Real changes are in devel/devel/ruby-activestorage61 only.
## Rails 6.1.3.1 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
Real changes are in devel/ruby-activestorage60 only.
## Rails 6.0.3.6 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
Real changes are in devel/ruby-activestorage52 only.
## Rails 5.2.5 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
* The Poppler PDF previewer renders a preview image using the original
document's crop box rather than its media box, hiding print margins. This
matches the behavior of the MuPDF previewer.
*Vincent Robert*
* Drop support for Python 3.5, add support for Python 3.9
* Switch to feedparser 6
* Switch to poetry instead of requirements.txt
* Make the `verbose` flag in the config file actually have an impact,
and have it default to `info`
* Improve log messages
* Remove documentation of `smtp-ssl-protocol` as this option was
dropped in 2016
* Stop forging SMTP and sendmail envelope sender (#134)
* Add sendmail_config option
* Log sendmail output
* Support multipart/alternative emails with both HTML and plain text
parts with option `multipart-html`
* Add inline-links option, allowing links to be sent to the bottom of
the paragraph
* Add wrap-links option, preventing links from be wrapped over
multiple lines
* Stop looking in $XDG_DATA_DIRS for the database, and only look in
$XDG_DATA_HOME
* Warnings about HTTP content-type being unexpected now properly display
* Make the proxy parameter also affect https connections
* Add a --clean argument on the run command to reduce the database size
* Set body element attribute dir=auto in HTML mail
* Store the lock file in XDG_RUNTIME_DIR instead of /tmp
If RequiredFrom is set, opendmarc will reject messages that lack
a From header from which a valid domain can be extracted. This
is a subset of the full RFC5322 requirements enforced by the
RequiredHeaders option.
While non RFC5322-compliant messages are too common to make
RequiredHeaders always usable, the check on the From header
remains especially valuable. It makes sure forged domain messages
cannot evade the filter by just omitting the From header and relying
on the MTA to fill it by a copy from the enveloppe header.
Submitted upstream as
https://github.com/trusteddomainproject/OpenDMARC/pull/147
Changelog:
Fixes
New mail notification displayed old messages that were unread
Spaces following soft line breaks in messages using quoted-printable and format
=flowed were incorrectly encoded; existing messages which were previously
incorrectly encoded may now display with some words not separated by a space
Some fields were unreadable in the Dark theme in the General preferences panel
Sending a message containing an anchor tag with an invalid data URI failed
When switching tabs, input focus was not moved to the new tab
Address Book: Syncing a read-only Google address book via CardDAV failed
Address Book: Importing VCards with non-ascii characters would fail
Address Book: Some values may not have been parsed when syncing from Google
address books.
Add-ons Manager did not show if an addon used experiment APIs
Calendar: Removing a recurring task was not possible
Various security fixes
Security fixes:
#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an
out-of-bound read
#MOZ-2021-0002: Angle graphics library out of date
#CVE-2021-23982: Internal network hosts could have been probed by a malicious
webpage
#CVE-2021-23984: Malicious extensions could have spoofed popup information
This is a micro-update carrying a fix for
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946
Upstream changes:
In addition to the CVE which shall be announced separately, this release
includes fixes for the following:
- Improvements to OLEVBMacro and AskDNS plugins
- Received and EnvelopeFrom headers matching improvements
- userpref SQL schema fixes
- rbl and hashbl evaluation improvements
- fix for non working TxRep tag names
- man page fixes
Update squirrelmail to 1.4.23pre14904, latest snapshot.
1.4.23pre revision 14904 (2021-03-13)
- Added the ability to modify of the value of the global $PHP_SELF
variable used throughout the SquirrelMail code. The administrator
may do so by adding the configuration settings $php_self_pattern
and $php_self_replacement to config/config_local.php, where the
pattern should be a full regular expression including the
delimiters. This may be helpful when the web server sees traffic
from a proxy so the normal $PHP_SELF does not resolve to what it
should be for the real client.
- Users can now mouse over the checkbox on the message list to see
who a message is from
- Show more accurate filesize for uploaded files and base64-encoded
attachments (when reading a message)
- Migrate away from create_function() as long as we have PHP 5.3+
Changelog:
Version 1.8.15:
- Added support for SCRAM-SHA-256 authentication via GNU SASL
Version 1.8.14:
- Added support for libtls as an alternative to GnuTLS
Version 1.8.13:
- Added support for XOAUTH2, the predecessor of OAUTHBEARER.
- The passwordeval command can now handle very long input, which can be
necessary for OAUTHBEARER and XOAUTH2.
- GnuTLS >= 3.4 is required
* Balsa-2.6.2 release. Release date 2020-12-21
- Webkit widgets are now sandboxed.
- Improved desktop notifications.
- iTIP calendar reply are improved.
- Handling of multiple crypto keys for the same recipient.
- build cleanups and improvements, e.g. application logging.
- code cleanups and simplifications as enabled by moving to more modern
libraries.
- bug fixes: draft with message/external-body attachments;
do not crash on importing half-broken keys
- improved translations.
Changelog:
Fixes
New mail notification did not occur for newly arrived messages if previously
received mail was unread
Directory for saving multiple attachments was not remembered between saves
Opening a message from the command-line using "-mail <URL>" failed
Automatic account setup did not use the provider email and display name
Newly-added identities were not listed in the account manager until it was
closed and reopened
Account provisioner did not properly handle UTF-8 data
Copying a large message to an IMAP server would sometimes prematurely display a
time-out error
OpenPGP: Various errors when importing keys
OpenPGP: Public keys attached to an outgoing email did not have
"Content-Description" set
Address Book: CardDAV sync errors did not retry until Thunderbird was restarted
Calendar: Changing the cache mode of a CalDAV calendar connection would lose
the username of the account
Calendar: Add-on calendars were sometimes not visible after restarting
Calendar: The preview for a recurring task did not use all available space in
the dialog window
Installer: Option to keep distribution directory on upgrade did not work
pkgsrc changes:
---------------
* PLIST has been fixed but the use of php-composer to install
dependencies does not seem to be a good idea since the list of
installed files has changed although the version of carddav has not.
* Bump revision.
