Add ruby-actionmailer52 version 5.2.2 package.
Action Mailer is a framework for designing email-service layers. These layers
are used to consolidate code for sending out forgotten passwords, welcome
wishes on signup, invoices for billing, and any other use case that requires
a written notification to either a person or another system.
Action Mailer is in essence a wrapper around Action Controller and the
Mail gem. It provides a way to make emails using templates in the same
way that Action Controller renders views using templates.
Additionally, an Action Mailer class can be used to process incoming email,
such as allowing a weblog to accept new posts from an email (which could even
have been sent from a phone).
This is for Ruby on Rails 5.2.
Changelog:
60.5.1
Fixed
CalDav access to some servers not working
#CVE-2018-18500: Use-after-free parsing HTML5 stream
#CVE-2018-18505: Privilege escalation through IPC channel messages
#CVE-2016-5824: DoS (use-after-free) via a crafted ics file
#CVE-2018-18501: Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5
60.5.0
New
FileLink provider WeTransfer to upload large attachments
Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user inferface: [+] button to select a file an add, [-] to remove.
More search engines: Google and DuckDuckGo available by default in some locales
During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol.
Fixed
Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on
Crash when using custom sound for new email notification
WebExtension-based dictionaries from addons.mozilla.org not working in Thunderbird
Calendar: Printing of calendars not working
#CVE-2018-18356: Use-after-free in Skia
#CVE-2019-5785: Integer overflow in Skia
#CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D
#CVE-2018-18509: S/MIME signature spoofing
4.92:
New features include:
- ${l_header:<name>} expansion
- ${readsocket} now supports TLS
- "utf8_downconvert" option (if built with SUPPORT_I18N)
- "pipelining" log_selector
- JSON variants for ${extract } expansion
- "noutf8" debug option
- TCP Fast Open support on MacOS
Maintain a folder which has its messages stored on a remote server. The
communication between the client application and the server is implemented using
the IMAP4 protocol. This class uses Mail::Transport::IMAP4 to hide the transport
of information, and focusses solely on the correct handling of messages within a
IMAP4 folder. More than one IMAP4 folder can be handled by one single IMAP4
connection.
Notmuch 0.28.2 (2019-02-17)
===========================
Emacs
-----
Invoke gpg with --batch and --no-tty.
Python Bindings
---------------
Fix documentation build with Python 3.7. Note that Python >= 3.3 is
now needed to build this documentation.
Maintain a folder which has its messages stored on a remote server. The
communication between the client application and the server is implemented using
the POP3 protocol. This class uses Mail::Transport::POP3 to hide the transport
of information, and focusses solely on the correct handling of messages within a
POP3 folder.
Maintain a folder which has its messages stored on a remote server. The
communication between the client application and the server is implemented using
the IMAP4 protocol. This class uses Mail::Transport::IMAP4 to hide the transport
of information, and focusses solely on the correct handling of messages within a
IMAP4 folder. More than one IMAP4 folder can be handled by one single IMAP4
connection.
Mail::Transport extends Mail::Transport implement sending and/or receiving of
messages, using various protocols.
Mail::Transport::Send extends this class, and offers general functionality for
send protocols, like SMTP. Mail::Transport::Receive also extends this class, and
offers receive method. Some transport protocols will implement both sending and
receiving.
Upstream changes:
version 3.006: Fri 15 Feb 09:01:51 CET 2019
Fixes:
- MailDir warns about repeat count, since last release added 'use
warnings' to the file. [Keita Jamadam] github issue #2
- mbox parsing failed on changing handling of blank lines by Mail::Message
rt.cpan.org#128513 [Gregor Herrmann] + [cpantesters]
Upstream changes:
version 3.008: Mon 11 Feb 12:30:40 CET 2019
Fixes:
- test with windows path [cpantesters]
- when a message gets coerced, its components should not be delayed [fany]
- date fields recognizing 2-digit years [Andrew Beverley]
Improvements:
- failing AUTOLOAD on ::Body gives unclear error
- dates after 2030 for message separator in mbox
* New tool msearch to wrap several mail indexers.
* New zsh completion _mblaze.
* mnext/mprev were removed (you can call `mless +`/`mless -`).
* The GnuPG tools in contrib/ now use gpg2.
* mshow exits with error if it could not extract all attachments
* mrep: add -noquote to disable quoting the message replied to
* mdeliver: keep permissions of messages
* mcom: aborting the editor is now more like delete than cancel
* mcom: add -send to send directly without editing
* mcom: check if mail is formatted sensibly
* mpick: new flag -v for statistics
* mscan: new flag -v for statistics
* magrep: add -h, which is like -p but doesn't print the file name
* mscan: prioritize displaying trashed mail over other markers
* mpick: fix off-by-one in expression parsing
* Many bug fixes
Upstream changes:
0.06 2019-01-02
- Changes to address CVE-2018-18898 which could allow DDoS-type attacks.
Thanks to Lukas Kramer for reporting the issue and Alex Vandiver for
contributing fixes.
- Fix pathological backtracking for unkown regex
- Fix pathological backtracking in obs-phrase(i.e. obs-display-name)
- Fix pathological backtracking in cfws, quoted strings
Enigmail 2.0.9
Released 2018-10-09, works with Thunderbird 60.0.
Notable Changes
This release addresses a security issue and solves a few regression bugs.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.8
Released 2018-08-04, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses a security issue and solves a few regression bugs.
Bugs fixed:
A security issue has been fixed that allows an attacker to prepare a plain, unauthenticated HTML message in a way that it looks like it's signed and/or encrypted.
Check the full list of fixed defects.
Enigmail 2.0.7
Released 2018-06-13, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several critical security bugs.
Bugs fixed:
Spoofing of Email signatures I (CVE-2018-12020): GnuPG 2.2.8 fixed a security bug that allows remote attackers to spoof arbitrary email signatures via the embedded "--filename" parameter in OpenPGP literal data packets. This release of Enigmail prevents the exploit for all versions of GnuPG, i.e. also if GnuPG is not updated.
Spoofing of Email signatures II (CVE-2018-12019): The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.
Mozilla crash bug 1423895: if Enigmail is installed on Thunderbird 60b7 together with the Add-Ons "CardBook", "QuickFolders" (and possibly other Add-Ons), then Thunderbird will crash as soon as an Enigmail-specific window is opened. This version implements a workaround for the Mozilla bug.
Enigmail 2.0.6
Released 2018-05-27, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses a vulnerability that would allow an attacker to make a victim respond to a partially encrypted message and thus reveal protected information.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.5
Released 2018-05-21, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release implements a fix that prevents any form of the Efail vulnerability and similar attacks. We recommend to upgrade to this version as soon as possible.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.4
Released 2018-05-16, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release implements two workarounds to prevent from Efail vulnerabilities. We recommend to upgrade to this version as soon as possible.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.3
Released 2018-05-08, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several defects, including a crash when accessing encrypted forwarded messages.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.2
Released 2018-04-12, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses some regressions found in version 2.0/2.0.1.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.1
Released 2018-04-02, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several defects found in version 2.0.
Bugs fixed:
S/MIME signing/encryption not working correctly, if Enigmail is not enabled for an account
Emails fail to decrypt if the sender address contains brackets
Autocrypt-headers may flip manually created per-recipient rules
The key manager does not load if no key on the keyring
Check the full list of fixed defects.
Enigmail 2.0
Released 2018-03-25, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
The Encryption and Signing buttons now work for both OpenPGP and S/MIME. Enigmail will chose between S/MIME or OpenPGP depending on whether the keys for all recipients are available for the respective standard.
Support for Pretty Easy Privacy (p≡p) is implemented in Enigmail. p≡p is active by default for new users.
Support for the Autocrypt standard, which is now enabled by default. If Enigmail is used in the "classical mode" (with p≡p disabled) then Autocrypt is enabled by default.
Support for Web Key Directory (WKD) is implemented. Enigmail will try to download unavailable keys during message composition from WKD. If you use GnuPG 2.2.x, and your provider supports the Web Key Service protocol, you can also use Enigmail to upload your key to WKD.
The message subject can now be encrypted and replaced with a dummy subject, following the Memory Hole standard for protected Email Headers.
The keys on the keyring are automatically refreshed from keyservers at an irregular interval.
