- Fix missing config files (pkg/53577).
The most important features and fixes
- Ratelimits are reworked and now work as intended (and documented)
- Clickhouse module supports data retention policies
- Reworked C modules to avoid global contexts (simplifies leaks
detection on reload)
- Reputation plugin now supports SPF records reputation
- WebUI code is now even more conformant to the modern JS standards
- Maps are now distributed remotely with local file safety fallback to
allow faster maps update without waiting for a new release
- Antivirus module checks attachments only (as decoded content) in
attachments_only mode to improve AV performance by hiding the mime
content from them
Full list of the meaningful changes
- [CritFix] Fix caseless comparison of equal length strings
- [Feature] Add HTTP basic auth support to elastic and clickhouse
plugins
- [Feature] Add SPF selector to reputation
- [Feature] Add support of the fallback backends for HTTP maps
- [Feature] Allow to print full mime structure when extracting mime
data
- [Feature] Allow to split symbols in reputation plugin
- [Feature] Check attachments only on AV scanners in attachments_only
mode
- [Feature] Disable all SSL checks if ssl_no_verify flag is set
- [Feature] Implement parsing of scoped IPv6 addresses
- [Feature] Improve rspamc counters output
- [Fix] Add sanity checks when expanding SPF macros
- [Fix] Allow to parse SA rules with no spaces around =~ (dirty hack)
- [Fix] Avoid one extra byte writing
- [Fix] Deal with direct hash table
- [Fix] Detect empty text part as text, not HTML
- [Fix] Do not reduce map watch timeout for mixed http/file maps
- [Fix] Fix HTML part detection heuristic
- [Fix] Fix double free in redirectors cleanup
- [Fix] Fix legacy history handling in the controller
- [Fix] Fix messages insertion
- [Fix] Fix sending string method
- [Fix] Fix statconver command line arguments
- [Fix] Fixed argument checking for being null
- [Fix] Fixed issues reported by luacheck
- [Fix] Freeze updates queue when do actual storage update
- [Fix] HTTP map hash is per-backend and not per-map
- [Fix] Plug memory leak in fuzzy updates
- [Fix] Prefer 'MTA-Name' when producing authentication results
- [Fix] Replace bad unicode sequences instead of stopping on them
- [Fix] Set classifier version on learning
- [Project] Reworked ratelimits
- [Project] Apply topological sorting for symbols in Rspamd
- [Project] Remove global contexts from C modules
- [Project] Move performance critical hash tables to khash
- [WebUI] Avoid unused indexes
- [WebUI] Do not execute on_success callback
- [WebUI] Fix history reset for "All SERVERS" (#2346)
- [WebUI] Fix query URL for selected server
- [WebUI] Fix symbols display in legacy history,
- [WebUI] Hide symbols order selector for legacy history
- [WebUI] Refactor query functions into one
- [WebUI] Remove previously-attached event handlers
- [WebUI] Save symbols to the selected server
- [WebUI] Unify arguments of query functions
- [WebUI] Use common query functions to get graph data
- [WebUI] Use common query functions to save symbols
version 3.007: Mon 3 Sep 07:58:36 CEST 2018
Changes:
- nicer algorithm to generate disposition filenames.
Fixes:
- fix metadata [Mohammad S Anwar]
- enforce stringification on ::Field::Attribute->new(value) [Andy Beverley]
- dispositionFilename() accepts (some) blanks, strips more chars
rt.cpan.org#125350 [Gary Funck]
- understand quotes in a field body for get() [Andy Beverley]
Improvements:
- add pod tester
hypermail uses libtrio, which overloads <stdio.h> functions by macros.
With _FORTIFY_SOURCE > 0, <stdio.h> loads <ssp/stdio.h> which does
the same, and we get macro redefinition errors.
Update DEPENDS
Upstream changes:
1.004 Sun 19 Aug 2018
- No functional changes
- Tests powered by JSON::PP instead of JSON::XS
- Simplified tests with fewer dependencies
The mblaze message system is a set of Unix utilities to deal with
mail kept in Maildir folders.
