- Fix insert-signature command in external compose window if opened from inline compose screen
- Initialize HTML editor before restoring a message from localStorage
- Add 'sig_max_lines' config option to default config file
- Add option to specify IMAP connection socket parameters - imap_conn_options
- Add option to set default message list mode - default_list_mode
- Enable contextmenu plugin for TinyMCE editor
- Fix some mime-type to extension mapping checks in Installer
- Fix errors when using localStorage in Safari's private browsing mode
- Fix bug where $Forwarded flag was being set even if server didn't support it
- Fix various iCloud vCard issues, added fallback for external photos
- Fix invalid Content-Type header when send_format_flowed=false
- Fix errors when adding/updating contacts in active search
- Fix incorrect thumbnail rotation with GD and exif orientation data
- Fix contacts list update after adding/deleting/moving a contact
- Fix handling of email addresses with quoted domain part
- Fix comm_path update on task switch
- Fix error in MSSQL update script 2013061000.sql
- Fix validation of email addresses with IDNA domains
version 2.09: Sun Sep 14 18:12:08 CEST 2014
Improvements:
- documentation use consistent parameter casing
- do not use '//' to support 5.8.*
rt.cpan.org#98664 [Paul]
Integrated SPF checking is now available through the new
SPFSelfValidate and SPFIgnoreResults settings.
Feature request #79: Optionally ignore clients that authenticated
using SMTP AUTH.
Fix bug #60, part II: Default AuthservID to the name provided by the
MTA, not the local host name, which is consistent with what
OpenDKIM does.
Fix bug #72: Don't crash when From fields are absent.
Fix bug #74: Change "Forensic" to "Failure" just about everywhere
to match the language now being used in the base DMARC
draft. Note that this also changes some names in the
configuration file.
Fix bug #75: Correct typo in MIME of forensic reports.
Fix bug #76: Repair damage with respect to Authentication-Results
header field selection.
Fix bug #77: Request quarantine from the MTA during option
negotiation.
Fix bug #78: Add missing newline in forensic report header.
Fix bug #90: Make "--with-sql-backend" without any value do the
right thing.
Fix bug #93: Honor size limits in URIs.
Make "smime" and "rrvs" legal Authentication-Results methods.
Provide better logging when pclose() for a forensic report returns
non-zero.
Add configuration support for internal SPF checks. Includes hooks in
the milter to check that SPF is configured to do so.
This can use a private SPF implementation or libspf2.
Fix strlcat() and strlcpy() support for Debian.
REPORTS: Feature request #80: Generate aggregate reports on UTC
day boundaries.
REPORTS: Feature request #84: Optionally expire old data from
lower-growth tables.
REPORTS: Fix bug #70: Fix date range generation in reports.
REPORTS: Fix bug #82: Fix recording of report timestamp to avoid lost
records.
REPORTS: Fix bug #83: When expiring data, truncate the signatures table
if all messages were expired..
REPORTS: Fix bug #85: Report subdomain policy.
LIBOPENDMARC: Fix bug #71: Fix "rua" extraction from DMARC records.
LIBOPENDMARC: Added support for milter to perform own spf checks.
Three new files: opendmarc_spf.c, opendmard_spf_dns.c and
test/test_spf.cl, allow integrated SPF support. Support for
use of libspf2 is also provided.
arc4random_buf(); netbsd-5 (and presumably earlier) has the one but
not the other. Just disable it, because all it's using the randomness
for is message-ids. Fixes the netbsd-5 build.
Note: this commit is part of reorganizing some of the recently
imported R packages, which are being reimported into more appropriate
categories (and removed from math) as a result of a recent discussion
on tech-pkg and privately with wiz@. See the thread starting with:
http://mail-index.netbsd.org/tech-pkg/2014/09/05/msg013558.html
This package guesses the MIME type from a filename extension using the
data derived from /etc/mime.types in UNIX-type systems.
Note: this commit is part of reorganizing some of the recently
imported R packages, which are being reimported into more appropriate
categories (and removed from math) as a result of a recent discussion
on tech-pkg and privately with wiz@. See the thread starting with:
http://mail-index.netbsd.org/tech-pkg/2014/09/05/msg013558.html
Handle possible NULL returns from crypt(3).
Revised the included MD5 routines to help the compiler detect a common
subexpression between steps in round 3.
Switched to heavily cut-down BSD license.
version 2.08: Fri Sep 5 15:29:52 CEST 2014
Fixes:
- fix test t/40mojo.t which mojo is not installed
rt.cpan.org#98639 [Chris]
Improvements:
- remove dependency on Scalar::Util
- documentation fixes
version 2.07: Fri Sep 5 12:08:06 CEST 2014
Fixes:
- MIME::Type::equals() did cmp not eq
Improvements:
- new httpAccept() wth tests in t/21accept.t
- new httpAcceptBest() and httpAcceptSelect() with tests
in t/22accbest.t
- add MojoX::MIME::Types with tests in t/40mojo.t
- now depends on List::Util and Scalar::Util
Contributed by: Leonardo Taccari <iamleot@gmail.com>
Update mail/nmh to 1.6.
Changes:
The biggest changes in this release are in the arena of MIME handling.
Specifically relating to MIME composition and display. On the
composition front, mhbuild(1) will now automatically be run by send(1)
for all drafts. Specifically, mhbuild is now run with the new -auto
flag, which will suppress the processing of mhbuild directives and cause
mhbuild to silently exit if the draft is already MIME-formatted. When
invoking mhbuild manually via the "mime" command at the WhatNow? prompt,
mhbuild will behave as before and process mhbuild directives.
In both cases (automatic and manual invocation) mhbuild will encode email
headers according to RFC-2047 rules. Mhbuild also will use RFC 2231
encoding rules for MIME parameters when appropriate. In addition, the
attach system has been substantially reworked; the new header name is
now "Attach" (to better align with other MUA behavior) and cannot be
changed by the end-user. The existing "attach" command simply adds
the filename(s) to the draft in new Attach: headers, and the actual
file processing is done by mhbuild; this attachment processing will
take place in either automatic or manual mode.
On the display front, mhshow(1) will now automatically convert text
into the user's native character set using iconv, if nmh was built
with iconv support. Also, mhshow will now by default only display
text content that was not marked as an attachment. By default all
displayed content wll be run under one pager, as opposed to individual
pagers for each part as was in the past. Non-displayed parts will be
indicated using a marker string, which can be customized by a new
mh-format(5) string.
All nmh utilites now understand RFC 2231-encoded MIME parameters and
will automatically convert the encoded parameters into the native
character set, when appropriate (again, assuming nmh was built with
iconv support).
In other changes, sequence files are now locked using transactional
locks: locks that are held across sequence file reading, modification,
and writing. The locking algorithm used for spool files and nmh data
files is now runtime configurable.
For people that struggle with mh-format(5) files, a new utility for testing
them has been developed: fmttest(1). It includes the ability to trace the
execution of format instructions.
For users that wish to use Unix utilities on their mail, a new utility
to transform MIME messages to more easily-digestable format is now
available: mhfixmsg(1). It supports a number of options to control
the message transformation.
For users of spost(8), the support for spost has been rolled into post(8)
under a new sendmail/pipe MTS. A shell script emulating the old behavior
of spost has been provided.
1.195 2014-09-01 08:38:58-04:00 America/New_York
- handle domain part with MX but no A record (thanks, Karel Miko)
1.194 2014-05-28 17:21:53-04:00 America/New_York
- yhaoo.com grew an MX record; use something that won't
1.193 2014-03-26 22:29:28-04:00 America/New_York
- improve behavior on CNAME MX records
Upstream changes:
1.300014 2014-08-28 14:21:26-04:00 America/New_York
- do not try passing an empty string as a Failure message
1.300013 2014-08-28 11:00:16-04:00 America/New_York
- sometimes, if no error is given and $smtp->message returns (),
the arguments to the Failure constructor were out of alignment and
the failure's error message would be "code"; this has been fixed
1.300012 2014-07-10 09:55:35-04:00 America/New_York
- documentation fix: there's no Email::MIME->delete_header
(thanks, Kris Matthews)
1.300011 2014-03-02 18:16:12-05:00 America/New_York
- run the sendmail program with -i by default (thanks, William Blunn)
- do not die when a race causes mkpath(Maildir/new) to fail because the
directory already exists
1.300010 2014-01-11 14:15:13-05:00 America/New_York
- the SMTP transport now has a "debug" option
1.300009 2013-09-01 12:03:06 America/New_York
see also 1.300008!
switch to automatic determination of prereqs to improve accuracy
1.300008 2013-09-01 09:39:13 America/New_York
[THIS MIGHT BREAK YOUR CODE]
at long last, Sendmail and Maildir transports replaces CRLF with CR
before piping
[BUG FIXES]
fixes a bug where recipients beginning with a - would not work with
the Sendmail transport [rt.perl.org #66246]
require Email-Abstract 3.006, to get Email-Simple 1.998, to get
Email::Simple->new(\$str), resolving [rt.perl.org #85926]
1.300007 2013-03-19 14:58:27 America/New_York
when sending over SMTP, send DATA in hunks of 1 mebibyte or smaller
* Catch and error out if a user adds a feed with a duplicate name.
* Split sender into both sendmail's -F and -f.
* Fix an error with SMTPConnectionError inhertence order ("does not
take keyword arguments").
* Add a new `smtp-ssl-protocol` setting, to select acceptable
protocols for SMTP connections.
* Fix non-compliant User-Agent header for HTTP/1.1.
* Fix an error in the NoToEmailAddress invocation.
* Add a new `trust-link` setting, to prefer the `link` attribute
over the `id` attribute for identifying entries.
[10541] src/lib/List.pm: [Submitted by S. Shipway, Univ. of Auckland]
Workaround for aggressive DMARC policy such as yahoo.com. The patch
adds option #3 of this DMARC FAQ: http://dmarc.org/faq.html#s_3
- New list config paragraph "dmarc_protection" to munge "From:" header
and put original header content erc. into comment.
[10540] src/lib/Bulk.pm: New parameters for merged messages.
"part.description", "part.disposition", "part.encoding" and "part.type"
may be used for each part of input messages. These are all-lowercase
(except "part.description").
***** [10207] src/etc/script/create_db.Oracle, src/etc/script/create_db.Pg,
***** src/etc/script/create_db.SQLite, src/etc/script/create_db.Sybase,
***** src/etc/script/create_db.mysql: Two new database fields appeared in
***** this version and a field was modified.
***** - The new fields are prev_id_session (varchar(30)) and
***** refresh_date_session (int(11)). they are located in the session_table
***** table.
***** - The modified field is dkim_privatekey_bulkspool and is located in the
***** bulkspool_table table. Its length went from varchar(1000) to
***** varchar(2000).
***** Sympa install using MySQL and SQLite backends will have no trouble at
***** all, as the database structure is updated by Sympa.
***** However, if you use Postgres, Oracle or Sybase, please have a look
***** (respectively) at the create_db.Pg, create_db.Oracle or
***** create_db.Sybase to check the definition of those fields. Please update
***** your database structure before running Sympa.
[10206] src/lib/Sympa/DatabaseDescription.pm: Changing length of DKIM
private key in database to ensure database creation scripts will be
updated.
[10074] mail_tt2/command_report.tt2, mail_tt2/info_report.tt2,
mail_tt2/review.tt2, src/lib/Commands.pm, src/lib/List.pm,
src/lib/tt2.pm, web_tt2/edit_list_request.tt2,
web_tt2/review_family.tt2, web_tt2/search_user.tt2,
web_tt2/suboptions.tt2, web_tt2/subscriber_table.tt2,
web_tt2/suspend_request.tt2, wwsympa/wwslib.pm,
wwsympa/wwsympa.fcgi.in: i18n of options for list parameters and
subscriber options.
- Options on edit_list page are shown by i18n'ed titles.
- Only listmasters can view real config values.
- Subscriber options on review pages, command results, subscriber
option pages and so on are shown by i17n'ed titles (along with real
option values).
***** [10051] src/lib/tt2.pm, web_tt2/Makefile.am, web_tt2/css.tt2,
***** web_tt2/ja_JP, web_tt2/ja_JP/css.tt2, web_tt2/ko_KR,
***** web_tt2/ko_KR/css.tt2, web_tt2/main.tt2, web_tt2/zh_CN,
***** web_tt2/zh_CN/css.tt2, web_tt2/zh_TW, web_tt2/zh_TW/css.tt2,
***** wwsympa/wwsympa.fcgi.in: Per-language css.tt2 will override any
***** portion of main css, not fully replacing it. So they may be used for
***** locale-specific customization.
***** Background: Default css.tt2 specifies the font families covering
***** Western scripts (Latin, Cyrillic, ...). East Asian users may prefer
***** consistent font family supporting Western along with Eastern scripts
***** (Han, Hangul, ...).
[9966] src/lib/Message.pm, src/lib/confdef.pm: New site config
parameter "sender_headers" to specify header fields by which message
sender is detected.
This is a enhancement to S. Shipway's improvement.
[9963] web_tt2/review.tt2, web_tt2/show_exclude.tt2,
wwsympa/wwsympa.fcgi.in: [Reported by so many listmasters we lost the
count] Exclusion table was just a display of the users excluded. list
owners could not do anything to restore subscriptions;
This page is now a form, similar to the review page, which allows to
restore users subscriptions.
[9951] src/lib/List.pm: Now you can define a "scenari" directory in
the lists family directory. These scenarii will be available for lists
instantiated from this family.
The "scenari" directory must be put directly in the family directory,
not in the overall "families" directory. For example, if you want to
define scenarii specific to the "staff" family, you must define a
scenari directory in the /home/sympa/etc/families/staff/ directory. Not
in /home/sympa/etc/families/.
***** [9989] configure.ac, src/Makefile.am, src/alias_manager.pl.in,
***** src/etc/script/ldap_alias_manager.pl.in,
***** src/etc/script/mysql_alias_manager.pl.in, src/lib/confdef.pm,
***** src/sympa_newaliases-wrapper.c, src/sympa_newaliases.pl.in: Now alias
***** maintenance utilities other than newaliases may be used without special
***** configure options nor patch to alias_manager.pl.
***** Changes:
***** - aliaswrapper and virtualwrapper were deprecated and replaced with
***** sympa_newaliases-wrapper.
***** - New alias management program sympa_newaliases.pl which will typically be
***** called by alias_manager.pl via sympa_newaliases-wrapper.
***** - New site configuration parameters aliases_db_type and aliases_program
***** will control behaviour of alias database maintenance.
***** - configure script:
***** - Options --with-sendmail_aliases and --with-virtual_aliases were
***** deprecated. Use --with-aliases_file instead.
***** - New options --with-makemap and --with-postalias, along with
***** options --with-newaliases and --with-postmap are available.
***** - Option --with-postmap_arg was removed.
***** - Alias managers can handle postmap/makemap style maps (delimited by
***** whitespace), not only newaliases style maps (delimited by colon).
[9953] wwsympa/wwsympa.fcgi.in: [Submitted by S. Shipway, univ.
Auckland] several changes in privilegs to ease everyday lists
moderation:
- Owners and lismasters can moderate messages and shared repository
- Editors can moderate subscriptions
- 'del' and 'add' sceanrios are evaluated to make their result
available in each page.
[8451] src/etc/Makefile.am, src/etc/create_list_templates/confidential,
src/etc/create_list_templates/confidential/comment.tt2,
src/etc/create_list_templates/confidential/config.tt2,
src/etc/scenari/send.confidential: New "confidential" list model.
These lists are used for groups who don't want any publicity around
their activities; All possible restrictions are applied to prevent
unauthorized users to know these lists exist and to learn anything
about them.
[8454] web_tt2/footer.tt2, web_tt2/tt2_error.tt2: Removing references
to the Sympa version in web pages to avoid pages to be searched by bad
guys willing to exploit known vulnerabilities on out of date servers.
For complete list of changes, see
http://www.sympa.org/distribution/latest-stable/NEWS
Hope this works on case-insensitive file systems. If not, let's
just rm this thing.
Bump PKGREVISION.
XXX: Why is this package "destdir" and not "user-destdir"?
Muir.
For the baker's dozen of binaries unreadable (or worse) to non-root,
chmod them 0755 at post-install for pkg_create(1), and chmod them
back with SPECIAL_PERMS at pkg_add(1) time. Permissions on the
installed binaries compare equal before and after this change, so
no PKGREVISION bump.
included lua-curl to also avoid defining an unneeded (and apparently
so old as to be dangling) curl compatibility #define.
Caution: this is a diff to a diff of a diff; cvs diff will give you
a diff of a diff to a diff of a diff.
While here, recenter another pkgsrc patch.
Add notmuch emacs option that pulls in emacs and installs compiled lisp
files as well.
Based on a similar patch by J. Lewis Muir on pkgsrc-users.
Bump PKGREVISION.
TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static
checkers that were complaining about end of non-void function with no
return.
JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers.
This was a regression intruduced in 4.83 by another bugfix.
JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled.
TL/02 Bug 1509: Fix exipick for enhanced spoolfile specification used when
EXPERIMENTAL_DNS is enabled.