Enigmail was turned into a "restartless" addon. That is, once you installed Enigmail 2.0, subsequent updates will be installed without needing to restart Thunderbird.
Keys are internally addressed using the fingerprint instead of the key ID.
The minimum GnuPG version supported is now 2.0.16.
Cygwin-versions of GnuPG are no longer supported.
Bugs fixed
Many bugs were fixed. Check the list of fixed defects.
Notmuch 0.28.1 (2019-02-01)
===========================
Build System
------------
`configure` no longer uses the special variable BASH, as this causes
problems on systems where /bin/sh is bash.
pkgsrc changes:
- Remove no longer needed patches
Changes:
2.0
---
- Remove Courier support
- Add `ignore-errors' flag to ignore possible delivery errors and continue to
the next mail
- Add a `lock-timeout' option to customize default 10 seconds timeout
- Add support for STARTTLS on IMAP and POP3
- Disable OpenSSL insecure stuff enabled by default and introduce a `insecure'
flag to replace `no-tls1'
- Add support for newer OpenSSL
- Use SNI extension (fixes some servers when OpenSSL supports TLS 1.3)
- Misc bug fixes and improvements
- experimental: when SSL SNI support is present in the underlying Python
(and OpenSSL), send SNI by default in the SSL setup. This should work
around Gmail's brokenness with TLSv.1.3 connections when SNI is not sent.
Changes:
1.8.3
-----
This version fixes a security problem that affects version 1.8.2
(older versions are not affected): when the new default value system
for tls_trust_file is used, the result of certificate verification
was not properly checked.
v2.3.4.1 2019-02-05 Aki Tuomi <aki.tuomi@open-xchange.com>
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
trusted certificate with missing username field
(ssl_cert_username_field), under some configurations Dovecot
mistakenly trusts the username provided via authentication instead
of failing.
* ssl_cert_username_field setting was ignored with external SMTP AUTH,
because none of the MTAs (Postfix, Exim) currently send the
cert_username field. This may have allowed users with trusted
certificate to specify any username in the authentication. This bug
didn't affect Dovecot's Submission service.
* pkgsrc change: add "USE_LANGUAGES= # none" line.
Version 2.7.1 (2018-10-13)
Compatibility:
* Restore LF=>CRLF conversions for properly encoded non-binary emails. (rubys)
* Gracefully parse certain invalid Content-Type headers. (rafbm)
* Support `x-uue` transfer encoding as uuencoding. (jkraemer)
Features:
* Expose Mail::Field#unparsed_value to read the raw field value, before
parsing. (Tensho)
Performance:
* Speed up message encoding, especially with large attachments. (dalibor)
Bugs:
* Fix transfer encoding when message encoding is blank. (jakubonty, saks)
* Fix 7bit/base64 content transfer encoding mismatch. (ahorek)
* Fix UTF-8 attachment filename quoting. (ahorek)
* Fix `delete_all` using a readonly IMAP connection. (kimromi)
7.99.1 subject MIME handling bug fixed.
Sep 8, 2018, we have merged the following branch
feature/utf8-mime-header-handling [2b9052aa..b9c2f6c2] into
the master. XXX Mail::Message::ToHTML is broken. XXX
Mail::Message::Outline may be broken.
Also, we note that this is the initial point to release
engineering process toward the release 8.0.0.
(XXX)
We plan to move non-core modules related on the mailing list
core to aux/ (newly created) or 3rdparty/fml.org/FEATURE/ (as
examples how to use at ./3rdparty/ directory).
In my environment, the build was trying and failing to download the
docbook xhtml files and then generating an empty manual.txt when
lynx was not found.
Bump PKGREVISION to be on the safe side.
While here, make it easier to use envdir by prepending to
${qmailfoo_postenv} rather than appending.
At least one Linux shell needs "--" between greetdelay and rblsmtpd, and
this doesn't break NetBSD.
Bump version.
Changes:
Version 1.8.2:
- To simplify TLS setup, the tls_trust_file command has a new default value
'system' that selects the system default trust. Now you just need tls=on to
use TLS; the other TLS options are only required in special cases.
To make this work without breaking compatibility with older msmtp versions,
tls_fingerprint now overrides tls_trust_file, and tls_certcheck=off overrides
both (previously, you could not specify contradicting options).
- To simplify setup, a new option '--configure <mailaddress>' was added that
automatically generates a configuration file for a given mail address.
However, this only works if the mail domain publishes appropriate SRV records.
Version 1.8.1:
- Fixed our TLS code to support TLS 1.3 with GnuTLS.
when the system clock is set to TAI (and a libtai dependency to get
leapsecs.dat). While here, catch up to his latest maildiruniq patch.
Let an installed ucspi-tcp6 satisfy the ucspi-tcp dependency for
non-'inet6' builds.
Bump PKGREVISION.
Changelog:
new
WebExtensions FileLink API to facilitate FileLink add-ons. For the future
version Thunderbird 60.5.0: WeTransfer will be included in Thunderbird 60.5.0
and the Dropbox add-on will be compatible with Thunderbird 60.5.0.
fixed
Decoding problems for messages with less common charsets (cp932, cp936)
fixed
New messages in the drafts folder (and other special or virtual folders)
will no longer be included in the new messages notification
Upstream changes:
version 3.40: Thu Dec 6 01:44:16 UTC 2018
- rt.cpan.org#122373 support IPv6 by using IO::Socket::IP over IO::Socket::INET
[Gilles Lamiral and Mark Overmeer]
- rt.cpan.org#127103 flags() undef value as an ARRAY reference on a bogus message
[Gilles Lamiral]
- rt.cpan.org#124523 update examples/populate_mailbox.pl timegm usage
[Bernhard M. W.]
- t/capability.t: added first set of tests
- t/quota.t: minor fix when tests skipped
Upstream changes:
1.912 2018-12-31 13:46:22-05:00 America/New_York
- include the doc updates from 1.911 changelog, oops!
1.911 2018-12-22 11:30:28-05:00 America/New_York
- just like 1.910, but with doc updates and undeprecation by Jim Brandt
1.910 2018-12-17 21:27:28-05:00 America/New_York (TRIAL RELEASE)
- update parsing to mitigate pathological cases (thanks, sunnavy!)
Mozilla Thunderbird is a redesign of the Mozilla mail component. The
goal is to produce a cross platform stand alone mail application using
the XUL user interface language. This version uses the gtk2 toolkit.
Changelog:
60.3.3:
mitigated
Thunderbird 60 will migrate security databases (key3.db, cert8.db to
key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault
that potentially deleted saved passwords and private certificate keys
for users using a master password. Version 60.3.3 will prevent the loss
of data; affected users who have already upgraded to version 60.3.2 or
earlier can restore the deleted key3.db file from backup to complete
the migration.
fixed
Address book search and auto-complete slowness introduced in
Thunderbird 60.3.2
Plain text markup with * for bold, / for italics, _ for underline and |
for code did not work when the enclosed text contained non-ASCII
characters
While composing a message, a link not removed when link location was
removed in the link properties panel
60.3.2:
fixed
Under some circumstances Thunderbird on Mac will send attachments using
the so-called AppleDouble format which can lead to problems with mail
servers and recipients
Encoding problems when exporting address books or messages using the
system charset. Messages are now always exported using the UTF-8 encoding.
If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was
displayed. Now using date from "Received" header instead.
Body search/filtering didn't reliably ignore content of tags
Inappropriate warning "Thunderbird prevented the site
(addons.thunderbird.net) from asking you to install software on your
computer" when installing add-ons
Incorrect display of correspondents column since own email address was
not always detected
Spurious 
 (encoded newline) inserted into drafts and sent email
New email not inserted in correct sort order in threaded unified view
or search folder
60.3.1:
fixed
Double-clicking on a word in the Write window sometimes launched the
Advanced Property Editor or Link Properties dialog
Cookie removal (not working since Thunderbird version 52)
"Download rest of message" not working if global inbox was used
Encoding problems for users (especially in Poland) when a file was sent
via a folder using "Sent to > Mail recipient" due to a problem in the
Thunderbird MAPI interface
According to RFC 4616 and RFC 5721, passwords containing non-ASCII
characters are encoded using UTF-8 which can lead to problems with
non-compliant providers, for example office365.com. The SMTP LOGIN
and POP3 USER/PASS authentication methods are now using a Latin-1
encoding again to work around this issue.
