Pkgsrc changes:
patch-ae, patch-cb and parts of patch-ca has been filed upstream by
people from the OpenBSD project.
Changelog (from NEWS):
* 3.13.2
--------
* Bug fixes:
o bug 2358, '"Disposition-Notification-To:" should default
to same value as "From:'
o bug 3557, 'Remotely exploitable bug.'
o bug 3584, 'After 3.13.1, characters in some Japanese codec
are never correctly converted to internal ones'
* 3.13.1
--------
* When attaching files with no suffix, e.g. Makefile, the correct
mime type is now found.
* Added support for a whole range of extra TLDs.
* '➜' is used instead of '-->' in the Message List when sender is
yourself. (Only visible if the hidden pref 'enable_swap_from' is
set to 0.)
* An external editor can now be embedded in the Compose window.
This depends upon the 'Text editor' option (/Configuration/
Preferences/Message View/External Programs) having a suitable
value, such as 'gvim -f --socketid %w %s'.
* Address Book: address books can now be searched.
* A hidden pref has been added, 'next_on_delete'. This controls the
message selection when a message is deleted. A setting of '0'
which cause the previous, older message to be selected, a setting
of '1' will cause the next, newer message to be selected.
* PDF Viewer plugin: Support for encrypted (password protected) PDFs.
* RSSyl plugin: The feed preferences window appearance has been
improved.
* The --enable-new-addrbook configure option has been renamed to
--enable-alternate-addressbook.
* Windows: Re-enabled regexps.
* updated man page.
* Updated translations: British English, Czech, Dutch, Finnish,
French, German, Hebrew, Hungarian, Italian, Lithuanian,
Norwegian Bokmål, Slovak, Swedish, Traditional Chinese.
* New translations: Russian.
* Removed translations: Bulgarian, Esperanto.
* Bug fixes:
o bug 1959, 'Selection selects too many under expanded view'
o bug 2490, 'Selecting mails through Shift-Home/End doesn't
work properly'
o bug 3151, 'loaded vCalendar plugin "disables" gnome-shells
calendar view entries'
o bug 3375, 'Crash (SEGV) at gtkcmctree.c:4514 after deleting
an unread message'
o bug 3557, 'Remotely exploitable bug.'
o bug 3454, (windows) 'Attachments containing certain special
characters in filename are not opened'
o bug 3480, 'No valid feed found when channel title is
missing'
o bug 3513, 'Can't delete multiple selected e-mails'
o bug 3541, 'Selecting a leaf folder with keyboard no longer
opens it'
o bug 3559, 'Opening preferences window causes out of bounds
read'
o bug 3561, 'HTML <a> tag with no href makes message display
incorrectly.'
o bug 3562, 'Hyperlink Errors URI XMPP, SIP, SIPS and Skype'
o bug 3563, 'URL parser will read out of bounds when closing
bracket is missing in get_url_part'
o bug 3566, 'Missing locales in Eastern name order'
o Debian bug 801375, 'Segfault when activating ... the plugin
with the Code from Google'
o better fix for crash after broken pgp keyring update, and
bogus EOF message on verifying sigs of missing keys
o building on OpenBSD
o libetpan version test
o folder renaming for IMAP on Windows.
* 3.5.0 (stable)
* A fix for ARM architecture was made.
* TLSv1.1 and TLSv1.2 will be enabled for STARTTLS when OpenSSL 1.0.1 or
above is used.
* Some bugfixes and stability improvements were made.
* Win32: more fix for the crash when linked with newer MSVCRT was made.
* Win32: irresponsibe text entries on the first display of the filter
edit dialog were fixed.
* Win32: libpng was updated to 1.4.19.
* Win32: OpenSSL was updated to v0.9.8zh.
* 3.5.0beta3 (development)
* A bug that reorder of filter runes by DnD was not saved was fixed.
* The original file names of attachments are kept when opening them,
and shorter suffixes are added in the case they conflict.
* The crash when displaying HTML messages was fixed (#215).
* The bug that column sizes of the address book were not properly set was
fixed.
