translations were updated.
msmtp 1.8.20 is released
2022-03-23
This release adds the configuration command allow_from_override.
Setting this to off prevents the -f command line option from overriding the
envelope-from address set via the from configuration command.
This is useful for system-wide installations of msmtp that need to enforce
the correct envelope-from address and potentially also the From header (via
set_from_header on).
Add conflict with mail/pine, beside editors/pico.
It make sense to default to alpine now to provide both pico(1) and
pilot(1) since the original pine is unmaintained.
fix it by rewriting the filename with ascii characters, using code which
was present upstream at some point.
See patches/patch-modules_lib_Mail_MIMEDefang_MIME.pm for details.
Bump PKGREVISION
* add is_public_ip6_address to check if an ipv6 address
is local
* add md_authres method to generate a basic Authentication-Results
header for the message
* add md_arc_sign method to sign email messages
with DKIM ARC signatures
* add md_dkim_verify method to verify DKIM signatures
* add md_dkim_sign method to sign email messages
with DKIM signatures
* add anonymize_uri to remove utm_* parameters
from uris.
* split mimedefang.pl code in Perl modules
* add re_match_in_7zip_directory to check for files
inside 7zip archives
* fallback to plaintext when md_check_against_smtp_server
fails SSL connection for unknown reasons
* add experimental support to scan emails with Rspamd antispam
* Obtain the Queue-ID as early as possible in the SMTP
session. Requires the "-y" command-line option to mimedefang.
* mimedefang.pl: Add support for a configuration file
to separate data from code
* mimedefang.pl: Add support to scan messages for viruses on a remote
Clamav server using clamdscan client.
* mimedefang.pl: Add re_match_in_rar_directory function to match
unwanted file names extensions inside a rar archive file.
* mimedefang.pl: Added TLS support to md_check_against_smtp_server
* mimedefang-multiplexor: Make "workerinfo nnn" show how long ago
the last state change was for a given worker.
* mimedefang.pl: Do not add a Message-ID: header when handing a
message to SpamAssassin if the original message lacks such a
header.
* Add a new -V maxLifetime option to mimedefang-multiplexor that
terminates worker processes after maxLifetime seconds (approximately).
This is in addition to the -r maxRequests option.
* Log the lifetime and number of requests processed when we terminate
a worker process.
* Make mimedefang and mimedefang-multiplexor write their PID files
as root to avoid an unprivileged user tampering with the pidfiles.
Thanks to Michael Orlitzky for pointing this issue out.
* mimedefang.pl: Add an extra level of subdirectories in the quarantine
to avoid 32K subdirectory limit on ext3. Idea by Kevin McGrail.
* Add the --data-dump option to scripts/mimedefang-util
And various bug fixes and minor improvements.
pkgsrc changes: make the rc.d script use the new -o option and move the pid
files to $VARBASE/run/, keeping the lock and socket files in
$VARBASE/spool/MIMEdefang/
* Add kerberos and pam build options (enabled by default).
* Add inet6 and pthread build options (enabled by default if supported).
* Remove tcl support from options.mk until an install target for web alpine
files isn't implemented.
* Pull upstream patch providing additional compose subcommands.
* Bump revision.
## CHANGES (local)
* HOMEPAGE and MASTER_SITES updated.
* Pull additional upstream patches.
* Replace hard-coded paths.
* Fix default user mailbox location.
* Support rxvt builtin keycodes.
* Add patch for mail providers enforcing SNI (from OpenBSD).
* New build options: aspell, ldap, tcl (all disabled by default).
* The package now also installs:
- alpine's version of the pico editor.
- alpine's pilot file browser.
- the rpdump/rpload utilities to query remote alpine configurations.
- manpages for the programs mentioned above.
- documentation and other files useful for reference.
- a sample system-wide configuration file.
## CHANGES (upstream)
* Unix version of Alpine (not including OSX). Alpine is built with
password file support by default. If Alpine is built with SMIME
support and the password file does not exist, then Alpine will
create it by default and encrypt it.
