Changelog:
Fixed The system integration dialog was shown every time when starting Thunderbird
Fixed Various security fixes
Security vulnerabilities fixed in Thunderbird 45.6
#CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
#CVE-2016-9895: CSP bypass using marquee tag
#CVE-2016-9897: Memory corruption in libGLES
#CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
#CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
#CVE-2016-9904: Cross-origin information leak in shared atoms
#CVE-2016-9905: Crash in EnumerateSubDocuments
#CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6
Upstream changes:
0.903 2016-11-17
- PLEASE CONSIDER USING EMAIL-SENDER INSTEAD
- Fixed an errant extra test requirement, GH #3. Thanks, Paul.
- Marked the entire dist as DEPRECATED as it should no longer be used.
- Added ability for rbl plugin to capture messages before rejecting them.
- Fixed broken use of -lbg-sysdeps in modules.
- Fixed missing plugin-rbl in installed image.
- Updated for bglibs v2
- Added new "rbl" plugin, to block messages from IPs in an RBL.
- Added new "queuedir" backend, to save messages to simple files.
- Make sure plugin reset functions get called before exiting.
- Added missing plugin-starttls-ucspi to installed files.
- Added support for limiting the number of messages to plugin-counters.
- This version updates the plugin API to add new features:
- Capabilities reported by the SMTP EHLO response can be added by
plugins.
- Plugins are passed any SMTP parameters given with the sender and
recipient commands.
- Plugins can add new commands to the SMTP protocol.
Plugins compiled for previous versions of mailfront will not work
without recompiling. The short-circuit on accept logic has also been
eliminated to fix a semantic issue.
- SMTP AUTH support has been moved into a new plugin, cvm-authenticate.
Existing installations relying on SMTP AUTH support will need to make
sure they are using this new plugin. The smtpfront-qmail wrapper
has been modified to provide this additional plugin.
- Fixed plugin-add-received to add the "IPv6:" prefix in the Received:
header when the protocol is TCP6.
- Added plugin starttls-ucspi to implement STARTTLS using ucspi-tls.
- SMTP AUTH can now be restricted to TLS-enabled sessions.
- Added controls for pop3front-auth to limit the number of USER commands
and authentication failures allowed per session.
- Added control to imapfront-auth to limit the number of authentication
failures allowed per session.
- Modified the clamav plugin to use the newer INSTREAM protocol.
- imapfront-auth now sets $DOVECONF_ENV in Dovecot mode in order to
avoid having Dovecot imapd reset it through doveconf.
- Added Lua scripting plugin (optional, build with 'make lua').
- Modified the qmail backend to evaluate $QMAILQUEUE as late as possible.
This allows more options for changing $QMAILQUEUE in plugins.
- Added support for running Dovecot IMAP from imapfront-auth.
See imapfront.html for details on how to set this up.
- Added support for rejecting whole messages when the recipient count is
exceeded in plugin-counters.
- Made the check-fqdn plugin explicitly reject empty recipients.
- Added a sender domain restriction to the check-fqdn plugin.
- Added missing plugin-spamassassin.so to installation.
- Fix bug in handling invalid message numbers in retrieving messages in
pop3front-maildir.
- Added a SpamAssassin scanning plugin.
- Optimized pop3front-maildir to avoid stat'ing each message twice, and
to use sizes recorded in the filename to avoid stat'ing entirely.
See pop3front.html for details on the filenames.
pkgsrc changes:
- Libtoolize to fix build on OS X.
- Updated for bglibs v2.
- Fixed the authenticated test when used with Courier IMAP.
- Tweaked relay-ctrl-allow to only try to save a handle to the current
working directory if it's going to execute another command later.
- Added support for logging environment settings in relay-ctrl-check.
Notmuch 0.23.4 (2016-12-24)
===========================
Command Line Interface
----------------------
Improve error handling in notmuch insert
Database lock errors no longer prevent message file delivery to the
filesystem. Certain errors during `notmuch insert` most likely to
be temporary return EX_TEMPFAIL.
Emacs
-----
Restore autoload cookie for notmuch-search.
Security update to address CVE-2016-9963
Exim version 4.88
-----------------
JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination
supports it and a size is available (ie. the sending peer gave us one).
JH/02 The obsolete acl condition "demime" is removed (finally, after ten
years of being deprecated). The replacements are the ACLs
acl_smtp_mime and acl_not_smtp_mime.