Shutdown crash/hang after entering an empty IMAP password
60.3.0:
fixed
Various Theme fixes where incorrect colors, backgrounds, etc. were
displayed
Add-on Options menu not working on Mac
Shift+PageUp/PageDown in Write window
Saving content of Write windows didn't overwrite existing file
Issues related to "Edit Template" command
Gloda attachment filtering
Mailing list address auto-complete enter/return handling
Thunderbird hung if HTML signature references non-existent image
Filters not working for headers that appear more than once
Various security fixes
Secirity fixes:
#CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
#CVE-2018-12392: Crash with nested event loops
#CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
#CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3
#CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3
60.2.1:
Changed
Calendar: Default values for the first day of the week and working days
are now derived from the selected datetime formatting locale (restart
after changing locale in the OS required)
Calendar: Switch to a Photon-style icon set for all platforms
Multiple requests for master password when Google Mail or Calendar
OAuth2 is enabled
Scrollbar of the address entry auto-complete popup does not work
Security info dialog in compose window does not show certificate status
Links in the Add-on Manager's search results and theme browsing tabs
open in external browser
Localized versions of Thunderbird didn't show a localized name for
the "Drafts" and "Sent" folders for certain IMAP providers
(particularly in France)
Replying to a message with an empty subject inserted Re: twice (not
working in Thunderbird 60.0)
Spellcheck marks disappeared erroneously for words with an apostrophe
(not working in Thunderbird 60.0)
Calendar: First day of the week cannot be set
Calendar: Several fixes related to cutting/deleting of events and email
scheduling
Various security fixes
Security fixes:
#CVE-2018-12377: Use-after-free in refresh driver timers
#CVE-2018-12378: Use-after-free in IndexedDB
#CVE-2018-12379: Out-of-bounds write with malicious MAR file
#CVE-2017-16541: Proxy bypass using automount and autofs
#CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
#CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords
#CVE-2018-12376: Memory safety bugs fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1
60.0:
new
When writing a message, a delete button now allows the removal of a
recipient. This delete button is displayed when hovering the To/Cc/Bcc
selector.
Many improvements to attachments handling during compose: Attachments
can now be reordered using a dialog, keyboard shortcuts, or drag and
drop. The "Attach" button moved to the right to be above the attachment
pane. The access key of the attachment pane (e.g. Alt+M, may vary
depending on localization, Ctrl+M on Mac) now also works to show or
hide the pane. The attachment pane can also be shown initially when
composing a new message. Right-click on the header to enable this
option. Hiding a non-empty attachment pane will now show a placeholder
paperclip to indicate the presence of attachments and avoid sending
them accidentally.
"Edit Template" command. This also solves various problems when saving
as template (duplicates created, message ID lost).
"New Message from Template" command
Allow changing the Spellcheck Language from status bar
Light and Dark themes
WebExtension themes are now enabled in Thunderbird
A default startup directory in the address book window can now be
configured
Individual feed update interval
An option under "Tools > Options, Advanced, General" now allows to
select whether date/time display will follow the application locale
(adjusted by operating system's format settings for that locale) or
the locale selected in the operating system's regional settings.
In other words, an US English Thunderbird can use, for example,
German formats.
OAuth2 authentication for Yahoo and AOL
FIDO U2F support
Thunderbird now allows the conversion of folders from mbox to maildir
format and vice versa. This is an experimental feature that needs to
be enabled by setting the preference mail.store_conversion_enabled.
Note that this functionality does not not work if the option "Allow
Windows Search/Spotlight to search messages" is selected.
Calendar: Allow copying, cutting or deleting of a selected occurrence
or the entire series for recurring events
Calendar: Provide an option to display locations for events in calendar
day and week views
Calendar: Provide the ability for sending/not sending meeting
notifications directly instead of showing a popup
Calendar: Option to select the target calendar when pasting an event
or task
Calendar: Allow email scheduling for CalDAV servers supporting
server-side scheduling
Thunderbird Chat now contains multiple built-in message themes
changed
IMPORTANT: Add-ons not marked as compatible with Thunderbird 60
by their authors will be disabled (this can be reverted via preference
extensions.strictCompatibility)
IMAP: When after sending a message storing that sent message fails,
the message can now be stored in a local folder
Add-on options can no longer be configured from the Add-on Manager page.
A new menu item "Add-on Options" is now available on the Tools menu.
When messages are composed in paragraph format, "body text" and split
mail quotes are converted to paragraphs when pressing the enter key
"Edit As New Message" will now use the account's default compose format,
either HTML or plain text ignoring the format of the message. Plain
text messages will be converted to HTML and vice versa. Then using
the modifier, the format choice will be reverted.
The "Edit Draft" command now also honors the use of the shift key to
convert HTML to plain text or vice versa when editing a draft
The plain text to HTML conversion has been improved where such a
conversion is necessary for "Edit As New Message" or when the shift
modifier is used for "Edit Draft" or "New Message from Template".
During address entry, the matching part of the address is now shown in
bold. Preference mail.autoComplete.commentColumn allows to display
the address book where the address is stored.
When attaching a message via drag and drop, the subject of the message
is now used as attachment name instead of "Attached Message"
Better address book photo handling: Photos can be added by drag and
drop and a copy of all photos will be stored in the Thunderbird profile
On first start, Thunderbird now shows the account setup dialog, no longer
the account provisioner dialog
Thunderbird follows Firefox' Photon design with rectangular tabs and
many other theme improvements
When customizing the From: address, Thunderbird will now use this address
for the SMTP "MAIL FROM" command. Previously the address configured
in the identity was used. The preference
mail.smtp.useSenderForSmtpMailFrom allows return to the previous
behavior.
Native notifications on Linux are now re-enabled
Thunderbird now uses Mozilla's latest proxy technology (add-on FoxyProxy
now supported)
Thunderbird now uses the latest Rust-based Mozilla technology, including
Quantum's CSS engine (based on Servo) and encoding_rs, for displaying
and encoding messages
All certificates issued by Symantec roots before 2016-06-01 are
distrusted for use in TLS secured traffic in Thunderbird 60 and above.
This applies to all brands Symantec operated: Thawte, RapidSSL,
GeoTrust, Verisign, and Symantec. For usage in S/MIME the certificates
remain valid. Details here.
Calendar: Removal of capability to send email invitations compatible
to Outlook 2002 and earlier
Calendar: Reminders on read-only calendars can now be dismissed, while
reminders for missed events will now only be displayed for writable
calendars if option "Show missed reminders for writable calendars" is
selected
Thunderbird Chat: Nicknames inside of messages are colored to match
the participants list
fixed
When many Thunderbird clients or other email clients accessed the same
IMAP draft folder, messages were sometimes sent with the wrong
identity. This has been corrected and the user will be notified if
none of their identities matches the draft.
Various problems related to handling the IMAP trash folder: Under
certain circumstances the selection of the trash folder didn't persist,
for example when the name contained non-ASCII characters, or in
localized versions of Thunderbird. At times unwanted adtext menu behavior
Better error handling for Gmail authentication to avoid re-downloading
of folders
Thunderbird used a stale cached password after user edited a saved
password
Calendar: Wrong time formatting for some time zones
Calendar: Can't copy information from event dialog for received invitations
Various security fixes
Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12361: Integer overflow in SwizzleData
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60
#CVE-2018-5188: Memory sa60
- ucspi-ssl and ucspi-tcp6 correctly dual-stack v4/v6 on NetBSD, so we
can go back to "0" (instead of "0.0.0.0") as the default host to
listen on.
- FreeBSD's /bin/sh needs continuation characters to understand what
we're assigning to `command` in foo_precmd(). This seems sensible and
doesn't break NetBSD.
Bump version.
Changes for all supported stable releases:
* Support for OpenSSL 1.1.1, and support for TLSv1.3-specific
features.
- Updated Postfix TLS documentation examples for TLSv1.3. See
FORWARD_SECRECY_README.
- New TLSv1.3-specific attributes in Postfix logging and in
Postfix "Received:" message headers: key exchange, server
signature, client signature.