* Win32: the bug that maximized state was unset on minimize was fixed.
* Win32: the crash when linked with newer MSVCRT was fixed.
* Win32: dependency on libtiff was removed (GDI+ is used).
* Win32: libjpeg was updated.
* Win32: libpng was updated to 1.4.16.
* Win32: OpenSSL was updated to v0.9.8zg.
* Win32: included SSL certificates were updated.
* 3.5.0beta2 (development)
* Windows / widgets are now adjusted to their optimal sizes by reference
to system DPI value.
* The option to specify startup online mode was added.
* The bug that wrote the first part of data if the message body in the
IMAP4 responses didn't end with CR+LF was fixed (#84).
* The bug that previously selected folder on the file selection dialog
was not remembered with GTK+ 2.24.x was fixed.
* Hebrew translation was added.
* Win32: The bug that 'Minimize to tray icon' didn't work with 3.5.0beta1
was fixed.
* Win32: 'Toggle window on trayicon click' now works.
* Win32: sylpheed.exe executable became DPI-Aware.
* Win32: OpenSSL was updated to 0.9.8zc.
* Win32: included SSL certificates were updated.
* 3.5.0beta1 (development)
* Mbox locking became NFS-safe (#202).
* Configure: silent rules are enabled by default.
* Configure.in was renamed to configure.ac.
* Fade effect was added to the notification window.
* Sylpheed.desktop file was updated.
* Win32: build fix for newer MinGW was made.
* Win32: 32-bit time_t is always used on win32 for backward compatibility.
* Win32: included third-party libraries were updated:
- GTK+ 2.24.23
- GLib 2.38.2
- GDK-Pixbuf 2.30.7
- Pango 1.36.3
- Cairo 1.10.2
- libpng 1.14.13
- GPGME 1.4.3
* Win32: the following issues were fixed because of GTK+ update:
- System Icon issue when ran on Windows 7 (#13, #85)
- Scroll jumping issue on text views when using Japanese IME
- Menus became more native-looking
- File dialogs were improved
- Add ${PERL5_LICENSE}
(upstream)
- Update 0.09 to 1.04
-------------------
1.04 Mon Dec 22 2014
- Removed the locked sub attributes because they seem to have no
gain(no object acces/modification is done)
- Enhanced the POD
- Enhanced the test so they skip if /usr/sbin/makemap is not
insTALLED(might be needed to bundle a .db again)
- In 2012: Enhanced the lookup function so it does correctly check all
variations of an email address
1.01 Tue Nov 10 2009
- Fixed a permissions issue where a test file didn't exist prior
to testing.
- make IMAP class only issue EXPUNGE command on mailbox close if we have
actually deleted any messages from the open mailbox. Makes use of read-
only IMAP folders possible. Thanks: Zoltan Padrah.
Exim version 4.86
-----------------
JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now
expanded.
JH/02 The smtp transport option "multi_domain" is now expanded.
JH/03 The smtp transport now requests PRDR by default, if the server offers
it.
JH/04 Certificate name checking on server certificates, when exim is a client,
is now done by default. The transport option tls_verify_cert_hostnames
can be used to disable this per-host. The build option
EXPERIMENTAL_CERTNAMES is withdrawn.
JH/05 The value of the tls_verify_certificates smtp transport and main options
default to the word "system" to access the system default CA bundle.
For GnuTLS, only version 3.0.20 or later.
JH/06 Verification of the server certificate for a TLS connection is now tried
(but not required) by default. The verification status is now logged by
default, for both outbound TLS and client-certificate supplying inbound
TLS connections
JH/07 Changed the default rfc1413 lookup settings to disable calls. Few
sites use this now.
JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery
Status Notification (bounce) messages are now MIME format per RFC 3464.
Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised
under the control of the dsn_advertise_hosts option, and routers may
have a dsn_lasthop option.
JH/09 A timeout of 2 minutes is now applied to all malware scanner types by
default, modifiable by a malware= option. The list separator for
the options can now be changed in the usual way. Bug 68.
JH/10 The smtp_receive_timeout main option is now expanded before use.
