Mozilla Thunderbird is a redesign of the Mozilla mail component. The
goal is to produce a cross platform stand alone mail application using
the XUL user interface language. This version uses the gtk2 toolkit.
Changelog:
60.3.3:
mitigated
Thunderbird 60 will migrate security databases (key3.db, cert8.db to
key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault
that potentially deleted saved passwords and private certificate keys
for users using a master password. Version 60.3.3 will prevent the loss
of data; affected users who have already upgraded to version 60.3.2 or
earlier can restore the deleted key3.db file from backup to complete
the migration.
fixed
Address book search and auto-complete slowness introduced in
Thunderbird 60.3.2
Plain text markup with * for bold, / for italics, _ for underline and |
for code did not work when the enclosed text contained non-ASCII
characters
While composing a message, a link not removed when link location was
removed in the link properties panel
60.3.2:
fixed
Under some circumstances Thunderbird on Mac will send attachments using
the so-called AppleDouble format which can lead to problems with mail
servers and recipients
Encoding problems when exporting address books or messages using the
system charset. Messages are now always exported using the UTF-8 encoding.
If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was
displayed. Now using date from "Received" header instead.
Body search/filtering didn't reliably ignore content of tags
Inappropriate warning "Thunderbird prevented the site
(addons.thunderbird.net) from asking you to install software on your
computer" when installing add-ons
Incorrect display of correspondents column since own email address was
not always detected
Spurious 
 (encoded newline) inserted into drafts and sent email
New email not inserted in correct sort order in threaded unified view
or search folder
60.3.1:
fixed
Double-clicking on a word in the Write window sometimes launched the
Advanced Property Editor or Link Properties dialog
Cookie removal (not working since Thunderbird version 52)
"Download rest of message" not working if global inbox was used
Encoding problems for users (especially in Poland) when a file was sent
via a folder using "Sent to > Mail recipient" due to a problem in the
Thunderbird MAPI interface
According to RFC 4616 and RFC 5721, passwords containing non-ASCII
characters are encoded using UTF-8 which can lead to problems with
non-compliant providers, for example office365.com. The SMTP LOGIN
and POP3 USER/PASS authentication methods are now using a Latin-1
encoding again to work around this issue.
Shutdown crash/hang after entering an empty IMAP password
60.3.0:
fixed
Various Theme fixes where incorrect colors, backgrounds, etc. were
displayed
Add-on Options menu not working on Mac
Shift+PageUp/PageDown in Write window
Saving content of Write windows didn't overwrite existing file
Issues related to "Edit Template" command
Gloda attachment filtering
Mailing list address auto-complete enter/return handling
Thunderbird hung if HTML signature references non-existent image
Filters not working for headers that appear more than once
Various security fixes
Secirity fixes:
#CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
#CVE-2018-12392: Crash with nested event loops
#CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
#CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3
#CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3
60.2.1:
Changed
Calendar: Default values for the first day of the week and working days
are now derived from the selected datetime formatting locale (restart
after changing locale in the OS required)
Calendar: Switch to a Photon-style icon set for all platforms
Multiple requests for master password when Google Mail or Calendar
OAuth2 is enabled
Scrollbar of the address entry auto-complete popup does not work
Security info dialog in compose window does not show certificate status
Links in the Add-on Manager's search results and theme browsing tabs
open in external browser
Localized versions of Thunderbird didn't show a localized name for
the "Drafts" and "Sent" folders for certain IMAP providers
(particularly in France)
Replying to a message with an empty subject inserted Re: twice (not
working in Thunderbird 60.0)
Spellcheck marks disappeared erroneously for words with an apostrophe
(not working in Thunderbird 60.0)
Calendar: First day of the week cannot be set
Calendar: Several fixes related to cutting/deleting of events and email
scheduling
Various security fixes
Security fixes:
#CVE-2018-12377: Use-after-free in refresh driver timers
#CVE-2018-12378: Use-after-free in IndexedDB
#CVE-2018-12379: Out-of-bounds write with malicious MAR file
#CVE-2017-16541: Proxy bypass using automount and autofs
#CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
#CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords
#CVE-2018-12376: Memory safety bugs fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1
60.0:
new
When writing a message, a delete button now allows the removal of a
recipient. This delete button is displayed when hovering the To/Cc/Bcc
selector.