JH/03 Upgrade security requirements imposed for hosts_try_dane: previously
a downgraded non-dane trust-anchor for the TLS connection (CA-style)
or even an in-clear connection were permitted. Now, if the host lookup
was dnssec and dane was requested then the host is only used if the
TLSA lookup succeeds and is dnssec. Further hosts (eg. lower priority
MXs) will be tried (for hosts_try_dane though not for hosts_require_dane)
if one fails this test.
This means that a poorly-configured remote DNS will make it incommunicado;
but it protects against a DNS-interception attack on it.
JH/04 Bug 1810: make continued-use of an open smtp transport connection
non-noisy when a race steals the message being considered.
JH/05 If main configuration option tls_certificate is unset, generate a
self-signed certificate for inbound TLS connections.
JH/06 Bug 165: hide more cases of password exposure - this time in expansions
in rewrites and routers.
JH/07 Retire gnutls_require_mac et.al. These were nonfunctional since 4.80
and logged a warning sing 4.83; now they are a configuration file error.
JH/08 Bug 1836: Fix crash in VRFY handling when handed an unqualified name
(lacking @domain). Apply the same qualification processing as RCPT.
JH/09 Bug 1804: Avoid writing msglog files when in -bh or -bhc mode.
JH/10 Support ${sha256:} applied to a string (as well as the previous
certificate).
JH/11 Cutthrough: avoid using the callout hints db on a verify callout when
a cutthrough deliver is pending, as we always want to make a connection.
This also avoids re-routing the message when later placing the cutthrough
connection after a verify cache hit.
Do not update it with the verify result either.
JH/12 Cutthrough: disable when verify option success_on_redirect is used, and
when routing results in more than one destination address.
JH/13 Cutthrough: expand transport dkim_domain option when testing for dkim
signing (which inhibits the cutthrough capability). Previously only
the presence of an option was tested; now an expansion evaluating as
empty is permissible (obviously it should depend only on data available
when the cutthrough connection is made).
JH/14 Fix logging of errors under PIPELINING. Previously the log line giving
the relevant preceding SMTP command did not note the pipelining mode.
JH/15 Fix counting of empty lines in $body_linecount and $message_linecount.
Previously they were not counted.
JH/16 DANE: treat a TLSA lookup response having all non-TLSA RRs, the same
as one having no matching records. Previously we deferred the message
that needed the lookup.
JH/17 Fakereject: previously logged as a norml message arrival "<="; now
distinguished as "(=".
JH/18 Bug 1867: make the fail_defer_domains option on a dnslookup router work
for missing MX records. Previously it only worked for missing A records.
JH/19 Bug 1850: support Radius libraries that return REJECT_RC.
JH/20 Bug 1872: Ensure that acl_smtp_notquit is run when the connection drops
after the data-go-ahead and data-ack. Patch from Jason Betts.
JH/21 Bug 1846: Send DMARC forensic reports for reject and quaratine results,
even for a "none" policy. Patch from Tony Meyer.
JH/22 Fix continued use of a connection for further deliveries. If a port was
specified by a router, it must also match for the delivery to be
compatible.
JH/23 Bug 1874: fix continued use of a connection for further deliveries.
When one of the recipients of a message was unsuitable for the connection
(has no matching addresses), we lost track of needing to mark it
deferred. As a result mail would be lost.
JH/24 Bug 1832: Log EHLO response on getting conn-close response for HELO.
JH/25 Decoding ACL controls is now done using a binary search; the source code
takes up less space and should be simpler to maintain. Merge the ACL
condition decode tables also, with similar effect.
JH/26 Fix problem with one_time used on a redirect router which returned the
parent address unchanged. A retry would see the parent address marked as
delivered, so not attempt the (identical) child. As a result mail would
be lost.
JH/27 Fix a possible security hole, wherein a process operating with the Exim
UID can gain a root shell. Credit to http://www.halfdog.net/ for
discovery and writeup. Ubuntu bug 1580454; no bug raised against Exim
itself :(
JH/28 Enable {spool,log} filesystem space and inode checks as default.
Main config options check_{log,spool}_{inodes,space} are now
100 inodes, 10MB unless set otherwise in the configuration.
JH/29 Fix the connection_reject log selector to apply to the connect ACL.
Previously it only applied to the main-section connection policy
options.
JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext.
PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created
by me. Added RFC7919 DH primes as an alternative.
PP/02 Unbreak build via pkg-config with new hash support when crypto headers
are not in the system include path.