This is Trojita, a Qt IMAP e-mail client.
Features:
* A pure Qt4 (and Qt5!) application with no additional dependencies
* Robust IMAP core implemented using Qt's Model-View framework
* Standards compliance is a design goal
* On-demand message list and body part loading
* Offline IMAP support
* Support for bandwidth-saving mode aimed at mobile users with
expensive connection
* IMAP over SSH -- in addition to usual SSL/TLS connections, the
server could be accessed via SSH
* Safe and robust dealing with HTML mail
* Update enigmail to 1.7
Changelog:
NEW
Autocompleting email addresses now matches against any part of the name or email (bug 529584)
NEW
Composing a mail to a newsgroup will now autocomplete newsgroup names (bug 61491)
FIXED
Insecure NTLM (pre-NTLMv2) authentication disabled (see 828183)
Fixed in Thunderbird 31
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
Mozilla Thunderbird is a redesign of the Mozilla mail component. The
goal is to produce a cross platform stand alone mail application using
the XUL user interface language. This version uses the gtk2 toolkit.
This package tracks Thunderbird 24 branch.
- Fix storing unsaved drafts in localStorage
- Fix redundant horizontal scrollbar in HTML editor
- Fix PHP error in Preferences when default_folders was in dont_override
- Add configurable LDAP_OPT_DEREF option
- Fix unintentional draft autosave request if autosave is disabled
- Fix malformed References: header in send/saved mail
- Fix handling unicode characters in links
- Fix incorrect handling of HTML comments in messages sanitization code
- Fix so current page is reset on list-mode change
- Fix so responses menu hides on click in classic skin
- Fix unintentional line-height style modification in HTML messages
- Fix broken normalize_string(), add support for ISO-8859-2
- Support csv contacts import in German localization
- Fix so message list and counters are updated when a message is opened in new window
- Fix malformed recipient name when composing a message by clicking on mailto link
- Fix list reload after sending message in another window
- Fix so address format errors are ignored when saving a draft
- Fix incorrect label translation in return receipt
- Fix security issue in delete-response action - allow only ajax request
- Fix Delete button state after deleting identity/response
- Fix bug where contacts with no email address were listed on compose addressbook
- Fix images import from various vCard formats
- Fix sorting messages by size on servers without SORT capability
1. If built with the EXPERIMENTAL_PROXY feature enabled, Exim can be
configured to expect an initial header from a proxy that will make the
actual external source IP:host be used in exim instead of the IP of the
proxy that is connecting to it.
2. New verify option header_names_ascii, which will check to make sure
there are no non-ASCII characters in header names. Exim itself handles
those non-ASCII characters, but downstream apps may not, so Exim can
detect and reject if those characters are present.
3. New expansion operator ${utf8clean:string} to replace malformed UTF8
codepoints with valid ones.
4. New malware type "sock". Talks over a Unix or TCP socket, sending one
command line and matching a regex against the return data for trigger
and a second regex to extract malware_name. The mail spoofile name can
be included in the command line.
5. The smtp transport now supports options "tls_verify_hosts" and
"tls_try_verify_hosts". If either is set the certificate verification
is split from the encryption operation. The default remains that a failed
verification cancels the encryption.
6. New SERVERS override of default ldap server list. In the ACLs, an ldap
lookup can now set a list of servers to use that is different from the
default list.
7. New command-line option -C for exiqgrep to specify alternate exim.conf
file when searching the queue.
8. OCSP now supports GnuTLS also, if you have version 3.1.3 or later of that.
9. Support for DNSSEC on outbound connections.
10. New variables "tls_(in,out)_(our,peer)cert" and expansion item
"certextract" to extract fields from them. Hash operators md5 and sha1
work over them for generating fingerprints, and a new sha256 operator
for them added.
11. PRDR is now supported dy default.
12. OCSP stapling is now supported by default.
13. If built with the EXPERIMENTAL_DSN feature enabled, Exim will output
Delivery Status Notification messages in MIME format, and negociate
DSN features per RFC 3461.
1.905 2014-06-17 22:55:00-04:00 America/New_York
- additional change to avoid slowdown; this addresses CVE-2014-0477
change provided by Bastian Blank <waldi@debian.org>
1.904 2014-06-14 00:21:21-04:00 America/New_York (TRIAL RELEASE)
- avoid being fooled by an addr-like string in the phrase
- avoid a slowdown by avoiding backtracking into the phrase
1.903 2014-04-17 21:02:14-04:00 America/New_York
- correctly parenthesize false comment "0" (sigh)
1.902 2014-04-17 10:45:11-04:00 America/New_York
- when formatting an address where phrase is empty but comment is not,
do not include "" for the phrase; just omit it
- when formatting and address where comment lacks enclosing parens, add
them
Changelog:
0.05 2014-02-16
- Correct typos in documentation; no functionality changes
0.04 2014-02-03
- Update minimum perl version to 5.10, because of use of ++ quantifier
0.03 2014-01-22
- Include documentation updates present in the released version of
0.01, but never checked into the repository
0.02 2014-01-15
- Prevent a quadratic-time check when the provided string did not
contain a valid address
Notmuch 0.18.1 (2014-06-25)
===========================
This is a bug fix and portability release.
Build System
------------
Add a workaround for systems without zlib.pc
Make emacs install robust against the non-existence of emacs
Put notmuch lib directory first in RPATH
Fix handling of html_static_path in sphinx
Both the python bindings and the main docs had spurious settings of
this variable.
Test Suite
----------
Use --quick when starting emacs
This avoids a hang in the T160-json tests.
Allow pending break points in atomicity script
This allows the atomicity tests to run on several more architectures/OSes.
Command-Line Interface
----------------------
To improve portability use fsync instead of fdatasync in
`notmuch-dump`. There should be no functional difference.
Library changes
---------------
Resurrect support for single-message mbox files
The removal introduced a bug with previously indexed single-message
mboxes. This support remains deprecated.
Fix for phrase indexing
There were several bugs where words intermingled from different
headers and MIME parts could match a single phrase query. This fix
will affect only newly indexed messages.
Emacs Interface
---------------
Make sure tagging on an empty query is harmless
Previously tagging an empty query could lead to tags being
unintentionally removed.
Notmuch 0.18 (2014-05-06)
=========================
Overview
--------
This new release includes some enhancements to searching for messages
by filesystem location (`folder:` and `path:` prefixes under *General*
below). Saved searches in *Emacs* have also been enhanced to allow
distinct search orders for each one. Another enhancement to the
*Emacs* interface is that replies to encrypted messages are now
encrypted, reducing the risk of unintentional information disclosure.
The default dump output format has changed to the more robust
`batch-tag` format. The previously deprecated parsing of single
message mboxes has been removed. For detailed release notes, see
below.
General
-------
The `folder:` search prefix now requires an exact match
The `folder:` prefix has been changed to search for email messages
by the exact, case sensitive maildir or MH folder name. Wildcard
matching (`folder:foo*`) is no longer supported. The new behaviour
allows for more accurate mail folder based searches, makes it
possible to search for messages in the top-level folder, and should
lead to less surprising results than the old behaviour. Users are
advised to see the `notmuch-search-terms` manual page for details,
and review how the change affects their existing `folder:` searches.
There is a new `path:` search prefix.
The new `path:` search prefix complements the `folder:` prefix. The
`path:` prefix searches for email messages that are in particular
directories within the mail store, optionally recursively using a
special syntax. See the `notmuch-search-terms` manual page for
details.
Notmuch database upgrade due to `folder:` and `path:` changes
The above mentioned changes to the `folder:` prefix and the addition
of `path:` prefix require a Notmuch database upgrade. This will be
done automatically, without prompting on the next time `notmuch new`
is run after the upgrade. The upgrade is not reversible, and the
upgraded database will not be readable by older versions of
Notmuch. As a safeguard, a database dump will be created in the
`.notmuch` directory before upgrading.
Library changes
---------------
Notmuch database upgrade
The libnotmuch consumers are reminded to handle database upgrades
properly, either by relying on running `notmuch new`, or checking
`notmuch_database_needs_upgrade()` and calling
`notmuch_database_upgrade()` as necessary. This has always been the
case, but in practise there have been no database upgrades in any
released version of Notmuch before now.
Support for indexing mbox files has been dropped
There has never been proper support for mbox files containing
multiple messages, and the support for single-message mbox files has
been deprecated since Notmuch 0.15. The support has now been
dropped, and all mbox files will be rejected during indexing.
Message header parsing changes
Notmuch previously had an internal parser for message headers. The
parser has now been dropped in favour of letting GMime parse both
the headers and the message MIME structure at the same pass. This is
mostly an internal change, but the GMime parser is stricter in its
interpretation of the headers. This may result in messages with
slightly malformed message headers being now rejected.
Command-Line Interface
----------------------
`notmuch dump` now defaults to `batch-tag` format
The old format is still available with `--format=sup`.
`notmuch new` has a --quiet option
This option suppresses the progress and summary reports.
`notmuch insert` respects maildir.synchronize_flags config option
Do not synchronize tags to maildir flags in `notmuch insert` if the
user does not want it.
The commands set consistent exit status codes on failures
The cli commands now consistently set exit status of 1 on failures,
except where explicitly otherwise noted. The notable expections are
the status codes for format version mismatches for commands that
support formatted output.
Bug fix for checking configured new.tags for invalid tags
`notmuch new` and `notmuch insert` now check the user configured
new.tags for invalid tags, and refuse to apply them, similar to
`notmuch tag`. Invalid tags are currently the empty string and tags
starting with `-`.
Emacs Interface
---------------
Init file
If the file pointed by new variable `notmuch-init-file` (typically
`~/.emacs.d/notmuch-config.el`) exists, it is loaded at the end of
`notmuch.el`. Users can put their personal notmuch emacs lisp based
configuration/customization items there instead of filling
`~/.emacs` with these.
Changed format for saved searches
The format for `notmuch-saved-searches` has changed, but old style
saved searches are still supported. The new style means that a saved
search can store the desired sort order for the search, and it can
store a separate query to use for generating the count notmuch
shows.
The variable is fully customizable and any configuration done
through customize should *just work*, with the additional options
mentioned above. For manual customization see the documentation for
`notmuch-saved-searches`.
IMPORTANT: a new style notmuch-saved-searches variable will break
previous versions of notmuch-emacs (even search will not work); to
fix remove the customization for notmuch-saved-searches.
If you have a custom saved search sort function (not unsorted or
alphabetical) then the sort function will need to be
modified. Replacing (car saved-search) by (notmuch-saved-search-get
saved-search :name) and (cdr saved-search) by
(notmuch-saved-search-get saved-search :query) should be sufficient.
The keys of `notmuch-tag-formats` are now regexps
Previously, the keys were literal strings. Customized settings of
`notmuch-tag-formats` will continue to work as before unless tags
contain regexp special characters like `.` or `*`.
Changed tags are now shown in the buffer
Previously tag changes made in a buffer were shown immediately. In
some cases (particularly automatic tag changes like marking read)
this made it hard to see what had happened (e.g., whether the
message had been unread).
The changes are now shown explicitly in the buffer: by default
deleted tags are displayed with red strike-through and added tags
are displayed underlined in green (inverse video is used for deleted
tags if the terminal does not support strike-through).
The variables `notmuch-tag-deleted-formats` and
`notmuch-tag-added-formats`, which have the same syntax as
`notmuch-tag-formats`, allow this to be customized.
Setting `notmuch-tag-deleted-formats` to `'((".*" nil))` and
`notmuch-tag-added-formats` to `'((".*" tag))` will give the old
behavior of hiding deleted tags and showing added tags identically
to tags already present.
Version variable
The new, build-time generated variable `notmuch-emacs-version` is used
to distinguish between notmuch cli and notmuch emacs versions.
The function `notmuch-hello-versions` (bound to 'v' in notmuch-hello
window) prints both notmuch cli and notmuch emacs versions in case
these differ from each other.
This is especially useful when using notmuch remotely.
Ido-completing-read initialization in Emacs 23
`ido-completing-read` in Emacs 23 versions 1 through 3 freezes unless
it is initialized. Defadvice-based *Ido* initialization is defined
for these Emacs versions.
Bug fix for saved searches with newlines in them
Split lines confuse `notmuch count --batch`, so we remove embedded
newlines before calling notmuch count.
Bug fixes for sender identities
Previously, Emacs would rewrite some sender identities in unexpected
and undesirable ways. Now it will use identities exactly as
configured in `notmuch-identities`.
Replies to encrypted messages will be encrypted by default
In the interest of maintaining confidentiality of communications,
the Notmuch Emacs interface now automatically adds the mml tag to
encrypt replies to encrypted messages. This should make it less
likely to accidentally reply to encrypted messages in plain text.
Reply pushes mark before signature
We push mark and set point on reply so that the user can easily cut
the quoted text. The mark is now pushed before the signature, if
any, instead of end of buffer so the signature is preserved.
Message piping uses the originating buffer's working directory
`notmuch-show-pipe-message` now uses the originating buffer's
current default directory instead of that of the `*notmuch-pipe*`
buffer's.
nmbug
-----
nmbug adds a `clone` command for setting up the initial repository and
uses `@{upstream}` instead of `FETCH_HEAD` to track upstream changes.
The `@{upstream}` change reduces ambiguity when fetching multiple
branches, but requires existing users update their `NMBGIT`
repository (usually `~/.nmbug`) to distinguish between local and
remote-tracking branches. The easiest way to do this is:
1. If you have any purely local commits (i.e. they aren't in the
nmbug repository on nmbug.tethera.net), push them to a remote
repository. We'll restore them from the backup in step 4.
2. Remove your `NMBGIT` repository (e.g. `mv .nmbug .nmbug.bak`).
3. Use the new `clone` command to create a fresh clone:
nmbug clone http://nmbug.tethera.net/git/nmbug-tags.git
4. If you had local commits in step 1, add a remote for that
repository and fetch them into the new repository.
== [release-2-0-4] 2.0.4: 2014-06-20
A bug fix release of 2.0.3
=== Ruby milter
==== Improvements
* Add Milter::Client::Test::MilterRunner
* Add Milter::Client::EnvelopeAddress
==== Fixes
* Fix the bug that milter written in Ruby cannot finish properly on multiple
CPU environment
This should be the last update during the freeze.
PR/48566 - Emmanuel Dreyfus -- typo in patch-aw leading to build failure
PR/48913 - Matthias Scheler -- libmilter fails on unprivileged builds
- remove some HTML cruft from netbsd-proto.mc
- stop trying to set file ownership and group during stage-install
- initialize sm_res earlier and test before calling res_ninit()
- clear SSL_OP_TLSEXT_PADDING by defualt to fix interoperability issues
- eliminate stray call to res_search()
- verified with nm that all deprecated resolver functions have been eradicated
The above should address the folling PRs:
- PR/47207 - Richard Palo -- attempt to set ownership when unprivileged
- PR/48566 - Emmanuel Dreyfus -- problem with TLS timeouts
- PR/48913 - Matthias Scheler -- attempt to set ownership when unprivileged
pkgsrc changes:
- consolidate several patches into site.config.m4
- pkgsrc LDFLAGS should always be used
- don't bother specifying file owner/group anywhere except in Makefile
- create include/sm/os/sm_os_netbsd.h to fix warnings and OS specific stuff
- install mail.local and rmail
- convert to use res_n* functions
- allows for linking against threaded libraries
- add a TODO file
- PR/35249 - Loren M. Lang
- can't find libraries on Linux, this should be fixed by using pkgsrc LDFLAGS
- PR/46694 - Makoto Fujiwara
- bring back netbsd-proto.mc from when sendmail was part of the base system
- PR/47207 - Richard Palo
- let pkgsrc infrastructure handle file ownership and group
- PR/48566 - Emmanuel Dreyfus
- always set _FFR_USE_GETPWNAM_ERRNO on NetBSD
- roll ffr_tls_1 and the suggested ffr_tls_ec into one new ffr_tls option
- not enabled by default because it changes behaviour
8.14.9/8.14.9 2014/05/21
SECURITY: Properly set the close-on-exec flag for file descriptors
(except stdin, stdout, and stderr) before executing mailers.
Fix a misformed comment in conf.c: "/*" within comment
which may cause a compilation error on some systems.
Problem reported by John Beck of Oracle.
DEVTOOLS: Fix regression in auto-detection of libraries when only
shared libraries are available. Problem reported by
Bryan Costales.
Changelog
---------
2.1.18-1 (06-May-2014)
Bug fixes and other patches
- A critical incompatibility between the DMARC Wrap Message action and
Python versions older than 2.6.x for some x <= 5 existed and caused
Wrapped message to be shunted. This is fixed. (LP: #1316682)
- Sender: headers are no longer removed in from_is_list Munge From
actions. (LP: #1315970)
2.1.18 (03-May-2014)
Acknowledgements
- Thanks to Jim Popovitch and Phil Pennock for the branch that formed the
basis of the dmarc_moderation_action feature.
- Thanks to Franck Martin et al for the branch that formed the basis of
the from_is_list feature.