Its design is roughly inspired by MH, the RAND Message Handling
System, but it is a complete implementation from scratch.
Packaged by Sunil Nimmagadda and submitted via PR pkg/53517 and pkgsrc-wip.
RELEASE 1.3.7
-------------
- Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244)
- Fix bug where some parts of quota information could have been ignored (#6280)
- Fix bug where some escape sequences in html styles could bypass security checks
- Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names
- Fix bug where only attachments with the same name would be ignored on zip download (#6301)
- Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299)
- Fix bug where after "mark all folders as read" action message counters were not reset (#6307)
- Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289)
- Fix bug where some HTML comments could have been malformed by HTML parser (#6333)
This subclass of Tie::Handle::Offset automatically hides an email-style
message header. After opening the file, it reads up to a blank or
white-space-only line and sets the offset to the next byte.
on finding "nbcheckpassword" (which, at present, might be either
checkpassword-pam or DJB's original).
Depend (unconditionally) on mail/qmail-rejectutils, instead of having it
as an option on mail/qmail.
Bump version.
can (by itself depending on pkgtools/pkg_alternatives) expect to find
"nbcheckpassword".
Remove 'qmail-rejectutils' option, which will become an unconditional
dependency in qmail-run.
Bump PKGREVISION.
1.7.8: 12 Jul 2018
- [Feature] Add more extended statistics about fuzzy updates
- [Feature] Add more non-conformant Received headers support
- [Feature] Add preliminary function to get fuzzy hashes from text in
Lua
- [Feature] Allow to configure AV module rejection message
- [Feature] Implement fuzzy hashes extraction in mime tool
- [Feature] Improve WHITE_ON_WHITE rule
- [Feature] Improve integer -> string conversion
- [Feature] Reuse maps in multimap module more aggressively
- [Fix] Avoid race condition in skip map as pool lifetime is not
enough
- [Fix] Eliminate all specific C plugins pools
- [Fix] Fix DKIM check rule if DNS is unavailable
- [Fix] Fix build where ucontext is defined in ucontext.h
- [Fix] Fix crash in base url handling
- [Fix] Fix descriptors leak in sqlite3 locking code
- [Fix] Fix messages quarantine
- [Fix] Fix padded numbers printing
- [Fix] Fix race condition on maps reinit
- [Fix] Fix regexp functions when no data is passed
- [Fix] Fix specific urls extraction
- [Fix] Fix styles propagation
- [Fix] Improve resetting of the limit buckets
- [Fix] Initialize sqlite3 properly
- [Fix] Work with broken resolvers in resolv.conf
- [Project] Implement HTTP maps caching
- [Project] Refresh fuzzy hashes when matched
- [Project] Add logic to deduplicate fuzzy updates queue
- [WebUI] Add missed declarations
- [WebUI] Avoid using "undefined" property
- [WebUI] Do not accept passwords containing control characters
- [WebUI] Do not redeclare variables
- [WebUI] Enable strict mode,
- [WebUI] Fix variable assignment
- [WebUI] Initialize variables at declaration
- [WebUI] Remove duplicated path from RequireJS config
- [WebUI] Remove unused block
- [WebUI] Remove unused variable
- [WebUI] Remove unused variables
- [WebUI] Use self-explanatory notation
- [WebUI] Use type-safe equality operators
1.7.7: 02 Jul 2018
