* Lightning cannot be disabled by users in build time.
Remove mozilla-lightning option.
Changelog:
78.2.1
Changes
changed OpenPGP enabled by default
changed OpenPGP: Disabled the use of MD5/SM2/SM3 algorithms
Fixes
fixed OpenPGP: Users with sub-identities were unable to encrypt or sign messages when switching identities
fixed OpenPGP message security window did not support dark mode
78.2.0
Changes
changed OpenPGP Key generation now disabled when there is no default mail account configured
changed OpenPGP: Encrypt saved drafts when OpenPGP is enabled
changed Twitter search removed
changed Calendar: Event summary dialog is now themeable
changed MailExtensions: Some APIs now use defineLazyPreferenceGetter in order to benefit from caching
Fixes
fixed OpenPGP Key Manager search function did not work
fixed OpenPGP Key Properties dialog was sometimes too small
fixed OpenPGP: Encrypted email would not send if address contained uppercase characters
fixed OpenPGP: "Key ID" column could not be resized in Key Manage
fixed OpenPGP: Keys containing invalid UTF-8 strings could not be imported
fixed OpenPGP: Enable automatic signing for encrypted messages in additional scenarios
fixed Many more OpenPGP bug fixes and improvements
fixed IMAP fetch chunk size was always 65536 bytes
fixed IMAP server capabilities were not rechecked after upgrading to SSL/TLS connection
fixed Message Composer: Order of attachments could not be modified using drag & drop
fixed Composing messages with a "fixed width" font did not work
fixed Drag and drop of address book contacts did not work in some situations
fixed Address book migration failed when there was a dot in the file name
fixed Address book: "Always prefer display name over message header" was always checked when editing a contact
fixed Address book performance optimizations
fixed Dialog to add a new mail account from "Account Settings" did not open
fixed "Select All" (Ctrl+A) in message source did not work until focused with a mouse click
fixed Ctrl+scroll wheel not zooming in message reader
fixed Setting/changing a signature from a file lost when closing account settings
fixed Adaptive Junk Mail settings could not be disabled
fixed Message filter dialog fixes: Missing scrollbar, drop-down list not wide enough
fixed Various UX and theme improvements
78.1.1
Changes
changed Building OpenPGP shared library linked to system libraries now supported
changed MailExtension errors now shown in Developer Tools console by default
changed MailExtensions: Dynamic registration of calendar providers now supported
Fixesr
fixed OpenPGP improvements
fixed Message preview was sometimes blank after upgrading from Thunderbird 68
fixed Email addresses whitelisted for remote content not displayed in preferences
fixed Importing data from Seamonkey did not work
fixed Renaming a mail list did not update the side bar
fixed MailExtensions: messenger.* namespace was undefined
78.1.0
What's New
new OpenPGP support is now feature complete. Improvements: new Key Wizard, online searching for OpenPGP keys, and more
new The preferences tab now has a search field
Changes
changed Dark background in message reader is now disabled
Fixes
fixed Thunderbird startup was slow when using folder color customizations with many folders. Previously configured colors will not be migrated.