* In the past Alpine did not recognize images embedded in an HTML
file, so now it does and a link to open them is given. Additionally,
Alpine did not pass these images to an external browser for display
using the external command, and now it will.
* Support for code_verifier and code_challenge when generating a
refresh token and access token in Gmail and Outlook using the S256
method and plain method.
* Change the redirect_uri scheme for Gmail, as Google is deprecating
the use of oob. Changed to http://localhost. Users are supposed to
enter the URL they see in their browser in place of the code.
* Some servers do not allow the Drafts folder to be removed, even when
it is empty. Alpine, however, assumes that if the folder exists, it
must contain a draft message. This joint collaboration with Thomas
Uhle modifies alpine to not to attempt to continue a draft message
if the draft folder is empty.
* Contributions by Thomas Uhle:
- Add support to the LDAP attribute
"userCertificate";
- Move voiceMailTelephoneNumber from the TCL side
to ldap_translate;
- XOAUTH2 state generator changes format specifier
from %x to %02x;
- Web Alpine will not attempt to continue a postponed
message if the postponed-msgs folder is empty.
* Improvements to the screen that allows a user to select the
client-id when a user attempts to login to a server and more than
one client-id is available for that server. In this case additional
information is given: The method to use (device or authorize), a
user id that uses the suggested client-id or a report that the
client-id has not been used.
* To protect the privacy of a user, the message-id of a message will
be generated using the domain in the From field of the message.
* When saving to a folder in the unix format, Alpine parses the
destination folder to assign uids to all messages in the folder.
When the destination folder is large this could significantly slow
down alpine. Fix based on a patch submitted to the alpine-info list
by Chris Caputo.
* Add the LOGOUT command to the list of commands that can be
automatically interrupted in case the connection becomes unstable
during that command and Alpine times out its connection to the
server.
* If new mail has arrived when a user is closing a mailbox, Alpine
will also announce how many new messages have arrived. Suggested by
Chime Hart.
* When an invitation does not have a timezone in the date of the
event, but the date is in GMT, adjust the date to local time.
Bugs that have been addressed include:
* Crash when invoking Alpine from the command line and an attempt to
authorize alpine to use XOAUTH2 is done. Alpine crashes because of a
missing optional parameter -xoauth2-flow and because no screen has
been configured yet. Reported by Baron Fujimoto.
* Alpine crashes when it cannot retrieve the privacy policy due to
failure connecting to the external server.
* Alpine might delete all passwords from the password file if the
password file is not unlocked by cancellation, or the authentication
for an XOAUTH2 server is cancelled, or the password of an account is
changed.
* When the personal name of an address is encoded, and the personal
name is surrounded by quotes, these are not removed by Alpine at the
time to offer to take an address from a message to the addressbook.
Reported by David Prager Branner.
* If a user configures the sendmail-path variable, and does not use a
global smtp-server, then Alpine will use the sendmail-path even when
the user configured a smtp-server for a role. Reported by Gregory
Heytings.
* Crash in PC-Alpine when creating a mail collection and no username
is indicated in the server path. Reported by Sandy Schuman.
* Crash in Alpine when running a filter that moves deleted messages
the INBOX in a Gmail account. Reported by Jyrki Voutilainen.
* implement --nocache option
* new plugin: ikiwiki toot
* fix incorrect string stripping in README (Closes: GL#29)
* cleanups:
* add support for Python 3.10, no change
* remove the test compatibility shim from setup.py
* silence warnings from lxml missing type hints
* more uniform variable naming (underscores)
3.2023.0218 (2023-02-18)
* Updated the Apache and IANA media registry entries as of release date.
* Mohammed Gad added the jfif file extension for image/jpeg text format. #52
* Reworked the loading of IANA provisional media registries to merge them
into the top-level media-type registries instead of a standalone registry
file. #53 originally identified by Chris Salzberg in #50.
* It is worth noting that this is an imperfect solution as if a media type
is provisionally registered and withdrawn, it will linger in the registry
with no clean way of identifying them at the moment. See #54.