1.4.2:
Controller ready_timeout defaults to 5.0
More detailed message in TimeoutError during Controller.start()
IMPORTANT: No more leak of sensitive info during smtp_AUTH
1.4.1:
local_part_limit (max length of email address local part) is now customizable, defaults to 0 (no limit)
1.4.0:
PROXY Protocol support
SMTPS/STARTTLS support from CLI
UnixSocketController
Improvement on tox+pytest to enable stable run for pypy3-on-Windows, MacOS, and Cygwin
Example on how to implement SMTP AUTH
1.3.2:
Fixed:
Documentation issues that causes some automated build systems to fail
Improper IPv6 detection on systems whose kernel does not support IPv6
Also:
Add info about GPG Signing key to README and PyPI
A 'hidden' testenv named static to run pytype
1.3.1:
Smarter localhost determination
No longer failing on hostname=""
1.3.0:
"AUTH LOGIN " support
Command Call Limit to stop misbehaving clients
"authenticator" system to replace "auth_callback"
"handle_EHLO" can modify return values
(Almost) transparant passing of keyword args given to
Controller to SMTP
Now uses TLS Context as-is
Complete conversion of test cases from unittest/nose2 to
pytest
Improve compatibility with setuptools<=46.4.0
From release announce:
We have removed some components from the software, please
review changelogs carefully prior upgrading.
V2.3.14 2021-03-04 Aki Tuomi <aki.tuomi@open-xchange.com>
* Added new aliases for some variables. Usage of the old ones is possible,
but discouraged. (These were partially added already to v2.3.13.)
See https://doc.dovecot.org/configuration_manual/config_file/config_variables/
for more information.
* Optimize imap/pop3/submission/managesieve proxies to use less CPU at
the cost of extra memory usage.
* Remove autocreate, expire, snarf and mail-filter plugins.
* Remove cydir storage driver.
* Remove XZ/LZMA write support. Read support will be removed in future release.
* doveadm -D: Add timestamps to debug output even when LOG_STDERR_TIMESTAMP
environment variable is not set. Timestamp format is taken from
log_timestamp setting.
* If BROKENCHAR or listescape plugin is used, the escaped folder names
may be slightly different from before in some situations. This is
unlikely to cause issues, although caching clients may redownload the
folders.
* imapc: It now enables BROKENCHAR=~ by default to escape remote folder
names if necessary. This also means that if there are any '~'
characters in the remote folder names, they will be visible as "~7e".
* imapc: When using local index files folder names were escaped on
filesystem a bit differently. This affects only if there are folder
names that actually require escaping, which isn't so common. The old
style folders will be automatically deleted from filesystem.
* stats: Update exported metrics to be compliant with OpenMetrics standard.
+ doveadm: Add an optional '-p' parameter to metadata list command. If
enabled, "/private", and "/shared" metadata prefixes will be prepended
to the keys in the list output.
+ doveconf: Support environment variables in config files. See
https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#environment-variables
for more details.
+ indexer-worker: Change indexer to disconnect from indexer-worker
after each request. This allows service indexer-worker's service_count &
idle_kill settings to work. These can be used to restart indexer-worker
processes once in a while to reduce their memory usage.
- auth: "nodelay" with various authentication mechanisms such as apop
and digest-md5 crashed AUTH process if authentication failed.
- auth: Auth lua script generating an error triggered an assertion
failure: Panic: file db-lua.c: line 630 (auth_lua_call_password_verify):
assertion failed: (lua_gettop(script->L) == 0).
- configure: Fix libunwind detection to work on other than x86_64 systems.
- doveadm-server: Process could crash if logging was done outside command
handling. For example http-client could have done debug logging
afterwards, resulting in either segfault or Panic:
file http-client.c: line 642 (http_client_context_close):
assertion failed: (cctx->clients_list == NULL).
- dsync: Folder name escaping with BROKENCHAR didn't work completely
correctly. This especially caused problems with dsync-migrations using
imapc where some of the remote folder names may not have been accessible.
- dsync: doveadm sync + imapc doesn't always sync all mails when doing
an incremental sync (-1), which could lead to mail loss when it's used
for migration. This happens only when GUIDs aren't used (i.e.
imapc without imapc_features=guid-forced).
- fts-tika: When tika server returns error, some mails cause Panic:
file message-parser.c: line 802 (message_parser_deinit_from_parts):
assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input))
- lib-imap: imapc parsing illegal BODYSTRUCTUREs with NILs could have
resulted in crashes. This exposed that Dovecot was wrongly accepting
atoms in "nstring" handling. Changed the IMAP parsing to be more
strict about this now.
- lib-index: If dovecot.index.cache has corrupted message size, fetching
BODY/BODYSTRUCTURE may cause assert-crash:
Panic: file index-mail.c: line 1140 (index_mail_parse_body_finish):
assertion failed: (mail->data.parts != NULL).
- lib-index: Minor error handling and race condition fixes related to
rotating dovecot.index.log. These didn't usually cause problems,
unless the log files were rotated rapidly.
- lib-lua: Lua scripts using coroutines or lua libraries using coroutines
(e.g., cqueues) panicked.
- Message PREVIEW handled whitespace wrong so first space would get
eaten from between words.
- FTS and message PREVIEW (snippet) parsed HTML &entities case-sensitively.
- lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE
was written in a way that may have caused confusion for IMAP clients
and also Dovecot itself when parsing it. The truncated part is now
written out using application/octet-stream MIME type.
- lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to
use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed:
(meth->context_size <= MAC_MAX_CONTEXT_SIZE).
- event filters: NOT keyword did not have the correct associativity.
NOT a AND b were getting parsed as NOT (a AND b) instead of
(NOT a) AND b.
- Ignore ECONNRESET when closing socket. This avoids logging useless
errors on systems like FreeBSD.
- event filters: event filter syntax error may lead to Panic:
file event-filter.c: line 137 (event_filter_parse): assertion failed:
(state.output == NULL)
- lib: timeval_cmp_margin() was broken on 32-bit systems. This could
potentially have caused HTTP timeouts to be handled incorrectly.
- log: instance_name wasn't used as syslog ident by the log process.
- master: After a service reached process_limit and client_limit, it
could have taken up to 1 second to realize that more client connections
became available. During this time client connections could have been
unnecessarily rejected and a warning logged:
Warning: service(...): process_limit (...) reached, client connections are being dropped
- stats: Crash would occur when generating openmetrics data for metrics
using aggregating functions.
- stats: Event filters comparing against empty strings crash the stats
process.
Rails 6.1.3 (February 17, 2021)
[ActionPack]
* Re-define routes when not set correctly via inheritance.
*John Hawthorn*
[ActiveRecord]
* Fix the MySQL adapter to always set the right collation and charset
to the connection session.
*Rafael Mendonça França*
* Fix MySQL adapter handling of time objects when prepared statements
are enabled.
*Rafael Mendonça França*
* Fix scoping in enum fields using conditions that would generate
an IN clause.
*Ryuta Kamizono*
* Skip optimised #exist? query when #include? is called on a relation
with a having clause
Relations that have aliased select values AND a having clause that
references an aliased select value would generate an error when
#include? was called, due to an optimisation that would generate
call #exists? on the relation instead, which effectively alters
the select values of the query (and thus removes the aliased select
values), but leaves the having clause intact. Because the having
clause is then referencing an aliased column that is no longer
present in the simplified query, an ActiveRecord::InvalidStatement
error was raised.