Many improvements to attachments handling during compose: Attachments
can now be reordered using a dialog, keyboard shortcuts, or drag and
drop. The "Attach" button moved to the right to be above the attachment
pane. The access key of the attachment pane (e.g. Alt+M, may vary
depending on localization, Ctrl+M on Mac) now also works to show or
hide the pane. The attachment pane can also be shown initially when
composing a new message. Right-click on the header to enable this
option. Hiding a non-empty attachment pane will now show a placeholder
paperclip to indicate the presence of attachments and avoid sending
them accidentally.
"Edit Template" command. This also solves various problems when saving
as template (duplicates created, message ID lost).
"New Message from Template" command
Allow changing the Spellcheck Language from status bar
Light and Dark themes
WebExtension themes are now enabled in Thunderbird
A default startup directory in the address book window can now be
configured
Individual feed update interval
An option under "Tools > Options, Advanced, General" now allows to
select whether date/time display will follow the application locale
(adjusted by operating system's format settings for that locale) or
the locale selected in the operating system's regional settings.
In other words, an US English Thunderbird can use, for example,
German formats.
OAuth2 authentication for Yahoo and AOL
FIDO U2F support
Thunderbird now allows the conversion of folders from mbox to maildir
format and vice versa. This is an experimental feature that needs to
be enabled by setting the preference mail.store_conversion_enabled.
Note that this functionality does not not work if the option "Allow
Windows Search/Spotlight to search messages" is selected.
Calendar: Allow copying, cutting or deleting of a selected occurrence
or the entire series for recurring events
Calendar: Provide an option to display locations for events in calendar
day and week views
Calendar: Provide the ability for sending/not sending meeting
notifications directly instead of showing a popup
Calendar: Option to select the target calendar when pasting an event
or task
Calendar: Allow email scheduling for CalDAV servers supporting
server-side scheduling
Thunderbird Chat now contains multiple built-in message themes
changed
IMPORTANT: Add-ons not marked as compatible with Thunderbird 60
by their authors will be disabled (this can be reverted via preference
extensions.strictCompatibility)
IMAP: When after sending a message storing that sent message fails,
the message can now be stored in a local folder
Add-on options can no longer be configured from the Add-on Manager page.
A new menu item "Add-on Options" is now available on the Tools menu.
When messages are composed in paragraph format, "body text" and split
mail quotes are converted to paragraphs when pressing the enter key
"Edit As New Message" will now use the account's default compose format,
either HTML or plain text ignoring the format of the message. Plain
text messages will be converted to HTML and vice versa. Then using
the modifier, the format choice will be reverted.
The "Edit Draft" command now also honors the use of the shift key to
convert HTML to plain text or vice versa when editing a draft
The plain text to HTML conversion has been improved where such a
conversion is necessary for "Edit As New Message" or when the shift
modifier is used for "Edit Draft" or "New Message from Template".
During address entry, the matching part of the address is now shown in
bold. Preference mail.autoComplete.commentColumn allows to display
the address book where the address is stored.
When attaching a message via drag and drop, the subject of the message
is now used as attachment name instead of "Attached Message"
Better address book photo handling: Photos can be added by drag and
drop and a copy of all photos will be stored in the Thunderbird profile
On first start, Thunderbird now shows the account setup dialog, no longer
the account provisioner dialog
Thunderbird follows Firefox' Photon design with rectangular tabs and
many other theme improvements
When customizing the From: address, Thunderbird will now use this address
for the SMTP "MAIL FROM" command. Previously the address configured
in the identity was used. The preference
mail.smtp.useSenderForSmtpMailFrom allows return to the previous
behavior.
Native notifications on Linux are now re-enabled
Thunderbird now uses Mozilla's latest proxy technology (add-on FoxyProxy
now supported)
Thunderbird now uses the latest Rust-based Mozilla technology, including
Quantum's CSS engine (based on Servo) and encoding_rs, for displaying
and encoding messages
All certificates issued by Symantec roots before 2016-06-01 are
distrusted for use in TLS secured traffic in Thunderbird 60 and above.
This applies to all brands Symantec operated: Thawte, RapidSSL,
GeoTrust, Verisign, and Symantec. For usage in S/MIME the certificates
remain valid. Details here.