* This release also fixes ruby-mime-types#163, where logs show "Type
application/netcdf is already registered as a variant of
application/netcdf".
3.2023.0218.1 (2023-02-18)
* When this data library was created in 2015, I made the decision based on
information available to deprecate text/javascript in favour of
application/javascript. Since the previous update (2022-01-05), IANA has
officially deprecated application/javascript in favour of text/javascript.
Samuel Williams discovered this in #55 by noting that all js types were
marked obsolete in version 3.2023.0218.
* A hotfix has been applied to resolve this. However, note that
application/javascript will not be returned by default, only
text/javascript.
Pkgsrc changes:
* Checksum changes.
* Minor adjustment to patches.
Upstream changes:
102.8.0:
New:
- Added option to build RNP library with OpenSSL backend (use
"--with-librnp-backend=openssl" configure option)
Changes:
- Thunderbird now warns user that OpenPGP is disabled if RNP
library is outdated or missing
Fixes:
- "Get Messages" did not retrieve messages from Gmail accounts
using a local folder as a deferred inbox
- Various visual and UX improvements
Security fixes:
CVE-2023-0616: User Interface lockup with messages combining S/MIME and OpenPGP
CVE-2023-25728: Content security policy leak in violation reports using iframes
CVE-2023-25730: Screen hijack via browser fullscreen mode
CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS
CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey
CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry
CVE-2023-25738: Printing on Windows could potentially crash Thunderbird with some device drivers
CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
CVE-2023-25729: Extensions could have opened external schemes withotu user knowledge
CVE-2023-25732: Out of bounds memory write from EncodeInputStream
CVE-2023-25734: Opening local.url files could cause unexpected network loads
CVE-2023-25742: Web Crypto ImportKey crashes tab
CVE-2023-25746: Memory safety bugs fixed in Thunderbird 102.8
102.7.2:
Fixes:
- Various crash fixes
102.7.1:
Fixes:
- Microsoft Office 365 accounts were unable to authenticate
- Switching identities caused remote images in HTML signatures to
not be shown
- Thunderbird failed to import vCards that contained "\r\r\n" line endings
- Contribution button for add-ons opened Contribution page in a
Thunderbird tab, instead of the external browser
- XMPP did not respond to unrecognized IQ queries, causing some
servers to close the connection
- Window titlebar buttons (minimize/maximize/close) were not
displayed in Windows 10 "Dark" color mode
Security fixes:
CVE-2023-0430: Revocations tatus of S/Mime signature certificates was not checked
102.7.0:
New:
- Enterprise policies now support Thunderbird-specific preferences.
Fixes:
- Localized builds and langpacks now use "comm-l10n" repository;
downstream builds using official langpacks should not need to make
changes
- Having too many folders open at startup caused loss of MSF files
- Copying an email from one local folder to another local folder
sometimes caused "Another Operation is using the folder" error on
Windows 7
- Email address pill allowed for incorrectly formatted email addresses
- Creating security exceptions for messages sent using a self-signed
certificate failed if hostname contained uppercase letters
- S/MIME certificate verification was prohibitively slow
- OpenPGP key import failed for key blocks with comments that
contain Unicode characters
- Chat conversation sidebar was too wide under certain circumstances,
making scrollbar unusable
- On Mac, deleting events from Today Pane with "Backspace" key
deleted selected messages instead
Security fixes:
CVE-2022-46871: libusrsctp library out of date
CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
CVE-2023-23599: Malicious command could be hidden in devtools output on Windows
CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation
CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
CVE-2022-46877: Fullscreen notification bypass
CVE-2023-23603: Calls to console.log allowed bypassing Content Security Policy via format directive
CVE-2023-23605: Memory safety bugs fixed in Thunderbird 102.7
Known issues:
- OAuth2 authentication not working for Microsoft 365 Enterprise
accounts. See the Blog post
(https://blog.thunderbird.net/2023/01/important-message-for-microsoft-office-365-enterprise-users/)
for additional information. Bug 1810760
6.9 (2023-02-10)
Differences between Mew 6.9 and Mew 6.8
* Mew now supports Emacs 26.1 or later only.
