v2.3.5.2
* CVE-2019-10691: Trying to login with 8bit username containing
invalid UTF8 input causes auth process to crash if auth policy is
enabled. This could be used rather easily to cause a DoS. Similar
crash also happens during mail delivery when using invalid UTF8 in
From or Subject header when OX push notification driver is used.
* CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl header
from Dovecot index. Exploiting this requires direct write access to
the index files.
## 0.5.1 (2019-03-03)
* mdeliver: preserve mtime in mrefile
* mdirs: add -0 to separate folders by NUL characters
* Fixes for buffer-overflows, found by fuzzing.
* Fixes for memleaks.
Changelog:
60.6.0
fixed
Calendar: Can't create repeating event with end date when using certain time zones, for example Europe/Minsk
60.5.3
fixed
Problem when using "Send to > Mail recipient" on Windows introduced in version 60.5.2.
If files with non-ASCII characters in their name still cause a malfunction, use one of the following two alternative solutions:
Reset this registry entry
HKLM\SOFTWARE\Clients\Mail\Mozilla Thunderbird - SupportUTF8 to 0. Also reset HKLM\SOFTWARE\Wow6432Node\Clients\Mail\Mozilla Thunderbird - SupportUTF8 if present.
On Windows 10, set the system code page to UTF-8 (beta feature, see Region Settings, system locale)
MREMAP_MAYMOVE flag is the default behaviour on NetBSD and by
adjusting the single mremap() call it can be used on NetBSD too
(remove CONFIGURE_ENV injection kludge).
Thanks to <joerg> and <kamil> respectively for kindly pointing out
that and suggestions! (possible regressions are mine!)
Update dovecot2-pigeonhole to 0.5.5 for dovecot 2.3.5.
v0.5.5 2019-03-05 Stephan Bosch <stephan@rename-it.nl>
+ IMAPSieve: Add new plugin/imapsieve_expunge_discarded setting which
causes messages discarded by an IMAPSieve script to be expunged
immediately, rather than only being marked as "\Deleted" (which is
still the default behavior).
- IMAPSieve: Fix panic crash occurring when a COPY command copies
messages from a virtual mailbox where the source messages originate
from more than a single real mailbox.
- imap4flags extension: Fix deleting all keywords. When the action
resulted in all keywords being removed, no changes were actually
applied.
- variables extension: Fix truncation of UTF-8 variable content. The
maximum size of Sieve variables was enforced by truncating the
variable string content bluntly at the limit, but this does not
consider UTF-8 code point boundaries. This resulted in broken UTF-8
strings. This problem also surfaced for variable modifiers, such as
the ":encodeurl" modifier provided by the Sieve "enotify" extension.
In that case, the resulting URI escaping could also be truncated
inappropriately.
- IMAPSieve, IMAP FILTER=SIEVE: Fix replacing a modified message. Sieve
scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context that
modify the message, stored the message a second time, rather than
replacing the originally stored unmodified message.
- Fix segmentation fault occurring when both the sieve_extprograms
plugin (for the Sieve interpreter) and the imap_filter_sieve plugin
(for IMAP) are loaded at the same time. A symbol was defined by both
plugins, causing a clash when both were loaded.
Changelog:
Notmuch 0.28.3 (2019-03-05)
===========================
Library
-------
Fix a bug with the internal data structure _notmuch_string_map_t used
by message properties.
Build System
------------
Serialize calls to sphinx-build to avoid race condition.
Changelog:
### OfflineIMAP v7.2.3 (2019-02-17)
#### Notes
A tiny release for one minor bug fix.
This release was tested by:
- Nicolas Sebrecht
#### Authors
- Mart Lubbers (1)
#### Fixes
- add checks in curses ui for small windows. [Mart Lubbers]
### OfflineIMAP v7.2.2 (2018-12-22)
#### Notes
With this release offlineimap can renew the token for OAUTH2. There is better
integration for ArchLinux and OSX. SSL configuration options are more
consistent.
There are bug fixes about maxage and GSSAPI.
The imaplib2 library looks discontinued. I wonder we'll have no other choice
than maintaining our own fork.
