Evolution Exchange 2.24.3 2009-01-12
-------------------------------------
Bug Fixes:
#441712: (bugzilla.novell.com) Fix for an issue while loading GAL (Ashish Shrivastava)
Evolution 2.24.3 2009-01-12
---------------------------
Bug Fixes:
#332729: Invalid write with outspring from e-config.c (Milan Crha)
#337082: Unnamed imap folder (Milan Crha)
#435452: (Novell Bugzilla) Adding People to Meeting Loses Attendee if Add or Busy Search Selected (Srinivasa Ragavan)
#435694: (Novell Bugzilla) Retract of Email from Sent Items Does not Work (Bharath Acharya)
#439733: (Novell Bugzilla) Checking for junk before training (Srinivasa Ragavan)
#446285: (Novell Bugzilla) Meeting Entry Does Not Allow Multiple Names (Bharath Acharya)
#458968: (Novell Bugzilla) Don't warn the user about changes being lost if he is trying to delegate the meeting (Suman Manjunath)
#546637: Mail opened from the "Unread mails" displays empty (Srinivasa Ragavan)
#551599: Do not fallback to default 15 minutes alarm offset if alarm is triggered at start (or end) of appointment (Paul Bolle)
#552583: Passwords don't get stored when using other authentication type than "Password" (Milan Crha)
#552583: Free the right url (Srinivasa Ragavan)
#552583: Account checking logic a bit more consistent (Milan Crha)
#552583: Fix bugs in the account checking logic (Sankar P)
#552583: Compare the protocol, user, host and port and disregard the rest (Matthew Barnes)
#555663: Evolution crashed with SIGSEGV in gconf-bridge (Milan Crha)
#556303: Evolution crashed with SIGSEGV in camel_mime_part_get_filename (Milan Crha)
#557176: Crash while trying to click on 'Contacts' (Milan Crha)
#558337: Evolution crashes while managing IMAP folder subscriptions (Norman Wang)
#559153: Unable to convert mailboxes from Hardy to Intrepid versions (Sankar P)
#560420: Failed spamassassin pipe on Evolution (hp@syntomax.com)
#562091: New share memo window doesn't come up (Matthew Barnes)
#562155: Evolution stopped to start (e_shell_set_crash_recovery) (Matthew Barnes)
#562450: Edit as New Message doesn't copy the content of a GPG signed message (Matthew Barnes)
#562886: Evolution mailto CLI cannot handle attachments with "#" in filename (Matthew Barnes)
#563077: Evolution crashes if gnome-settings-daemon is not started on Solaris (Jeff Cai)
#563250: Save and restore custom composer accelerators (Matthew Barnes)
#563369: "Templates" folder not translated (Milan Crha)
#564007: Messages do not show inline decrypted message by default (Milan Crha)
#564860: Evolution crashes in e_util_labels_parse if the labels don't have the correct format (Matthew Barnes)
#565553: Right click on an attachment in calendar event and chose application does not work (Ashish Shrivastava)
#566653: Local folder's DnD aren't saved well to DB (Srinivasa Ragavan)
Updated Translations:
Jorge Gonzalez (es)
Gil Forcada (ca)
Claude Paroz (fr)
Leonardo Ferreira Fontenelle (pt_BR)
Daniel Nylander (sv)
Andre Klapper (de,cs)
Changwoo Ryu (ko)
Evolution-Data-Server 2.24.3 2009-01-12
-----------------------------------------
Bug Fixes:
#451734: Weather calendar getting wrong data for Blythe, California (Ian Weisser)
#545834: IMAP summary headers are not updated on full message download (Milan Crha)
#546637: Mail opened from the "Unread mails" displays empty list (Srinivasa Ragavan)
#552986: Fix for a crash in pop3_connect (Milan Crha)
#554182: GSSAPI not working with 2.24.0 (Milan Crha)
#555230: Autocompletion crash on broken vCard (Milan Crha)
#557348: Search folders with "Include threads" do not update reliably (Matt McCutchen 2)
#558744: Fix for a crash when started in offline mode (Milan Crha)
#558883: Evolution 2.24 is terribly slow with large IMAP folders (Srinivasa Ragavan)
#558926: Unread message count in virtual folders is wrong (Srinivasa Ragavan)
#559153: Migration fixes from Evolution 2.22 to Evolution 2.24 (Sankar P)
#559272: Infinite loop using a CalDAV source (Milan Crha)
#561081: "Moving" emails is broken (Srinivasa Ragavan)