An sample query affected by this problem:
Author.select('COUNT(*) as total_posts', 'authors.*')
.joins(:posts)
.group(:id)
.having('total_posts > 2')
.include?(Author.first)
This change adds an addition check to the condition that skips the
simplified #exists? query, which simply checks for the presence of
a having clause.
Fixes#41417
*Michael Smart*
* Increment postgres prepared statement counter before making a
prepared statement, so if the statement is aborted without Rails
knowledge (e.g., if app gets kill -9d during long-running query or
due to Rack::Timeout), app won't end up in perpetual crash state for
being inconsistent with Postgres.
*wbharding*, *Martin Tepper*
Changelog:
Fixes
Importing an address book from a CSV file always reported an error
Security information for S/MIME messages was not displayed correctly prior to a
draft being saved
Calendar: FileLink UI fixes for Caldav calendars
Recurring tasks were always marked incomplete; unable to use filters
Various UI widgets not working
Dark theme improvements
Extension manager was missing link to addon support web page
Various security fixes
Security fixes:
#CVE-2021-23969: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23968: Content Security Policy violation report could have contained
the destination of a redirect
#CVE-2021-23973: MediaError message property could have leaked information
about cross-origin resources
#CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8
pkgsrc changes:
---------------
* The main maintainer seems to have changed. The GitHub repository has been
updated accordingly.
* Since the vendor dependencies has been removed from the Github release, we
use php-composer to resolve them.
upstream changes:
-----------------
Version 4.0.4 (to 4.0.3)
o Fix#321: Boolean settings in presets caused errors when trying to store
the preset's addressbooks to the database
o Fix#322: The refresh time string from admin presets was not converted to
seconds, causing errors or wrong values when storing the preset's
addressbooks to the database
o Fix#324: Changes not immediately visible with postgresql (delete contact,
add/remove contact to/from group)
o Fix: spurious error returned when creating VCard on Google
Version 4.0.3 (to 4.0.2)
o Allow release 1.0 of carddavclient in composer dependencies
o No changes to the plugin itself
Version 4.0.2 (to 4.0.1)
o Fix#316: Incompatibility with Sabre/VObject version 4 preventing saving
contacts using custom labels
o Fix: Default refresh time set to 1 sec in settings
Version 4.0.1 (to 4.0.0)
o Fix: Plugin version was not shown in about window for tarball installations
o Fix: Collation behavior was case-insensitive for MySQL (only). Now unified
across the different supported DBMS.
o Fix#306: With MySQL, sync failure could occur when several custom labels
where used that only differed in case (effect of previous issue).
o Fix#308: With SQLite, the initial sync after adding a new addressbook was
not automatically triggered.
Version 4.0.0 (to 3.0.3)
This release contains changes to DB schema. The database will be migrated
automatically upon login to roundcube.
o All changes from 4.0.0-alpha1
o Fix: Deletion of empty CATEGORIES-type groups
o Fix: Delete CATEGORIES-type groups from DB that become empty during a sync
o Fix: Renaming of empty CATEGORIES-type groups
o Fix: During deletion, do not rely on the DB's ON CASCADE DELETE because
this is disabled by default for SQLite
o Fix: It was not possible to discover multiple addressbooks for an admin
preset because of a wrong UNIQUE constraint in MySQL
o Fix: Catch exceptions thrown inside the plugin (avoid "white page" on error)
o Increase the maximum lengths of password, email and url fields
o Use transactions to synchronize concurrent operations on the same
addressbook (data consistency issues may still occur with MySQL because of
roundcube DB layer bug). For details, see DBSYNC.md.
o Unified database indexes across the different database backends: Create
indexes for foreign key columns (PostgreSQL, SQLite)
o Fixed issues in the migration scripts and added SQL scripts showing the
current DB schema
o Update hungarian translation (thanks to @tsabi)
Version 4.0.0-alpha1 (to 3.0.3)
Note: The Changelog for this version is not complete
This is an alpha release because I did not perform any tests on it.
Nevertheless, it has many bugs fixed and I encourage you to upgrade and report
issues as you find them. The last release 3.0.3 has many issues that have been
fixed with in v4. I push this release early mainly because of the security
issue reported. I'll continue working on remaining issues I want to fix (note:
all of them are also present in 3.0.3) for v4 and I intend release a more
tested version and a more detailed changelog within the next weeks.
o Security issue: It was possible to read data from other user's
addressbooks. Depending on the configuration, it might also have been
possible to change data in their addressbooks. Thanks to @cnmicha for
reporting this issue. This issue affects all previously released versions
of RCMCardDAV using a database cache.
o Many bugs you reported and several more I discovered during refactoring
have been fixed.
o The password scheme now defaults to encrypted (if you have not configured a
password scheme, this will take effect automatically for newly stored
password. If you don't want this, configure a password scheme in
settings.php).
o The URL is not changeable after creation of an addressbook anymore. It used
to work in specific, but not all cases. As the behavior is potentially
broken and not easy to fix, it is removed for now.
o The two kinds of contact groups (VCard-based vs. CATEGORIES-based) are not
transparently supported to the possible extent. The configuration switch is
only meaningful concerning the type of group used when a new group is
created from RCMCardDAV. See details here.
o The CardDAV interaction is moved to a library. It is essentially a complete
rewrite of the code communicating with the CardDAV servers and includes
interoperability tests with many common servers, see here.
* Import upstream patch to fix runtime errors.
Changelog:
This is a feature release that comes with significant new functionality:
- The IMAP '$Forwarded' / Maildir 'P' (passed) flag is supported now.
- Support for configuring a TLS cipher string was added.
- IMAP mailbox subscriptions are supported now.
- The IMAP user query can be scripted now.
- Added built-in support for the macOS Keychain.
- Messages excluded by MaxSize will now result in placeholders.
Compatibility concerns:
- The 'isync' compatibility wrapper was removed.
- A C11 compiler is required for building now.
- The validity of the config file is checked more stricly now, including:
- Appearance of options in unexpected places
- The capitalization of INBOX
- The new TLSv1.3 flag must be added to SSLVersions if the option is
used, unless disabling that version is desired (which is unlikely).
- Removed support for the obsolete/insecure SSL v3.
- The use of Master/Slave terminology has been deprecated.
Bugfixes:
- All bugfixes up to 1.3.4 are included.
- IMAP protocol errors are handled more robustly now.
- Fixed support for SASL's built-in EXTERNAL mechanism.
- Improved reliability of synchronization when resuming interrupted runs.
- Fixed MaxSize being ignored under certain circumstances when only one of
New and ReNew was requested.
