Changelog:
0.6.75 2020-03-22 Markus Schnalke - fix from Debian for vcard version format.
0.6.74 2020-01-12 Paul Wise - many changes for Debian.
0.6.73 2019-07-25 Tim Dufrane - fix segfault in pst_close()
* 3.17.5
--------
* Inline Git patches now have colour syntax highlighting
The colours of these, and patch attachments, are configurable on
the 'Other' tab of the Display/Colors page of the general
preferences.
* The previously hidden preference, 'summary_from_show', is now
configurable within the UI, on the 'Message List' tab of the
Display/Summaries page of the general preferences, 'Displayed in
From column [ ]'.
* 'Re-edit' has been added to the message context menu when in the
Drafts folder.
* Additional Date header formats are supported:
- weekday, month, day, hh, mm, ss, year, zone
- weekday, month, day, hh, mm, ss, year
* LiteHtml viewer plugin: scrolling with the keyboard has been
implemented.
* The included tools/scripts have been updated:
o eud2gc.py converted to Python 3
o tbird2claws.py converted to Python 3
o tbird2claws.py converted to Python 3
o google_search.pl has been replaced with ddg_search.pl (that is,
duckduckgo.com instead of google.com)
o fix_date.sh and its documentation have been updated
o multiwebsearch.pl 'fm' (freshmeat.net) has been removed; 'google'
has been replaced by 'ddg'
o the outdated OOo2claws-mail.pl script has been removed
* Updated manuals
* Updated translations: British English, Catalan, Czech, Danish,
Dutch, French, German, Russian, Slovak, Spanish, Swedish,
Traditional Chinese, Turkish
* bug fixes:
o bug 2131, 'Focus stealing after mail check' [improved fix]
o bug 4237, '403 is Forbidden not Unauthorized'
o bug 4239, 'Preferences: Text Options Header Display modal
is not modal' [sic]
o bug 4248, 'Sup[p]ort C99 compilers in m4/spamassassin.m4'
o bug 4253, 'Claws metadata included in MBOX exports'
o bug 4257, 'claws-mail 3.17.4 breaks copy-pasting from
emacs-gtk3'
o bug 4277, 'INBOX being "read" automatically - being marked
as read before being selected' [sic]
o bug 4278, 'Mark all as read/unread does not belong to the
message context menu'
o bug 4305, 'goto folder UI confusing'
o Fix crash in litehtml_viewer when <base> tag has no href
o removed "The following file has been attached..." dialogue
o MBOX import: give a better estimation of the time left and
grey out widgets while importing
o Fixed "vcard.c:238:2: warning: ‘strncpy’ output truncated
before terminating nul copying as many bytes from a string
as its length"
o RSSyl: Fix handling deleted feed items where modified and
published dates do not match
o fix bolding of target folder
o when creating a new account, don't pre-fill data from the
default account
o respect 'default selection' settings when moving a msg with
manual filtering
o Fix printing of empty pages when the selected part is
rendered with a plugin not implementing print
o Addressbook folder selection dialogs: make sure folder list
is sorted and apply global prefs to get stripes in lists.
o when user cancels the GPG signing passphrase dialogue,
don't bother the user with an "error" dialogue
o Fix imap keyword search. Libetpan assumes keyword search is
a MUST but RFC states it is a MAY. Fix advanced search on
MS Exchange
o fix SHIFT+SPACE in msg list, moving in reverse
o revert pasting images as attachments
o Fix help about command-line arguments that require a
parameter.
o Printing: only print as plain text if the part is of type
text
o fix a segfault with default info icon when trying to print
a non-text part.
Not only cleaner, but also fixes a build issue seen on macOS likely related to
variable definition ordering, where GPG was not set correctly and ended up
trying to use a non-existent "gpg" command. This change has the added benefit
of using the full path to the gpg binary instead of relying on PATH.
This is a micro update (actually 2) with security fixes, and is
trivial except for hand-applying some patch hunks that have textual
but not semantic conflicts.