#561561: Use sufficiently large buffers for strftime (Frederic van Starbmann)
#562200: Left click of mouse disables calendar (Milan Crha)
#562228: Login to exchange fails if "mailbox" is filled manually in the config wizard (Milan Crha)
#564339: IMAP syncing performs too much local I/O (Robert Collins)
#564541: Fix for a crash doing a search in vFolders (Thomas)
#564954: "Match All" search folder shows no messages (Matt McCutchen 2)
#209514: (bugzilla.novell.com) Evolution Groupwise missing mails (Sankar P)
#435632: (bugzilla.novell.com) Fix for a crash when moving contacts to a different addressbook (Srinivasa Ragavan)
#440265: (bugzilla.novell.com) Groupwise Address Book Contact Lists Are Not Saved (Srinivasa Ragavan)
#446290: (bugzilla.novell.com) GW Parallel clients & (un)read counts problems (Sankar P)
#447121: (bugzilla.novell.com) Fix for a memory corruption in GroupWise (Srinivasa Ragavan)
#448079: (bugzilla.novell.com) Instability in GroupWise on x86_64 (Simon Brys)
#449916: (bugzilla.novell.com) Loss of data in Messages related to shared memos and Assigned tasks (Bharath Acharya)
#455939: (bugzilla.novell.com) Fix for a deadlock in evolution-data-server (Srinivasa Ragavan)
#462575: (bugzilla.novell.com) Evolution does not honor the "Check for new messages in all folders" setting for GroupWise SOAP accounts (Simon Brys)
Updated Translations:
Changwoo Ryu (ko)
Gabor Kelemen (hu)
- Add support for getifaddrs() and enable on NetBSD - submitted back to
exim bugzilla as http://bugs.exim.org/show_bug.cgi?id=802
- Increase size of addrbuf[512] used in old style ioctl() version of
os_common_find_running_interfaces()
Fixes issue on NetBSD 5.0
* 3.7.0
-------
* Expanding/Collapsing of threads is now approximately 95% faster.
* Cache reading is now approximately 10% faster.
* The shortcut key settings of the main window and the message list
context menus are now connected.
* The preferences on the 'Other' page have now been moved to
Other/Miscellaneous. The parent pages are now unselectable and the
first page is automatically selected on opening the preferences.
* In the Compose window, on the Others tab, the 'Save message to'
entry now has a drop-down list of the previous save locations.
* In the Compose window, the Attachments Properties window is now
confirmed and closed with the Return key.
* When using an external editor to compose messages, the message is
automatically saved to Drafts when the external editor is closed.
* A hidden option has been added, 'primary_paste_unselects' which
causes the primary buffer to be cleared and the insertion point to
be repositioned when the middle mouse button is used for pasting
text. It is turned off by default.
* In the Actions window, the Escape key now cancels the action
editing.
* Offline SSL certificate verification has been added.
* Privacy plugins: The decryption failure messages are now shown
in the NoticeView just above the message text rather than in a
popup window.
* Privacy plugins: when listing the UIDs during a signature check,
show the UID validity
* tools/popfile-link.sh
Support for reusing existing POPFile session ID has been added.
* tools/kdeservicemenu
Support for kde4 has been added.
* win32: better integration has been implemented by using the
standard file associations.
Unfortunately there does not appear to be much more information on the
changes other than:
"This fixes aborts when generating explanations for mails with a long envelope sender, amongst other issues. An update is recommended."
- Restart agents when their executable changed.
- Buildsystem fixes to find and link boost on all platforms.
- Improvements to the startup to prevent partial startup.
- Include revision number in the version string when building from SVN.
- Shut down when we lost the connection to the D-Bus session bus.
- add some basic handling of command line args.
- Add a D-Bus call to flush the notification queue.
- Automatically fix world-writeable mySQL config files.
- Fix for FreeBSD mysql path.