JH/31 Fix longstanding bug with aborted TLS server connection handling. Under
GnuTLS, when a session startup failed (eg because the client disconnected)
Exim did stdio operations after fclose. This was exposed by a recent
change which nulled out the file handle after the fclose.
JH/32 Bug 1909: Fix OCSP proof verification for cases where the proof is
signed directly by the cert-signing cert, rather than an intermediate
OCSP-signing cert. This is the model used by LetsEncrypt.
JH/33 Bug 1914: Ensure socket is nonblocking before draining after SMTP QUIT.
HS/01 Fix leak in verify callout under GnuTLS, about 3MB per recipient on
an incoming connection.
HS/02 Bug 1802: Do not half-close the connection after sending a request
to rspamd.
HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2
fallback to "prime256v1".
JH/34 SECURITY: Use proper copy of DATA command in error message.
Could leak key material. Remotely explaoitable. CVE-2016-9963.
ok wiz@
This will create two sendmail service instances, :mta and :msp, to start
the two sendmail instances that are usually required. The :mta instance
optionally depends on spamassassin and spamass-milter.
- The 'isync' compatibility wrapper is now deprecated.
- An IMAP Path/NAMESPACE rooted in INBOX won't be handled specially any more.
This means that some Patterns may need adjustment.
- The default output is a lot less verbose now.
The meanings of the -V and -D options changed significantly.
- The SSL/TLS configuration has been re-designed.
SSL is now explicitly enabled or disabled - "use SSL if available" is gone.
Notice: Tunnels are assumed to be secure and thus default to no SSL.
- Support for SASL (flexible authentication) has been added.
- Support for Windows file systems has been added.
- Support for compressed data transfer has been added.
- Folder deletions can be propagated now.
* dovecot.list.index.log rotation sizes/times were changed so that
the .log file stays smaller and .log.2 is deleted sooner.
+ Added mail_crypt plugin that allows encryption of stored emails.
See http://wiki2.dovecot.org/Plugins/MailCrypt
+ stats: Global stats can be sent to Carbon server by setting
stats_carbon_server=ip:port
+ imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send
ID/XCLIENT
+ Added generic hash modifier for %variables:
%{<hash algorithm>;rounds=<n>,truncate=<bits>,salt=s>:field}
Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256.
Also "pkcs5" is supported using SHA256. For example: %{sha256:user}
or %{md5;truncate=32:user}.
+ Added support for SHA3-256 and SHA3-512 hashes.
+ config: Support DNS wildcards in local_name, e.g.
local_name *.example.com { .. } matches anything.example.com, but
not multiple.anything.example.com.
+ config: Support multiple names in local_name, e.g.
local_name "1.example.com 2.example.com" { .. }
- Fixed crash in auth process when auth-policy was configured and
authentication was aborted/failed without a username set.
- director: If two users had different tags but the same hash,
the users may have been redirected to the wrong tag's hosts.
- Index files may have been thought incorrectly lost, causing
"Missing middle file seq=.." to be logged and index rebuild.
This happened more easily with IMAP hibernation enabled.
- Various fixes to restoring state correctly in un-hibernation.
- dovecot.index files were commonly 4 bytes per email too large. This
is because 3 bytes per email were being wasted that could have been
used for IMAP keywords.
- Various fixes to handle dovecot.list.index corruption better.
- lib-fts: Fixed assert-crash in address tokenizer with specific input.
- Fixed assert-crash in HTML to text parsing with specific input
(e.g. for FTS indexing or snippet generation)
- doveadm sync -1: Fixed handling mailbox GUID conflicts.
- sdbox, mdbox: Perform full index rebuild if corruption is detected
inside lib-index, which runs index fsck.
- quota: Don't skip quota checks when moving mails between different
quota roots.
- search: Multiple sequence sets or UID sets in search parameters
weren't handled correctly. They were incorrectly merged together.
Notmuch 0.23.3 (2016-11-27)
===========================
Command Line Interface
----------------------
Treat disappearing files during notmuch new as non-fatal.
Test Suite
----------
Fix incompatibility (related to signature size) with gnupg 2.1.16.
Many of these definitely do not depend on readline.
So there must be a different underlying problem, and that
should be tracked down instead of papering over it.
pkgsrc changes:
* Add dependency to security/pear-Crypt_GPG.
other changes:
* Add eu_EU and sq_AL locale.
RELEASE 1.2.3
* Enigma: Fix bug where last records on keys list were hidden (#5461)
* Enigma: Fix key search with keyword containing non-ascii characters (#5459)
pkgsrc changes:
* Drop dependency to pear-Mail_mimeDecode.
* Update dependency.
Other changes:
* Add is_IS, ku_IQ and sq_AL locale support.
RELEASE 1.2.3
* Searching in both contacts and groups when LDAP addressbook with
group_filters option is used
* Fix vulnerability in handling of mail()'s 5th argument
* Fix To: header encoding in mail sent with mail() method (#5475)
* Fix flickering of header topline in min-mode (#5426)
* Fix bug where folders list would scroll to top when clicking on subscription
checkbox (#5447)
* Fix decoding of GB2312/GBK text when iconv is not installed (#5448)
* Fix regression where creation of default folders wasn't functioning without
prefix (#5460)
* Fix bug where deleting folders with subfolders could fail in some cases
(#5466)
* Fix bug where IMAP password could be exposed via error message (#5472)
* Fix bug where it wasn't possible to store more that 2MB objects in
memcache/apc, Added memcache_max_allowed_packet and apc_max_allowed_packet
settings (#5452)
* Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508)
* Fix storing "empty" values in rcube_cache/rcube_cache_shared (#5519)
* Fix missing content check when image resize fails on attachment thumbnail
generation (#5485)
* Fix displaying attached images with wrong Content-Type specified (#5527)
Solves:
/usr/libexec/binutils225/elf/ld.gold: error: cannot find -lreadline
The missing specification is obvious on DragonFly because there's
no publically accessible version of readline in base.
Changelog:
45.5.1:
#CVE-2016-9079: Use-after-free in SVG Animation
45.5.0:
#CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
#CVE-2016-5294: Arbitrary target directory for result files of update process
#CVE-2016-5297: Incorrect argument length checking in JavaScript
#CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
#CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
#CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
#CVE-2016-5290: Memory safety bugs fixed in Thunderbird 45.5
Notmuch 0.23.2 (2016-11-20)
===========================
Emacs
-----
Fix notmuch-interesting-buffer and notmuch-cycle-notmuch-buffers.
notmuch-tree-mode and notmuch-message-mode buffers are now
considered interesting by `notmuch-interesting-buffer` and
`notmuch-cycle-notmuch-buffers`.
Restore compatibility with Emacs 23.
Notmuch support for Emacs 23 is now deprecated.
2016-11-26 Richard Russon <rich@flatcap.org>
* Features
- Upstream adoption of compress
- Multiple hcache backends and run-time selection
- $forward_references includes References: header on forwards
- Hooks: define hooks for startup and shutdown
- Add $collapse_all to close threads automatically
* Bug Fixes
- Index in pager crash
- Tag with multiple labels
- Make sure gdbm's symbols are not resolved in QDBM's compatibility layer
- Fix crash when doing collapse_all on an empty folder
- Fix: crash when browsing empty dir
- Initialize imap_authenticate's return value to something meaningful
* Translations
- Update German translation
- Update Slovak translation
- Update French translation
- Add English (British) translation
- Convert files to utf-8
- Mass tidy up of the translation messages
* Docs
- new-mail bug is fixed
- add since date for features
- expand example command options for compress
- fix entries for beep and new-mail-command
- add a version number to the generated vimrc
- fix links in README
- don't use smart quotes in manual examples
- <escape> and \e means refers to both alt and escape key
* Build
- Travis: test messages
- Add option to disable translation messages
- Split hcache code into per-backend files
- Doc/Makefile clean neomutt-syntax.vim
- Improve discovery for the Berkeley Database
- Fix nntp/notmuch conditionals
- Implement mutt_strchrnul()
- Rename vim-keybindings to vim-keys
* Upstream
- attach_format: add new %F placeholder
- Compose: add operation to rename an attachment
- Chain %d->%F->%f in the attachment menu
- Move mbox close-append logic inside mbox_close_mailbox()
- When $flag_safe is set, flagged messages cannot be deleted
- Adds the '@' pattern modifier to limit matches to known aliases
- Adds <mark-message> binding to create "hotkeys" for messages
- Updated requirement on the C compiler
- Fix mark-message translation and keybind menu
- More openssl1.1 fixes: remove uses of X509->name in debugging. (closes#3870)
- Don't close stderr when opening a tunnel. (closes#3726)
- Minor resource and error logic cleanup in tunnel_socket_open()
- Make sure that the output of X509_NAME_oneline is null-terminated
