Notmuch 0.28.2 (2019-02-17)
===========================
Emacs
-----
Invoke gpg with --batch and --no-tty.
Python Bindings
---------------
Fix documentation build with Python 3.7. Note that Python >= 3.3 is
now needed to build this documentation.
Maintain a folder which has its messages stored on a remote server. The
communication between the client application and the server is implemented using
the POP3 protocol. This class uses Mail::Transport::POP3 to hide the transport
of information, and focusses solely on the correct handling of messages within a
POP3 folder.
Maintain a folder which has its messages stored on a remote server. The
communication between the client application and the server is implemented using
the IMAP4 protocol. This class uses Mail::Transport::IMAP4 to hide the transport
of information, and focusses solely on the correct handling of messages within a
IMAP4 folder. More than one IMAP4 folder can be handled by one single IMAP4
connection.
Mail::Transport extends Mail::Transport implement sending and/or receiving of
messages, using various protocols.
Mail::Transport::Send extends this class, and offers general functionality for
send protocols, like SMTP. Mail::Transport::Receive also extends this class, and
offers receive method. Some transport protocols will implement both sending and
receiving.
Upstream changes:
version 3.006: Fri 15 Feb 09:01:51 CET 2019
Fixes:
- MailDir warns about repeat count, since last release added 'use
warnings' to the file. [Keita Jamadam] github issue #2
- mbox parsing failed on changing handling of blank lines by Mail::Message
rt.cpan.org#128513 [Gregor Herrmann] + [cpantesters]
Upstream changes:
version 3.008: Mon 11 Feb 12:30:40 CET 2019
Fixes:
- test with windows path [cpantesters]
- when a message gets coerced, its components should not be delayed [fany]
- date fields recognizing 2-digit years [Andrew Beverley]
Improvements:
- failing AUTOLOAD on ::Body gives unclear error
- dates after 2030 for message separator in mbox
* New tool msearch to wrap several mail indexers.
* New zsh completion _mblaze.
* mnext/mprev were removed (you can call `mless +`/`mless -`).
* The GnuPG tools in contrib/ now use gpg2.
* mshow exits with error if it could not extract all attachments
* mrep: add -noquote to disable quoting the message replied to
* mdeliver: keep permissions of messages
* mcom: aborting the editor is now more like delete than cancel
* mcom: add -send to send directly without editing
* mcom: check if mail is formatted sensibly
* mpick: new flag -v for statistics
* mscan: new flag -v for statistics
* magrep: add -h, which is like -p but doesn't print the file name
* mscan: prioritize displaying trashed mail over other markers
* mpick: fix off-by-one in expression parsing
* Many bug fixes
Upstream changes:
0.06 2019-01-02
- Changes to address CVE-2018-18898 which could allow DDoS-type attacks.
Thanks to Lukas Kramer for reporting the issue and Alex Vandiver for
contributing fixes.
- Fix pathological backtracking for unkown regex
- Fix pathological backtracking in obs-phrase(i.e. obs-display-name)
- Fix pathological backtracking in cfws, quoted strings
Enigmail 2.0.9
Released 2018-10-09, works with Thunderbird 60.0.
Notable Changes
This release addresses a security issue and solves a few regression bugs.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.8
Released 2018-08-04, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses a security issue and solves a few regression bugs.
Bugs fixed:
A security issue has been fixed that allows an attacker to prepare a plain, unauthenticated HTML message in a way that it looks like it's signed and/or encrypted.
Check the full list of fixed defects.
Enigmail 2.0.7
Released 2018-06-13, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several critical security bugs.
Bugs fixed:
Spoofing of Email signatures I (CVE-2018-12020): GnuPG 2.2.8 fixed a security bug that allows remote attackers to spoof arbitrary email signatures via the embedded "--filename" parameter in OpenPGP literal data packets. This release of Enigmail prevents the exploit for all versions of GnuPG, i.e. also if GnuPG is not updated.
Spoofing of Email signatures II (CVE-2018-12019): The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.
Mozilla crash bug 1423895: if Enigmail is installed on Thunderbird 60b7 together with the Add-Ons "CardBook", "QuickFolders" (and possibly other Add-Ons), then Thunderbird will crash as soon as an Enigmail-specific window is opened. This version implements a workaround for the Mozilla bug.