- Fixed a network inefficiency occurring with server-side mailboxes that
receive new messages only via mbsync.
Action Mailbox
Action Mailbox routes incoming emails to controller-like mailboxes for
processing in Rails. It ships with ingresses for Mailgun, Mandrill, Postmark,
and SendGrid. You can also handle inbound mails directly via the built-in
Exim, Postfix, and Qmail ingresses.
The inbound emails are turned into `InboundEmail` records using Active Record
and feature lifecycle tracking, storage of the original email on cloud storage
via Active Storage, and responsible data handling with on-by-default
incineration.
These inbound emails are routed asynchronously using Active Job to one or
several dedicated mailboxes, which are capable of interacting directly with
the rest of your domain model.
You can read more about Action Mailbox in the [Action Mailbox
Basics](https://edgeguides.rubyonrails.org/action_mailbox_basics.html) guide.
This is for Ruby on Rails 6.1.
Action Mailer is a framework for designing email-service layers. These layers
are used to consolidate code for sending out forgotten passwords, welcome
wishes on signup, invoices for billing, and any other use case that requires
a written notification to either a person or another system.
Action Mailer is in essence a wrapper around Action Controller and the
Mail gem. It provides a way to make emails using templates in the same
way that Action Controller renders views using templates.
Additionally, an Action Mailer class can be used to process incoming email,
such as allowing a weblog to accept new posts from an email (which could even
have been sent from a phone).
This is for Ruby on Rails 6.1.
Version 2.2.0
=============
Changed
-------
- Performance improvements
- 2x faster _maybe_int_to_bytes for Python 2
- Fix _proc_folder_list quadratic runtime
- Faster utf7 encode. ~40% faster for input with a mix of unicode and
ASCII chars.
- Cache regex in _process_select_response
- poll() when available to surpass 1024 file descriptor limit with select()
- Use next instead of six.next as imapclient doesn't claim Python 2.5 support.
- Moved "Logged in/out" traces from INFO to DEBUG level
- Run tests on Python 3.8 and 3.9
- Support the Deleted special folder used by Outlook
- Clean up timeout handling
- Run the Black code formatter over the entire project
Added
-----
- MULTIAPPEND and LITERAL+ support
- Use ptpython for interactive shell if available
- Allow any custom SASL mechanism to be provided. This allows mechanisms such
as EXTERNAL, GSSAPI or SCRAM-SHA-256 to be used in the same way as with
imaplib.
- Add SASL OAUTHBEARER support
- add optional timeout parameter to IMAP4_TLS.open
Fixed
-----
- fixed special folder searching
- Catch the right exception in folder_status
- test_imapclient: Fix LoggerAdapter version check
- Fix config file parsing for None attributes
- Fix useless ref cycle in lexer
- Protocol parsing: Prevent converting numbers with leading zeroes to int.
- Prevent UnicodeDecodeError in IMAPlibLoggerAdapter
- Fix invalid string escape sequences
- Ensure timeout is used on Python 2.7. _create_socket isn't used with the
Python 2 version of imaplib so the open method has been overrided to make it
consistent across Python version.
- Fix IMAP4_TLS for imaplib in Python 3.9+
3.2021.0212 / 2021-02-12
* Updated the IANA media registry entries as of release date.
* Added a new rake task (release:automatic) that downloads and converts
the data from Apache and IANA; if there are changes detected, it updates
the release version, changelog, manifest, and gemspec and commits the
changes to git.
databases/ruby-activerecord60:
## Rails 6.0.3.5 (February 10, 2021) ##
* Fix possible DoS vector in PostgreSQL money type
Carefully crafted input can cause a DoS via the regular expressions used
for validating the money format in the PostgreSQL adapter. This patch
fixes the regexp.
Thanks to @dee-see from Hackerone for this patch!
[CVE-2021-22880]
*Aaron Patterson*
www/ruby-actionpack60
## Rails 6.0.3.5 (February 10, 2021) ##
* Prevent open redirect when allowed host starts with a dot
[CVE-2021-22881]
Thanks to @tktech (https://hackerone.com/tktech) for reporting this
issue and the patch!
*Aaron Patterson*
## Rails 5.2.4.5 (February 10, 2021) ##
* Fix possible DoS vector in PostgreSQL money type
Carefully crafted input can cause a DoS via the regular expressions used
for validating the money format in the PostgreSQL adapter. This patch
fixes the regexp.
Thanks to @dee-see from Hackerone for this patch!
[CVE-2021-22880]
*Aaron Patterson*
Changelog:
What's New
CardDAV address books now support OAuth2 and Google Contacts.
Changes
Thunderbird will no longer allow installation of addons that use the legacy API
Fixes
Send message button sometimes remained enabled when it should be disabled
Pressing command+enter to send a message on macOS did not work
OpenPGP: Failed to save attachments that contained binary data after decryption
Global search UI fixes
Various theme and color fixes to improve ease of use
RELEASE 1.4.11
--------------
- Display a nice error informing about no PHP8 support
- Elastic: Fix compatibility with Less v3 and v4 (#7813)
- Fix bug with managesieve_domains in Settings > Forwarding form (#7849)
- Fix errors in MSSQL database update scripts (#7853)
- Security: Fix cross-site scripting (XSS) via HTML messages with
malicious CSS content
Fetchmail is a Perl script that fetchs mail from Yahoo! account through
HTTP requests. Unfortunately, these requests no longer work and fetchyahoo
has not been maintained for a long time.
As an alternative for fetching Yahoo! mails, mail/fetchmail works well and
is actively developed.
* fix unit tests in a clean environment
* move default database path to ~/.local/share (Closes: GL#16)
* default to data directory and add a deprecation warning (Closes: GL#17)
Changelog:
What's New
Extension API: Compose API now supports editing messages and templates as new
messages
Extension API: composeHtml is now exposed in MailIdentity
Extension API: windows.update and windows.create now support titlePreface
Extension API: new Accounts API functions: accounts.getDefault() and
accounts.getDefaultIdentity(accountId)
Changes
Extension API: body and plainTextBody are now used as compose mode selectors in
setComposeDetails and begin* functions in Compose API
Theme: removed the double border around the task description field on the Tasks
tab
Fixes
Account Manager: When deleting the last remaining account, the default account
was not getting cleared and still pointed to the no-longer-existing account
OpenPGP: Verification of an inline signed message would fail if it contained
leading whitespace
OpenPGP: Various other minor bug and stability fixes
Mail Window: Quickfilter bar buttons disappear when hovered on Windows 10 High
Contrast Black theme
Theme: folder properties dialog contained black text on a black background in
dark mode
Theme: recipient pills in compose window were not visible in high contrast dark
theme on Windows 10
Extension API: browserAction buttons were not restored after restart if they
were moved outside the default toolbar
Extension API: browser.compose.beginNew could not override identity plaintext
setting
Extension API: browser.compose.beginForward was ignoring ComposeDetails
Extension API: browser.compose.setComposeDetails did not properly handle
Windows-style line endings
Various security fixes
Security fixes:
#CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
#CVE-2021-23954: Type confusion when using logical assignment operators in
JavaScript switch statements
#CVE-2020-15685: IMAP Response Injection when using STARTTLS
#CVE-2020-26976: HTTPS pages could have been intercepted by a registered
service worker when they should not have been
#CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript
variables during GC
#CVE-2021-23964: Memory safety bugs fixed in Thunderbird 78.7
upstream changes:
-----------------
fetchmail-6.4.15 (released 2021-01-03, 27614 LoC):
# BUG FIXES
* Fix a typo in the manual page reported by David McKelvie.