Calendar: Removal of capability to send email invitations compatible
to Outlook 2002 and earlier
Calendar: Reminders on read-only calendars can now be dismissed, while
reminders for missed events will now only be displayed for writable
calendars if option "Show missed reminders for writable calendars" is
selected
Thunderbird Chat: Nicknames inside of messages are colored to match
the participants list
fixed
When many Thunderbird clients or other email clients accessed the same
IMAP draft folder, messages were sometimes sent with the wrong
identity. This has been corrected and the user will be notified if
none of their identities matches the draft.
Various problems related to handling the IMAP trash folder: Under
certain circumstances the selection of the trash folder didn't persist,
for example when the name contained non-ASCII characters, or in
localized versions of Thunderbird. At times unwanted adtext menu behavior
Better error handling for Gmail authentication to avoid re-downloading
of folders
Thunderbird used a stale cached password after user edited a saved
password
Calendar: Wrong time formatting for some time zones
Calendar: Can't copy information from event dialog for received invitations
Various security fixes
Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12361: Integer overflow in SwizzleData
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60
#CVE-2018-5188: Memory sa60
- ucspi-ssl and ucspi-tcp6 correctly dual-stack v4/v6 on NetBSD, so we
can go back to "0" (instead of "0.0.0.0") as the default host to
listen on.
- FreeBSD's /bin/sh needs continuation characters to understand what
we're assigning to `command` in foo_precmd(). This seems sensible and
doesn't break NetBSD.
Bump version.
Changes for all supported stable releases:
* Support for OpenSSL 1.1.1, and support for TLSv1.3-specific
features.
- Updated Postfix TLS documentation examples for TLSv1.3. See
FORWARD_SECRECY_README.
- New TLSv1.3-specific attributes in Postfix logging and in
Postfix "Received:" message headers: key exchange, server
signature, client signature.
- New option to selectively disable TLSv1.3 in *_tls_protocols
settings.
- New server-side support to avoid issuing multiple session
tickets.
- New support to allow OpenSSL >= 1.1.0 run-time micro version
bumps without logging Postfix warnings about library version
mismatches.
Fixed in all stable releases:
* Bugfix: smtpd_discard_ehlo_keywords could not disable "SMTPUTF8",
because some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
* Bugfix: minor memory leak in DANE support when minting issuer
certs. This affects a tiny minority of use cases.
Fixed in Postfix 3.3.2:
* Bugfix: the Postfix build did not abort if the m4 command was
not installed, resulting in a broken postconf command.
Comment out qmail-qfilter-viruscan in control/smtpfilters. It's not a
very precise tool, so the cost (false positives) probably outweighs the
benefit (blocked malware attachments) for many users.
Also not a sensible default: rejecting incoming mail on SPF
explicit-fail. This needs to be an admin decision because, among other
reasons, it would also reject messages forwarded through servers that
haven't configured SRS. Document SPF setup, including how to reject
(with this caveat) and how to greylist SPF explicit-pass (which would
otherwise be exempted from greylisting).
Rename greylisting-spp-with-exemptions to greylisting-spp-wrapper. Add a
feature: to effectively omit IP from the (IP,sender,recipient) tuple,
add GL_WRAPPER_TCPREMOTEIP="127.127.127.127" to control/tcprules/smtp.
rc.d scripts:
- Location of tcprules file is configurable
- By default, CDB is auto-rebuilt as needed on service start
- CDB auto-rebuilding can be configured off
Bump version.
- On "fail", reject
- On "pass", skip any greylisting
- Else, accept mail as we otherwise would.
qmail-spp-spf adds a `Received-SPF:` header to all incoming messages.
Migrate ${PKG_SYSCONFDIR}/tcp.* to ${PKG_SYSCONFDIR}/control/tcprules.
Bump version.
config files. Removing them on uninstall if they haven't been changed
is already mail/qmail's job; creating them on install was being done
here, and this combination was probably responsible for `pkgin
full-upgrade` removing some config files and qmail no longer running.
Thanks to Nathan Arthur for the bug report.
Instead of running config-fast-pkgsrc here, rely on mail/qmail to do it.
For similar reasons, also expect mail/qmail to handle the three basic
aliases (root, mailer-daemon, postmaster) and QUEUE_EXTRA.
While here, set QMAILREMOTE in qmailsend_postenv in preparation for a
future update.
Bump version.
### GMime 3.2.3
* Fixed GMimeFilterBasic for uudecode.
Don't allow the outbuf to ever get set to NULL which could happen
if the begin-line had not yet been found (and thus
g_mime_filter_set_size() had never been called to allocate the
outbuf buffer).