The upstream announcement hints at minor new features and a new
plugin, but does not explain. (There is no NEWS file.)
version 2.21: Tue 21 May 16:26:30 CEST 2019
Fixes:
- fix metadata [Mohammad S Anwar]
Improvements:
- add more to the README
- add Mail::Mailer option StartSSL for smtp backend
rt.cpan.org#125871 [Guilhem Moulin]
- deprecate Mail::Mailer backend smtps
- document need for escaping docs for Mail::Send
rt.cpan.org#129627 [Jonathan Kamens]
- document limit on parameters for Mail::Send::new()
rt.cpan.org#129633 [Sven Neuhaus]
### GMime 3.2.7
* Added some configure logic to auto-detect the system shift-jis charset alias. (issue #81)
* Fixed tests/Makefile.am to exit with a non-negative value (issue #82)
* Fixed logic to skip expired or revoked gpg subkeys when looking for the correct subkey to
use for signing or encrypting. (issue #88)
* Fixed a regression introduced into 3.2.6 as part of the header parsder rewrite that lost
the ability to warn about invalid headers for non-toplevel MIME parts. (issue #89)
* Fixed S/MIME to always set GPGME_KEYLIST_MODE_VALIDATE when looking up certificates
as this is needed in order to correctly populate the GMimeCertificates (issue #90)
2020-03-20 Richard Russon <rich@flatcap.org>
* Bug Fixes
- Fix COLUMNS env var
- Fix sync after delete
- Fix crash in notmuch
- Fix sidebar indent
- Fix emptying trash
- Fix command line sending
- Fix reading large address lists
- Resolve symlinks only when necessary
* Translations
- 100% Lithuanian
- 96% Spanish
* Docs
- Include OpenSSL/LibreSSL/GnuTLS version in neomutt -v output
- Fix case of GPGME and SQLite
* Build
- Create libcompress (lz4, zlib, zstd)
- Create libhistory
- Create libbcache
- Move zstrm to libconn
* Code
- Add more test coverage
- Rename magic to type
- Use mutt_file_fopen() on config variables
- Change commands to use intptr_t for data
Add ruby-actionmailer60 package version 6.0.2.2.
Action Mailer is a framework for designing email-service layers. These layers
are used to consolidate code for sending out forgotten passwords, welcome
wishes on signup, invoices for billing, and any other use case that requires
a written notification to either a person or another system.
Action Mailer is in essence a wrapper around Action Controller and the
Mail gem. It provides a way to make emails using templates in the same
way that Action Controller renders views using templates.
Additionally, an Action Mailer class can be used to process incoming email,
such as allowing a weblog to accept new posts from an email (which could even
have been sent from a phone).
This is for Ruby on Rails 6.0.
Add ruby-actionmailbox60 package version 6.0.2.2.
Action Mailbox
Action Mailbox routes incoming emails to controller-like mailboxes for
processing in Rails. It ships with ingresses for Mailgun, Mandrill, Postmark,
and SendGrid. You can also handle inbound mails directly via the built-in
Exim, Postfix, and Qmail ingresses.
The inbound emails are turned into `InboundEmail` records using Active Record
and feature lifecycle tracking, storage of the original email on cloud storage
via Active Storage, and responsible data handling with on-by-default
incineration.
These inbound emails are routed asynchronously using Active Job to one or
several dedicated mailboxes, which are capable of interacting directly with
the rest of your domain model.
You can read more about Action Mailbox in the [Action Mailbox
Basics](https://edgeguides.rubyonrails.org/action_mailbox_basics.html) guide.
This is for Ruby on Rails 6.0.
Update pear-Mail_Mime to 1.10.7.
1.10.7 (2020-03-01 02:55 UTC)
Changelog:
* Fix invalid Content-Type for messages with only html part and inline
images [alec]
v2.3.10
* Disable retpoline migitations by default. These can cause severe
performance regressions, so they should be only enabled when
applicable.
* IMAP MOVE now commits transactions in batches of 1000 mails. This
helps especially with lazy_expunge when moving a lot of mails. It
mainly avoids situations where multiple IMAP sessions are running the
same MOVE command and duplicating the mails in the lazy_expunge folder.
With this change there can still be some duplication, but the MOVE
always progresses forward. Also if the MOVE fails at some point, the
changes up to the last 1000 mails are still committed instead of
rolled back. Note that the COPY command behavior hasn't changed,
because it is required by IMAP standard to be an atomic operation.
* IMAP EXPUNGE and CLOSE now expunges mails in batches of 1000 mails.
This helps especially with lazy_expunge when expunging a lot of mails
(e.g. millions) to make sure that the progress always moves forward
even if the process is killed.
* Autoexpunging now expunges mails in batches of 1000 mails. This helps
especially with lazy_expunge when expunging a lot of mails
(e.g. millions) to make sure that the progress always moves forward
even if the process is killed.
+ Add tool for generating sysreport called dovecot-sysreport.
This generates a bundle of information usually needed for support
requests.
