Alpine 2.23
* Implementation of XOAUTH2 authentication support for Outlook. Based on
documentation suggested by Andrew C Aitchison.
* Add support for the OAUTHBEARER authentication method in Gmail. Thanks to
Alexander Perlis for suggesting it and explaining how the method works.
* Creation of Alpine's Privacy Policy. This is presented as a link to an
online document from the Release Notes (Link at the top of this document.)
Upon user request, Alpine downloads and displays this document. Links to
the privacy policy are also displayed when a user starts Alpine for the
first time, or when a user starts a new version of Alpine. There is no
default exit greeting command for these screens, and to exit the user must
press "E", instead of the old default, which was the RETURN command. The
RETURN command will open the handle on which the cursor is on, which by
default is the Privacy Policy.
* Support for the SASL-IR IMAP extension that avoids a round trip during
authentication. Similar support added for the SMTP, NNTP and POP3
protocols. Thanks to Geoffrey Bodwin for a report that lead to this
implementation.
* Alpine can pass an HTML message to an external web browser, by using the
"External" command in the ATTACHMENT INDEX screen.
* New configuration variable external-command-loads-inline-images-oly that
controls if Alpine will keep the source link to all the images in the HTML
message, or will only pass a link to inline images included in the message.
For your privacy and security this feature is enabled by default.
* When reading an email and a user selects an email address to which to
compose a message from the message, the user will be able to select a role
to compose that message.
* New variable system-certs-path that allows users to indicate the location
of the directory where certificates are located. In PC-Alpine this must be
C:\libressl\ssl\certs. The C: drive can be replaced by the name of the
drive where the binary and DLL files are located.
* New variable system-certs-file that allows users to configure the location
of a container of certificate authority (CA) certificates to be used to
validate certificates of remote servers.
* Remove sleep of 5 seconds for mailcap programs that use the terminal to
display content. Suggested by Carl Edquist. In addition, remove
configurable process table command and its corresponding sleep time.
Bugs that have been addressed include:
* Security Bug: Alpine can be configured to start a secure connection using
/tls on an insecure connection. However, if the connection is PREAUTH,
Alpine will not upgrade the connection to a secure connection, because a
client must not issue a STARTTLS to a server that supports it in
authenticated state. This makes Alpine continue to use an insecure
connection with the server, exposing user data. Reported by Damian
Poddebniak and Fabian Ising from Muenster University of Applied Sciences.
* Selecting by subject might not copy the subject of the current message to
the selection text correctly. Reported by Iosif Fettich.
* Alpine does not set the return path correctly when using a role while
bouncing a message. Reported by Dr. C. Griewatsch.
* Bug in PC-Alpine that made Alpine go into an infinite loop and consume CPU
when it was iconized. Reported by Holger Schieferdecker in comp.mail.pine.
* Crash in Alpine when attempting to reply to a multipart/alternative message
that is malformed, and the option to include attachments in reply is
enabled. Reported and patched by Peter Tirsek.
* Bug that makes Alpine split encoded words in the subject of a message in
the middle of a utf-8 character into two encoded words, breaking the
encoding. Reported by Jean Chevalier.
* Alpine would not redraw the screen when a check for new mail in an incoming
folder failed due to a failure while validating the server certificate,
and the user did not allow the connection to proceed.
* Crash in Alpine while resizing the screen when using any of the tokens
SUBJKEYTEXT, SUBJECTTEXT, or SUBJKEYINITTEXT in the index format, and the
screen was resized. Reported by Iggy Mogo.
* When Alpine is trying to authenticate to Gmail, using the XOAUTH2 method,
it does not display the url the user needs to open, in order to authorize
Alpine to access Gmail using XOAUTH2 when Alpine still has not created a
screen. Reported by Baron Fujimoto.
* When an html anchor does not quote the link in the href parameter, alpine
does not link to it.
* Attempt to fix a bug that breaks scrolling of a message in Alpine when the
screen is resized. Reported in the Debian bug system at
https://bugs.debian.org/cgi-bin/bugreport.cgie?bug=956361.
Alpine 2.24
* Implementation of XOAUTH2 for Yahoo! Mail.
* Expansion of the configuration screen for XOAUTH2 to include username,
authorization flow, and tenant.
* XOAUTH2: automatic renew of access token and connection to a server within
60 seconds of expiration of the access token.
* If a user has more than one client-id for a service, Alpine asks the user
which client-id to use and associates that client-id to the credentials in
the XOAUTH2 configuration screen.
* Addition of Yandex.com to the list of services that Alpine can use XOAUTH2
to authenticate for reading and sending email.
* Addition of a link to the Apache License 2.0 (see above). This is available
from the Release Notes as well as the welcome screen.
* Modifications to protect the privacy of users:
+ Alpine does not generate Sender or X-X-Sender by default by enabling
[X] Disable Sender as the default.
+ Alpine does not disclose User Agent by default by enabling [X] Suppress
User Agent by default.
+ Alpine uses the domain in the From: header of a message to generate a
message-id and suppresses all information about Alpine, version,
revision, and time of generation of the message-id from this header.
This information is replaced by a random string.
* Unix Alpine displays configure options and flags when invoked as "alpine
-v". Suggested by Matt Ackeret.
* Alpine will ding the terminal bell when asking about quitting when new mail
arrives. This is consistent with Alpine dinging the bell when new mail
arrives. The bell will not ding if it is disabled for status messages.
Suggested by Chime Hart.
* When messages are selected, pressing the ";" command to broaden or narrow a
search, now offers the possibility to completely replace the search, and is
almost equivalent to being a shortcut to "unselect all messages, and select
again". The difference is that cancelling this command will not unselect
all currently selected messages. Suggested by Holger Trapp.
* Alpine will not write debug files unless started with the option -d, so for
example "alpine -d 2" will generate a debug file at level 2, but just
issuing the alpine command will not write any debug to a file.
* Experimental: Attempt to implement the Encryption Range in Windows. It
works in Windows 10, and it should work in Windows 8.1. It needs testing in
Windows 7 and Windows Vista.
* Addition of variables user-certs-path and user-certs-file which allow a
user to specify locations for certificates that the user trusts.
* Ignore non-empty initial challenge in the GSSAPI authenticator. Based on a
patch written by Jarek Polok, but submitted by Ignacio Reguero.
* When a server expires a refresh token, Alpine needs to cancel it
internally. Alpine will attempt to get a new one when it reopens the folder
after it cancels it.
* Set up the IMAP ID at the moment of logging in to the server, rather than
as a one time option, in case we need to use a special IMAP ID.
Bugs that have been addressed include:
* When Alpine starts a PREAUTH connection, it might still ask the user to
login. Reported by Frank Tobin.
* Crash while resizing the screen when viewing a calendar event.
* When Alpine opens a folder in a server whose address is given numerically
it might crash due to an incorrect freeing of memory. Reported by Wang
Kang.
* Crash when Alpine frees memory on a system where LC_CTYPE is not
configured, and the user calls the file browser to attach files to a
message. Reported by Luis Gerardo Tejero.
* Invalid signatures created by Alpine, when built with recent releases of
the Openssl-1.1.1 series (but not in the Openssl-1.0.1 series). Fix
contributed by Bernd Edlinger.
* After returning from the directory side of a dual-folder, sometimes Alpine
would return to the first folder in the parent directory or to the
dual-folder. The fix is to return to the original dual-folder as intended.
Reported by Holger Trapp.
* When an attachment is deleted and the original message is saved, Alpine
might write only a part of the name of the file deleted. Reported by Holger
Trapp.
* URLs that are surrounded by white space are not cleaned by Alpine before
passing them to the browser, resulting in no display of the URL when Alpine
tries to open it. Reported by Gregory Heytings.
* When Alpine is built without smime, password file functionality might fail.
Reported by Andres Fehr.
* Crash in PC-Alpine when using the eXternal command.
* Fix in Macs that made Alpine abort a ssh connection to an imap server.
Reported and assisted by Wang Kang.
Fixed in Postfix version 3.5.8:
[Postfix 3.5 and later] The Postfix SMTP client inserted <CR><LF> into message headers with lines longer than $line_length_limit (default: 2048), causing all subsequent header content to become message body content. Reported by Andreas Weigel.
Fixed in Postfix versions 3.5.8, 3.4.18, 3.3.15, 3.2.20:
[Postfix 2.8 and later] The postscreen daemon did not save a copy of the postscreen_dnsbl_reply_map lookup result. This has no effect when the recommended texthash: lookup table is used, but it could result in stale data with other lookup tables.
[Postfix 2.3 and later] After deleting a recipient with a Milter, the Postfix recipient duplicate filter was not updated; the filter suppressed requests to add the recipient back. Reported by Mehmet Avcioglu.
[Postfix 2.3 and later] Memory leak: the static: maps did not free their casefolding buffer.
[Postfix 2.2 and later] With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a TLS handshake, after processing an XCLIENT command. Reported by Aki Tuomi.
[Postfix 2.0 and later] The smtp_sasl_mechanism_filter implementation ignored table lookup errors, treating them as 'not found'.
[Postfix alpha and later] The code that looks for Delivered-To: headers ignored headers longer than $line_length_limit (default: 2048).
This is an important bug fix release, addressing CVE-2020-28896. Mutt had
incorrect error handling when initially connecting to an IMAP server, which
could result in an attempt to authenticate without enabling TLS.
2020-11-20 Richard Russon <rich@flatcap.org>
* Security
- imap: close connection on all failures
* Features
- alias: add <limit> function to Alias/Query dialogs
- config: add validators for {imap,smtp,pop}_authenticators
- config: warn when signature file is missing or not readable
- smtp: support for native SMTP LOGIN auth mech
- notmuch: show originating folder in index
* Bug Fixes
- sidebar: prevent the divider colour bleeding out
- sidebar: fix <sidebar-{next,prev}-new>
- notmuch: fix <entire-thread> query for current email
- restore shutdown-hook functionality
- crash in reply-to
- user-after-free in folder-hook
- fix some leaks
- fix application of limits to modified mailboxes
- write Date header when postponing
* Translations
- 100% Lithuanian
- 100% Czech
- 70% Turkish
* Docs
- Document that $sort_alias affects the query menu
* Build
- improve ASAN flags
- add SASL and S/MIME to --everything
- fix contrib (un)install
* Code
- my_hdr compose screen notifications
- add contracts to the MXAPI
- maildir refactoring
- further reduce the use of global variables
* Upstream
- Add $count_alternatives to count attachments inside alternatives
* Fix build with lang/rust-1.47.0.
Changelog:
78.5.0
What's New
OpenPGP: Added option to disable attaching the public key to a signed message
MailExtensions: "compose_attachments" context added to Menus API
MailExtensions: Menus API now available on displayed messages
Changes
MailExtensions: browser.tabs.create will now wait for "mail-delayed-startup-finished" event
Fixes
OpenPGP: Support for inline PGP messages improved
OpenPGP: Message security dialog showed unverified keys as unavailable
Chat: New chat contact menu item did not function
Various theme and usability improvements
Various security fixes
#CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
#CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local network
#CVE-2020-26968: Memory safety bugs fixed in Thunderbird 78.5
78.4.3
Fixes
User interface was inconsistent when switching from the default theme to the dark theme and back to the default theme
Email subject would disappear when hovering over it with the mouse when using Windows 7 Classic theme
78.4.2
Fixes
Security fix
#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for
78.4.1
What's New
Thunderbird prompts for an address to use when starting an email from an address book entry with multiple addresses
Fixes
Searching global search results did not work
Link location was not focused by default when adding a hyperlink in message composer
Advanced address book search dialog was unusable
Encrypted draft reply emails lost "Re:" prefix
Replying to a newsgroup message did not open the compose window
Unable to delete multiple newsgroup messages
Appmenu displayed visual glitches
Visual glitches when selecting multiple messages in the message pane and using Ctrl+click
Switching between dark and light mode could lead to unreadable text on macOS
78.4.0
What's New
MailExtensions: browser.tabs.sendMessage API added
MailExtensions: messageDisplayScripts API added
Changes
Yahoo and AOL mail users using password authentication will be migrated to OAuth2
MailExtensions: messageDisplay APIs extended to support multiple selected messages
MailExtensions: compose.begin functions now support creating a message with attachments
Fixes
Thunderbird could freeze when updating global search index
Multiple issues with handling of self-signed SSL certificates addressed
Recipient address fields in compose window could expand to fill all available space
Inserting emoji characters in message compose window caused unexpected behavior
Button to restore default folder icon color was not keyboard accessible
Various keyboard navigation fixes
Various color-related theme fixes
MailExtensions: Updating attachments with onBeforeSend.addListener() did not work
Various security fixes
Security fixes:
#CVE-2020-15969: Use-after-free in usersctp
#CVE-2020-15683: Memory safety bugs fixed in Thunderbird 78.4
78.3.3
Fixes
OpenPGP: Improved support for encrypting with subkeys
OpenPGP message status icons were not visible in message header pane
OpenPGP Key Manager was missing from Tools menu on macOS
Creating a new calendar event did not require an event title
78.3.2
Changes
Thunderbird will no longer automatically install updates when Preferences tab is opened
Fixed
OpenPGP: Improved support for encrypting with subkeys
OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly
Single-click deletion of recipient pills with middle mouse button restored
Searching an address book list did not display results
Windows installer was unreadable with Windows in high contrast mode
Dark mode, high contrast, and Windows theming fixes
This release fixes a compilation issue on a few platforms, and clarifies the
pattern completion function in the UPDATING file. No other changes were made.
Changelog:
What's new in notmuch 0.31.2
=========================
Build
-----
Catch one more occurence of "version" in the build system, which
caused the file to be regenerated in the release tarball.
What's new in notmuch 0.31.1
=========================
Library
-------
Fix a memory initialization bug in notmuch_database_get_config_list.
Build
-----
Rename file 'version' to 'version.txt'. The old file name conflicted
with a C++ header for some compilers.
Replace use of coreutils `realpath` in configure.
Change since version 1.14.7:
+ Domain-literal support for email addresses, e.g user@[IPv6:fcXX:...]
! Buffy completion only occurs for the "change-folder" set of functions.
It has been disabled for <attach-message>, <write-fcc>, the fcc
mailbox prompt, and the autocrypt scan mailbox prompt.
! The "save/copy message to mailbox" set of functions use the "mailbox"
history list, instead of the "filename" list.
! Message-ID extraction permits values missing angle brackets and '@'
to allow properly threading the garbage sent by some providers.
Mutt will add missing angle brackets when sending out replies, however.
! When adding multiple attachments, via <attach-file> in the compose menu,
the browser menu can be exiting via <quit> after tagging the files.
Previously, <select-entry> had to be used.
! ctrl-p/ctrl-n are by default bound to <history-up>/<history-down> in the
editor menu.
+ The "cd" command allows changing the current working directory.
As part of this, Mutt expands relative paths internally. There
may be a change to some "prettified" relative paths because of this.
! Some configuration variable default values are localizable by
translators. Currently these are: $attribution, $compose_format,
$forward_attribution_intro, $forward_attribution_trailer, $status_format,
$ts_icon_format, $ts_status_format.
+ Mutt will try to automatically reconnect to an IMAP mailbox on error,
and will merge unsync'ed changes if possible.
! $crypt_protected_headers_subject defaults to "...", following the
protected headers revised specification.
! Date, From, To, Cc, and Reply-To headers are stored as protected headers.
+ XOAUTH2 support. Please see the manual, contrib script mutt_oauth2.py,
and mutt_oauth.py.README for more details.
+ $tunnel_is_secure, default set, assumes a connection via $tunnel is
encrypted. Unsetting this will cause $ssl_starttls and $ssl_force_tls
to be respected.
+ Patterns are tab-completable in the editor menu.
! $reply_to is consulted before $reply_self.
+ $copy_decode_weed, default unset, controls header weeding for <decode-copy>
and <decode-save>.
+ $pipe_decode_weed, default set, enables header weeding for <pipe-message>.
+ $print_decode_weed, default set, enables header weeding for <print-message>.
! format=flowed attachments are space-unstuffed when viewed, saved,
piped, and printed.
+ The "run" command will execute MuttLisp. $muttlisp_inline_eval, if set, will
execute unquoted parenthesized command arguments as MuttLisp. Please see
the manual for more details about both.
+ $cursor_overlay, when set, will overlay the indicator, tree,
sidebar_highlight, and sidebar_indicator colors onto the current line.
"default" colors will be overridden and attributes will be merged.
! The message-id generation algorithm uses a random number instead of
the step counter and PID.
! $ssl_force_tls defaults set. (Trying this again for 2.0).
! $hostname is set *after* muttrc processing. It can be manually set
in the muttrc to avoid using DNS calls to obtain the FQDN.
+ $attach_save_dir specifies a directory to use when saving attachments.
CurveCP support.
qmail-qremote resolves IP addresses for SMTP server and then calls
either tcpclient or qmail-curvecpclient for TCP or CurveCP connections,
respectively. Once the connection is established, qmail-rsmtp executes
to send mail via SMTP.
IMAPClient is an easy-to-use, Pythonic and complete IMAP client library
on top of the standard library.
- Arguments and return values are natural Python types.
- IMAP server responses are fully parsed and readily usable.
- IMAP unique message IDs (UIDs) are handled transparently.
- Internationalised mailbox names are transparently handled.
- Time zones are correctly handled.
- Convenience methods are provided for commonly used functionality.
- Exceptions are raised when errors occur.
nopop3d is not a POP3 server. It can be useful as part of a simple
authentication service that happens to be implemented as POP3.
nopop3d consists of qmail-pop3d with several POP3 verbs and all the file
access removed.
Update Ruby on Rails 6.0 related packages to 6.0.3.4.
This is security fix for ruby-actionpack60.
## Rails 6.0.3.4 (October 07, 2020) ##
* [CVE-2020-8264] Prevent XSS in Actionable Exceptions
## 1.0 (2020-09-12)
* Caution! Backwards incompatible changes:
* As a message name, `-` now refers to the message on the standard input,
and not the the previous message anymore. Use `.-` to refer to
the previous message in a short way.
The tools will print a warning if you use `-` and the standard input
comes from a TTY.
* mpick: use the -F flag to read script files.
* mpick: remove msglist support, use plain mmsg(7) arguments.
* Many mblaze tools now make use of pledge(2) on OpenBSD.
* add contrib/mcount, a tool to count mails
* mrep: use Reply-From configuration to find From header
* Many bug fixes.
## 0.7 (2020-05-15)
* All tools now follow symlinks to mails.
* mdirs: add -a to list all subfolders, ignoring Maildir++ convention.
* mcom: add preview alias for show command.
* mrep/mbnc: allow only one message as argument.
* maddr: add -d to only print display name.
* mthread: add -r to reverse top-level order.
* mlist: print number of matches when message selection is in place.
* mpick: many improvements.
* Many bug fixes.
Notable bugs fixed:
- Last release introduced a bug where Date: headers were localized,
which is against RFC. Further, that localization then broke character
rendering in some locales. A new fix for the original issue (#17) was
put in place, which no longer localizes the Date: header and fixes the
newly introduced rendering issue (#25)
- Last release introduced a bug which prevented –protect-prompt from
working. This is now fixed (#26)
New features:
- Added .netrc support
- Added –tls-sni option
- Swaks is now available on CPAN as App::swaks
- Swaks will now print errors if deprecated functionality is used
Notable changes:
- Automatic file detection is deprecated. Previously, if an argument
to –data, –body, –attach-body, and –attach resolved to an
openable file, the contents of that file would be used as the actual
argument. Now the proper way to do this is to place '@' in front
of the argument to state explicitly that the argument contents are
in a file.
- If any of the –xclient-* family of options (–xclient-name,
–xclient-addr, etc) is provided more than once, only the last option
provided will be used. See –xclient option if you need to simulate
the previous behavior
- -g option is now deprecated
- Time::Local is no longer used and POSIX is now listed as a
required module
Notable bugs fixed:
- Fix for subtle issue related to environment variable options. Affected
error handling for options which required args.
- Fix issue preventing XCLIENT and STARTTLS from working together
properly (#21)
- Fix issue which could cause generated date header to oscillate on the
day of DST transition (#17, deb bug 955798)
Changelog:
Changes
Thunderbird will no longer automatically install updates when Preferences tab is opened
Fixes
OpenPGP: Improved support for encrypting with subkeys
OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly
Single-click deletion of recipient pills with middle mouse button restored
Searching an address book list did not display results
Windows installer was unreadable with Windows in high contrast mode
Dark mode, high contrast, and Windows theming fixes
API changes:
* refactoring into a somewhat MVC model: split large feeds.py into
model.py and controller.py
* rename FeedCacheStorage to FeedItemCacheStorage
* factor out getter/setters in the base sqlite class
* remove conn member in sqlite to force use of context manager
* move session and fetching to the feed manager
* rename feeds to feed_manager in main
* allow absolute path in folder setting (Closes: #14)
New features:
* caching: latest feed contents get cached to avoid re-downloading
unchanged feeds. this includes parsing HTTP headers and so on, and
relies on the good behavior of the `cachecontrol` Python module
* Python 3.6-3.8 support
Bugfixes:
* recover from feedparser exceptions (Closes: #964597)
[ Roland Hieber ]
* README: don't let the example config create a folder named '~/Mailbox/'
[ Ian Zimmerman ]
* add --quiet option to silence warnings since --loglevel was broken
Update roundcube package to 1.4.9.
Roundcube Webmail 1.4.9 (2020-09-27)
This is a service update to the stable version 1.4 of Roundcube Webmail.
It contains fixes and general improvements from our issue tracker, mainly
related to email composition and UI oddities in Elastic skin and with the
TinyMCE richtext editor. See the full changelog below.
This version is considered stable and we recommend to update all productive
installations of Roundcube with it.
Please do backup your data before updating!
CHANGELOG
* Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11
(#7615)
* Add missing localization for some label/legend elements in userinfo plugin
(#7478)
* Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD)
* Fix restoring Cc/Bcc fields from local storage (#7554)
* Fix jstz.min.js installation, bump version to 1.0.7
* Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564)
* Fix link to closure compiler in bin/jsshrink.sh script (#7567)
* Fix bug where some parts of a message could have been missing in a
reply/forward body (#7568)
* Fix empty space on mail printouts in Chrome (#7604)
* Fix empty output from HTML5 parser when content contains XML tag (#7624)
* Fix scroll jump on key press in plain text mode of the HTML editor (#7622)
* Fix so autocompletion list does not hide on scroll inside it (#7592)
upstream changes:
-----------------
2.6: 30 Sep 2020
* [Conf] Add missing symbols
* [Conf] Add missing symbols
* [Conf] Fix fat-fingers typo
* [Conf] Fix wrong comment in options.inc
* [Conf] Neural: Fix the default name for max_trains
* [Conf] Register a known symbol
* [Conf] Spf: Add R_SPF_PERMFAIL symbol
* [CritFix] Arc: Fix ARC validation for chains of signatures
* [CritFix] Distinguish socketpairs between different fuzzy workers
* [CritFix] Fix IDNA dots parsing
* [CritFix] Fix test assertion method
* [CritFix] Fix usage of crypto_sign it should be crypto_sign_detached!
* [Feature] Add BOUNCE rule
* [Feature] Add controller plugins support and selectors plugin
* [Feature] Add maps query method
* [Feature] Add minimal delay to fuzzy storage
* [Feature] Add multiple base32 alphabets for decoding
* [Feature] Add preliminary support of BCH addresses
* [Feature] Add query_specific endpoint
* [Feature] Allow multiple base32 encodings in Lua API
* [Feature] Allow to specify nonces manually
* [Feature] Controller: Allow to pass query arguments to the lua webui plugins
* [Feature] Fuzzy_check: Add gen_hashes command
* [Feature] Fuzzy_check: Add weight_threshold option for fuzzy rules
* [Feature] Implement address retry on connection failure
* [Feature] Improve limits in pdf scanning
* [Feature] Initial support of subscribe command in lua_redis
* [Feature] Lua_cryptobox: Add secretbox API
* [Feature] Lua_text: Add encoding methods
* [Feature] Milter_headers: Allow to activate routines via users settings
* [Feature] PDF: Add timeouts for expensive operations
* [Feature] Preliminary maps addon for controller
* [Feature] Split pdf processing object and output object to allow GC
* [Feature] Support BLIS blas library
* [Feature] Support input vectorisation by recvmmsg call
* [Feature] Support multiple base32 alphabets
* [Feature] add queueid, uid, messageid and specific symbols to selectors [Minor] use only selectors to fill vars in force_actions message
* [Feature] allow variables in force_actions messages
* [Feature] extend lua api
* [Fix] #3249
* [Fix] Allow to adjust neurons in the hidden layer
* [Fix] Another try to fix email names parsing
* [Fix] Arc: Allow to reuse authentication results when doing multi-stage signing
* [Fix] Arc: Fix bug with arc chains verification where i>1
* [Fix] Arc: Sort headers by their i= value
* [Fix] Change neural plugin's loss function
* [Fix] Deal with double eqsigns when decoding headers
* [Fix] Default ANN names in clickhouse
* [Fix] Disable reuseport for TCP sockets as it causes too many troubles
* [Fix] Disable text detection heuristics for encrypted parts
* [Fix] Distinguish DKIM keys by md5
* [Fix] Distinguish type from flags in register_symbol
* [Fix] Dmarc: Unbreak reporting after cf2ae3292ac93da8b6e0624b48a62828a51803c9
* [Fix] Do not flag pre-result of virus scanners as least if action is reject
* [Fix] Do not use GC64 workaround on 32bit platforms, omg
* [Fix] Exclude damaged urls from html parser
* [Fix] Fix FREEMAIL_REPLYTO_NEQ_FROM_DOM
* [Fix] Fix FROM_NEQ_ENVFROM
* [Fix] Fix FWD_GOOGLE rule (#1815)
* [Fix] Fix adding of the empty archive file for gzip
* [Fix] Fix aliases in forged recipients and limit number of iterations
* [Fix] Fix authentication results insertion
* [Fix] Fix calling of methods in selectors
* [Fix] Fix clen length for hiredis...
* [Fix] Fix endless loop if broken arc chain has been found
* [Fix] Fix false - operation
* [Fix] Fix get_urls table invocation
* [Fix] Fix group based composites
* [Fix] Fix headers passing in rspamd_proxy
* [Fix] Fix incomplete utf8 sequences handling
* [Fix] Fix lua_next invocation
* [Fix] Fix lua_parse_symbol_type function logic
* [Fix] Fix multiple listen configuration
* [Fix] Fix occasional encryption of the cached data
* [Fix] Fix parsing boundaries with spaces
* [Fix] Fix passing of methods arguments
* [Fix] Fix poor man allocator algorithm
* [Fix] Fix regexp selector and add flattening
* [Fix] Fix rfc base32 encode ordering (skip inverse bits)
* [Fix] Fix rfc based base32 decoding
* [Fix] Fix sockets leak in the client
* [Fix] Fix storing of the original smtp from
* [Fix] Fix types check and types usage in lua_cryptobox
* [Fix] Fix unused results
* [Fix] Fuzzy_check: Disable shingles for short texts (really)
* [Fix] Ical: Fix identation grammar
* [Fix] Improve part:is_attachment logic
* [Fix] Mmap return value must be checked versus MAP_FAILED
* [Fix] One more fix to skip images that are not urls
* [Fix] Pdf: Support some weird objects with no newline before endobj
* [Fix] Rbl: Fix ignore_defaults in conjunction with ignore_whitelists
* [Fix] Restore support for `for` and `id` parts in received headers
* [Fix] Segmentation fault in contrib/lua-lpeg/lpvm.c on ppc64el
* [Fix] Skip spaces at the boundary end
* [Fix] Slashing fix: fix captures matching API
* [Fix] Spamassassin: Rework metas processing
* [Fix] Store reference of upstream list in upstreams objects
* [Fix] Understand utf8 in content-disposition parser
* [Fix] Unify selectors digest functions
* [Fix] Use `abs` value when checking composites
* [Fix] Use strict IDNA for utf8 DNS names + add sanity checks for DNS names
* [Fix] Use unsigned char and better support of utf8 in ragel parser
* [Fix] add missing selector_cache declaration
* [Project] Add `L` flag for regexps to save start of the match in Hyperscan
* [Project] Add `lower` method to lua_text
* [Project] Add a simple matrix Lua library
* [Project] Add implicit bitcoincash prefix
* [Project] Add linalg ffi library for prototyping
* [Project] Add methods to append data to fuzzy requests
* [Project] Add routine to call a generic lua function
* [Project] Add ssyev method interface
* [Project] Add tensors index method
* [Project] Add text:sub method
* [Project] Allow rspamd_text based selectors
* [Project] Allow to specify re_conditions for regular expressions
* [Project] Attach extensions to the binary fuzzy commands
* [Project] Bitcoin: BTC cash addresses needs some checksum validation
* [Project] Cleanup the redis script
* [Project] Convert bitcoin rules to the new regexp conditions feature
* [Project] Detect memrchr in systems that supports it
* [Project] Do not listen sockets in the main process
* [Project] Implement 'probabilistic' learn mode for ANN
* [Project] Implement BTC polymod in C as it requires 64 bit ops
* [Project] Implement bitcoin cash validation in a proper way
* [Project] Implement extensions logic for fuzzy storage
* [Project] Implement symbols insertion in multiple results mode
* [Project] Lua_text: Add method memchr
* [Project] Neural: Add PCA loading logic
* [Project] Neural: Fix PCA based learning
* [Project] Neural: Fix matrix gemm
* [Project] Neural: Further PCA fixes
* [Project] Neural: Implement PCA in learning
* [Project] Neural: Implement PCA learning
* [Project] Neural: Implement PCA on ANN forward
* [Project] Neural: Implement PCA serialisation
* [Project] Neural: Start PCA implementation
* [Project] Neural: Use C version of scatter matrix producing
* [Project] Preliminary support of lua conditions for regexps
* [Project] Preliminary usage of the reuseport
* [Project] Process composites separately for each shadow result
* [Project] Remove old code
* [Project] Rework scan result functions to support shadow results
* [Project] Rework some more functions to work with shadow results
* [Project] Some more fixes
* [Project] Start results chain implementation
* [Project] Support fun iterators on rspamd_text objects
* [Project] Support multiply, minus and divide operators in expressions
* [Project] Tensor: Move scatter matrix calculation to C
* [Rework] Allow to specify exat metric result when adding a symbol
* [Rework] Change and improve openblas detection and usage
* [Rework] Close listen sockets in main after fork
* [Rework] Further rework of lua urls extraction API
* [Rework] Lua_cryptobox: Allow to store output of the hash function
* [Rework] Lua_task: Add more methods to deal with shadow results
* [Rework] Modernize logging for expressions
* [Rework] Remove empty prefilters feature - we are not prepared...