* Supporting coming Emacs 29.
* Supporting "stunnel" 5.15.
* Supporting native compilation.
* `mew-smtp-port` now supports Unix domain socket. If it is set to an
absolute pathname such as "/var/run/msp.sock", Mew will use it as a
Unix domain socket which supports SOCK_STREAM and understands SMTP.
The value of `mew-smtp-server` will be ignored. This feature requires
`make-network-process` introduced since Emacs 22.
* Some bug fixes.
This version does not build with newer versions of rust,
probably because rust has moved too far and this version
is too old. This is therefore a precursor to to upgrading
the thunderbird package proper to a newer version.
1.6.1 (2022-01-23)
* Kill session if refreshing oauth token fails (#8734)
* Fix various PHP 8.1 warnings (#8628, #8644, #8667, #8656, #8647)
* Password: Remove references to %c variable that has been removed before
(#8633)
* Fix anchor links in HTML mail (#8632)
* Fix bug where config creation in Installer did ignore options in the form
(#8634)
* Fix bug where renamed options were removed from the config on installto.sh
(update.sh) run (#8643)
* Fix favicon rewrite rule in .htaccess (#8654)
* Fix various PHP 8.2 warnings
* Fix bug where it wasn't possible to create more than one response record
on SQLite and Postgres (#8664)
* Fix support for ManageSieve over implicit SSL (#8670)
* Fix bug where "about:blank" page could trigger "load error" (#8554)
* Fix bug where setting 'Clear Trash on Logout' to 'all messages' didn't
work (#8687)
* Fix bug where the attachment menu wouldn't disappear after an action is
selected (#8691)
* Fix bug where some dialogs in an eml attachment preview would not close on
mobile (#8627)
* Fix bug where multiline data:image URI's in emails were stripped from the
message on display (#8613)
* Fix fatal error on identity page if Enigma plugin is misconfigured (#8719)
* Fix so N property always exists in a vCard export (#8771)
* Fix authenticating to Courier IMAP with passwords containing a '~'
character (#8772)
* Fix handling of smtp/imap port options on configuration file update
(#8756)
* Fix bug where array values could not be saved in utils/save_pref action
(#8781)
* Add workaround for using Roundcube behind a reverse proxy with a subpath:
'request_path' option (#8738, #8770)
* Fix bug where "Invalid skin name" error was logged on preferences save if
there's only one skin (#8825)
* Fix SIGBUS raised in ImageMagick when more than one process tried to
generate a thumbnail of the same image attachment (#8511)
* Fix bug where updater does not update the vendor packages (#8642)
* Fix missing mail composing textarea on reply/draft with a long plain text
content (#8866)
Postfix 3.7.4 (2023-01-22)
* Workaround: with OpenSSL 3 and later always turn on
SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
opportunities for TLS session reuse. This is safe because the SMTP
protocol implements application-level framing, and is therefore not
affected by TLS truncation attacks. Fix by Viktor Dukhovni.
* Workaround: OpenSSL 3.x EVP_get_digestbyname() can return
lazily-bound handles for digest implementations. In sufficiently
hostile configurations, Postfix could mistakenly believe that a digest
algorithm is available, and fail when it is not. A similar workaround
may be needed for EVP_get_cipherbyname(). Fix by Viktor Dukhovni.
* Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
tls/tls_fprint.c evaluated its argument unconditionally; it should
evaluate the argument only if there was no prior error. Found during
code review.
* Bugfix (bug introduced in Postfix 2.8): postscreen died with a
segmentation violation when postscreen_dnsbl_threshold < 1. It
should reject such input with a fatal error instead. Discovered by
Benny Pedersen.
* Bitrot: fixes for linker warnings from newer Darwin (MacOS)
versions. Viktor Dukhovni.
* Portability: Linux 6 support.
* Added missing documentation that cidr:, pcre: and regexp: tables
support inline specification only in Postfix 3.7 and later.