* Fixed a bug in g_mime_uuencode_step().
* Modified GMimeParser to work around broken mailers that send base64
encoded message/rfc822 parts.
Fixes https://gitlab.gnome.org/GNOME/gmime/issues/1
* Fixed a bug in g_mime_quoted_encode_close() where it would incorrectly
end the quoted-printable output with a line containing only "=\n" even
when it is not needed.
* Improved g_mime_content_encoding_from_string(). This function no
longer requires the input string to be an exact match for "7bit",
"8bit", "base64", etc. It can now handle whitespace before and
after the value. In other words, it is now easy to use this
function on raw header values before any whitespace trimming
has been done.
* Really, really fixed the packaging to include the Vala build files.
1.1.1:
+ Added ARC specific tags for draft-ietf-dmarc-arc-protocol-18 (as of IETF
last call, still experimental), smtp.remote-ip and header.oldest-pass
When TLS 1.3 is used at least imap.gmail.com requires SNI extension
otherwise fails as follow:
certificate verification failed: self signed certificate
(This can happen with OpenSSL 1.1.1.)
Bump PKGREVISION
Notmuch 0.28 (2018-10-12)
=========================
General
-------
Improve threading
The threading algorithm has been updated to consider all references,
not just the heuristically chosen parent (e.g. when that parent is
not in the database). The heuristic for choosing a parent message
has also been updated to again consider the In-Reply-To header, if
it looks sensible. Re-indexing might be needed to take advantage of
the latter change.
Handle mislabelled Windows-1252 parts
Messages that contain Windows-1252 are apparently frequently
mislabelled as ISO 8859-1. Use GMime functionality to apply the
correct encoding for such messages.
Command Line Interface
----------------------
Support relative database paths
Database paths (i.e. parameters to `notmuch config set
database.path`) without a leading `/` are now interpreted relative
to $HOME of the invoking user.
Emacs
-----
Improve stderr handling
Add a real sentinel process to clean up stderr buffer. This is
needed on e.g. macOS.
Call `notmuch-mua-send-hook` hooks when sending a message
This hook was documented, but not functional for a very long time.
Completion
----------
The zsh completion has been updated to cover most of the notmuch
CLI. Internally it uses regexp searching, so needs at least Notmuch
0.24.
Build System
------------
The build system now installs notmuch-mutt and notmuch-emacs-mua with
absolute shebangs, following the conventions of most Linux
distributions.
Test Suite
----------
Fix certain tests that were failing with GMime 2.6. Users are reminded
that support for versions of GMime before 3.0.3 has been deprecated
since Notmuch 0.25.
### GMime 3.2.2
* Fixed packaging to include Vala files.
### GMime 3.2.1
* Fixed GMimeParser to recognize the message/global mime-type
(a UTF-8 version of message/rfc822). (issue #50)
* Updated GMime to use libidn2 instead of the older libidn
library. (issue #48)
* Fixed address quoting logic and IDN2 encoding.
The rules for quoting address names should use 'specials'
instead of 'tspecials' and when encoding domain names via
IDN2, check if the encoded domain matches the original
domain name (other than case). If they match, prefer the
non-encoded domain name since the user may have used
uppercase characters to enhance readability of the domain
name.
* Added GMIME_DECRYPT_ENABLE_ONLINE_CERTIFICATE_CHECKS and
GMIME_DECRYPT_ENABLE_KEYSERVER_LOOKUPS as possible flags to
pass to g_mime_crypto_context_decrypt(). Also added
GMIME_VERIFY_ENABLE_ONLINE_CERTIFICATE_CHECKS and
GMIME_VERIFY_ENABLE_KEYSERVER_LOOKUPS as possible flags to
pass to g_mime_crypto_context_verify().
Clients that wish to enable online certificate and/or
keyserver lookups now need to explicitly enable this
functionality.
These changes are designed to make it more difficult
for clients to be susceptible to Efail privacy exploits.
Specifically, it is meant to address the privacy concerns
regarding CRL and OCSP status check backchannels.
For more information about Efail, see https://www.efail.de/
* Fixed g_mime_message_write_to_stream() to prioritize message
headers over body headers (even when they have an offset of -1).
(issue #46)
* The GMimeParser can now warn about a number of RFC-compliance
issues that it finds when parsing messages.
