Upstream changes:
0.902 2016-07-11
** PLEASE CONSIDER USING EMAIL-SENDER INSTEAD **
- Fixed multiple $VERSION variables, GH #2. Thanks, Pavel.
- Addressed some testing issues with bad SMTP host.
- Turned off uninitialized warnings until they can all be resolved.
- Let DZil version the CType:: classes
- Removed unused EXPORT_OK option
0.901 2016-06-29
** PLEASE CONSIDER USING EMAIL-SENDER INSTEAD **
- Fixed a bug introduced in 0.900 where the auth method call pointed to the
wrong scope.
0.900003 2016-06-10
** PLEASE CONSIDER USING EMAIL-SENDER INSTEAD **
- Fixed conditional dependencies
- Fixed locale specific testing
- Fixed the Changes file
- Added some git helper files for the repo
- Reorganized the PM files into the lib directory
- Auto-generate MANIFEST using MANIFEST.SKIP from here on
- Ensure all files EOL with \n rather than any combination of \n and \r\n
- Renamed many undocumented/private functions to names beginning with _
- Added many, many tests for coverage and to prevent regressions
- Updated Config.PL to modernize.
- Lazily load Win32API::Registry for ::CType::Win32
What is NeoMutt?
* NeoMutt is a project of projects.
* A place to gather all the patches against Mutt.
* A place for all the developers to gather.
Hopefully this will build the community and reduce duplicated effort.
v0.4.15 07-07-2016 Stephan Bosch <stephan@rename-it.nl>
* vacation extension: The sieve_user_email setting is now used in the check
for implicit delivery.
- imapsieve plugin: For any mail transaction, the mailbox was opened a second
time, even if no mailbox rule matched. This was unintentional, useless and
caused problems when the imapsieve plugin was used with other plugins like
acl.
- extprograms plugin: Significantly improved error handling. No stream errors
were logged.
- extprograms plugin: Fixed bug in handling of result code from remote program
(script service).
- extprograms plugin: Connection to remote program service was not retried.
- Several small fixes based on static analysis.
- Fixed handling of quoted string localparts in email addresses.
* lmtp: Start tracking lmtp_user_concurrency_limit and reject already
at RCPT TO stage. This avoids MTA unnecessarily completing DATA only
to get an error.
* doveadm: Previously only mail settings were read from protocol
doveadm { .. } section. Now all settings are.
+ quota: Added quota_over_flag_lazy_check setting. It avoids checking
quota_over_flag always at startup. Instead it's checked only when
quota is being read for some other purpose.
+ auth: Added a new auth policy service:
http://wiki2.dovecot.org/Authentication/Policy
+ auth: Added PBKDF2 password scheme
+ auth: Added %{auth_user}, %{auth_username} and %{auth_domain}
+ auth: Added ":remove" suffix to extra field names to remove them.
+ auth: Added "delay_until=<timestamp>[+<max random secs>]" passdb
extra field. The auth will wait until <timestamp> and optionally some
randomness and then return success.
+ dict proxy: Added idle_msecs=<n> parameter. Support async operations.
+ Performance improvements for handling large mailboxes.
+ Added lib-dcrypt API for providing cryptographic functions.
+ Added "doveadm mailbox update" command
+ imap commands' output now includes timing spent on the "syncing"
stage if it's larger than 0.
+ cassandra: Added metrics=<path> to connect setting to output internal
statistics in JSON format every second to <path>.
+ doveadm mailbox delete: Added -e parameter to delete only empty
mailboxes. Added --unsafe option to quickly delete a mailbox,
bypassing lazy_expunge and quota plugins.
+ doveadm user & auth cache flush are now available via doveadm-server.
+ doveadm service stop <services> will stop specified services while
leaving the rest of Dovecot running.
+ quota optimization: Avoid reading mail sizes for backends which
don't need them (count, fs, dirsize)
+ Added mailbox { autoexpunge_max_mails=<n> } setting.