Dependencies
- There is a new dependency associated with the new Privacy options ->
Sender filters -> dmarc_moderation_action feature discussed below.
This requires that the dnspython <http://www.dnspython.org/> package
be available in Python. This package can be downloaded from the above
site or from the CheeseShop <https://pypi.python.org/pypi/dnspython/>
or installed with pip.
New Features
- The from_is_list feature introduced in 2.1.16 is now unconditionally
available to list owners. There is also, a new Privacy options ->
Sender filters -> dmarc_moderation_action feature which applies to list
messages where the From: address is in a domain which publishes a DMARC
policy of reject or possibly quarantine. This is a list setting with
values of Accept, Wrap Message, Munge From, Reject or Discard. There is
a new DEFAULT_DMARC_MODERATION_ACTION configuration setting to set the
default for this, and the list admin UI is not able to set an action
which is 'less' than the default. The prior ALLOW_FROM_IS_LIST setting
has been removed and is effectively always Yes. There is a new
dmarc_quarantine_moderation_action list setting with default set by a
new DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION configuration setting
which in turn defaults to Yes. The list setting can be set to No to
exclude domains with DMARC policy of quarantine from
dmarc_moderation_action.
dmarc_moderation_action and from_is_list interact in the following way.
If the message is From: a domain to which dmarc_moderation_action applies
and if dmarc_moderation_action is other than Accept,
dmarc_moderation_action applies to that message. Otherwise the
from_is_list action applies.
Also associated with dmarc_moderation_action are configuration settings
DMARC_RESOLVER_TIMEOUT and DMARC_RESOLVER_LIFETIME. These are described
in more detail in Defaults.py. There are also new vette log entries
written when dmarc_moderation_action is found to apply to a post.
i18n
- Added missing <mm-digest-question-start> tag to French listinfo template.
(LP: #1275964)
Bug Fixes and other patches
- Removed HTML tags from the title of a couple of rmlist.py pages because
browsers don't render tags in the title. (LP: #265848)
- Most Mailman generated notices to list owners and moderators are now
sent as Precedence: list instead of bulk. (LP: #1313146)
- The Reply-To: munging options weren't honored if there was no
from_is_list action. (LP: #1313010)
- Changed from_is_list actions to insert the list address in Cc: if the
list is fully personalized. Otherwise, the list address is only in
From: and Reply-To: overrides it. (LP: #1312970)
- Fixed the Munge From action to only Munge the From: and/or Reply-To: in
the outgoing message and not in archives, digests and messages sent via
the usenet gateway. (LP: #1311431)
- Fixed a long standing issue in which a notice sent to a user whose
language is other than that of the list can cause subsequent things
which should be in the list's language to be in the user's language
instead. (LP: #1308655)
- Fixed the admin Membership List so a search string if any is not lost
when visiting subsequent fragments of a chunked list. (LP: #1307454)
- For from_is_list feature, use email address from original From: if
original From: has no display name and strip domain part from resultant
names that look like email addresses. (LP: #1304511)
- Added the list name to the vette log "held message approved" entry.
(LP: 1295875)
- Added the CGI module name to various "No such list" error log entries.
(LP: 1295875)
- Modified contrib/mmdsr to report module name if present in "No such list
error log entries.
- Fixed a NameError exception in cron/nightly_gzip when it tries to print
the usage message. (LP: #1291038)
- Fixed a bug in ListAdmin._handlepost that would crash when trying to
preserve a held message for the site admin if HOLD_MESSAGES_AS_PICKLES
is False. (LP: #1282365)
- The from_is_list header munging feature introduced in Mailman 2.1.16 is
no longer erroneously applied to Mailman generated notices.
(LP: #1279667)
- Changed the message from the confirm CGI to not indicate approval is
required for an acceptance of an invitation. (LP: #1277744)
- Fixed POSTFIX_STYLE_VIRTUAL_DOMAINS to be case-insensitiive.
(LP: #1267003)
- Added recognition for another simple warning to bounce processing.
(LP: #1263247)
- Fixed a few failing tests in tests/test_handlers.py. (LP: #1262950)
- Fixed bin/arch to not create scrubbed attachments for messages skipped
when processing the --start= option. (LP: #1260883)
- Fixed email address validation to do a bit better in obscure cases.
(LP: #1258703)
- Fixed a bug which caused some authentication cookies to expire too soon
if AUTHENTICATION_COOKIE_LIFETIME is non-zero. (LP: #1257112)
- Fixed a possible TypeError in bin/sync_members introduced in 2.1.17.
(LP: #1243343)
Miscellaneous
- Added to the contrib directory, a script from Alain Williams to count
posts in a list's archive.
2.1.17 (23-Nov-2013)
New Features
- Handling of posts gated from usenet to a list via the Mail <-> News
gateway is changed. Formerly, no list membership, moderation or
*_these_nonmembers checks were done. Now, if the sender of the usenet
post is a moderated member or a nonmember matching a *_these_nonmembers
filter, those checks will be done and actions applied. Nonmember posts
from senders not matching a *_these_nonmembers filter are still accepted
as before. (LP: #1252575)
- There is a new mm_cfg.py setting ANONYMOUS_LIST_KEEP_HEADERS. Since it
is not possible to know which non-standard headers in a message might
reveal sender information, we now remove all headers from incoming posts
to anonymous lists except those which match regular expressions in this
list. The default setting keeps non X- headers except those known to
reveal sender information, Mailman added X- headers and x-Spam- headers.
See the description in Defaults.py for more information. (LP: #1246039)
i18n
- The Japanese message catalog has been updated by SATOH Fumiyasu.
(LP: #1248855)
Bug Fixes and other patches
- Added a reopen command to the sample init.d script in misc/mailman.in.
(LP: #1251917)
- Fixed a misspelling in Tagger.py causing an "unexpected keyword argument
'Delete'" exception. (LP: #1251495)
- Fixed contrib/qmail-to-mailman.py to work with a user other than
'mailman' and to recognize more listname-* addresses. (LP: #412293)
- Fixed a possible UnicodeDecodeError in bin/sync_members. (LP: #1243343)
- Fixed Makefile to not include $DESTDIR in paths compiled into .pyc
files for traceback purposes. (LP: #1241770)
2.1.16 (16-Oct-2013)
New Features
- There is a new list attribute from_is_list to either rewrite the From:
header of posts replacing the posters address with that of the list or
wrap the message in an outer message From: the list for compatability
with DMARC and or ADSP. There is a new mm_cfg.py setting
DEFAULT_FROM_IS_LIST to control the default for new lists, and the
existing REMOVE_DKIM_HEADERS setting has been extended to allow removing
those headers only for certain from_is_list lists. This feature must
be enabled by setting ALLOW_FROM_IS_LIST to Yes in mm_cfg.py. See the
description of these settings in Defaults.py for more detail. This
feature is experimental in 2.1.16, and it is subject to change or to
become just one of the two methods in a subsequent release. People
interested in this feature are encouraged to try it and report their
experiences to the mailman-users@python.org list.
- There is a new DISPLAY_HELD_SUMMARY_SORT_BUTTONS setting which if set
in mm_cfg.py will display a set of radio buttons in the admindb held
message summary to select how the held messages are sorted and grouped
for display. The exact setting determines the default grouping and
sorting. See the description in Defaults.py for details.
- Setting digest_size_threshhold to zero now means no digests will be
sent based on size instead of a digest being sent with every post.
(LP: #558274)
- There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET which will put
a dynamically generated, hidden hash in the listinfo subscribe form and
check it upon submission. Setting this will prevent automated processes
(bots) from successfully POSTing web subscribes without first retrieving
and parsing the form from the listinfo page. The form must also be
submitted no later than FORM_LIFETIME nor no earlier than
SUBSCRIBE_FORM_MIN_TIME after retrieval. Note that enabling this will
break any static subscribe forms on your site. See the description in
Defaults.py for more info. (LP: #1082746)
- add_members now has an option to add members with mail delivery disabled
by admin. (LP: #1070574)
- IncomingRunner now logs rejected messages to the vette log.
(LP: #1068837)
- The name of the mailmanctl master lock file is now congigurable via the
mm_cfg.py setting MASTER_LOCK_FILE. (LP: #1082308)
- list_lists now has an option to list only lists with public archives.
(LP: #1082711)
Contributed programs
- A new import_majordomo_into_mailman.pl script has been contributed by
Geoff Mayes. (LP: #1129742)
- A new "sitemap" bash script has been contributed by Tomasz Chmielewski
<mangoo@wpkg.org> to generate a sitemap.xml file of an installation's
public archives for submission to search engines.
i18n
- The Danish translation has been updated thanks to Tom Christensen.
- Fixed a string in the Czech message catalog. (LP: #1234567)
- A Farsi (Persian) translation has been added thanks to Javad Hoseini and
Mahyar Moghimi.
- Fixed several misspelled or garbled string replacements in the Spanish
message catalog. (LP: #1160138)
- pt_BR message catalog has two new and an updated message per Hugo Koji
Kobayashi. (LP: #1138578)
- German message catalog has been updated per Ralf Hildebrandt.
- Corrected typo in templates/it/private.html.
Bug Fixes and other patches
- Fixed a crash in SpamDetect.py which caused messages with unparseable
RFC 2047 encoded headers to be shunted. (LP: #1235101)
- Fixed cron/disabled to send a fresh cookie when notifying disabled
members. (LP: #1203200)
- Added "message_id" to the interpolation dictionary for the Article.html
template. (LP: #725498)
- Changed the admin GUI to report only the bad entries in a list of email
addresses if any are bad. (LP: #558253)
- Added logging for template errors in HyperArch.py. (LP: #558254)
- Added more explanation to the bad owner address message from
bin/newlist. (LP: #1200763)
- Fixed a bug causing the admin web interface to fail CSRF checking if
the list name contains a '+' character. (LP: #1190802)
- Fixed bin/mailmanctl -s to not remove the master lock if it can't be
determined to be truly stale. (LP: #1189558)
- It is no longer possible to add 'invalid' addresses to the ban_list
and the *_these_nonmembers filters from the check boxes on the admindb
interface. (LP: #1187201)
- Backported recognition for mail.ru DSNs and minor bug fixes from
lp:flufl.bounce. (LP: #1074592, LP: #1079249 and #1079254)
- Defended against buggy web servers that don't include an empty
QUERY_STRING in the CGI environment. (LP: #1160647)
- The Switchboard.finish() method now logs the text of the exception when
it fails to unlink/preserve a .bak file. (LP: #1165589)
- The pending (un)subscriptions waiting approval are now sorted by email
address in the admindb interface as intended. (LP: #1164160)
- The subscribe log entry for a bin/add_members subscribe now identifies
bin/add_members as the source. (LP: #1161642)
- Fixed a bug where the Subject: of the user notification of a
bin/remove_members unsubscribe was not in the user's language.
(LP: #1161445)
- Fixed a bug where BounceRunner could create and leave behind zero length
bounce-events files. (LP: #1161610)
- Added recognition for another Yahoo bounce format. (LP: #1157961)
- Changed configure's method for getting Python's include directory from
distutils.sysconfig.get_config_var('CONFINCLUDEPY') to
distutils.sysconfig.get_python_inc(). (LP: #1098162)
- Added an Auto-Generated: header to password reminders. (LP: #558240)
- Fixed a bug where non-ascii characters in the real name in a subscription
request could throw a UnicodeEncodeError upon subscription approval and
perhaps in other situations too. (LP: #1047100)
- The query fragments send_unsub_notifications_to_list_owner and
send_unsub_ack_to_this_batch will now assume default values if not set
in mass unsubscribe URLs. (LP: #1032378)
- Replaced utf-8 encoded characters in newly added German templates with
HTML entities. (LP: #1018208)
2.1.15 (13-Jun-2012)
Security
- Strengthened the validation of email addresses.
- An XSS vulnerability, CVE-2011-0707, has been fixed.
- The web admin interface has been hardened against CSRF attacks by adding
a hidden, encrypted token with a time stamp to form submissions and not
accepting authentication by cookie if the token is missing, invalid or
older than the new mm_cfg.py setting FORM_LIFETIME which defaults to one
hour. Posthumous thanks go to Tokio Kikuchi for this implementation
which is only one of his many contributions to Mailman prior to his
death from cancer on 14 January 2012.
New Features
- Added a password reminder button to the private archive login page.
Backported from the 2.2 branch.
- There is a new list attribute regular_exclude_ignore set from mm_cfg.py
DEFAULT_REGULAR_EXCLUDE_IGNORE. This defaults to True even though the
prior behavior is equivalent to False. A True setting will ignore an
exclude list if the poster is not a member of that list. The False
setting can result in list members not receiving posts if the nonmember
post is not accepted by the exclude list. Backported from 2.2 branch.
- Eliminated the list cache from the qrunners. Indirect self-references
caused lists to never be dropped from the cache which in turn caused
the qrunners to grow very large in installations with many lists or
multiple large lists. Bug #862683.
- The user options 'list my other subscriptions' page now indicates for
each list if the subscription is 'nomail' or 'digest'. Bug #793669.
- A new list poster password has been implemented. This password may only
be used in Approved: or X-Approved: headers for pre-approving posts.
Using this password for that purpose precludes compromise of a more
valuable password sent in plain text email. Bug #770581.
- A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added.
If this is set to a non-zero value, web authentication cookies will
expire that many seconds following their last use. Its default value is
zero to preserve current behavior.
- A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to control
how much of the original message is included in automatic responses to
email commands. The default is 2 to preserve the prior behavior of
including the full message. Setting this to 1 in mm_cfg.py will include
only the original headers, and 0 will include none of the original. It
is recommended to set this to 0 in mm_cfg.py to minimize the effects of
backscatter. Bug #265835.
- A new mm_cfg.py setting DEFAULT_RESPOND_TO_POST_REQUESTS has been added
to control the default for respond_to_post_requests for new lists. It is
set to Yes for backwards compatibility, but it is recommended that
serious consideration be given to setting it to No. Bug #266051.
- A new mm_cfg.py setting DISCARD_MESSAGE_WITH_NO_COMMAND has been added to
control whether a message to the -request address without any commands or
a message to -confirm whose To: address doesn't match VERP_CONFIRM_REGEXP
is responded to or just logged. It defaults to Yes which is different
from prior behavior. Bug #410236.
- Two new mm_cfg.py settings, BROKEN_BROWSER_WORKAROUND and
BROKEN_BROWSER_REPLACEMENTS, have been added to control escaping of
additional characters beyond the standard <, >, &, and " in the web UI.
See the documentation of these settings in Defaults.py. The default
values for these settings result in no change from the prior release.
Bug #774588.
i18n
- Added some missing German templates from Egon Frerich.
- Added Greek translation from Antonis Limperis.
- A few errors in the Basque translation are fixed. Bug #836861.
- Fixed a misspelling in the German invite.txt template. Bug #815444.
- Fixed a missing format character in the Spanish translation.
Bug #670988.
- Thanks go to the following for updating translations for the changes in
this release.
Thijs Kinkhorst
Stefan Foerster
Fabian Wenk
Bug Fixes and other patches
- Fixed a bug that could send an admin notice of a held subscription with
the subject in the user's preferred language instead of the list's
preferred language and possibly not properly RFC 2047 encoded.
(LP: #998949)
- Fixed a possible CPU bound loop in OutgoingRunner if the attempt to
Connect to the SMTP server throws a socket.error. (LP: #966531)
- Fixed a potential crash in the web UI if a language is removed from the
LC_DESCRIPTIONS dictionary. (LP: #966565)
- Added an Auto-Submitted: header to invitations and (un)subscription
confirmation requests to reduce the possibility of an autoresponder
confirming the request. (LP: #265831)
- Added javascript to the private.html and admlogin.html templates to
focus the cursor on the entry field. (LP: #266054)
- Added CPPFLAGS and LDFLAGS to src/Makefile to support their use.
(LP: #637652)
- Stopped removing the trailing slash from the List-Archive: header URL.
(LP: #964190)
- A configured version of contrib/courier-to-mailman.py is now created in
build/contrib/courier-to-mailman.py. (LP: #999250)
- Subscription disabled warnings are now sent without a Precedence:
header. Bug #808821.
- Backported 2.2 branch fix for a problem in SpamDetect.py that could
cause header_filter_rules to fail to match RFC 2047 encoded headers.
- Fix for bug #629738 could cause a crash in the admindb details display
if the decoded message body contained characters not in the character
set of the list's preferred language. Fixed. Bug #910440.
- Added recognition for another Qmail bounce format.
- Fixed an erroneous seek in the Mailman.Mailbox.Mailbox.AppendMessage
method that could cause a corrupt mailbox for files opened 'w+'.
Bug #901957.
- A held message with a null sender caused a crash in the admindb
interface. This is fixed by changing the sender to <missing>.
Bug #897103.
- Changed subject prefixing to allow for possible whitespace between an
'Re' and the following colon when determining how to add the prefix.
Bug #893290.
- Fixed a problem where topics regexps would not match RFC 2047 encoded
Keywords: and/or Subject: headers. Bug #891676.
- Fixed misleading response to an email approval of a held message.