fixed Mail quota usage in status bar did not support terabyte folder sizes
fixed Changing Junk mail settings with keyboard toggled wrong setting
fixed Advanced IMAP server preferences not saved in Account Manager
fixed Address book migration updates and fixes
fixed Address book: Last Modified Date was not updated
fixed Dark mode improvements
fixed Various security fixes
Security fixes:
#CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
#CVE-2020-6514: WebRTC data channel leaks internal address to peer
#CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
#CVE-2020-15653: Bypassing iframe sandbox when allowing popups
#CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
#CVE-2020-15656: Type confusion for special arguments in IonMonkey
#CVE-2020-15658: Overriding file type when saving to disk
#CVE-2020-15657: DLL hijacking due to incorrect loading path
#CVE-2020-15654: Custom cursor can overlay user interface
#CVE-2020-15659: Memory safety bugs fixed in Thunderbird 78.1
78.0.1
What's New
new OpenPGP: Key revocation, extending key expiration, and secret key backup
Fixes
fixed Drag & Drop multiple attachments to macOS Finder created duplicate files
fixed Faceted search date and relevance settings not saved
fixed FileLink attachments included as a link and file when added from a network drive via drag & drop
fixed About Thunderbird dialog keyboard shortcuts did not work
fixed CC'd recipients sometimes displayed collapsed in header pane
fixed Incremental search in contacts sidebar did not always display local results when an LDAP server was also in use
fixed Contacts sidebar search results cleared after removing a contact
fixed OpenPGP: Messages with long Armor Header lines did not display
fixed OpenPGP: Messages containing non-UTF-8 text were not supported
fixed Various UI and theming fixes
fixed Chat: Participants list did not display operator flags
Changelog:
With "smtp_tls_connection_reuse = yes", tlsproxy(8) was using the wrong global
TLS context for connections that use DANE trust anchors or that use non-DANE
trust anchors. This resulted in a global certificate verify function pointer
race, between TLS handshakes that use trust achors and concurrent TLS
handshakes that use PKI. No memory was corrupted in the course of all this.
Reference: http://www.postfix.org/announcements/postfix-3.5.7.html
upstream changes:
-----------------
fetchmail-6.4.8 (released 2020-06-14, 27596 LoC):
## NEW TRANSLATION, with thanks to the translator:
* sr: Мирослав Николић (Miroslav Nikolić) [Serbian]
- Sorry, this was missed earlier because my translation scripts did not properly
report new translations.
# KNOWN BUGS AND WORKAROUNDS
(This section floats upwards through the NEWS file so it stays with the
current release information)
* Fetchmail does not handle messages without Message-ID header well
(See sourceforge.net bug #780933)
* Fetchmail currently uses 31-bit signed integers in several places
where unsigned and/or wider types should have been used, for instance,
for mailbox sizes, and misreports sizes of 2 GibiB and beyond.
Fixing this requires C89 compatibility to be relinquished.
* BSMTP is mostly untested and errors can cause corrupt output.
* Fetchmail does not track pending deletes across crashes.
* The command line interface is sometimes a bit stubborn, for instance,
fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some circumstances if
no or no global IPv6 addresses are configured.
(No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
messages. This will not be fixed, because the maintainer has no Kerberos 5
server to test against. Use GSSAPI.
---------------------------------------------------------------------------------
fetchmail-6.4.7 (released 2020-06-14, 27596 LoC):
## TRANSLATION UPDATE, with thanks to the translator:
* sv: Göran Uddeborg [Swedish]
-------------------------------------------------------------------------------
fetchmail-6.4.6 (released 2020-05-29, 27596 LoC):
## TRANSLATION UPDATE, with thanks to the translator:
* eo: Felipe Castro [Esperanto]
--------------------------------------------------------------------------------
fetchmail-6.4.5 (released 2020-05-07, 27596 LoC):
## REGRESSION FIX:
* fetchmail 6.4.0 and 6.4.1 changed the resolution of the home directory
in a way that requires SUSv4 semantics of realpath(), which leads to
'Cannot find absolute path for... directory' error messages followed by aborts
on systems where realpath() follows strict SUSv2 semantics and returns
EINVAL if the 2nd argument is NULL.
On such systems, for instance, Solaris 10, fetchmail requires PATH_MAX to be
defined, and will then work again. Regression reported by David Hough.
On systems that neither provide auto-allocation semantics for realpath(),
nor PATH_MAX, fetchmail will print this error and abort. Such systems
are unsupported, see README.
## CHANGES:
* Add a test program fm_realpath, and a t.realpath script, neither to be
installed. These will test resolution of the current working directory.