+ Add support for the new IMAP \Important SPECIAL-USE flag (RFC 8457).
+ Add metric { group_by } setting. This allows automatically creating
new metrics based on the fields you want to group statistics by.
NOTE: This feature is considered experimental and syntax is subject
to change in future release.
+ auth: Support SCRAM-SHA-256 authentication mechanism.
+ imap: Support the new IMAP STATUS=SIZE extension.
+ Use TCP_QUICKACK to reduce latency for some TCP connections.
+ quota-status: Made the service more robust against erroneous use with
Postfix ACL policies other than smtpd_recipient_restrictions.
+ Add "revision" field support to imap_id_send setting. Using
"revision *" will send in IMAP ID command response the short commit
hash of the Dovecot git source tree HEAD (same as in dovecot --version).
+ IMAP ENVELOPE includes now all addresses when there are multiple
headers (From, To, Cc, etc.) The standard way of having multiple
addresses is to just list them all in a single header. It's
non-standard to have multiple headers. However, since MTAs allow these
mails to pass through and different software may handle them in
different ways, it's better from security point of view to show all
the addresses.
+ Event filters now support using "field_name=" to match a field that
doesn't exist or has an empty value. For example use "error=" to match
only events that didn't fail.
- acl: INBOX ACLs shouldn't apply for IMAP GETMETADATA/SETMETADATA
commands.
- cassandra: CASS_ERROR_SERVER_WRITE_FAILURE error should also be
treated as "uncertain write failure".
- dict-redis: Using quota_clone configured with dict-redis could have
crashed when Redis responded slowly.
- imap-hibernate: Communication trouble with imap-master leads to
segfault.
- imap-hibernate: Unhibernation retrying wasn't working.
- imap: Fixed auth lookup privilege problem when imap process was reused
and user was being un-hibernated.
- Fix potential crash when copying/moving mails within the same folder.
This happened only when there were a lot of fields in dovecot.index.cache.
- lib-index: Recreating dovecot.index.cache file could have crashed when
merging bitmask fields.
- lib-index: Using public/shared folders with INDEXPVT configured to use
private \Seen flags, trying to search seen/unseen in an empty folder
crashes with segfault.
- lib-mail: Large base64-encoded mails weren't decoded properly.
This could have affected searching/indexing mails and message snippet
generation.
- lib-mail: Message with only quoted text could have caused message
snippet to ignore its 200 character limit and return the entire
message. This was added also to dovecot.index.cache file, which
increased disk space and memory usage unnecessarily.
v2.3.9.2 regression (previous versions cached the quoted snippet as
empty). In a large mail quoted text could have become wrongly added
to the snippet, possibly mixed together with non-quoted text.
- lib-smtp: client could have assert-crashed if STARTTLS handshake
finished earlier than usually.
- lib-ssl-iostream: remove -static flag for lib-ssl-iostream linking to
prevent a compile issue.
- lib-storage: Mailbox synchronization may have assert-crashed in some
rare situations.
- lib-storage: mdbox didn't preserve date.saved with dsync.
- lib: Don't require EAI_{ADDRFAMILY,NODATA}, breaks FreeBSD
- master: Some services could respawn unthrottled if they crash during
startup.
- push-notification: Do not send push_notification_finished event if
nothing was done. This happens when mail transaction is started and
ended with no changes.
- quota-status: Addresses with special characters in the local part caused
problems in the interaction between Postfix and Dovecot. Postfix sent
its own internal representation in the recipient field, while Dovecot
expected a valid RFC5321 mailbox address.
- submission-login: SESSION was not correctly encoded field for the
XCLIENT command. Particularly, a '+' character introduced by the
session ID's Base64 encoding causes problems.
- submission: Fix submission_max_mail_size to work correctly on 32-bit
systems.
- submission: Trusted connections crashed in second connection's EHLO
if submission-login { service_count } is something else than 1 (which
is the default).
- submission: XCLIENT command was never used in the protocol exchange
with the relay MTA when submission_backend_capabilities is configured,
even when the relay MTA was properly configured to accept the XCLIENT
command.