Bug #889968.
- Added masthead.txt to the list of templates that can be edited via the
web admin interface. Bug #266805.
- Changed the way digest_footer is added to the RFC 1153 (plain) format
digest for RFC compliance. Bug #887610.
- Fixed cron/checkdbs to report unsubscriptions waiting approval.
Bug #873821.
- The fix for BUG #266220 (sf1181161) has been enhanced so that if there
is a pathological HTML part such that the Approved: password text isn't
found, but it is found after stripping out HTML tags, the post is
rejected with an informative message.
- A bug that would cause reset of any new_member_options bits other than
the four displayed as checkboxes on the list admin General Options page
whenever the page was updated or bin/config_list attempted to update
new_member_options has been fixed. Bug #865825.
- A problem with the logic avoiding unnecessarily reloading a current list
object from the config.pck arises if the list is updated by another
process within the same second that it was last read/written. That can
cause the reading of latest version of the list to be skipped. This has
been fixed. Bug #862675.
- Fixed bin/export.py to accept case insensitive password schemes.
Bug #833134.
- Added Tokio Kikuchi's icons to the misc/ and installed icons/
directories. Bug #782474.
- Fixed a problem which could result in raw, undecoded message bodies
appearing in plain digests and archives. Bug #787790.
- Fixed a problem in admindb.py where the character set for the display of
the message body excerpt was not correctly determined. Bug #779751.
- Prevented setting user passwords with leading/trailing whitespace.
Bug #778088.
- Mailman now sets the 'secure' flag in cookies set via https URLs.
Bug #770377.
- Added a logout link to the admindb interface and made both admin and
admindb logout effective for a site admin cookie if allowed.
Bug #769318.
- Replaced the old Mailman logos and icon that install to Mailman's icons
directory with the new ones. If you copy these elsewhere on your
server, please copy these new ones.
- Changed bin/genaliases to only call the POSTFIX_*_CMD commands once when
MTA = 'Postfix'. Bug #266408.
- Added a report of the affected members to the warnings issued when
setting a list with digest members digestable=No and when setting a list
with non-digest members nondigestable=no. Bug #761232.
- Fixed a problem where content filtering could remove the headers from
an attached message/rfc822 part if the message in that part is
multipart/alternative and collapse_alternatives is Yes. Bug #757062.
- Changed the subscribe CGI to strip leading and trailing whitespace from
the supplied email address. Bug #745432.
- Changed the maximum number of arguments for the who command to be
considered administrivia from 2 to 1 to help avoid false positives.
Bug #739524.
- Added the list name as 'display-name' in added Sender: headers to help
mitigate Outlook et al 'on behalf of' displays. Bug #736849.
- Fixed a typo in the usage() definition cron/gate_news. Bug #721015.
- Fixed an uncaught KeyError when poster tries to cancel a post which was
already handled. Bug #266224.
- Held message user notifications now come From: list-owner instead of
list-bounces. Bug #714424.
- Issue an HTTP 404 status for private archive file not found.
- @listname entries in *_these_nonmembers are no longer case sensitive.
Bug #705715.
- Changed bin/rmlist to also remove heldmsg files for the removed list and
fixed a problem with removal of stale locks for the list. Bug #700528.
- Fixed a bug where content filtering could leave a multipart message or
part with just one sub-part. These should be recast to just the sub-part.
Bug #701558.
- Fixed a bug that could erroneously handle posts from addresses in
*_these_nonmembers and send held/rejected notices to bogus addresses when
The From or other sender header is RFC 2047 encoded. Bug #702516.
- Updated contrib/mm-handler-2.1.10 to better handle lists with names that
look like admin addresses. Bug #697161.
- Added bounce recognition for a bogus Dovecot MDN. Bug #693134.
- Fixed a problem where an emailed command in the Subject: header with a
non-ascii l10n of an 'Re:' prefix is ignored. Bug #685261.
- Fixed a problem with approving a post by email when the body of the
approval mail is base64 encoded. Bug #677115.
- Fixed the host name in the From: address of the owner notification from
bin/add_members. Bug #666181.
Changelog:
Fixed in Thunderbird 24.6
MFSA 2014-52 Use-after-free with SMIL Animation Controller
MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
* 2014-06-11: version 1.35
- use just 'postgrey' as process name, instead of '/usr/sbin/postgrey',
because Linux tools are limited to 15 characters (#5)
- Make postgrey work with Perl 5.18 (Yasuhiro KIMURA, #4)
- updated whitelist
* New/changed functionality:
* a single DNS resolver is created for the lifetime of the program,
rather than reinitializing the resolver for each new query.
* bugfixes:
* fix the error message given when an invalid algorithm is
specified in the construction of Mail::DKIM::Signer.
* avoid Perl warning about use of an undefined value in several
places (rt.cpan.org issue #82913).
* speed- improved performance of parsing the message into lines
(rt.cpan.org issue #77902). Patch by Mark Martinec.
* fix DNS queries to use the correct method (txtdata) of Net::DNS
(rt.cpan.org issue #83170). Patch by Mark Martinec.
* fix issue with getting wrong error codes when q= tag is empty
(issue #3011005)
* anti-abuse- prevent a message with thousands of signatures from
thrashing the whole computer (issue #3010997)
* memory usage- significantly reduced memory footprint for
processing a message with a large header and many signatures
* fix error message given when no KeyFile has been specified
(issue #1889690)
* API changes:
* global subroutines resolver() or enable_EDNS0() in module
Mail::DKIM::DNS can be called to specify non-default options
to Net::DNS::Resolver (see also rt.cpan.org issue #80425).
* the Canonicalization::finish_header() method now expects a
argument to be passed to it. In the unusual case that you are
using this method from your own code, please update your code.
* src/mbsync.1:
* don't lie about the default of User
* fix typos
* src/drv_maildir.c:
* don't forget to reset message counts when skipping scan
* remove apparently pointless resetting of recent message count
* src/compat/convert.c:
* error-check renaming of uid mapping database
* error-check reading of old uidvalidity and maxuid files
* src/sync.c:
* error-check committing of sync state
* better error messages for sync state and journal related errors
* remove pointless/counterproductive "Disk full?" error message suffixes
* don't crash in message expiration debug print
* src/compat/config.c:
* fix "inverse copy&pasto" in account labeling code
* don't needlessly quote strings
* write Sync and Expunge to global section if applicable
* don't bother checking impossible condition
* src/main.c:
* fix segfault on passing --{create,expunge}-{master,slave}
* don't needlessly spell out INBOX
* src/drv_imap.c:
* don't crash on malformed response code
* don't crash on truncated LIST response
* fix crash on store without prior fetch with non-UIDPLUS servers
* don't error out if we don't get an X-TUID header
* src/compat/main.c:
* remove pointless pointer assignment
* src/: drv_maildir.c, mdconvert.c:
* fix hypothetical buffer overflows
* close a bunch of fd leaks in error paths
* src/util.c:
* actually use prime numbers for all hash bucket sizes
* src/config.c:
* fix zero MaxSize override in Channels
* src/compat/: config.c, isync.h, util.c:
* rework maildir store mapping
* src/socket.c:
* remove pointless use of AI_V4MAPPED flag
* configure.ac, src/common.h, src/drv_imap.c, src/util.c:
* make date parsing portable, take 2
* src/: drv_maildir.c, sync.c:
* fix _POSIX_SYNCHRONIZED_IO usage
Many of these changes were in response to findings from a Coverity scan.
Fix some conflicting unit tests.
BUILD: Fix bug #195 part II: Compile all binaries with pthreads
support as needed by libopendkim features.
BUILD: Fix packaging damage with autobuild.
2.9.1 2014/03/15
Feature request #177: Add "LuaOnlySigning" so that only the Lua setup
script makes signing requests; suppresses automatic application
of the signing table.
Fix bug #185: odkim.signfor() wasn't processing its arguments properly.
Fix bug #199: Fix use of uninitialized buffer when generating
SMTP response strings due to ADSP rejections.
Fix infinite loop when mlfi_connect() is called with a hostname
starting with a "." character. Reported by Philip Guenther.
Fix loading of refiles when trailing spaces are present in the value.
LIBOPENDKIM: Only call dkiml_dns_close() if there was a
dkiml_dns_service handle set by dkiml_dns_init(). Also,
when closing, reset that handle to NULL.
LIBOPENDKIM: The various dkim_dns_set_*() functions, when passed a
NULL function pointer, merely store it, making the
corresponding function a no-op. Previously, doing
so restored the default.
LIBOPENDKIM: Have dkim_sig_getreportinfo() return descriptors
(if available) regardless of the signer's reporting parameters.
BUILD: Fix bug #188: Clean up last remnants of libstrl.
BUILD: Fix bug #190: Check for HAVE_SUN_LEN in opendkim-db.c.
BUILD: Fix bug #191: Better minimum version checks for libmemcached.
BUILD: Fix bug #192: Different test for libevent.
BUILD: Fix bug #193: Don't throw away user-provided compilation
variables.
BUILD: Fix bug #195: Compile opendkim-genzone with pthreads support.
BUILD: Fix bug #202: Fix pkg-config check for GNUTLS.
BUILD: Fix bug #203: opendkim-genzone requires pthreads.
BUILD: Patch #29: Look for libmilter in lib64.
BUILD: Patch #30: Include libdl when linking in Lua.
BUILD: Don't throw away user-provided compilation variables.
Problem noted by Quanah Gibson-Mount.
BUILD: Rename "--with-mdb" to "--with-lmdb" for consistency
with that package's naming conventions.
CONTRIB: Fix bug #184: Update to contrib/systemd/opendkim.service
MILTERTEST: Add "polite" flag to mt_disconnect().
TOOLS: Fix bug #187: Increase buffer size for the private key in
opendkim-testkey.
TOOLS: Fix opendkim-spam to match the schema found in stats/mkdb.mysql.
Add dependency to net/pear-Net_Sieve.
Please refer UPGRADING from older relase, especially configuration
files are changed.
Please refer CHANGELOG for detail.
* changed english and added Total on qmqtool -s
* added more stats with qmqtool -s -V
* modified some regexs to be arithmetic instead
* changed string finding code:
increased speed
removed fallback routine
use grep -E (egrep) when /pattern/ is used
support case insensitive search with /pattern/i
* rely on PATH instead of statically searching
* improved queue consistency check
* -[lRTLx] /displays/ calculated size
* added -x feature for extended information on a message
* created ./configure ; make ; make install process
(even though we're just a light perl script)
* Many cosmetic improvements to watch-multiple-mimedefangs.tcl
* Fix md_get_bogus_mx_hosts so it checks A records iff a domain has
no MX records.
* Add a forward declaration of rebuild_entity to avoid warnings on
recent Perl versions.
* Reduce potential patch conflicts by switching more DESTDIR support to sed
* Enable `qmail-netqmail` by default
* Install `qmail-viruscan` signatures via CONF_FILES
* With `tls` option, don't generate cert, instruct the user at INSTALL time
That last change also fixes the source build with `tls` enabled on
systems that don't already have a /var/qmail/control, as reported
by Thomas Lazar on pkgsrc-users@.
While here, add a comment with the new location of the qregex patch.
Since it's named strangely, I've also placed a traditionally-named
copy on ftp.n.o.
Bump PKGREVISION.
* Fix IDLE mode regression (it didn't worked) introduced
after v6.5.5 (pointy hat goes to Eygene Ryabinkin, kudos --
to Tomasz Żok)
* Add knob to invoke folderfilter dynamically on each sync (GitHub#73)
* Add knob to apply compression to IMAP connections (Abdó Roig-Maranges)
* Add knob to filter some headers before uploading message
to IMAP server (Abdó Roig-Maranges)
* Allow to sync GMail labels and implement GmailMaildir repository that
adds mechanics to change message labels (Abdó Roig-Maranges)
* Allow to migrate status data across differend backends
(Abdó Roig-Maranges)
* Support XDG Base Directory Specification
(if $XDG_CONFIG_HOME/offlineimap/config exists, use it as the
default configuration path; ~/.offlineimaprc is still tried after
XDG location) (GitHub#32)
* Allow multiple certificate fingerprints to be specified inside
'cert_fingerprint'
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
This is a SECURITY release, addressing a CRITICAL remote code execution
flaw in Exim version 4.82 (only) when built with DMARC support (an
experimental feature, not on by default). This release is identical to
4.82 except for the small change needed to plug the security hole. The
next release of Exim will, eventually, be 4.83, which will include the
many improvements we've made since 4.82, but which will require the
normal release candidate baking process before release.
You are not vulnerable unless you built Exim with EXPERIMENTAL_DMARC.
This issue is known by the CVE ID of CVE-2014-2957, was reported
directly to the Exim development team by a company which uses Exim for
its mail server. An Exim developer constructed a small patch which
altered the way the contents of the From header is parsed by converting
it to use safer and better internal functions. It was applied and
tested on a production server for correctness. We were notified of the
vulnerability Friday night, created a patch on Saturday, applied and
tested it on Sunday, notified OS packagers on Monday/Tuesday, and are
releasing on the next available work day, which is Wednesday.
This is why we have made the smallest feasible changes to prevent
exploit: we want this chagne to be as safe as possible to expedite into
production (if the packages were built with DMARC).
== [release-2-0-3] 2.0.3: 2014-05-20
A bug fix release of 2.0.2
=== Package
==== Improvements
* Drop Ubuntu Quantal (12.10) support
* Drop Ubuntu Raring (13.04) support
* Add Ubuntu Trusty (14.04) support
* Drop Debian squeeze support
* rpm: Update Ruby1.9.3 package for CentOS6 to Ruby1.9.3-p545.
=== milter manager
==== Improvements
* Update bundled libev to 4.15
==== Fixes
* Fix a bug that data_stopper cannot stop apply children
[GitHub #39]
=== Ruby milter
==== Improvements
* Update bundled glib2 to 2.2.0
* Milter::Logger methods can accept a block
=== Document
==== Fixes
* Fix typos in FreeBSD installation
[Patched by Dave Dodd]
=== Thanks
* Dave Dodd
* Editheader extension: Made control characters allowed for editheader,
except NUL. Before, this would cause a runtime error.
+ Upgraded Dovecot-specific Sieve "vnd.dovecot.duplicate" extension to
match the new draft "duplicate" extension.
- Fixed sieve_result_global_log_error to log only as i_info in
administrator log (syslog) if executed from multiscript context.
- Sieve redirect extension: Adjusted loop detection to show leniency to
resent messages.
- Sieve include extension: Fixed problem with handling of duplicate
includes with different parameters :once or :optional.
- Sieve spamtest/virustest extensions: Tests were erroneously performed
against the original message. When used together with extprograms
filter to add the spam headers, the changes were not being used by
the spamtest and virustest extensions.
- Deprecated Sieve notify extension: Fixed segfault problems in message
string substitution.
- ManageSieve: Fixed active link verification to handle redundant path
slashes correctly.
- Sieve vacation extension:
- Fixed interaction of sieve_vacation_dont_check_recipient with
sieve_vacation_send_from_recipient setting.
- Fixed log message for discarded response.
- Sieve extprograms plugin:
- Forgot to disable the alarm() timeouts set for script execution.
- Fixed fd leak and handling of output shutdown.
- Fixed 'Bad filedescriptor' error occurring when disconnecting
script client.
- Made sure that programs are never forked with root privileges.
* Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS
handshake was started but wasn't finished, the login process
attempted to eventually forcibly disconnect the client, but failed
to do it correctly. This could have left the connections hanging
arond for a long time. (Affected Dovecot v1.1+)
+ mdbox: Added mdbox_purge_preserve_alt setting to keep the file
within alt storage during purge. (Should become enforced in v2.3.0?)
+ fts: Added support for parsing attachments via Apache Tika. Enable
with: plugin { fts_tika = http://tikahost:9998/tika/ }
+ virtual plugin: Delay opening backend mailboxes until it's necessary.
This requires mailbox_list_index=yes to work. (Currently IMAP IDLE
command still causes all backend mailboxes to be opened.)
+ mail_never_cache_fields=* means now to disable all caching. This may
be a useful optimization as doveadm/dsync parameter for some admin
tasks which shouldn't really update the cache file.
+ IMAP: Return SPECIAL-USE flags always for LSUB command.
- pop3 server was still crashing in v2.2.12 with some settings
- maildir: Various fixes and improvements to handling compressed mails,
especially when they have broken/missing S=sizes in filenames.
- fts-lucene, fts-solr: Fixed crash on search when the index contained
duplicate entries.
- Many fixes and performance improvements to dsync and replication
- director was somewhat broken when there were exactly two directors
in the ring. It caused errors about "weak users" getting stuck.
- mail_attachment_dir: Attachments with the last base64-encoded line
longer than the rest wasn't handled correctly.
- IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+
- acl: Global ACL file handling was broken when multiple entries
matched the mailbox name. (Only the first entry was used.)
* 3.4.1 (stable)
* Fixed Bug #193: Lose mails when mailbox is inaccessible.
* 3.4.0 (stable)
* 3.4.0rc (release candidate)
* SSL wildcard certificate is also validated now (#167).