* Fix cross-compilation with openssl, by Fabrice Fontaine. Merge request !23.
* Fix truncation of SMTP PLAIN AUTH with ^ in credentials, by Earl Chew. Gitlab issue #23, merge request !25.
fetchmail-6.4.14 (released 2020-11-26, 27608 LoC):
# TRANSLATION UPDATES were made by these fine people:
* sr: Мирослав Николић (Miroslav Nikolić) [Serbian]
upstream changes:
-----------------
* Fixed issues with DKIM and ARC verification
It was possible for some DKIM checks to fail where multiple signatures are
present due to a canonicalisation bug. This issue has now been fixed. Arc
plugin has also been fixed to support certain CV values.
* Added support for S/MIME containers
From this version, Rspamd supports .p7 containers and extracting signed
parts during the checks. For details see the following issue.
* Several important rules rework
Anton Yuzhaninov has reworked many old rules in Rspamd improving their
quality and has removed several outdated rules as well.
* Support of caching for regexp multimaps
Regexp maps can now be cached on disk which should improve loading speed of
large maps on reload/restart of Rspamd if they are unchanged.
* Neural plugin offline learning
In this mode, Rspamd can train neural network from Clickhouse so it is
possible to define better training conditions and manage learning for large
systems with more fine grained control. Please refer to the corresponding
documentation section for more details. Thanks to Andrew Lewis for
implementing this functionality.
* Other changes
Here is the list of the important changes:
[Conf] Add R_DKIM_PERMFAIL to the metric
[CritFix] Dkim: Fix simple canonicalisation if multiple signatures are presented
[CritFix] Fix controller paths normalisation
[Feature] Add INVALID_DATE rule
[Feature] Add controller endpoint for training neural
[Feature] Add sanity checks for actions thresholds
[Feature] Add support of ‘==’ and ‘!=’ in Rspamd expressions
[Feature] Composites: Improve composite atoms parser
[Feature] Docker: use Debian slim variant
[Feature] Elastic: Add some missing fields
[Feature] Extract text from img alt attributes
[Feature] Improve charset detection logic
[Feature] Lua_clickhouse: Add optional row callback for large selections
[Feature] Lua_dns_resolver: Add idna_convert_utf8 method
[Feature] Lua_mime: Add ability to do multipattern replacement
[Feature] Lua_trie: Allow to report start of the match
[Feature] Multimap: support adding map values as extra options
[Feature] Neural: Move PCA learning to a subprocess
[Feature] RBL: support matching content/image URLs only
[Feature] RBL: support use of multiple selectors
[Feature] Reputation: Allow to specify ip masks
[Feature] Support SMIME signed messages container
[Feature] Support multiple conditions for symbols
[Feature] Support ping in milter mode
[Feature] Support rspamd_text in selector regexps
[Feature] Use own daemonization routine
[Feature] Vadesecure: Implement settings_outbound feature as recommended by Vade
[Feature] rspamadm clickhouse command
[Feature] allow hyperscan for aarch64
[Fix] Allow to set priorities between post init scripts
[Fix] Allow to use maps for strings that are not zero terminated
[Fix] Apply max_lua_urls limit for emails as well
[Fix] Arc: Fix CV check on signing
[Fix] Arc: Fix signing of the broken ARC chains
[Fix] Clickhouse: escape carriage return
[Fix] Composites: Allow partial match
[Fix] Deduct type of a table methods
[Fix] Do not load errored hyperscan database
[Fix] Do not process links in ignored html tags
[Fix] Fix ClamAV result for cached encrypted file (#3395)
[Fix] Fix canonicalisation when l= tag is presented
[Fix] Fix flag shift
[Fix] Fix handling of skip/skip_process http flags
[Fix] Fix html attachments checks
[Fix] Fix issue with pushing binary formats to Lua strings
[Fix] Fix logging for rspamadm
[Fix] Fix off-by-one with init check
[Fix] Fix parsing of escape characters in quoted pairs
[Fix] Fix pushing ucl strings with \0 inside
[Fix] Fix quoted-printable soft newlines bugged case
[Fix] Fix settings in case actions are set to null (#3415)
[Fix] Fix several issues with auth results producing
[Fix] Fix smtp comments exclusion
[Fix] Fix smtp date syntax definition
[Fix] Fix substring search in case if srchlen == inlen
[Fix] Fix text selectors
[Fix] Honour systemd setting when logging to console (#3514)
[Fix] Html: Add entities collisions prevention logic (e.g. for mathml entities)
[Fix] Lua_auth_results: Quote potentially bad values in AR header
[Fix] Multimap: Fix flags usage
[Fix] Multimap: Fix scoring for combined maps
[Fix] Plug GList * leak in redis pool
[Fix] RBL: allow for multiple matches of the same label if types are different
[Fix] Rely on libev checks for file maps
[Fix] Restore simple dkim canonicalisation mode
[Fix] Return MimeCharset as we work with emails…
[Fix] Spamassassin: Fix pcre_only flags
[Fix] Spamassassin: Preserve ‘pcre_only’ flag when dealing with regexp replacements
[Fix] Try to fix GError leak
[Fix] Try to fix a mess with settings loading by adding priorities
[Fix] Try to move setings initialisation to a later stage
[Fix] Use dup fd in milter handler to avoid races with the proxy
[Fix] Use message pointer to avoid obsolete data to be cached
[Project] Rbl: Migrate to checks
[Project] Rbl: Move config code outside of the plugin
[Project] Ressurect empty prefilters as connection filters
[Project] Support connection filters registration from Lua
[Rework] Add final cleanup logic
[Rework] Add preliminary support of hyperscan caching for re maps
[Rework] Add stale cache removal
[Rework] Clickhouse: Improve performance
[Rework] Distinguish between strict config test mode
[Rework] Furhter logging improvements
[Rework] Milter_headers: improve extended_headers_rcpt support
[Rework] Move parsers to a separate lua library
[Rework] Neural: Skip composite symbols
[Rework] Rbl: Rework defaults logic
[Rework] Some tunes to cache saving
[Rework] Track maps origins
[Rework] Use full crypto hash for regexp maps
[Rules] Remove broken rule
upstream changes:
-----------------
This update improves the reporting of DNSSEC problems that may affect DANE
security. DNSSEC support may unavailable because of local configuration, libc
incompatibility, or other infrastructure issues. This was backported from
Postfix 3.6.
