Not only cleaner, but also fixes a build issue seen on macOS likely related to
variable definition ordering, where GPG was not set correctly and ended up
trying to use a non-existent "gpg" command. This change has the added benefit
of using the full path to the gpg binary instead of relying on PATH.
This is a micro update (actually 2) with security fixes, and is
trivial except for hand-applying some patch hunks that have textual
but not semantic conflicts.
The upstream announcement hints at minor new features and a new
plugin, but does not explain. (There is no NEWS file.)
version 2.21: Tue 21 May 16:26:30 CEST 2019
Fixes:
- fix metadata [Mohammad S Anwar]
Improvements:
- add more to the README
- add Mail::Mailer option StartSSL for smtp backend
rt.cpan.org#125871 [Guilhem Moulin]
- deprecate Mail::Mailer backend smtps
- document need for escaping docs for Mail::Send
rt.cpan.org#129627 [Jonathan Kamens]
- document limit on parameters for Mail::Send::new()
rt.cpan.org#129633 [Sven Neuhaus]
### GMime 3.2.7
* Added some configure logic to auto-detect the system shift-jis charset alias. (issue #81)
* Fixed tests/Makefile.am to exit with a non-negative value (issue #82)
* Fixed logic to skip expired or revoked gpg subkeys when looking for the correct subkey to
use for signing or encrypting. (issue #88)
* Fixed a regression introduced into 3.2.6 as part of the header parsder rewrite that lost
the ability to warn about invalid headers for non-toplevel MIME parts. (issue #89)
* Fixed S/MIME to always set GPGME_KEYLIST_MODE_VALIDATE when looking up certificates
as this is needed in order to correctly populate the GMimeCertificates (issue #90)
2020-03-20 Richard Russon <rich@flatcap.org>
* Bug Fixes
- Fix COLUMNS env var
- Fix sync after delete
- Fix crash in notmuch
- Fix sidebar indent
- Fix emptying trash
- Fix command line sending
- Fix reading large address lists
- Resolve symlinks only when necessary
* Translations
- 100% Lithuanian
- 96% Spanish
* Docs
- Include OpenSSL/LibreSSL/GnuTLS version in neomutt -v output
- Fix case of GPGME and SQLite
* Build
- Create libcompress (lz4, zlib, zstd)
- Create libhistory
- Create libbcache
- Move zstrm to libconn
* Code
- Add more test coverage
- Rename magic to type
- Use mutt_file_fopen() on config variables
- Change commands to use intptr_t for data
Add ruby-actionmailer60 package version 6.0.2.2.
Action Mailer is a framework for designing email-service layers. These layers
are used to consolidate code for sending out forgotten passwords, welcome
wishes on signup, invoices for billing, and any other use case that requires
a written notification to either a person or another system.
Action Mailer is in essence a wrapper around Action Controller and the
Mail gem. It provides a way to make emails using templates in the same
way that Action Controller renders views using templates.
Additionally, an Action Mailer class can be used to process incoming email,
such as allowing a weblog to accept new posts from an email (which could even
have been sent from a phone).
This is for Ruby on Rails 6.0.
Add ruby-actionmailbox60 package version 6.0.2.2.
Action Mailbox
Action Mailbox routes incoming emails to controller-like mailboxes for
processing in Rails. It ships with ingresses for Mailgun, Mandrill, Postmark,
and SendGrid. You can also handle inbound mails directly via the built-in
Exim, Postfix, and Qmail ingresses.
The inbound emails are turned into `InboundEmail` records using Active Record
and feature lifecycle tracking, storage of the original email on cloud storage
via Active Storage, and responsible data handling with on-by-default
incineration.
These inbound emails are routed asynchronously using Active Job to one or
several dedicated mailboxes, which are capable of interacting directly with
the rest of your domain model.
You can read more about Action Mailbox in the [Action Mailbox
Basics](https://edgeguides.rubyonrails.org/action_mailbox_basics.html) guide.
This is for Ruby on Rails 6.0.
Update pear-Mail_Mime to 1.10.7.
1.10.7 (2020-03-01 02:55 UTC)
Changelog:
* Fix invalid Content-Type for messages with only html part and inline
images [alec]
v2.3.10
* Disable retpoline migitations by default. These can cause severe
performance regressions, so they should be only enabled when
applicable.
* IMAP MOVE now commits transactions in batches of 1000 mails. This
helps especially with lazy_expunge when moving a lot of mails. It
mainly avoids situations where multiple IMAP sessions are running the
same MOVE command and duplicating the mails in the lazy_expunge folder.
With this change there can still be some duplication, but the MOVE
always progresses forward. Also if the MOVE fails at some point, the
changes up to the last 1000 mails are still committed instead of
rolled back. Note that the COPY command behavior hasn't changed,
because it is required by IMAP standard to be an atomic operation.
* IMAP EXPUNGE and CLOSE now expunges mails in batches of 1000 mails.
This helps especially with lazy_expunge when expunging a lot of mails
(e.g. millions) to make sure that the progress always moves forward
even if the process is killed.
* Autoexpunging now expunges mails in batches of 1000 mails. This helps
especially with lazy_expunge when expunging a lot of mails
(e.g. millions) to make sure that the progress always moves forward
even if the process is killed.
+ Add tool for generating sysreport called dovecot-sysreport.
This generates a bundle of information usually needed for support
requests.
+ Add support for the new IMAP \Important SPECIAL-USE flag (RFC 8457).
+ Add metric { group_by } setting. This allows automatically creating
new metrics based on the fields you want to group statistics by.
NOTE: This feature is considered experimental and syntax is subject
to change in future release.
+ auth: Support SCRAM-SHA-256 authentication mechanism.
+ imap: Support the new IMAP STATUS=SIZE extension.
+ Use TCP_QUICKACK to reduce latency for some TCP connections.
+ quota-status: Made the service more robust against erroneous use with
Postfix ACL policies other than smtpd_recipient_restrictions.
+ Add "revision" field support to imap_id_send setting. Using
"revision *" will send in IMAP ID command response the short commit
hash of the Dovecot git source tree HEAD (same as in dovecot --version).
+ IMAP ENVELOPE includes now all addresses when there are multiple
headers (From, To, Cc, etc.) The standard way of having multiple
addresses is to just list them all in a single header. It's
non-standard to have multiple headers. However, since MTAs allow these
mails to pass through and different software may handle them in
different ways, it's better from security point of view to show all
the addresses.
+ Event filters now support using "field_name=" to match a field that
doesn't exist or has an empty value. For example use "error=" to match
only events that didn't fail.
- acl: INBOX ACLs shouldn't apply for IMAP GETMETADATA/SETMETADATA
commands.
- cassandra: CASS_ERROR_SERVER_WRITE_FAILURE error should also be
treated as "uncertain write failure".
- dict-redis: Using quota_clone configured with dict-redis could have
crashed when Redis responded slowly.
- imap-hibernate: Communication trouble with imap-master leads to
segfault.
- imap-hibernate: Unhibernation retrying wasn't working.
- imap: Fixed auth lookup privilege problem when imap process was reused
and user was being un-hibernated.
- Fix potential crash when copying/moving mails within the same folder.
This happened only when there were a lot of fields in dovecot.index.cache.
- lib-index: Recreating dovecot.index.cache file could have crashed when
merging bitmask fields.
- lib-index: Using public/shared folders with INDEXPVT configured to use
private \Seen flags, trying to search seen/unseen in an empty folder
crashes with segfault.
- lib-mail: Large base64-encoded mails weren't decoded properly.
This could have affected searching/indexing mails and message snippet
generation.
- lib-mail: Message with only quoted text could have caused message
snippet to ignore its 200 character limit and return the entire
message. This was added also to dovecot.index.cache file, which
increased disk space and memory usage unnecessarily.
v2.3.9.2 regression (previous versions cached the quoted snippet as
empty). In a large mail quoted text could have become wrongly added
to the snippet, possibly mixed together with non-quoted text.
- lib-smtp: client could have assert-crashed if STARTTLS handshake
finished earlier than usually.
- lib-ssl-iostream: remove -static flag for lib-ssl-iostream linking to
prevent a compile issue.
- lib-storage: Mailbox synchronization may have assert-crashed in some
rare situations.
- lib-storage: mdbox didn't preserve date.saved with dsync.
- lib: Don't require EAI_{ADDRFAMILY,NODATA}, breaks FreeBSD
- master: Some services could respawn unthrottled if they crash during
startup.
- push-notification: Do not send push_notification_finished event if
nothing was done. This happens when mail transaction is started and
ended with no changes.
- quota-status: Addresses with special characters in the local part caused
problems in the interaction between Postfix and Dovecot. Postfix sent
its own internal representation in the recipient field, while Dovecot
expected a valid RFC5321 mailbox address.
- submission-login: SESSION was not correctly encoded field for the
XCLIENT command. Particularly, a '+' character introduced by the
session ID's Base64 encoding causes problems.
- submission: Fix submission_max_mail_size to work correctly on 32-bit
systems.
- submission: Trusted connections crashed in second connection's EHLO
if submission-login { service_count } is something else than 1 (which
is the default).
- submission: XCLIENT command was never used in the protocol exchange
with the relay MTA when submission_backend_capabilities is configured,
even when the relay MTA was properly configured to accept the XCLIENT
command.
2020-03-13 Richard Russon <rich@flatcap.org>
* Features
- UI: add number of old messages to sidebar_format
- UI: support ISO 8601 calendar date
- UI: fix commands that don’t need to have a non-empty mailbox to be valid
- PGP: inform about successful decryption of inline PGP messages
- PGP: try to infer the signing key from the From address
- PGP: enable GPGMe by default
- Notmuch: use query as name for vfolder-from-query
- IMAP: add network traffic compression (COMPRESS=DEFLATE, RFC4978)
- Header cache: add support for generic header cache compression
* Bug Fixes
- Fix uncollapse_jump
- Only try to perform entire-thread on maildir/mh mailboxes
- Fix crash in pager
- Avoid logging single new lines at the end of header fields
- Fix listing mailboxes
- Do not recurse a non-threaded message
- Fix initial window order
- Fix leaks on IMAP error paths
- Notmuch: compose(attach-message): support notmuch backend
- Fix IMAP flag comparison code
- Fix $move for IMAP mailboxes
- Maildir: maildir_mbox_check_stats should only update mailbox stats if requested
- Fix unmailboxes for virtual mailboxes
- Maildir: sanitize filename before hashing
- OAuth: if 'login' name isn't available use 'user'
- Add error message on failed encryption
- Fix a bunch of crashes
- Force C locale for email date
- Abort if run without a terminal
* Changed Config
- `$crypt_use_gpgme` - Now defaults to 'yes' (enabled)
- `$abort_backspace` - Hitting backspace against an empty prompt aborts the prompt
- `$abort_key` - String representation of key to abort prompts
- `$arrow_string` - Use an custom string for arrow_cursor
- `$crypt_opportunistic_encrypt_strong_keys` - Enable encryption only when strong a key is available
- `$header_cache_compress_dictionary` - Filepath to dictionary for zstd compression
- `$header_cache_compress_level` - Level of compression for method
- `$header_cache_compress_method` - Enable generic hcache database compression
- `$imap_deflate` - Compress network traffic
- `$smtp_user` - Username for the SMTP server
* Translations
- 100% Lithuanian
- 81% Spanish
- 78% Russian
* Build
- Add libdebug
- Rename public headers to lib.h
- Create libcompress for compressed folders code
- Enable Cirrus CI for FreeBSD
* Code
- Refactor Windows and Dialogs
- Lots of code tidying
- Refactor: mutt_addrlist\_{search,write}
- Lots of improvements to the Config code
- Use Buffers more pervasively
- Unify API function naming
- Rename library shared headers
- Refactor libconn gui dependencies
- Refactor: init.[ch]
- Refactor config to use subsets
- Config: add path type
- Remove backend deps from the connection code
* Upstream
- Allow ~b ~B ~h patterns in send2-hook
- Rename smime oppenc mode parameter to get_keys_by_addr()
- Add $crypt_opportunistic_encrypt_strong_keys config var
- Fix crash when polling a closed ssl connection
- Turn off auto-clear outside of autocrypt initialization
- Add protected-headers="v1" to Content-Type when protecting headers
- Fix segv in IMAP postponed menu caused by reopen_allow
- Adding ISO 8601 calendar date
- Fix $fcc_attach to not prompt in batch mode
- Convert remaining mutt_encode_path() call to use struct Buffer
- Fix rendering of replacement_char when Charset_is_utf8
- Update to latest acutest.h
CVhangelog:
68.6.0
new
Thunderbird now displays a popup window when starting up on a new
profile
changed
Thunderbird now provides partial updates resulting in smaller
downloads
fixed
Searching in message bodies led to false negatives under some
circumstances in quoted-printable encoded HTML bodies
"Get New Messages for All Accounts" not working for OAuth2-authenticated
IMAP accounts
Various security fixes
#CVE-2020-6805: Use-after-free when removing data about origins
#CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
#CVE-2020-6807: Use-after-free in cubeb during stream destruction
#CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
#CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
#CVE-2020-6814: Memory safety bugs fixed in Thunderbird 68.6
68.0.5
new
Support for Client Identity IMAP/SMTP Service Extension
Support for OAuth 2.0 authentication for POP3 accounts
fixed
Status area goes blank during account setup
Calendar: Could not remove color for default categories
Calendar: Prevent calendar component loading multiple times
Calendar: Today pane did not retain width between sessions
Various security fixes
#CVE-2020-6793: Out-of-bounds read when processing certain email messages
#CVE-2020-6794: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords
#CVE-2020-6795: Crash processing S/MIME messages with multiple signatures
#CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX
#CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection
#CVE-2020-6792: Message ID calculcation was based on uninitialized data
#CVE-2020-6800: Memory safety bugs fixed in Thunderbird 68.5
Disable OpenSSL support, since this still breaks with OpenSSL 1.1.
