This is a bug-fix release, addressing CVE-2022-1328: a buffer overread in
the uuencoded decoder routine.
Also fixed were a possible integer overflow issue in the general iconv and
rfc2047-conversion iconv functions. These are not believed to be
exploitable.
This is a bug-fix release, fixing a few smaller issues. Of note, the
<edit-fcc> and IMAP create/rename mailbox prompts were fixed to use the
mailbox history list.
This is a bug-fix release, fixing a header-cache and body-cache naming
regression. Some internal URL handling fixes accidentally resulted in the
username being omitted from the header cache in some cases.
Changes since version 2.1.5:
+ $pager_skip_quoted_context determines the number of lines to show
before unquoted text when using <skip-quoted> in the pager.
! Quadoption prompts and a few boolean prompts now have a '?' choice,
which will display the associated configuration variable.
! <enter>, <return>, and <keypadenter> can be bound to separate
functions/macros.
+ $sort_thread_groups can be used to sort top-level thread groups differently
than subthreads.
! contrib/smime.rc now uses the cms utility for SMIME encryption/decryption.
+ $compose_confirm_detach_first helps prevent accidentally deleting your
typed message in the compose menu.
+ The $attach_save_charset_convert quadoption prompts to allow charset
conversion of received text-type attachments when saving them to disk.
+ --with-gsasl allows configuration with the GNU SASL library, as an
alternative to Cyrus.
! $reply_regexp is now localizable by translators, to add other
non-standard prefixes used in the locale. "aw" was removed from the
default value.
! $rfc2047_parameters is enabled by default.
This is a bug-fix release. Fixes include:
* a regression with SMTP authentication, where Mutt would force authentication
when a server advertised AUTH.
* a possible SMTP server response overread, although I don't believe there is
a security issue here.
* a SEGV bug on NetBSD when trying to use low level terminfo routines. Because
of this fix, Mutt now looks for the term.h header before enabling these
routines. Packagers should ensure this header is present in the build
dependencies.
* format=flowed text is space-unstuffed before piping to
$send_multipart_alternative_filter
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
The following distfiles were unfetchable (possibly fetched
conditionally?):
./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
Changes since version 2.0.7:
! The -d option allows a negative number. If negative, debug files are
not rotated. The debug level is the absolute value.
+ <view-pager> in the attachment menu uses a copiousoutput mailcap
entry, or falls back to raw text.
+ <view-mailcap>, <view-pager>, and <view-text> functions added to the
compose menu.
+ <view-alt-pager> in the compose menu allows previewing the output
of the $send_multipart_alternative_filter the way <view-pager> does.
+ <list-action>, bound to Esc-L in the index and pager menu, brings
up a menu of operations to perform on mailing list emails, such as
subscribe/unsubscribe.
+ <skip-headers>, bound to 'H' in the pager, will skip to the first
blank line following the headers.
! ~h patterns over IMAP and POP3 will only download the headers of the
message. However with message caching enabled (via $message_cachedir)
the whole message will still be downloaded.
+ $ssl_verify_host_override allows manually specifying the host name
to verify a server certificate against.
! --enable-hcache, with no particular backend enabled, will scan in
the order: kyotocabinet, tokyocabinet, lmdb, qdbm, gdbm, bdb.
! $allow_ansi understands 256-color ANSI escape sequences.
+ $message_id_format can be used to specify a custom message-id
format. Since it's a format string, this can also use a filter.
Please use this option with care, as Mutt won't check if your
message-id is legal.
! mailboxes -nonotify will poll a mailbox for new mail, but will not
trigger new mail notifications (e.g. $beep_new or $new_mail_command).
! $reverse_name affects tagged reply/forward/compose-to-sender
actions too.
! ANSI sequences are filtered for inline-forwarded autoview content,
in addition to replies.
! $forward_decrypt is now a quadoption, defaulting 'yes' for backward
compatibility.
! Pattern functions, (e.g. search and limit) can be interrupted with
ctrl-c.
! The default mailto_allow list now includes cc, in-reply-to, and
references.
+ $sort_browser_mailboxes controls mailbox browsing, and defaults
"unsorted". $sort_browser now only controls directory browsing.