JH/11 The incoming_interface log option now also enables logging of the
local interface on delivery outgoing connections.
JH/12 The cutthrough-routing facility now supports multi-recipient mails,
if the interface and destination host and port all match.
JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a
/defer_ok option.
JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd.
Patch from Andrew Lewis.
JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition)
now supports optional time-restrictions, weighting, and priority
modifiers per server. Patch originally by <rommer@active.by>.
JH/16 The spamd_address main option now supports a mixed list of local
and remote servers. Remote servers can be IPv6 addresses, and
specify a port-range.
JH/17 Bug 68: The spamd_address main option now supports an optional
timeout value per server.
JH/18 Bug 1581: Router and transport options headers_add/remove can
now have the list separator specified.
JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry
option values.
JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails
under OpenSSL.
JH/21 Support for the A6 type of dns record is withdrawn.
JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters
rather than the verbs used.
JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size
from 255 to 1024 chars.
JH/24 Verification callouts now attempt to use TLS by default.
HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains)
are generic router options now. The defaults didn't change.
JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames.
Original patch from Alexander Shikoff, worked over by JH.
HS/02 Bug 1575: exigrep falls back to autodetection of compressed
files if ZCAT_COMMAND is not executable.
JH/26 Bug 1539: Add timout/retry options on dnsdb lookups.
JH/27 Bug 286: Support SOA lookup in dnsdb lookups.
JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN.
Normally benign, it bites when the pair was led to by a CNAME;
modern usage is to not canoicalize the domain to a CNAME target
(and we were inconsistent anyway for A-only vs AAAA+A).
JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards.
JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse,
when evaluating $sender_host_dnssec.
JH/31 Check the HELO verification lookup for DNSSEC, adding new
$sender_helo_dnssec variable.
JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve.
JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log.
JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues.
JH/35 Bug 1642: Fix support of $spam_ variables at delivery time. Was
documented as working, but never had. Support all but $spam_report.
JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
added for tls authenticator.
- doveadm mailbox list (and some others) were broken in v2.2.20
- director: Fixed making backend changes when running with only a
single director server.
- virtual plugin: Fixed crash when trying to open nonexistent
autocreated backend mailbox.
152 (2015/12/20)
* Fix unescaped left brace in regex is deprecated for Perl 5.22
* Update config.guess and config.sub with autotools-dev 20150820.1
* Add gitlog2imchanges to easily generate 00changes
* Fix a potential path traversal vulnerability.
* Adds some measures against brute-force attacks
RELEASE 1.1.4
-------------
- Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582)
- Fix duplicate messages in list and wrong count after delete (#1490572)
- Fix so Installer requires PHP5
- Make brute force attacks harder by re-generating security token on every failed login (#1490549)
- Slow down brute-force attacks by waiting for a second after failed login (#1490549)
- Fix .htaccess rewrite rules to not block .well-known URIs (#1490615)
- Fix mail view scaling on iOS (#1490551)
- Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542)
- Fix responses list update issue after response name change (#1490555)
- Fix bug where message preview was unintentionally reset on check-recent action (#1490563)
- Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539)
- Fix redundant blank lines when using HTML and top posting (#1490576)
- Fix redundant blank lines on start of text after html to text conversion (#1490577)
- Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583)
- Fix invalid LDAP query in ACL user autocompletion (#1490591)
- Fix regression in displaying contents of message/rfc822 parts (#1490606)
- Fix handling of message/rfc822 attachments on replies and forwards (#1490607)
- Fix PDF support detection in Firefox > 19 (#1490610)
- Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620)
- Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619)
Changelog:
38.5.0:
Not available
38.4.0:
Fixed Various security fixes
Fixed Fixed issue where messages moves of multiple messages from a maildir folder to an mbox folder failed.