Enigmail 2.0.6
Released 2018-05-27, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses a vulnerability that would allow an attacker to make a victim respond to a partially encrypted message and thus reveal protected information.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.5
Released 2018-05-21, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release implements a fix that prevents any form of the Efail vulnerability and similar attacks. We recommend to upgrade to this version as soon as possible.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.4
Released 2018-05-16, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release implements two workarounds to prevent from Efail vulnerabilities. We recommend to upgrade to this version as soon as possible.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.3
Released 2018-05-08, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several defects, including a crash when accessing encrypted forwarded messages.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.2
Released 2018-04-12, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses some regressions found in version 2.0/2.0.1.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.1
Released 2018-04-02, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several defects found in version 2.0.
Bugs fixed:
S/MIME signing/encryption not working correctly, if Enigmail is not enabled for an account
Emails fail to decrypt if the sender address contains brackets
Autocrypt-headers may flip manually created per-recipient rules
The key manager does not load if no key on the keyring
Check the full list of fixed defects.
Enigmail 2.0
Released 2018-03-25, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
The Encryption and Signing buttons now work for both OpenPGP and S/MIME. Enigmail will chose between S/MIME or OpenPGP depending on whether the keys for all recipients are available for the respective standard.
Support for Pretty Easy Privacy (p≡p) is implemented in Enigmail. p≡p is active by default for new users.
Support for the Autocrypt standard, which is now enabled by default. If Enigmail is used in the "classical mode" (with p≡p disabled) then Autocrypt is enabled by default.
Support for Web Key Directory (WKD) is implemented. Enigmail will try to download unavailable keys during message composition from WKD. If you use GnuPG 2.2.x, and your provider supports the Web Key Service protocol, you can also use Enigmail to upload your key to WKD.
The message subject can now be encrypted and replaced with a dummy subject, following the Memory Hole standard for protected Email Headers.
The keys on the keyring are automatically refreshed from keyservers at an irregular interval.
Enigmail was turned into a "restartless" addon. That is, once you installed Enigmail 2.0, subsequent updates will be installed without needing to restart Thunderbird.
Keys are internally addressed using the fingerprint instead of the key ID.
The minimum GnuPG version supported is now 2.0.16.
Cygwin-versions of GnuPG are no longer supported.
Bugs fixed
Many bugs were fixed. Check the list of fixed defects.
Notmuch 0.28.1 (2019-02-01)
===========================
Build System
------------
`configure` no longer uses the special variable BASH, as this causes
problems on systems where /bin/sh is bash.
pkgsrc changes:
- Remove no longer needed patches
Changes:
2.0
---
- Remove Courier support
- Add `ignore-errors' flag to ignore possible delivery errors and continue to
the next mail
- Add a `lock-timeout' option to customize default 10 seconds timeout
- Add support for STARTTLS on IMAP and POP3
- Disable OpenSSL insecure stuff enabled by default and introduce a `insecure'
flag to replace `no-tls1'
- Add support for newer OpenSSL
- Use SNI extension (fixes some servers when OpenSSL supports TLS 1.3)
- Misc bug fixes and improvements
- experimental: when SSL SNI support is present in the underlying Python
(and OpenSSL), send SNI by default in the SSL setup. This should work
around Gmail's brokenness with TLSv.1.3 connections when SNI is not sent.
Changes:
1.8.3
-----
This version fixes a security problem that affects version 1.8.2
(older versions are not affected): when the new default value system
for tls_trust_file is used, the result of certificate verification
was not properly checked.
v2.3.4.1 2019-02-05 Aki Tuomi <aki.tuomi@open-xchange.com>
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
trusted certificate with missing username field
(ssl_cert_username_field), under some configurations Dovecot
mistakenly trusts the username provided via authentication instead
of failing.
* ssl_cert_username_field setting was ignored with external SMTP AUTH,
because none of the MTAs (Postfix, Exim) currently send the
cert_username field. This may have allowed users with trusted
certificate to specify any username in the authentication. This bug
didn't affect Dovecot's Submission service.