* Fixed GMimeTextPart to make sure that the GMimeFilterCharset is
non-null before trying to use it. This can happen if the charset
specified in the Content-Type header is unsupported by the
iconv library.
v0.5.4:
* Adjustments to several changes in Dovecot v2.3.4 make this Pigeonhole
release dependent on that Dovecot release; it will not compile against
older Dovecot versions. And, conversely, you need to upgrade
Pigeonhole when upgrading Dovecot to v2.3.4.
* The changes regarding the default postmaster_address in Dovecot v2.3.4
mainly apply to Pigeonhole. The new default should work for all
existing installations, thereby fixing several reported v2.3/v0.5
migration problems.
- IMAP FILTER=SIEVE capability: Fix assert crash occurring when running
UID FILTER on a Sieve script with errors.
2.3.4:
* The default postmaster_address is now "postmaster@<user domain or
server hostname>". If username contains the @domain part, that's
used. If not, then the server's hostname is used.
* "doveadm stats dump" now returns two decimals for the "avg" field.
+ Added push notification driver that uses a Lua script
+ Added new SQL, DNS and connection events.
See https://wiki2.dovecot.org/Events
+ Added "doveadm mailbox cache purge" command.
+ Added events API support for Lua scripts
+ doveadm force-resync -f parameter performs "index fsck" while opening
the index. This may be useful to fix some types of broken index files.
This may become the default behavior in a later version.
- director: Kicking a user crashes if login process is very slow
- pop3_no_flag_updates=no: Don't expunge DELEted and RETRed messages
unless QUIT is sent.
- auth: Fix crypt() segfault with glibc-2.28+
- imap: Running UID FILTER script with errors assert-crashes
- dsync, pop3-migration: POP3 UIDLs weren't added to
dovecot.index.cache while mails were saved.
- dict clients may have been using 100% CPU while waiting for dict
server to finish commands.
- doveadm user: Fixed user listing via HTTP API
- All levels of Cassandra log messages were logged as Dovecot errors.
- http/smtp client may have crashed after SSL handshake
- Lua auth converted strings that looked like numbers into numbers.
new filter to add a Received header with TLS protocol and ciphers. Add
qmail-qfilter-addtlsheader to control/smtpfilters, too. Bump acceptutils
dependency to get this program.
Point to qmail-qfilter-queue in tcp.ofmip and tcp.smtp. This replaces
the formerly separate qmail-queue wrappers for ofmipd and smtpd. Bump
rejectutils dependency to get this program.
rc.d scripts:
- ofmipd, pop3d, smtpd: let a standalone TLS key file be configured
in rc.conf.
- ofmipd, pop3d: let pre- and post-checkpassword commands be configured
in rc.conf.
- pop3d: fix typo in default TLS file paths.
Bump version.
- Add qmail-qfilter-addtlsheader, a filter to add a Received header with
TLS protocol and ciphers.
- Fix spurious errors when initializing TLS environment.
- Add qmail-qfilter-queue, which is like qmail-qfilter-ofmipd-queue
and qmail-qfilter-smtpd-queue but requires an environment variable
pointing to a config file (QMAILQUEUEFILTERS) rather than
hardcoding one.
- Leave qmail-qfilter-ofmipd-queue and qmail-qfilter-smtpd-queue as
thin wrappers around qmail-qfilter-queue, logging what the sysadmin
needs to do.
Changes since version 1.10.1:
+ inotify is used for local mailbox monitoring on Linux. Configuration flag
--disable-filemonitor turns this off.
+ OAUTHBEARER support for IMAP, SMTP and POP via
$imap_oauth_refresh_command, $smtp_oauth_refresh_command, and
$pop_oauth_refresh_command.
! $pgp_timeout and $smime_timeout support 32-bit numbers.
+ <check-stats> manually updates mailbox statistics, the same way
$mail_check_stats does when set.
! Thread limited views, e.g. ~(pattern), now show new mail as it arrives.
! Command line argument -z and -Z options also work for IMAP mailboxes.
+ $imap_condstore and $imap_qresync enable IMAP CONDSTORE and QRESYNC
support, respectively. QRESYNC should provide much faster mailbox opening.
! $abort_noattach skips quoted lines (as defined by $quote_regexp and
$smileys).
! Initial IMAP header downloading can be aborted with ctrl-c.
+ <compose-to-sender> composes a message to the sender of the selected
message, in the index or attachment menu.
