Commit graph

10632 commits

Author SHA1 Message Date
rillig
23230f9bb0 mail/dspam: remove unknown configure option 2020-05-23 12:33:22 +00:00
rillig
5d0f8dce0b mail/offlineimap: clean up REPLACE_PYTHON 2020-05-22 21:35:03 +00:00
rillig
0b6e08ab4e mail/turba: clean up and sort REPLACE_FILES 2020-05-22 21:28:52 +00:00
rillig
b935597127 erlang, amavisd, policyd: remove redundant replace-interpreter
Since do-configure-pre-hook already depends on replace-interpreter, there
is no point in making any other stage depend on that as well.  At best,
it has no effect.  At worst it creates a hard-to-find difference between
builds that run "bmake install" directly and builds that split the build
into "bmake configure && bmake build && bmake install", as bulk builds
do.
2020-05-22 18:12:15 +00:00
adam
d62c903eea revbump after updating security/nettle 2020-05-22 10:55:42 +00:00
taca
70e54393f8 Remove RUBY_VERSIONS_INCOMPATIBLE for ruby24. 2020-05-21 16:04:21 +00:00
nia
400c33f713 balsa: Update to 2.6.1
* Balsa-2.6.1 release. Release date 2020-05-10

- fix server identity verification.
2020-05-21 14:19:46 +00:00
mef
53a7211e97 (mail/courier-imap) Remove (one more) no-op files from SUBST block 2020-05-21 13:31:59 +00:00
nia
a21cbc4ac0 libetpan: Missing tools 2020-05-21 10:07:03 +00:00
rillig
a792ed8547 mail/amavisd-milter: remove unknown configure options 2020-05-21 07:08:07 +00:00
rillig
6f1e42a9f9 mail/elm-me: document harmless array[char] 2020-05-21 00:00:46 +00:00
rillig
4f4f64fdce mark packages that fail with -Werror=char-subscripts
These packages are susceptible to bugs when confronted with non-ASCII
characters.

See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94182.

It takes some time to analyze and fix these individually, therefore they
are only marked as "needs work".
2020-05-20 06:09:03 +00:00
schmonz
cb05441605 Explicitly ulimit qmailsend. Bump PKGREVISION. 2020-05-19 19:45:58 +00:00
taca
e84ef99d3b mail/ruby-actionmailbox60: update to 6.0.3.1
Update ruby-actionmailbox60 to 6.0.3.1.


## Rails 6.0.3.1 (May 18, 2020) ##

*   No changes.
2020-05-19 17:14:41 +00:00
taca
a2820074c4 mail/ruby-actionmailer60: update to 6.0.3.1
Update ruby-actionmailer60 to 6.0.3.1.


## Rails 6.0.3.1 (May 18, 2020) ##

*   No changes.
2020-05-19 17:14:04 +00:00
taca
9350f96fbf mail/ruby-actionmailer52: update to 5.2.4.3
Update ruby-actionmailer52 to 5.2.4.3.


## Rails 5.2.4.3 (May 18, 2020) ##

*   No changes.
2020-05-19 15:39:54 +00:00
nia
4bb58570a7 Recursive revbump for json-c-0.14 2020-05-19 12:09:07 +00:00
nia
2fb1082126 libetpan: Resolve pkgconfig mess 2020-05-19 10:13:49 +00:00
nia
89ba46269b libetpan: Update to 1.9.4
Changes:

- Bugfixes on QUOTA
- Various warning fixes & build fixes
- Added IMAP CLIENTID / SMTP CLIENTID support
- Use Cyrus SASL 2.1.27
- Support of TLS SNI
- LMDB for cache DB
- Fixed build with recent versions of curl
2020-05-19 09:57:05 +00:00
triaxx
4b60e2905a postfix: update to 3.5.2
upstream changes:
-----------------
 Postfix versions 3.5.2, 3.4.12, 3.2.10, 3.2.15:
  * A TLS error for a database client caused a false 'lost connection' error for an SMTP over TLS session in the same Postfix process. Reported by Alexander Vasarab, diagnosed by Viktor Dukhovni. This bug was introduced with Postfix 2.2.
  * The same bug existed in the tlsproxy(8) daemon, where a TLS error for one TLS session could cause a false 'lost connection' error for a concurrent TLS session in the same process. This bug was introduced with Postfix 2.8.
  * The Postfix build now disables DANE support on Linux systems with libc-musl, because libc-musl provides no indication whether DNS responses are authentic. This broke DANE support without a clear explanation.
  * Due to implementation changes in the ICU library, some Postfix daemons reported file access errrors (U_FILE_ACCESS_ERROR) after chroot(). This was fixed by initializing the ICU library before making the chroot() call.
  * Minor code changes to silence a compiler that special-cases string literals.

Postfix 3.5.2, 3.4.12:
  * Segfault in the tlsproxy(8) client role when the server role was disabled. This typically happened on systems that do not receive mail, after configuring connection reuse for outbound SMTP over TLS.
  * The date portion of the maillog_file_rotate_suffix default value used the minute (%M) instead of the month (%m). Reported by Larry Stone.
2020-05-18 14:21:53 +00:00
taca
c6d08e3b4c mail/dovecot2: update to 2.3.10.1
Update dovecot2 to 2.3.10.1.


v2.3.10.1  2020-05-18  Aki Tuomi <aki.tuomi@open-xchange.com>

- CVE-2020-10957: lmtp/submission: A client can crash the server by
  sending a NOOP command with an invalid string parameter. This occurs
  particularly for a parameter that doesn't start with a double quote.
  This applies to all SMTP services, including submission-login, which
  makes it possible to crash the submission service without
  authentication.
- CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
  commands can cause the server to access freed memory, which can lead
  to a server crash. This happens when the server closes the connection
  with a "421 Too many invalid commands" error. The bad command limit
  depends on the service (lmtp or submission) and varies between 10 to
  20 bad commands.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.
2020-05-18 14:20:46 +00:00
nia
e9c45b26c5 rspamd: Update to 2.5
from GitHub user @sjorge + extra patch from me

Closes NetBSD/pkgsrc#60

2.5: 01 Apr 2020
  * [Conf] Mark Rspamd emailbl as ignore whitelist
  * [Conf] RBL: Add missing emails = true option
  * [Feature] Add support for scripts in fuzzy storage
  * [Feature] Arc: Add whitelisted_signers_map option
  * [Feature] Implement hosts file processing
  * [Feature] Neural: Introduce classes bias that allows non-equal classes learning
  * [Feature] Update libev to 4.33
  * [Fix] Another brain damage html standard adoptions
  * [Fix] Another fix for brain damaged obs-fws state
  * [Fix] Fix flags that caused force_actions failure
  * [Fix] Fix logging issue
  * [Fix] Fix lua symbols scores registration when config does not define scores
  * [Fix] Fix opaque maps logic
  * [Fix] Fix parsing of the html tags with no spaces after attributes
  * [Fix] Fix some corner cases in urls parsing, add limits
  * [Fix] Fix tlds extraction if custom composition rules are used
  * [Fix] Fix variables replacement in mempool
  * [Fix] Improve base64 detection
  * [Fix] Normalize dynamic scores in ANN correctly
  * [Fix] Plug memory leak introduced by #3153
  * [Fix] Stat_redis_backend: Fix memory leak and simplify learn path
  * [Fix] Try hard to deal with ghost workers
  * [Fix] metadata_exporter default formatter
  * [Rework] Change the way to extract URLs when dealing with alternative parts
  * [Rework] Fix various url extraction issues
  * [Rework] Re cache: Load compiled hyperscan in the main process as well
  * [Rework] Re cache: Load hyperscan early
  * [Rework] Rework URL structure: adjust tld part
  * [Rework] Rework URL structure: host field
  * [Rework] Rework URL structure: more structure optimisations
  * [Rework] Rework URL structure: user field
  * [Rework] URL: Another update for urls extraction logic
  * [Rework] Urls: Improve query urls handling
  * [Rework] Urls: adopt html related stuff
  * [Rework] Urls: more rework of the urls sets
  * [Rework] Urls: process query urls in HTML urls correctly
  * [Rework] Urls: rework urls hash structure
  * [Rework] Urls: update lua libraries
  * [Rework] Use multiple search tries for different url extraction types