Upstream changes:
version 1.01: Fri 11 Feb 11:25:41 CET 2022
Fixes:
- Coercion from Mail::Address to Mail::Message::Full::Address is
too lazy. Mail::Message issue #4
Upstream changes:
1.24
Thu 15 Dec 2022 12:28:00 GMT released
- [145263] Make no reply to MTA from the abort callback.
Such replies seem to cause problems for Postfix.
Upstream changes:
version 2.24: Wed 28 Dec 13:06:23 CET 2022
Fixes:
- vnd.gentoo officially took 'tar' and 'tbz2', but 'application/
x-tar' resp 'x-gtar' prevails. [Andreas Koenig]
version 2.23: Thu 22 Dec 17:20:33 CET 2022
Changes:
- iana updates
Upstream changes:
2.218 2023-01-08 19:49:09-05:00 America/New_York
- update author contact info
- bump version required to v5.12.0 (it was already effectively that
after some upstream changes)
2.217 2020-11-02 19:13:16-05:00 America/New_York (TRIAL RELEASE)
- add ->header_rename to header object
- issue a warning on non-ASCII codepoints added to message (thanks,
Pali Rohar)
Upstream changes:
1.953 2023-01-08 19:02:24-05:00 America/New_York
- as promised, this release no longer works on v5.8; in fact, due to
some upstream libraries, it hasn't in some time
- documentation has been cleaned up to stop referencing long-dead other
libraries or methods
- some small code changes to benefit from v5.10 and v5.12 improvements
Upstream changes:
1.008 2023-01-13 21:44:14-05:00 America/New_York
- use the version of Time::Local that doesn't guess at whether a year
is 99 or 1999
- skip tests on Win32 that never pass
- modernize just a bit of code
1.007 2022-12-31 21:19:59-05:00 America/New_York
- update author info
Upstream changes:
1.913 2023-01-09 19:41:25-05:00 America/New_York
- as ever, you should probably use Email::Address::XS instead
- this version now requires Perl v5.12
- some small tweaks to the code to take advantage of v5.12 made
- update distribution metadata
3.1.0
* Switch to libidn2.
* Debian/Ubuntu: update lintian overrides
3.0.9
* Adjust deb packaging. Check /etc/lsb-release and include the
distribution release in the deb package version, to faciliate
updating to the same version of the package in an updated release.
Fix build dependencies.
* Update deliverquota man page.
3.0.8
* gcc 12 and autotools update. OpenSSL 3.0 update.
* Add scripts to create installable .deb packages, update
documentation.
3.0.7
* configure.ac: Fix configure check for pcre2
3.0.6
* Fix linking failure on some Linux distributions.
3.0.5
* Fix linking failure on some Linux distributions.
3.0.4
* maildrop: update to pcre2
* Minor code tweaks, make it compileable with -Wall -Werror.
3.0.3
* Add maildirwatch helper tool.
* Fully install the maildirwatch tool, its man page, as well as the
maildirkw man page and tool, which should be packaged with maildrop
too.
3.0.2
* spec file: add BuildRequires: %{__make} (will be required in F34).
3.0.1
* courier-authlib API update.
Rails 7.0.4.2 (2023-01-24)
* Fix `domain: :all` for two letter TLD
This fixes a compatibility issue introduced in our previous security
release when using `domain: :all` with a two letter but single level top
level domain domain (like `.ca`, rather than `.co.uk`).
Rails 6.1.7.2 (2023-01-24)
www/ruby-actionpack61
* Fix `domain: :all` for two letter TLD
This fixes a compatibility issue introduced in our previous security
release when using `domain: :all` with a two letter but single level top
level domain domain (like `.ca`, rather than `.co.uk`).
On 2023-01-04, fetchmail 6.4.35 has been released. It updates translations and
bumps SSL/TLS library version requirements.
OpenSSL 1.1.1s and 3.0.7 and wolfSSL 5.5.1 (or newer on the respective
compatible branches - note that OpenSSL 1.1.1q and 3.0.6 were withdrawn) remain
supported.
Changes:
Version 1.4.17:
- Added a new configuration command 'eval' to replace the current configuration
file line with the output of a command (similar to passwordeval, but more
general).