Background: DNSSEC validation is needed for Postfix DANE support; this ensures
that Postfix receives TLSA records with secure TLS server certificate info.
When DNSSEC validation is unavailable, mail deliveries using opportunistic DANE
(security level 'dane') will not be protected by server certificate info in
TLSA records, and mail deliveries using mandatory DANE (security level
'dane-only') will not be made at all.
This update introduces the following behavior: when a process requests DNSSEC
support (typically, for Postfix DANE support), the process may now do a runtime
test to determine if DNSSEC validation is available.
The new dnssec_probe parameter specifies a DNS query type (default: "ns") and
DNS query name (default: ".") that Postfix may use to determine whether DNSSEC
validation is available. Specify an empty value to disable this feature.
When dnssec_probe is enabled, a Postfix process will send a DNSSEC probe after
1) the process made a DNS query that requested DNSSEC validation, 2) the
process did not receive a DNSSEC validated response to this query or to an
earlier query, and 3) the process did not already send a DNSSEC probe.
When the DNSSEC probe has no response, or when the response is not DNSSEC
validated, Postfix logs a warning that DNSSEC validation may be unavailable.
Examples:
warning: DNSSEC validation may be unavailable
warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC validated
warning: reason: dnssec_probe 'ns:.' received no response: Server failure
With this update, the Postfix build system will no longer automatically disable
DNSSEC support when it determines that Postfix will use libc-musl. This removes
the earlier libc-musl workaround introduced with Postfix 3.2.15, 3.3.10,
3.4.12, and 3.5.2.
1.10.10 (2021-01-17 03:34 UTC)
Changelog:
* Compatibility fixes for PHP 5.2 and 5.3 [alec]
* Corrected soft line breaks handling to be RFC compliant [ixs]
* Corrected line breaks for lines ending in dots and length more than 74 [ixs]
- Set CADIR in the environment.
- Prefer a separate keyfile for TLS. If it's not present, attempt to
generate it by copying out the private key from the certfile.
- Don't provide an affordance for overriding the compiled-in cipherlist.
- Be willing to enable TLS without a DH params file.
While here, invent control/localfilters. If it exists, it's a sequence
of filters for SMTP connections on localhost.
Bump version.
## 3.2020.1104 / 2020-11-04
- Updated the IANA media registry entries as of release date.
- Added `application/x-zip-compressed`. [#36][].
- Updated the contributing guide to include information about the release
process as described in [#18][].
- Corrected a misspelling of Yoran Brondsema's name. Sorry, Yoran. [#35][].
Update dovecot2-pigeonhole package to 0.5.13.
v0.5.13 2021-01-04 Aki Tuomi <aki.tuomi@open-xchange.com>
- duplicate: The test was handled badly in a multiscript (sieve_before,
sieve_after) scenario in which an earlier script in the sequence with
a duplicate test succeeded, while a later script caused a runtime
failure. In that case, the message is recorded for duplicate tracking,
while the message may not actually have been delivered in the end.
- editheader: Sieve interpreter entered infinite loop at startup when
the "editheader" configuration listed an invalid header name. This
problem can only be triggered by the administrator.
- relational: The Sieve relational extension can cause a segfault at
compile time. This is triggered by invalid script syntax. The segfault
happens when this match type is the last argument of the test command.
This situation is not possible in a valid script; positional arguments
are normally present after that, which would prevent the segfault.
- sieve: For some Sieve commands the provided mailbox name is not
properly checked for UTF-8 validity, which can cause assert crashes at
runtime when an invalid mailbox name is encountered. This can be
caused by the user by writing a bad Sieve script involving the
affected commands ("mailboxexists", "specialuse_exists").
This can be triggered by the remote sender only when the user has
written a Sieve script that passes message content to one of the
affected commands.
- sieve: Large sequences of 8-bit octets passed to certain Sieve
commands that create or modify message headers that allow UTF-8 text
(vacation, notify and addheader) can cause the delivery or IMAP
process (when IMAPSieve is used) to enter a memory-consuming
semi-infinite loop that ends when the process exceeds its memory
limits. Logged in users can cause these hangs only for their own
processes.
Update mail/dovecot2 pacakge to 2.3.13, including security fixes.
v2.3.13 2021-01-04 Aki Tuomi <aki.tuomi@open-xchange.com>
* CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
allow logged in user to access other people's emails and filesystem
information.
* Metric filter and global event filter variable syntax changed to a
SQL-like format. See https://doc.dovecot.org/configuration_manual/event_filter/
* auth: Added new aliases for %{variables}. Usage of the old ones is
possible, but discouraged.
* auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
mechanism and related password schemes.
* auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
* auth: Removed postfix postmap socket
+ auth: Added new fields for auth server events. These fields are now
also available for all auth events. See
https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server
for details.
+ imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated
and imap_client_unhibernate_retried events. See
https://doc.dovecot.org/admin_manual/list_of_events/ for details.
+ lib-index: Added new mail_index_recreated event. See
https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated
+ lib-sql: Support TLS options for cassandra driver. This requires
cpp-driver v2.15 (or later) to work reliably.
+ lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now
added to existing mails if mail_attachment_detection_option=add-flags
and it can be done inexpensively.
+ login proxy: Added login_proxy_max_reconnects setting (default 3) to
control how many reconnections are attempted.
+ login proxy: imap/pop3/submission/managesieve proxying now supports
reconnection retrying on more than just connect() failure. Any error
except a non-temporary authentication failure will result in reconnect
attempts.
- auth: Lua passdb/userdb leaks stack elements per call, eventually
causing the stack to become too deep and crashing the auth or
auth-worker process.
- auth: SASL authentication PLAIN mechanism could be used to trigger
read buffer overflow. However, this doesn't seem to be exploitable in
any way.
- auth: v2.3.11 regression: GSSAPI authentication fails because dovecot
disallows NUL bytes for it.
- dict: Process used too much CPU when iterating keys, because each key
used a separate write() syscall.
- doveadm-server: Crash could occur if logging was done outside command
handling. For example http-client could have done debug logging
afterwards, resulting in either segfault or
Panic: file http-client.c: line 642 (http_client_context_close):
assertion failed: (cctx->clients_list == NULL).