Fixed in Thunderbird 38.4
2015-133 NSS and NSPR memory corruption issues
2015-132 Mixed content WebSocket policy bypass through workers
2015-131 Vulnerabilities found through code inspection
2015-128 Memory corruption in libjar through zip files
2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
2015-123 Buffer overflow during image interactions in canvas
2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
== 3.0 / 2015-11-21
* 2 governance changes
* This project and the related mime-types-data project are now exclusively
MIT licensed. Resolves
{#95}[https://github.com/mime-types/ruby-mime-types/issues/95].
* All projects under the mime-types organization now have a standard code of
conduct adapted from the {Contributor
Covenant}[http://contributor-covenant.org]. This text can be found in the
{Code-of-Conduct.rdoc}[Code-of-Conduct_rdoc.html] file.
* 3 major changes
* All methods deprecated in mime-types 2.x have been removed.
* mime-types now requires Ruby 2.0 compatibility or later. Resolves
{#97}[https://github.com/mime-types/ruby-mime-types/issues/97].
* The registry data has been removed from mime-types and put into
mime-types-data, maintained and released separately. It can be found at
{mime-types-data}[https://github.com/mime-types/mime-types-data].
* 17 minor changes:
* MIME::Type changes:
* Changed the way that simplified types representations are creatd to
reflect the fact that +x-+ prefixes are no longer considered special
according to IANA. A simplified MIME type is case-folded to lowercase. A
new keyword parameter, +remove_x_prefix+, can be provided to remove +x-+
prefixes.
* Improved initialization with an Array works so that extensions do not
need to be wrapped in another array. This means that <tt>%w(text/yaml
yaml yml)</tt> works in the same way that <tt>['text/yaml', %w(yaml
yml)]</tt> did (and still does).
* Changed +priority_compare+ to conform with attributes that no longer
exist.
* Changed the internal implementation of extensions to use a frozen Set.
* When extensions are set or modified with +add_extensions+, the primary
registry will be informed of a need to reindex extensions. Resolves
{#84}[https://github.com/mime-types/ruby-mime-types/issues/84].
* The preferred extension can be set explicitly. If not set, it will be the
first extension. If the preferred extension is not in the extension list,
it will be added.
* Improved how xref URLs are generated.
* Converted +obsolete+, +registered+ and +signature+ to attr_accessors.
* MIME::Types changes:
* Modified MIME::Types.new to track instances of MIME::Types so that they
can be told to reindex the extensions as necessary.
* Removed +data_version+ attribute.
* Changed #[] so that the +complete+ and +registered+ flags are keywords
instead of a generic options parameter.
* Extracted the class methods to a separate file.
* Changed the container implementation to use a Set instead of an Array to
prevent data duplication. Resolves
{#79}[https://github.com/mime-types/ruby-mime-types/issues/79].
* MIME::Types::Cache changes:
* Caching is now based on the data gem version instead of the mime-types
version.
* Caching is compatible with columnar registry stores.
* MIME::Types::Loader changes:
* MIME::Types::Loader::PATH has been removed and replaced with
MIME::Types::Data::PATH from the mime-types-data gem. The environment
variable RUBY_MIME_TYPES_DATA is still used.
* Support for the long-deprecated mime-types v1 format has been removed.
* The registry is default loaded from the columnar store by default. The
internal format of the columnar store has changed; many of the boolean
flags are now loaded from a single file. Resolves
{#85}[https://github.com/mime-types/ruby-mime-types/85].
pkgsrc changes:
- Remove patches/patch-src_Makefile.in that seems no more needed
Changes:
Version 1.6.3:
- A bug in SOCKS support was fixed.
- Handling non-fatal errors in TLS handshakes was fixed.
The find-prefix infrastructure was required in a pkgviews world where
packages installed from pkgsrc could have different installation
prefixes, and this was a way for a dependency prefix to be determined.
Now that pkgviews has been removed there is no longer any need for the
overhead of this infrastructure. Instead we use BUILDLINK_PREFIX.pkg
for dependencies pulled in via buildlink, or LOCALBASE/PREFIX where the
dependency is coming from pkgsrc.
Provides a reasonable performance win due to the reduction of `pkg_info
-qp` calls, some of which were redundant anyway as they were duplicating
the same information provided by BUILDLINK_PREFIX.pkg.