This release was tested by:
- Nicolas Sebrecht
#### Authors
- Nicolas Sebrecht (5)
- Philippe Loctaux (4)
- Benedikt Heine (2)
- Carnë Draug (2)
- Frode Aannevik (1)
- Robbie Harwood (1)
#### Features
- 2890dec Added ssl certfile on osx for openssl pacakge on homebrew. [Philippe Loctaux]
- 761e10e Add Archlinux to list of supported distros. [Philippe Loctaux]
#### Fixes
- 8692799 Fix expired oauth2_access_token. [Frode Aannevik]
- 096aa07 Handle empty token with complete GSSAPI context. [Robbie Harwood]
- a51064e maxage: always compute the remote cache list for min_uid. [Nicolas Sebrecht]
- 698ec64 offlineimap.conf: minor fixes. [Nicolas Sebrecht]
- af3a35a offlineimap/utilis/distro.py: indentation fix. [Philippe Loctaux]
- d3ba837 Fix typo in exception message. [Benedikt Heine]
- c9005cd Check if username is provided before trying plain authentication.. [Carnë Draug]
#### Changes
- 5f9474e Print username instead of accountname when asking for password. [Carnë Draug]
- ce9a198 Chain tls_level and ssl_version only if ssl is enabled. [Benedikt Heine]
- 6ef5937 docs/website-doc.sh: minor improvements in comments of versions.yml. [Nicolas Sebrecht]
- 4544bb1 contrib/release.py: minor UI improvement. [Nicolas Sebrecht]
- d930125 fix dates in copyright lines. [Nicolas Sebrecht]
### OfflineIMAP v7.2.1 (2018-06-16)
#### Notes
This new version introduces interesting features. The fingerprints now accepts
hashes in sha224, sha256, sha384 and sha512 to improve the compatibility with
IMAP servers.
There's a new script in ./contrib to store passwords with GPG.
The new GSSAPI library for kerberos gets a fix about authentication. Gmail
labels can now have parenthesis and the hostname can have path separators in
theirs names.
There's a lot of other minors improvements to make offlineimap better
(in the documentation, UI, configuration file and the code).
This release was tested by:
- Nicolas Sebrecht
Thanks to all the contributors. A lot of patches are first time contributions to
this project. This is very pleasant.
Special thanks to Ilias Tsitsimpis, Eygene Ryabinkin, Chris Coleman our long
time contributors involved in this release and Sebastian Spaeth who is still
paying for the domain name!
#### Authors
- Nicolas Sebrecht (9)
- velleto (6)
- Chris Coleman (1)
- Edgar HIPP (1)
- Eygene Ryabinkin (1)
- Lorenzo (1)
- Michael Billington (1)
- Robbie Harwood (1)
#### Features
- Script to store passwords in a file with GPG or using OSX's secure keychain. [Lorenzo]
- Added support for sha512, sha384, sha256, sha224 hashing algorithms to calculate server certificate fingerprints.. [velleto]
#### Fixes
- Pass username through in GSSAPI connections. [Robbie Harwood]
- Gmail: allow parenthesis in labels. [Nicolas Sebrecht]
- Correct typographical errors in offlineimap.conf. [Michael Billington]
- Create filenames with no path separators in them. [Eygene Ryabinkin]
#### Changes
- imapserver: fix copyright line. [Nicolas Sebrecht]
- Available hashes added to documentation.. [velleto]
- Documented the now allowed use of colon separated fingerprints with examples.. [velleto]
- Allow users to keep colons between each hex pair of server certificate fingerprint in configuration file.. [velleto]
- Removed uneccessary call of list() on zip() object.. [velleto]
- Changed the 'exception raised' message, to be more understandable.. [velleto]
- Make CTRL-C message more clear. [Edgar HIPP]
- setup: add long_description. [Nicolas Sebrecht]
- offlineimap.conf: fix comment about gssapi. [Nicolas Sebrecht]
- Add self to maintainers. Update email address.. [Chris Coleman]
- Makefile: targz: don't set the abbrev in the archive directory name. [Nicolas Sebrecht]
- contrib: learn to build website/_uploads. [Nicolas Sebrecht]
- docs/website-doc.sh: limit the number of exported versions in _data/announces.yml. [Nicolas Sebrecht]
- Makefile: targz: update files. [Nicolas Sebrecht]
- Makefile: clean: remove __pycache__ directories. [Nicolas Sebrecht]
### OfflineIMAP v7.2.0 (2018-04-07)
#### Notes
The biggest change with this release is the introduction of automated tests;
thanks to Chris from http://www.espacenetworks.com.
Robbie Hardwood from RedHat switched the GSSAPI dependency from pykerberos to
python-gssapi because it's more active and has more pleasant interface.
The shebang is fixed back to python2 to fix issues on some environments.
The UI was improved to show both the local and remote foldernames (usefull when
nametrans is enabled).