* The compile error with OpenSSL disabled was fixed.
* 3.4.0beta8 (development)
* Mac OS X support was improved.
* SSL certificate hostname is validated now (#167).
* The Japanese manual was modified so that IE correctly detect its
character encoding.
* The rightmost column of folder view and summary view became easier to
resize.
* Appropriate columns of folder view, summary view, etc. are
auto-expanded by window resize when using GTK+ 2.14 or later.
* The initial setup dialog is now resizabe.
* PGP encrypt-to-self feature was added.
* The display period of notification window became configurable.
* 3.4.0beta7 (development)
* Win32: the tray icon is recreated when explorer.exe crashes now.
* The bug that 'File - Folder - Move folder...' menu didn't work was
fixed.
* The bug that MIME nest level restriction was not working was fixed.
* Many defects discovered by Coverity Scan were fixed:
- FILE handle resource leaks
- memory leaks
- possible buffer overrun
- strict error checks
- correct null pointer checks
* 3.4.0beta6 (development)
* Icon theme feature was added.
* HTML mail is distinguished from other messages with attachments now.
* 'Last 30 days' was added to the quick search menu.
* Attached images are rotated based on Exif orientation tag.
* Config.guess and config.sub included in the tarball were updated to the
latest version.
* 3.4.0beta5 (development)
* Basque translation was added.
* Escaped special characters in HTML links are now properly unescaped
(#120).
* IMAP: parsing of folder names that contain brackets was fixed.
* Config.guess and config.sub included in the tarball were updated.
* The order of templates became stable.
* 3.4.0beta4 (development)
* The feature to save message as plain text was added.
* Printing now prints all texts in messages, not only the first one.
* The HTML parser now supports <blockquote> tag.
* An option to prefer HTML part in multipart/alternative was added
(default: off).
* Compose window is raised when the external editor exits.
* Bugfixes of HTML display were made.
* 3.4.0beta3 (development)
* Rebuilding of folder tree which was broken at 3.4.0beta1 was fixed
(#103).
* The bug that double-quote (") and backslash (\) in
folder/username/password were not escaped and could not be used on IMAP4
was fixed.
* Quotation of forwarded messages is enabled for template now.
* When marking a message as junk and moving it to a junk folder, proper
junk folder is selected instead of default one.
* When applying a template for a new message, current date is inserted
with '%d'.
* 3.4.0beta2 (development)
* New message notification window was added.
* An option to the junk filter setting was added:
'Do not classify message as junk if sender is in the address book'.
* Some non-standard Date header patterns are handled now.
* Win32: start menu shortcuts are translated.
* 3.4.0beta1 (development)
* Safe mode (which does not load plug-ins) was added (--safe-mode).
* The existence of destination folders are checked when creating a filter
rule.
* The recursion level is restricted up to 64 when scanning local mailbox
(prevents infinite loop with symlink. Note: Linux automatically limits
the symlink loop up to 40)
* The labels used in POP3 remote mailbox dialog was modified.
* POP3: do not disconnect immediately but send QUIT command on normal
POP3 errors (prevents deleted messages appear again).
* IMAP: "INBOX" folder became case insensitive as specified in RFC 3501.
* IMAP: server name for cache directory is escaped now
(fixes cache creation when using IPv6 address for server name on Windows).
* Win32: socket timeout setting now works on Windows.
Bugfixes (fixed in Postfix 2.11 and Postfix 2.12):
* With connection caching enabled (the default), recipients could
be given to the wrong mail server. The root cause was an incorrect
predicate. Due to this, the Postfix SMTP client could under
rare conditions save and restore plaintext connections that
should not be cached, under a fixed lookup key that did not
distinguish by destination. Problem reported by Sahil Tandon.
* Enforce TLS when TLSA records exist, but all are unusable.
* Don't leak memory when TLSA records exist, but all are unusable.
Workarounds:
* Prepend "-I. -I../../include" to the compiler command-line
options, to avoid name clashes with non-Postfix header files.
Documentation cleanup:
* Corrected postconf(1) manpage for missing version attribution
and incorrect "author" formatting.
* The documentation for Postfix > 2.8 TLS activity logging was
incorrect. Loglevel 0 produces no logging. Instead, information
is logged only with loglevel 1 or higher.
Logging cleanup:
* The TLS client logged that an "Untrusted" TLS connection was
established instead of "Anonymous".
* For consistency, TLS policy lookup errors are now logged as
warnings.
The following security problems were fixed in this release:
- MFSA 2014-46 Use-after-free in nsHostResolve
- MFSA 2014-44 Use-after-free in imgLoader while resizing images
- MFSA 2014-43 Cross-site scripting (XSS) using history navigations
- MFSA 2014-42 Privilege escalation through Web Notification API
- MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
- MFSA 2014-37 Out of bounds read while decoding JPG images
- MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service
Installer
- MFSA 2014-34 Miscellaneous memory safety hazards
<Differences between Mew 6.6 and Mew 6.5>
* Better image supports.
* The body encoded with Base64/Quoted-Printable is decoded.
* Catching up to the latest GnuPG.
* Support of ISO-2022-JP-3 was removed in favor of UTF-8.
* The speed to move the cursor in Summary mode got much faster.
* Supporting stunnel 5.
This is a major release. It introduces over two years of bug fixes and
features since the release of SpamAssassin 3.3.2 on June 16, 2011.
3.4.0 includes the Bayes Redis (http://redis.io/) back-end (bug 6879),
EDNS0 changes (bug 6910), native IPv6 support, numerous URIBL.pm changes
or features and a small API change in libspamc (bug 6562) with many other
subtle changes.
* Support for hierarchical mailboxes in Patterns.
* Full support for IMAP pipelining (streaming, parallelization)
added. This is considerably faster especially with high-latency
networks.
* Faster and hopefully more reliable support for IMAP servers without
the UIDPLUS extension (e.g., M$ Exchange).
* More automatic handling of SSL certificates.
* IPv6 support.
* IMAP password query can be scripted.
* Message arrival dates can be propagated.
* Data safety in case of system crashes was improved.
* MaxMessages was made vastly more useful.
OfflineIMAP v6.5.5 (2013-10-07)
===============================
* Avoid lockups for IMAP synchronizations running with the
"-1" command-line switch (X-Ryl669 <boite.pour.spam@gmail.com>)
* Dump stacktrace for all threads on SIGQUIT: ease debugging
of threading and other issues
* SIGHUP is now handled as the termination notification rather than
the signal to reread the configuration (Dmitrijs Ledkovs)
* Honor the timezone of emails (Tobias Thierer)
* Allow mbnames output to be sorted by a custom sort key by specifying
a 'sort_keyfunc' function in the [mbnames] section of the config.
* Support SASL PLAIN authentication method. (Andreas Mack)
* Support transport-only tunnels that requre full IMAP authentication.
(Steve Purcell)
* Make the list of authentication mechanisms to be configurable.
(Andreas Mack)
* Allow to set message access and modification timestamps based
on the "Date" header of the message itself. (Cyril Russo)
* "peritem" format string for [mbnames] got new expansion key
"localfolders" that corresponds to the same parameter of the
local repository for the account being processed.
* [regression] pass folder names to the foldersort function,
revert the documented behaviour
* Fix handling of zero-sized IMAP data items (GitHub#15).
* Updated bundled imaplib2 to 2.35:
- fix for Gmail sending a BYE response after reading >100 messages
in a session;
- includes fix for GitHub#15: patch was accepted upstream.
* Updated bundled imaplib2 to 2.36: it includes support for SSL
version override that was integrated into our code before,
no other changes.
* Fixed parsing of quoted strings in IMAP responses: strings like "\\"
were treated as having \" as the escaped quote, rather than treating
it as the quoted escaped backslash (GitHub#53).
* Execute pre/post-sync hooks during synchronizations
toggled by IMAP IDLE message processing. (maxgerer@gmail.com)
* Catch unsuccessful local mail uploads when IMAP server
responds with "NO" status; that resulted in a loss of such
local messages. (Adam Spiers)
* Don't create folders if readonly is enabled.
* Learn to deal with readonly folders to properly detect this
condition and act accordingly. One example is Gmail's "Chats"
folder that is read-only, but contains logs of the quick chats. (E.
Ryabinkin)
* Fix str.format() calls for Python 2.6 (D. Logie)
* Remove APPENDUID hack, previously introduced to fix Gmail, no longer
necessary, it might have been breaking things. (J. Wiegley)
* Improve regex that could lead to 'NoneType' object has no attribute
'group' (D. Franke)
* Improved error throwing on repository misconfiguration
OfflineIMAP v6.5.4 (2012-06-02)
===============================
* bump bundled imaplib2 library 2.29 --> 2.33
* Actually perform the SSL fingerprint check (reported by J. Cook)
* Curses UI, don't use colors after we shut down curses already (C.Höger)
* Document that '%' needs encoding as '%%' in configuration files.
* Fix crash when IMAP.quickchanged() led to an Error (reported by sharat87)
* Implement the createfolders setting to disable folder propagation (see docs)
OfflineIMAP v6.5.3.1 (2012-04-03)
=================================
* Don't fail if no dry-run setting exists in offlineimap.conf
(introduced in 6.5.3)
OfflineIMAP v6.5.3 (2012-04-02)
===============================
* --dry-run mode protects us from performing any actual action. It will
not precisely give the exact information what will happen. If e.g. it
would need to create a folder, it merely outputs "Would create folder
X", but not how many and which mails it would transfer.
* internal code changes to prepare for Python3
* Improve user documentation of nametrans/folderfilter
* Fixed some cases where invalid nametrans rules were not caught and
we would not propagate local folders to the remote repository.
(now tested in test03)
* Revert "* Slight performance enhancement uploading mails to an IMAP
server in the common case." It might have led to instabilities.
* Revamped documentation structure. `make` in the `docs` dir or `make
doc` in the root dir will now create the 1) man page and 2) the user
documentation using sphinx (requiring python-doctools, and
sphinx). The resulting user docs are in `docs/html`. You can also
only create the man pages with `make man` in the `docs` dir.
* -f command line option only works on the untranslated remote
repository folder names now. Previously folderfilters had to match
both the local AND remote name which caused unwanted behavior in
combination with nametrans rules. Clarify in the help text.
* Some better output when using nonsensical configuration settings
* Improve compatability of the curses UI with python 2.6
pkgsrc changes:
* Add "strongly recommended" dependency on py-sqlite3.
* Remove seemingly outdated MESSAGE.
revision 1.584
date: 2014/02/05 00:40:59; author: gilles; state: Exp; lines: +77 -50
Debug. Print separator given by NAMESPACE even when --sep1 oe --sep2 is used.
Debug. Prints prefix given by NAMESPACE even when --prefix1 or --prefix2 is used.
(Preparation for advising not to use --prefix unless suggested)
----------------------------
revision 1.583
date: 2014/02/04 03:04:35; author: gilles; state: Exp; lines: +15 -11
Bug fix. --ssl1 --tls2 was buggy because of default SSL_VERIFY_PEER. "Can not go to tls encryption on [localhost]:Unable to start TLS: Cannot determine peer hostname for verificationerror:00000000:lib(0):func(0):reason(0)"
----------------------------
revision 1.582
date: 2014/01/24 01:43:19; author: gilles; state: Exp; lines: +20 -12
Bugfix. Check if going to tls is ok, exit otherwise with explicit error message.
Thanks to Dennis Schridde for reporting this ugly bug.
----------------------------
revision 1.581
date: 2014/01/15 02:42:06; author: gilles; state: Exp; lines: +41 -15
Added --debugmaxlinelength
Added --minmaxlinelength to select messages with long lines only.
----------------------------
revision 1.580
date: 2013/12/25 02:52:36; author: gilles; state: Exp; lines: +51 -27
Added --skipcrossduplicates to avoid copying messages that are already copied in another folder.
Added --debugcrossduplicates to print which messages (UIDs) are skipped with --skipcrossduplicates (and in what other folders they are).
----------------------------
revision 1.579
date: 2013/12/18 13:53:19; author: gilles; state: Exp; lines: +9 -8
--maxmessagespersecond, value can be float like 3.2
----------------------------
revision 1.578
date: 2013/12/17 02:14:09; author: gilles; state: Exp; lines: +73 -9
Added --maxbytespersecond to limit byte transfer rate.
Added --maxmessagespersecond to limit messages tranfer rate (office365 throttle limitation).
----------------------------
revision 1.577
date: 2013/12/05 05:57:51; author: gilles; state: Exp; lines: +28 -10
Added tests to play with win32 \\?\C:\TEMP syntax and try to solve long path bug.
----------------------------
revision 1.576
date: 2013/11/19 14:37:24; author: gilles; state: Exp; lines: +19 -14
Added --debugmemory option that prints memory consumption after each message is copied.
----------------------------
revision 1.575
date: 2013/11/06 13:55:38; author: gilles; state: Exp; lines: +12 -7
Do not append message if the fetch failed.
----------------------------
revision 1.574
date: 2013/10/28 16:22:04; author: gilles; state: Exp; lines: +16 -8
Added --create_folder_old in case users want the old behavior of create_folder().
----------------------------
revision 1.573
date: 2013/10/28 14:44:10; author: gilles; state: Exp; lines: +48 -7
Bugfix. Applied patch for create_folder() and nested folders. Thanks to Erik Torsner.
----------------------------
revision 1.572
date: 2013/10/27 02:04:01; author: gilles; state: Exp; lines: +13 -8
Bug fix. Final statistics were avoided for newly created folders.
----------------------------
revision 1.571
date: 2013/10/25 14:34:27; author: gilles; state: Exp; lines: +58 -20
Added --folderfirst <string> : Sync this folder first. --folderfirst "Work"
Added --folderlast <string> : Sync this folder last. --folderlast "[Gmail]/All Mail"
--folderlast <string> : then this one, etc.
----------------------------
revision 1.570
date: 2013/10/25 12:52:02; author: gilles; state: Exp; lines: +7 -7
--delete2foldersonly Junk example.
----------------------------
revision 1.569
date: 2013/10/16 21:58:17; author: gilles; state: Exp; lines: +125 -39
Fixed bug on Windows with --tmpdir "E:\TEMP". The colon was badly converted to _, ending with "E_\TEMP".
The fix also automatically moves the old cache to the new one if the new does not exist yet.
Fix. Example for --delete2foldersonly "/Junk$/" in help message.
----------------------------
revision 1.568
date: 2013/09/28 02:43:51; author: gilles; state: Exp; lines: +25 -13
Bug fix. On Win32 trailing blanc in cache dir name raized an error. Blanc now move to underscore _.
----------------------------
revision 1.567
date: 2013/09/18 20:38:10; author: gilles; state: Exp; lines: +8 -7
Fixed a warning when RFC822.SIZE is null or undef.
----------------------------
revision 1.566
date: 2013/09/13 13:23:41; author: gilles; state: Exp; lines: +11 -12
Added --authmech EXTERNAL. Not tested yet.
----------------------------
revision 1.565
date: 2013/09/13 01:16:20; author: gilles; state: Exp; lines: +8 -6
Fusemail success.
RackSpace success.
(reported by Thomas Lazar), so instead express our local changes
with SUBST_SED at do-configure. Update to the latest TLS/SASL patch.
Bump PKGREVISION.
- fix --idle checking Python version incorrectly, resulting in
incorrect warning about running with Python < 2.5. Thanks: "Voytek",
Krzysztof Warzecha.
- add missing support for SSL certificate checking in POP3 which
broke POP retrieval in v4.45.0. Requires Python 2.6 or newer.
Thanks: "mancha".
Feature request #44: Allow override of the From: field on forensic
reports.
Feature request #45: Log the host portion of ignored
Authentication-Results fields at "debug" level.
Feature request #56: Add "RequiredHeaders" setting to enforce syntax
checks against a message and reject those that don't comply.
Feature request #65: Add "ForensicReportsBcc".
Fix bug #46: Charitable tweak to a couple of log messages.
Fix bug #55: The "SoftwareHeader" setting wasn't being set properly.
Fix bug #58: The "smtp.mailfrom" part of an Authentication-Results
field might contain only a domain name.
Fix bug #60: Default AuthservID to the name provided by the MTA,
not the local host name, which is consistent with what
OpenDKIM does.
Merge request #2: Validate external recipients before adding them to
report recipient lists.
Record all DKIM results to the history file, rather than only
passing results.
BUILD: Fix bug #50: Check libbsd for strlcat() and strlcpy() so we
don't make our own when we don't need to.
CONTRIB: Fix bug #52: Update path to draft RFC in contrib/spec.
CONTRIB: Fix bug #59: Allow database name, userid and password to be
specified on the command line rather than hard-coding them.
DOCS: Fix bug #48: Add a libopendmarc use overview page.
DOCS: Fix bug #53: Add man page for opendmarc-importstats.
REPORTS: Fix bug #51: Check status after every phase of SMTP when
sending reports.
REPORTS: Fix DKIM status importing.
LIBOPENDMARC: Fix bug #68: Fix strict/relaxed checking logic when
a public suffix list is available.