Most importantly mbox bugfixes. v1.1 should finally be as stable with
mboxes as it was with v1.0. Hopefully we'll also soon have the first
v1.2 beta release and the final v1.2.0 somewhat soon after that.
- mbox: Several bugfixes. Fixes "next message unexpectedly lost"
errors and perhaps some other problems as well.
- deliver: It wasn't possible to override boolean settings in
lda section by setting them to "no".
- Maildir++ quota didn't correctly check if maildirs had changed
during recalculation.
- kqueue notify: Fixed assert-crash in some situations
- dbox: Several fixes to handling Maildir migrations
- Logging/error message improvements
Based on PR 40278 by Leonardo Taccari.
Version 1.4.17:
- Remove most W32-specific code from net.c and use the appropriate gnulib
modules instead.
- Gnulib upate to 2008-12-24.
- Unified handling of the Gnome and MacOS keyrings. Both are disabled by default
and must be enabled using --with-*-keyring options.
- Support for SYSCONFDIR/netrc (as a fallback for ~/.netrc) was added by Jim
Pryor. Thanks!
- Support for the GNOME Keyring was added by Satoru SATOH. Thanks a lot!
- Added a vim syntax file for msmtprc files to scripts/vim. The file was
written by Simon Ruderich. Thanks!
- Updated the msmtpq/msmtpQ scripts.
Security fixes in this version:
MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-61 Information stealing via loadBindingDocument
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
For more info, see http://www.mozilla.com/en-US/thunderbird/2.0.0.19/releasenotes/
Upstream changes:
version 3.12: Mon Nov 24 15:34:58 CET 2008
Improvement:
- major performance improvement in append_message(), avoiding
reading the whole file in memory as the docs promised but the
code didn't do. [David Podolsky]
Email::Sender replaces the old and sometimes problematic Email::Send
library, which did a decent job at handling very simple email
sending tasks, but was not suitable for serious use, for a variety
of reasons.
At present, the casual user is probably best off using
Email::Send::Transport::Sendmail. If a local sendmail program is
unavailable, Email::Send::Transport::SMTP will allow you to send
mail through your relay host.
In the future, Email::Sender::Simple will provide a very simple
interface for sending mail.
- Postfix 2.5: the SMTP server did not ask for a client certificate
with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl.
- Postfix 2.5, 2.4 and 2.3: avoid reduced TCP performance when
reusing an SMTP connection with a larger than 4096-byte TCP MSS
value. In practice, this could happen only with loopback (localhost)
connections.
version 2.086: Thu Dec 11 11:55:32 CET 2008
Changes:
- require Encode 2.26 (there are so many distributions which
older versions of Encode which contain serious flaws)
Improvements:
- sort optional module names in Makefile.PL
version 2.085: Thu Dec 11 11:25:52 CET 2008
Fixes:
- message disappeared when ::Manager::moveMessages() had to move
messages to the folder it already was in.
rt.cpan.org#40198 [Florian]
- leave encodings in unknown charsets untouched, in stead of
croacking in studied header fields (M::M::Field::Full).
rt.cpan.org#40353 [Florian]
- thread detection with missing messages croaks in multiple ways:.
rt.cpan.org#40347 [Florian]
- if character-set is unknown, then still returned un-decoded
body for decoding(). [IIM1468]
- encoding into binary transfer-encoding failed. [IIM1473]
Improvements:
- updated README, as suggested by [Anton Berezin]
- understand unicode-1-1-utf-[78] charset
- documention improvements on study() [Florian]
This version is a maintenance release, consisting primarily of bugfixes to
problems discovered in the release that affected a small number of users
plus a security fix for users of the RFC822BUFFER routines.
Approved by Thomas Klausner.
We ought to have bumped PKGRIVISION when claws-mail was updated to 3.6.1
due to dependency patterns was changed.
But clawsker was not bumped and claws-mail-fetcinfo was downgraded.
This version adds a workaround for a bug in Plesk 9 that provides
the text "localhost" instead of the IP address for some connections.
Thanks to Medovarszky Zoltan and Christian Aust for reporting this
one.
This update fixes a serious security flaw, which can lead to arbitrary
command execution on the server running roundcube.