- New option to selectively disable TLSv1.3 in *_tls_protocols
settings.
- New server-side support to avoid issuing multiple session
tickets.
- New support to allow OpenSSL >= 1.1.0 run-time micro version
bumps without logging Postfix warnings about library version
mismatches.
Fixed in all stable releases:
* Bugfix: smtpd_discard_ehlo_keywords could not disable "SMTPUTF8",
because some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
* Bugfix: minor memory leak in DANE support when minting issuer
certs. This affects a tiny minority of use cases.
Fixed in Postfix 3.3.2:
* Bugfix: the Postfix build did not abort if the m4 command was
not installed, resulting in a broken postconf command.
Comment out qmail-qfilter-viruscan in control/smtpfilters. It's not a
very precise tool, so the cost (false positives) probably outweighs the
benefit (blocked malware attachments) for many users.
Also not a sensible default: rejecting incoming mail on SPF
explicit-fail. This needs to be an admin decision because, among other
reasons, it would also reject messages forwarded through servers that
haven't configured SRS. Document SPF setup, including how to reject
(with this caveat) and how to greylist SPF explicit-pass (which would
otherwise be exempted from greylisting).
Rename greylisting-spp-with-exemptions to greylisting-spp-wrapper. Add a
feature: to effectively omit IP from the (IP,sender,recipient) tuple,
add GL_WRAPPER_TCPREMOTEIP="127.127.127.127" to control/tcprules/smtp.
rc.d scripts:
- Location of tcprules file is configurable
- By default, CDB is auto-rebuilt as needed on service start
- CDB auto-rebuilding can be configured off
Bump version.
- On "fail", reject
- On "pass", skip any greylisting
- Else, accept mail as we otherwise would.
qmail-spp-spf adds a `Received-SPF:` header to all incoming messages.
Migrate ${PKG_SYSCONFDIR}/tcp.* to ${PKG_SYSCONFDIR}/control/tcprules.
Bump version.
config files. Removing them on uninstall if they haven't been changed
is already mail/qmail's job; creating them on install was being done
here, and this combination was probably responsible for `pkgin
full-upgrade` removing some config files and qmail no longer running.
Thanks to Nathan Arthur for the bug report.
Instead of running config-fast-pkgsrc here, rely on mail/qmail to do it.
For similar reasons, also expect mail/qmail to handle the three basic
aliases (root, mailer-daemon, postmaster) and QUEUE_EXTRA.
While here, set QMAILREMOTE in qmailsend_postenv in preparation for a
future update.
Bump version.
### GMime 3.2.3
* Fixed GMimeFilterBasic for uudecode.
Don't allow the outbuf to ever get set to NULL which could happen
if the begin-line had not yet been found (and thus
g_mime_filter_set_size() had never been called to allocate the
outbuf buffer).
* Fixed a bug in g_mime_uuencode_step().
* Modified GMimeParser to work around broken mailers that send base64
encoded message/rfc822 parts.
Fixes https://gitlab.gnome.org/GNOME/gmime/issues/1
* Fixed a bug in g_mime_quoted_encode_close() where it would incorrectly
end the quoted-printable output with a line containing only "=\n" even
when it is not needed.
* Improved g_mime_content_encoding_from_string(). This function no
longer requires the input string to be an exact match for "7bit",
"8bit", "base64", etc. It can now handle whitespace before and
after the value. In other words, it is now easy to use this
function on raw header values before any whitespace trimming
has been done.
* Really, really fixed the packaging to include the Vala build files.
1.1.1:
+ Added ARC specific tags for draft-ietf-dmarc-arc-protocol-18 (as of IETF
last call, still experimental), smtp.remote-ip and header.oldest-pass
When TLS 1.3 is used at least imap.gmail.com requires SNI extension
otherwise fails as follow:
certificate verification failed: self signed certificate
(This can happen with OpenSSL 1.1.1.)
Bump PKGREVISION
Notmuch 0.28 (2018-10-12)
=========================
General
-------
Improve threading
The threading algorithm has been updated to consider all references,
not just the heuristically chosen parent (e.g. when that parent is
not in the database). The heuristic for choosing a parent message
has also been updated to again consider the In-Reply-To header, if
it looks sensible. Re-indexing might be needed to take advantage of
the latter change.
Handle mislabelled Windows-1252 parts
Messages that contain Windows-1252 are apparently frequently
mislabelled as ISO 8859-1. Use GMime functionality to apply the
correct encoding for such messages.
Command Line Interface
----------------------
Support relative database paths
Database paths (i.e. parameters to `notmuch config set
database.path`) without a leading `/` are now interpreted relative
to $HOME of the invoking user.
Emacs
-----
Improve stderr handling
Add a real sentinel process to clean up stderr buffer. This is
needed on e.g. macOS.
Call `notmuch-mua-send-hook` hooks when sending a message
This hook was documented, but not functional for a very long time.
Completion
----------
The zsh completion has been updated to cover most of the notmuch
CLI. Internally it uses regexp searching, so needs at least Notmuch
0.24.
Build System
------------
The build system now installs notmuch-mutt and notmuch-emacs-mua with
absolute shebangs, following the conventions of most Linux
distributions.
Test Suite
----------
Fix certain tests that were failing with GMime 2.6. Users are reminded
that support for versions of GMime before 3.0.3 has been deprecated
since Notmuch 0.25.
### GMime 3.2.2
* Fixed packaging to include Vala files.
### GMime 3.2.1
* Fixed GMimeParser to recognize the message/global mime-type
(a UTF-8 version of message/rfc822). (issue #50)
* Updated GMime to use libidn2 instead of the older libidn
library. (issue #48)
* Fixed address quoting logic and IDN2 encoding.
The rules for quoting address names should use 'specials'
instead of 'tspecials' and when encoding domain names via
IDN2, check if the encoded domain matches the original
domain name (other than case). If they match, prefer the
non-encoded domain name since the user may have used
uppercase characters to enhance readability of the domain
name.
* Added GMIME_DECRYPT_ENABLE_ONLINE_CERTIFICATE_CHECKS and
GMIME_DECRYPT_ENABLE_KEYSERVER_LOOKUPS as possible flags to
pass to g_mime_crypto_context_decrypt(). Also added
GMIME_VERIFY_ENABLE_ONLINE_CERTIFICATE_CHECKS and
GMIME_VERIFY_ENABLE_KEYSERVER_LOOKUPS as possible flags to
pass to g_mime_crypto_context_verify().
Clients that wish to enable online certificate and/or
keyserver lookups now need to explicitly enable this
functionality.
These changes are designed to make it more difficult
for clients to be susceptible to Efail privacy exploits.
Specifically, it is meant to address the privacy concerns
regarding CRL and OCSP status check backchannels.
For more information about Efail, see https://www.efail.de/
* Fixed g_mime_message_write_to_stream() to prioritize message
headers over body headers (even when they have an offset of -1).
(issue #46)
* The GMimeParser can now warn about a number of RFC-compliance
issues that it finds when parsing messages.
* Fixed GMimeTextPart to make sure that the GMimeFilterCharset is
non-null before trying to use it. This can happen if the charset
specified in the Content-Type header is unsupported by the
iconv library.
v0.5.4:
* Adjustments to several changes in Dovecot v2.3.4 make this Pigeonhole
release dependent on that Dovecot release; it will not compile against
older Dovecot versions. And, conversely, you need to upgrade
Pigeonhole when upgrading Dovecot to v2.3.4.
* The changes regarding the default postmaster_address in Dovecot v2.3.4
mainly apply to Pigeonhole. The new default should work for all
existing installations, thereby fixing several reported v2.3/v0.5
migration problems.
- IMAP FILTER=SIEVE capability: Fix assert crash occurring when running
UID FILTER on a Sieve script with errors.
2.3.4:
* The default postmaster_address is now "postmaster@<user domain or
server hostname>". If username contains the @domain part, that's
used. If not, then the server's hostname is used.
* "doveadm stats dump" now returns two decimals for the "avg" field.
+ Added push notification driver that uses a Lua script
+ Added new SQL, DNS and connection events.
See https://wiki2.dovecot.org/Events
+ Added "doveadm mailbox cache purge" command.