! $sort_browser and $sort_browser_mailboxes "unsorted" now means the
order added (e.g. specified in the muttrc). Switching back to
"unsorted" will now resort in that order (previously it was a no-op.)
! In the browser ".." is excluded from sorting and kept at the top.
! Temp filenames generated for mailcap invocation now allow non-ascii
characters.
+ $local_date_header, when unset, causes the date in the Date header
to be formatted using the GMT timezone.
This release fixes a few assorted bugs. Unfortunately, one of those (for
large-file support) required a change to the header cache structures; so
your header cache files will need to regenerate when opening each mailbox.
This is an important bug fix release, addressing CVE-2020-28896. Mutt had
incorrect error handling when initially connecting to an IMAP server, which
could result in an attempt to authenticate without enabling TLS.
This release fixes a compilation issue on a few platforms, and clarifies the
pattern completion function in the UPDATING file. No other changes were made.
Change since version 1.14.7:
+ Domain-literal support for email addresses, e.g user@[IPv6:fcXX:...]
! Buffy completion only occurs for the "change-folder" set of functions.
It has been disabled for <attach-message>, <write-fcc>, the fcc
mailbox prompt, and the autocrypt scan mailbox prompt.
! The "save/copy message to mailbox" set of functions use the "mailbox"
history list, instead of the "filename" list.
! Message-ID extraction permits values missing angle brackets and '@'
to allow properly threading the garbage sent by some providers.
Mutt will add missing angle brackets when sending out replies, however.
! When adding multiple attachments, via <attach-file> in the compose menu,
the browser menu can be exiting via <quit> after tagging the files.
Previously, <select-entry> had to be used.
! ctrl-p/ctrl-n are by default bound to <history-up>/<history-down> in the
editor menu.
+ The "cd" command allows changing the current working directory.
As part of this, Mutt expands relative paths internally. There
may be a change to some "prettified" relative paths because of this.
! Some configuration variable default values are localizable by
translators. Currently these are: $attribution, $compose_format,
$forward_attribution_intro, $forward_attribution_trailer, $status_format,
$ts_icon_format, $ts_status_format.
+ Mutt will try to automatically reconnect to an IMAP mailbox on error,
and will merge unsync'ed changes if possible.
! $crypt_protected_headers_subject defaults to "...", following the
protected headers revised specification.
! Date, From, To, Cc, and Reply-To headers are stored as protected headers.
+ XOAUTH2 support. Please see the manual, contrib script mutt_oauth2.py,
and mutt_oauth.py.README for more details.
+ $tunnel_is_secure, default set, assumes a connection via $tunnel is
encrypted. Unsetting this will cause $ssl_starttls and $ssl_force_tls
to be respected.
+ Patterns are tab-completable in the editor menu.
! $reply_to is consulted before $reply_self.
+ $copy_decode_weed, default unset, controls header weeding for <decode-copy>
and <decode-save>.
+ $pipe_decode_weed, default set, enables header weeding for <pipe-message>.
+ $print_decode_weed, default set, enables header weeding for <print-message>.
! format=flowed attachments are space-unstuffed when viewed, saved,
piped, and printed.
+ The "run" command will execute MuttLisp. $muttlisp_inline_eval, if set, will
execute unquoted parenthesized command arguments as MuttLisp. Please see
the manual for more details about both.
+ $cursor_overlay, when set, will overlay the indicator, tree,
sidebar_highlight, and sidebar_indicator colors onto the current line.
"default" colors will be overridden and attributes will be merged.
! The message-id generation algorithm uses a random number instead of
the step counter and PID.
! $ssl_force_tls defaults set. (Trying this again for 2.0).
! $hostname is set *after* muttrc processing. It can be manually set
in the muttrc to avoid using DNS calls to obtain the FQDN.
+ $attach_save_dir specifies a directory to use when saving attachments.
This is a bug-fix release fixing a problem resetting access times that snuck
in starting with 1.11.0. This only affected relative-path mailboxes, but
caused Mutt to "forget" new mail in mbox files.
This release fixes a regression from the 1.14.3 release. Encryption settings
are no longer checked when using $tunnel to connect to a preauthenticated IMAP
server.