Thanks to all the contributors.
This release was tested by:
- Nicolas Sebrecht
- Remi Locherer
#### Authors
- Nicolas Sebrecht (9)
- Musashi69 (1)
- Robbie Harwood (1)
- chris001 (1)
#### Features
- Autmomated testing using Travis and CodeCov.io!. [chris001]
- README: travis: add badge for the next branch. [Nicolas Sebrecht]
- travis: add notification to gitter room OfflineIMAP/offlineimap. [Nicolas Sebrecht]
#### Fixes
- offlineimap.py: fix shebang to python2. [Nicolas Sebrecht]
- bin/offlineimap: fix shebang to env python2. [Nicolas Sebrecht]
#### Changes
- Port to python-gssapi from pykerberos. [Robbie Harwood]
- requirements: add gssapi as optional dependency. [Nicolas Sebrecht]
- make UI output show local AND remote dirs involved. [Musashi69]
- maxsyncaccounts: improve documentation. [Nicolas Sebrecht]
### OfflineIMAP v7.1.5 (2018-01-13)
#### Notes
This minor release fixes a bug about maxage failing to upload some emails. Also,
this introduces the snapcraft.yaml to package offlineimap with this packaging
system.
This release was tested by:
- Nicolas Sebrecht
- Remi Locherer
#### Authors
- Nicolas Sebrecht (4)
- Evan Dandrea (1)
- John Ferlito (1)
#### Features
- Initial commit of snapcraft.yaml. [Evan Dandrea]
#### Fixes
- maxage: don't consider negative UIDs when computing min UID. [Nicolas Sebrecht]
- Add missing space to output string. [John Ferlito]
#### Changes
- folder: IMAP: improve search logging. [Nicolas Sebrecht]
- no UIDPLUS: improve logging on failures. [Nicolas Sebrecht]
- github: remove the trick to download the PR. [Nicolas Sebrecht]
### OfflineIMAP v7.1.4 (2017-10-29)
#### Notes
Here is a bugfix release for v7.1.3. Two regressions got fixes and the
--delete-folder CLI option now expects an UTF-8 folder name when utf8foldernames
is enabled.
This release was tested by:
- Nicolas Sebrecht
#### Authors
- Nicolas Sebrecht (5)
- Thomas Merkel (1)
#### Fixes
- utf8foldernames: fix missing decode argument. [Nicolas Sebrecht]
- Fix: if any tunnel (preauth_tunnel or transport_tunnel) the hostname should not be required. [Thomas Merkel]
#### Changes
- utf8foldernames: support --delete-folder with UTF-8 folder name. [Nicolas Sebrecht]
- contrib/release.py improvements
### OfflineIMAP v7.1.3 (2017-10-08)
#### Notes
This release introduces a new experimental utf8foldernames configuration option.
We already had the "tricky" decodefoldernames which is now deprecated. The new
code is the correct implementation for this feature. The changes are neat and
rather small. All the users having decodefoldernames are requested to move to
utf8foldernames. This requires to update almost all the functions like
nametrans, folderfilter, etc, because they work on the UTF-8 encoding. See the
documentation for more. Thank you Urs Liska for this contribution!
In the long run, the idea is to:
1. Remove decodefoldernames in favour of utf8foldernames.
2. Promote utf8foldernames up to stable.
3. Turn utf8foldernames on by default.
Currently, folders with non-ASCII characters in their name have to be fully
re-downloaded. So, there's a bit more work to be done to have (3) and maybe (2).
Also, this release includes a fix about remotehost and transporttunnel that
would require some testing. Thanks Thomas Merkel!
There are documentation improvements, improved errors and minor code cleanups,
too.
This release was tested by:
- Nicolas Sebrecht
- Remi Locherer
#### Authors
- Nicolas Sebrecht (11)
- Urs Liska (8)
- Thomas Merkel (1)
#### Features
- utf8: implement utf8foldernames option. [Urs Liska]
- utf8: document new feature, deprecate old one. [Urs Liska]
#### Fixes
- remotehost should not be required if transporttunnel is used. [Thomas Merkel]
- accounts: error out when no folder to sync. [Nicolas Sebrecht]
- sqlite: provide better message error for insert. [Nicolas Sebrecht]
- folder: Gmail: fix copyright header. [Nicolas Sebrecht]
#### Changes
- man: remove mention of experimental support for python 3. [Nicolas Sebrecht]
- man: mention the supported directions of the syncs. [Nicolas Sebrecht]
- folder: Gmail: remove dead code. [Nicolas Sebrecht]
- upcoming.py: get header template from external file. [Nicolas Sebrecht]
- upcoming.py: display a message with the filename once written. [Nicolas Sebrecht]
- contrib/helpers: sort testers by name. [Nicolas Sebrecht]
- Remove some unnecessary whitespace (in existing code). [Urs Liska]
- MAINTAINERS: Rainer is not currently active. [Nicolas Sebrecht]
### OfflineIMAP v7.1.2 (2017-07-10)
#### Notes
This release introduces better Davmail support, better reliability when in
IMAP/IMAP mode, better output on some errors, and minor fixes. The provided
systemd files are improved.