- [CritFix] Check NM part of pubkey to match it with rotating keypairs
- [CritFix] Do not overwrite PID of the main process
- [CritFix] Fix maps after reload
- [CritFix] Fix maps race conditions on reload
- [CritFix] Fix shmem leak in encrypting proxy mode
- [Feature] Add a concept of ignored symbols to avoid race conditions
- [Feature] Add ability to print bayes tokens in rspamadm mime
- [Feature] Add method to get statistical tokens in Lua API
- [Feature] Add preliminary mime stat command
- [Feature] Add rspamadm mime tool
- [Feature] Add urls extraction tool
- [Feature] Address ZeroFont exploit
- [Feature] Allow rspamadm mime to process multiple files
- [Feature] Allow to extract words in `rspamadm mime`
- [Feature] Allow to print mime part data
- [Feature] Allow to show HTML structure on extraction
- [Feature] Distinguish IP failures from connection failures
- [Feature] Improve output for mime command
- [Feature] Improve styles propagation
- [Feature] Main process crash will now cleanup all children
- [Feature] Preload file and static maps in main process
- [Feature] Print stack trace on crash
- [Feature] Process font size in HTML parser
- [Feature] Propagate content length of invisible tags
- [Feature] Read ordinary file maps in chunks to be more safe on
rewrites
- [Feature] Support base tag in HTML
- [Feature] Support more size suffixes when parsing HTML styles
- [Feature] Support opacity style
- [Fix] Another fix for nested composites
- [Fix] Fill nm id in keypairs cache code
- [Fix] Fix colors alpha channel handling
- [Fix] Fix destruction logic
- [Fix] Fix double free
- [Fix] Fix maps preload logic
- [Fix] Fix nested composites process
- [Fix] Fix proxying of Exim connections
- [Fix] Fix reload crash
- [Fix] Fix rspamadm -l command
- [Fix] Update ed25519 signing schema
- [WebUI] Stop using "const" declaration
- [WebUI] Update RequireJS to 2.3.5
1.7.6: 15 Jun 2018
- [CritFix] Fix multiple neural networks support
- [Feature] Add decryption function to keypair command
- [Feature] Add gzip compression for HTTP requests in elastic module
- [Feature] Add gzip methods to lua util
- [Feature] Add maps based on Top Level Domains
- [Feature] Add pubkey checks for dkim_signing
- [Feature] Add support of fake DNS records
- [Feature] Add tool to encrypt files
- [Feature] Allow to add symbols using settings directly
- [Feature] Allow to match private and public keys for DKIM signatures
- [Feature] Allow to set task flags via settings
- [Feature] Allow to specify fake DNS address from the config
- [Feature] Implement signatures verification using rspamadm keypair
- [Feature] Implement signing using `rspamadm keypair`
- [Feature] Improve error reporting for DKIM key access issues
- [Feature] Provide $HOSTNAME variable in UCL
- [Feature] Rework levenshtein distance computation
- [Feature] Split message parsing and processing
- [Feature] Support ED25519 DKIM signatures
- [Feature] Support encrypted configs in UCL
- [Feature] Suppress duplicate warning on very large radix tries
- [Feature] Use OSB to combine header names
- [Fix] Cleanup maps data on shutdown
- [Fix] Fix '~' behaviour in composites
- [Fix] Fix HTTP maps updates
- [Fix] Fix NIST signatures
- [Fix] Fix RFC822 comments when processing a mime address
- [Fix] Fix double free
- [Fix] Fix dynamic settings application
- [Fix] Fix for CommuniGate Pro maillist
- [Fix] Fix keypair creation method to actually create keypair...