Version 1.4.16:
- No significant changes.
Version 1.4.15:
- Added mpopd, a minimal POP3 server that delivers mails from a local mailbox
in maildir format. It can be used by end users as a way to handle incoming
mail via mpop with mail clients that insist on using POP3.
Version 1.4.14:
- No significant changes.
Version 1.4.13:
- Added support for SCRAM-SHA-256 authentication via GNU SASL
Version 1.4.12:
- Added support for libtls as an alternative to GnuTLS
Version 1.4.11:
- Added support for XOAUTH2, the predecessor of OAUTHBEARER.
- The passwordeval command can now handle very long input, which can be
necessary for OAUTHBEARER and XOAUTH2.
- GnuTLS >= 3.4 is required
Rails 7.0.4.1 (2023-01-17)
devel/ruby-activesupport70
* Avoid regex backtracking in Inflector.underscore
[CVE-2023-22796]
www/ruby-actionpack70
* Fix sec issue with _url_host_allowed?
Disallow certain strings from `_url_host_allowed?` to avoid a redirect
to malicious sites.
[CVE-2023-22797]
* Avoid regex backtracking on If-None-Match header
[CVE-2023-22795]
* Use string#split instead of regex for domain parts
[CVE-2023-22792]
databases/ruby-activerecord70
* Make sanitize_as_sql_comment more strict
Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.
This commit makes the sanitization more robust by replacing any
occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.
This also clarifies in the documentation of annotate that it should not
be provided user input.
[CVE-2023-22794]
* Added integer width check to PostgreSQL::Quoting
Given a value outside the range for a 64bit signed integer type
PostgreSQL will treat the column type as numeric. Comparing
integer values against numeric values can result in a slow
sequential scan.
This behavior is configurable via
ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.
[CVE-2022-44566]
Rails 6.1.7.1 (2023-01-17)
devel/ruby-activesupport61
* Avoid regex backtracking in Inflector.underscore
[CVE-2023-22796]
www/ruby-actionpack61
* Avoid regex backtracking on If-None-Match header
[CVE-2023-22795]
* Use string#split instead of regex for domain parts
[CVE-2023-22792]
databases/ruby-activerecord61
* Make sanitize_as_sql_comment more strict
Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.
This commit makes the sanitization more robust by replacing any
occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.
This also clarifies in the documentation of annotate that it should not
be provided user input.
[CVE-2023-22794]
* Added integer width check to PostgreSQL::Quoting
Given a value outside the range for a 64bit signed integer type
PostgreSQL will treat the column type as numeric. Comparing
integer values against numeric values can result in a slow
sequential scan.
This behavior is configurable via
ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.
[CVE-2022-44566]
Only databases/ruby-activerecord61 has updated.
Rails 6.0.6.1 (2023-01-17)
* Make `sanitize_as_sql_comment` more strict
Though this method was likely never meant to take user input, it was
attempting sanitization. That sanitization could be bypassed with
carefully crafted input.
This commit makes the sanitization more robust by replacing any
occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
first pass to remove one surrounding comment to avoid compatibility
issues for users relying on the existing removal.
This also clarifies in the documentation of annotate that it should not
be provided user input.
[CVE-2023-22794]
The alpine's Makefile has source string substitution for panic( to Panic(.
However, both the file name search pattern and the replacement string search
pattern is no longer complete, causing some alpine_panic() to still exist,
while the definition has changed to alpine_Panic().
From kflu via github.
ClosesNetBSD/pkgsrc#113
v2.3.20
+ Add dsync_features=no-header-hashes. When this setting is enabled and
one dsync side doesn't support mail GUIDs (i.e. imapc), there is no
fallback to using header hashes. Instead, dsync assumes that all mails
with identical IMAP UIDs contains the same mail contents. This can
significantly improve dsync performance with some IMAP servers that
don't support caching Date/Message-ID headers.
+ lua: HTTP client has more settings now, see
https://doc.dovecot.org/admin_manual/lua/#dovecot.http.client
+ replicator: "doveadm replicator status" command now outputs when the
next sync is expected for the user.