The imaplib2 requirement is now v2.57.
Remi Locherer is joining our tester team. Great!
Starting with this release, the feedbacks from the testers are recorded in the
release notes, the git logs and the Changelog. Thanks to all of them for
improving the releases.
This release was tested by:
- benutzer193
- Nicolas Sebrecht
- Remi Locherer
#### Authors
- Nicolas Sebrecht (20)
- Hugo Osvaldo Barrera (5)
- Alvaro Pereyra (1)
- benutzer193 (1)
#### Features
- contrib/release.py: consider positive feedbacks from testers. [Nicolas Sebrecht]
- Introduce the github CODEOWNERS file. [Nicolas Sebrecht]
- IMAP/IMAP: continue to sync if the local side does not return a valid UID on upload. [Nicolas Sebrecht]
#### Fixes
- folder/IMAP: introduce dedicated parsing for davmail (not supporting UIDPLUS). [Nicolas Sebrecht]
- offlineimap.conf: minor typo fix. [Alvaro Pereyra]
- Respect systemd conventions for timers. [Hugo Osvaldo Barrera]
- Use a pre-existing target for systemd services. [Hugo Osvaldo Barrera]
- Remove invalid systemd setting. [Hugo Osvaldo Barrera]
- systemd: remove unused watchdog functionality. [benutzer193]
- gitignore generated css file. [Nicolas Sebrecht]
- Changelog: fix syntax. [Nicolas Sebrecht]
#### Changes
- Increase imaplib2 requirement from v2.55 to v2.57. [Nicolas Sebrecht]
- folder/IMAP: improve the warning when we can't parse the returned UID. [Nicolas Sebrecht]
- Provide more details in error message when SSL fails on non-standard port. [Nicolas Sebrecht]
- Use basic logger (since systemd picks up stdout). [Hugo Osvaldo Barrera]
- Explain how to override systemd values. [Hugo Osvaldo Barrera]
- systemd: add documentation entry in configuration files. [Nicolas Sebrecht]
- offlineimap.conf: ssl must be disabled to force STARTTLS in some cases. [Nicolas Sebrecht]
- Advise singlethreadperfolder when offlineimap hangs. [Nicolas Sebrecht]
- offlineimap.conf: minor improvements. [Nicolas Sebrecht]
- contrib: more release automation. [Nicolas Sebrecht]
- MAINTAINERS: Remi Locherer joins the team of testers. [Nicolas Sebrecht]
- systemd: README: credit Hugo as contributor. [Nicolas Sebrecht]
### OfflineIMAP v7.1.1 (2017-05-28)
#### Notes
This release has some interesting fixes, including one for the Blinkenlights UI.
Otherwise, there is no big change since the previous version.