- [Fix] Fix matching patterns with no paths
- [Fix] Fix memory leak in parsing comments
- [Fix] Fix parsing of urls with numeric password
- [Fix] Fix plugins intialisation in configwizard
- [Fix] Fix potential crash on reload
- [Fix] Fix potential race condition for a finished HTTP connections
- [Fix] Fix race-condition leak on processes reload
- [Fix] Fix signing in openssl mode
- [Fix] Free language detector structures
- [Fix] Relax alignment requirements
- [Fix] Send DMARC reports compressed
- [Fix] Try to fix leak in dmarc module
- [Fix] Try to plug memory leak in metric exporter
- [Project] Convert rspamadm subcommands to Lua
- [WebUI] Display smtp sender/recipient in history
- [WebUI] Fix elements disabling in "Symbols" tab
- [WebUI] Limit recipients list in history column to 3
- [WebUI] Match envelope and mime addresses following in arbitrary
order
- [WebUI] Update column header
- [WebUI] Wrap addresses in history
1.7.5: 18 May 2018
- [Conf] Add MSBL proposed return codes
- [Conf] Add additional groups for policies
- [CritFix] Do not use volatile Lua strings as UCL keys
- [Feature] Add ability to add fuzzy hashes to headers
- [Feature] Add function to extract most meaningful urls
- [Feature] Add rule to block mixed text and encrypted parts
- [Feature] Allow multiple groups for symbols
- [Feature] Allow to disable lua squeezing logic
- [Feature] Allow to get multipart children in Lua
- [Feature] Allow to insert multiple headers from milter headers
- [Feature] Allow to print scores in subject and further extensions
- [Feature] Be more error-prone in squeezed rules
- [Feature] Support multiple return codes in emails module
- [Feature] Use EMA for calculating averages
- [Feature] Use common jit cache for all regexps
- [Feature] support for CommuniGate Pro self-generated messages
- [Fix] Allow to have multiple values for headers as arrays
- [Fix] Do not open sockets for disabled workers
- [Fix] Fix AuthservId
- [Fix] Fix base64 folding in Lua API
- [Fix] Fix build on non-x86 platforms
- [Fix] Fix cached maps logic
- [Fix] Fix compatibility with old maps query logic
- [Fix] Fix crash if skip_map is used
- [Fix] Fix importing static maps from UCL
- [Fix] Fix parsing of unix sockets
- [Fix] Fix raw_mime regexp on HTML part with no text content
- [Fix] Fix tables logging
- [Fix] Fix vertical tab handling in libucl
- [Fix] Try to fix frequency counters
- [Fix] Use better sharding for ip_score
- [Fix] Use multiple results from SURBL DNS reply
- [Fix] When doing AV scan select a different server for retransmit
Changelog:
changed
Thunderbird will now prompt to compact IMAP folders even if the account is online. Note: Under certain circumstances an incorrect estimate of the expected gain is shown.
fixed
Complete fix of the EFAIL vulnerability: 1) Removing some HTML crafted to carry out an attack. 2) Optionally: Not decrypting subordinate message parts that otherwise might reveal decrypted content to the attacker. Preference mailnews.p7m_subparts_external needs to be set to true for added security.
fixed
Various problems when forwarding messages inline when using "simple" HTML view
fixed
Deleting or detaching attachments corrupted messages under certain circumstances (not working only in Thunderbird version 52.9.0)
fixed
Various security fixes
Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML emails
#CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing enter in form field
#CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9
Each R package should include ../../math/R/Makefile.extension, which also
defines MASTER_SITES. Consequently, it is redundant for the individual
packages to do the same. Package-specific definitions also prevent
redefining MASTER_SITES in a single common place.
Patch (minus the mtest.c one) from Marco Beishuizen in PR pkg/53437.
Additions include:
- PC-Alpine: New configuration option "Aspell Dictionaries"
allows a user to choose the dictionary used to spell check, in case the
user communicates in more than one language. Examples of values for the
variable are "en_US" or "de_DE", etc. Only the first
10 dictionaries are offered.
- Unix-Alpine: Connect securely to a LDAP server on a secure port. Based
on a contribution by Wang Kang.
- Colors configured in Alpine are inherited in the composer.
- When Alpine is compiled with password file and SMIME support the
password file is encrypted using a private key/public certificate pair. If
one such pair cannot be found, one will be created.
- Alpine builds with any version of OpenSSL greater than or equal to
1.0.0c. This includes version 1.1.0. Alpine also builds with LibreSSL.
- New SHORTSUBJECT, SHORTSUBJKEY and SHORTSUBJKEYINIT token for index
format, which removes text in the SUBJECT between "[" and "]".
- New SMARTTIME24 token for index screen. It is close to SMARTDATETIME but
it differns in that it gives the time in which the message was sent for
messages that are less than a week old. it uses a 24 hour format.
- Alpine will include attachments when forwarding some
multipart/alternative messages for which it did not use to include
attachments.
- New configuration option alternate-reply-menu which adds more ways to
control features and variables when you start to reply to a message.
- Added support for RFC 2971 - IMAP ID extension.