+ Added events API support for Lua scripts
+ doveadm force-resync -f parameter performs "index fsck" while opening
the index. This may be useful to fix some types of broken index files.
This may become the default behavior in a later version.
- director: Kicking a user crashes if login process is very slow
- pop3_no_flag_updates=no: Don't expunge DELEted and RETRed messages
unless QUIT is sent.
- auth: Fix crypt() segfault with glibc-2.28+
- imap: Running UID FILTER script with errors assert-crashes
- dsync, pop3-migration: POP3 UIDLs weren't added to
dovecot.index.cache while mails were saved.
- dict clients may have been using 100% CPU while waiting for dict
server to finish commands.
- doveadm user: Fixed user listing via HTTP API
- All levels of Cassandra log messages were logged as Dovecot errors.
- http/smtp client may have crashed after SSL handshake
- Lua auth converted strings that looked like numbers into numbers.
new filter to add a Received header with TLS protocol and ciphers. Add
qmail-qfilter-addtlsheader to control/smtpfilters, too. Bump acceptutils
dependency to get this program.
Point to qmail-qfilter-queue in tcp.ofmip and tcp.smtp. This replaces
the formerly separate qmail-queue wrappers for ofmipd and smtpd. Bump
rejectutils dependency to get this program.
rc.d scripts:
- ofmipd, pop3d, smtpd: let a standalone TLS key file be configured
in rc.conf.
- ofmipd, pop3d: let pre- and post-checkpassword commands be configured
in rc.conf.
- pop3d: fix typo in default TLS file paths.
Bump version.
- Add qmail-qfilter-addtlsheader, a filter to add a Received header with
TLS protocol and ciphers.
- Fix spurious errors when initializing TLS environment.
- Add qmail-qfilter-queue, which is like qmail-qfilter-ofmipd-queue
and qmail-qfilter-smtpd-queue but requires an environment variable
pointing to a config file (QMAILQUEUEFILTERS) rather than
hardcoding one.
- Leave qmail-qfilter-ofmipd-queue and qmail-qfilter-smtpd-queue as
thin wrappers around qmail-qfilter-queue, logging what the sysadmin
needs to do.
Changes since version 1.10.1:
+ inotify is used for local mailbox monitoring on Linux. Configuration flag
--disable-filemonitor turns this off.
+ OAUTHBEARER support for IMAP, SMTP and POP via
$imap_oauth_refresh_command, $smtp_oauth_refresh_command, and
$pop_oauth_refresh_command.
! $pgp_timeout and $smime_timeout support 32-bit numbers.
+ <check-stats> manually updates mailbox statistics, the same way
$mail_check_stats does when set.
! Thread limited views, e.g. ~(pattern), now show new mail as it arrives.
! Command line argument -z and -Z options also work for IMAP mailboxes.
+ $imap_condstore and $imap_qresync enable IMAP CONDSTORE and QRESYNC
support, respectively. QRESYNC should provide much faster mailbox opening.
! $abort_noattach skips quoted lines (as defined by $quote_regexp and
$smileys).
! Initial IMAP header downloading can be aborted with ctrl-c.
+ <compose-to-sender> composes a message to the sender of the selected
message, in the index or attachment menu.
! Address book queries ($query_format) now support multibyte characters.
+ Finnish translation.
! pgpring has been renamed to mutt_pgpring.
! Certificate prompts show sha-256 instead of md5 fingerprints.
! Non-threaded $sort_aux "reverse-" settings now work properly.
+ The manual can be generated and installed in GNU Info format.
+ index-format-hook and the new %@name@ expando for $index_format enable
dynamic index formats using pattern matching against the current message.
This can be used, for example, to format dates based on the age of
the message.
! Relative date matching allows hour, minute, and second units: HMS.
authup. Changes:
- fixsmtpio: Set FIXSMTPIOTLS in the environment when TLS has been negotiated.
When upgrading, be sure to add _this_ entry to control/fixsmtpio:
# Remove greeting for child process restarted after upgrading to STARTTLS
FIXSMTPIOTLS:greeting::2*::
- fixsmtpio: Fix "out of memory" errors with big attachments by handling
DATA specially (no parsing or copying).
- FIXSMTPIODEBUG: log our pid and child's basename and pid.
- fixsmtpio: Ensure STARTTLS resets all state by restarting qmail-smtpd.
When upgrading, be sure to add this entry to control/fixsmtpio:
# Remove greeting for child process restarted after upgrading to STARTTLS
SSL_CIPHER:greeting::2*::
- NOFIXSMTPIO: new environment variable to perform no filtering.
- FIXSMTPIODEBUG: prefix program name to log messages.
- Compile as C99.
- Have die_nomem() log two levels of call stack.
- Have get_one() log one caller further.
- Avoid extern in declarations.
- Empty next_pile and free event when done.
- Use acceptutils' stralloc wrappers in tls_info().
- Don't call tls_info(): no point setting TLS connection environment
variables when our child has already forked.
in control/smtpplugins. Extract a "Greylisting" stanza in MESSAGE. Merge
"Local non-root users to see the queue" into previous section (and
provide qmail-qread-client in example mailer.conf to begin with).
Mention port numbers where applicable.
Enable defaults that are sensible: realrcptto in control/rcptchecks and
viruscan in control/smtpfilters.
Add fixsmtpio rules to make greylisting-spp's tempfails look more like
qmail's other messages.
Bump dependency on qmail for config-fast-pkgsrc, which is like
config-fast but lets us simulate CONF_FILES-like behavior. As before, we
install these minimal config files, and won't deinstall them. (But the
updated qmail package will.)
Bump version.
installs the generated files elsewhere, so we can simulate
CONF_FILES-like behavior. qmail-run will switch to config-fast-pkgsrc.
We'll take advantage to deinstall these config files (as well as the
three basic .qmail files in ~alias) provided they haven't been changed.
Both of these commands stop leaving leftovers in ${PKG_SYSCONFDIR}:
# pkg_add qmail && pkg_delete qmail
# pkg_add qmail-run && pkg_delete -r qmail
While here, warn if the queue directory is on a case-insensitive
filesystem. Probably not gonna work perfectly.
Bump PKGREVISION.
sensible default, we wrap it in "greylisting-spp-with-exemptions", which
lets recipient addresses and domains be exempted from greylisting by
editing control/greylist/exemptrcpt{s,hosts}.
qmailofmipd: enable user CDB by default and remove the verbiage.
qmailsmtpd: bump datalimit (seeing occasional "fixsmtpio: out of memory" in production).
Improve MESSAGE a bit more.
Bump version.
SPP-compatible qmail-rcptcheck. Create control/smtpplugins so that the
RCPTCHECK-compatible programs continue to run as before. No functional
change intended.
Bump version.
qmail-smtpd (tweaked to tolerate the absence of a config file).
The RCPTCHECK patch is a logical subset of SPP with a slightly different
interface, and conflicts with SPP. Remove RCPTCHECK.
Bump PKGREVISION.
20181108 implements STARTTLS in fixsmtpio(8). Rebase EAI patch onto
TLS-onlyremote. Switch back to upstream for RCPTCHECK, which applies
cleanly again. Bump PKGREVISION.
(obviating the need for qmail-smtpd(8) to be patched to link OpenSSL).
Make TLS configurable for submission, POP3, and now also incoming SMTP:
- "yes" (startup will fail if cert or DH params are missing)
- "no" (even if they're present, don't offer TLS)
- "auto" (the default: offer TLS iff they're present)
Mention TLS setup in MESSAGE.
Delay SMTP greeting by 2 seconds. Enable zen.spamhaus.org RBL.
Bump version.
- Add STARTTLS support to fixsmtpio(8), which needs to terminate TLS in
order to continue observing requests and responses and do its job.
- Restore missing trailing " ESMTP" in greeting.
- Fix all warnings in acceptutils code.
- Document FIXSMTPIODEBUG, UCSPITLS, and DISABLETLS.
* 3.17.1
--------
* bug fixes:
* 3.17.0
--------
* the minimum GLib requirement is now 2.28.
* the mimimum GTK+2 requirement is now 2.24.
* nettle is now required, following removal of libcrypt from glibc.
* explicit use of --disable-gnutls is now required if gnuTLS support
is not required.
* SOCKS proxy support has been added.