It can maybe be re-enabled at a later date.
I'm not sure if this software is still maintained, but it seems useful
enough without the crypto support.
Update ruby-mime-types to 3.3.1.
## 3.3.1 / 2019-12-26
* 1 minor bugfix:
* Al Snow fixed a warning with MIME::Types::Logger producing a warning
because Ruby 2.7 introduces numbered block parameters. Because of the
way that the MIME::Types::Logger works for deprecation messages, the
initializer parameters had been named `_1`, `_2`, and `_3`. This has
now been resolved. [#146][]
* Administrivia:
* Olle Jonsson removed an outdated Travis configuration option (`sudo:
false`). [#142][]
upstream changes:
-----------------
fetchmail-6.4.2 (released 2020-02-14, 27473 LoC):
## BREAKING CHANGES:
* fetchmailconf now supports Python 3 and currently requires the "future"
package, see https://pypi.org/project/future/.
* fetchmailconf: The minimum supported version is now Python 2.7.13, but it is
recommended to use at least 2.7.16 (due to its massive SSL updates).
Older Python versions may check SSL certificates not strictly enough,
which may cause fetchmail to complain later, if the certificate verify fails.
* fetchmailconf now autoprobes SSL-wrapped connections (ports 993 and 995 for
IMAP and POP3) as well and by preference.
* fetchmailconf now defaults newly created users to "ssl" if either of the
existing users sets ssl, or if the server has freshly been probed and
found supporting ssl.
There is a caveat: adding a user to an existing server without probing it
again may skip adding ssl. (This does not prevent STARTTLS.)
## BUG FIXES:
* Fix three bugs in fetchmail.man (one unterminated string to .IP macro, one
line that ran into a .PP macro, .TH date format), and remove one .br request
from inside the table, which is unsupported by FreeBSD 12's mandoc(1)
formatter. FreeBSD Bug#241032, reported by Helge Oldach.
* Further man page fixes and additions by Chris Mayo and Gregor Zattler.
* When evaluating the need for STARTTLS in non-default configurations (SSL
certificate validation turned off), fetchmail would only consider --sslproto
tls1 as requiring STARTTLS, now all non-empty protocol versions do.
* fetchmailconf now properly writes "no sslcertck" if sslcertck is disabled.
* fetchmailconf now catches and reports OS errors (including DNS errors) when
autoprobing. Reported as Gitlab issue #12 by Sergey Alirzaev.
* fetchmailconf received a host of other bugfixes, see the Git commit log.
## CHANGES:
* Make t.smoke more robust and use temporary directory as FETCHMAILHOME, to make
sure that the home directory resolves for the user running the test suite
even if the environment isn't perfect. Reported by Konstantin Belousov,
analysed by Corey Halpin, FreeBSD Bug#240914.
## UPDATED TRANSLATION - THANKS TO:
* zh_CN: Boyuan Yang [Chinese (simplified)]
### GMime 3.2.6
* Added methods to get 64-bit timestamps for the creation-date and expiration-date of
GMimeCertificates and GMimeSignatures. (issue #68)
* Fixed the vala abstract public constructor for GMimeObject. (issue #76)
* Fixed a bug in GMimeParser's header parser. (issue #78)
* Added build files for Visual Studio 2017 thanks to Vitaliy Didik.
This release fixes a potential memory corruption issue when sync'ing imap
mailboxes. It also improves the speed of opening mailboxes with large threads
(when sorting by thread). Lastly, it changes the default of $ssl_force_tls
back to unset.
1.13.4 (2020-02-15):
! Bug fix release.
! $ssl_force_tls reverted to default unset. Defaulting this set was
overly optimistic, and caused breakage.
Update dovecot2 to 2.3.9.3, security release.
v2.3.9.3 2019-02-12 Aki Tuomi <aki.tuomi@open-xchange.com>
* CVE-2020-7046: Truncated UTF-8 can be used to DoS
submission-login and lmtp processes.
* CVE-2020-7957: Specially crafted mail can crash snippet generation.
upstream changes:
-----------------
Fixed in all supported stable releases:
Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were broken while adding support for negative DNS response caching in postscreen. Postfix was inadvertently changed to call res_query() instead of res_search(). Reported by Jaroslav Skarvada.
Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro overrides from a Milter application. Postfix now evaluates the Milter macros for an SMTP CONNECT event after the Postfix-to-Milter connection is negotiated. Problem reported by David Bürgin.
Bug (introduced: Postfix 3.0): sanitize (remote) server responses before storing them in the verify database, to avoid Postfix warnings about malformed UTF8. Found during code maintenance.
upstream changes:
-----------------
2.3: 04 Feb 2020
* [Conf] SPF is no longer a C module
* [Conf] Update spamtrap map path example
* [CritFix] Fix html entities decoding
* [CritFix] Fix re cache when mix of pcre and hyperscan is used
* [Feature] Allow milter code to deal with multiple headers
* [Feature] Antivirus: Add avast support
* [Feature] Dkim_signing: Allow to sign via milter_headers
* [Feature] Implement content hashes
* [Feature] Lua_text: Add regexp split iterator method
* [Feature] Lua_text: Implement flattening of the input tables
* [Feature] Send quit command to Redis
* [Feature] Speed up is_ascii function
* [Feature] Spf: Add external_relay option
* [Fix] Avoid double escaping
* [Fix] Fix O(N^2) algorithm
* [Fix] Fix arc seal validation
* [Fix] Fix base tag processing according to stupid HTML renderer behaviour
* [Fix] Fix dealing with `\0` in ucl strings and JSON
* [Fix] Fix gpg parts misdetection
* [Fix] Fix ignored symbols exporting
* [Fix] Fix processing of numeric url's
* [Fix] Fix processing of the closed tcp connections
* [Fix] Fix regexp type check for pcre2
* [Fix] Fix urls encode function
* [Fix] Fix urls shifting when doing decode to include separators
* [Fix] Fix white on white rule and add is_leaf flag
* [Fix] Further fixes in charset detection
* [Fix] Ignore diacritics in chartable module for specific languages
* [Fix] Limit size of symbols options by max_opts_len option
* [Fix] More fixes in html tag content calculations
* [Fix] Plug memory leak in fuzzy storage
* [Fix] Process high priority settings even if settings/id has been specified
* [Fix] Select a different upstream on last retransmit
* [Fix] Treat soft hyphen as zero width space
* [Fix] Try harder to watch the lifetime of the key_stat
* [Fix] Use ipv6-mapped-ipv4 addresses in radix trie
* [Project] Add logic to break execution when processing symbols*
* [Project] Add methods to set specific content for mime parts from Lua
* [Project] Lua_content: support PDF files
* [Project] Move dns_tool to using of the rspamd_spf from FFI module
* [Project] Preliminary SPF plugin in Lua
* [Project] Show debug stat for memory pool
* [Project] Some rework about specific data that is now tagged
* [Project] Start reworking of the mempool structure
* [Rework] Allow to add userdata as symbols options
* [Rework] Change mime part specifics handling
* [Rework] Move LRU SPF cache from spf plugin
* [Rework] Rework HTML tags content attachment
* [Rework] Rework options hash structure
* [Rework] Start lua_content library
* [Rework] Stop using of uthash for http headers
* [Rework] Use faster hashing approach for memory pools variables
* [Rules] Add PDF related rules
Changelog:
changed
Calendar: Task and Event tree colours adjusted for the dark theme
fixed
Retrieval of S/MIME certificates from LDAP failed
Address-parsing crash on some IMAP servers when preference mail.imap.use_envelope_cmd was set
Incorrect forwarding of HTML messages caused SMTP servers to respond with a timeout
Calendar: Various parts of the calendar UI stopped working when a second Thunderbird window opened
Update pear-Mail_Mime to 1.10.6.
1.10.6 (2020-01-30)
Changelog:
* Fix different boundary in headers and body when using headers() after
get() [alec]
* Removed phail.php script [alec]
the changelog:
- Play catchup with newer html2text version again
- Workaround timezone parsing bug in dateparser
- Switch to dateparser for PyPI and tests as well
- Register properly the special mark we are using
- Reduce noise level of 'missing time' problems
feed2exec is a simple program that runs custom actions on new RSS feed
items (or whatever feedparser can read). It currently has support for
writing into mailboxes (Maildir folders) or executing commands, but more
actions can be easily implemented through plugins. Email are saved as
multipart plain/HTML and can be sent to arbitrary folders.
Update pear-Mail_Mime to 1.0.5.
1.0.5 (2020-01-24)
Changelog:
* Make sure to not set Content-Transfer-Encoding on multipart messages [alec]
* Added support for calendar invitations with attachments/html/images [jacalben]
## 0.6 (2020-01-18)
* mfwd: prefix Subject with "Fwd:".
* mscan: add dottime formatting.
* mlist: look at maildir/new too for messages.
* Many bug and portability fixes.
pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
pkglint --only "https instead of http" -r -F
With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.
This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
Update roundcube-plugin-zipdownload to 1.4.2.
pkgsrc change:
* Use common patches/distinfo directory with roundcube.
RELEASE 1.4-beta
----------------
- zipdownload: Added option to define size limit for multiple messages download (#5696)
Update roundcube-plugin-password to 1.4.2.
pkgsrc change:
* Use common patches/distinfo directory with roundcube.
RELEASE 1.4.2
-------------
- Password: Fix kpasswd and smb drivers' double-escaping bug (#7092)
RELEASE 1.4-rc2
---------------
- Password: Added ldap_exop driver (#4992)
- Password: Added support for SSHA512 password algorithm (#6805)
RELEASE 1.4-rc1
---------------
- Password: Added 'modoboa' driver (#6361)
- Password: Fix bug where password_dovecotpw_with_method setting could be ignored (#6436)
- Password: Fix bug where new users could skip forced password change (#6434)
- Password: Allow drivers to override default password comparisons (eg new is not same as current) (#6473)
- Password: Allow drivers to override default strength checks (eg allow for 'not the same as last x passwords') (#246)
- Passowrd: Allow drivers to define password strength rules displayed to the user
- Password: Allow separate password saving and strength drivers for use of strength checking services (#5040)
- Password: Add zxcvbn driver for checking password strength (#6479)
- Password: Disallow control characters in passwords
- Password: Add support for Plesk >= 17.8 (#6526)
RELEASE 1.4-beta
----------------
- Password: Support host variables in password_db_dsn option (#5955)
- Password: Automatic virtualmin domain setting, removed password_virtualmin_format option (#5759)
- Password: Added password_username_format option (#5766)
Update roundcube-plugin-enigma to 1.4.2.
pkgsrc change:
* Use common patches/distinfo directory with roundcube.
RELEASE 1.4.2
-------------
- Enigma: Add script to import keys from filesystem to the db storage (for multihost)
RELEASE 1.4.1
-------------
- Enigma: Fix bug where signing option was set to disabled after saving a draft in Elastic skin (#6515)
RELEASE 1.4-rc2
---------------
- Added 'keyservers' option to define list of HKP servers for Enigma/Mailvelope (#6326)
- Enigma: For verified signatures, display the user id associated with the sender address (#5958)
- Enigma: Fix bug where revoked users/keys were not greyed out in key info
- Enigma: Fix error message when trying to encrypt with a revoked key (#6607)
- Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
- Enigma: Fix bug where signature verification could have been skipped for some message structures (#6838)
RELEASE 1.4-rc1
---------------
- Enigma: Update to OpenPGPjs 4.2.1 - fixes user name encoding issues in key generation (#6524)
- Enigma: Fixed multi-host synchronization of private and deleted keys and pubring.kbx file
- Elastic: Fix bug where Enigma options in mail compose could sometimes be ignored (#6515)
RELEASE 1.4-beta
----------------
- Enigma: Add button to send mail unencrypted if no key was found (#5913)
- Enigma: Add options to set PGP cipher/digest algorithms (#5645)
- Enigma: Multi-host support
Changelog:
Changes
Various improvements when setting up an account for a Microsoft Exchange server: Now offers IMAP/SMTP if available, better detection for Office 365 accounts; re-run configuration after password change.
Fixes
Attachments with one or more spaces in their names couldn't be opened under some circumstances
After changing view layout, the message display pane showed garbled content under some circumstances
Tags were lost on messages in shared IMAP folders under some circumstances
Various theme changes to achieve "pixel perfection": Unread icon, "no results" icon, paragraph format and font selector, background of folder summary tooltip
Calendar: Event attendee dialog was not displayed correctly
Various security fixes
Security fixes:
CVE-2019-17026: IonMonkey type confusion with StoreElementHole and FallibleStoreElement
#CVE-2019-17015: Memory corruption in parent process during new content process initialization on Windows
#CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
#CVE-2019-17017: Type Confusion in XPCVariant.cpp
#CVE-2019-17021: Heap address disclosure in parent process during content process initialization on Windows
#CVE-2019-17022: CSS sanitization does not escape HTML tags
#CVE-2019-17024: Memory safety bugs fixed in Thunderbird 68.4.1
Update roundcube ot 1.4.2.
pkgsrc change:
* Use "complete" distfile and avoid downloading each JavaScript libraries.