- doveadm-server: v2.3.11 regression: Trying to connect to doveadm server
process via starttls assert-crashed if there were no ssl=yes listeners:
Panic: file master-service-ssl.c: line 22 (master_service_ssl_init):
assertion failed: (service->ssl_ctx_initialized).
- fts-solr: HTTP requests may have assert-crashed:
Panic: file http-client-request.c: line 1232 (http_client_request_send_more):
assertion failed: (req->payload_input != NULL)
- imap: IMAP NOTIFY could crash with a segmentation fault due to a bad
configuration that causes errors. Sending the error responses to the
client can cause the segmentation fault. This can for example happen
when several namespaces use the same mail storage location.
- imap: IMAP NOTIFY used on a shared namespace that doesn't actually
exist (e.g. public namespace for a nonexistent user) can crash with a panic:
Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: Opened in (null):0
- imap: IMAP session can crash with QRESYNC extension if many changes
are done before asking for expunged mails since last sync.
- imap: Process might hang indefinitely if client disconnects after
sending some long-running commands pipelined, for example FETCH+LOGOUT.
- lib-compress: Mitigate crashes when configuring a not compiled in
compression. Errors with compression configuration now distinguish
between not supported and unknown.
- lib-compression: Using xz/lzma compression in v2.3.11 could have
written truncated output in some situations. This would result in
"Broken pipe" read errors when trying to read it back.
- lib-compression: zstd compression could have crashed in some situations:
Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion failed: (!stream->blocking)
- lib-dict: dict client could have crashed in some rare situations when
iterating keys.
- lib-http: Fix several assert-crashes in HTTP client.
- lib-index: v2.3.11 regression: When mails were expunged at the same
time as lots of new content was being saved to the cache (e.g. cache
file was lost and is being re-filled) a deadlock could occur with
dovecot.index.cache / dovecot.index.log.
- lib-index: v2.3.11 regression: dovecot.index.cache file was being
purged (rewritten) too often when it had a field that hadn't been
accessed for over 1 month, but less than 2 months. Every cache file
change caused a purging in this situation.
- lib-mail: MIME parts were not returned correctly by Dovecot MIME parser.
Regression caused by fixing CVE-2020-12100.
- lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE
was written in a way that may have caused confusion for both IMAP
clients and Dovecot itself when parsing it. The truncated part is now
written out using application/octet-stream MIME type.
- lib-mail: v2.3.11 regression: Mail delivery / parsing crashed when the
10000th MIME part was message/rfc822 (or if parent was multipart/digest):
Panic: file message-parser.c: line 167 (message_part_append):
assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts).
- lib-oauth2: Dovecot incorrectly required oauth2 server introspection
reply to contain username with invalid token.
- lib-ssl-iostream, lib-dcrypt: Fix building with OpenSSL that has
deprecated APIs disabled.
- lib-storage: When mail's size is different from the cached one (in
dovecot.index.cache or Maildir S=size in the filename), this is
handled by logging "Cached message size smaller/larger than expected"
error. However, in some situations this also ended up crashing with:
Panic: file istream.c: line 315 (i_stream_read_memarea):
assertion failed: (old_size <= _stream->pos - _stream->skip).
- lib-storage: v2.3 regression: Copying/moving mails was taking much more
memory than before. This was mainly visible when copying/moving
thousands of mails in a single transaction.
- lib-storage: v2.3.11 regression: Searching messages assert-crashed
(without FTS): Panic: file message-parser.c: line 174 (message_part_finish):
assertion failed: (ctx->nested_parts_count > 0).
- lib: Dovecot v2.3 moved signal handlers around in ioloops,
causing more CPU usage than in v2.2.
- lib: Fixed JSON parsing: '\' escape sequence may have wrongly resulted
in error if it happened to be at read boundary. Any NUL characters and
'\u0000' will now result in parsing error instead of silently
truncating the data.
- lmtp, submission: Server may hang if SSL client connection disconnects
during the delivery. If this happened repeated, it could have ended
up reaching process_limit and preventing any further lmtp/submission
deliveries.
- lmtp: Proxy does not always properly log TLS connection problems as
errors; in some cases, only a debug message is logged if enabled.
- lmtp: The LMTP service can hang when commands are pipelined. This can
particularly occur when one command in the middle of the pipeline fails.
One example of this occurs for proxied LMTP transactions in which the
final DATA or BDAT command is pipelined after a failing RCPT command.
- login-proxy: The login_source_ips setting has no effect, and therefore
the proxy source IPs are not cycled through as they should be.
- master: Process was using 100% CPU in some situations when a broken
service was being throttled.
- pop3-login: POP3 login would fail with "Input buffer full" if the
initial response for SASL was too long.
- stats: Crash would occur when generating openmetrics data for metrics
using aggregating functions.
Changelog:
What's new in notmuch 0.31.3
=========================
Bindings
--------
Fix for exclude tags in notmuch2 bindings.
Build
-----
Portability update for T360-symbol-hiding
Library
-------
Fix for memory error in notmuch_database_get_config_list
* Fix build with devel/cbindgen-0.16.0.
Changelog:
New
MailExtensions: Added browser.windows.openDefaultBrowser()
Changes
Thunderbird now only shows quota exceeded indications on the main window
MailExtensions: menus API enabled in messages being composed
MailExtensions: Honor allowScriptsToClose argument in windows.create API
function
MailExtensions: APIs that returned an accountId will reflect the account the
message belongs to, not what is stored in message headers
Fixes
Keyboard shortcut for toggling message "read" status not shown in menus
OpenPGP: After importing a secret key, Key Manager displayed properties of the
wrong key
OpenPGP: Inline PGP parsing improvements
OpenPGP: Discovering keys online via Key Manager sometimes failed on Linux
OpenPGP: Encrypted attachment "Decrypt and Open/Save As" did not work
OpenPGP: Importing keys failed on macOS
OpenPGP: Verification of clear signed UTF-8 text failed
Address book: Some columns incorrectly displayed no data
Address book: The address book view did not update after changing the name
format in the menu
Calendar: Could not import an ICS file into a CalDAV calendar
Calendar: Two "Home" calendars were visible on a new profile
Calendar: Dark theme was incomplete on Linux
Dark theme did not apply to new mail notification popups
Folder icon, message list, and contact side bar visual improvements
MailExtensions: HTTP refresh in browser content tabs did not work
MailExtensions: messageDisplayScripts failed to run in main window
Various security fixes
Security fixes:
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free
#CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Thunderbird 78.6
This release fixes a few assorted bugs. Unfortunately, one of those (for
large-file support) required a change to the header cache structures; so
your header cache files will need to regenerate when opening each mailbox.