## TRANSLATION UPDATES in reverse alphabetical order of language codes,
## with my thanks to the translators:
* zh_CN: Boyuan Yang [Chinese (simplified)]
* sv: Göran Uddeborg [Swedish]
* sq: Besnik Bleta [Albanian]
* pl: Jakub Bogusz [Polish]
* ja: Takeshi Hamasaki [Japanese]
* fr: Frédéric Marchal [French]
* cs: Petr Pisar [Czech]
--------------------------------------------------------------------------------
fetchmail-6.4.4 (released 2020-04-26, 27530 LoC):
## UPDATED TRANSLATIONS - WITH THANKS TO THE TRANSLATOR:
* ja: Takeshi Hamasaki [Japanese]
--------------------------------------------------------------------------------
fetchmail-6.4.3 (released 2020-04-05, 27530 LoC):
## BUGFIXES:
* Plug memory leaks when parts of the configuration (defaults, rcfile, command
line) override one another.
* fetchmail terminated the placeholder command string too late and included
garbage from the heap at the end of the string. Workaround: don't use place-
holders %h or %p in the --plugin string. Bug added in 6.4.0 when merging
Gitlab merge request !5 in order to fix an input buffer overrun.
Faulty commit 418cda65f752e367fa663fd13884a45fcbc39ddd.
Reported by Stefan Thurner, Gitlab issue #16.
* Fetchmail now checks for errors when trying to read the .idfile,
Gitlab issue #3.
* Fetchmail's error messages that reports that the defaults entry isn't the
first was made more precise. It could be misleading if there was a poll or
skip statement before the defaults.
## CHANGES:
* Fetchmail documentation was updated to require OpenSSL 1.1.1.
OpenSSL 1.0.2 reached End Of Life status at the end of the year 2019.
Fetchmail will tolerate, but warn about, 1.0.2 for now on the assumption that
distributors backport security fixes as the need arises.
Fetchmail will also warn if another SSL library that is API-compatible
with OpenSSL lacks TLS v1.3 support.
* If the trust anchor is missing, fetchmail refers the user to README.SSL.
## INTERNAL CHANGES:
* The AC_DECLS(getenv) check was removed, its only user was broken and not
accounting for that AC_DECLS always defines HAVE_DECL_... to 0 or 1, so
fetchmail never declared a missing getenv() symbol (it was testing with
#ifdef). Remove the backup declaration. getenv is mandated by SUSv2 anyways.
## UPDATED TRANSLATIONS - WITH THANKS TO THE TRANSLATORS:
* sq: Besnik Bleta [Albanian]
* zh_CN: Boyuan Yang [Chinese (simplified)]
* pl: Jakub Bogusz [Polish]
* cs: Petr Pisar [Czech]
* fr: Frédéric Marchal [French]
* sv: Göran Uddeborg [Swedish]
* eo: Felipe Castro [Esperanto]
upstream changes:
-----------------
Fixed in Postfix versions 3.5.6, 3.4.16, 3.3.14, 3.2.19:
* One fix for memory leaks in the Postfix TLS library was back-ported to the wrong place, resulting in undefined program behavior.
Fixed in Postfix versions 3.5.6, 3.4.16:
* The workaround for allowed TLS protocol versions did not explictly override the system-wide OpenSSL configuration, for sessions where the remote SMTP client sends SNI. It's better to be safe than sorry.
Fixed in Postfix versions 3.5.5, 3.4.15, 3.3.13, 3.2.18:
* Workaround for unexpected TLS interoperability problems when Postfix runs on OS distributions with system-wide OpenSSL configurations.
* Memory leaks in the Postfix TLS library, the largest one involving multiple kBytes per peer certificate.
Update based on wip/mailman by Jesus Cea.
Clean some pkglint while here.
2.1.34 (26-Jun-2020)
i18n
- The Spanish translation has been updated by Omar Walid Llorente.
Bug Fixes and other patches
- The fix for LP: #1859104 can result in ValueError being thrown on
attempts to subscribe to a list. This is fixed and extended to apply
REFUSE_SECOND_PENDING to unsubscription as well. (LP: #1878458)
- DMARC mitigation no longer misses if the domain name returned by DNS
contains upper case. (LP: #1881035)
- A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to prevent
mailbombing of a member of a list with private rosters by repeated
subscribe attempts. (LP: #1883017)
- Very long filenames for scrubbed attachments are now truncated.