2020-03-13 Richard Russon <rich@flatcap.org>
* Features
- UI: add number of old messages to sidebar_format
- UI: support ISO 8601 calendar date
- UI: fix commands that don’t need to have a non-empty mailbox to be valid
- PGP: inform about successful decryption of inline PGP messages
- PGP: try to infer the signing key from the From address
- PGP: enable GPGMe by default
- Notmuch: use query as name for vfolder-from-query
- IMAP: add network traffic compression (COMPRESS=DEFLATE, RFC4978)
- Header cache: add support for generic header cache compression
* Bug Fixes
- Fix uncollapse_jump
- Only try to perform entire-thread on maildir/mh mailboxes
- Fix crash in pager
- Avoid logging single new lines at the end of header fields
- Fix listing mailboxes
- Do not recurse a non-threaded message
- Fix initial window order
- Fix leaks on IMAP error paths
- Notmuch: compose(attach-message): support notmuch backend
- Fix IMAP flag comparison code
- Fix $move for IMAP mailboxes
- Maildir: maildir_mbox_check_stats should only update mailbox stats if requested
- Fix unmailboxes for virtual mailboxes
- Maildir: sanitize filename before hashing
- OAuth: if 'login' name isn't available use 'user'
- Add error message on failed encryption
- Fix a bunch of crashes
- Force C locale for email date
- Abort if run without a terminal
* Changed Config
- `$crypt_use_gpgme` - Now defaults to 'yes' (enabled)
- `$abort_backspace` - Hitting backspace against an empty prompt aborts the prompt
- `$abort_key` - String representation of key to abort prompts
- `$arrow_string` - Use an custom string for arrow_cursor
- `$crypt_opportunistic_encrypt_strong_keys` - Enable encryption only when strong a key is available
- `$header_cache_compress_dictionary` - Filepath to dictionary for zstd compression
- `$header_cache_compress_level` - Level of compression for method
- `$header_cache_compress_method` - Enable generic hcache database compression
- `$imap_deflate` - Compress network traffic
- `$smtp_user` - Username for the SMTP server
* Translations
- 100% Lithuanian
- 81% Spanish
- 78% Russian
* Build
- Add libdebug
- Rename public headers to lib.h
- Create libcompress for compressed folders code
- Enable Cirrus CI for FreeBSD
* Code
- Refactor Windows and Dialogs
- Lots of code tidying
- Refactor: mutt_addrlist\_{search,write}
- Lots of improvements to the Config code
- Use Buffers more pervasively
- Unify API function naming
- Rename library shared headers
- Refactor libconn gui dependencies
- Refactor: init.[ch]
- Refactor config to use subsets
- Config: add path type
- Remove backend deps from the connection code
* Upstream
- Allow ~b ~B ~h patterns in send2-hook
- Rename smime oppenc mode parameter to get_keys_by_addr()
- Add $crypt_opportunistic_encrypt_strong_keys config var
- Fix crash when polling a closed ssl connection
- Turn off auto-clear outside of autocrypt initialization
- Add protected-headers="v1" to Content-Type when protecting headers
- Fix segv in IMAP postponed menu caused by reopen_allow
- Adding ISO 8601 calendar date
- Fix $fcc_attach to not prompt in batch mode
- Convert remaining mutt_encode_path() call to use struct Buffer
- Fix rendering of replacement_char when Charset_is_utf8
- Update to latest acutest.h
CVhangelog:
68.6.0
new
Thunderbird now displays a popup window when starting up on a new
profile
changed
Thunderbird now provides partial updates resulting in smaller
downloads
fixed
Searching in message bodies led to false negatives under some
circumstances in quoted-printable encoded HTML bodies
"Get New Messages for All Accounts" not working for OAuth2-authenticated
IMAP accounts
Various security fixes
#CVE-2020-6805: Use-after-free when removing data about origins
#CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections against state confusion
#CVE-2020-6807: Use-after-free in cubeb during stream destruction
#CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
#CVE-2020-6812: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission
#CVE-2020-6814: Memory safety bugs fixed in Thunderbird 68.6
68.0.5
new
Support for Client Identity IMAP/SMTP Service Extension
Support for OAuth 2.0 authentication for POP3 accounts
fixed
Status area goes blank during account setup
Calendar: Could not remove color for default categories
Calendar: Prevent calendar component loading multiple times
Calendar: Today pane did not retain width between sessions
Various security fixes
#CVE-2020-6793: Out-of-bounds read when processing certain email messages
#CVE-2020-6794: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords
#CVE-2020-6795: Crash processing S/MIME messages with multiple signatures
#CVE-2020-6797: Extensions granted downloads.open permission could open arbitrary applications on Mac OSX
#CVE-2020-6798: Incorrect parsing of template tag could result in JavaScript injection
#CVE-2020-6792: Message ID calculcation was based on uninitialized data
#CVE-2020-6800: Memory safety bugs fixed in Thunderbird 68.5