LIBOPENDMARC: Fixed a bug where in some instances the fetch of the
orgainizational domain could wrongly return the from domain.
LIBOPENDMARC: Fix call to missing function.
- perform hostname-vs-certificate matching of SSL certificate if
validating the certifcate. Thanks: "mancha".
- fix missing plaintext versions of documentation.
Updating this leaf package during the freeze for the security fix.
- add extended SSL options for IMAP retrievers, allowing certificate
verification and other features. Thanks: Steven Murdoch.
- fix missing plaintext versions of documentation. Thanks: Osamu Aoki.
- fix "Header instance has no attribute 'strip'" error which cropped
up in some configurations. Thanks: Krzysztof Warzecha.
Updating this leaf package during the freeze for security improvements
and bugfixes.
Changelog:
Fixed in Thunderbird 24.4
MFSA 2014-32 Out-of-bounds write through TypedArrayObject after neutering
MFSA 2014-31 Out-of-bounds read/write through neutering ArrayBuffer objects
MFSA 2014-30 Use-after-free in TypeObject
MFSA 2014-29 Privilege escalation using WebIDL-implemented APIs
MFSA 2014-28 SVG filters information disclosure through feDisplacementMap
MFSA 2014-27 Memory corruption in Cairo during PDF font rendering
MFSA 2014-26 Information disclosure through polygon rendering in MathML
MFSA 2014-17 Out of bounds read during WAV file decoding
MFSA 2014-16 Files extracted during updates are not always read only
MFSA 2014-15 Miscellaneous memory safety hazards (rv:28.0 / rv:24.4)
* 3.3.1 (stable)
* IMAP: "INBOX" folder became case insensitive as specified in RFC 3501.
* IMAP: server name for cache directory is escaped now
(fixes cache creation when using IPv6 address for server name on Windows).
* IMAP: the bug that double-quote (") and backslash (\) in
folder/username/password were not escaped and could not be used on IMAP4
was fixed.
* IMAP: parsing of folder names that contain brackets was fixed.
* Config.guess and config.sub included in the tarball were updated to the
latest version.
* The bug that 'File - Folder - Move folder...' menu didn't work was
fixed.
* The bug that MIME nest level restriction was not working was fixed.
* Many defects discovered by Coverity Scan were fixed:
- FILE handle resource leaks
- memory leaks
- possible buffer overrun
- strict error checks
- correct null pointer checks
* Win32: the tray icon is recreated when explorer.exe crashes now.
* Win32: the included SSL certificates were updated
(based on ca-certificates_20111211_all.deb in Ubuntu 12.04.4 LTS).
- fixed handling of the 'owner' setting for ezmlm-idx > v5
- updated ezmlm-idx version detection
- allow "@" in the path of a mailing list
- add modules Mail::Ezmlm::GpgKeyRing and Mail::Ezmlm::GpgEzmlm
- fixed issues of Mail::Ezmlm::GpgEzmlm with ezmlm-idx v0.4x lists
- added check for external dependency to the test script
In my experience, pop3 server wasn't crashed but it failed to remove
messages in INBOX.
v2.2.12 2014-02-14 Timo Sirainen <tss@iki.fi>
- pop3 server was crashing in v2.2.11
+ acl plugin: Added an alternative global ACL file that can contain
mailbox patterns. See http://wiki2.dovecot.org/ACL for details.
+ imap proxy: Added proxy_nopipelining passdb setting to work around
other IMAP servers' bugs (MS Exchange 2013 especially).
+ Added %{auth_user}, %{auth_username} and %{auth_domain} variables.
See http://wiki2.dovecot.org/Variables for details.
+ Added support for LZ4 compression.
+ stats: Track also wall clock time for commands.
+ pop3_migration plugin improvements to try harder to match the UIDLs
correctly.
- imap: SEARCH/SORT PARTIAL reponses may have been too large.
- doveadm backup: Fixed assert-crash when syncing mailbox deletion.
The main changes in no particular order are:
* Support for PKI-less TLS server certificate verification with
DANE (DNS-based Authentication of Named Entities) where the CA
public key or the server certificate is identified via DNSSEC
lookup. This requires a DNS resolver that validates DNSSEC
replies. The problem with conventional PKI is that there are
literally hundreds of organizations world-wide that can provide
a certificate in anyone's name. DANE limits trust to the people
who control the target DNS zone and its parent zones.
* Support for LMDB databases. Originally developed as part of
OpenLDAP, LMDB is the first persistent Postfix database that
can be shared among multiple writers such as postscreen daemons
(Postfix already supported shared non-persistent memcached
caches). Postfix currently requires LMDB version 0.9.11 or
later. See LMDB_README for details and limitations.
* A new postscreen_dnsbl_whitelist_threshold feature to allow
clients to skip postscreen tests based on their DNSBL score.
This can eliminate email delays due to "after 220 greeting"
protocol tests, which otherwise require that a client reconnects
before it can deliver mail. Some providers such as Google don't
retry from the same IP address, and that can result in large
email delivery delays.
* The recipient_delimiter feature now supports different delimiters,
for example both "+" and "-". As before, this implementation
recognizes exactly one delimiter character per email address,
and exactly one address extension per email address.
* Advanced master.cf query/update support to access service
attributes as "name = value" pairs. For example to turn off
chroot on all services use "postconf -F '*/*/chroot = n'", and
to change/add a "-o name=value" setting use "postconf -P
smtp/inet/name = value". This was developed primarily to allow
automated tools to manage Postfix systems without having to
parse Postfix configuration files.
minor feature additions.
8.14.8/8.14.8 2014/01/26
Properly initialize all OpenSSL algorithms for versions before
OpenSSL 0.9.8o. Without this SHA2 algorithms may not
work properly, causing for example failures for certs
that use sha256WithRSAEncryption as signature algorithm.
When looking up hostnames, ensure only to return those records
for the requested family (AF_INET or AF_INET6).
On system that have NEEDSGETIPNODE and NETINET6
this may have failed and cause delivery problems.
Problem noted by Kees Cook.
A new mailer flag '!' is available to suppress an MH hack
that drops an explicit From: header if it is the
same as what sendmail would generate.
Add an FFR (for future release) to use uncompressed IPv6 addresses,
i.e., they will not contain "::". For example, instead
of ::1 it will be 0:0:0:0:0:0:0:1. This means that
configuration data (including maps, files, classes,
custom ruleset, etc) have to use the same format.
This will be turned on in 8.15. It can be enabled in 8.14
by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_IPV6_FULL')
in your devtools/Site/site.config.m4 file.
Add an additional case for the WorkAroundBrokenAAAA check when
dealing with broken nameservers by ignoring SERVFAIL
errors returned on T_AAAA (IPv6) lookups at delivery time.
Problem noted by Pavel Timofeev of OCS.
If available, pass LOGIN_SETCPUMASK and LOGIN_SETLOGINCLASS to
setusercontext() on deliveries as a different user.
Patch from Edward Tomasz Napierala from FreeBSD.
Avoid compiler warnings from a change in Cyrus-SASL 2.1.25.
Patch from Hajimu UMEMOTO from FreeBSD.
Add support for DHParameters 2048-bit primes.
CONFIG: Accept IPv6 literals when evaluating the HELO/EHLO argument
in FEATURE(`block_bad_helo'). Suggested by Andrey Chernov.
LIBSMDB: Add a missing check for malloc() in libsmdb/smndbm.c.
Patch from Bill Parker.
LIBSMDB: Fix minor memory leaks in libsmdb/ if allocations
fail. Patch from John Beck of Oracle.
Portability:
Add support for Darwin 12.x and 13.x (Mac OS X 10.8 and 10.9).
On Linux use socklen_t as the type for the 3rd argument
for getsockname/getpeername if the glibc version is at
least 2.1.
Added Files:
devtools/OS/Darwin.12.x
devtools/OS/Darwin.13.x
Rspamd is fast, modular and lightweight spam filter. It is designed to work
with big ammount of mail and can be easily extended with own filters written in
lua.
version 2.04: Thu Sep 12 15:46:28 CEST 2013
Fixes:
- one more localize $_ in ::Types::_read_db()
rt.cpan.org#87856 [Gerda Shank]
version 2.03: Wed Sep 4 17:12:27 CEST 2013
Improvements:
- typo in docs, rt.cpan.org#88394 [Gregor Herrmann, Debian]
- require perl 5.8.8, because <:encoding [cpantesters]
- updated IANA
- a bit more DESCRIPTION
version 2.02: Sun Aug 18 12:49:23 CEST 2013
Fixes:
- localize DB and $_ in ::Types::_read_db()
rt.cpan.org#87856 [Gerda Shank]
Rearranged the test scripts to put them in folders by category. This just
makes the directory listing a little more manageable.
Corrected some typos in the README file. Thanks to John Mendoza for reporting
those.
Fixed a very obscure bug in spamdyke_log(): on Linux systems (possibly only
64-bit systems), vsyslog() occasionally will not print all the variable
arguments. One way was found to trigger this behavior -- when the
rdns-blacklist-dir filter is activated from a configuration directory.
Fixed a bug in find_domain() that could cause segfaults when parsing certain
invalid formats. Thanks to Gary Gendel for reporting this one.
Added a backup/restore feature to the "run" script in the "tests" folder to
save a copy of the most critical system and qmail files before running any
scripts. This is needed because some of the scripts alter those files and,
if they don't run correctly or are cancelled, the originals are lost.
Added a "-skipcompile" flag to the "run" script in the "tests" folder to skip
reconfiguring and recompiling all of the binaries when the script is run.
Changed the "run" script in the "tests" folder to empty qmail's queue before
and after the tests are run.
Changed the "run" script in the "tests" folder to compare the current system
and qmail configuration files to the latest backup after every script
finishes. If they don't match, the latest backup is restored. If they
still don't match, the script stops with an error.
Changed nihdns_query() to accept an optional "preferred" type of response. If
multiple types are queried, it will wait for at least one timeout period for
an answer of that type to arrive instead of always accepting the first
answer to arrive. It will accept a saved answer before resending the
queries, however.
NOT BACKWARDS COMPATIBLE: Changed nihdns_mx() to prefer an MX record over an A
record, if both exist. Given the choice, the MX record will be checked for
validity and the A record will be ignored. Thanks to Bruce Schreiber for
suggesting this one.
Fixed filter_level() and smtp_filter() to disregard whitelisting and require
authentication if the "filter-level" option is set to "require-auth", as the
documentation says it should. Thanks to Arne for reporting this one.
Changed nihdns_create_packet() to strip trailing dots from names before using
them in DNS queries. A trailing dot is the traditional way to tell libc's
resolver not to append the local domain name and many sysadmins expect to
have to use it. Since spamdyke never appends the local domain and doesn't
use libc's resolver, it isn't necessary and causes lookups to fail. Thanks
to Dossy Shiobara for reporting this one.
Changed middleman() to always send a "STARTTLS" response to "EHLO" as a
continuation, never as the last line (only when spamdyke is inserting
"STARTTLS"). This works around a bug in the Android mail client, which only
looks for "STARTTLS" as a continuation. Thanks to Jonas Pasche for writing
about how to work around this bug on his blog.
NOT BACKWARDS COMPATIBLE: Changed the meaning of "whitelisted" to only exempt
the connection from spamdyke's spam filters; whitelisting no longer allows
the connection to relay mail. This means spamdyke will now only set the
RELAYCLIENT environment variable if the "relay-level" option is set to
"allow-all". Relaying must now be controlled through tcpserver or xinetd.
Many thanks to Eric Shubert for suggesting and debating this with me.
NOT BACKWARDS COMPATIBLE: Removed the "access-file" and
"rejection-text-access-denied" options because they were only needed for
controlling relaying. Also removed the test scripts that exercised them and
modified many other test scripts that used them.
NOT BACKWARDS COMPATIBLE: Removed the "no-check" value from the "relay-level"
option and changed the meaning of the "normal" value to use the logic
previously assigned to "no-check".
Added the option "reject-sender" to take multiple values. If the value
"not-local" is given, the sender will be rejected if the domain name is not
hosted locally. If the value "authentication-mismatch" is given, the sender
will be rejected if the sender address does not exactly match the username
given during authentication (or if the authentication username is not an
email address, the sender username must match the authentication username).
If the value "authentication-domain-mismatch" is given, the sender will be
rejected if the domain name is not part of the username given during
authentication. Thanks to Mark Frater for suggesting this one.
Added the options "rejection-text-sender-not-local" and
"rejection-text-sender-authentication-mismatch" to set the rejection text
given when the "reject-sender" option's filters are triggered.
NOT BACKWARDS COMPATIBLE: Removed the option "reject-missing-sender-mx" and
folded its filter into the "reject-sender" filter's "no-mx" option.
NOT BACKWARDS COMPATIBLE: Renamed the option
"rejection-text-missing-sender-mx" to "rejection-text-sender-no-mx".
NOT BACKWARDS COMPATIBLE: Renamed the option
"reject-identical-sender-recipient" to "reject-recipient" with the value
"same-as-sender". The functionality remains the same.
NOT BACKWARDS COMPATIBLE: Renamed the option
"rejection-text-identical-sender-recipient" to
"rejection-text-recipient-same-as-sender".
NOT BACKWARDS COMPATIBLE: Renamed the option "local-domains-file" to
"qmail-rcpthosts-file". The naming has always been confusing, since qmail
distinguishes between domains that should be accepted by qmail-smtpd during
SMTP (rcpthosts) and domains that are actually hosted locally with mailboxes
on the local filesystem (locals). These options have always meant the
former, but now that spamdyke needs to know both lists of domains, it's time
to rename them. This option is also now allowed in configuration
directories.
NOT BACKWARDS COMPATIBLE: Removed the option "local-domains-entry" because
supplying domains that can be accepted during SMTP to spamdyke only (but
not qmail) will cause inconsistent results during recipient validation.
If a domain is to be accepted during SMTP, it should be added to the control
files used by both spamdyke and qmail.
Added CDB searching code in cdb.[ch] to read DJB's "constant database" files
during recipient validation. The format of these files is claimed (by DJB)
to be fast and efficient. Don't believe the hype...
Added the option "qmail-morercpthosts-cdb" to allow CDB files to be provided
that contain lists of domains for which mail should be accepted during SMTP.
Does anyone actually use this qmail "feature"?
Poured over qmail's documentation and source code to figure out exactly how
it determines where to deliver a message. The documentation is frequently
in error and extensive testing was required to discover the truth. The
resulting procedure is encapsulated in a flowchart in the documentation
folder.
Added the "generator" program to create test scripts to check every possible
path through the recipient validation flowchart, both with spamdyke in place
and without (to check the flowchart is correct). A program to generate the
scripts was required, since there are nearly 250K possible paths to test.
Added the value "invalid" to the option "reject-recipient" to check if a local
recipient address exists before accepting a message. This validation
process uses the same logic as qmail when deciding whether/where to deliver
a message, so no extra steps are needed to make this work (e.g. maintaining
a list of valid addresses in a separate file). If this process determines
a local address is valid, delivery is guaranteed. This option should
eliminate qmail's habit of sending backscatter spam.
Added the value "unavailable" to the option "reject-recipient" to check if a
local recipient is accepting mail at the moment. Probably as a holdover
from the elder days when people actually edited .qmail files by hand, qmail
checks file permissions on files and folders before delivering a message.
If they are set to certain values, qmail will queue the message until the
permissions are fixed or bounce the message if is queued too long. In these
enlightened times, such permissions are more likely to be due to an error or
oversight than deliberate intent.
Added the options "qmail-assign-cdb", "qmail-defaultdelivery-file",
"qmail-envnoathost-file", "qmail-locals-file", "qmail-me-file",
"qmail-percenthack-file" and "qmail-virtualdomains-file" to allow spamdyke
to use different control files than qmail. It's very unlikely anyone will
ever need these options (and it would be unwise to use them), but they're
available just in case.
Added the option "rejection-text-recipient-invalid" to set the rejection text
when the "invalid" filter on "reject-recipient" is triggered.
Added the option "rejection-text-recipient-unavailable" to set the rejection
text when the "unavailable" filter on "reject-recipient" is triggered.
Removed the function filter_recipient_local() and moved its logic into
filter_recipient_valid().
Removed the function filter_recipient_relay() and moved its logic into
filter_recipient_valid().
Changed the "help" option to just show a listing of available options without
help text.
Added the "more-help" option to show the full listing of options with all help
text.
Added the options "ip-relay-entry", "ip-relay-file", "rdns-relay-entry" and
"rdns-relay-file" to allow relaying from specific IPs and/or rDNS names,
since whitelisting no longer implies the ability to relay. If any of these
options are matched, the RELAYCLIENT variable will be set before qmail is
started.
Created the "create_cdb" program to generate CDB files of arbitrary size,
filled with random data, for testing spamdyke's CDB validation routines.
create_cdb also has the ability to corrupt the generated CDB in seven ways;
this makes for more specific testing than simply using a file of random
garbage.
Removed all uses of the TESTSD_* environment variables from the test scripts
and replaced them with appropriate invocations of dnsdummy. This allows the
test scripts to run without potential interference from external DNS
changes and without needing a running spamdyke server to find example
values.