+ Added welcome plugin: http://wiki2.dovecot.org/Plugins/Welcome
+ fts: Added fts_autoindex_exclude setting.
- v2.2.24's MIME parser was assert-crashing on mails having truncated
MIME headers.
- auth: With multiple userdbs the final success/failure result wasn't
always correct. The last userdb's result was always used.
- doveadm backup was sometimes deleting entire mailboxes unnecessarily.
- doveadm: Command -parameters weren't being sent to doveadm-server.
- If dovecot.index read failed e.g. because mmap() reached VSZ limit,
an empty index could have been opened instead, corrupting the
mailbox state.
- imapc: Fixed EXPUNGE handling when imapc_features didn't have modseq.
- lazy-expunge: Fixed a crash when copying failed. Various other fixes.
- fts-lucene: Fixed crash on index rescan.
- auth_stats=yes produced broken output
- dict-ldap: Various fixes
- dict-sql: NULL values crashed. Now they're treated as "not found".
Changelog:
Fixed When entering members into a mailing list, the enter key dismissed the panel instead of just moving onto the next line
Fixed Email without HTML elements was sent as HTML, despite "Delivery Format: Auto-detect" option
Fixed Options applied to a template were lost when the template was used.
Fixed Contacts could not be deleted when they were found through a search
Fixed Views from global searches did not respect "mail.threadpane.use_correspondents"
Version 1.2.5:
- Support SHA256 fingerprints for tls_fingerprint, and mark both SHA1 and MD5 as
deprecated.
Version 1.2.4:
- The system default policy is used with GnuTLS instead of a hardcoded one.
Version 1.2.3:
- A bug in SOCKS support was fixed.
- Handling non-fatal errors in TLS handshakes was fixed.
Version 1.2.2:
- No significant changes.
Version 1.2.1:
- The new configure option --with-tls replaces --with-ssl.
- A new configure option --disable-gai-idn was added.
Version 1.2.0:
- Support for SOCKS proxies was added. This allows mpop to be used with Tor.
- GNOME Keyring support now uses libsecret instead of libgnome-keyring. It is
now documented how to use secret-tool to manage passwords for mpop; the
obsolete mpop-gnome-tool script is removed.
- Configuration file security is now only checked if the file actually contains
secrets such as passwords. (If you still store passwords in the configuration
file, consider using the passwordeval command or a key ring instead.)
- The GSSAPI authentication method is not chosen automatically anymore, you have
to request it manually if you really want to use it.
- Libidn is not required for IDN support anymore on systems where getaddrinfo()
supports the AI_IDN flag and the GnuTLS version is >= 3.4.0.
- SSLv3 is disabled, and the obsolete tls_force_sslv3 command and
--tls-force-sslv3 option have no effect anymore.
Version 1.0.29:
- No significant changes.