- Add configuration ignore-size-changes that allows users to ignore errors
in the computation of the size of a message from defective servers.
- SMIME: Upgrade the default signature digest from sha1 to sha-256, since
clients such as Thunderbird do not validate signatures that use sha1 digest.
- Add the configuration variable "default-directories", which is
called default-directories, which is a variable saves a list of
directories that are readily accessible for save or export of attachments.
This makes it easier to save attachments in directories that are hard to
navigate to, or that are accessed frequently.
- When a filename is attached and its name is encoded, the save attachment
command will offer to save the file in the encoded form. This might work
for some users, but the save command will have a subcommand ^N to decode
the file name and save the file with the decoded name.
- The TAB key allows autocomplete in the Fcc field in the composer
headers, as well as autocompletes automatically when only one possibility
exists for the ^J attach command.
- Add support for the "TYPE" and "VALUE" attributes of
the html OL tag.
- Ignore message from smtp server after a successful authentication
challenge.
- When a message is saved in the Form Letter folder, add the ability to
save the role being used to compose such message so that settings such as
the SMTP server set in the role can be used when sending such form
message. Suggested and patched by Frank Doepper.
- If SSLDIR is defined somehow, do not disable S/MIME if the SSLCERTSDIR
is not found.
- When Alpine sends an attachment, it will set the boundary attribute in
lower case, as some SMTP servers, such as those of libero.it reject
messages if the boundary attribute is in uppercase.
- Add the ability to change the private key and certificates used to
encrypt a password file in the SMIME setup configuration screen.
- SMIME: The ctrl-E command that gives information on the certificate is
only available for messages that have a signed or encrypted part.
- SMIME: If a message contains a RFC822 attachment that is
signed/decrypted add the ability to view its SMIME information.
- SMIME: Certificate information in the S/MIME screen is available for
certificates stored in a container.
- SMIME: Offer the common name of the person, instead of the name of file
containing the certificate, as the name to be displayed in the certificate
management screen for certificate authorities. Suggested by Matthias
Rieber.
- SMIME: Management of several alternate name (SAN) certificates is
improved. When importing a SAN certificate, also import a certificate for
the filename, besides for the e-mail addresses in the certificate.
Suggested by Matthias Rieber.
- SMIME: add full year when displaying information about a certificate in
the certificate management screen. Suggested by Matthias Rieber.
- SMIME: sort certificates by some type of alphabetical order in the
displayed name.
- SMIME: Alpine will ask users if they wish to save S/MIME certificates
included in signatures, when the option "Validate Using Certificate Store
Only" is enabled. If the user does not wish to save it, validation will
fail.
- HTML: Add support for decoding entities in hexadecimal notation.
Suggested by Tulipant Gergely.
- The "#" command, when used as part of an aggregate operation will allow
users to select the role used in either replying, forwarding or replying
to the group of selected messages, Suggested by Hisashi T Fujinaka.
- If the charset of a message can not be determined, use the value set in
the unknown charset set value for its value.
- Resizing setup screen will redraw screen.
- Unix Alpine only. Experimental: If Alpine/Pico finds a UCS4 code in the
width ambiguous zone, it will use other means to determine the width, such
as call wcwidth.
- Pico: Code reorganization in the search command to make it easier to add
subcommands of the search command.
- Pico: Search command can do a case sensitive match. Use the Ctrl-^
subcommand of the search command to bring this choice into view.
- Pico: Add the ability to search for strings in the beginning or end of a
line. Use the Ctrl-^ subcommand of the search command to bring this choice
into view.
- For a multipart/alternative message, the Take Address command will work
on the part that is being read.
- When sending a message, allow for 512 characters of consecutive
non-white space before folding the subject line.
- Make sure titlebar (the line at the top of the screen) always contains
the name of the folder/newsgroup that is open, if this fits in the title.
- The feature scramble-message-id will also scramble the name, version and
operative system in the message-id header. Based on a contribution by
Dennis Davis, which is itself based on a contribution by Mark Hills.