* Use common patches/distinfo directory.
* Use REPLACE_PHP.
Here is release 1.4.0 announce (2019/11/09):
It's a big honor for me to announce the final release of the long awaited
major version 1.4 of Roundcube webmail.
After more than two years of hard work by Alec and other volunteer
contributors, Roundcube finally gets the responsive skin with full mobile
device support - the Elastic.
In addition to the new UI we introduce these new features:
* Email Resent (Bounce) feature
* Improved [Mailvelope](https://www.mailvelope.com) integration
* Support for Redis and Memcached cache
* Support for SMTPUTF8 and GSSAPI
Plus numerous improvements and bug fixes collected from your precious
feedback as well as updates to recent versions of 3rd party libraries like
jQuery and TinyMCE. See the full changelog in the release notes on the
Github download page [1].
The new Elastic theme, which is the new default skin, is built with LESS
and of course the sources are included. They allow a certain degree of
customization by adjusting some colors and variables using the
`_styles.less` and `_variables.less` files. Please consider customizing
your Roundcube installation in order to make phishing [2] harder. You'll
find guidance in the README.md file inside the skin folder.
This release is considered stable and we encourage you to update your
productive installations after carefully testing the upgrade scenario and
preparing your users to the significant changes in their webmail UI.
Download it from https://roundcube.net/download.
With the release of Roundcube 1.4.0, the previous stable release branches
1.3.x and 1.2.x will change into LTS low maintenance mode which means they
will only receive important security updates but no longer any regular
improvement updates. The 1.1.x series is no longer supported and maintained.
RELEASE 1.4.1 (2019/11/22)
-------------
- Elastic: Change HTML editor widget to improve form flow (#6992)
- Elastic: Fix position of mobile floating action button (#7038)
- Managesieve: Fix locked UI after opening filter frame (#7007)
- Fix PHP warning: "array_merge(): Expected parameter 2 to be an array, null given in sendmail.inc (#7003)
- Fix bug where cache keys could exceed length limit specified in db schema (#7004)
- Fix invalid Signature button state after escaping Mailvelope mode (#7015)
- Fix so 401 error is returned only on failed logon requests (#7010)
- Fix db_prefix handling in queries with `TRUNCATE TABLE <name>` and `UNIQUE <name>` (#7013)
- Fix so update.sh script warns about changed defaults (#7011)
- Fix tables listing routine when DSN contained a database with unsupported suffix (#7034)
- Fix so Elastic is also a default in jqueryui plugin (#7039)
- Fix bug where the Installer would not warn about required schema upgrade (#7042)
RELEASE 1.4.2 (2020/01/01)
-------------
- Plugin API: Make actionbefore, before<action>, actionafter and after<action> events working with plugin actions (#7106)
- Managesieve: Replace "Filter disabled" with "Filter enabled" (#7028)
- Managesieve: Fix so modifier type select wasn't hidden after hiding modifier select on header change
- Managesieve: Fix filter selection after removing a first filter (#7079)
- Markasjunk: Fix marking more than one message as spam/ham with email_learn driver (#7121)
- Installer: Fix DB Write test on SQLite database ("database is locked" error) (#7064)
- Installer: Fix so SQLite DSN with a relative path to the database file works in Installer
- Elastic: Fix contrast of warning toasts (#7058)
- Elastic: Simple search in pretty selects (#7072)
- Elastic: Fix hidden list widget on mobile/tablet when selecting folder while search menu is open (#7120)
- Fix so type attribute on script tags is not used on HTML5 pages (#6975)
- Fix unread count after purge on a folder that is not currently selected (#7051)
- Fix bug where Enter key didn't work on messages list in "List" layout (#7052)
- Fix bug where deleting a saved search in addressbook caused display issue on sources/groups list (#7061)
- Fix bug where a new saved search added after removing all searches wasn't added to the list (#7061)
- Fix bug where a new contact group added after removing all groups from addressbook wasn't added to the list
- Fix bug where Ctype extension wasn't required in Installer and INSTALL file (#7049)
- Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035)
- Fix so use of Ctrl+A does not scroll the list (#7020)
- Fix/remove useless keyup event handler on username input in logon form (#6970)
- Fix bug where cancelling switching from HTML to plain text didn't set the flag properly (#7077)
- Fix bug where HTML reply could add an empty line with extra indentation above the original message (#7088)
- Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107)
- Fix so displayed maximum attachment size depends also on 'max_message_size' (#7105)
- Fix bug where 'skins_allowed' option didn't enforce user skin preference (#7080)
- Fix so contact's organization field accepts up to 128 characters (it was 50)
- Fix bug where listing tables in PostgreSQL database with db_prefix didn't work (#7093)
- Fix bug where 'text' attribute on body tag was ignored when displaying HTML message (#7109)
- Fix bug where next message wasn't displayed after delete in List mode (#7096)
- Fix so number of contacts in a group is not limited to 200 when redirecting to mail composer from Contacts (#6972)
- Fix malformed characters in HTML message with charset meta tag not in head (#7116)
qmail-remote. The benefits:
- Fast and small: written in plain C
- IPv6 clean
- Many antispam modules included, e.g. SPF, IP blacklists, domain
blacklists, badmailfrom, helo filtering
- Easy API to add your own spamfilters
- For vpopmail hosts: does not create bounces for non-existing users
- Tested: includes unit tests, nightly checks available at
<http://my.cdash.org/index.php?project=Qsmtp>
Enigmail 2.1.5
Released 2019-12-31, works with Thunderbird 68 and Postbox 7.
Notable Changes
This is a maintenance release.
Bugs fixed:
Security issue: unsigned MIME parts displayed as signed
Ensure that upgrading GnuPG 2.0.x to 2.2.x upgrade converts keyring format
Make Enigmail Compatible with Protected-Headers spec, draft 2
See list of fixed defects for more fixed issues.
Enigmail 2.1.4
Released 2019-12-12, works with Thunderbird 68 and Postbox 7.
Notable Changes
This is a maintenance release.
Bugs fixed:
Mixed classic/pEp mode on startup if the pEp Engine is not fully operational
Key Management menu bar unreadable on dark themes
OpenPGP column re-appears after every startup
"Attach my public key to message" option is not restored properly
Better activity feedback in the "Create OpenPGP Key" window
Automatic updating GnuPG does not work
See list of fixed defects for more fixed issues.
upstream cheanges:
------------------
fetchmail-6.4.1 (released 2019-09-28, 27473 LoC):
## REGRESSION FIXES:
* The bug fix Debian Bug#941129 was incomplete and caused
+ a regression in the default file locations, so that fetchmail was no longer
able to find its configuration files in some situations.
Reported by Cy Schubert.
+ a regression under _FORTIFY_SOURCE where PATH_MAX > minimal _POSIX_PATH_MAX.
--------------------------------------------------------------------------------
fetchmail 6.4.0 (released 2019-09-27, 27429 LoC):
# NOTE THAT FETCHMAIL IS NO LONGER PUBLISHED THROUGH IBIBLIO.
* They have stopped accepting submissions and consider themselves an archive.
## SECURITY FIXES THAT AFFECT BEHAVIOUR AND MAY REQUIRE RECONFIGURATION
* Fetchmail no longer supports SSLv2.
* Fetchmail no longer attempts to negotiate SSLv3 by default,
even with --sslproto ssl23. Fetchmail can now use SSLv3, or TLSv1.1 or a newer
TLS version, with STLS/STARTTLS (it would previously force TLSv1.0 with
STARTTLS). If the OpenSSL version used at build and run-time supports these
versions, --sslproto ssl3 and --sslproto ssl3+ can be used to re-enable SSLv3.
Doing so is discouraged because the SSLv3 protocol is broken.
Along the lines suggested - as patch - by Kurt Roeckx, Debian Bug #768843.
While this change is supposed to be compatible with common configurations,
users may have to and are advised to change all explicit --sslproto ssl2
(change to newer protocols required), --sslproto ssl3, --sslproto tls1 to
--sslproto auto, so that they can benefit from TLSv1.1 and TLSv1.2 where
supported by the server.
The --sslproto option now understands the values auto, ssl3+, tls1+, tls1.1,
tls1.1+, tls1.2, tls1.2+, tls1.3, tls1.3+ (case insensitively), see CHANGES
below for details.
* Fetchmail defaults to --sslcertck behaviour. A new option --nosslcertck to
override this has been added, but may be removed in future fetchmail versions
in favour of another configuration option that makes the insecurity in using
this option clearer.
## SECURITY FIXES
* Fetchmail prevents buffer overruns in GSSAPI authentication with user names
beyond c. 6000 characters in length. Reported by Greg Hudson.
## CHANGED REQUIREMENTS
* fetchmail 6.4.0 is written in C99 and requires a SUSv3 (Single Unix
Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with
XSI extension) compliant system. For now, a C89 compiler should also work
if the system is SUSv3 compliant.
In particular, older fetchmail versions had workaround for several functions
standardized in the Single Unix Specification v3, these have been removed.
The trio/ library has been removed from the distribution.
## CHANGES
* fetchmail 6.3.X is unsupported.
* fetchmail now configures OpenSSL support by default.
* fetchmail now requires OpenSSL v1.0.2 or newer.
* Fetchmail now supports --sslproto auto and --sslproto tls1+ (same as ssl23).
* --sslproto tls1.1+, tls1.2+, and tls1.3+ are now supported for
auto-negotiation with a minimum specified TLS protocol version, and --sslproto
tls1.1, --sslproto tls1.2 and --sslproto tls1.3 to force the specified TLS
protocol version. Note that tls1.3 requires OpenSSL v1.1.1 or newer.
* Fetchmail now detects if the server hangs up prematurely during SSL_connect()
and reports this condition as such, and not just as SSL connection failure.
(OpenSSL 1.0.2 reported incompatible with pop3.live.com by Jerry Seibert).
* A foreground fetchmail can now accept a few more options while another copy is
running in the background.
* fetchmail now handles POP3 --keep UID lists more efficiently, by using Rainer
Weikusat's P-Tree implementation. This reduces the complexity for handling
a large UIDL from O(n^2) to O(n log n) and becomes noticably faster with
thousands of kept messages.
(IMAP does not currently track UIDs and is unaffected.)
At the same time, the UIDL emulation code for deficient servers has been
removed. It never worked really well. Servers that do not implement the
optional UIDL command only work with --fetchall option set, which in itself is
incompatible with the --keep option (it would cause message duplication).
* fetchmail, when setting up TLS connections, now uses SSL_set_tlsext_host_name()
to set up the SNI (Server Name Indication). Some servers (for instance
googlemail) require SNI when using newer SSL protocols.
* Fetchmail now sets the expected hostname through OpenSSL 1.0.2's new
X509_VERIFY_PARAM_set1_host() function to enable OpenSSL's native certificate
verification features.
* fetchmail will drop the connection when fetching with IMAP and receiving an
unexpected untagged "* BYE" response, to work around certain faulty servers.
* The FETCHMAIL_POP3_FORCE_RETR environment variable is now documented,
it forces fetchmail, when talking POP3, to always use the RETR command,
even if it would otherwise use the TOP command.
* Fetchmail's configure stage will try to query pkg-config or pkgconf for libssl
and libcrypto, in case other system use .pc files to document specific library
dependencies. (contributed by Fabrice Fontaine, GitLab merge request !14.)
* The gethostbyname() API calls and compatibility functions have been removed.
* These translations are shipped but not installed by default because
they have less than 500 translated messages out of 714: el fi gl pt_BR sk tr
-> Greek, Finnish, Galician, Brazilian Portuguese, Slovak, Turkish.
* Fetchmail now refuses delivery if the MDA option contains single-quoted
expansions.
## FIXES
* Fix a typo in the FAQ. Submitted by David Lawyer, Debian Bug#706776.
* Do not translate header tags such as "Subject:". Reported by Gonzalo Pérez de
Olaguer Córdoba, Debian Bug#744907.
* Convert most links from berlios.de to sourceforge.net.
* Report error to stderr, and exit, if --idle is combined with multiple
accounts.
* Point to --idle from GENERAL OPERATION to clarify --idle and multiple
mailboxes do not mix. In response to Jeremy Chadwick's trouble 2014-11-19,
fetchmail-users mailing list.
* Fix SSL-enabled build on systems that do not declare SSLv3_client_method(),
or that #define OPENSSL_NO_SSL3 inside #include <openssl/ssl.h>
Related to Debian Bug#775255. Fixes Debian Bug #804604.
* Version report lists -SSLv3 on SSL-enabled no-ssl3 builds.
* Fetchmail no longer adds a NUL byte to the username in GSSAPI authentication.
This was reported to break Kerberos-based authentication with Microsoft
Exchange 2013 by Greg Hudson.
* Set umask properly before writing the .fetchids file, to avoid failing the
security check on the next run. Reported by Fabian Raab,
Fixes Debian Bug#831611.
* When forwarding by LMTP, also check antispam response code when collecting
the responses after the CR LF . CR LF sequence at the end of the DATA phase.
(Contributed by Evil.2000, GitLab merge request !12.)
* fetchmail will not try other protocols after a socket error. This avoids
mismatches of how different prococols see messages as "seen" and re-fetches
of known mail. (Fix contributed by Lauri Nurmi, GitLab Merge Request !10.)
* fetchmail no longer reports "System error during SSL_connect(): Success."