2.4: 26 Feb 2020
  * [CritFix] Fix parsing of the content type attributes
  * [Feature] Clickhouse: Add extra columns support
  * [Feature] Rbl: Add url_compose_map option for RBL rules
  * [Fix] 'R' flag is for all headers regexp
  * [Fix] Allow to reset settings id from Lua (e.g. because of the priority)
  * [Fix] Avoid collisions in mempool variables by changing fuzzy caching logic
  * [Fix] Avoid strdup usage for symbols options
  * [Fix] Do not trust stat(2) it lies
  * [Fix] Filter all options for symbols to have sane characters
  * [Fix] Fix all headers iteration
  * [Fix] Fix allowed_settings for neural
  * [Fix] Fix listen socket parsing
  * [Fix] Fix maps expressions evaluation
  * [Fix] Fix sentinel connections leak by using async connections
  * [Fix] Fix smtp message on passthrough result
  * [Fix] Fix tld compositon rules
  * [Fix] Fuzzy_storage: Do not check for shingles if a direct hash has been found
  * [Fix] Lua_mime: Do not perform QP encoding for 7bit parts
  * [Fix] Neural: Distinguish missing symbols from symbols with low scores
  * [Fix] Support listening on systemd sockets by name
  * [Project] Add lua_urls_compose library
  * [Project] Allow to set a custom log function to the logger
  * [Project] CDB maps: Start making cdb a first class citizen
  * [Project] Clickhouse: Add extra columns concept
  * [Project] Fix urls composition rules, add unit tests
  * [Project] Unify cdb maps
  * [Rework] Logger infrastructure rework
  * [Rework] Refactor libraries structure
  * [Rework] Rework SSL caching
  * [Rework] Update snowball stemmer to 2.0 and remove all crap aside of UTF8
2020-05-18 11:10:56 +00:00
rillig
65bc3cdedb mail/sendmail: fix build in SUBST_NOOP_OK=no mode 2020-05-16 15:36:24 +00:00
rillig
d8cfc8a1dc mail/qmail-rejectutils: does not have error.h 2020-05-16 15:25:49 +00:00
rillig
6441ed1032 mail/qmail-qfilter: does not have error.h 2020-05-16 15:25:11 +00:00
rillig
4a37597959 mail/qmail-conf: does not have error.h 2020-05-16 15:24:30 +00:00
rillig
4af9282d74 mail/qmail-autoresponder: does not have error.h 2020-05-16 15:23:05 +00:00
rillig
79e4eee03f mail/qmail-acceptutils: does not have error.h 2020-05-16 15:22:20 +00:00
rillig
e0f2e224d8 mail/qconfirm: does not have error.h 2020-05-16 15:21:29 +00:00
rillig
0f4e31d104 mail/policyd-weight: properly escape dot in regular expression
Without this escaping, mk/subst.mk sees that there are no actual changes
with the default setup.  Nevertheless, mk/scripts/subst-identity.awk does
not classify the sed command as an identity transformation because there
_might_ be the text /etc/policyd-weightXconf, and the X would match the
dot.  Therefore, subst.mk aborts the build when it is in SUBST_NOOP_OK=no
mode.
2020-05-16 15:20:35 +00:00
rillig
7e9c003342 mail/mew: clean up SUBST_FILES 2020-05-16 14:54:09 +00:00
rillig
39b0a62e07 mail/mailfront: does not have error.h 2020-05-16 14:51:14 +00:00
rillig
f78f74362c mail/ezmlm-idx: does not have error.h 2020-05-16 14:50:27 +00:00
rillig
5445060bd3 mail/dbmail: clean up SUBST_FILES 2020-05-16 14:48:48 +00:00
rillig
6c8a8322e6 mail/courier-imap: remove no-op files from SUBST block 2020-05-16 14:38:21 +00:00
taca
41303364be mail/ruby-actionmailbox60: update to 6.0.3
Update ruby-actionmailbox60 to 6.0.3.