Upstream changes:
version 3.38: Tue Feb 9 02:48:21 UTC 2016
- rt.cpan.org#107592: redact credentials via debug if !Showcredentials
[Gilles Lamiral]
- rt.cpan.org#110273: failure to quote password values
(regression introduced in 3.36 via fix for rt.cpan.org#100601)
[Gilles Lamiral]
- rt.cpan.org#107593: allow getquota("")
- *Quote() now returns qq("") for defined but empty values
- rt.cpan.org#107011: fix folders_hash() docs and usage in is_parent()
[Gilles Lamiral]
- rt.cpan.org#106500: split UID EXPUNGE with a large sequence set
- added t/quota.t and t/lib/MyTest.pm for testing
- updated copyright for 2016
version 3.37: Fri Aug 14 11:04:53 EDT 2015
- regex fix in rt.cpan.org#96575 required Perl 5.10
updated regex to be backwards compatible with Perl 5.8
[Paul Howarth]
version 3.36: Fri Aug 14 01:40:50 UTC 2015
- rt.cpan.org#96575: parsing fixes for fetch_hash and bodystructure
+ better handling of data containing escaped characters
[Ken Neighbors]
- rt.cpan.org#97718: hang waiting for tag if DONE sent outside of IDLE
[Laurence Darby]
- rt.cpan.org#100683: failed literal commands hang waiting for '+'
[Matthias Pitzl]
- rt.cpan.org#100601: login() fails if username requires use of literals
[Andy Lyttle]
- *rt.cpan.org#103823: is_parent() should return undef on \NoInferiors
[Gilles Lamiral]
- rt.cpan.org#105456: fetch_hash fails if sequence number contains '*'
+ *no longer removing unrequested data (except UID) in returned hashes
[Gilles Lamiral]
- rt.cpan.org#91912: selectable broke in 3.29 due to \b around \NoSelect
[Justin Vallon, Gilles Lamiral]
- some documentation, test cleanup and new tests
version 3.35: Fri, Nov 22, 2013 2:18:41 PM
- *use Quote() over Massage() to avoid stripping double quotes from arg
+ removed constant NonFolderArg
+ may deprecate Massage() in a future release
- _list_or_lsub failed to handle folder names with double quotes
+ cleanup Escaped_results()
+ new methods: Escaped_history() _escaped_trans_data()
+ removed method: _list_response_preprocess()
[Gilles Lamiral, Victor L閉
- rt.cpan.org#90315: getacl on a folder returned as literal failed
+ _read_line could remove extra space when literal data was received
[Carl Karcher]
- rt.cpan.org#89040: typo fixes
[David Steinbrunner]
version 3.34: Fri, Sep 27, 2013 12:50:17 AM
- make Makefile.PL use non-interactive and document test.txt usage
- new attribute: Socketargs => [ (IO::Socket::.. args) ]
+ cleanup connect() to more flexible with IO::Socket::* args
- untagged server data during send literal may cause client to hang
[Arthur Wolfe, Josh Hillman]
+ _send_line() needs '+' only to know it is OK to send LITERAL data
+ created _response_code_sub() to simplify _get_response()
- remove internal "Folders" cache
- Allow for RFC 6154 "IMAP LIST Extension for Special-Use Mailboxes"
[Mathias Reitinger]
+ new method: folders_hash()
+ deprecate: xlist_folders(), xlist()
pkgsrc changes:
- (cosmetic) fix a pkglint warning and proper indent variables in options.mk
Changes:
Version 1.6.5:
- Support SHA256 fingerprints for tls_fingerprint, and mark both SHA1 and MD5 as
deprecated.
RELEASE 1.1.5
-------------
- Plugin API: Add html2text hook
- Plugin API: Added addressbook_export hook
- Fix missing emoticons on html-to-text conversion
- Fix random "access to this resource is secured against CSRF" message at logout (#4956)
- Fix missing language name in "Add to Dictionary" request in HTML mode (#4951)
- Enable use of TLSv1.1 and TLSv1.2 for IMAP (#4955)
- Fix XSS issue in SVG images handling (#4949)
- Fix (again) security issue in DBMail driver of password plugin [CVE-2015-2181] (#4958)
- Fix bug where Archive/Junk buttons were not active after page jump with select=all mode (#4961)
- Fix bug in long recipients list parsing for cases where recipient name contained @-char (#4964)
- Fix additional_message_headers plugin compatibility with Mail_Mime >= 1.9 (#4966)
- Hide DSN option in Preferences when smtp_server is not used (#4967)
- Protect download urls against CSRF using unique request tokens (#4957)
- newmail_notifier: Refactor desktop notifications
- Fix so contactlist_fields option can be set via config file
- Fix so SPECIAL-USE assignments are forced only until user sets special folders (#4782)
- Fix performance in reverting order of THREAD result
- Fix converting mail addresses with @www. into mailto links (#5197)
Add SMF support, clean up etc.