- LAYOUT=index: duplicate GUIDs were not cleaned out. Also the list
recovery was not optimal.
- auth: Assert crash would occur when iterating multiple userdb
backends.
- director: Logging into director using master user with
auth_master_user_separator character redirected user to a wrong
backend, unless master_user_separator setting was also set to the same
value. Merged these into auth_master_user_separator.
- dsync: Couldn't always fix folder GUID conflicts automatically with
Maildir format. This resulted in replication repeatedly failing
with "Remote lost mailbox GUID".
- dsync: Failed to migrate INBOX when using namespace prefix=INBOX/,
resulting in "Remote lost mailbox GUID" errors.
- dsync: INBOX was created too early with namespace prefix=INBOX/,
resulting a GUID conflict. This may have been resolved automatically,
but not always.
- dsync: v2.3.18 regression: Wrong imapc password with dsync caused
Panic: file lib-event.c: line 506 (event_pop_global):
assertion failed: (event == current_global_event)
- imapc: Requesting STATUS for a mailbox with imapc and INDEXPVT
configured did not return correct (private) unseen counts.
- lib-dict: Process would crash when committing data to redis without
dict proxy.
- lib-mail: Corrupted cached BODYSTRUCTURE caused panic during FETCH.
Fixes: Panic: file message-part-data.c: line 579 (message_part_is_attachment):
assertion failed: (data != NULL). v2.3.13 regression.
- lib-storage: mail_attribute_dict with dict-sql failed when it tried to
lookup empty dict keys.
- lib: ioloop-kqueue was missing include breaking some BSD builds.
- lua-http: Dovecot Lua HTTP client could not resolve DNS names in mail
processes, because it expected "dns-client" socket to exist in the
current directory.
- oauth2: Using %{oauth2:name} variables could cause useless
introspections.
- pop3: Sending POP3 command with ':' character caused an assert-crash.
v2.3.18 regression.
- replicator: Replication queue had various issues, potentially causing
replication requests to become stuck.
- stats: Invalid Prometheus label names were created with specific
v0.5.20 of Pigeonhole
* No changes - release done to keep version numbers synced.
Previously max version was 3.9.
Hopefully at some point someone will have the time to upgrade pkgsrc
to a newer version of thunderbird, but in the meantime...
Tested on NetBSD 9 amd64 with postfix and spamass-milter. NB the rule
renaming below and the modified init.pre, which will not be merged by
updating if init.pre is locally modifed.
Upstream Release Notes:
Introduction
------------
Apache SpamAssassin 4.0.0 contains numerous tweaks and bug fixes over
the past releases. In particular, it includes major changes that
significantly improve the handling of text in international language.
As with any major release, there are countless functional patches and
improvements to upgrade to 4.0.0. Apache SpamAssassin 4.0.0 includes
several years of fixes that significantly improve classification and
performance. It has been thoroughly tested in production systems. We
strongly recommend upgrading as soon as possible.
Notable features:
=================
New plugins
-----------
There are three new plugins added with this release:
#1 Mail::SpamAssassin::Plugin::ExtractText
This plugin uses external tools to extract text from message parts,
and then sets the text as the rendered part. All SpamAssassin rules
that apply to the rendered part will run on the extracted text as
well.
#2 Mail::SpamAssassin::Plugin::DMARC
This plugin checks if emails match DMARC policy after parsing DKIM and
SPF results.
#3 Mail::SpamAssassin::Plugin::DecodeShortURLs
This plugin looks for URLs shortened by a list of URL shortening
services. Upon finding a matching URL, plugin will send a HTTP request
to the shortening service and retrieve the Location-header which
points to the actual shortened URL. It then adds this URL to the list
of URIs extracted by SpamAssassin which can then be accessed by uri
rules and plugins such as URIDNSBL.