## Rails 6.0.3 (May 06, 2020) ##

*   Update Mandrill inbound email route to respond appropriately to HEAD requests for URL health checks from Mandrill.

    *Bill Cromie*
2020-05-16 14:20:46 +00:00
taca
70cf92a4dc mail/ruby-actionmailer60: update to 6.0.3
Update ruby-actionmailer60 to 6.0.3.


## Rails 6.0.3 (May 06, 2020) ##

*   No changes.
2020-05-16 14:20:09 +00:00
bsiegert
fb97c426f0 Update alpine to 2.22.
Additions include:

  * Support for XOAUTH2 authentication method in Gmail.
  * PC-Alpine builds with LibreSSL and supports S/MIME.
  * NTLM authentication support with the ntlm library, in Unix systems. Based
    on code provided by Maciej W. Rozycki.
  * Add /tls1_3 flag for servers that support it. Read more information in the
    secure protocols help.
  * To increase user's privacy, remove phone-home code that would prompt users
    to send an email message upon starting Alpine for the first time for
    purposes of counting. Your use of Alpine does not disclose information
    about you or your use of Alpine to the developers of Alpine.
  * New variable encryption-protocol-range that allows users to configure
    versions of the SSL/TLS protocol that Alpine is restricted to try when
    establishing a secure connection SSL/TLS to a remote server. The default
    can be set at compilation time.
  * Add -dict option to PC-Pico, which allows users to choose a dictionary when
    spelling. Sample usage: -dict "en_US, de_DE, fr_FR".
  * Improvements to the configure stage of compilation. Some of these
    contributed by Helmut Grohne. See Bug 876164 in Debian.
  * Add "remove password" command to the management screen for the password
    file encryption key. This allows users to use their password file without
    entering a master password.
  * Add the "g" option to the select command that works in IMAP servers that
    implement the X-GM-EXT-1 capability (such as the one offered by Gmail.)
    This allows users to do selection in Alpine as if they were doing a search
    in the web interface for Gmail.
  * New variable close-connection-timeout, which tells Alpine to close a
    connection that is having problems being kept alive after the number of
    seconds configured in this variable, if the connection has not recovered.
    The default is 0, which means to keep the connection alive and wait for the
    connection to recover.
  * When a message is of type multipart/mixed, and its first part is multipart/
    signed, Alpine will include the text of the original message in a reply
    message, instead of including a multipart attachment. Suggested by Barry
    Landy.
  * S/MIME: Some clients do not transform messages to canonical form when
    signing first and encrypting second, which makes Alpine fail to parse the
    signed data after encryption. Reported by Holger Trapp.
  * Add /auth=XYZ to the way to define a server. This allows users to select
    the method to authenticate to an IMAP, SMTP or POP3 server. Examples are /
    auth=plain, or /auth=gssapi, etc.
  * Add backward search in the index screen. Based on patch by Astyanax Foo,
    submitted in 2009, but resubmitted by Erich Eckner on 2019.
  * SMIME: When Alpine is set to validate a message using the user's store, and
    user agrees to save a certificate of another user, use the saved
    certificate immediately to verify the smime message. Reported by Stefan
    Mueller.
  * Do not use a delay when printing messages to screen when the initial
    keystroke sequence of commands is active. Based on a report from Holger
    Trapp.
  * In PC-Alpine, when the decoded name of an attachment does not agree with
    its encoded name, Alpine will offer to save the file using the UTF8 encoded
    name.