* pkgsrc change: add "USE_LANGUAGES= # none" line.
Version 2.7.1 (2018-10-13)
Compatibility:
* Restore LF=>CRLF conversions for properly encoded non-binary emails. (rubys)
* Gracefully parse certain invalid Content-Type headers. (rafbm)
* Support `x-uue` transfer encoding as uuencoding. (jkraemer)
Features:
* Expose Mail::Field#unparsed_value to read the raw field value, before
parsing. (Tensho)
Performance:
* Speed up message encoding, especially with large attachments. (dalibor)
Bugs:
* Fix transfer encoding when message encoding is blank. (jakubonty, saks)
* Fix 7bit/base64 content transfer encoding mismatch. (ahorek)
* Fix UTF-8 attachment filename quoting. (ahorek)
* Fix `delete_all` using a readonly IMAP connection. (kimromi)
7.99.1 subject MIME handling bug fixed.
Sep 8, 2018, we have merged the following branch
feature/utf8-mime-header-handling [2b9052aa..b9c2f6c2] into
the master. XXX Mail::Message::ToHTML is broken. XXX
Mail::Message::Outline may be broken.
Also, we note that this is the initial point to release
engineering process toward the release 8.0.0.
(XXX)
We plan to move non-core modules related on the mailing list
core to aux/ (newly created) or 3rdparty/fml.org/FEATURE/ (as
examples how to use at ./3rdparty/ directory).
In my environment, the build was trying and failing to download the
docbook xhtml files and then generating an empty manual.txt when
lynx was not found.
Bump PKGREVISION to be on the safe side.
While here, make it easier to use envdir by prepending to
${qmailfoo_postenv} rather than appending.
At least one Linux shell needs "--" between greetdelay and rblsmtpd, and
this doesn't break NetBSD.
Bump version.
Changes:
Version 1.8.2:
- To simplify TLS setup, the tls_trust_file command has a new default value
'system' that selects the system default trust. Now you just need tls=on to
use TLS; the other TLS options are only required in special cases.
To make this work without breaking compatibility with older msmtp versions,
tls_fingerprint now overrides tls_trust_file, and tls_certcheck=off overrides
both (previously, you could not specify contradicting options).
- To simplify setup, a new option '--configure <mailaddress>' was added that
automatically generates a configuration file for a given mail address.
However, this only works if the mail domain publishes appropriate SRV records.
Version 1.8.1:
- Fixed our TLS code to support TLS 1.3 with GnuTLS.
when the system clock is set to TAI (and a libtai dependency to get
leapsecs.dat). While here, catch up to his latest maildiruniq patch.
Let an installed ucspi-tcp6 satisfy the ucspi-tcp dependency for
non-'inet6' builds.
Bump PKGREVISION.
Changelog:
new
WebExtensions FileLink API to facilitate FileLink add-ons. For the future
version Thunderbird 60.5.0: WeTransfer will be included in Thunderbird 60.5.0
and the Dropbox add-on will be compatible with Thunderbird 60.5.0.
fixed
Decoding problems for messages with less common charsets (cp932, cp936)
fixed
New messages in the drafts folder (and other special or virtual folders)
will no longer be included in the new messages notification
Upstream changes:
version 3.40: Thu Dec 6 01:44:16 UTC 2018
- rt.cpan.org#122373 support IPv6 by using IO::Socket::IP over IO::Socket::INET
[Gilles Lamiral and Mark Overmeer]
- rt.cpan.org#127103 flags() undef value as an ARRAY reference on a bogus message
[Gilles Lamiral]
- rt.cpan.org#124523 update examples/populate_mailbox.pl timegm usage
[Bernhard M. W.]
- t/capability.t: added first set of tests
- t/quota.t: minor fix when tests skipped
Upstream changes:
1.912 2018-12-31 13:46:22-05:00 America/New_York
- include the doc updates from 1.911 changelog, oops!
1.911 2018-12-22 11:30:28-05:00 America/New_York
- just like 1.910, but with doc updates and undeprecation by Jim Brandt
1.910 2018-12-17 21:27:28-05:00 America/New_York (TRIAL RELEASE)
- update parsing to mitigate pathological cases (thanks, sunnavy!)