Global settings can be found on the Mail Handling/Proxy page.
This can be overridden by Account settings on the new Proxy page.
* Accounts can now have their own auto-check intervals, or follow the
global interval.
* in the options for 'default selection when entering a folder',
'first [...]' has been renamed to 'oldest [...]', and
'newest [...]' items have been added.
* Message List: when changing sort key by clicking column header,
the sort direction is now preserved
* Message View: keypress handling for scrolling, (PgUp/Down, Space,
Backspace), has been improved.
* the Network Log now displays output from LDAP operations.
* "Go to last error" has been added to the Log Window context menu.
* Filtering/Processing: "mark_as_spam" is no longer a final action,
since it does not move the marked message.
* Filtering/Processing: Resent-From and Resent-To have been added in
Any/All header(s) (in Address Book) matcher rules.
* when a Return-Receipt request is received by an unknown address,
the user is now required to choose which Account to send it from.
* Colour Labels: confirmation is asked for when clearing or
overriding existing colour labels.
* Address Book: basic contact merging has been added.
* NetworkManager support: ported from libnm-util/libnm-glib to libnm.
* Dillo plugin: this HTML rendering plugin is now once again
available.
* RSSyl plugin: the modified time is no longer considered when
matching deleted items.
* RSSyl plugin: Handle 404 and other fetch failures better.
* Attachment Remover plugin: the user is now notified about what has
been done when processing multiple selections.
* SpamAssassin plugin: added support for compression (the server must
have compression enabled, and the local spamc too).
* SpamAssassin plugin: disabled SSLv3.
* when using the hidden preference, hide_timezone, the time in the
Date header is converted to UTC.
* various other UI improvements.
* many behind-the-scenes improvements.
* bug fixes:
* 3.16.0
--------
* Preferences: for the 'default selection on entering a folder' on
the Display/Summaries page, the first new, first unread, and first
marked message options are now sort-order aware.
* Preferences: the previously hidden preference to 'Warn when sending
to more recipients than []' has been added to the
Mail Handling/Sending page.
* Preferences: Toolbars/Compose window: Sign/Encrypt toggle buttons
can been added to the toolbar.
* Preferences: Fancy Plugin: allow stylesheet file/folder names to
have spaces in them.
* Account Preferences: a 'Show password' checkbox has been added next
to the password fields.
* Account Preferences: the OpenPGP and S/MIME preferences have been
split into two separate pages.
* Account Preferences: newline characters are disallowed in account
usernames and passwords, and warnings are shown to the user if this
is attempted.
* Compose: more UTF-8 list-item characters have been added.
* Address book: a 'Show password' checkbox has been added next to the
LDAP server 'bind password' field.
* GPG: full key/signature fingerprints are now shown instead of the
short versions.
* SSL Certificate Manager: added support for ipv6 addresses.
* NNTP: Fetch XOVER and XHDR data in batches of 5000 and use the
statusbar progress meter when opening/refreshing a NNTP folder.
* CLI: the --insert option has been added to --compose, to allow
inserting files from the command line.
* Plugins window: keyboard shortcuts to Load/Unload buttons have
been added.
* PDF Viewer Plugin: a print button has been added.
* The HTML parser now supports all entities.
* Tools: a simple bash completion helper has been added,
tools/bash_completion/claws-mail.
* Bug fixes:
* 3.15.1
--------
* Bug fixes:
* 3.15.0
--------
* More granular options on when to open a selected message have been
added. There are now several checkboxes on the Display/Summaries
page of the Preferences which allow a greater flexibility.
* Compose window: Show the total size of attachments on the
Attachments tab.
* Compose window: Bcc has been added to the headers drop-down list.
* Folder list: Top-level folders can now be copied. They are created
as regular folders in the target mailbox.
* Folder selection dialogue: Left/right keys collapse/expand rows.
Further keypress will move the cursor to parent or first child,
respectively.
* Menu items: 'Mark all unread [recursively]' has been added to the
folder context menu, message list menu, and the main window menu
and toolbar.
* Toolbar actions: Mark, Unmark, Lock, Unlock, Mark [all] read, Mark
[all] unread, Ignore Thread, Watch Thread, and Delete Duplicate
Messages have been added to the main window toolbar's Actions list.
* Account compose signature: The value of the signature file now
takes a path relative to the user's home directory in addition to a
full path.
* Icon Themes: Support for SVG themes with icon scaling capabilities
has been added. This requires libRSVG 2.40.5 or newer.
* Hidden preferences: colours for specifying Tags, QuickSearch, and
auto-filled header values have been added, both foreground and
background. Respectively, tags_color, tags_bgcolor,
qs_active_color, qs_active_bgcolor, qs_error_color,
qs_error_bgcolor, default_header_color, and default_header_bgcolor.
* Hidden preferences: warn_sending_many_recipients_num, if greater
than zero, a warning dialogue is shown when the number of
recipients exceeds the number given.
* GData plugin: This plugin now requires libgdata version 0.17.2 or
newer.
* TNEF parser plugin: This plugin now uses an external libytnef.
* vCalendar plugin: This plugin now uses an external libical, version
2.0.0 or newer is required.
* Mail Archiver plugin: - updated to support some of the compression
formats up to libarchive 3.2.2
* Several minor UI improvements.
* Bug fixes:
New Features:
* Added --dump-mail option.
* Added --xclient-delim, --xclient-destaddr, --xclient-destport,
--xclient-no-verify, and --xclient-before-starttls options.
Notable Changes:
* XCLIENT can now send multiple XCLIENT requests. Because of this,
--xclient and --xclient-ATTR values are no longer merged into one
string. This breaks previously documented behavior.
* Numerous improvements to the output of --dump and --dump-as-body,
including the ability to limit output by section, layout improvements,
adding missing options to output, and fixing bugs.
Notable Bugs Fixed:
* Fixed bug preventing Proxy from working with --tls-on-connect.
* XCLIENT is now sent after STARTTLS to match with Postfix's expectations.
* Fixed bug which could allow mail sending to proceed without a valid
recipient.
* Replacing a multi-line header via --header or --h-HEADER now replaces
the entire header, not just the first line.
* The option for specifying the local port was documented as --local-port
but implemented as --lport. Both are now documented and implemented.
* Fixed two bugs which prevented interactions between --dump,
--auth-hide-password, --dump-as-body, and --dump-as-body-shows-password
from producing consistent output.
the tag; for instance, "nbqmailofmipd" becomes "nbqmail/ofmipd". Vaguely
redolent of Postfix, and easier to glance at logs now that just about
everything runs similarly from rc.d. Turn off sslserver verbosity by
default. Bump version.
- removed a trailing dot element from @INC, as a workaround for a perl
vulnerability CVE-2016-1238;
- amavis-services: bumping up syslog level from LOG_NOTICE to LOG_ERR
for a message "PID <pid> went away", and removed redundant newlines
from some log messages;
- safe_decode() and safe_decode_utf8(): avoid warning messages
"Use of uninitialized value in subroutine entry"
in Encode::MIME::Header when the $check argument is undefined;
- @sa_userconf_maps has been extended to allow loading of per-recipient
(or per- policy bank, or global) SpamAssassin configuration set from
LDAP. For consistency with SQL a @sa_userconf_maps entry prefixed with
'ldap:' will load SpamAssassin configuration set using the
load_scoreonly_ldap() method; a patch by Atanas Karashenski;
- add some Sanesecurity.Foxhole false positives to the default
list @virus_name_to_spam_score_maps;
- updated some comments;
+++
also add a patch to make it run with perl 5.28 without complaints
about regex syntax
- when users specify an SSL version that no longer exists in the Python
ssl module, do not result in an unhandled exception. Thanks: "nandre".
- catch IMAP UNAVAILABLE temporary error during login. Thanks:
Dario Corti.
This update includes XSS security problem.
RELEASE 1.3.8
-------------
- Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
- Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
- Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
- Fix so Classic skin splitter does not escape out of window (#6397)
- Fix XSS issue in handling invalid style tag content (#6410)
- Fix compatibility with MySQL 8 - error on 'system' table use
- Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
- New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
- Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449)
- Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
- Fix multiple VCard field search (#6466)
- Fix session issue on long running requests (#6470)
- CERTFILE needs to be set early enough for sslserver. Move it to rc.d.