(LP: #1884456)
Although the package itself builds when pkgsrc is bootstrapped in
unprivileged mode, the pkgsrc +INSTALL/+DEINSTALL scripts fail, causing
bulk build noise:
=> Creating binary package /wrk/mail/qmail/work/.packages/qmail-1.03nb49.tgz
fatal: unable to find user alias
===========================================================================
ERROR: instchown exited 111.
Permissions are likely wrong, and/or the queue may be uninitialized.
===========================================================================
pkg_add: install script returned error status
pkg_add: 1 package addition failed
2020-08-21 Richard Russon <rich@flatcap.org>
* Bug Fixes
- fix maildir flag generation
- fix query notmuch if file is missing
- notmuch: don't abort sync on error
- fix type checking for send config variables
* Changed Config
- `$sidebar_format` - Use `%D` rather than `%B` for named mailboxes
* Translations
- 96% Lithuanian
- 90% Polish
The check whether a block of memory is tainted erroneously returns true
if the block in question starts the very next byte after a block in the
tainted pool. Depending on the memory allocator, this can cause problems.
For example, on NetBSD/amd64 9.0, this seems to allocate the first tainted
block immediately before log_buffer. This leads to a recursive error in
log_write the first time anything is written to the log, leading to a
segmentation fault when the stack fills up.
3.2.5
Added
IMAP Daemon: added switch to control the diffential state reload
(mailbox_update_strategy=2), more information in dbmail.conf,
mailbox_update_strategy_2_max_iterations [#81]
IMAP Daemon: added switch to control UNSEEN first message in SELECT commands
Changed
IMAP Daemon: allow reporting UID COPY success in case of various failures
(except quota), reporting issues are sent to error log as warnings [#87]
Optimizations
optimizing differential state [#81]
optimizing fetch message headers [#85]
Issues
fixing issue related to copy message in regard to RFC 3501, section 6.4.8
fixing issues related group_concat for PostgreSql [#75], [#78]
fixing issue related to lastRowId [#71]
fixing issues related with differential update [#70], [#73]
fixing proc not being used in BSD systems [#74]
IMAP Daemon: segmentation fault [#68]
3.2.4
Added
IMAP Daemon: mailbox-update-strategy switch (see dbmail.conf), experimental
support for application_name in database connection uri
IMAP Daemon: mailbox_search_strategy switch (see dbmail.conf)
Changed
systemd unit changed to type notify
mailbox state is build using only valid messages [#39]
Optimizations
IMAP Daemon: optimization of sql queries in relation to message headers
libevent increased priority on accepting new connections
libevent optimization on reading and writing to sockets
simplify libzdb configuration (AC_CHECK_HEADERS)
Issues
fix segmentation fault in imap_append_hash_as_string [#12]
dbmail-users: sql issue on deleting alias user [#18]
IMAP Daemon: generation of invalid BODYSTRUCTURE in Content-Type field [#23]
fix support for jemalloc latest version [#35]
IMAP Deamon: BYE Command now offers optional message even on normal operations
IMAP Deamon: idle message now offers optional message (* OK Still Here)
IMAP Daemon: random hangs when single user is connected [#37]
fix fd leaks
IMAP Daemon: fix MODIFIED keyword, too many '[' and ']'
fix segmentation fault in find_end_of_header
fix gcc 10 compilation issue, duplicated definition
2020-08-14 Richard Russon <rich@flatcap.org>
* Security
- Add mitigation against DoS from thousands of parts
* Features
- Allow index-style searching in postpone menu
- Open NeoMutt using a mailbox name
- Add `cd` command to change the current working directory
- Add tab-completion menu for patterns
- Allow renaming existing mailboxes
- Check for missing attachments in alternative parts
- Add one-liner docs to config items
* Bug Fixes
- Fix logic in checking an empty From address
- Fix Imap crash in `cmd_parse_expunge()`
- Fix setting attributes with S-Lang
- Fix: redrawing of `$pager_index_lines`
- Fix progress percentage for syncing large mboxes
- Fix sidebar drawing in presence of indentation + named mailboxes
- Fix retrieval of drafts when "postponed" is not in the mailboxes list
- Do not add comments to address group terminators
- Fix alias sorting for degenerate addresses
- Fix attaching emails
- Create directories for nonexistent file hcache case
- Avoid creating mailboxes for failed subscribes
- Fix crash if rejecting cert
* Changed Config
- Add `$copy_decode_weed`, `$pipe_decode_weed`, `$print_decode_weed`
- Change default of `$crypt_protected_headers_subject` to "..."