Update roundcube to 1.4.10, including security fix.
RELEASE 1.4.10
--------------
- Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655)
- Fix folder list issue whan special folder is a subfolder (#7647)
- Fix Elastic's folder subscription toggle in search result (#7653)
- Fix state of subscription toggle on folders list after changing folder state from the search result (#7653)
- Security: Fix cross-site scripting (XSS) via HTML or Plain text messages with malicious content [CVE-2020-35730]
Change since 1.3.1 from RELEASE_NOTES
1.4.0 2018/06/??
Add ARC support. Extensive work contributed by ValiMail.
Add "DomainWhitelist" and "DomainWhitelistFile" config options.
Extract client IP address for ARC reports when provided via
Authentication-Results.
Update SQL schema to support new reporting functionality for DKIM
selectors and ARC local policy overrides (refer to the example
schema.mysql file).
Add experimental support for reporting of ARC local policy overrides.
Add support for recording and reporting of DKIM selectors.
Override a DMARC "fail" if an ARC "pass" is recorded in conjunction with
an ARC policy pass.
Fix bug #137: Handle base64 inside AR tokens that are values.
Problem reported by Joseph Coffland.
LIBOPENDMARC: Fix bug #203: Reject DMARC records that have duplicate
tags in them. Reported by Dirk Stoecker.
REPORTS: Feature request #146: Add option to pull input from a file.
REPORTS: Fix bug #153: Suppress duplicate results from the same
domain. Patch from Tomki Camp.
1.3.2 2017/03/04
Feature request #86: Change meaning of "RequiredHeaders" such that
header validity is always checked, but messages are only
rejected on that basis when the flag is set. Based
on a patch from Andreas Schulze.
Feature request #127: Log SPF results when rejecting. Requested
by Patrick Wagner; patch from Andreas Schulze, follow-up
patch from Juri Haberland.
Feature request #138: Inculde policy and disposition information
in an Authentication-Results comment. Based on a patch
from Juri Haberland.
Feature request #139: Include the client host name if known
in failure reports. Suggested by Roland Turner;
patch by Andreas Schulze.
Fix bug #95: Assume IPv6 for SPF operations. Patch from Juri Haberland.
Fix bug #120: Fix control logic around the SPF result.
Reported by Christophe Wolfhugel; patch from Andreas Schulze.
Fix bug #122: Don't skip the HELO milter phase when SPF is enabled.
Reported by Christophe Wolfhugel.
Fix bug #157: Fix logging of implicit authserv-ids. Reported
by Andreas Schulze; patch from Juri Haberland.
Fix bug #158: Log ignored connections. Patch from Andreas Schulze.
Fix bug #160: Fix "SyslogFacility" handling. Patch from
Juri Haberland.
Fix bug #163: Use a larger buffer for the raw MAIL FROM value.
Based on a patch from Andreas Schulze.
Fix bug #174: Trim "!" suffixes from reporting addresses. Problem
noted by Juri Haberland.
Fix bug #186: When reloading the configuration file, the public
suffix list was read in with the wrong comment indicator.
Patch from Federico Omoto.
Fix bug #194: Fix inappropriate DMARC status when "p=none" is
discovered. Patch from Juri Haberland.
Fix bug #195: When parsing Received-SPF, use the correct constants
in the history file entries. Patch from Juri Haberland.
LIBOPENDMARC: Fix bug #115: Fix type mismatch. Patch from
Sebastian A. Siewior via Scott Kitterman.
LIBOPENDMARC: Fix bug #121: Fix IPv6 CIDR matching in SPF code.
Patch from Christophe Wolfhugel.
LIBOPENDMARC: Fix bug #125: Compile time IPv6 fix. Reported by
Christophe Wolfhugel.
LIBOPENDMARC: Fix bug #131: Fix alignment bug. Patch from
Andreas Schulze.
LIBOPENDMARC: Fix bug #147: Fix stripping of whitespace from
DMARC DNS records. Based on a patch from Job Noorman.
LIBOPENDMARC: Fix bug #149: Apply "sp" setting, if present and
applicable. Patch from Petr Novak.
LIBOPENDMARC: Fix bug #154: Fix "rf" and "fo" processing logic.
LIBOPENDMARC: Fix bug #156: Fix variable name. Patch by
Andreas Schulze.
LIBOPENDMARC: Fix bug #165: Fix logic in checking which SPF
identifier was used. Patches from Marco Favero and
Juri Haberland.
LIBOPENDMARC: Fix bug #167: Don't return "fail" when we should
return "none". Patch from Marco Favero.
REPORTS: Fix bug #134: Handle SMTP errors correctly. Patch from
Andreas Schulze.
REPORTS: Fix bug #141: Set the HELO parameter correctly.
Reported by Alan Smith; patch from Andreas Schulze.
REPORTS: Fix bug #143: Fix logic in table truncation.
Reported by Wayne Andersen; patch from Juri Haberland.
REPORTS: Fix bug #162: Always report "sp" in aggregate reports.
Patch from Juri Haberland.
REPORTS: Fix bug #166: Fix report start/end time logic.
Patch from Juri Haberland.
REPORTS: Fix bug #188: Don't delete inputs too early in
opendmarc-reports. Patch from Juri Haberland.
TOOLS: Fix bug #161: "Forensic" reports were renamed "Failure"
reports. Patch from Andreas Schulze.
TOOLS: Fix bug #164: Handle IPv6 test addresses. Reported by
Andreas Schulze; patch from Juri Haberland.
DOCS: Patch #189: Replace the DMARC RFC with an HTML page
referencing the relevant specs, since Debian doesn't
consider RFCs to be "free". Patch from Scott Kitterman
via Juri Haberland.
- qmail-qfilter-{ofmipd,smtpd}-queue: Remove after 2 years' deprecation.
If you're using these, please switch to qmail-qfilter-queue.
- qmail-qfilter-viruscan: Optionally build with qmail-queue-custom-error
support, returning the same error message as Russ Nelson's original
viruscan patch.
- qmail-qfilter-queue.8, qmail-rcptcheck.8: Add an ERRORS section.
Darwin doesn't install include files in ${KRB5BASE}
(They are in the SDK instead)
therefore let fetchmail use krb5-config to determine how to
link against kerberos
- reup: Delete, because retrying AUTH has been broken ever since TLS was
added to authup.
- authup: Fix AUTH retries under TLS by inlining the retry logic.
- fixsmtpio: Fix process-management bugs in "Ensure STARTTLS resets all
state by restarting qmail-smtpd."
- Manual pages: considerably improve clarity of authup(8) and
fixsmtpio(8). Mention s6-ucspitlsd, a new UCSPI-TLS server
implementation coming soon to s6-networking.