Bugs that have been addressed include:

  * Width of characters is not always determined correctly when wcwidth is
    used. Revert to using code for the Windows operating system. Reported by
    Andrew Ho.
  * The call realpath(..., NULL) gives an error in Solaris, which means that we
    need to allocate memory for storing the resolved path. Reported by Fabian
    Schmidt.
  * Crash when attempting to bounce a message due to lack of space in allocated
    space for key menu array. Reported by David Sewell.
  * Crash when a CA certificate failed to load, and user attempted to view
    certificate information of other certificate authorities.
  * Crash in the S/MIME configuration screen when a user turned off S/MIME, and
    then re-enabled it. Also crash when attempting to enter the S/MIME
    configuration screen if S/MIME was turned off.
  * Deactivate some color code from Pico (as standalone editor in the windows
    version) until I find a way to activate it again. This is not critical and
    it is not something that PC-Pico must have (some of it already exists in
    other ways, like color support, what does not exist is the more complex
    code that Unix-Pico has with color codes for specific colors.)
  * When a message is multipart, and the first part is flowed text, then
    forwarding the message will set the first part to be flowed, and sent that
    way even when the option Do Not Send Flowed Text is enabled. Reported by
    Holger Trapp.
  * When a message/rfc822 part of a message is encoded with
    Content-Transfer-Encoding: QUOTED-PRINTABLE, Alpine will stop processing
    that message. Later this causes Alpine to crash because when it displays
    messages, it assumes that both header and body parts are processed.
    Reported by Mark Crispin in 2010, in the Alpine-info list (message with
    subject "crash bug in alpine/mailpart.c:format_msg_att()") with no example,
    and reported now by Holger Trapp, with an example.
  * In addition to the previous report, Alpine encodes message/rfc822 messages
    as QUOTED-PRINTABLE, in contradiction with RFC 2045, when it receives a
    report that its encoding is 8bit. We preserve the encoding reported by the
    IMAP server, and do not encode in QUOTED-PRINTABLE.
  * Update build.bat file to add /DWINVER=0x0501 so that Alpine can build when
    using Visual Studio 2017. Fix contributed by Ulf-Dietrich Braunmann.
  * When the locale is not set up to UTF-8, alpine might determine the width of
    a character incorrectly. Reported by Alexandre Fedotov.
  * In some rare cases, when attachments are deleted before saving emails, the
    filenames will be displayed in RFC1522 representation, instead of in
    decoded form. Reported and patched by Wang Kang.
  * When colors are edited from the main setup configuration screen, some color
    settings are not updated until Alpine is restarted. Reported by Andrew
    Hill.
  * If the first part of a message is multipart/alternative, and the first part
    of this is also a multipart type, then Alpine might fail to select the
    first text part when replying to a message. Reported by Lucio Chiappetti.
  * TLS 1.2 works does not work if Alpine is compiled with openssl >= 1.1.0.
    Reported and patched by Kyle George.
  * If the directory where Alpine saves the certificates is empty, alpine would
    not create a self-signed certificate to encrypt the password file.
  * S/MIME: The list of public certificates is freed before it is reused when a
    signature fails to verify. This causes Alpine to crash. Patch submitted by
    Linus Torvalds.
  * S/MIME: A message could fail to verify its signature even if the
    certificate was saved when the message was open. Based on a report by David
    Woodhouse to the RedHat bugzilla system.
  * When there are time changes in the clock, Alpine might go to sleep for big
    amounts of time while displaying messages in the screen. Reset sleep time
    to 5 seconds in case it finds it needs to sleep more than 5 seconds or a
    negative amount of time.
  * Restore recognition of empty directories. It was deleted by mistake when
    added support for internationalization in folders. Based on a report by
    Michael Rutter.
  * Alpine stops parsing the mailcap file when it finds an invalid entry.
    Reported by Matt Roberds to the Debian bug system at https://
    bugs.debian.org/cgi-bin/bugreport.cgi?bug=886370.
  * Crash with error "Lock when already locked" when an attempt to check for
    new mail on a locked stream that is being used for a save operation.
    Reported by Carlos E.R.
  * Alpine removes trailing spaces from passwords, making a longin attempt
    fail. Reported by R. Lyons.
  * Alpine crashes when opening a remote imap folder and computing scores.
    Reported by Paul DeStefano.
  * When more than one server was given in the server-name configuration option
    of rldap servers, none of them worked. Reported by Robert Wolf.
2020-05-15 17:25:11 +00:00
nia
7de0426c9e mailman: HOMEPAGE is https 2020-05-15 09:42:43 +00:00
nia
0ab0b6cfaa mailman: Update to 2.1.33
From jcea via pkgsrc-wip

2.1.33 (07-May-2020)

  Security

    - A content injection vulnerability via the private login page has been
      fixed.  (LP: #1877379)

2.1.32 (05-May-2020)

  i18n

    Fixed a typo in the Spanish translation and uptated mailman.pot and
    the message catalog for 2.1.31 security fix.