- Add default keybindings to history-up/down
* Translations
- 100% Czech
- 100% Spanish
* Build
- Allow building against Lua 5.4
- Fix when sqlite3.h is missing
* Docs
- Add a brief section on stty to the manual
- Update section "Terminal Keybindings" in the manual
- Clarify PGP Pseudo-header `S<id>` duration
* Code
- Clean up String API
- Make the Sidebar more independent
- De-centralise the Config Variables
- Refactor dialogs
- Refactor: Help Bar generation
- Make more APIs Context-free
- Adjust the edata use in Maildir and Notmuch
- Window refactoring
- Convert libsend to use Config functions
- Refactor notifications to reduce noise
- Convert Keymaps to use STAILQ
- Track currently selected email by msgid
- Config: no backing global variable
- Add events for key binding
* Upstream
- Fix imap postponed mailbox use-after-free error
- Speed up thread sort when many long threads exist
- Fix ~v tagging when switching to non-threaded sorting
- Add message/global to the list of known "message" types
- Print progress meter when copying/saving tagged messages
- Remove ansi formatting from autoview generated quoted replies
- Change postpone mode to write Date header too
- Unstuff `format=flowed`
Distfile changes.
1. Official annoucne says "The only change here is that the configure.ac
file has correctly formatted version number."
2. Name of distfile is changed to match previous file naming scheme.
Old distfile is still available.
3. automake 1.15.1 is used instead of previous 1.15. So, generated files
by it are changed.
4. Other files are not changed, so there is no functional change.
Bump PKGREVISION.
correct install_name_tool -id on macOS, where this fixes CHECK_SHLIBS
(and probably runtime behavior too). While here, the patch to link with
-lrt on NetBSD has been upstreamed; remove. Bump PKGREVISION.
Update dovecot2-pigeonhole to 0.5.11.
v0.5.11 2020-08-12 Aki Tuomi <aki.tuomi@open-xchange.com>
* managesieve: managesieve_max_line_length setting is now a "size" type
instead of just number of bytes. This allows using e.g. "64k" as the
value.
- lib-sieve: When folding white space is used in the Message-ID header,
it is not stripped away correctly before the message ID value is used,
causing e.g. garbled log lines at delivery.
Update roundcube to 1.4.8, security release.
RELEASE 1.4.8
-------------
- Security: Fix potential XSS issue in HTML editor of the identity signature input (#7507)
- Managesieve: Fix too-small input field in Elastic when using custom headers (#7498)
- Fix support for an error as a string in message_before_send hook (#7475)
- Elastic: Fix redundant scrollbar in plain text editor on mail reply (#7500)
- Elastic: Fix deleted and replied+forwarded icons on messages list (#7503)
- Managesieve: Allow angle brackets in out-of-office message body (#7518)
- Fix bug in conversion of email addresses to mailto links in plain text messages (#7526)
- Fix format=flowed formatting on plain text part derived from the HTML content (#7504)
- Fix incorrect rewriting of internal links in HTML content (#7512)
- Fix handling links without defined protocol (#7454)
- Fix paging of search results on IMAP servers with no SORT capability (#7462)
- Fix detecting special folders on servers with both SPECIAL-USE and LIST-STATUS (#7525)
- Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg content [CVE-2020-16145]
- Security: Fix cross-site scripting (XSS) via HTML messages with malicious math content
* Drop support for EOL Python 3.4, add support for Python 3.8
* Add List_ID and List_Post headers to the generated emails
* Add a new `reply-changes` setting
* Improve configurability of text wrapping for the emails
* Use `platform.node()` instead of "dev.null.invalid" in
"Message-ID" header
* Improve locking support for when multiple rss2email instances are run
in parallel
* Fix handling of __VERSION__ and __URL__ in user-agent strings
* Fix opmlexport
Use res_ndestroy() instead of res_nclose() to properly cleanup resources
on NetBSD (and others that use __res_ndestroy() or res_ndestroy() instead
of res_nclose()). Original patch by Roy Marples.