! Address book queries ($query_format) now support multibyte characters.
+ Finnish translation.
! pgpring has been renamed to mutt_pgpring.
! Certificate prompts show sha-256 instead of md5 fingerprints.
! Non-threaded $sort_aux "reverse-" settings now work properly.
+ The manual can be generated and installed in GNU Info format.
+ index-format-hook and the new %@name@ expando for $index_format enable
dynamic index formats using pattern matching against the current message.
This can be used, for example, to format dates based on the age of
the message.
! Relative date matching allows hour, minute, and second units: HMS.
authup. Changes:
- fixsmtpio: Set FIXSMTPIOTLS in the environment when TLS has been negotiated.
When upgrading, be sure to add _this_ entry to control/fixsmtpio:
# Remove greeting for child process restarted after upgrading to STARTTLS
FIXSMTPIOTLS:greeting::2*::
- fixsmtpio: Fix "out of memory" errors with big attachments by handling
DATA specially (no parsing or copying).
- FIXSMTPIODEBUG: log our pid and child's basename and pid.
- fixsmtpio: Ensure STARTTLS resets all state by restarting qmail-smtpd.
When upgrading, be sure to add this entry to control/fixsmtpio:
# Remove greeting for child process restarted after upgrading to STARTTLS
SSL_CIPHER:greeting::2*::
- NOFIXSMTPIO: new environment variable to perform no filtering.
- FIXSMTPIODEBUG: prefix program name to log messages.
- Compile as C99.
- Have die_nomem() log two levels of call stack.
- Have get_one() log one caller further.
- Avoid extern in declarations.
- Empty next_pile and free event when done.
- Use acceptutils' stralloc wrappers in tls_info().
- Don't call tls_info(): no point setting TLS connection environment
variables when our child has already forked.
in control/smtpplugins. Extract a "Greylisting" stanza in MESSAGE. Merge
"Local non-root users to see the queue" into previous section (and
provide qmail-qread-client in example mailer.conf to begin with).
Mention port numbers where applicable.
Enable defaults that are sensible: realrcptto in control/rcptchecks and
viruscan in control/smtpfilters.
Add fixsmtpio rules to make greylisting-spp's tempfails look more like
qmail's other messages.
Bump dependency on qmail for config-fast-pkgsrc, which is like
config-fast but lets us simulate CONF_FILES-like behavior. As before, we
install these minimal config files, and won't deinstall them. (But the
updated qmail package will.)
Bump version.
installs the generated files elsewhere, so we can simulate
CONF_FILES-like behavior. qmail-run will switch to config-fast-pkgsrc.
We'll take advantage to deinstall these config files (as well as the
three basic .qmail files in ~alias) provided they haven't been changed.
Both of these commands stop leaving leftovers in ${PKG_SYSCONFDIR}:
# pkg_add qmail && pkg_delete qmail
# pkg_add qmail-run && pkg_delete -r qmail
While here, warn if the queue directory is on a case-insensitive
filesystem. Probably not gonna work perfectly.
Bump PKGREVISION.
sensible default, we wrap it in "greylisting-spp-with-exemptions", which
lets recipient addresses and domains be exempted from greylisting by
editing control/greylist/exemptrcpt{s,hosts}.
qmailofmipd: enable user CDB by default and remove the verbiage.
qmailsmtpd: bump datalimit (seeing occasional "fixsmtpio: out of memory" in production).
Improve MESSAGE a bit more.
Bump version.
SPP-compatible qmail-rcptcheck. Create control/smtpplugins so that the
RCPTCHECK-compatible programs continue to run as before. No functional
change intended.
Bump version.
qmail-smtpd (tweaked to tolerate the absence of a config file).
The RCPTCHECK patch is a logical subset of SPP with a slightly different
interface, and conflicts with SPP. Remove RCPTCHECK.
Bump PKGREVISION.
20181108 implements STARTTLS in fixsmtpio(8). Rebase EAI patch onto
TLS-onlyremote. Switch back to upstream for RCPTCHECK, which applies
cleanly again. Bump PKGREVISION.
(obviating the need for qmail-smtpd(8) to be patched to link OpenSSL).
Make TLS configurable for submission, POP3, and now also incoming SMTP:
- "yes" (startup will fail if cert or DH params are missing)
- "no" (even if they're present, don't offer TLS)
- "auto" (the default: offer TLS iff they're present)
Mention TLS setup in MESSAGE.