Fixed smtp_filter() and middleman() to clear the list of saved recipient
addresses after printing the log messages. This prevents duplicate log
messages when multiple email messages are delivered in the same connection.
Thanks to Teodor Milkov and David Davidov for reporting this one.
Added the "-skippatched" and "-skipunpatched" flags to the "run" scripts to
skip any tests that require a patched or unpatched version of qmail,
respectively.
Fixed a minor bug in find_username() that would truncate the last character
of the username when no domain is given. This hasn't been a problem since
spamdyke rejects recipient addresses without domain names anyway, but one
of the recipient validation test scripts found it.
Added the option "tls-dhparams-file" option to read DH params from a file
for creating ephemeral keys during SSL/TLS key negotiation. Thanks to
Marc Gregel for suggesting this one.
Changed all error messages to output the filename, function name and line
number that generated them, just like the debug and excessive messages.
Added a new log level, LOG_LEVEL_CONFIG_TEST, for config-test error messages.
The level is treated much the same as LOG_LEVEL_ERROR except the filename,
function name and line numbers are not printed.
Added a new decision level, FILTER_DECISION_AUTHENTICATED for authenticated
connections. The filter routines use this level to distinguish between
connections that should be unfiltered due to authentication versus
whitelisting.
Added a new config option type: CONFIG_TYPE_ALIAS. Options of this type are
aliases for other options. This eliminates the duplication of values and
potential for oversights in the graylist/greylist options.
Added some code to the "run" script in the "tests" directory to try to detect
core dumps. Some of the tests will declare success even if spamdyke
segfaults and cuts off the output prematurely.
Removed the unused functions reset_rejection() and skip_cfws().
Discovered spamdyke cannot read all the files it needs for recipient
validation during normal operation because they are owned by different users
with restrictive permissions and spamdyke does not run as root. I'm not
sure how I missed that, but it completely moots more than a year of work.
Moved all the recipient valiation code into an external program named
"spamdyke-qrv". This program is meant to only perform recipient validation
and nothing else, so it should be safe to run as root (at least safer than
running spamdyke as root).
Removed the options "qmail-assign-cdb", "qmail-defaultdelivery-file",
"qmail-envnoathost-file", "qmail-locals-file", "qmail-me-file" and
"qmail-percenthack-file" from spamdyke, since the recipient validation code
is gone.
Added the option "recipient-validation-command" for passing the path to
spamdyke-qrv, which will be called when recipient validation is needed.
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
== [release-2-0-1] 2.0.1: 2014-01-24
A bug fix release of 2.0.0.
=== milter manager
==== Improvements
* Support SIGUSR1 signal to reopen log file
==== Fixes
* Drop functionality to report stack trace on crash.
Because it is unsafe for all users. [GitHub #38]
=== milter-core
==== Improvements
* Support log output by MILTER_LOG_PATH environment variable.
=== milter-client
==== Improvements
* Support --log-path option.
=== Ruby milter
==== Improvements
* Support --log-path option.
* Support SIGUSR1 signal to reopen log file.
=== Package
==== Improvements
* Drop Ubuntu Lucid (10.04) support.
* Add Ubuntu Saucy (13.10) support.
* deb: Support Ruby 2.0.0 detection on Debian.
* rpm: Update Ruby1.9.3 package for CentOS6 to Ruby1.9.3-p484.
* Remove auto-generated files from distribution archive.
[Reported by Youhei SASAKI][milter-manager-users-ja:00225]
=== Document
==== Improvements
* Update to the latest milter-greylist RPM.
[Reported by ishizaka tadanori][milter-manager-users-ja:00220]
* Improve English version reference manual.
[GitHub #17]
=== Thanks
* Youhei SASAKI
* ishizaka tadanori
- Comment out master site and home page URL as they don't work anymore.
- Define a license.
- Fix "pkglint warnings.
- Fix build on IRIX by correcting the mistake in the fix for PR pkg/28818.
Bump package revision because binary changed.
+ auth: passdb/userdb dict rewrite to support much more complex
setups. See doc/example-config/dovecot-dict-auth.conf.ext.
The old settings will continue to work.
+ auth: Added userdb result_success/failure/tempfail and skip
settings, similar to passdb's. See
http://wiki2.dovecot.org/UserDatabase
+ imap: Implemented SETQUOTA command for admin user when quota_set is
configured. See http://master.wiki2.dovecot.org/Quota/Configuration
+ quota: Support "*" and "?" wildcards in mailbox names in quota_rules
+ mysql: Added ssl_verify_server_cert=no|yes parameter. This currently
defaults to "no" to make sure nothing breaks, but likely will become
"yes" in Dovecot v2.3.
+ ldap: Added blocking=yes setting to use auth worker processes for
ldap lookups. This is a workaround for now to be able to use multiple
simultaneous LDAP connections.
+ pop3c+dsync performance improvements
- quota-status: quota_grace was ignored
- ldap: Fixed memory leak with auth_bind=yes and without
auth_bind_userdn.
- imap: Don't send HIGHESTMODSEQ anymore on SELECT/EXAMINE when
CONDSTORE/QRESYNC has never before been enabled for the mailbox.
- imap: Fixes to handling mailboxes without permanent modseqs.
(When [NOMODSEQ] is returned by SELECT, mainly with in-memory
indexes.)
- imap: Various fixes to METADATA support.
- stats plugin: Processes that only temporarily dropped privileges
(e.g. indexer-worker) may have been logging errors about not being
able to open /proc/self/io.
Postfix 2.10.3, 2.9.9, and 2.8.17:
* Future proofing against OpenSSL library API changes. When support
for a bug workaround is removed from OpenSSL, the corresponding
named bit in tls_disable_workarounds will be ignored instead
of causing existing Postfix configurations to fail.
All supported releases:
* Future proofing against PCRE library API changes that introduce
the pcre_free_study() function.
* The postconf '-#' option reset prior options instead of adding
to them.
* Correct an error in MULTI_INSTANCE_README Makefile example.
* Correct an error in SASL_README PostgreSQL example.
* Correct a malformed error message in conf/post-install.
This package contains the mutt-kz fork with notmuch support and
another improvements.
The Mutt E-Mail Client by Michael Elkins <me@cs.hmc.edu>
``All mail clients suck. This one just sucks less.'' -me, circa 1995
Mutt is a small but very powerful text-based MIME mail client.
Mutt is highly configurable, and is well suited to the mail power
user with advanced features like key bindings, keyboard macros,
mail threading, color, PGP and S/MIME, POP3, IMAP, various mailbox
formats, regular expression searches and a powerful pattern matching
language for selecting groups of messages.
and tonnerre.
Notmuch is a system for indexing, searching, reading, and tagging
large collections of email messages in maildir or mh format. It uses
the Xapian library to provide fast, full-text search with a convenient
search syntax.
Version 2.11 includes several new features and bug fixes.
Additions include:
Increase encryption of S/MIME encrypted messages.
Alpine requires version 1.0.0c of Openssl to build.
Pico: Improvements in justification of paragraphs: lines that begin with a
quote string, followed by a space were considered individual paragraphs, now
they are considered part of a paragraph. Based on earlier joint work with Jeff
Franklin.
Unix Alpine: Allow local .pinerc file to be a symbolic link.
- Experimental extended support of recognition of UTF-8 in urls based on
information from http://url.spec.whatwg.org.
- Added recognition of ws and wss URIs.
- Add ability to color folder names, directory names, and text in the FOLDER
SCREEN.
- Add the ability to color any token used in the display of the INDEX SCREEN.
- New option preserve-original-fields that adds the ability to preserve To: and
Cc: fields when replying to a message, as specified by original sender.
- Add a _SILENT_ token to the list of tokens for a display filter, so that
Alpine will not redraw the screen when it is unnecessary.
- Added Quota subcommands for printing, forwarding, saving, etc.
Bugs that have been addressed include:
- Crash when a non-compliant SMTP server closes a connection without a QUIT
command.
- Crash when resizing the screen in a configuration screen.
- Do not bail out during a tcp timeout, instead close connection and avoid
crash.
- Do not use a shell to open a browser.
- Configure script did not test for crypto or pam libraries.
- Configure script attempted to build web component, even if header file tcl.h
was not present.
- Change Cygwin directory separator to "/".
- Alpine could set List- headers, contrary to RFC 2369.
This needs more work but at least allows the package to be built. However,
it segfaults when you try to compose a message. It looks like there are
issues with format strings.
Changelog:
FIXED
Security fixes can be found here
FIXED
Fixed an issue where long messages with multiple signatures could end up unreadable (bug 929006)
FIXED
Fixed an issue where editing account settings was not possible in some non-standard configurations of local folder set-ups (bug 921371)
Fixed in Thunderbird 24.2
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
NOTE: During the development cycle for this release, SourceForge
changed their bug numbering system. Bug numbers are recorded
here as they were generated by the current system at the time
they were filed. The older ones (prefixed "SF") have since
been renumbered or may no longer be in the system.
Feature request #169: Discontinue libxml2 support in the reputation
code.
Feature request #174: Drop internal libstrl implementation.
Feature request #175: Discontinue support for libdkimrep.
Feature request #176: Update to the final REPUTE RFCs.
Activate _FFR_REDIRECT.
Fix bug #178: Add support for "dmarc" as an authentication method
(though it hasn't been formally registered yet) and fix
a minor Authentication-Results parsing problem.
Fix bug #179: Correct handling of SignatureTTL.
Fix bug #180: Drain results object when doing a DB walk of a postgresql
table.
Fix bug #182: Add an Authentication-Results header field even for
messages with no valid From: field or a fatal structural
violation.
Teach dkimf_db_walk() about LDAP soft starting, and don't escape the
forced "*" when walking. Also handle incorrect attribute
counts without causing an assertion failure.
Call dkimf_config_free() on shutdown so that all DBs get properly
closed and everything gets deallocated.
LIBOPENDKIM: Fix bug #168: Report an unresolved CNAME for ADSP records
as simply absent.
LIBOPENDKIM: Add DKIM_LIBFLAGS_REQUESTREPORTS to request that an
"r=y" tag be added to signatures, per RFC6651.
TOOLS: Fix boundary condition in opendkim-testmsg.
DOCS: Feature request #168: Improve documentation of signature
verification failure debugging features.
DOCS: Feature request #172: Describe socket selection procedure in
detail, and mention selinux command to get set up.
source package for providing DMARC report generation and policy enforcement
services. It includes a library for handling DMARC record parsing,
a database schema and tools for aggregating and processing transaction
history to produce DMARC reports, and a filter that ties it all together
with an MTA using the milter protocol.
Fixed in Thunderbird 24.1.1
MFSA 2013-103 Miscellaneous Network Security Services (NSS) vulnerabilities
TODO: put sdk common files into their own PLIST in order to simplify updates to
PLIST.enigmail and PLIST.lightning.
+ Full text search indexing can now be done automatically after
saving/copying mails by setting plugin { fts_autoindex=yes }
+ replicator: Added replication_dsync_parameters setting to pass
"doveadm sync" parameters (for controlling what to replicate).
+ Added mail-filter plugin
+ Added liblzma/xz support (zlib_save=xz)
- v2.2.8's improved cache file handling exposed several old bugs
related to fetching mail headers.
- v2.2.7's iostream handling changes were causing some connections
to be disconnected before flushing their output (e.g. POP3 logout
message wasn't being sent)
+ Mail cache lookups work for the mail being saved. This improves
performance by avoiding the need to parse the mail multiple times
when using some plugins (e.g. mail_log).
+ Mail cache works for recently cached data also with in-memory
indexes.
+ imapc: Many performance improvements, especially when working with
dsync. Also added imapc_feature=fetch-headers which allows using
FETCH BODY.PEEK[HEADER.FIELDS (..)] to avoid reading the entire
header.
+ mail_location = ..:FULLDIRNAME=dbox-Mails is the same as
:DIRNAME=dbox-Mails, but it will also be used for
:INDEX and :CONTROL directories. (It should have worked this way
from the beginning, but can't be changed anymore without breaking
existing installations).
- Fixed infinite loop in message parsing if message ends with
"--boundary" and CR (without LF). Messages saved via SMTP/LMTP can't
trigger this, because messages must end with an "LF.". A user could
trigger this for him/herself though.
- lmtp: Client was sometimes disconnected before all the output was
sent to it.
- imap_zlib plugin caused crashes during client disconnection in
v2.2.7
- replicator: Database wasn't being exported to disk every 15 minutes
as it should have. Instead it was being imported, causing "doveadm
replicator remove" commands to not work very well.
as defined by RFC 5321, with some additional standard extensions.
It allows ordinary machines to exchange e-mails with other systems
speaking the SMTP protocol.
Started out of dissatisfaction with other implementations, OpenSMTPD
nowadays is a fairly complete SMTP implementation.
OpenSMTPD is primarily developed by Gilles Chehade, Eric Faurot and
Charles Longeau; with contributions from various OpenBSD hackers.
* add external css file: mailgraph.css
-> you will need to add this file to where mailgraph.cgi is
* add support for exim
* add support for SpamAssassin milter
* update support for amavis-milter
* update support for amavisd-new
* update support for spamproxyd
* --ignore-host can now be specified multiple times
Mozilla Thunderbird is a redesign of the Mozilla mail component. The
goal is to produce a cross platform stand alone mail application using
the XUL user interface language. This version uses the gtk2 toolkit.
This package tracks 24 ESR release branch.
Changelog:
24.1.
FIXED
Fixed an issue where signatures were shown in too lighter grey making them difficult to read (bug 917906)
FIXED
Fixed an issue where Auto CC for reply might not work if the cc address is the same as the sending address (bug 917231)
FIXED
Security fixes can be found here
Fixed in Thunderbird 24.0
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
24.0
NEW
Message threads can now be ignored or watched
NEW
Emails can now be sent to IDN based email addresses
NEW
Zoom functionality is now available in the compose window
CHANGED
In the Compose window, ctrl/cmd + and ctrl/cmd - now change the zoom setting rather than the font size
CHANGED
In Twitter, replying to a tweet now replies to all users, just like on the Twitter website
FIXED
Interactions in the filter list dialogs have been improved
FIXED
In Chat user nicknames are now highlighted when mentioned
FIXED
In IRC, long messages will now be sent in multiple parts instead of being cut off
FIXED
Various security fixes
Fixed in Thunderbird 24.1
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
* Some usage of passdb checkpassword could have been exploitable by
local users. You may need to modify your setup to keep it working.
See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
+ auth: Added ability to truncate values logged by
auth_verbose_passwords (see 10-logging.conf comment)
+ mdbox: Added "mdbox_deleted" storage, which can be used to access
messages with refcount=0. For example: doveadm import
mdbox_deleted:~/mdbox "" mailbox inbox subject oops
+ ssl-params: Added ssl_dh_parameters_length setting.
- master process was doing a hostname.domain lookup for each created
process, which may have caused a lot of unnecessary DNS lookups.
- dsync: Syncing over 100 messages at once caused problems in some
situations, causing messages to get new UIDs.
- fts-solr: Different Solr hosts for different users didn't work.
- Possible to build again with OpenSSL older than version 1.0.1 (was a
requirement for the previous release due to new protocols TLS 1.1/1.2).
- Support for reading the configuration from the standard input stream.
- New makefile dist target, which can be used to create distribution archives.
1. New command-line option -bI:sieve will list all supported sieve extensions
of this Exim build on standard output, one per line.
ManageSieve (RFC 5804) providers managing scripts for use by Exim should
query this to establish the correct list to include in the protocol's
SIEVE capability line.
2. If the -n option is combined with the -bP option, then the name of an
emitted option is not output, only the value (if visible to you).
For instance, "exim -n -bP pid_file_path" should just emit a pathname
followed by a newline, and no other text.
3. When built with SUPPORT_TLS and USE_GNUTLS, the SMTP transport driver now
has a "tls_dh_min_bits" option, to set the minimum acceptable number of
bits in the Diffie-Hellman prime offered by a server (in DH ciphersuites)
acceptable for security. (Option accepted but ignored if using OpenSSL).
Defaults to 1024, the old value. May be lowered only to 512, or raised as
far as you like. Raising this may hinder TLS interoperability with other
sites and is not currently recommended. Lowering this will permit you to
establish a TLS session which is not as secure as you might like.
Unless you really know what you are doing, leave it alone.
4. If not built with DISABLE_DNSSEC, Exim now has the main option
dns_dnssec_ok; if set to 1 then Exim will initialise the resolver library
to send the DO flag to your recursive resolver. If you have a recursive
resolver, which can set the Authenticated Data (AD) flag in results, Exim
can now detect this. Exim does not perform validation itself, instead
relying upon a trusted path to the resolver.
Current status: work-in-progress; $sender_host_dnssec variable added.
5. DSCP support for outbound connections: on a transport using the smtp driver,
set "dscp = ef", for instance, to cause the connections to have the relevant
DSCP (IPv4 TOS or IPv6 TCLASS) value in the header.
Similarly for inbound connections, there is a new control modifier, dscp,
so "warn control = dscp/ef" in the connect ACL, or after authentication.