- Change in logic in imap_set_password function to make Alpine ask if a
user wants to save a password before reading the password file.
- When exporting all parts of a message, if two attachments have the same
name, do not overwrite a file more than once, but instead add a counter
number to the filename to make a new file that does not exist in the file
system.
- Add the Control-R subcommand to the save command for attachments. This
subcommand toggles if the saving will be done in binary mode for text
attachments. When a user saves an attachment using binary mode it will be
saved as it was sent, otherwise the attachment will be transformed to
UTF-8 for further transformation through internal and user defined filters
for saving.
- Add command line argument -smimedir, which allows to specify the default
path for a directory that contains the public, private, and ca
directories. This is useful in case a user has a backup of old
certificates that cannot be installed in the ~/.alpine-smime dir.
- Reimplementation of the code that allows the .pinerc file to be a
symbolic link by Kyle George from tcpsoft.com to use realpath.
- When saving an attachment, the "^T" command leads to a screen where the
"A" command can be used to add a file. A directory can be added by
pressing "^X" after the "A" command. Added after a suggestion by Stefan
Goessling.
- When saving an attachment, the ^Y and ^V commands allow a user to scroll
through the history of directories used to save attachments, while
preserving the given name of the file. Suggested by Peter Koellner.
- SMIME: Turn off automatic signing and encrypting of a message when
bouncing. Suggested after a discussion with Matthias Rieber.
- When messages are selected, warn the user if a message that is not
selected will be bounced, or if not all selected messages will be bounced.
Suggested by Ulf-Dietrich Braumann.
- The bounce command adds a subcommand to choose a role.
- When selecting messages by number, the "." character can be
used to specify the message on which the cursor is on.
- When Alpine opens an attachment, it sometimes changes the extension of
the file that is being opened and replaces it by another for the same mime
type. If Alpine finds that the extension of the file corresponds with the
mime type, according to the mime-types file, then it will keep it, and no
substitution will be made.
- Set no restrictions on the length of encoded subjects, but encode words
in length of no more than 75 characters.
Bugs that have been addressed include:
- SMIME: Crash when a certificate has an invalid date of validity. Also
Alpine will use the function ASN1_TIME_print to determine the date of
validity. Reported by Ben Stienstra.
- SMIME: Crash when attempting to unlock the password file and an
incorrect password is entered.
- SMIME: Crash when checking the signature of a message that contains a
RFC822 attached message. Reported by Holger Trapp and Bjorn Krellner.
- SMIME: Cancelling entering password to unlock key will not reprompt.
- SMIME: fix a bug that did not allow users to transfer certificates to
remote containers. Reported by Matthias Rieber.
- SMIME: certificates included in messages were not being transferred to a
remote container.
- SMIME: Crash if public certificates are located in an inaccessible
remote server and the private key is not available.
- SMIME: Alpine does not remove temporary files created when adding a CA
certificate to a container. Reported by Holger Trapp.
- SMIME: When reading a local certificate, Alpine converts the name of the
certificate to lowercase, which may make Alpine not be able to read such
certificate. Reported by Dennis Davis.
- SMIME: If the option "Remember S/MIME Passphrase" is disabled, then
entering a password to read an encrypted message will make Alpine forget
the key and not ask the password to unlock it again in case it is
necessary to unlock it again. Reported by Ulf-Dietrich Braumann.
- Alpine would use freed memory while trying to compute the color of the
titlebar. This happened when trying to continue a postponed message.
- Alpine failed to read an encrypted password file if too many passwords
were saved in the password file.
- When selecting messages while in Threaded Index Screen, some messages
other than top of threads could appear in the index, making Alpine display
messages "out of the screen."
- The index format would be chopped at the position of an unrecognized
token, instead of skipping the token as intended.
- Work in progress: Avoid calling non-safe functions when Alpine receives
a signal. See bug report
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825772.
- Crash when attempting to read a message after a bounce command. In order
to produce a crash one needed to use the ^T subcommand and do a search in
a LDAP directory. The crash is produced by changes to the text in the
title bar. Reported by Heinrich Mislik in the Alpine-info list.