2.1.31 (05-May-2020)

  Security

    - A content injection vulnerability via the options login page has been
      discovered and reported by Vishal Singh. This is fixed.  (LP: #1873722)

  i18n

    - The Spanish translation has been updated by Omar Walid Llorente.

  Bug Fixes and other patches

    - Bounce recognition for a non-compliant Yahoo format is added.

    - Archiving workaround for non-ascii in string.lowercase in some Python
      packages is added.

2.1.30 (13-Apr-2020)

  New Features

    - Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses
      list setting that can be used to apply dmarc_moderation_action to mail
      From: addresses listed or matching listed regexps.  This can be used
      to modify mail to addresses that don't accept external mail From:
      themselves.

    - There is a new MAX_LISTNAME_LENGTH setting.  The fix for LP: #1780874
      obtains a list of the names of all the all the lists in the installation
      in order to determine the maximum length of a legitimate list name.  It
      does this on every web access and on sites with a very large number of
      lists, this can have performance implications.  See the description in
      Defaults.py for more information.

    - Thanks to Ralf Jung there is now the ability to add text based captchas
      (aka textchas) to the listinfo subscribe form.  See the documentation
      for the new CAPTCHA setting in Defaults.py for how to enable this.  Also
      note that if you have custom listinfo.html templates, you will have to
      add a <mm-captcha-ui> tag to those templates to make this work.  This
      feature can be used in combination with or instead of the Google
      reCAPTCHA feature added in 2.1.26.

    - Thanks to Ralf Hildebrandt the web admin Membership Management section
      now has a feature to sync the list's membership with a list of email
      addresses as with the bin/sync_members command.

    - There is a new drop_cc list attribute set from DEFAULT_DROP_CC.  This
      controls the dropping of addresses from the Cc: header in delivered
      messages by the duplicate avoidance process.  (LP: #1845751)

    - There is a new REFUSE_SECOND_PENDING mm_cfg.py setting that will cause
      a second request to subscribe to a list when there is already a pending
      confirmation for that user.  This can be set to Yes to prevent
      mailbombing of a third party by repeatedly posting the subscribe form.
      (LP: #1859104)

  i18n

    - The Japanese translation has been updated by Yasuhito FUTATSUKI.

    - The German translation has been updated by Ludwig Reiter.

    - The Spanish translation has been updated by Omar Walid Llorente.

    - The Brazilian Portugese translation has been updated by Emerson de Mello.

  Bug Fixes and other patches

    - Fixed the confirm CGI to catch a rare TypeError on simultaneous
      confirmations of the same token.  (LP: #1785854)

    - Scrubbed application/octet-stream MIME parts will now be given a
      .bin extension instead of .obj.

    - Added bounce recognition for a non-compliant opensmtpd DSN with
      Action: error.  (LP: #1805137)

    - Corrected and augmented some security log messages.  (LP: #1810098)

    - Implemented use of QRUNNER_SLEEP_TIME for bin/qrunner --runner=All.
      (LP: #1818205)

    - Leading/trailing spaces in provided email addresses for login to private
      archives and the user options page are now ignored.  (LP: #1818872)

    - Fixed the spelling of the --no-restart option for mailmanctl.