Upstream changes:
version 3.005: Wed 22 Jul 10:40:05 CEST 2020
Improvements:
- warn to use ::SMTP, not ::SendMail on bulk messages.
- much lower elapse time on ::SMTP (local?) delivery.
version 3.004: Fri 3 May 09:29:07 CEST 2019
Improvements:
- add imap/imap4
Enigmail 2.1.7
Released 2020-06-27, works with Thunderbird 68 and Postbox 7.
Notable Changes
This release displays information about the upcoming release of Thunderbird 78.
This is a bug-fix release fixing a problem resetting access times that snuck
in starting with 1.11.0. This only affected relative-path mailboxes, but
caused Mutt to "forget" new mail in mbox files.
Changelog:
Notmuch 0.30 (2020-07-10)
=========================
S/MIME
------
Handle S/MIME (PKCS#7) messages -- one-part signed messages, encrypted
messages, and multilayer messages. Treat them symmetrically to
OpenPGP messages. This includes handling protected headers
gracefully.
If you're using Notmuch with S/MIME, you currently need to configure
gpgsm appropriately.
Mixed-up MIME Repair
--------------------
Detect and automatically repair a common form of message mangling
created by Microsoft Exchange (see index.repaired=mixedup in
notmuch-properties(7)).
Protected Headers
-----------------
Avoid indexing the legacy-display part of an encrypted message that
has protected headers (see
index.repaired=skip-protected-headers-legacy-display in
notmuch-properties(7)).
Python
------
Drop support for python2, focus on python3.
Introduce new CFFI-based python bindings in the python module named
"notmuch2". Officially deprecate (but still support) the older
"notmuch" module.
Dependencies
------------
Support for Xapian 1.2 is removed. The minimum supported version of
Xapian is now 1.4.0.
Notmuch 0.29.3 (2019-11-27)
===========================
General
-------
Fix for use-after-free in notmuch_config_list_{key,val}.
Fix for double close of file in notmuch-dump.
Debian
------
Drop python2 support from shipped debian packaging.
Notmuch 0.29.2 (2019-10-19)
===========================
General
-------
Fix for file descriptor leak when opening gzipped mail files. Thanks
to James Troup for the bug report and the fix.
Notmuch 0.29.1 (2019-06-11)
===========================
Build
-----
Fix for installation failure with `configure --without-emacs`.
Update roundcube to 1.4.7.
RELEASE 1.4.7
-------------
- Fix bug where subfolders of special folders could have been duplicated on folder list
- Increase maximum size of contact jobtitle and department fields to 128 characters
- Fix missing newline after the logged line when writing to stdout (#7418)
- Elastic: Fix context menu (paste) on the recipient input (#7431)
- Fix problem with forwarding inline images attached to messages with no HTML part (#7414)
- Fix problem with handling attached images with same name when using database_attachments/redundant_attachments (#7455)
- Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace
Changelog:
Fixes
fixed Chat: Topics displayed some characters improperly
fixed Calendar: Filtering tasks did not work when "Incomplete Tasks" was selected
Security fixes:
CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64
#CVE-2020-12418: Information disclosure due to manipulated URL object
#CVE-2020-12419: Use-after-free in nsGlobalWindowInner
#CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
#MFSA-2020-0001: Automatic account setup leaks Microsoft Exchange login credentials
#CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates
