CHangelog:
Fixed in Thunderbird 31.6
2015-40 Same-origin bypass through anchor navigation
2015-37 CORS requests should not follow 30x redirections after preflight
2015-33 resource:// documents can load privileged pages
2015-31 Use-after-free when using the Fluendo MP3 GStreamer plugin
2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)
pkgsrc changes:
- gnome-keyring option has changed to secret option to reflect the upstream
change. For more information please read the changelog below.
Changes:
Version 1.6.1:
- The new configure option --with-tls replaces --with-ssl.
- A new configure option --disable-gai-idn was added.
Version 1.6.0:
- Support for SOCKS proxies was added. This allows msmtp to be used with Tor.
- GNOME Keyring support now uses libsecret instead of libgnome-keyring. It is
now documented how to use secret-tool to manage passwords for msmtp; the
obsolete msmtp-gnome-tool script is removed.
- Configuration file security is now only checked if the file actually contains
secrets such as passwords. (If you still store passwords in the configuration
file, consider using the passwordeval command or a key ring instead.)
- The GSSAPI authentication method is not chosen automatically anymore, you have
to request it manually if you really want to use it.
- From: and Date: headers are now added to mails if necessary, for compatibility
with sendmail, postfix, exim, and other MTAs. This can be disabled with the
add_missing_from_header and add_missing_date_header commands.
- Libidn is not required for IDN support anymore on systems where getaddrinfo()
supports the AI_IDN flag and the GnuTLS version is >= 3.4.0.
- The new remove_bcc_headers command replaces the old keepbcc command (but the
old command is still supported for compatibility).
- SSLv3 is disabled, and the obsolete tls_force_sslv3 command and
--tls-force-sslv3 option have no effect anymore.
Upstream changes:
3.008 2014-12-27 18:36:19-05:00 America/New_York
- make results of get_body be the same on Email::{Simple,MIME}
- ...but this method is a mess, so maybe avoid using Abstract for body
work
3.007 2013-12-31 10:39:14 America/New_York
fix skip count when MIME::Entity is not present
version 3.11.1.
Changlog:
3.11.1:
~~~~~~~~~~~~~~~~~~~~
* Use 'gnutls_priority' hidden account preference for POP3 and
STARTTLS connections, in addition to SMTP.
* RSSyl plugin: Enable use of .netrc to store network credentials.
* Remove dependency on intltool.
* Remove appdata.
* Updated translations: Norwegian Bokmål.
* Bug fixes:
o bug 3306, 'HTML tag is not always rendered in error
dialog'
o bug 3308, 'build ignores --localedir'
3.11.0:
~~~~~~~~~~~~~~~~~~~~
* SSLv3 server connections are now disabled by default, in response
to the POODLE vulnerability, see
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566.
* Several PGP/Core plugin improvements
Indicate when a key has been revoked or has expired when displaying
signature status. For example,
"Good signature from %s, but the key has expired."
"Good signature from %s, but the key has been revoked."
When displaying the full information, show the Validity, and the
Owner Trust level. Also indicate expired and revoked keys, and
revoked UIDs.
The "Content-Disposition: attachment" flag in PGP/MIME signed
messages has been removed. It was confusing for cetain MUAs.
* A new version of the RSSyl plugin, completely redesigned and
rewritten. Migration from the previous version is automatic,
it has a new storage format in ~/.claws-mail/RSSyl/ (hierarchical
directories instead of flat file format). It uses the expat
library instead of libxml2 for parsing feed data.
* The results of TAB address completion in the Compose window have
improved ordering.
Order of results:
1. Match beginning of name
2. Match beginning of additional names
3. Match complete email address before @
4. Match beginning of email address
5. Compare relative position of match
6. Compare name alphabetically
7. Compare address alphabetically.
* Due to popular demand, use of the Up key in the message body in the
Compose window stops at the top of the message body and does not
continue up to the header fields. This reverts the behaviour
introduced in version 3.10.0.
* In the Compose window, when navigating with the arrow keys,
selecting, and thus modifying, the Account selector is now
prevented.
* In the Compose window, a mnemonic (s) has been added to the Subject
line.
* The Queue folder is highlighted if there are messages in its sub-
folders and the tree is collapsed.
* When sorting messages by 'thread date', clicking the 'Date' column
header will now toggle between ascending/descending and will not
switch to 'date' sorting.
* A new QuickSearch filter has been added that searches a header's
content only.
H S : messages which contain S in the value of any header.
* A Reply-To field has been added to the main Template configuration.
* The menubar can now be hidden, default hotkey: F12.
* Fancy plugin: A user-controlled stylesheet can now be used.
* Python plugin: Add flag attributes to MessageInfo object.
* Python plugin: Make 'account' property of ComposeWindow read/write.
* Libravatar plugin: a network timeout option has been added.
* appdata has been added for package managers, it must be
specifically enabled, using ./configure --enable-appdata
See http://people.freedesktop.org/~hughsient/appdata/ for further
information.
* The tbird2claws.py script, for converting a Thunderbird mailbox to
a Claws Mail mailbox, now handles sub-directory recursion.
* Updated translations: Brazilian Portuguese, Bulgarian, Dutch,
Esperanto, Finnish, German, Hebrew, Lithuanian, Slovak, Spanish,
and Swedish
* Bug fixes:
o bug 3173, 'quick search ignores trailing blank'
o bug 3211, 'Fails to build in Debian hurd-i386 architecture'
o bug 3212, 'When msgnum matches a sub-folder name, fetch
fails'
o bug 3221, 'IMAP: Claws Mail has issues with Yahoo IMAP
server/folders'
o bug 3235, 'Extraneous double quotes inside base64-encoded
From header confuse 'Reply' action'
o bug 3236, 'sc_html_parse_tag() does not recognize '
'
as line break'
o bug 3246, 'attachment open: "remember this" ignored if
~/.mailcap does not exist'
o bug 3265, 'procmime.c: unbalanced flockfile() /
funlockfile()'
o bug 3300, 'Cannot send/receive mail when SSL 3.0 is not
supported on the server'
o Debian bug 755022, '[claws-mail-spam-report] likely useless
to report to Debian because of the use of http
instead of https'
o Disable SSL3.0 entirely as a Poodle fix.
o fix msg display when utf8_instead_of_locale_for_broken_mail
is turned off and you use a UTF-8 locale
o fix building without gnuTLS support
o Don't differentiate the protocols used when using direct
SSL/TLS versus STARTTLS
o disallow editing any account (even current account) when at
least one compose window is open
o Actually display "(No From)" in messageview's From column
when appropriate.
o When changing focus in folderview, make sure the newly
focused folder is visible first.
o various fixes to flaws reported by Coverity scan
o PGP/Core plugin: Don't automatically re-check signatures
o PGP/Core plugin: fix erroneous 'untrusted' msg based on
validity not trust
o Make INBOX case-insensitive (as RFC states)
o Python plugin: Fix ComposeWindow.get_account_selection
3.10.1:
* Add an account preference to allow automatically accepting
unknown and changed SSL certificates, if they're valid (that is,
if the root CA is trusted by the distro).
* RFE 3196, 'When changing quicksearch Search Type, set focus to
search input box'
* PGP/Core plugin: Generate 2048 bit RSA keys.
* Major code cleanup.
* Extended claws-mail.desktop with Compose and Receive actions.
* Updated Bulgarian, Brazilian Portuguese, Czech, Dutch, Esperanto,
Finnish, French, German,Hebrew, Hungarian, Indonesian, Lithuanian,
Slovak, Spanish, and Swedish translations.
* Bug fixes:
o bug 2728, 'erroneous switching from one to three column
view'
o bug 2981, 'claws-mail-3.9.3 compilation warnings'
o bug 3170, 'QuickSearch fights with View/Hide read threads
menu option'
o bug 3179, 'Win32: Please add 'gtk-auto-mnemonics = 1' to
GTK+ setting'
o bug 3201, 'Fix memory corruption in sc_html_read_line()'
o Debian bug 730050, 'vcalendar plugin crash'
o Fix GCond use with newer Glib
o Fix the race fix, now preventing the compose window to be
closed.
o Fix "File (null) doesn't exist" error dialog, when
attaching a non-existing file via --attach
o Fix spacing in Folderview if the font is far from the
system font
o RSSyl: When parsing RSS 2.0, ignore <link> tags with a
namespace prefix.
o RSSyl: Check for existence of xmlNode namespace, to prevent
NULL pointer crashes.
3.10.0:
* Complete SSL certificate chains are now saved, and if built with
Libetpan 1.4.1, the IMAP SSL connection's certificate chain is made
available. Both of these allow correct certificate verification
instead of a bogus 'No certificate issuer found' status.
* Auto-configuration of account email servers, based on SRV records,
is now possible. (GLib >= 2.22 is required.)
* Added a preference to avoid automatically drafting emails that are
to be sent encrypted, (Configuration/Preferences/Compose/Writing).
* Messages saved as Drafts are now saved as New, highlighting the
Drafts folder, in order to draw the attention to unfinished mails
there.
* It is now possible to add a 'Replace signature' button to the
Compose window toolbar.
* Quotation wrapping and undo/redo in the Compose window has been
improved.
* 'Reply to all' now excludes your own address.
* The 'Generate X-Mailer header' option has been renamed 'Add user
agent header' and applies to both X-Mailer and X-Newsreader
headers.
* Added hidden preferences, 'address_search_wildcard' and
'folder_search_wildcard', to choose between matching from start of
the folder name/address or any part of the name. (Activating these
options restores the previous behaviour.)
* Added hidden preference 'enable_avatars' to control the internal
capture/render process, and which allows disabling it by external
plugins for example.
* 'Check for new folders' now only updates the folder list, not
updating the contents of folders. If needed, it can be followed by
'Check for new messages'
* When using Redirect, the redirecting account's address is used in
the SMTP MAIL FROM instead of the original sender's address.
* NEW: Libravatar plugin, which displays avatars from
https://www.libravatar.org/
* Added support for an arbitrary number and sources of 'avatars' and
images for email senders, and migrated Face and X-Face headers.
* Avatars are now included when printing mails.
* The GPG keyring can now be used as the source for address auto-
completion.
* The vCalendar and RSSyl plugins now have an option to disable SSL
certificate verification (and check them by default).
* The ClamAV plugin now pops up an error message only once instead of
repeatedly
* Updated the man page and the manual.
* Updated Brazilian Portuguese, British English, Czech, Dutch,
Finnish, French, Hebrew, Hungarian, Indonesian, Lithuanian, Slovak,
Spanish, and Swedish translations.
* Added Esperanto translation.
* Bug fixes:
o bug 1644, 'race condition between message move and mark as
read after timeout'
o bug 2119, 'Check for new folders on remote mailboxes is
very slow'
o bug 2145, 'Claws becomes unresponsive and gets Killed while
moving messages between imap folders'
o bug 2179, 'Improve quotation wrapping support'
0 bug 2238, 'Incorrect undo/redo operations after paste with
replace from context menu'
o bug 2389, 'GnuPG: invalid/revoked user IDs accepted'
o bug 2398, 'Race when closing compose during drafting'
o bug 2447, 'Compose window crashes if moving a folder that
is being replied to'
o bug 2643, 'claws crash when accessing imap folder'
o bug 2875, 'SMTP session disconnects before recieving'
o bug 2991, 'POP3 sessions duplicated" on race conditions'
o bug 3020, 'Use theme doesn't change some icons until
restart'
o bug 3055, 'Claws segfaults when cancelling a sticky search
after changing folder'
o bug 3038, 'Select a folder incorrectly matches on number in
parentheses'
o bug 3039, 'displaying one specific html email lead in 100%
CPU usage'
o bug 3040, 'Handle revoked GPG private keys'
o bug 3050, 'Claws segfaults when attempting to delete a tag'
o bug 3094, 'OK or Yes to create new directory ?'
o bug 3100, 'Automatic account selection on reply fails if
name is quoted and contains a comma'
o bug 3105, 'vCal plugin via https does not check SSL peer
certificates or host'
o bug 3106, 'rssyl plugin does not verify SSL peer at all'
o bug 3107, 'Height of row in message list does not reflect
font size - three columns, small screen layout'
o bug 3116, 'invalid DTSTART in ics subscription makes claws
crash'
o bug 3117, 'full-day event shown from 01:00 to 01:00 next
day'
o bug 3120, '"Error - File is empty" when redirecting mail
with empty parts'
o bug 3131, 'Crash on reccurent events with no DTSTART'
o bug 3138, 'PGP/Inline crashes on signature check if gpgme
failed to init'
o bug 3139, 'Mainwindow unresponsive due to a busy loop'
o bug 3145, 'Memory corruption in imap_disconnect_all'
o bug 3146, 'Memory corruption when deleting a message from
folder'
o bug 3147, 'verify_folderlist_xml() leaks memory'
o bug 3148, 'Logic error in claws_get_socket_name()'
o bug 3150, 'etpan_certificate_check() leaks memory'
o bug 3155, 'Memory leaks found by Valgrind in
a9065aec26499a0e1294c73b6d9e6f039976521e'
o bug 3169, 'threaded message list performance issue'
o bug 3964, 'headers in wrong order -- file src/common/ssl.c'
o Fix lots of memory leaks
o Fix interference from liboverlay-scrollbar
o Fix some typos
o Fix some layout issues when user has large GTK font
o Fix message search starting from end
o Fix disappearing MIME icon highlight in mails with PGP
signatures
o When autoselecting account for a new message, quoted
recipient names are handled better.
o Python plugin: Also check for _PyGtk_API being a PyCapsule
o MailMBOX plugin: Fix parsing UTC dates
o vCalendar plugin: recognition of quoted parameter values,
which are legal.
o ClamAV plugin: Fix a format string error.
Update homepage.
changelog:
1.6:
Improved RFC822 and MIME parser
Implemented SEARCH using LITERAL+ for Gmail
Fixed SSL connections (don't force SSLv3)
1.5:
Gmail search features: X-GM-MSGID, X-GM-THRID, X-GM-RAW
Added POP stat
Various fixes for Windows
Fixed OpenSSL / GnuTLS implementation of retrieval of certificates
Fixed IMAP IDLE in case of COMPRESS-ed streams
Fixed base64 encoding
1.4:
Gmail search features: X-GM-MSGID, X-GM-THRID, X-GM-RAW
Added POP stat
Various fixes for Windows
Fixed OpenSSL / GnuTLS implementation of retrieval of certificates
Fixed IMAP IDLE in case of COMPRESS-ed streams
Fixed base64 encoding
needed to dovecot2-pigeonhole compatible with Dovecot 2.2.16.
v0.4.7 19-03-2015 Stephan Bosch <stephan@rename-it.nl>
* editheader extension: Made protection against addition and deletion of
headers configurable separately. Also, the `Received' and `Auto-Submitted'
headers are no longer protected against addition by default.
* Turned message envelope address parse errors into warnings.
* The interpreter now accepts non-standard domain names, e.g. containing '_'.
+ Implemented the Sieve index extension (RFC 5260).
+ Implemented support for the mboxmetadata and servermetadata extensions
(RFC 5490).
+ Implemented new sieve commands for the doveadm command line utility. These
commands are currently limited to ManageSieve operations, but the other
current sieve tools will be migrated to doveadm in the near future as well.
+ Added more debug output about binary up-to-date checking.
+ Added script metadata to binary dump output.
- Fixed Sieve script binary up-to-date checking by normalizing the script
location.
- The Sieve interpreter now flushes the duplicate database during start phase
of result execution rather than commit phase. This makes sure locks on the
duplicate database are released as soon as possible, preventing contention.
- Performed a few optimizations in the lexical scanner of the language.
- Fixed bug in `:matches' match-type that made a pattern without
wildcards match as if there were a '*' at the beginning.
- Fixed crash in validation of the string parameter of the comparator tag.
- extprograms extension: Made sure supplemental group privileges are also
dropped. This was a problem reported by Debian lintian.
- Fixed bug in handling of binary errors for action side-effects and message
overrides.
- file script storage: Restructured storage initialization to address
backwards compatibility issues.
- dict script storage: Fixed small memory allocation bug.
RELEASE 1.1.1
-------------
- ACL: Allow other plugins to adjust the list of permissions and groups to edit
- Add possibility to print contact information (of a single contact)
- Add possibility to configure max_allowed_packet value for all database engines (#1490283)
- Improved handling of storage errors after message is sent
- Update to TinyMCE 4.1.9
- Unified request* event arguments handling, added support for _unlock and _action parameters
- Security: Generate random hash for the per-user local storage prefix (#1490279)
- Fix refreshing of drafts list when sending a message which was saved in meantime (#1490238)
- Fix saving/sending emoticon images when assets_dir is set
- Fix PHP fatal error when visiting Vacation interface and there's no sieve script yet (#1490292)
- Fix setting max packet size for DB caches and check packet size also in shared cache
- Fix needless security warning on BMP attachments display (#1490282)
- Fix handling of some improper constructs in format=flowed text as per the RFC3676[4.5] (#1490284)
- Fix performance of rcube_db_mysql::get_variable()
- Fix missing or not up-to-date CATEGORIES entry in vCard export (#1490277)
- Fix fatal errors on systems without mbstring extension or mb_regex_encoding() function (#1490280)
- Fix cursor position on reply below the quote in HTML mode (#1490263)
- Fix so "over quota" errors are displayed also in message compose page
- Fix duplicate entries supression in autocomplete result (#1490290)
- Fix "Non-static method PEAR::isError() should not be called statically" errors (#1490281)
- Fix parsing invalid HTML messages with BOM after <!DOCTYPE> (#1490291)
- Fix duplicate entry on timezones list in rcube_config::timezone_name_from_abbr() (#1490293)
- Fix so localized folder name is displayed in multi-folder search result (#1490243)
- Fix javascript error after creating a folder which is a subfolder of another one (#1490297)
- Fix bug where subject of sent/saved message was removed if mbstring wasn't installed (#1490295)
- Fix missing vcard_attachment icon on messages list (#1490303)
- Fix storing signatures with big images in MySQL database (#1490306)
- Fix Opera browser detection in javascript (#1490307)
- Fix so search filter, scope and fields are reset on folder change
- Fix rows count when messages search fails (#1490266)
- Fix bug where spellchecking in HTML editor do not work after switching editor type more than once (#1490311)
- Fix bug where TinyMCE area height was too small on slow network connection (#1490310)
- Fix backtick character handling in sql queries (#1490312)
- Fix redirct URL for attachments loaded in an iframe when behind proxy (#1490191)
- Fix menu container references to point to the actual <ul> element (#1490313)
- Fix javascripts errors in IE8 - lack of Event.which, focusing a hidden element (#1490318)
Make DB_SIGNINGTABLE symbol available in Lua scripts.
Fix bug #214: Handle arbitrarily large From: fields.
LIBOPENDKIM: Fix bug #213: Remove "dkim_default_senderhdrs" from
dkim.h.
LIBOPENDKIM: Fix bug #219: Unresolved CNAMEs are not failures,
according to the DNS (see RFC6604), so report them as
NXDOMAIN or similar.
2.10.0 2014/12/27
Feature request #182: Remove "AddAllSignatureResults". All signature
results will now be added via Authentication-Results header
fields.
Feature request #180: Rename "LDAPSoftStart" to "SoftStart" and apply
it to SQL connections as well.
Feature request #179: Add "IgnoreMalformedMail" option.
Fix bug #183: Discontinue support for ADSP. This removes the
following configuration file items:
AddAllSignatureResults LocalADSP
ADSPAction NoDiscardableMailTo
ADSPNoSuchDomain On-PolicyError
BogusPolicy SendADSPReports
DisableADSP SenderHeaders
LDAPSoftStart UnprotectedPolicy
Make "rrvs" and "smime" recognized Authentication-Results methods.
LIBOPENDKIM: Feature request #157: Add dkim_mail_parse_multi().
LIBOPENDKIM: Feature request #185: Add dkim_set_dnssec().
LIBOPENDKIM: Fix bug #183: Discontinue support for ADSP. This
means all of the following:
- the dkim_policy_t type has been removed
- the DKIM_POLICY_* constants have been removed
- the DKIM_PRESULT_* constants have been removed
- passing DKIM_OPTS_SENDERHDRS to dkim_options() now
results in an error
- the DKIM_PSTATE structure has been removed
- all of the following functions have been removed:
dkim_policy(), dkim_policy_dnssec(),
dkim_policy_getqueries(), dkim_policy_getreportinfo(),
dkim_policy_state_free(), dkim_policy_state_new(),
dkim_policy_syntax(), dkim_getpolicystr(),
dkim_getpresult(), dkim_getpresultstr(),
dkim_set_policy_lookup(), dkim_test_adsp()
LIBOPENDKIM: DKIM_LIBFLAGS_STRICTHDRS now also confirms syntactical
validity of the From field before proceeding with a signing or
verifying operation.
CONTRIB: Fix bug #207: Clean up the "stats" directory.
CONTRIB: Add "repute" directory which could eventually replace the
PHP implementation.
CONTRIB: Patches to systemd and init/redhat.
Fix bug #97: Add ability to change envelope sender, client IP
address, client hostname, and HELO value used in test
mode, via environment variables. This can be turned
into something more formal in a later release.
Fix bug #102: Don't lose SPF results and output the "-1" default.
Fix bug #103: Fix IgnoreAuthenticatedClients by requesting the
right macro value from the MTA.
Fix bug #113: Remove "TemporaryDirectory" (unused).
LIBOPENDMARC: Fix bug #104: Include <sys/param.h> and <resolv.h>
in <opendmarc/dmarc.h> so that MAXPATHLEN and MAXNS get
defined consistently.
LIBOPENDMARC: Fix bug #105: Get the h_errno definition from
<netdb.h> rather than declaring it.
LIBOPENDMARC: Fix bug #106: Clean up issues with the types passed
to opendmarc_policy_library_dns_hook().
DOCS: Fix bug #99: Update list of constraints on
opendmarc_policy_fetch_alignment().
REPORTS: Fix bug #108: Handle malformed mailto URIs in DMARC
records (e.g., just "mailto:").
REPORTS: Fix bug #110: Support SQL backend selection in
opendmarc-expire.
------------------
DK-MILTER RELEASE NOTES
This listing shows the versions of the dk-milter package, the date of
release, and a summary of the changes in that release.
Bug and feature request (RFE) numbers that start with "SF" were logged
via Sourceforge (http://www.sourceforge.net) trackers. Those not so labelled
were logged internally at Sendmail, Inc.
1.0.2 2009/02/04
LIBDK: Fix bug in error message generation which could cause
crashes with very large error messages. Code copied
from dkim-milter.
1.0.1 2008/09/04
Set up required callbacks for OpenSSL thread-safety. Code copied
from dkim-milter.
LIBDK: Fix bug in relaxed canonicalization mode when dealing with
very large input lines with cached blank lines.
Problem reported by Mark Martinec.
1.0.0 2008/03/13
Use the current Authentication-Results: format (the -13 draft).
Patch from S. Moonesamy of Eland Systems.
Add improved mlfi_negotiate() function code, copied from dkim-milter,
which does things like symbol requesting and more intelligent
option negotiation. Patch from S. Moonesamy of Eland Systems.
Add hash buffering, copied from libdkim. Patch from S. Moonesamy
of Eland Systems.
Fix bug #SF1736559: in_addr_t is not universal. Problem reported
by Terry White.
Fix bug #SF1763715: Fix string management in mlfi_eoh() with respect
to mctx_domain, which could be left pointing to garbage when
using domain wildcarding. Problem noted by Ronald Huizer.
Activate _FFR_MULTIPLE_KEYS.
LIBDK: Copy the library options structure from libdkim.
LIBDK: Add dk_close().
LIBDK: Feature request #SF1872270: Rename parameters called "new"
in dk.h so that C++ compilers don't complain. Requested
by Paul Macintosh.
LIBAR: Eliminate a possible race condition in ar_dispatcher().
LIBAR: Timeouts passed to select() can't be bigger than 10^8.
Problem noted by S. Moonesamy of Eland Systems.
LIBAR: Fix bug #SF1852618: Handle default case of no "nameserver"
lines in /etc/resolv.conf. Problem noted by Mike Markley
of Bank of America.
LIBAR: Plug descriptor and memory leaks in ar_shutdown().
BUILD: Copy the unit test structure from libdkim and add a few basic
unit tests.
0.6.0 2007/05/31
Fix bug #SF1728696: Repair message corruption occurring when a
message body spams multiple milter writes. Reported
by Eric Singer.
Patch #SF1705006: Fix X-header malformation.
LIBAR: Fix bug #SF1537457: Add proper support for IPv6 nameservers.
Reported by Mark Martinec.
BUILD: Copy the consolidated build system from the dkim-milter
package.
Activate the following FFRs:
_FFR_LOG_SSL_ERRORS
_FFR_QUARANTINE
_FFR_REPORTINFO
0.5.0 2007/04/10
Copy several enhancements from the latest dkim-milter update:
o Support for 8.14 (milter v2) and the leading space patch from
dkim-milter.
o Fixes/enhancements under POPAUTH.
o Pass the correct length variable to RSA_sign() so that
the value returned is sane on 64-bit platforms.
o _FFR_ANTICIPATE_SENDMAIL_MUNGE
o Feature request #SF1497801: _FFR_QUARANTINE
Fix bug #SF1541450: Correct header selection in dk_hdrsigned().
Reported by Mark Martinec.
LIBDK: Fix bug #SF1537918: Add dk_geterror() to retrieve additional
diagnostic data from the API when a function call returns
DK_STAT_INTERNAL or something else whose cause isn't
readily apparent. Copied from libdkim.
LIBAR: Block signals that should be caught and handled elsewhere,
such as in libmilter.
0.4.2 2007/03/13
Fix bug #SF1509093, SF1611082: Set group ID as well as user ID when
"-u" is used on the command line. Patch from Vincent
Rivellino.
Fix bug #SF1514447: Re-query for the job ID in mlfi_eom() to
accomodate postfix's milter implementation. Copied from
dkim-filter; requested by Jakob Schlyter.
Fix bug #SF1541439: Fix mis-canonicalization of skipped headers
in "nofws" mode. Reported by Mark Martinec.
Fix bug #SF1541789: Stop spurious syntax errors on unsigned messages.
Problem reported by S. Moonesamy of Eland Systems.
0.4.1 2006/06/14
LIBDK: Properly handle key and policy records that don't have
whitespace after semicolons.
LIBDK: In dk_eom(), return DK_STAT_SYNTAX if dk_skipbody is set.
Failing to do so means a message with a signature header
below which there is no sender header will report a bogus
success status. Problem noted by Lennert Buytenhek.
0.4.0 2006/05/19
Remove spurious CRLFs injected into canonicalization when multiple
body chunks arrive from the MTA. Patch from Suzuki Takahiko
of Internet Initiative Japan, Inc.
If _FFR_REPORTINFO is enabled, don't call dkf_report() if no DomainKeys
context was ever created for a message.
Simplify dk_sterilize() a little, and handle failures from it.
Problem reported by Fredrik Pettai.
RFC2822 doesn't require any recipient headers, so remove those checks
inside _FFR_REQUIRED_HEADERS.
Fix bug #SF1485119: Canonicalize in the correct order when not using
"-H" on the command line. Problem noted by S. Moonesamy of
Eland Systems.
Activate _FFR_MACRO_LIST and _FFR_EXTERNAL_IGNORE_LIST.
LIBDK: New flag DK_OPTS_HDRLIST for dk_options().
0.3.4 2006/05/02
If _FFR_REPORTINFO is enabled, send reports on all failures, not just
those which aren't in test mode.
Ignore unknown tags in keys and policies, rather than returning an
error.
LIBDK: Return an error if the signing function returned success but
also reported a zero-length signature. Reported by
S. Moonesamy of Eland Systems.
LIBAR: Add a timeout to the I/O wait so that retransmissions
actually get done while waiting for activity.
0.3.3 2006/03/13
Fix test mode check at the end of mlfi_eom(), which was overriding
any configuration settings from the command line.
Reported by Arkadi Poliakevitch of Invidi Technologies.
Copy the value of -C before parsing it so the output of "ps" doesn't
get munged. Reported by Arkadi Poliakevitch of Invidi
Technologies.
Fix "-o", which wasn't actually working at all. Reported by Ben
Lentz.
Add _FFR_LOG_SSL_ERRORS which sends to syslog errors reported by
the OpenSSL libraries.
0.3.2 2005/12/12
Patch a small but definite memory leak. Reported by Ray Krebs
of eBay.
0.3.1 2005/12/02
Tolerate "b=" in signature headers at places other than the end
of the signature (and, in fact, other things at the end
of the signature). Reported by Jason Long. (Bug SF1234164)
Don't reject or report about messages which fail verification
when the sending domain advertises that it's in test mode.
Patch from Adrian Havill.
Fixes to POPAUTH compilation from S. Moonesamy of Eland Systems.
Allow "-d" to specify a list from which domains should be read,
and allow wildcarding in domain names. Requested by
Ray Krebs of eBay. (Feature request SF1312453)
Add "-o" command line option to allow certain headers to be omitted
from signing operations. Suggested by Ben Lentz.
(Feature request SF1314350)
LIBAR: Fix a build issue introduced in the last release.
- patch-aa was used to edit Makefile. Now it edits Makefile.in instead
- patch-a[cefh] are removed, equivalent fix applied
- patch-dns.c is added to silent prototype warning
(upstream)
- Update 1.20 to 1.23
-------------------
1.23: Feb.17,2015:
dns.c, smtp.c:
typo fixed: INET6 should be AF_INET6
1.22: Jun.9,2012:
smtp.c:
logging whole message in multi-lined SMTP response.
1.21: Jun.7,2012:
smtp.c, common.h, main.c:
'-2' option added to avoid piggybacking among domains.
(to support spec change on GoogleApps service)
dns.c:
definitions of functions with "static" are moved outside
to avoid "invalid strage class" errors.
*.c, extern.h:
log() is renamed to logg() to avoid conflict.
* dbox: Resyncing (e.g. doveadm force-resync) no longer deletes
dovecot.index.cache file. The cache file was rarely the problem
so this just caused unnecessary slowness.
* Mailbox name limits changed during mailbox creation: Each part of
a hierarchical name (e.g. "x" or "y" in "x/y") can now be up to 255
chars long (instead of 200). This also reduces the max number of
hierarchical levels to 16 (instead of 20) to keep the maximum name
length 4096 (a common PATH_MAX limit). The 255 char limit is
hopefully large enough for migrations from all existing systems.
It's also the limit on many filesystems.
+ director: Added director_consistent_hashing setting to enable
consistent hashing (instead of the mostly-random MD5 hashing).
This causes fewer user moves between backends when backend counts
are changed, which may improve performance (mainly due to caching).
+ director: Added support for "tags", which allows one director ring
to serve multiple backend clusters with different sets of users.
+ LMTP server: Added lmtp_user_concurrency_limit setting to limit how
many LMTP deliveries can be done concurrently for a single user.
+ LMTP server: Added support for STARTTLS command.
+ If logging data is generated faster than it can be written, log a
warning about it and show information about it in log process's
process title in ps output. Also don't allow a single service to
flood too long at the cost of delaying other services' logging.
+ stats: Added support for getting global statistics.
+ stats: Use the same session IDs as the rest of Dovecot.
+ stats: Plugins can now create their own statistics fields
+ doveadm server: Non-mail related commands can now also be used
via doveadm server (TCP socket).
+ doveadm proxying: passdb lookup can now override doveadm_port and
change the username.
+ doveadm: Search query supports now "oldestonly" parameter to stop
immediately on the first non-match. This can be used to optimize:
doveadm expunge mailbox Trash savedbefore 30d oldestonly
+ doveadm: Added "save" command to directly save mails to specified
mailbox (bypassing Sieve).
+ doveadm fetch: Added body.snippet field, which returns the first
100 chars of a message without whitespace or HTML tags. The result
is stored into dovecot.index.cache, so it can be fetched efficiently.
+ dsync: Added -t <timestamp> parameter to sync only mails newer than
the given received-timestamp.
+ dsync: Added -F [-]<flag> parameter to sync only mails with[out] the
given flag/keyword.
+ dsync: Added -a <mailbox> parameter to specify the virtual mailbox
containing user's all mails. If this mailbox is already found to
contain the wanted mail (by its GUID), the message is copied from
there instead of being re-saved. (This isn't efficient enough yet
for incremental replication.)
+ dsync: -m parameter can now specify \Special-use names for mailboxes.
+ imapc: Added imapc_features=gmail-migration to help migrations from
GMail. See http://wiki2.dovecot.org/Migration/Gmail
+ imapc: Added imapc_features=search to support IMAP SEARCH command.
(Currently requires ESEARCH support from remote server.)
+ expire plugin: Added expire_cache=yes setting to cache most of the
database lookups in dovecot index files.
+ quota: If overquota-flag in userdb doesn't match the current quota
usage, execute a configured script.
+ redis dict: Added support for expiring keys (:expire_secs=n) and
specifying the database number (:db=n)
- auth: Don't crash if master user login is attempted without
any configured master=yes passdbs
- Parsing UTF-8 text for mails could have caused broken results
sometimes if buffering was split in the middle of a UTF-8 character.
This affected at least searching messages.
- String sanitization for some logged output wasn't done properly:
UTF-8 text could have been truncated wrongly or the truncation may
not have happened at all.
- fts-lucene: Lookups from virtual mailbox consisting of over 32
physical mailboxes could have caused crashes.
Changelog:
Fixed in Firefox/Thunderbird ESR 31.5
2015-24 Reading of local files through manipulation of form autocomplete
2015-19 Out-of-bounds read and write while rendering SVG content
2015-16 Use-after-free in IndexedDB
2015-12 Invoking Mozilla updater will load locally stored DLL files
2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
- try to work around pathological breakage in one random POP server
implementation. Thanks: Michael Thomas Kockmeyer.
- remove dead marc.theaimsgroup.com list archive from docs. Thanks:
Miroslav Rovis.
- bugfix: if you combined IMAP IDLE mode with delete_after, getmail would,
after remaining connected to the server for the number of days
configured, begin deleting messages immediately after retrieval
instead of after the configured delay. Now fixed. Thanks:
Johannes Weißl.