Fixes Debian Bug#928916, reported by Paul Kimoto.
* fetchmailconf would ignore Edit or Delete actions on the first (topmost)
item in a list (no matter if server list, user list, ...).
* The mimedecode feature now properly detects multipart/mixed-type matches, so
that quoted-printable-encoded multipart messages can get decoded.
(Regression in 5.0.0 on 1999-03-27, as a side effect of a PGP-mimedecode fix
attributed to Henrik Storner.)
* FETCHMAILHOME can now safely be a relative path, which will be qualified
through realpath(). Previously, it had to be absolute in daemon mode.
Reported by Alex Andreotti, Debian Bug#941129.
Changes:
1.8.7
-----
- Extend `from' command that sets the envelope from address: the
patterns %U, %H, %C, %M are now replaced with user name, host name,
canonicalized host name, and the contents of /etc/mailname. This is
useful for system-wide installations and is more powerful than the old
auto_from and maildomain commands, which are now deprecated (but still
supported, of course).
1.8.6
-----
- Aliases are now expanded recursively
- Minor bug fixes
* Enable SASL support
Changelog:
This is a long overdue maintenance release:
- SSL now uses SNI, which for example GMail requires
- fixed fallbacks for missing UIDPLUS extension (with e.g. DavMail)
- fixed UIDVALIDITY recovery with really long Message-id headers
- fixed GSSAPI authentication with Kerberos
- fixed support for IMAP servers which do not sort search results (e.g.,
poczta.o2.pl)
- fixed CopyArrivalDate on platforms without glibc
- fixed useless SASL warnings with certain plugins
- the perl 5.14 requirement is now made explicit
- improved OpenBSD support
- fixed a bunch of compiler warnings
Changelog:
68.3.1
Changes
changed
In dark theme unread messages no longer shown in blue to distinguish from tagged messages
changed
Account setup is now using client side DNS MX lookup instead of relying on a server.
Fixes
fixed
Searching LDAP address book crashed in some circumstances
fixed
Message navigation with backward and forward buttons did not work in some circumstances
fixed
WebExtension toolbar icons were displayed too small
fixed
Calendar: Tasks due today were not listed in bold
fixed
Calendar: Last day of long-running events was not shown
68.3.0
What’s New
new
Message display toolbar action WebExtension API
new
Navigation buttons are now available in content tabs, for example those opened via an add-on search
Changes
changed
"New email" icon in Windows systray changed from in-tray with arrow to envelope
Fixes
fixed
Icons of attachments in the attachment pane of the Write window not always correct
fixed
Toolbar buttons of add-ons in the menubar not shown after startup
fixed
LDAP lookup not working when SSL was enabled. LDAP search not working when "All Address Books" was selected.
fixed
Scam link confirmation panel not working
fixed
In Write window, the Link Properties dialog wasn't showing named anchors in context menu
fixed
Calendar: Start-up failed if the application menu is not on the calendar toolbars
fixed
Chat: Account reordering via drag-and-drop not working on Instant messaging status dialog (Show Accounts)
fixed
Various security fixes
Security fixes:
#CVE-2019-17008: Use-after-free in worker destruction
#CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code
#CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher
#CVE-2019-17009: Updater temporary files accessible to unprivileged processes
#CVE-2019-17010: Use-after-free when performing device orientation checks
#CVE-2019-17005: Buffer overflow in plain text serializer
#CVE-2019-17011: Use-after-free when retrieving a document in antitracking
#CVE-2019-17012: Memory safety bugs fixed in Firefox 71, Firefox ESR 68.3, and Thunderbird 68.3
* Fix build with rust-1.39.0
Changelog:
60.9.1:
Fixed
Problem with Google authentication (OAuth2)
60.9.0:
New
Offer to configure Exchange accounts for Office365. A third-party add-on is required for this account type. IMAP still exists as alternative.
Security fixes
#CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
Leaf package.
2019-11-29 Richard Russon <rich@flatcap.org>
* Features
- Add raw mailsize expando (%cr)
* Bug Fixes
- Avoid double question marks in bounce confirmation msg
- Fix bounce confirmation
- fix new-mail flags and behaviour
- fix: browser <descend-directory>
- fix ssl crash
- fix move to trash
- fix flickering
- Do not check hidden mailboxes for new mail
- Fix new_mail_command notifications
- fix crash in examine_mailboxes()
- fix crash in mutt_sort_threads()
- fix: crash after sending
- Fix crash in tunnel's conn_close
- fix fcc for deep dirs
- imap: fix crash when new mail arrives
- fix colour 'quoted9'
- quieten messages on exit
- fix: crash after failed mbox_check
- browser: default to a file/dir view when attaching a file
* Changed Config
- Change $write_bcc to default off
* Translations
- 100% Portuguese (Brazil)
- 92% Polish
* Docs
- Add a bit more documentation about sending
- Clarify $write_bcc documentation.
- Update documentation for raw size expando
- docbook: set generate.consistent.ids to make generated html reproducible
* Build
- fix build/tests for 32-bit arches
- tests: fix test that would fail soon
- tests: fix context for failing idna tests
Changes since version 1.13.0:
! Bug fix release.
+ $sidebar_relative_shortpath_indent, default unset, enables the
indentation and shortpath behavior introduced in 1.13.0.
+ $sidebar_use_mailbox_shortcuts, default unset, displays standard
mailbox shortcuts, '~' and '=' in the sidebar. When unset, the
sidebar will remove a $folder prefix but won't display mailbox
shortcuts.
Update doveot2 to 2.3.9.2, previous fix for CVE-2019-19722 was partial fix.
v2.3.9.2 2019-12-13 Aki Tuomi <aki.tuomi@open-xchange.com>
- Mails with empty From/To headers can also cause crash
in push notification drivers.
Exim version 4.93
-----------------
JH/01 OpenSSL: With debug enabled output keying information sufficient, server
side, to decode a TLS 1.3 packet capture.
JH/02 OpenSSL: Suppress the sending of (stateful) TLS1.3 session tickets.
Previously the default library behaviour applied, sending two, each in
its own TCP segment.
JH/03 Debug output for ACL now gives the config file name and line number for
each verb.
JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause.
JH/05 DKIM: ensure that dkim_domain elements are lowercased before use.
JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible
buffer overrun for (non-chunking) other transports.
JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under
TLS1.3, means that a server rejecting a client certificate is not visible
to the client until the first read of encrypted data (typically the
response to EHLO). Add detection for that case and treat it as a failed
TLS connection attempt, so that the normal retry-in-clear can work (if
suitably configured).
JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part
and/or domain. Found and fixed by Jason Betts.
JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid
configuration). If a CNAME target was not a wellformed name pattern, a
crash could result.
JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when
the OS reports them interleaved with other addresses.
JH/10 OpenSSL: Fix aggregation of messages. Previously, when PIPELINING was
used both for input and for a verify callout, both encrypted, SMTP
responses being sent by the server could be lost. This resulted in
dropped connections and sometimes bounces generated by a peer sending
to this system.
JH/11 Harden plaintext authenticator against a badly misconfigured client-send
string. Previously it was possible to cause undefined behaviour in a
library routine (usually a crash). Found by "zerons".
JH/12 Bug 2384: fix "-bP smtp_receive_timeout". Previously it returned no
output.
JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward. Some old
API was removed, so update to use the newer ones.
JH/14 Bug 1891: Close the log file if receiving a non-smtp message, without
any timeout set, is taking a long time. Previously we would hang on to a
rotated logfile "forever" if the input was arriving with long gaps
(a previous attempt to fix addressed lack, for a long time, of initial
input).
HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a
shared (NFS) environment. The length of the tempfile name is now
4 + 16 ("hdr.$message_exim_id") which might break on file
systems which restrict the file name length to lower values.
(It was "hdr.$pid".)
HS/02 Bug 2390: Use message_id for tempfile creation to avoid races in a
shared (NFS) environment.
HS/03 Bug 2392: exigrep does case sensitive *option* processing (as it
did for all versions <4.90). Notably -M, -m, --invert, -I may be
affected.
JH/15 Use unsigned when creating bitmasks in macros, to avoid build errors
on some platforms for bit 31.
JH/16 GnuTLS: rework ciphersuite strings under recent library versions. Thanks
to changes apparently associated with TLS1.3 handling some of the APIs
previously used were either nonfunctional or inappropriate. Strings
like TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM__AEAD:256
and TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_CBC__SHA256:128 replace
the previous TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 .
This affects log line X= elements, the $tls_{in,out}_cipher variables,
and the use of specific cipher names in the encrypted= ACL condition.
JH/17 OpenSSL: the default openssl_options now disables ssl_v3.
JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the
verification result was not updated unless hosts_require_ocsp applied.
JH/19 Bug 2398: fix listing of a named-queue. Previously, even with the option
queue_list_requires_admin set to false, non-admin users were denied the
facility.
JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in
directory-of-certs mode. Previously they were advertised despite the
documentation.
JH/21 The smtp transport option "hosts_noproxy_tls" is now unset by default.
A single TCP connection by a client will now hold a TLS connection open
for multiple message deliveries, by default. Previoud the default was to
not do so.
JH/22 The smtp transport option "hosts_try_dane" now enables all hosts by
default. If built with the facility, DANE will be used. The facility
SUPPORT_DANE is now enabled in the prototype build Makefile "EDITME".
JH/23 The build default is now for TLS to be included; the SUPPORT_TLS define
is replaced with DISABLE_TLS. Either USE_GNUTLS or (the new) USE_OPENSSL
must be defined and you must still, unless you define DISABLE_TLS, manage
the the include-dir and library-file requirements that go with that
choice. Non-TLS builds are still supported.
JH/24 Fix duplicated logging of peer name/address, on a transport connection-
reject under TFO.
JH/25 The smtp transport option "hosts_try_fastopen" now enables all hosts by
default. If the platform supports and has the facility enabled, it will
be requested on all coneections.
JH/26 The PIPE_CONNECT facility is promoted from experimental status and is now
controlled by the build-time option SUPPORT_PIPE_CONNECT.
PP/01 Unbreak heimdal_gssapi, broken in 4.92.
JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for
success-DSN messages. Previously the From: header was always the default
one for these; the option was ignored.
JH/28 Fix the timeout on smtp response to apply to the whole response.
Previously it was reset for every read, so a teergrubing peer sending
single bytes within the time limit could extend the connection for a
long time. Credit to Qualsys Security Advisory Team for the discovery.
JH/29 Fix DSN Final-Recipient: field. Previously it was the post-routing
delivery address, which leaked information of the results of local
forwarding. Change to the original envelope recipient address, per
standards.
JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is
requested. Previously not bounce was generated and a log entry of
error ignored was made.
JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917)
JH/32 Introduce a general tainting mechanism for values read from the input
channel, and values derived from them. Refuse to expand any tainted
values, to catch one form of exploit.
JH/33 Bug 2413: Fix dkim_strict option. Previously the expansion result
was unused and the unexpanded text used for the test. Found and
fixed by Ruben Jenster.
JH/34 Fix crash after TLS shutdown. When the TCP/SMTP channel was left open,
an attempt to use a TLS library read routine dereffed a nul pointer,
causing a segfault.
JH/35 Bug 2409: filter out-of-spec chars from callout response before using
them in our smtp response.
JH/36 Have the general router option retry_use_local_part default to true when
any of the restrictive preconditions are set (to anything). Previously it
was only for check_local user. The change removes one item of manual
configuration which is required for proper retries when a remote router
handles a subset of addresses for a domain.
JH/37 Appendfile: when evaluating quota use (non-quota_size_regex) take the file
link count into consideration.
HS/04 Fix handling of very log lines in -H files. If a -<key> <value> line
caused the extension of big_buffer, the following lines were ignored.
JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in
accordance with RFC 2308. Previously there was no expiry, so a longlived
receive process (eg. due to ACL delays) versus a short SOA value could
surprise.
HS/05 Handle trailing backslash gracefully. (CVE-2019-15846)
JH/39 Promote DMARC support to mainline.
JH/40 Bug 2452: Add a References: header to DSNs.
JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman
parameters. The relevant library call is documented as "Deprecated: This
function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since
3.6.0, DH parameters are negotiated following RFC7919."
HS/06 Change the default of dnssec_request_domains to "*"
JH/42 Bug 2545: Fix CHUNKING for all RCPT commands rejected. Previously we
carried on and emitted a BDAT command, even when PIPELINING was not
active.
JH/43 Bug 2465: Fix taint-handling in dsearch lookup. Previously a nontainted
buffer was used for the filename, resulting in a trap when tainted
arguments (eg. $domain) were used.
JH/44 With OpenSSL 1.1.1 (onwards) disable renegotiation for TLS1.2 and below;
recommended to avoid a possible server-load attack. The feature can be
re-enabled via the openssl_options main cofiguration option.
JH/45 local_scan API: documented the current smtp_printf() call. This changed
for version 4.90 - adding a "more data" boolean to the arguments.
Bumped the ABI version number also, this having been missed previously;
release versions 4.90 to 4.92.3 inclusive were effectively broken in
respect of usage of smtp_printf() by either local_scan code or libraries
accessed via the ${dlfunc } expansion item. Both will need coding
adjustment for any calls to smtp_printf() to match the new function
signature; a FALSE value for the new argument is always safe.
JH/46 FreeBSD: fix use of the sendfile() syscall. The shim was not updating
the file-offset (which the Linux syscall does, and exim expects); this
resulted in an indefinite loop.
JH/47 ARC: fix crash in signing, triggered when a configuration error failed
to do ARC verification. The Authentication-Results: header line added
by the configuration then had no ARC item.
upstream changes:
-----------------
Fix for an Exim interoperability problem when postscreen after-220 checks
are enabled. Bug introduced in Postfix 3.4: the code that detected
"PIPELINING after BDAT" looked at the wrong variable. The warning now says
"BDAT without valid RCPT", and the error is no longer treated as a command
PIPELINING error, thus allowing mail to be delivered. Meanwhile, Exim has
been fixed to stop sending BDAT commands when postscreen rejects all RCPT
commands.
Usability bug, introduced in Postfix 3.4: the parser for key/certificate
chain files rejected inputs that contain an EC PARAMETERS object. While
this is technically correct (the documentation says what types are allowed)
this is surprising behavior because the legacy cert/key parameters will
accept such inputs. For now, the parser skips object types that it does not
know about for usability, and logs a warning because ignoring inputs is not
kosher.
Bug introduced in Postfix 2.8: don't gratuitously enable all after-220
tests when only one such test is enabled. This made selective tests
impossible with 'good' clients. This will be fixed in older Postfix
versions at some later time.
upstream changes:
-----------------
[Conf] Antivirus: Fix the default config
[Feature] Add verdict library in lua
[Feature] Allow exception when choosing upstream
[Feature] Allow to disable symbols from the metric config
[Feature] Allow to limit maps per specific worker
[Feature] Always validate Rspamd protocol output
[Feature] Antivirus: Add preliminary virustotal support
[Feature] Clickhouse: Rework Clickhouse collection logic
[Feature] Improve base64 usage
[Feature] Shutdown timeout is now associated with task timeout
[Fix] #3129 Multiple classifiers on redis working incorrectly
[Fix] Allow real upstreams configuration
[Fix] Another try to fix slow callbacks and timers
[Fix] Check results of write message as SSL can bork them
[Fix] Clickhouse: Avoid potential races in collection
[Fix] Clickhouse: Fix periodic script
[Fix] Fail DNS upstream on each retransmit attempt
[Fix] Fix consistent hashing when upstreams are marked inactive
[Fix] Fix issues found
[Fix] Fix off-by-one in retries for the proxy
[Fix] Fix termination
[Fix] Fix upstreams exclusion logic
[Fix] Fix utf8 validation for symbols options and empty strings
[Fix] Oops, fix maps reload
[Fix] Rbl: Allow utf8 lookups for IDN domains
[Fix] Sigh, another try to fix brain-damaged openssl
[Project] Add fast utf8 validation library
[Project] Use own utf8 validation instead of glib
[Rework] Another phase of finish actions rework
[Rework] Further cmake system rework
[Rework] Further isolation of the controller’s functions
[Rework] Make cmake structure more modular
[Rework] Move cmake modules to a dedicated path
[Rework] Replace controller functions by any scanner worker if needed
[Rework] Rework final scripts logic
[Rework] Rewrite rspamd_str_make_utf_valid function
ftp.cyrusimap.org has been down for months. Asked about this on the
cyrus-info mailinglist months ago with no responses. So lets drop it from
MASTER_SITES.
The directory old on the ftp is also available in the http download so I
added that to MASTER_SITES as well.
v0.5.9:
+ Added events for Sieve and ManageSieve, see
https://doc.dovecot.org/admin_manual/list_of_events/#pigeonhole
+ Pigeonhole: Implement the Sieve "special-use" extension described in
RFC 8579.
- duplicate: Test only compared the handles which would cause
different values to be cached as the same duplicate test. Fix to also
compare the actual hashes.
- imap_sieve_filter: IMAP FILTER Command had various bugs in error
handling. Errors may have been duplicated for each email, errors
may have been missing entirely, command tag and ERRORS/WARNINGS
parameters were swapped.
v2.3.9:
* Changed several event field names for consistency and to avoid
conflicts in parent-child event relationships:
* SMTP server command events: Renamed "name" to "cmd_name"
* Events inheriting from a mailbox: Renamed "name" to "mailbox"
* Server connection events have only "remote_ip", "remote_port",
"local_ip" and "local_port".
* Removed duplicate "client_ip", "ip" and "port".
* Mail storage events: Removed "service" field.
Use "service:<name>" category instead.
* HTTP client connection events: Renamed "host" to "dest_host" and
"port" to "dest_port"
* auth: Drop Postfix socketmap support. It hasn't been working
with recent Postfix versions for a while now.
* push-notification-lua: The "subject" field is now decoded to UTF8
instead of kept as MIME-encoded.
+ push-notification-lua: Added new "from_address", "from_display_name",
"to_address" and "to_display_name" fields. The display names are
decoded to UTF8.
+ Added various new fields to existing events.
See http://doc.dovecot.net/admin_manual/list_of_events.html
+ Add lmtp_add_received_header setting. It can be used to prevent LMTP
from adding "Received:" headers.
+ doveadm: Support SSL/STARTTLS for proxied doveadm connections based on
doveadm_ssl setting and proxy ssl/tls settings.
+ Log filters support now "service:<name>", which matches all events for
the given service. It can also be used as a category.
+ lib: Use libunwind to get abort backtraces with function names
where available.
+ lmtp: When the LMTP proxy changes the username (from passdb lookup)
add an appropriate ORCPT parameter.
- lmtp: Add lmtp_client_workarounds setting to implement workarounds for
clients that send MAIL and RCPT commands with additional spaces before
the path and for clients that omit <> brackets around the path.
See example-config/conf.d/20-lmtp.conf.
- lda/lmtp: Invalid MAIL FROM addresses were rejcted too aggressively.
Now mails from addresses with unicode characters are delivered, but
their Return-Path header will be <> instead of the given MAIL FROM
address.
- lmtp: The lmtp_hdr_delivery_address setting is ignored.
- imap: imap_command_finished event's "args" and "human_args" parameters
were always empty.
- mbox: Seeking in zlib and bzip2 compressed input streams didn't work
correctly.
- imap-hibernate: Process crashed when client got destroyed while it was
attempted to be unhibernated, and the unhibernation fails.
- *-login: Proxying may have crashed if SSL handshake to the backend
failed immediately. This was unlikely to happen in normal operation.
- *-login: If TLS handshake to upstream server failed during proxying,
login process could crash due to invalid memory access.
- *-login: v2.3 regression: Using SASL authentication without initial
response may have caused SSL connections to hang. This happened often
at least with PHP's IMAP library.
- *-login: When login processes are flooded with authentication attempts
it starts logging errors about "Authentication server sent unknown id".
This is still expected. However, it also caused the login process to
disconnect from auth server and potentially log some user's password
in the error message.
- dict-sql: SQL prepared statements were not shared between sessions.
This resulted in creating a lot of prepared statements, which was
especially inefficient when using Cassandra backend with a lot of
Cassandra nodes.
- auth: auth_request_finished event didn't have success=yes parameter
set for successful authentications.
- auth: userdb dict - Trying to list users crashed.
- submission: Service could be configured to allow anonymous
authentication mechanism and anonymous user access.
- LAYOUT=index: Corrupted dovecot.list.index caused folder creation to
panic.
- doveadm: HTTP server crashes if request target starts with double "/".
- dsync: Remote dsync started hanging if the initial doveadm
"dsync-server" command was sent in the same TCP packet as the
following dsync handshake. v2.3.8 regression.
- lib: Several "input streams" had a bug that in some rare situations
might cause it to access freed memory. This could lead to crashes or
corruption.
The only currently known effect of this is that using zlib plugin with
external mail attachments (mail_attachment_dir) could cause fetching
the mail to return a few bytes of garbage data at the beginning of the
header. Note that the mail wasn't saved corrupted, but fetching it
caused corrupted mail to be sent to the client.
- lib-storage: If a mail only has quoted content, use the quoted text
for generating message snippet (IMAP PREVIEW) instead of returning
empty snippet.
- lib-storage: When vsize header was rebuilt, newly calculated message
sizes were added to dovecot.index.cache instead of being directly
saved into vsize records in dovecot.index.
- lib: JSON generator was escaping UTF-8 characters unnecessarily.
Fix spurious (may be forged) logs when receiving via IPv6 socket,
and fix sending to IPv6-enabled relay.
Bump PKGREVISION
(no revision bump for libmilter, it's not affected)
- Fixed typos in base.pod and recipes.pod
- Remove re-prompting for port when an invalid service name was
supplied. Just error and exit instead
- Cleaning up error messages that contained extra newlines
- Remove interactive prompts for helo and from when hostname
cannot be determined internally. Just error instead.
- Rearrange internal option definition structure in preparation
for major rework
- Rework how the --show-time-lapse option is tracked internally
and displayed in --dump output
- --protocol's argument was incorrectly marked as optional
- Updating copyright year to 2019
- --use-old-data-tokens was not completely removed, clean up
- --tls-optional-strict was incorrectly marked internally as
optionally accepting an argument
- Fix handling of --option=arg option format which prevented it
from being used with --header and --attach* options
- --attach option processing was calling die() instead of
ptrans/exit on error
- If the arg to --data looks like a file but is not openable,
error and exit instead of using it the file name as the raw
data value
- Add %NEWLINE% as a new --data token
- Small code tidy around %DATE% token replacement
- Enforce key=value format for arguments to --auth-extra and
--auth-map
- Clarify how XCLIENT arguments are grouped in --xclient doc
- Typo in documentation for --ehlo, reported by Konstantin Stephan
- Adding data and dot as valid --drop-after-send and --drop-after
arguments
- Add documentation for missing --quit-after synonym STARTTLS
- Update copyright year to 2019
- --copy-routing should error when no argument given.
- Add validation to --proxy-family (when proxy-version=1) and
--proxy-version options.
- Turn off option bundling. No practical use and it could cause
real confusion (with bundling turned on, -foobar was "-f oobar"
instead of an unknown option.
- Turn on case-sensitivity for configuration options. Needed to
make -S distinct from -s, as documented.
- Add a flag for --dump-mail in the OUTPUT section of --dump
- --version and --help should work even if they aren't the very
first option.
- When processing config file options with no leading '-' and any
environment variable config, prefix the option with '--' for
processing, not '-'. Bandaid for very minor difference between
'-' and '--' option processing which I hope to fix soon.
- Adding an ENVIRONMENT VARIABLES section to the doc.
- Tidying and clarifying the OPTION PROCESSING section of the docs.
- Fix bug causing in "no-" option processing to work unreliably.
- Document the unreliability of using environment variables to unset
other environment variable options with the "no-" prefix.
- Document the general rule that when processing duplicate options,
the last option specified wins, both inter- and intra-method.
- Since there is no inherent order to options provided in environment
variables, sort them before processing to define an order.
- Config file fixes around searching default $SWAKS_HOME, $HOME,
and $LOGDIR locations:
- Searching default locations for the first existing
PATH/.swaksrc did not actually work as documented.
- If none of the default search environment variables was set,
Swaks would not process the "portable" defaults optionally
stored in the actual swaks script.
- Implement --body-attach option to allow more granularity in
setting body information (different mime types, alternatives, etc).
- Fix --attach* option processing to remove possibly ambiguity
- Fix issue with malformed headers. Don't fall over if header
doesn't contain a colon or looks like an illegal continuation.
- Doc fix for default body - %SWAKS_VERSION% missing trailing char.
- --add-header documentation was still referencing a single-char,
no longer valid, replacement token. Replace with the correct token.
Changes since version 1.12.2:
! <half-up> and <half-down> in the pager are now symmetric.
! $ssl_force_tls is now set by default.
! Configure option --with-regex is renamed to --with-bundled-regex.
Most modern OS should be fine using their own regex library. The
rename is to clarify the intention of the option.
! Configure option --disable-doc now only disables the manual generation.
Other parts of the doc directory (man pages, Muttrc file) are generated.
! $user_agent is now unset by default.
! unattachments now has a '*' parameter to remove all attachment counting.
+ Autocrypt support. Enabled via configure option --enable-autocrypt.
Please see the manual for details on how to enable and use this properly.
+ Byte size displays can be customized via new variables $size_show_bytes,
$size_show_mb, $size_show_fractions, $size_units_on_left.
+ $ssl_use_tlsv1_3, default set, allows TLS1.3 connections if supported
by the server.
! format=flowed space stuffing works again, and is performed after every
edit, not just the first time.
+ $browser_sticky_cursor, default set, attempts to keep the cursor on the
same mailbox when performing operations in the browser.
! <display-filename> in the browser menu shows the full path for local and
IMAP mailboxes.
! $sidebar_folder_indent and $sidebar_short_path are now based on previous
entries in the sidebar, allowing them to work on mailboxes outside $folder.
! Sidebar entries are now prefixed with mailbox shortcuts '~' and '='. This
uses the same code as other parts of mutt, for more consistent display.
+ <browse-mailboxes> allows direct access to the mailboxes list from the
index and pager, without having to use a macro. This improves
$browser_sticky_cursor initial selection of the current mailbox.
! <pipe-message> with $pipe_decode set will update MIME headers to decoded
text/plain values.
+ $send_multipart_alternative and $send_multipart_alternative_filter allow
the generation of a multipart/alternative when composing a message. See
their documentation in the manual for more details. Also see
contrib/markdown2html for a sample filter.
+ In the compose menu <view-alt>, <view-alt-text>, <view-alt-mailcap> allow
previewing the output of the $send_multipart_alternative_filter.