UCSPITLS is application-specific and can stay in the CDB.
- Add PYMSGAUTH_TOLERATE_UNCONFIGURED to the CDB.
- Switch qmailpop3d from tcpserver+qmail-popup to sslserver+authup.
Set UCSPITLS in the CDB to require STLS before USER/PASS.
- Specify a few new required_files.
- Point more precisely at the need to inspect alias/.qmail-*.
- Bump qmail-acceptutils for integrated privsep TLS using ucspi-ssl.
- Switch qmailofmipd rc.d script to sslserver, listening on the network.
- Install control/{pop3,smtp}capabilities, as newly required by authup.
- Organize INSTALL a bit better.
- Remove all vestiges of stunnel, including further shortening MESSAGE.
- Implement SMTP "STARTTLS" and POP3 "STLS", relying on sslserver's UCSPI-TLS.
Derived from s/qmail's implementation.
- Catch up to s/qmail's base64 implementation.
- Implement POP3 "CAPA" verb for POP3.
- Require admin to describe child program in control/{pop3,smtp}capabilities.
- Fix regression from qmail-popup: sleep after auth failure for SMTP only.
- Update authup(8) manual page.
pkgsrc changes:
- Replace security/stunnel dependency with net/ucspi-ssl.
respective dependencies on spamdyke and stunnel. Depend instead on
qmail-acceptutils, which provides SMTP AUTH (and new filtering
functionality) and brings its own unconditional mess822 and stunnel
dependencies. Update rc.d scripts to match.
Use CONF_FILES instead of a bunch of open-coded INSTALL cleverness.
Clean up even better with a little DEINSTALL cleverness to remove CDB
files if their source CONF_FILES are gone.
Install sensible fixsmtpio rules and viruscan signatures.
Tighten MESSAGE. The basics have gotten pretty easy. Bump version.
patch and the AUTH patch conflict, nobody else has published a newer
hand-merged combo patch, and as it happens, I'd apparently rather
write a pile of new DJB-style C than make myself responsible for
hand-merging other people's security-sensitive code every time there's
a new TLS patch.
Now that we have AUTH without patching (see mail/qmail-acceptutils), the
"sasl" option goes away, we're finally on the most recent TLS patch
available, and when it's updated it'll be easy for us to keep up.
Rebase RCPTCHECK and EAI patches onto netqmail-with-TLS-and-no-AUTH.
Bump PKGREVISION.
Changelog v0.5.3:
- Fix assertion panic occurring when managesieve service fails to open
INBOX while saving a Sieve script. This was caused by a lack of
cleanup after failure.
- Fix specific messages causing an assert panic with actions that
compose a reply (e.g. vacation). With some rather weird input from the
original message, the header folding algorithm (as used for composing
the References header for the reply) got confused, causing the panic.
- IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command parsing.
After finishing reading the Sieve script, the command parsing
sometimes didn't continue with the search arguments. This is a time-
critical bug that likely only occurs when the Sieve script is sent in
the next TCP frame.
2.3.3:
* doveconf hides more secrets now in the default output.
* ssl_dh setting is no longer enforced at startup. If it's not set and
non-ECC DH key exchange happens, error is logged and client is
disconnected.
+ Added log_debug=<filter> setting.
+ Added log_core_filter=<log filter> setting.
+ quota-clone: Write to dict asynchronously
+ --enable-hardening attempts to use retpoline Spectre 2 mitigations
+ lmtp proxy: Support source_ip passdb extra field.
+ doveadm stats dump: Support more fields and output stddev by default.
+ push-notification: Add SSL support for OX backend.
- NUL bytes in mail headers can cause truncated replies when fetched.
- director: Conflicting host up/down state changes may in some rare
situations ended up in a loop of two directors constantly overwriting
each others' changes.
- director: Fix hang/crash when multiple doveadm commands are being
handled concurrently.
- director: Fix assert-crash if doveadm disconnects too early
- virtual plugin: Some searches used 100% CPU for many seconds
- dsync assert-crashed with acl plugin in some situations.
- mail_attachment_detection_options=add-flags-on-save assert-crashed
with some specific Sieve scripts.
- Mail snippet generation crashed with mails containing invalid
Content-Type:multipart header.
- Log prefix ordering was different for some log lines.
- quota: With noenforcing option current quota usage wasn't updated.
- auth: Kerberos authentication against Samba assert-crashed.
- stats clients were unnecessarily chatty with the stats server.
- imapc: Fixed various assert-crashes when reconnecting to server.
- lmtp, submission: Fix potential crash if client disconnects while
handling a command.
- quota: Fixed compiling with glibc-2.26 / support libtirpc.
- fts-solr: Empty search values resulted in 400 Bad Request errors
- fts-solr: default_ns parameter couldn't be used
- submission server crashed if relay server returned over 7 lines in
a reply (e.g. to EHLO)
qmail. It avoids patch conflicts, adds new user-controlled features, and
is more consistent with qmail's design.
To SMTP-authenticate users without patching ofmipd(8) or qmail-smtpd(8),
compose the following programs into your configuration:
- reup runs a program repeatedly until it succeeds.
- authup offers SMTP or POP3 authentication and calls checkpassword.
- checknotroot refuses to run as UID 0.
- fixsmtpio filters SMTP I/O and exit status to suit authup.
From Attila Fueloep in pull request NetBSD/pkgsrc#32.
Apache SpamAssassin 3.4.2 contains numerous tweaks and bug fixes over the
past three and 1/2 years. As we release 3.4.2, we are preparing 4.0.0 which
will move us into a full UTF-8 environment. We expect one final 3.4.3
release.
As with any release there are a number of functional patches, improvements as
well as security reasons to upgrade to 3.4.2. In this case we have over 3
years of issues being resolved at once. And we are laying thr groundwork for
version 4.0 which is is designed to more natively handle UTF-8.
However, there is one specific pressing reason to upgrade. Specifically, we
will stop producing SHA-1 signatures for rule updates. This means that while
we produce rule updates with the focus on them working for any release from
v3.3.2 forward, they will start failing SHA-1 validation for sa-update.
*** If you do not update to 3.4.2, you will be stuck at the last ruleset
with SHA-1 signatures in the near future. ***
Full release notes at http://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.2.txt.
- nullmailer-send no longer generates bounces for rejected bounces.
Thanks Fejes József
- Fixed compile error in sendmail on GCC older than 4.9.
- Fixed treating authentication failure as message rejection.
Thanks Fejes József
- nullmailer-inject now sets the full name of the sender to the user
name as a fallback. This helps distinguish system sent messages when
the MTA rewrites the address (as does GMail, for example).
- Fixed compatibility issue with gnutls 3.6 (and possibly others).