Furthermore, this release was tested by:
- Remi Locherer
#### Authors
- Nicolas Sebrecht (17)
- Chris Coleman (1)
- Ilias Tsitsimpis (1)
- Maximilian Kaul (1)
- benutzer193 (1)
- Ævar Arnfjörð Bjarmason (1)
#### Features
- contrib: introduce a tool to produce the "upcoming notes". [Nicolas Sebrecht]
- contrib: secure HTTPS test internet is connected.. [Chris Coleman]
- Env info (used by -V and banner): add openssl version. [Nicolas Sebrecht]
- docs: learn to build html files for the manual pages. [Nicolas Sebrecht]
#### Fixes
- Acquire lock before updating the CursesLogHandler window. [Ilias Tsitsimpis]
- maxage: use the remote folder first to compute min_uid. [Nicolas Sebrecht]
- Fix systemd.timer: initialize timer after boot. [benutzer193]
- XOAUTH2: don't try this authentication method when not configured. [Nicolas Sebrecht]
- mbnames: don't duplicate entries in autorefresh mode. [Nicolas Sebrecht]
- docs: update the instructions for creating OAuth projects for GMail. [Ævar Arnfjörð Bjarmason]
- Fixed typo in doc: tls_1_2 => tls1_2. [Maximilian Kaul]
- IMAP: UIDPLUS: correctly warn about weird responses from some servers. [Nicolas Sebrecht]
- website-doc: force copy of the new HTML generated man pages. [Nicolas Sebrecht]
- Makefile: fix clean target. [Nicolas Sebrecht]
#### Changes
- MAINTAINERS: benutzer193 joins the testers team. [Nicolas Sebrecht]
- IMAP: UIDPLUS: improve error message on response error for new UID. [Nicolas Sebrecht]
- Display the imaplib and python versions for each normal run. [Nicolas Sebrecht]
- imapserver: provide some SSL info while in imap debug mode. [Nicolas Sebrecht]
- manual: improve the documentation about sqlite migration. [Nicolas Sebrecht]
- documentation: add entry for faulting folders with Microsoft servers. [Nicolas Sebrecht]
- website-doc.sh: add hint on API removal. [Nicolas Sebrecht]
- README: refactorize sections. [Nicolas Sebrecht]
From the upstream release-note:
NEWS:
+ Lua push notification driver: mail keywords and flags are provided
in MessageNew and MessageAppend events.
+ submission: Implement support for plugins.
+ auth: When auth_policy_log_only=yes, only log what the policy server
response would do without actually doing it.
+ auth: Always log policy server decisions with auth_verbose=yes
- v2.3.[34]: doveadm log errors: Output was missing user/session
- lda: Debug log lines could have shown slightly corrupted
- login proxy: Login processes may have crashed in various ways when
login_proxy_max_disconnect_delay was set.
- imap: Fix crash with Maildir+zlib if client disconnects during APPEND
- lmtp proxy: Fix potential assert-crash
- lmtp/submission: Fix crash when SMTP client transaction times out
- submission: Split large XCLIENT commands to 512 bytes per command,
so Postfix accepts them.
- submission: Fix crash when client sends invalid BURL command
- submission: relay backend: VRFY command: Avoid forwarding 500 and
502 replies back to client.
- lib-http: Fix potential assert-crash when DNS lookup fails
- lib-fts: Fix search query generation when one language ignores a
token (e.g. via stopwords).
Add ruby-actionmailer52 version 5.2.2 package.
Action Mailer is a framework for designing email-service layers. These layers
are used to consolidate code for sending out forgotten passwords, welcome
wishes on signup, invoices for billing, and any other use case that requires
a written notification to either a person or another system.
Action Mailer is in essence a wrapper around Action Controller and the
Mail gem. It provides a way to make emails using templates in the same
way that Action Controller renders views using templates.
Additionally, an Action Mailer class can be used to process incoming email,
such as allowing a weblog to accept new posts from an email (which could even
have been sent from a phone).
This is for Ruby on Rails 5.2.
Changelog:
60.5.1
Fixed
CalDav access to some servers not working
#CVE-2018-18500: Use-after-free parsing HTML5 stream
#CVE-2018-18505: Privilege escalation through IPC channel messages
#CVE-2016-5824: DoS (use-after-free) via a crafted ics file
#CVE-2018-18501: Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5
60.5.0
New
FileLink provider WeTransfer to upload large attachments
Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user inferface: [+] button to select a file an add, [-] to remove.
More search engines: Google and DuckDuckGo available by default in some locales
During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol.
Fixed
Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on
Crash when using custom sound for new email notification
WebExtension-based dictionaries from addons.mozilla.org not working in Thunderbird
Calendar: Printing of calendars not working
#CVE-2018-18356: Use-after-free in Skia
#CVE-2019-5785: Integer overflow in Skia
#CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D
#CVE-2018-18509: S/MIME signature spoofing
4.92:
New features include:
- ${l_header:<name>} expansion
- ${readsocket} now supports TLS
- "utf8_downconvert" option (if built with SUPPORT_I18N)
- "pipelining" log_selector
- JSON variants for ${extract } expansion
- "noutf8" debug option
- TCP Fast Open support on MacOS
Maintain a folder which has its messages stored on a remote server. The
communication between the client application and the server is implemented using
the IMAP4 protocol. This class uses Mail::Transport::IMAP4 to hide the transport
of information, and focusses solely on the correct handling of messages within a
IMAP4 folder. More than one IMAP4 folder can be handled by one single IMAP4
connection.