Supported values depend upon system libraries. "exim -bI:dscp" to list the
ones Exim knows of. You can also set a raw number 0..0x3F.
6. The -G command-line flag is no longer ignored; it is now equivalent to an
ACL setting "control = suppress_local_fixups". The -L command-line flag
is now accepted and forces use of syslog, with the provided tag as the
process name. A few other flags used by Sendmail are now accepted and
ignored.
7. New cutthrough routing feature. Requested by a "control = cutthrough_delivery"
ACL modifier; works for single-recipient mails which are recieved on and
deliverable via SMTP. Using the connection made for a recipient verify,
if requested before the verify, or a new one made for the purpose while
the inbound connection is still active. The bulk of the mail item is copied
direct from the inbound socket to the outbound (as well as the spool file).
When the source notifies the end of data, the data acceptance by the destination
is negociated before the acceptance is sent to the source. If the destination
does not accept the mail item, for example due to content-scanning, the item
is not accepted from the source and therefore there is no need to generate
a bounce mail. This is of benefit when providing a secondary-MX service.
The downside is that delays are under the control of the ultimate destination
system not your own.
The Recieved-by: header on items delivered by cutthrough is generated
early in reception rather than at the end; this will affect any timestamp
included. The log line showing delivery is recorded before that showing
reception; it uses a new ">>" tag instead of "=>".
To support the feature, verify-callout connections can now use ESMTP and TLS.
The usual smtp transport options are honoured, plus a (new, default everything)
hosts_verify_avoid_tls.
New variable families named tls_in_cipher, tls_out_cipher etc. are introduced
for specific access to the information for each connection. The old names
are present for now but deprecated.
Not yet supported: IGNOREQUOTA, SIZE, PIPELINING.
8. New expansion operators ${listnamed:name} to get the content of a named list
and ${listcount:string} to count the items in a list.
9. New global option "gnutls_allow_auto_pkcs11", defaults false. The GnuTLS
rewrite in 4.80 combines with GnuTLS 2.12.0 or later, to autoload PKCS11
modules. For some situations this is desirable, but we expect admin in
those situations to know they want the feature. More commonly, it means
that GUI user modules get loaded and are broken by the setuid Exim being
unable to access files specified in environment variables and passed
through, thus breakage. So we explicitly inhibit the PKCS11 initialisation
unless this new option is set.
Some older OS's with earlier versions of GnuTLS might not have pkcs11 ability,
so have also added a build option which can be used to build Exim with GnuTLS
but without trying to use any kind of PKCS11 support. Uncomment this in the
Local/Makefile:
AVOID_GNUTLS_PKCS11=yes
10. The "acl = name" condition on an ACL now supports optional arguments.
New expansion item "${acl {name}{arg}...}" and expansion condition
"acl {{name}{arg}...}" are added. In all cases up to nine arguments
can be used, appearing in $acl_arg1 to $acl_arg9 for the called ACL.
Variable $acl_narg contains the number of arguments. If the ACL sets
a "message =" value this becomes the result of the expansion item,
or the value of $value for the expansion condition. If the ACL returns
accept the expansion condition is true; if reject, false. A defer
return results in a forced fail.
11. Routers and transports can now have multiple headers_add and headers_remove
option lines. The concatenated list is used.
12. New ACL modifier "remove_header" can remove headers before message gets
handled by routers/transports.
13. New dnsdb lookup pseudo-type "a+". A sequence of "a6" (if configured),
"aaaa" and "a" lookups is done and the full set of results returned.
14. New expansion variable $headers_added with content from ACL add_header
modifier (but not yet added to messsage).
15. New 8bitmime status logging option for received messages. Log field "M8S".
16. New authenticated_sender logging option, adding to log field "A".
17. New expansion variables $router_name and $transport_name. Useful
particularly for debug_print as -bt commandline option does not
require privilege whereas -d does.
18. If built with EXPERIMENTAL_PRDR, per-recipient data responses per a
proposed extension to SMTP from Eric Hall.
19. The pipe transport has gained the force_command option, to allow
decorating commands from user .forward pipe aliases with prefix
wrappers, for instance.
20. Callout connections can now AUTH; the same controls as normal delivery
connections apply.
21. Support for DMARC, using opendmarc libs, can be enabled. It adds new
options: dmarc_forensic_sender, dmarc_history_file, and dmarc_tld_file.
It adds new expansion variables $dmarc_ar_header, $dmarc_status,
$dmarc_status_text, and $dmarc_used_domain. It adds a new acl modifier
dmarc_status. It adds new control flags dmarc_disable_verify and
dmarc_enable_forensic.
22. Add expansion variable $authenticated_fail_id, which is the username
provided to the authentication method which failed. It is available
for use in subsequent ACL processing (typically quit or notquit ACLs).
23. New ACL modifer "udpsend" can construct a UDP packet to send to a given
UDP host and port.
24. New ${hexquote:..string..} expansion operator converts non-printable
characters in the string to \xNN form.
25. Experimental TPDA (Transport Post Delivery Action) function added.
Patch provided by Axel Rau.
26. Experimental Redis lookup added. Patch provided by Warren Baker.
Changes since 2.61 are difficult to ascertain. There is no useful
upstream changelog, and the full Debian one primarily includes
packaging changes only. However, there appear to have at least been
some security fixes.
RELEASE 0.9.5
-------------
- Fix failing vCard import when email address field contains spaces (#1489386)
- Fix default spell-check configuration after Google suspended their spell service
- Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
- Fix iframe onload for upload errors handling (#1489379)
- Fix address matching in Return-Path header on identity selection (#1489374)
- Fix text wrapping issue with long unwrappable lines (#1489371)
- Fixed mispelling: occured -> occurred (#1489366)
- Fixed issues where HTML comments inside style tag would hang Internet Explorer
- Fix setting domain in virtualmin password driver (#1489332)
- Hide Delivery Status Notification option when smtp_server is unset (#1489336)
- Display full attachment name using title attribute when name is too long to display (#1489320)
- Fix attachment icon issue when rare font/language is used (#1489326)
- Fix expanded thread root message styling after refreshing messages list (#1489327)
- Fix issue where From address was removed from Cc and Bcc fields when editing a draft (#1489319)
- Fix error_reporting directive check (#1489323)
- Fix de_DE localization of "About" label in Help plugin (#1489325)
pax -rw, the destination directory must exist. pax in NetBSD creates it if
not, pax in MirBSD complains. I read through all pkgsrc Makefiles that use
pax and added an entry to INSTALLATION_DIRS, or an INSTALL_DATA_DIR
invocation.
I did not test all the changes but they should be fairly safe. If you notice
any breakage because of this change, please contact me.
* Fix fallback for titles that contain malformed HTML.
* Fix atomic saves to avoid garbling config and data files if the disk is full.
* Convert the `friendly-name` boolean to the new `name-format`
setting. This allow users to customize how the friendly name is
constructed.
* Demote guessed encodings logs from 'error' to 'warning'.
* Incompatible change in Sieve doveadm plugin: the root attribute for
Sieve scripts is changed. Make sure that you update both sides of a
dsync setup simultaneously when Sieve is involved, otherwise
synchronization will likely fail.
+ Added support for sending Sieve vacation replies with an actual
sender, rather than the default <> sender. Check the updated
doc/extensions/vacation.txt for more information.
- Fixed a binary code read problem in the `set' command of the Sieve
variables extension. Using the set command with a modifier and an
empty string value would cause code corruption problems while running
the script.
- Various fixes for doveadm-sieve plugin, mostly crashes. These include
a fix for the `Invalid value for default sieve attribute' problem.
- Various fixes for compiler and static analyzer warnings, e.g. as
reported by CLang and on 32 bit systems.
- Fixed the implementation of the new :options flag for the Sieve
include extension.
- Fixed potential segfault bug at deinitialization of the lda-sieve
plugin.
- Fixed messed up hex output for sieve-dump tool.
* acl: If public/shared namespace has a shared subscriptions file for
all users, don't list subscription entries that are not visible to
the user accessing it.
+ doveadm: Added "auth lookup" command for doing passdb lookup.
+ login_log_format_elements: Added %{orig_user}, %{orig_username}
and %{orig_domain} expanding to the username exactly as sent by
the client (before any changes auth process made).
+ Added ssl_prefer_server_ciphers setting.
+ auth_verbose_passwords: Log the password also for unknown users.
+ Linux: Added optional support for SO_REUSEPORT with
inet_listener { reuse_port=yes }
- director: v2.2.5 changes caused "SYNC lost" errors
- dsync: Many fixes and error handling improvements
- doveadm -A: Don't waste CPU by doing a separate config lookup
for each user
- Long-running ssl-params process no longer prevents Dovecot restart
- mbox: Fixed mailbox_list_index=yes to work correctly
Based on PR pkg/48254 by Leonardo Taccari.
pkgsrc changes:
* add options.mk: now fdm supports "debug" and "pcre" options (previously the
PCRE support was always included).
Changes:
* Add mbox tags for messages fetched from a mbox
* Detect GMail's XYZZY capability for IMAP and use it to try and workaround
some of their broken behaviour (incorrectly reported message sizes).
* Print a warning on missing maildirs when fetching from them rather than
crashing or giving an error. Reported by Frank Terbeck.
* Introduce a configure script and tidy up build infrastructure.
* GMail IMAP doesn't correctly set the \Seen flag after UID FETCH BODY[], so
explicitly set it with STORE when mail is kept. Reported by Patrice Clement.
* Properly count mails when polling multiple folders on a single IMAP server,
reported by Claudio M. Alessi.
* Support user and pass on NNTP, requested by Michael Hamann.
* Escape . properly when delivering to SMTP.
* Don't be as strict about format at the end of messages when using IMAP -
accept additional information as well as FLAGS. Reported by rivo nurges.
2.10.2
* TLS Interoperability workaround: turn on SHA-2 digests by force. This
improves interoperability with clients and servers that deploy SHA-2 digests
without the required support for TLSv1.2-style digest negotiation.
* TLS Performance workaround: the Postfix SMTP server TLS session cache had
become ineffective because recent OpenSSL versions enable session tickets by
default, resulting in a different ticket encryption key for each smtpd(8)
process. The workaround turns off session tickets. Postfix 2.11 will enable
session tickets properly.
* TLS Interoperability workaround: Debian Exim versions before 4.80-3 may fail
to communicate with Postfix and possibly other MTAs, with the following Exim
SMTP client error message:
TLS error on connection to server-name [server-address]
(gnutls_handshake): The Diffie-Hellman prime sent by the server is not
acceptable (not long enough)
See the RELEASE_NOTES file for a Postfix SMTP server configuration
workaround.
* Bugfix (defect introduced: 1997): memory leak while forwarding mail with the
local(8) delivery agent, in code that handles a cleanup(8) server error.
2.10.1
* Workaround: down-stream maintainers fail to install the new
smtpd_relay_restrictions safety net, causing breakage that could have been
avoided. We now hard-code the safety net instead.
2.10.0
* Separation of relay policy (with smtpd_relay_restrictions) from spam policy
(with smtpd_{client, helo, sender, recipient}_restrictions), which makes
accidental open relay configuration less likely. The default is backwards
compatible.
* HAproxy load-balancer support for postscreen(8) and smtpd(8). The nginx
proxy was already supported by Postfix 2.9 smtpd(8), using XCLIENT commands.
* Support for the TLSv1 and TLSv2 protocols, as well as support to turn them
off if needed for inter-operability.
* Laptop-friendly configuration. By default, Postfix now uses UNIX-domain
sockets instead of FIFOs, and thus avoids MTIME file system updates on an
idle mail system.
* Revised postconf(1) command. The "-x" option expands $name in a parameter
value (both main.cf and master.cf); the "-o name=value" option overrides a
main.cf parameter setting; and postconf(1) now warns about a $name that has
no name=value setting.
* Sendmail-style "socketmap" lookup tables.
Changelog:
The following security bug fixes should be applied to thunderbird-17.0.9.
But I cannot find any documents.
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
MFSA 2013-65 Buffer underflow when generating CRMF requests
based on mail/gmime before updated to incompatible 2.6, with patches for new
glib2 borrowed by mail/gmime24.
approved by wiz@ dureing freeze.
GMime is a set of utilities for parsing and creating messages using the
Multipurpose Internet Mail Extension (MIME) as defined by the following RFCs:
* 0822: Standard for the Format of Arpa Internet Text Messages
* 1521: MIME (Multipurpose Internet Mail Extensions) Part One: Mechanisms for
Specifying and Describing the Format of Internet Message Bodies
* 1847: Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted
* 1864: The Content-MD5 Header Field (Obsoletes rfc1544)
* 2015: MIME Security with Pretty Good Privacy (PGP)
* 2045: Multipurpose Internet Mail Extensions (MIME) Part One:
Format of Internet Message Bodies
* 2046: Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types
* 2047: Multipurpose Internet Mail Extensions (MIME) Part Three:
Message Header Extensions for Non-ASCII Text
* 2048: Multipurpose Internet Mail Extensions (MIME) Part Four:
Registration Procedures
* 2049: Multipurpose Internet Mail Extensions (MIME) Part Five:
Conformance Criteria and Examples
* 2183: Communicating Presentation Information in Internet Messages:
The Content-Disposition Header Field
* 2184: MIME Parameter Value and Encoded Word Extensions: Character
Sets, Languages, and Continuations
* 2231: MIME Parameter Value and Encoded Word Extensions: Character
Sets, Languages, and Continuations (Obsoletes rfc2184)
* 3156: MIME Security with OpenPGP (Updates rfc2015)
option for sendmail.cf. it is required in order to remove weak ciphers,
and enforce Forward Secrecy on modern MUA
Usage example:
O CipherList=DH@STRENGTH:HIGH:!MD5:!DES:!aNULL:!eNULL
== 1.25 / 2013-08-30
* New Features:
* Adding lazy loading and caching functionality to the default data based on
work done by Greg Brockman (gdb).
* Bugs:
* Force the default internal application encoding to be used when reading the
MIME types database. Based on a change by briangamble, found in the rapid7
fork.
* New extensions:
* mjpeg (video/x-motion-jpeg) based on a change by punkrats, found in the
vidibus fork.
* Modernized MiniTest configuration.
== 1.24 / 2013-08-14
* Code Climate:
* Working on improving the quality of the mime-types codebase through the use
of Code Climate. https://codeclimate.com/github/halostatue/mime-types
* Simplified MIME::Type.from_array to make more assumptions about assignment.
* Documentation:
* LeoYoung <mrleoyoung@gmail.com> pointed out that the README.rdoc contained
examples that could never possibly work because MIME::Types#[] returns (for
all the versions I have handy) an array, not a single type. I have updated
README.rdoc to reflect this.
* Removed Nokogiri as a declared development dependency. It is still required
if you're going to use the IANA parser functionality, but it is not necessary
for most development purposes. This has been removed to ensure that Travis CI
passes on Ruby 1.8.7.
* New MIME Types:
* 7zip (application/x-7z-compressed). Fixes a request by kodram.
https://github.com/halostatue/mime-types/issues/32
* application/x-www-form-urlencoded. Fixes a request by alexkwolfe.
https://github.com/halostatue/mime-types/issues/39
* Various new MIME types from IANA:
* application/mbms-schedule\+xml from 3GPP and Turcotte.
* application/provenance\+xml from W3C and Herman.
* application/session-info from 3GPP and Firmin.
* application/urc-grpsheet\+xml, application/urc-targetdesc\+xml,
application/uisocketdesc\+xml from Zimmermann.
* application/api\+json from Klabnik.
* application/vnd.etsi.pstn\+xml from Han and Belling.
* application/vnd.fujixerox.docuworks.container from Tashiro.
* application/vnd.windows.devicepairing from Dandawate.
* video/vnd.radgamettools.bink and video/vnd.radgamettools.smacker from
Andersson.
* Updated MIME Types:
* RFC 6960 was adopted (application/ocsp-request and application/ocsp-response).
pkgsrc changes:
* Make installer work.
* Add various dependency to PHP extensions.
RELEASE 0.9.4
-------------
- Make identities matching case insensitive (#1485480)
- Fix issue where too big message data was stored in cache causing sql errors
(#1489316)
- Fix iframe scrollbars on webkit desktop browsers (#1489306)
- Fix issue where legacy config was overriden by default config (#1489288)
- Fix newmail_notifier issue where favicon wasn't changed back to default
(#1489313)
- Fix setting of Junk and NonJunk flags by markasjunk plugin (#1489285)
- Fix lack of Reply-To address in header of forwarded message body (#1489298)
- Fix bugs when invoking contact creation form when read-only addressbook is
selected (#1489296)
- Fix identity selection on reply (#1489291)
- Fix so additional headers are added to all messages sent (#1489284)
- Fix display issue after moving folder in Folder Manager (#1489293)
- Fix handling of non-default date formats (#1489294)
- Fix unquoted path in PREG expression on Windows (#1489290)
- Fix Junk folder icon alignment when it's nested in inbox folder (#1489292)
- Fix wrong close tag in /template/mail.html (#1489295)