Remove some patches that would get voting rights soon.
Remove support for NetBSD 1.5.
pkglint cleanup.
XXX: someone should send the remaining patches upstream.
Mutt 1.14.4 was released on June 18, 2020. This is an important
bug-fix release. It fixes a possible machine-in-the-middle response
injection attack when using STARTTLS with IMAP, POP3, and SMTP
(CVE-2020-14954).
Mutt 1.14.3 was released on June 14, 2020. This is an important
bug-fix release. It fixes a possible IMAP fcc/postpone
machine-in-the-middle attack (CVE-2020-14093). It also fixes some
GnuTLS certificate prompt issues.
Mutt 1.14.2 was released on May 25, 2020. This is a bug-fix release,
fixing a few prompt buffer-size issues and adding a potential DoS
mitigation.
Mutt 1.14.1 was released on May 16, 2020. This is a bug-fix release,
fixing a documentation build issue and a few other small bugs.
Mutt 1.14.0 was released on May 2, 2020. This release has new
features and bug fixes. See the UPDATING file, or for more details
see the release notes page.
This release fixes a potential memory corruption issue when sync'ing imap
mailboxes. It also improves the speed of opening mailboxes with large threads
(when sorting by thread). Lastly, it changes the default of $ssl_force_tls
back to unset.
1.13.4 (2020-02-15):
! Bug fix release.
! $ssl_force_tls reverted to default unset. Defaulting this set was
overly optimistic, and caused breakage.
Changes since version 1.13.0:
! Bug fix release.
+ $sidebar_relative_shortpath_indent, default unset, enables the
indentation and shortpath behavior introduced in 1.13.0.
+ $sidebar_use_mailbox_shortcuts, default unset, displays standard
mailbox shortcuts, '~' and '=' in the sidebar. When unset, the
sidebar will remove a $folder prefix but won't display mailbox
shortcuts.
Changes since version 1.12.2:
! <half-up> and <half-down> in the pager are now symmetric.
! $ssl_force_tls is now set by default.
! Configure option --with-regex is renamed to --with-bundled-regex.
Most modern OS should be fine using their own regex library. The
rename is to clarify the intention of the option.
! Configure option --disable-doc now only disables the manual generation.
Other parts of the doc directory (man pages, Muttrc file) are generated.
! $user_agent is now unset by default.
! unattachments now has a '*' parameter to remove all attachment counting.
+ Autocrypt support. Enabled via configure option --enable-autocrypt.
Please see the manual for details on how to enable and use this properly.
+ Byte size displays can be customized via new variables $size_show_bytes,
$size_show_mb, $size_show_fractions, $size_units_on_left.
+ $ssl_use_tlsv1_3, default set, allows TLS1.3 connections if supported
by the server.
! format=flowed space stuffing works again, and is performed after every
edit, not just the first time.
+ $browser_sticky_cursor, default set, attempts to keep the cursor on the
same mailbox when performing operations in the browser.
! <display-filename> in the browser menu shows the full path for local and
IMAP mailboxes.
! $sidebar_folder_indent and $sidebar_short_path are now based on previous
entries in the sidebar, allowing them to work on mailboxes outside $folder.
! Sidebar entries are now prefixed with mailbox shortcuts '~' and '='. This
uses the same code as other parts of mutt, for more consistent display.
+ <browse-mailboxes> allows direct access to the mailboxes list from the
index and pager, without having to use a macro. This improves
$browser_sticky_cursor initial selection of the current mailbox.
! <pipe-message> with $pipe_decode set will update MIME headers to decoded
text/plain values.
+ $send_multipart_alternative and $send_multipart_alternative_filter allow
the generation of a multipart/alternative when composing a message. See
their documentation in the manual for more details. Also see
contrib/markdown2html for a sample filter.
+ In the compose menu <view-alt>, <view-alt-text>, <view-alt-mailcap> allow
previewing the output of the $send_multipart_alternative_filter.
! $write_bcc now defaults unset. It no longer affects the Fcc copy, which
will always include the Bcc header.
+ When $count_alternatives is set, Mutt will recurse inside
multipart/alternatives while performing attachment searching and counting.
This affects %X in the index and ~X pattern matching.