- HTML messages that contain UTF-8 may wrap at the wrong position, making
Alpine not display the correct character at the position that wrapping is
done. Reported by Wang Kang.
- Pico: Searching for a string that is too long causes Pico to crash in
the next search.
- Fix vulnerability in regex library. This only affects those who use this
library, such as the windows version of Alpine. See
http://www.kb.cert.org/vuls/id/695940">http://www.kb.cert.org/vuls/id/695940
for more details.
- Alpine would not set include and lib paths for OpenSSL if this was
installed in /usr/local/ssl.
- If the .pinerc file is a symbolic link, Alpine might not write its
contents when saving its configuration.
- The _INIT_ token does not skip over non-alphanumeric characters in the
name. Reported by Andreas Fehr.
- When opening an INBOX folder in a context different from the incoming
folders collection, from the command line, Alpine would open the INBOX
folder from the incoming folders collection.
- Mismatch in size of UCS and CELL caused a corruption in the content of a
pointer, which made the speller in PC-Alpine get the content of a word
incorrectly.
- Skip testing openssl compatibility version when cross-compilation is
detected. Fix contributed by Antti Seppalla
- Alpine fails to remove temporary files used during a display or sending
filter. Fix contributed by Phil Brooke.
- When the index is in zoomed state, adding new messages to the selection
would not show those messages if those messages are on top of the current
message in the top of the screen. Reported by Ulf-Dietrich Braumann. In
addition, when the user scrolls through the index, this scroll smoothly,
without jumping pages. Reported by Holger Trapp.
- Crash when reviewing history of saving attachments.
- Crash when canceling a goto command on a local collection that has not
been expanded and attempting to expand such collection.
- Crash in Pico when forwarding messages that contain a direction mark at
the end of a line. Reported by James Mingo.
- Solve compilation errors when Alpine is built with Visual Studio 2015.
This is a bug fix release, and includes a few important security fixes.
It is strongly recommended that IMAP and POP users upgrade as soon as
possible.
Upstream changes:
Version 1.5111:
- Ensure that temp file is created in temp dir
- Fix Makefile.PL warning
- Fix deleting of inc during release process
- Better fix for AutomatedTester warning
Version 1.5110:
- Updating META.yml
Version 1.5109:
- Switch to File::Slurper
Version 1.5108:
- Trying once again to fix the compile test on windows
Version 1.5107:
- Check in standard tests, including one that skips the compile check on Windows
Version 1.5106:
- Add standard tests
- Detect mailboxes that contain a mix of newline types. Complain about it, but
also allow the force option to continue processing. Thanks to Pali Rohár
<pali.rohar@gmail.com> for the bug report.
- Avoid OO interface to File::Temp, which in some versions and on some operating
systems, deletes the file when it is closed. Thanks to Paul Howarth
<paul@city-fan.org> for the bug report.
https://rt.cpan.org/Public/Bug/Display.html?id=103835
- Fix compatibility issue with newer versions of perl, which remove "." from
@INC. https://rt.cpan.org/Ticket/Display.html?id=121466
v0.5.2:
+ Implement plugin for the a vendor-defined IMAP capability called
"FILTER=SIEVE". It adds the ability to manually invoke Sieve filtering
in IMAP. More information can be found in
doc/plugins/imap_filter_sieve.txt.
- The Sieve addess test caused an assertion panic for invalid addresses
with UTF-8 codepoints in the localpart. Fixed by properly detecting
invalid addresses with UTF-8 codepoints in the localpart and skipping
these like other invalid addresses while iterating addresses for the
address test.
- Make the length of the subject header for the vacation response
configurable and enforce the limit in UTF-8 codepoints rather than
bytes. The subject header for a vacation response was statically
truncated to 256 bytes, which is too limited for multi-byte UTF-8
characters.
- Sieve editheader extension: Fix assertion panic occurring when it is
used to manipulate a message header with a very large header field.
- Properly abort execution of the sieve_discard script upon error.