Delay SMTP greeting by 2 seconds. Enable zen.spamhaus.org RBL.
Bump version.
- Add STARTTLS support to fixsmtpio(8), which needs to terminate TLS in
order to continue observing requests and responses and do its job.
- Restore missing trailing " ESMTP" in greeting.
- Fix all warnings in acceptutils code.
- Document FIXSMTPIODEBUG, UCSPITLS, and DISABLETLS.
* 3.17.1
--------
* bug fixes:
* 3.17.0
--------
* the minimum GLib requirement is now 2.28.
* the mimimum GTK+2 requirement is now 2.24.
* nettle is now required, following removal of libcrypt from glibc.
* explicit use of --disable-gnutls is now required if gnuTLS support
is not required.
* SOCKS proxy support has been added.
Global settings can be found on the Mail Handling/Proxy page.
This can be overridden by Account settings on the new Proxy page.
* Accounts can now have their own auto-check intervals, or follow the
global interval.
* in the options for 'default selection when entering a folder',
'first [...]' has been renamed to 'oldest [...]', and
'newest [...]' items have been added.
* Message List: when changing sort key by clicking column header,
the sort direction is now preserved
* Message View: keypress handling for scrolling, (PgUp/Down, Space,
Backspace), has been improved.
* the Network Log now displays output from LDAP operations.
* "Go to last error" has been added to the Log Window context menu.
* Filtering/Processing: "mark_as_spam" is no longer a final action,
since it does not move the marked message.
* Filtering/Processing: Resent-From and Resent-To have been added in
Any/All header(s) (in Address Book) matcher rules.
* when a Return-Receipt request is received by an unknown address,
the user is now required to choose which Account to send it from.
* Colour Labels: confirmation is asked for when clearing or
overriding existing colour labels.
* Address Book: basic contact merging has been added.
* NetworkManager support: ported from libnm-util/libnm-glib to libnm.
* Dillo plugin: this HTML rendering plugin is now once again
available.
* RSSyl plugin: the modified time is no longer considered when
matching deleted items.
* RSSyl plugin: Handle 404 and other fetch failures better.
* Attachment Remover plugin: the user is now notified about what has
been done when processing multiple selections.
* SpamAssassin plugin: added support for compression (the server must
have compression enabled, and the local spamc too).
* SpamAssassin plugin: disabled SSLv3.
* when using the hidden preference, hide_timezone, the time in the
Date header is converted to UTC.
* various other UI improvements.
* many behind-the-scenes improvements.
* bug fixes:
* 3.16.0
--------
* Preferences: for the 'default selection on entering a folder' on
the Display/Summaries page, the first new, first unread, and first
marked message options are now sort-order aware.
* Preferences: the previously hidden preference to 'Warn when sending
to more recipients than []' has been added to the
Mail Handling/Sending page.
* Preferences: Toolbars/Compose window: Sign/Encrypt toggle buttons
can been added to the toolbar.
* Preferences: Fancy Plugin: allow stylesheet file/folder names to
have spaces in them.
* Account Preferences: a 'Show password' checkbox has been added next
to the password fields.
* Account Preferences: the OpenPGP and S/MIME preferences have been
split into two separate pages.
* Account Preferences: newline characters are disallowed in account
usernames and passwords, and warnings are shown to the user if this
is attempted.
* Compose: more UTF-8 list-item characters have been added.
* Address book: a 'Show password' checkbox has been added next to the
LDAP server 'bind password' field.
* GPG: full key/signature fingerprints are now shown instead of the
short versions.
* SSL Certificate Manager: added support for ipv6 addresses.
* NNTP: Fetch XOVER and XHDR data in batches of 5000 and use the
statusbar progress meter when opening/refreshing a NNTP folder.
* CLI: the --insert option has been added to --compose, to allow
inserting files from the command line.
* Plugins window: keyboard shortcuts to Load/Unload buttons have
been added.
* PDF Viewer Plugin: a print button has been added.
* The HTML parser now supports all entities.
* Tools: a simple bash completion helper has been added,
tools/bash_completion/claws-mail.
* Bug fixes:
* 3.15.1
--------
* Bug fixes:
* 3.15.0
--------
* More granular options on when to open a selected message have been
added. There are now several checkboxes on the Display/Summaries
page of the Preferences which allow a greater flexibility.