* Mon Feb 13 2012 Martin Matuska <martin@matuska.org>
- 1.8.0 release
- Allow to specify complete DSN in configuration file
- Support listening on UNIX sockets
- Support pidfile command line argument
* Mon Feb 01 2010 Michal Ludvig <mludvig@logix.net.nz>
- Upgraded VERSION to 1.8.0-rc2
- Reverted GNU sed syntax in Makefile
* Sat Jan 23 2010 Michal Ludvig <mludvig@logix.net.nz>
- Upgraded VERSION to 1.8.0-rc1
- 'make dist' now creates sqlgrey-$VERSION.tar.gz with
the help of 'git archive'
* Mon Aug 17 2009 Michal Ludvig <mludvig@logix.net.nz>
- 1.7.7 release getting ready
- Reworked "smart"/"class-c" IPv6 address handling.
- Added IPv6 address support for clients_ip_whitelist(.local)
file
- client_ip_whitelist(.local) now supports address/prefix
notation both for IPv4 and IPv6 addresses.
* Sun Aug 05 2007 Lionel Bouton <lionel-dev@bouton.name>
- 1.7.6 release
- Database handling fix (deactivated InactiveDestroy unless
needed)
- Reopen database connection on SIGUSR1
* Thu Feb 15 2007 Dan Faerch <dan.sqlgrey @hacker.dk>
- 1.7.5 release
- Changed db_cleanup. clean time stored in db for better
handling,
especially in clustered environments
- Fix for harmless warnings about "possible typo"
- Fix for sqlgrey dying if syslog is offline
- Filled feature req from Riaan Kok. Support "postfix attributes
on both
sides".. Ie: "client_name !~ helo_name"
* Sun Aug 03 2006 Dan Faerch <dan-NOSPAM@hacker.dk>
- 1.7.4 release
- Added feature Discrimination
- Added feature DBCluster
- Added config option reject_code (eg. answer 451 instead of 450)
* Wed Nov 16 2005 Lionel Bouton <lionel-dev@bouton.name>
- 1.7.3 release
- fixes for a crash with '*' in email adresses
* Tue Oct 25 2005 Lionel Bouton <lionel-dev@bouton.name>
- 1.7.2 release
- fixes for several errors in logging
- clean_method ported from 1.6.x
* Thu Sep 15 2005 Lionel Bouton <lionel-dev@bouton.name>
- 1.7.1 release
- fix for a race condition in multiple instances configurations
- fix for weekly stats
* Tue Jun 21 2005 Lionel Bouton <lionel-dev@bouton.name>
- 1.7.0 release
- now continue if the DB isn't available at startup time
- based on 1.6.0 with Michel Bouissou's work:
. better connect cleanup when creating AWL entries
. source IP throttling
version 2.18: Wed 18 May 23:52:30 CEST 2016
Fixes:
- Mail::Header should accept \r in empty line which ends the
header. rt.cpan.org#114382 [Ricardo Signes]
Changelog:
Fixed in Thunderbird 45.1
2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
Christian Holler, Tyson Smith, and Phil Ringalda reported memory safety problems and crashes that are fixed in Firefox ESR 45.1, Firefox ESR 38.8 and Firefox 46.
Memory safety bugs fixed in Firefox ESR 45.1, Firefox ESR 38.8 and Firefox 46 (CVE-2016-2807)
Gary Kwong, Christian Holler, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, and Randell Jesup reported memory safety problems and crashes that are fixed in Firefox ESR 45.1 and Firefox 46.
Memory safety bugs fixed in Firefox ESR 45.1 and Firefox 46 (CVE-2016-2806)
Gary Kwong, Christian Holler, Andrew McCreight, Boris Zbarsky, and Steve Fink reported memory safety problems and crashes that are fixed in Firefox 46.
Memory safety bugs fixed in Firefox 46 (CVE-2016-2804)
Christian Holler reported a memory safety problem that is fixed in Firefox ESR 38.8.
Memory safety bug fixed in Firefox ESR 38.8 (CVE-2016-2805)