- [Feature] Add arguments schemas to processors and extractors
- [Feature] Add functional selectors library
- [Feature] Add generic selector to reputation module
- [Feature] Add more ratelimits: by digest, by attachments data, by
filenames
- [Feature] Add preliminary stop words detection support
- [Feature] Add pure Lua debugm function
- [Feature] Add schema validation for Redis settings
- [Feature] Add selectors combine function
- [Feature] Add some recursion protection to lua logger
- [Feature] Add support for Lua API tracing
- [Feature] Allow to apply schema to arguments
- [Feature] Allow to get dkim signing data directly from HTTP headers
- [Feature] Allow to reuse existing authentication results
- [Feature] Cache selectors results in re runtime
- [Feature] Implement new text tokenizer based on libicu
- [Feature] Integrate selectors framework to multimap
- [Feature] Relax FORGED_RECIPIENTS
- [Feature] Support (almost) all html entities
- [Feature] Support adding and deletion of recipients in the milter
block
- [Feature] Support gathering HTTP body from fragments in lua_http
- [Feature] Support multi flag in regexp and glob maps
- [Feature] Support selectors in ratelimit module
- [Feature] Support selectors in settings
- [Feature] Use khash in HTML parser
- [Feature] Use pure Lua debugm function
- [Fix] Add fail-safety for destroying sessions
- [Fix] Allow to add result-less fake DNS records
- [Fix] Another try to fix race conditions on config unload
- [Fix] Call Lua callback on DNS timeouts
- [Fix] Deprecate task:inc_dns_req as it is redundant
- [Fix] Do not allow events deletions on cleanup
- [Fix] Do not try to process skipped messages
- [Fix] Fix HTTP requests with no body
- [Fix] Fix another cleanup race condition
- [Fix] Fix bug in processing of pcre regexps
- [Fix] Fix byte array allocation in the pool
- [Fix] Fix crashes on task cleanup
- [Fix] Fix dynamic buckets in ratelimits
- [Fix] Fix endless loop when waiting for Rspamd to stop
- [Fix] Fix lua_util.str_split in case of delimiters set
- [Fix] Fix more issues with watching of async events
- [Fix] Fix stop words detection and loading logic
- [Fix] Fix various corner cases for language detection
- [Fix] Fix watchers in lua_tcp
- [Fix] Fix words decay algorithm
- [Fix] Implement watchers replacement to handle nested calls
- [Fix] Save faked code into fake dns record
- [Fix] Show the proper frame when using lua_util.debugm
- [Fix] Use fake dns records in tests
- [Fix] Use unicode replacements for HTML entities
- [Fix] fixed "cannot find dependency on symbol 1" issue when using
replaced symbols in spamassassin rules
- [Fix] partition_id is not available in old versions of CH
- [Project] Add implicit conversion logic to selectors
- [Project] Add initial support for selectors in regexps
- [Project] Add method concept
- [Project] Further changes in unicode operations
- [Project] Implement Clickhouse migrations
- [Project] Implement implicit conversions to userdata
- [Project] Implement insert method
- [Project] Implement selectors registration for regular expressions
- [Project] Implement selectors support in re_cache
- [Project] Improve language detector: cleanup unused files,
categorize
- [Project] Migrate CH data to a fat table
- [Project] Rework selectors logic
- [Project] Start Clickhouse utilities library
- [Project] Start unicode rework
- [Project] coroutine threaded model for API calls: thread pool
- [Rework] Move phishtank to a DNS based service
- [Rework] Rework Clickhouse plugin to use the new API
- [Rework] Rework language detector
- [Rework] Rework utf content processing in text parts
- [WebUI] Add progress bar for AJAX requests
- [WebUI] Avoid errors table reinitialization
- [WebUI] Avoid history table reinitialization
- [WebUI] Avoid throughput summary table reinitialization
- [WebUI] Destroy summary table on disconnect
- [WebUI] Fix "auth" request URL
- [WebUI] Fix disabling and hiding controls on page reload
- [WebUI] Fix maps loading from neighbours
- [WebUI] Fix symbols sorting by score
- [WebUI] Fix tables destroying
- [WebUI] Fix throughput data consolidation
- [WebUI] Fix upload buttons disabling
## 3.2.2 / 2018-08-12
* Hiroto Fukui removed a stray `debugger` statement that I had used in
producing v3.2.1. [#137][]
## 3.2.1 / 2018-08-12
* A few bugs related to MIME::Types::Container and its use in the
mime-types-data helper tools reared their head because I released 3.2
before verifying against mime-types-data.
## 3.2 / 2018-08-12
* 2 minor enhancements
* Janko Marohnić contributed a change to `MIME::Type#priority_order` that
should improve on strict sorting when dealing with MIME types that
appear to be in the same family even if strict sorting would cause an
unregistered type to be sorted first. [#132][]
* Dillon Welch contributed a change that added `frozen_string_literal:
true` to files so that modern Rubies can automatically reduce duplicate
string allocations. [#135][]
* 2 bug fixes
* Burke Libbey fixed a problem with cached data loading. [#126][]
* Resolved an issue where Enumerable#inject returns +nil+ when provided
an empty enumerable and a default value has not been provided. This is
because when Enumerable#inject isn't provided a starting value, the
first value is used as the default value. In every case where this
error was happening, the result was supposed to be an array containing
Set objects so they can be reduced to a single Set. [#117][], [#127][],
[#134][].
* Fixed an uncontrolled growth bug in MIME::Types::Container where a key
miss would create a new entry with an empty Set in the container. This
was working as designed (this particular feature was heavily used
during MIME::Type registry construction), but the design was flawed in
that it did not have any way of determining the difference between
construction and querying. This would mean that, if you have a function
in your web app that queries the MIME::Types registry by extension, the
extension registry would grow uncontrollably. [#136][]
* Deprecations:
* Lazy loading (`$RUBY_MIME_TYPES_LAZY_LOAD`) has been deprecated.
* Documentation Changes:
* Supporting files are now Markdown instead of rdoc, except for the
README.
* The history file has been modified to remove all history prior to 3.0.
This history can be found in previous commits.
* A spelling error was corrected by Edward Betts ([#129][]).
* Administrivia:
* CI configuration for more modern versions of Ruby were added by Nicolas
Leger ([#130][]), Jun Aruga ([#125][]), and Austin Ziegler. Removed
ruby-head-clang and rbx (Rubinius) from CI.
* Fixed tests which were asserting equality against nil, which will
become an error in Minitest 6.
## 3.2018.0812 / 2018-08-12
* Added `.xsd` extension to `text/xml`. [#10][]
* Added `.js` and `.mjs` extensions to `text/ecmascript` and
`text/javascript`. [#11][]
* Added `.ipa` extension to `application/octet-stream`. [#12][]
* Moved extensions `.markdown` and `.md` and added `.mkd` extension to
`text/markdown`. [#13][]
* Because of a bug found with mime-types 3 before 3.2.1, this version
requires mime-types 3.1 or later to manage data.
* Updated the IANA media registry entries as of release date. The biggest
major change here is the addition of the `font/` top-level media type.
* MIME type changes not introduced by pull requests will no longer be
individually tracked.
* Clarified that the YAML editable format is not shipped with the Ruby gem
for size considerations.
1.2:
mprove the documentation on enabling STARTTLS.
Add customizable ident field to SMTP class constructor.
Remove asyncio.coroutine decorator as it was introduced in Python 3.5.
Add Controller docstring, explain dual-stack binding.
Gracefully handle ASCII decoding exceptions.
Fix typo.
Improve Controller ssl_context documentation.
Add timeout feature.
- Network timeout handling has been added.
- Support for proper Maildir++ and a Maildir sub-folder naming style
without extra dots have been added.
- Support for TLS client certificates was added.
- Support for recovering from baseless UID validity changes was added.
- The get-cert script was renamed to mbsync-get-cert.
pkgsrc changes:
- Update HOMEPAGE and MASTER_SITES
- Remove inet6 option (it was actually a no-op)
- Adjust libidn dependency to libidn2 per 1.8.0 change
- Cleanup the options.mk a bit: no need to add pkg-config to USE_TOOLS, it was
already needed as tool and remove all --with-*-prefix= because pkg-config is
used for that
Changes:
Version 1.8.0:
- A minimal SMTP server called msmtpd was added that listens on the local host
and pipes mails to msmtp (or another program). It is intended to be used with
system services that cannot be configured to call msmtp directly. You can
disable it with the configure option --without-msmtpd.
- Using OpenSSL is discouraged and may not be supported in the future. Please
use GnuTLS instead. The reasons are explained here:
https://marlam.de/msmtp/news/openssl-discouraged/
- As using GNU SASL is most likely unnecessary, it is disabled by default now.
Since everything uses TLS nowadays and thus can use PLAIN authentication, you
really only need it for GSSAPI.
- If your system requires a library for IDN support, libidn2 is now used instead
of the older libidn.
- The CRAM-MD5 authentication method is marked as obsolete / insecure and will
not be chosen automatically anymore.
- The passwordeval command does not require the password to be terminated by a
new line character anymore.
- The new logfile_time_format command allows to customize log file time stamps.
- Builtin default port numbers are now used instead of consulting /etc/services.
- Support for DJGPP and for systems lacking vasprintf(), mkstemp(), or tmpfile()
is removed.
Version 1.6.8:
- Add --source-ip option and source_ip command to bind the outgoing connection
to a specific source IP address.
- Enable SNI for TLS
Version 1.6.7:
- Add support for ~/.config/msmtp/config as configuration file
- Add network timeout handling on Windows
- Fix command line handling of SHA256 TLS fingerprints
- Fix SIGPIPE handling (affects at least Mac OS X)
- Add french translation, and update german translation