Before, the LDA Sieve plugin attempted to execute the sieve_discard
script when an error occurs. This can lead to the message being lost.
- Fix the interaction between quota and the sieve_discard script. When
quota was used together with a sieve_discard script, the message
delivery did not bounce when the quota was exceeded.
v2.3.2 still had a few unexpected bugs:
- SSL/TLS servers may have crashed during client disconnection
- lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have
sometimes assert-crashed.
- v2.3.2: "make check" may have crashed with 32bit systems
v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are already in https://repo.dovecot.org/
* old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while
opening /proc/self/io. This may still cause security problems if the
process is ptrace()d at the same time. Instead, open it while still
running as root.
+ doveadm: Added mailbox cache decision&remove commands. See
doveadm-mailbox(1) man page for details.
+ doveadm: Added rebuild attachments command for rebuilding
$HasAttachment or $HasNoAttachment flags for matching mails. See
doveadm-rebuild(1) man page for details.
+ cassandra: Use fallback_consistency on more types of errors
+ lmtp proxy: Support outgoing SSL/TLS connections
+ lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings.
+ submission: Add support for rawlog_dir
+ submission: Add submission_client_workarounds setting.
+ lua auth: Add password_verify() function and additional fields in
auth request.
- doveadm-server: TCP connections are hanging when there is a lot of
network output. This especially caused hangs in dsync-replication.
- Using multiple type=shared mdbox namespaces crashed
- mail_fsync setting was ignored. It was always set to "optimized".
- lua auth: Fix potential crash at deinit
- SSL/TLS servers may have crashed if client disconnected during
handshake.
- SSL/TLS servers: Don't send extraneous certificates to client when
alt certs are used.
- lda, lmtp: Return-Path header without '<' may have assert-crashed.
- lda, lmtp: Unencoded UTF-8 in email address headers may assert-crash
- lda: -f parameter didn't allow empty/null/domainless address
- lmtp, submission: Message size limit was hardcoded to 40 MB.
Exceeding it caused the connection to get dropped during transfer.
- lmtp: Fix potential crash when delivery fails at DATA stage
- lmtp: login_greeting setting was ignored
- Fix to work with OpenSSL v1.0.2f
- systemd unit restrictions were too strict by default
- Fix potential crashes when a lot of log output was produced
- SMTP client may have assert-crashed when sending mail
- IMAP COMPRESS: Send "end of compression" marker when disconnecting.
- cassandra: Fix consistency=quorum to work
- dsync: Lock file generation failed if home directory didn't exist
- Snippet generation for HTML mails didn't ignore &entities inside
blockquotes, producing strange looking snippets.
- imapc: Fix assert-crash if getting disconnected and after
reconnection all mails in the selected mailbox are gone.
- pop3c: Handle unexpected server disconnections without assert-crash
- fts: Fixes to indexing mails via virtual mailboxes.
- fts: If mails contained NUL characters, the text around it wasn't
indexed.
- Obsolete dovecot.index.cache offsets were sometimes used. Trying to
fetch a field that was just added to cache file may not have always
found it.
Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
2018-06-22 Richard Russon <rich@flatcap.org>
* Features
- Expand variables inside backticks
- Honour SASL-IR IMAP capability in SASL PLAIN
* Bug Fixes
- Fix toggle-read
- Do not truncate shell commands on ; or #
- pager: index must be rebuilt on MUTT_REOPENED
- Handle a BAD response in AUTH PLAIN w/o initial response
- fcc_attach: Don't ask every time
- Enlarge path buffers PATH_MAX (4096)
- Move LSUB call from connection establishment to mailbox SELECTion
* Translations
- Update Chinese (Simplified): 100%
- Update Czech: 100%
- Update German: 100%
- Update Lithuanian: 100%
- Update Portuguese (Brazil): 100%
- Update Slovak: 59%
- Reduce duplication of messages
* Code
- Tidy up the mailbox API
- Tidy up the header cache API
- Tidy up the encryption API
- Add doxygen docs for more functions
- Refactor more structs to use STAILQ