Removed plugin
--------------
HashCash module, formerly deprecated, has now been removed completely
Notable changes
---------------
This release includes fixes for the following:
- Support for international text such as UTF-8 rules has been
completed and significantly improved to include native UTF-8
processing
- Bayes plugin has been improved to skip common words aka noise
words written in languages other than English
- OLEVBMacro plugin has been improved in order to detect more
Microsoft Office macros and dangerous content. It has also been
improved to extract URIs from Office documents for automatic
inclusion in rules such as RBL lookups.
- You can now use Captured Tags to use tags “captured” in one rule
inside other rules
- sa-update(1) tool has been improved with three new options:
#1 forcemirror: forces sa-update to use a specific mirror server,
#2 score-multiplier: adjust all scores from update channel by a
given multiplier to quickly level set scores to match your
preferred threshold
#3 score-limit adjusts all scores from update channel over a
specified limit to a new limit
* SSL client certificate support has been improved and made easier to
implement with spamc/spamd
* DKIM plugin can now detect ARC signatures
* More work on improving the configuration and internal coding to use
more inclusive and less divisive language
* spamc(1) speed has been improved when both SSL and compression are
used
* The normalize_charset option is now enabled by default. NOTE: Rules
should not expect specific non-UTF-8 or UTF-8 encoding in the body.
Matching is done against the raw body, which may vary depending on
normalize_charset setting and whether UTF-8 decoding was successful.
* Mail::SPF is now the only supported module used by the SPF plugin.
* Mail::SPF::Query use is deprecated, along with settings
do_not_use_mail_spf, do_not_use_mail_spf_query.
* SPF lookups are not done asynchronously and you may consider using
an SPF filter at the MTA level (pypolicyd-spf / spf-engine / etc)
which generates a Received-SPF header that can be parsed by
SpamAssassin.
* The default sa-update ruleset doesn't make ASN lookups or header
additions anymore. Configure desired methods (asn_use_geodb /
asn_use_dns) and add_header clauses manually, as described in
documentation for the Mail::SpamAssassin::Plugin::ASN.
New configuration options
-------------------------
All rules, functions, command line options and modules that contain
"whitelist" or "blacklist" have been renamed to "welcomelist" and
"blocklist" terms
Old options will continue to work for backwards compatibility until at
least the Apache SpamAssassin version 4.1.0 release
New tflag "nolog" added to hide info coming from rules in SpamAssassin
reports
New dns_options "nov4" and "nov6" added.
IMPORTANT:; You must set nov6 if your DNS resolver is filtering IPv6
AAAA replies.
Razor2 razor_fork option added. It will fork separate Razor2 process
and read in the results later asynchronously, increasing
throughput. When this is used, rule priorities are automatically
adjusted to -100.
Pyzor pyzor_fork option added. It will fork separate Pyzor process and
read in the results later asynchronously, increasing throughput. When
this is used, rule priorities are automatically adjusted to -100
urirhsbl and urirhssub rules now support "notrim" tflag, which forces
querying the full hostname, instead of trimmed domain
report_charset now defaults to UTF-8 which may change the rendering of
SpamAssassin reports
Notable Internal changes
------------------------
Meta rules no longer use priority values, they are evaluated
dynamically when the rules they depend on are finished
DNS and other asynchronous lookups like DCC or Razor2 plugins are now
launched when priority -100 is reached. This allows short circuiting
at lower priority without sending unneeded DNS queries
New internal Mail::SpamAssassin::GeoDB module supporting RelayCountry
and URILocalBL plugins provides a unified interface to Geographic IP
modules. These include:
MaxMind::DB::Reader (GeoIP2)
Geo::IP
IP::Country::DB_File
IP::Country::Fast.
Bayes and TxRep Message-ID tracking now uses a different hashing
method
Optimizations
-------------
Apache SpamAssassin 4.0.0 represents years of work by the project with
numerous improvements, new rule types, and internal native handling of
messages in international languages. These three key optimizations
will improve the efficiency of SpamAssassin:
DNS queries are now done asynchronously for overall speed
improvements
DCC checks can now use dccifd asynchronously for improved throughput
Pyzor and Razor fork use separate processes done asynchronously
for increased throughput