! $write_bcc now defaults unset. It no longer affects the Fcc copy, which
will always include the Bcc header.
+ When $count_alternatives is set, Mutt will recurse inside
multipart/alternatives while performing attachment searching and counting.
This affects %X in the index and ~X pattern matching.
Changelog:
Notmuch 0.29.3 (2019-11-27)
===========================
General
-------
Fix for use-after-free in notmuch_config_list_{key,val}.
Fix for double close of file in notmuch-dump.
* 3.17.4
--------
* New HTML viewer plugin: Litehtml viewer
* Added option 'Enable keyboard shortcuts' to the 'Keyboard
shortcuts' frame on /Configuration/Preferences/Other/Miscellaneous
* Compose: implemented copying of attached images to clipboard
* Compose: images and text/uri-list (files) can now be attached by
pasting into the Compose window
* Python plugin: window sizes are now remembered for the Python
console, the 'Open URLs' and the 'Set mailbox order' windows.
* Fancy plugin: the download-link feature now follows redirections
* MBOX export: the Enter key in the dialogue now starts the export
* The date (ISO format) has been added to log timestamps
* Updated translations: Brazilian Portuguese, Catalan, Czech, Danish,
Dutch, French, German, Hungarian, Indonesian, Polish, Portuguese,
Romanian, Russian, Slovak, Spanish, Swedish, Traditional Chinese,
Turkish
* bug fixes:
o bug 1920, 'No automatic NNTP filtering'
o bug 2045, 'address book blocks focus on email window'
o bug 2131, 'Focus stealing after mail check'
o bug 2627, 'Filtering does not work on NNTP'
o bug 3070, 'misbehaving text wrapping when URL chars are
present'
o bug 3838, 'Canceled right-click on message list leaves UI
in inconsistent state'
o bug 3977, 'Fix crashes when some external APIs fail'
o bug 3979, 'Hang (with killing needed) during action which
extracts attachments'
o bug 4029, 'segfault after deleting message in a window'
o bug 4031, 'fingerprint in SSL/TLS certificates for ...
(regress error)'
o bug 4037, 'Fix some small issues'
o bug 4142, 'Translation error on Russian'
o bug 4145, 'proxy server for sending doesn't work'
o bug 4155, 'remember directory of last saving'
o bug 4166, 'corrupted double-linked list'
0 bug 4167, 'Max line length exceeded when forwarding mail'
o bug 4188, 'STL file is sent not as an attachment but as its
base64 representation in plaintext'
o CID 1442278, 'impossible to trigger buffer overflow'
o Make key accelerators from menu work in addressbook window
o save checkbox choices of display/summaries/defaults prefs
o Do not throw an error when cancelling 'Save email as...'.
o occasional crash on drag'n'drop of msgs
o possible stack overflow in vcalendar's Curl data handler
o crash when LDAP address source is defined in index, but
LDAP support is disabled
o crash in Fancy plugin if one of the MIME parts has no
Content-ID
o a few small memory leaks in scan_mailto_url()
o configure script for rare cases where python is not
installed
o incorrect charset conversion in sc_html_read_line().
o markup in 'key not fully trusted' warning in pgpcore
o use after free in rare code path in rssyl_subscribe()
o several memory leaks
o verify_folderlist_xml() for fresh starts
o printf formats for size_t and goffset arguments.
o alertpanel API use in win32 part of mimeview.c
o pid handling in debug output of kill_children_cb()
o incorrect pointer arithmetic in w32_filesel.c
* 3.17.3
--------
* Add support for TLS Server Name Indication (SNI). This enables the
sending of your hostname, if available, to the server so that it
can select the appropriate certificate for your domain. This is
useful for servers which host multiple domains on the same IP
address.
This is a hidden Account preference, 'use_tls_sni', and is enabled
by default.
* SSL/TLS certificate manager: The Delete key will now delete the
selected certificate.
* Window sizes are now remembered for the 'Apply tags' and SSL/TLS
certificate manager windows.
* bug fixes:
o bug 3519, 'Links including umlauts are broken'
o bug 4134, ''Save message to' option not set when it should
be'
o prevent the Tools/SSL/TLS Certificates dialogue from
crashing when certificate filenames contain a fingerprint.
o build on GNU Hurd.
o various build fixes when building without GnuTLS.
* 3.17.2
--------
* Message List: A context menu has been added to the column headers,
it has two entries: a new option, 'Lock column headers', and 'Set
displayed colums'.
* Folder List: A context menu has been added to the column headers,
containing 'Set displayed columns'.
* Preferences: The Display/Summaries option page has been split into
three notebook pages: Folder List, Message List, and Defaults.
The Message List page contains the new 'Lock column headers'
option. The Defaults page contains several new options for new
folders.
* New Folder Properties: It is now possible to control signing and
encrypting options on the Compose page. By default it follows the
Account preferences, but they can be overridden to always sign
and/or encrypt, or never sign/encrypt.
* Saving sent messages: The global preference, 'Save sent messages',
can now be overriden by the Folder Property and Account
preferences. The global preference no longer needs to be activated
for the Account Preference, 'Put sent messages in ...' option to
function. Likewise, the Folder Property, 'Save copy of outgoing
messages to this folder instead of Sent', no longer relies on the
global preference being set.
* SSL/TLS certificates: The SHA-256 fingerprint is now displayed, and
the MD5 fingerprint has been removed.
* SSL/TLS certificates list: Status and Expiry columns have been
added, and expired and invalid certificates are now clearly
indicated.
* QuickSearch: body searches are now quicker.
* QuickSearch: symbols used in Extended searches are now expanded
in the 'Edit' dialogue.
* Re-editing: Flags and tags are now preserved when re-editing a
message.
* Fancy plugin: The minimum required webkitgtk version is now 1.10.0.
* PDF Viewer plugin: Ctrl+scroll now zooms.
* Tools: added cm-break.pl script, which breaks thread references for
the selected messages; textviewer.pl has been updated and now
requires perl 5.14.1.
* The legacy "sylpheed-claws" symlink is no longer installed in the
bindir.
* New translation: Portuguese.
* Updated translations: Brazilian Portuguese, Catalan, Czech, Danish,
Dutch, French, German, Russian, Slovak, Spanish, Swedish, Turkish.
* bug fixes:
o bug 3418, 'Building on a Cross Compiling toolchain doesn't
work'
o bug 3889, 'Address and quoted message inconsistent in
reply'
o bug 4114, 'autogen.sh: Fix argument quoting'
o bug 4115, 'autogen: avoid unwarranted re-configure'
o bug 4120, 'New cert files are created in $HOME instead of
in ~/.claws-mail/certs'
o byg 4121, 'Moving a subfolder in another folder erases its
processing rules' (sic)
o bug 4132, '"Mark all as (un)read" dialog appears when
acting on 1 message only'
o bug 4133, 'trying to read message from an NNTP group (with
all expired articles.'
o regression where mail was not being checked at startup when
it should have been
o links not being opened in browser when Fancy menu is opened
with a keyboard
o show correct address:port in SOCKS5 proxy connection failure
message
o prevent unexpected loss of drafted message
o Quicksearch eating keypresses it didn't handle
o build on Debian 7
o build on FreeBSD, sys/wait.h is needed for WEXITSTATUS
macro
o Reply from mainwindow menu and toolbar when mainwindow's
messageview is hidden
o CID 1438531 Fix wrong test leading to dead code
o CID 1439871 and validate Unicode char strictly
o CID 1439996 and remove unnecessary comparison
o Fancy: left-click on links not opening in browser
o RSSyl: lost processing rules when renaming folder
o annoyance where your current reading is disturbed when a
new msg is filtered into the current folder
o don't leave the user in limbo when privacy system is 'none'
and auto signing/encrypting is set
o several memory leaks
### GMime 3.2.5
* Modified GMimeParser to prevent stack overflows when parsing deeply nested messages.
GMimeParser now has a limit on how deep multipart and/or message/rfc822 MIME part
nesting is allowed to go before the parser will take action to prevent a stack
overflow. If the max level is reached at a message/rfc822 part, then that part
will be consumed by the parser as a generic GMimePart rather than a
GMimeMessagePart. Likewise, if the max level is reached at any type of multipart,
then the content of said multipart will be packed into the GMimeMultipart's
preface and not parsed any further.
* g_mime_multipart_foreach has been rewritten to avoid recursion, thereby avoiding potential
stack overflows.
* The gmime-port-2-6-to-3-0.sh script has been fixed to use proper sed syntax.
AUTOFIX: hacks.mk:5: Replacing "${PKGSRC_COMPILER} == \"ido\"" with "${PKGSRC_COMPILER:Mido}".
The PKGSRC_COMPILER can be a list of chained compilers, e.g. "ccache
distcc clang". Therefore, comparing it using == or != leads to wrong
results in these cases.
Alan Coopersmith (7):
configure: Drop AM_MAINTAINER_MODE
autogen.sh: Honor NOCONFIGURE=1
Update README for gitlab migration
Update configure.ac bug URL for gitlab migration
Use _CONST_X_STRING to make libXt declare String as const char *
Fix -Wsign-compare warning in quit() function
xbiff 1.0.4
Emil Velikov (1):
autogen.sh: use quoted string variables
Kevin Lyda (1):
Clarify how volume works
Mihail Konev (1):
autogen: add default patch prefix
Peter Hutterer (1):
autogen.sh: use exec instead of waiting for configure to finish
2019-11-11 Richard Russon \<rich@flatcap.org\>
* Bug Fixes
- browser: fix directory view
- fix crash in mutt_extract_token()
- force a screen refresh
- fix crash sending message from command line
- notmuch: use nm_default_uri if no mailbox data
- fix forward attachments
- fix: vfprintf undefined behaviour in body_handler
- Fix relative symlink resolution
- fix: trash to non-existent file/dir
- fix re-opening of mbox Mailboxes
- close logging as late as possible
- log unknown mailboxes
- fix crash in command line postpone
- fix memory leaks
- fix icommand parsing
- fix new mail interaction with mail_check_recent
Enigmail 2.1.3
Released 2019-10-20, works with Thunderbird 68 and Postbox 7.
Notable Changes
This release unifies the specific versions for Postbox and Thunderbird.
Bugs fixed:
A bug was fixed in the setup wizard that could lead the wizard to never complete scanning the inbox.
See list of fixed defects for more fixed issues.
pkgsrc changes:
---------------
* Change BUILDLINK_TRANSFORM to BUILDLINK_FNAME_TRANSFORM to appease
pkglint.
* Add c++ to USE_LANGUAGES because the configure step failed.
upstream changes:
-----------------
2.1: 28 Oct 2019
* [Conf] Update neural.conf
* [CritFix] Fix dkim verification for multiple headers listed
* [Feature] Add support of uudecode
* [Feature] Allow to explicitly set events backend
* [Feature] Implement configurable limits for SPF lookups
* [Feature] Lua_scanners: Use lua magic for inclusion/exclusion logic
* [Feature] Multimap: Do not check files in office archives
* [Feature] Neural: Add sampling when storing training vectors
* [Feature] SPF: Allow to disable AAAA checks in configuration
* [Feature] Spf: Add limits configuration support
* [Feature] Store etag in cached HTTP maps + better logging
* [Feature] Support segwit BTC addresses, fix LTC verification
* [Feature] Support uuencoding
* [Fix] Add configurable number of threads for OpenBLAS
* [Fix] Add workaround for ragel 7 in hyperscan related maps code
* [Fix] Another fix for numeric urls parsing
* [Fix] Correct EMA time calculations
* [Fix] Do not treat archives as text
* [Fix] Do not use strdup on data extracted from lua
* [Fix] Fix a failure calcuating URL reputation.
* [Fix] Fix crash due to constructors init order
* [Fix] Fix crash on parts with no cd
* [Fix] Fix empty prefilters that require mime structures
* [Fix] Fix event loop creation
* [Fix] Fix issues sending DMARC reports.