* Compose window: Show the total size of attachments on the
Attachments tab.
* Compose window: Bcc has been added to the headers drop-down list.
* Folder list: Top-level folders can now be copied. They are created
as regular folders in the target mailbox.
* Folder selection dialogue: Left/right keys collapse/expand rows.
Further keypress will move the cursor to parent or first child,
respectively.
* Menu items: 'Mark all unread [recursively]' has been added to the
folder context menu, message list menu, and the main window menu
and toolbar.
* Toolbar actions: Mark, Unmark, Lock, Unlock, Mark [all] read, Mark
[all] unread, Ignore Thread, Watch Thread, and Delete Duplicate
Messages have been added to the main window toolbar's Actions list.
* Account compose signature: The value of the signature file now
takes a path relative to the user's home directory in addition to a
full path.
* Icon Themes: Support for SVG themes with icon scaling capabilities
has been added. This requires libRSVG 2.40.5 or newer.
* Hidden preferences: colours for specifying Tags, QuickSearch, and
auto-filled header values have been added, both foreground and
background. Respectively, tags_color, tags_bgcolor,
qs_active_color, qs_active_bgcolor, qs_error_color,
qs_error_bgcolor, default_header_color, and default_header_bgcolor.
* Hidden preferences: warn_sending_many_recipients_num, if greater
than zero, a warning dialogue is shown when the number of
recipients exceeds the number given.
* GData plugin: This plugin now requires libgdata version 0.17.2 or
newer.
* TNEF parser plugin: This plugin now uses an external libytnef.
* vCalendar plugin: This plugin now uses an external libical, version
2.0.0 or newer is required.
* Mail Archiver plugin: - updated to support some of the compression
formats up to libarchive 3.2.2
* Several minor UI improvements.
* Bug fixes:
New Features:
* Added --dump-mail option.
* Added --xclient-delim, --xclient-destaddr, --xclient-destport,
--xclient-no-verify, and --xclient-before-starttls options.
Notable Changes:
* XCLIENT can now send multiple XCLIENT requests. Because of this,
--xclient and --xclient-ATTR values are no longer merged into one
string. This breaks previously documented behavior.
* Numerous improvements to the output of --dump and --dump-as-body,
including the ability to limit output by section, layout improvements,
adding missing options to output, and fixing bugs.
Notable Bugs Fixed:
* Fixed bug preventing Proxy from working with --tls-on-connect.
* XCLIENT is now sent after STARTTLS to match with Postfix's expectations.
* Fixed bug which could allow mail sending to proceed without a valid
recipient.
* Replacing a multi-line header via --header or --h-HEADER now replaces
the entire header, not just the first line.
* The option for specifying the local port was documented as --local-port
but implemented as --lport. Both are now documented and implemented.
* Fixed two bugs which prevented interactions between --dump,
--auth-hide-password, --dump-as-body, and --dump-as-body-shows-password
from producing consistent output.
the tag; for instance, "nbqmailofmipd" becomes "nbqmail/ofmipd". Vaguely
redolent of Postfix, and easier to glance at logs now that just about
everything runs similarly from rc.d. Turn off sslserver verbosity by
default. Bump version.
- removed a trailing dot element from @INC, as a workaround for a perl
vulnerability CVE-2016-1238;
- amavis-services: bumping up syslog level from LOG_NOTICE to LOG_ERR
for a message "PID <pid> went away", and removed redundant newlines
from some log messages;
- safe_decode() and safe_decode_utf8(): avoid warning messages
"Use of uninitialized value in subroutine entry"
in Encode::MIME::Header when the $check argument is undefined;
- @sa_userconf_maps has been extended to allow loading of per-recipient
(or per- policy bank, or global) SpamAssassin configuration set from
LDAP. For consistency with SQL a @sa_userconf_maps entry prefixed with
'ldap:' will load SpamAssassin configuration set using the
load_scoreonly_ldap() method; a patch by Atanas Karashenski;
- add some Sanesecurity.Foxhole false positives to the default
list @virus_name_to_spam_score_maps;
- updated some comments;
+++
also add a patch to make it run with perl 5.28 without complaints
about regex syntax
- when users specify an SSL version that no longer exists in the Python
ssl module, do not result in an unhandled exception. Thanks: "nandre".
- catch IMAP UNAVAILABLE temporary error during login. Thanks:
Dario Corti.