* [Rework] Remove old FindLua module, disable lua fallback when LuaJIT is enabled
* [Rework] Rework and refactor forged recipients plugin
* [Rework] Rework expressions processing
* [Rework] Rework fuzzy commands processing
* [Rework] Rework url flags handling API
* [Rework] Rework urls extraction
* [Rework] Split operations processing and add more debug logs
* [Rework] Update zstd to 1.4.5
* [Rework] Use google-ced instead of libicu chardet as the former sucks
* [Rework] add alias util:parse_addr for util:parse_mail_address
* [Rework] get rid of util:parse_addr duplicating the util:parse_mail_address, replace where used
* [Rules] Allow prefix for bitcoin cash addresses
* [Rules] More fixes for bitcoin cash addresses decoding
* [Rules] Refactor bleach32 addresses handling
pkgsrc changes:
---------------
* Remove a conditional test for very old and unmaintained releases of
NetBSD. The variable defined is this test seems to be absent from the
pkgsrc tree and pkglint warns about its use.
* Add a LICENSE to fetchmailconf
upstream changes:
-----------------
fetchmail-6.4.12 (released 2020-09-04, 27596 LoC):
# BUG FIXES:
* The README file is now the one from Git again. The makerelease.pl script
used to roll and upload the tarball sometimes clobbered the README file and
replaced its contents by a part of the NEWS file.
---------------------------------------------------------------------------------
fetchmail-6.4.11 (released 2020-08-28, 27596 LoC):
# REGRESSION FIX:
* configure: fetchmail 6.4.9 and 6.4.10 would miss checking for TLS v1.2 and
TLS v1.3 support if AC_LIB_LINKFLAGS came up with something such as
/path/to/libssl.so, rather than -lssl. (For instance on FreeBSD)
# KNOWN BUGS AND WORKAROUNDS
(This section floats upwards through the NEWS file so it stays with the
current release information)
* Fetchmail does not handle messages without Message-ID header well
(See sourceforge.net bug #780933)
* Fetchmail currently uses 31-bit signed integers in several places
where unsigned and/or wider types should have been used, for instance,
for mailbox sizes, and misreports sizes of 2 GibiB and beyond.
Fixing this requires C89 compatibility to be relinquished.
* BSMTP is mostly untested and errors can cause corrupt output.
* Fetchmail does not track pending deletes across crashes.
* The command line interface is sometimes a bit stubborn, for instance,
fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some circumstances if
no or no global IPv6 addresses are configured.
(No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
messages. This will not be fixed, because the maintainer has no Kerberos 5
server to test against. Use GSSAPI.
---------------------------------------------------------------------------------
fetchmail-6.4.10 (released 2020-08-27, 27596 LoC):
# REGRESSION FIX:
* configure: fetchmail 6.4.9's configure was unable to pick up OpenSSL
if it wasn't announced by pkg-config, for instance, on FreeBSD.
---------------------------------------------------------------------------------
fetchmail-6.4.9: (not announced by e-mail, withdrawn)
## DOCUMENTATION UPDATE:
* manpage: mention that the SSL/TLS certificate fingerprint uses an MD5 hash.
## CHANGES:
* configure: try to use AC_LIB_LINKFLAGS to obtain proper link flags for
libcrypto and libssl if pkg-config failed.
This is an attempt to fix borderline issues when users building on systems
with obsolete OpenSSL try to use a local newer OpenSSL from a separate
directory.
## NEW TRANSLATION, with thanks to the translator:
* ro: Florentina Mușat [Romanian]