    - Fixed an issue where certain combinations of charset and invalid
      characters in a list's description could produce a List-ID header
      without angle brackets.  (LP: #1831321)

    - With the Postfix MTA and virtual domains, mappings for the site list
      -bounces and -request addresses in each virtual domain are now added
      to data/virtual-mailman (-owner was done in 2.1.24).  (LP: #1831777)

    - The paths.py module now extends sys.path with the result of
      site.getsitepackages() if available.  (LP: #1838866)

    - A bug causing a UnicodeDecodeError in preparing to send the confirmation
      request message to a new subscriber has been fixed.  (LP: #1851442)

    - The SimpleMatch heuristic bounce recognizer has been improved to not
      return most invalid email addresses.  (LP: #1859011)
2020-05-15 09:40:46 +00:00
nia
7ae7409c9a Remove old cyrus-imapds that no longer build with pkgsrc OpenSSL 2020-05-14 16:58:41 +00:00
nia
4a748ecdc0 thunderbird: Sync DESCR with reality.
Thunderbird is no longer Mozilla-branded. It no longer uses gtk2.

Future versions of Thunderbird will not have ESR releases because
every Thunderbird release is now an ESR release.
2020-05-14 14:12:46 +00:00
ryoon
15b13ab31c thunderbird-l10n: Update to 68.8.0
Sync with mail/thunderbird-68.8.0.
2020-05-14 12:15:40 +00:00
ryoon
7b6a9643a6 thunderbird: Update to 68.8.0
Changelog:
Fixes
Account Manager: text fields were too small in some cases
Account Manager: Authentication method did not update when selecting an SMTP server
Links with embedded credentials did not open on Windows
Messages were sometimes sent with a badly formed address when filled from the address book
Accessibility: Screen readers were reporting too many activities from the status bar
MailExtensions: Setting IMAP messages as read with browser.messages.updated failed to persist
Various security fixes

Security fixes:
#CVE-2020-12397: Sender Email Address Spoofing using encoded Unicode characters
#CVE-2020-12387: Use-after-free during worker shutdown
#CVE-2020-6831: Buffer overflow in SCTP chunk input validation
#CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
#CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2020-12395: Memory safety bugs fixed in Thunderbird 68.8.0
2020-05-14 12:14:39 +00:00
rillig
50c76e61f4 mail/mailfront: fix PKG_SUGGESTED_OPTIONS
The package-specific options.mk is included by djbware.mk and must
therefore not be included by the package Makefile itself.  This fixes the
PKG_SUPPORTED_OPTIONS displayed by show-options.

Found by making the package-settable variables in mk/bsd.options.mk
read-only.
2020-05-10 07:10:39 +00:00
leot
8dabfac93a msmtp: Update to 1.8.10
Changes:
1.8.10
------
- The msmtpq script was fixed (it was accidently broken in 1.8.8)
  [that was partially fixed in 1.8.9, that was omitted in the release notes]
- Updated translations.
- New serbian translation is included.

1.8.8
-----
- Added a new socket command and --socket option to connect via local sockets.
- Added a new tls_host_override command and --tls-host-override option to
  override the host name used for TLS verification.
- Added a new set_from_header command and --set-from-header option with three
  settings:
  - on: always set a From header, possibly replacing an existing one
  - off: never set a From header
  - auto: add a From header if there is none (this is the default).
  This replaces the add_missing_from_header option (which remains supported).
- Added a new set_date_header command and --set-date-header option with two
  settings:
  - off: never set a Date header
  - auto: add a Date header if there is none (this is the default).
  This replaces the add_missing_date_header option (which remains supported).
- Fixed the handling of empty From headers with --read-recipients/-t.
- Fixed the source_ip command for proxies.
2020-05-09 11:08:25 +00:00
adam
7d4b705c63 revbump after boost update 2020-05-06 14:04:05 +00:00
rillig
a7d5059b64 mail/up-imappproxy: remove obsolete patch, fix directories in README 2020-05-02 19:16:15 +00:00
rillig
ba4d1eb643 mail/qmail: doesn't need the errno hack anymore
notqmail-1.07 correctly includes <errno.h> instead of declaring errno as
a process-global variable.
2020-05-02 10:47:38 +00:00
mef
2555fd1ae9 (mail/up-imappproxy) fix patch-remove-unused-variables instead SUBST 2020-05-02 00:38:10 +00:00