* [Fix] Fix misprint
* [Fix] Fix saving of the file maps
* [Fix] Fix size calculations when converting from utf16
* [Fix] Fix support of disable_monitoring in rbl
* [Fix] Fix use-after-free
* [Fix] Fix zip files check to relax requirements
* [Fix] Important hiredis fixes
* [Fix] Lot's of fixes in maps check logic
* [Fix] Lua_tcp: Deal with temporary fails on write
* [Fix] Lua_tcp: Make write errors fatal and rework error handlers
* [Fix] Meta: Filter some more values
* [Fix] Neural: Add protection agains infinities
* [Fix] Oops, fix math.huge invocation
* [Fix] Plug memory leak
* [Fix] Sigh, another email to string fix
* [Fix] Try to fix another ownership race in ssl connection
* [Fix] Uuencode: Fix parsing of corrupted uuencode
* [Fix] lua_scanners - razor rename need_check function
* [Rework] Require CMake 3.9 to work, remove manual lto crap
2.0: 11 Oct 2019
* [Conf] Add BROKEN_HEADERS_MAILLIST composite
* [Conf] Add path to greylist-whitelist-domains.inc
* [Conf] Clarify documentation in the config files
* [Conf] Introduce maps.d directories
* [Conf] Log settings id by default
* [Conf] Make LEAKED_PASSWORD_SCAM a composite rule again
* [Conf] Move all surbl/emails rules to rbl
* [Conf] Register new Spamhaus codes
* [Conf] Remove configs for deleted modules
* [Conf] Remove surbl parts, fix hash_format attribute
* [Conf] Show autolearn sample
* [Conf] Slashing: Change default stats backend to Redis
* [Conf] Surbl: Utilise new `check_emails` option
* [Conf] Update header
* [Conf] Use multi-prefixes RBLs in the default config
* [CritFix] Deal with case-sensivity in Content-Disposition parser
* [CritFix] Eliminate old endpoint
* [CritFix] Fix case sensivity when parsing Content-Type
* [CritFix] Fix loading of DKIM public keys
* [CritFix] Fix procesing of urls
* [CritFix] Fix whitelisting when both spf and dkim are required to be valid
* [CritFix] Langdet: Fix language detection where no stop words found
* [Feature] Add description to the groups
* [Feature] Add limit for number of URLs in Lua
* [Feature] Add logging of groups to the log_format
* [Feature] Add lua_smtp library
* [Feature] Add maps cache and type refinement
* [Feature] Add p0f scanner
* [Feature] Adopt emails module to use lua_maps
* [Feature] Allow options matching in composites
* [Feature] Allow selectors in rbl module
* [Feature] Allow to output group results
* [Feature] Asn: Allow to use bgpdump when NET::MRT is broken
* [Feature] Calculate tokens occurrences distribution
* [Feature] Clickhouse: Add authenticated user and settings id columns
* [Feature] Clickhouse: Store groups data
* [Feature] Clickhouse: Utilise LowCardinality feature
* [Feature] Implement Redis prefixes registration logic
* [Feature] Implement settings id propagation between deps
* [Feature] Improve AV results caching
* [Feature] Improve autolearning
* [Feature] Improve logging locking logic (remove it actually)
* [Feature] Improve settings processing
* [Feature] Langdet: Limit number of stop words to be checked
* [Feature] Libucl: Allow to sort keys in ucl objects
* [Feature] Lua_config: Extend get symbols method
* [Feature] Lua_maps: Allow static maps for key-value pairs
* [Feature] Lua_mimepart: Add function filter_words
* [Feature] Lua_selectors: Add `words` selector
* [Feature] Lua_selectors: Add sort and uniq transform functions
* [Feature] Lua_selectors: Allow table arguments for selectors
* [Feature] Lua_tcp: Add preliminary support of SSL connections
* [Feature] Lua_trie: More flexible API
* [Feature] Lua_util: Add filter_specific_url function
* [Feature] Lua_util: table_digest can now recursively traverse tables
* [Feature] Maillist: Improve detection
* [Feature] Maps: Allow caching for complex maps
* [Feature] Monitored: Support random lookups
* [Feature] Multimap: Add combined maps prototype
* [Feature] Multimap: Add dependend maps via redis keys selectors
* [Feature] Multimap: Allow multiple email addresses matches
* [Feature] Multimap: Also check detected charset when do filename checks
* [Feature] Output number of messages processed to proctitle
* [Feature] Perform clean SSL shutdown
* [Feature] Performance: Do not use base64 SIMD version for bad inputs
* [Feature] RBL: Support bit results in replies
* [Feature] RBL: Support type specific prefixes
* [Feature] Ratelimit: Consider number of SMTP recipients
* [Feature] Rbl: Add ability to check urls
* [Feature] Rbl: Add resolve_ip based RBLs
* [Feature] Rbl: Make config checks much more strict
* [Feature] Rbl: Support per-rule whitelists
* [Feature] Rbl: Support process script
* [Feature] Rbl: Support replyto addresses
* [Feature] SURBL: Allow to check email domains
* [Feature] Selectors: Add `list` generator
* [Feature] Selectors: Add `specific_urls` extractor
* [Feature] Selectors: Add flatten function
* [Feature] Selectors: Support filter_map and apply_map functions
* [Feature] Store Clickhouse data outside of lua alloc
* [Feature] Support caching for encrypted files and macros
* [Feature] Support images when extracting urls
* [Feature] Support more hyperscan flags
* [Feature] Support protocol flags
* [Feature] URL: Apply stringprep to hostnames to filter garbage
* [Feature] Upstreams: Add lazy resolving logic to all upstreams
* [Feature] Upstreams: Set noresolve flag on numeric upstreams
* [Feature] Use `scores` in apply section
* [Feature] Use maps logic from lua_maps for multimap
* [Feature] Use random monitored in rbl module
* [Feature] lua_scanners - add Razor support
* [Fix] Add another safe-guard in urls processing
* [Fix] Add debug to ssl, fixed write hangs
* [Fix] Add missing groups to C callback symbols
* [Fix] Add more checks for ghosts symbols
* [Fix] Allow to enable or add new actions via settings
* [Fix] Allow to set 0 size for spf/dkim caches
* [Fix] Another bunch of fixes towards protocol mess
* [Fix] Another fix to deal with bad URLs
* [Fix] Arc: Another bunch of fixes for arc signing
* [Fix] Arc: More arc signing fixes
* [Fix] Avoid another overflow in fpconv
* [Fix] Clickhouse: Fix quoting
* [Fix] Clickhouse: Fix retention query quoting
* [Fix] Distinguish empty and non-empty prefilters
* [Fix] Distinguish remote and local addrs parsing
* [Fix] Do not assert if length of sig is bad, just fail verification
* [Fix] Do not assert if we have broken mime boundary in the headers
* [Fix] Do not call implicit strlen to avoid issues
* [Fix] Do not count images urls when checking url regexps for compatibility
* [Fix] Do not output rbl suffix in symbol option
* [Fix] Do not use config pool to avoid issues with double reload
* [Fix] Do not use ephemeral string
* [Fix] Do not use lightuserdata for traceback
* [Fix] Do not use priority in metric registration
* [Fix] Emails: Check email sanity before testing on BL
* [Fix] Emails: Fix misprint in key name
* [Fix] Escape utf in regexp to dodge ragel/hyperscan issue
* [Fix] Extend task_timeout to postfilters stage
* [Fix] Fix ARC signing after fixing another bug in it...
* [Fix] Fix AV scan logic
* [Fix] Fix DMARC_NA behaviour in case of no valid policies
* [Fix] Fix LRU hash iteration logic
* [Fix] Fix alignment mess
* [Fix] Fix configuring symbols without scores
* [Fix] Fix disabling of the actions
* [Fix] Fix dkim signing exceptions
* [Fix] Fix embedded images linking logic
* [Fix] Fix events leak
* [Fix] Fix eviction corner case
* [Fix] Fix fuzzy image score calculation #2962
* [Fix] Fix hang in fuzzy_learn when explicit rotation is set
* [Fix] Fix headers propagation logic
* [Fix] Fix hearbeats restart issue
* [Fix] Fix history reset
* [Fix] Fix log parameter
* [Fix] Fix lua_ip_equal logic
* [Fix] Fix more issues with nested messages + tests
* [Fix] Fix normalization of non-alphabet based languages
* [Fix] Fix offsets when parsing message/rfc822 in multipart
* [Fix] Fix options in rbl symbols
* [Fix] Fix out of bound access in lua logger
* [Fix] Fix out-of-bound read in qp decode
* [Fix] Fix parent CTE propagation
* [Fix] Fix parsing of the received headers with empty part
* [Fix] Fix pending checks for events
* [Fix] Fix printing of NULL pointer with fixed length
* [Fix] Fix race condition in watcher handler
* [Fix] Fix read-after-end in quoted printable decoding
* [Fix] Fix redis sentinel support
* [Fix] Fix registry leak in case of DNS errors
* [Fix] Fix reload logic
* [Fix] Fix sending of large entries via HTTPS
* [Fix] Fix settings reload
* [Fix] Fix some more corner cases for fpconv
* [Fix] Fix trie code when there are regexps and Hyperscan is absent
* [Fix] Further fixes to printing of the FP numbers
* [Fix] Fuzzy_check: Fix timeouts
* [Fix] Grrr, fix empty ip case
* [Fix] Html: Fix processing of fjlig entity
* [Fix] Lang_det: Try better to distinguish Chinese and Japanese
* [Fix] Lua_mime: Fix reversed extensions map
* [Fix] Lua_task: Fix message-less API
* [Fix] Lua_tcp: Report connection failures
* [Fix] Lua_tcp: Various fixes and debugging improvements
* [Fix] Metadata_exporter: This plugin is idempotent not a postfilter
* [Fix] More fixes to extract_specific_urls
* [Fix] More stages fixes
* [Fix] Neural: Another bunch of fixes
* [Fix] Neural: use version in ANN key profile
* [Fix] Postpone lua state destruction to allow lua dtors to be used
* [Fix] Prefer surbl/emails rule on rbl to preserve compatibility
* [Fix] RBL: Fix behaviour of emails_domainonly
* [Fix] Ratelimit: Fix dynamic score
* [Fix] Rbl: Fix emailbl functions
* [Fix] Really fix hyperscan workaround
* [Fix] Set sanity limits for pcre2
* [Fix] Settings: Fix settings check flags
* [Fix] Sort keys when getting data from Lua when filling rules
* [Fix] Statistics: Do not query Redis tokens when there are no learns
* [Fix] Stop IO event on write finished in http connection
* [Fix] Use heuristically detected text parts data
* [Fix] Various fixes to QP encoding algorithm
* [Fix] Various fixes to SSL state machine handler
* [Fix] Various fixes to asn module
* [Fix] Workaround for empty charset in rfc2231 encoding
* [Project] Switch from torch to KANN
* [Project] Add heartbeat events
* [Project] Add preliminary support of the Kaspersky Scan Engine
* [Project] Add preliminary version of maps expressions
* [Project] Add preprocessed settings to the config structure
* [Project] Add simple forward propagation function
* [Project] Add small helpers for migration simplifications
* [Project] Allow to replace body in milter
* [Project] Bundle libev
* [Project] First refactoring step libevent->libev
* [Project] Implement syntax highlighting for Lua
* [Project] Lua_magic: Adopt lua_magic stuff in mime_types
* [Project] Remove libfann, gd and other unsupported stuff
* [Project] Remove torch
* [Project] Rework upstreams
* [Rework] Allow execution of async events when hs compiles regexps
* [Rework] Bayes expiry: eliminate `default` expiration mode
* [Rework] Dkim: Remove signing code
* [Rework] Dkim_signing: Move sign condition to dkim_signing
* [Rework] Do not lowercase all data send to ClickHouse
* [Rework] Drop url tags
* [Rework] Eliminate lua_squeeze as it has shown no improvements
* [Rework] Eliminate virtual scan time as it is useless
* [Rework] Lua core: Use lightuserdata to index classes
* [Rework] Lua_util: Another rework for extract_specific_urls
* [Rework] Migrate from ip_score to reputation
* [Rework] Move mime modification functions to lua_mime library
* [Rework] Rbl: Major whitelisting logic rework
* [Rework] Remove deprecated plugins
* [Rework] Remove log helper worker
* [Rework] Remove rspamd.classifiers.lua
* [Rework] Rename filter.h to a more sane name
* [Rework] Reorganise selectors implementation
* [Rework] Replace linenoise with replxx
* [Rework] Reputation: Remove ipnet from the ip reputation
* [Rework] Reputation: Slashing - change name of symbols
* [Rework] Rework children operations
* [Rework] Rework config reload
* [Rework] Rework expression API
* [Rework] Rework image urls processing
* [Rework] Rework initialisation to reduce static leaks count
* [Rework] Rework request headers processing
* [Rework] Slashing: Change versioning schema - move to 2.0
* [Rework] Slashing: Turn off postfilters when passthrough result is set
* [Rework] Start moving to replxx
* [Rework] Stop support of signed HTTP maps to simplify code
* [Rework] Store ASN as UInt32 in ClickHouse
* [Rework] Url_redirector: Rewrite plugin
* [Rework] Use a dedicated library for autolearn
* [Rework] Use libsodium instead of hand crafted crypto implementations
* [Rework] Use opaque structure to store a table of mime headers
* [Rules] Add dedicated bitcoin addresses filter rule
* [Rules] Add more detection to LEAKED_PASSWORD_SCAM
* [Rules] Catch LTC addresses
* [Rules] Reduce weight of RSPAMD_EMAILBL
* [Rules] Rework LEAKED_PASSWORD_SCAM rule one more time
Update ruby-mime-types to 3.3.
pkgsrc change: Add "USE_LANGUAGES= # none".
## 3.3 / 2019-09-04
* 1 minor enhancement
* Jean Boussier reduced memory usage for Ruby versions 2.3 or higher by
interning various string values in each type. This is done with a
backwards-compatible call that _freezes_ the strings on older
versions of Ruby. [#141][]
* Administrivia:
* Nicholas La Roux updated Travis build configurations. [#139][]
Update ruby-mime-types-data to 3.2019.1009.
pkgsr change: Add "USE_LANGUAGES= # none".
## 3.2019.0331 / 2019-03-31
* Updated the IANA media registry entries as of release date.
* Added support for `application/wasm` with extension `.wasm`. [#21][]
* Fixed `application/ecmascript` extensions. [#20][]
=item Version 3.031
Add an SSL option to connect to the SMTP relay via SSL on port 465. (thanks,
Max Maischein)
Document some tips on using non-ASCII content with MIME::Lite (thanks,
traveljury.com and Tom Hukins)
Changelog:
new
A language for the user interface can now be chosen in the advanced settings (multilingual UI)
fixed
Problem with Google authentication (OAuth2)
fixed
Selected or unread messages not shown in the correct color in the thread pane (message list) under some circumstances
fixed
When using a language pack, names of standard folders weren't localized
fixed
Address book default startup directory in preferences panel not persisted
fixed
Various visual glitches: Conditions in filter editor not high enough, folder location widget not showing folder name, problem with menubar customization, add-on home page links accumulating, theme issues on Windows 7
fixed
Chat: Extended context menu on Instant messaging status dialog (Show Accounts)
* Balsa-2.5.9 release. Release date 2019-10-19
- fix HTML message layout issues.
* Balsa-2.5.8 release. Release date 2019-10-11
Change with respect to 2.5.7
- i18n improvements.
- improved display of HTML messages.
- handling of calendar (vcal) attachments.
- LDAP address book improvements / error handling.
- message presentation refactoring.
- GPGME is a hard requirement now.
- misc bug fixes and code health updates.
Changelog:
new
Message Display WebExtension API
new
Message Search WebExtension API
fixed
Better visual feedback for unread messages when using the dark theme
fixed
Various issues when editing mailing lists
fixed
Integration with macOS addressbook and notifications not working after introduction of notarization
fixed
Application windows not maintaining their size after restart
fixed
Issues when upgrading from a 32bit version of Thunderbird to a 64bit
version. Note: If your profile is still not recognised, selected it
by visiting about:profiles in the Troubleshooting Information.
fixed
Various security fixes
Security fixes:
#CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
#CVE-2019-11758: Potentially exploitable crash due to 360 Total Security
#CVE-2019-11759: Stack buffer overflow in HKDF output
#CVE-2019-11760: Stack buffer overflow in WebRTC networking
#CVE-2019-11761: Unintended access to a privileged JSONView object
#CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
#CVE-2019-11764: Memory safety bugs fixed in Thunderbird 68.2
Changelog:
Notmuch 0.29.2 (2019-10-19)
===========================
General
-------
Fix for file descriptor leak when opening gzipped mail files. Thanks
to James Troup for the bug report and the fix.
Update dovecot2-pigeonhole to 0.5.8.
0.5.8 2019-10-08
Changes
- Sieve may leak resources in rare cases when a redirect, vacation or
report action fails to send the message. This mainly applies when Sieve
is executed in IMAP context; i.e., for the IMAPSIEVE or FILTER=SIEVE
capabilities.
Update dovecot2 and friends to 2.3.8.
2.3.8 2019-10-08
Changes
+ Added mail_delivery_started and mail_delivery_finished events, see
https://doc.dovecot.org/admin_manual/list_of_events/ for details.
+ dsync-replication: Don't replicate users who have "noreplicate" extra
field in userdb.
+ doveadm service status: Show total number of processes created.
+ When logging to syslog, use instance_name setting's value for the
ident. This commonly is added as a log prefix.
+ Base64 encoding/decoding code was rewritten with additional features.
It shouldn't cause any user visible changes.
- v2.3.7 regression: If a folder only receives new mails without any
other mail access, dovecot.index.log keeps growing forever and
dovecot.index keeps being rewritten for every mail delivery.
- dsync-replication may lose keywords after syncing mails restored from
another replica. This only happened if the mail only had keywords and no
system flags.
- event filters: Non-textual event fields could not be filtered using
wildcards.
- auth: Scope parameter was missing from OAuth password grant request.
- doveadm client-server communication may hang in some situations. It is
also using unnecessarily small TCP/IP packet sizes.
- doveadm who and kick did not flush protocol output correctly.
- imap: SETMETADATA with literal value would delete the metadata value
instead of updating it.
- imap: When client issues FETCH PREVIEW (LAZY=FUZZY) command, the
caching decisions should be updated so that newly saved mails will have
the preview cached.
- With mail_nfs_index=yes and/or mail_nfs_storage=yes setuid/setgid
permission bits in some files may have become dropped with some NFS
servers. Changed NFS flushing to now use chmod() instead of chown().
- quota: warnings did not work if quota root was noenforcing
- acl: Global ACL file ignored the last line if it didn't end with LF.
- doveadm stats dump: With JSON formatter output numbers using the
number type instead of as strings
- lmtp_proxy: Ensure that real_* variables are correctly set when using
lmtp_proxy.
- event exporter: http-post driver had hardcoded timeout and did not
support DNS lookups or TLS connections.
- auth: Fix user iteration to work with userdb passwd with glibc v2.28.
- auth: auth service can crash if auth-policy JSON response is invalid
or returned too fast.
- In some rare situations "ps" output could have shown a lot of "?"
characters after Dovecot process titles.
- When dovecot.index.pvt is empty, an unnecessary error is logged:
Error: .../dovecot.index.pvt reset, view is now inconsistent
- SMTP address encoder duplicated initial double quote character when
the localpart of an address ended in '..'. For example
"user+..@example.com" became ""user+.."@example.com in a
sieve redirect.
Update pear-Mail_Mime to 1.10.4.
1.10.4 2019-10-13
* Fix E_STRICT errors introduced in the previous release [alec]
1.10.3 2019-09-25
* Fix deprecation warning for get_magic_quotes_runtime() use on PHP 7.4
Local changes
=============
Cherry-pick a pending patch to fix build with the recent rust version (1.38.0).
esr68 branch fails to build with rust 1.38
https://bugzilla.mozilla.org/show_bug.cgi?id=1585099
Cherry-pick patch from:
https://marc.info/?l=openbsd-ports&m=156984549605237&w=2
Upstream changelog
==================
What's New
fixed Visual glitches: Missing context menu in filter, downloads, password manager and Config Editor search boxes, unwanted scrollbars and cut-off text in Account Manager, incorrect colors in Calendar agenda scrollbars, theme issues on Windows 7
fixed Some attachments couldn't be opened in messages originating from MS Outlook 2016
fixed Address book import form CSV
fixed Performance problem in message body search
fixed Ctrl+Enter to send a message would open an attachment if the attachment pane had focus
fixed Calendar: Issues with "Today Pane" start-up
fixed Calendar: Glitches with custom repeat and reminder number input
fixed Calendar: Problems with WCAP provider
https://www.thunderbird.net/en-US/thunderbird/68.1.2/releasenotes/
2.1.2
This release fixes a regression bug that duplicates the subject with encrypted mails. In addition, several localizations were updated.
2.1.1
This release improves compatibility with Thunderbird 68. In addition, many translations were updated and some defects were fixed.
Bugs fixed:
• When creating encrypted messages with hidden subjects, the subject cannot be restored anymore
• Importing keys attached to emails does not work
• Reading keys from Autocrypt Key Gossip not possible for plaintext emails
• Dark theme / some text hard to read
2.1
Notable Changes
• A new simplified setup wizard will first try to find out if you already used encrypted emails before, and then proceed in the most suitable way.
• On Windows and macOS, there is an automatic check for updates to GnuPG.
• Autocrypt: implemented key-gossip and updates to known keys
• If GnuPG 2.1 or newer are used, then key creation will default to ECC keys
• Interaction with keyservers has been rewritten from scratch, using Thunderbird-internal functions to access the keyservers.
• Full support for keys.openpgp.org, which is used as default keyserver.
Bugs fixed:
A notable number of defects has been fixed for this release. Please check the list of fixed defects for details.
Changelog:
### GMime 3.2.4
* Replaced calls to g_memmove with memmove.
It seems that the latest versions of glib have deprecated g_memmove
in favor of having developers use libc's memmove() function directly.
This change reduces the number of compiler warnings during the gmime
build process.
* Added a new GMIME_DECRYPT_NO_VERIFY flag that disables signature verification.
For cases where it is not necessary to verify the signatures (or it is known
that there are no signatures), making use of this flag can significantly
improve the performance of decrypting OpenPGP content.
* Modified GMimeParser to not set the OpenPGP state for base64/uuencoded content.
While the GMimeParser is parsing a MIME message (or other MIME entity), it will
normally attempt to identify OpenPGP markers in the content of GMimeParts.
However, when the content is base64 or uu-encoded, the parser is unable to
accurately detect these markers and so in previous versions, it was falsely
claiming that such MIME parts had no OpenPGP content even though it was possible,
after decoding their content, that they did in fact have OpenPGP content.
For more details about this bug, see issue #60.
* Added reporting of RFC 5322 addr-spec syntax violations to the GMimeParserWarning API.
* Fixed a stack underflow error in the uudecode.c sample.
* Improved Vala bindings.
- Use correct symbol prefixes which avoid loads of cname attributes.
- Unhide FilterBest.charset() method which conflicts with charset field.
- Object.write_to_stream conflicts with function pointer with the same name
but with a different signature.
Fixes https://gitlab.gnome.org/GNOME/gmime/issues/2
Fixes https://gitlab.gnome.org/GNOME/gmime/issues/3
kim@ approved and Roland reviewed. Thanks to them!
pkgsrc changes
--------------
* Some cosmetics
* Add missing CSS file
* Change SUBST_SED to patch+SUBST_VARS
Changelog:
fixed Issues with attachments in IMAP messages
fixed Gmail accounts ignored a non-standard trash folder
selection. Note: If non-standard trash folder was selected
previously in the account settings, this setting will now take
effect which may be unexpected.
fixed Entering/pasting lists of recipients into the addressing
widget or mailing list not working reliably, especially when
lists contained multiple commas or semicolons
fixed Edit mailing list not working
fixed Various theme fixes, especially dark theme improvements
for Calendar
fixed Contrast between tag label and background not optimal
fixed Account Central pane always loaded at start-up
fixed "Config Editor" button not removed if blocked by policy
fixed Calendar: Free/busy information in attendees dialog not
scrolled correctly. Note: Scroll arrows still not behaving
correctly.
fixed Various security fixes
#CVE-2019-11755: Spoofing a message author via a crafted S/MIME
message
Disable ntlm plugin. It is not built by default on NetBSD 9.0.
I read the configure output and script and couldn't determine
the problem. This makes the build succeed again, and someone
who is more interested in ntlm support can fix it.
For perspective, last update in 2010 and no upstream available.
Some pkglint cleanup while here.
upstream changes:
-----------------
* Robustness: the tlsproxy(8) daemon could go into a loop, logging a flood of
error messages. Problem reported by Andreas Schulze after enabling SMTP/TLS
connection reuse.
* Workaround: OpenSSL changed an SSL_Shutdown() non-error result value into an
error result value, causing logfile noise.
* Configuration: the new 'TLS fast shutdown' parameter name was implemented
incorrectly. The documentation said "tls_fast_shutdown_enable", but the code
said "tls_fast_shutdown". This was fixed by changing the code, because no-one
is expected to override the default.
* Performance: workaround for poor TCP loopback performance on LINUX, where
getsockopt(..., TCP_MAXSEG, ...) reports a bogus TCP maximal segment size that
is 1/2 to 1/3 of the real MSS. To avoid client-side Nagle delays or
server-side delayed ACKs caused by multiple smaller-than-MSS writes, Postfix
chooses a VSTREAM buffer size that is a small multiple of the reported bogus
MSS. This workaround increases the multiplier from 2x to 4x.
* Robustness: the Postfix Dovecot client could segfault (null pointer read) or
cause an SMTP server assertion to fail when talking to a fake Dovecot server.
The Postfix Dovecot client now logs a proper error instead. Problem reported
by Tim Düsterhus.
Mozilla Thunderbird is a redesign of the Mozilla mail component. The
goal is to produce a cross platform stand alone mail application using
the XUL user interface language. This version uses the gtk2 toolkit.
This package provides Thunderbird 60 ESR.
Changelog:
new
Offer to configure Exchange accounts for Office365. A third-party add-on is required for this account type. IMAP still exists as alternative.
fixed
Edit tag not working
fixed
Write window: "Insert > Characters and Symbols" not working
fixed
Moving/dragging messages from "Search Messages" result dialog not working
fixed
Command line -compose "attachment=" not working
fixed
Custom views not working
fixed
Issues with list of content types/actions for incoming attachments
fixed
"Learn More" links in Error Console not working
fixed
Visual glitches: Quick Filter Bar tag buttons too tall, missing scroll
bar on Connection Setting subdialog, LDAP server selection after "New",
"Edit" and "Delete"
fixed
Calendar: Parts of CalDAV dialog not working
fixed
Various security fixes
Security fixes:
CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
From release notes:
This version resolves the following CVEs:
* CVE-2017-9470
* CVE-2017-9471
* CVE-2017-9474
* CVE-2017-9058
* CVE-2017-12142
* CVE-2017-12141
* CVE-2017-12144
* Catch and warn for invalid Content-Types
* Add a manually extracted list of config options to r2e.1
* Add a redirect post-process module
* Follow symlinks of datafiles
* Add zsh completion
* Add support for maildir
* Fix `r2e new` overwriting an existing config
* Add new `feed-name` and `feed-url` attributes for the `name-format` setting
* Change logging format
* Allow multiple SMTP recipients
* Fix SMTP security issues
* Fix test suite
* Drop support for Python 3.2 and 3.3
* Remove `__contributors__` from the `rss2email` module
* Stop using deprecated `html2text.unescape`
* Fix locking issues when data file is on NFS
* Add `same-server-fetch-interval` setting for rate-limiting fetches to a server
* Update setup.py to setuptools
pkgsrc changes: simplify GITHUB_*, from leot@.
Requested in joyent/pkgsrc#214. We can't yet upgrade to postgrey 1.37 as there
is no working distribution patch for the postgrey-targrey option, hence the
backport rather than upgrade. Bump PKGREVISION.
1.2.0:
+ Added ability to include DMARC policy in DMARC results
* Updated references for new RFCs, ARC no longer experimental
* Converted http references to https