I could not find a formal changelog, but here's what the website writes:
There were two security issues reported which are now fixed. The first was as
possible code injection using the html2text conversion script. The other
exploit used the unchecked size parameters of the quota image to let PHP
create huge images eating up all the server memory.
Enchant and GTK 2.14 are now officially supported.
Changes from 2.5.0
------------------
New features
The POP3 remote mailbox feature, which enables the direct view/download/deletion of messages on POP3 server, was added.
The backups of configuration files are kept for four generations now.
Feature improvements
Enchant (with GtkSpell 2.0.13) has been supported.
When creating filter rule automatically, the target header field is used as a default filter name.
The Japanese manual was updated.
In the folder selection dialog, only folders which are expanded in the folder view are expanded.
The folders which should not be selected in the folder selection dialog became unselectable.
Unix: Only new messages are counted when incorporating from local mbox.
Unix: SIGHUP/SIGINT/SIGTERM/SIGQUIT signals are handled now.
Win32: System shutdown event is also handled on debug mode.
Bugfixes
The parser of IMAP4 was fixed.
Warnings about --datarootdir on running the configure script was removed.
The bug that the addressbook window was not refreshed when sender of message was added to the addressbook was fixed.
A workaround for raw-JIS filename used for attachments (specifically Eudora) was made.
The compilation error when using GTK+ 2.14.x was fixed.
Some build fixes were made.
Several bugfixes were made.
escalation vulnerabilities) and updated translations:
* Sympa was not fully compliant to the RFC 2616, leading for example
to possible unwanted list deletion by administrators using prefetching
tools. This was fixed by replacing all the threatening GET requests
by POST requests;
* Use of sprint() function for creating SQL queries lead to possible
SQL injection through cookie manipulation;
* The use of files in /tmp lead to vulnerabilities.
1.0.81 16-Dec-2008
---------------------------------------------
- Restore protocol backward compatibility with Akonadi 1.0.x servers.
- Build system fixes.
- Fix compiler warnings.
- Fall back to the default server path if the configured one points
to a non-existing file.
1.0.80 19-Nov-2008
---------------------------------------------
- Query agent status information asynchronously and answer all queries from
cached values, reduces the risk of an agents blocking the Akonadi server.
- Increase mysql limits to more realistical values.
- Don't mark all new items as recent.
- Changes so it can store the size of an item.
- Better error detection.
- Prevent translated month names in the protocol.
- Some build fixes.
- Handle multiline output correctly.
- Terminate the control process when the server process failed to start.
- Add the ability to debug or valgrind a resource right from the
beginning, similar to the way this can be done with KIO slaves.
- Fix fetching of linked items in arbitrary collections.
- Add notification support for item references in virtual collections.
- Add LINK/UNLINK commands to edit references to items in virtual collections.
- Add a way to notify agents that their configuration has been changed remotely.
- Make sure that all modification times are stored in UTC time zone.
- Unquoted date time with a lenght of 26 characters was not parsed properly.
- Add serverside timestamp support for items.
New Features
- Added a new cron/cull_bad_shunt script to cull and optionally
archive old entries from the bad and shunt queues. This is controlled
by new Defaults.py/mm_cfg.py settings BAD_SHUNT_STALE_AFTER (default
7 days) and BAD_SHUNT_ARCHIVE_DIRECTORY (default None) which determine
how long to keep bad and shunt queue entries and optionally, where to
archive removed entries.
- Prepended list name to bounce log unrecognized bounce messages.
- Added a new Defaults.py|mm_cfg.py setting ACCEPTABLE_LISTNAME_CHARACTERS
with default value '[-+_.=a-z0-9]'. This Python regular expression
character class specifies the characters allowed in list names. The
motivation for this is the fact that previously, a list named, e.g.,
xxx&yyy could be created and MTA aliases generated that would cause
The MTA to execute yyy as a command. There is a possible security issue
here, but it is not believed to be exploitable in any meaningful way.
Bug fixes and other patches
- Changed the preservation of unparseable messages to be conditional on
the Defaults.py/mm_cfg.py setting of QRUNNER_SAVE_BAD_MESSAGES and
changed the queue directory in which messages are preserved from 'shunt'
to 'bad'.
- Fixed a bug introduced in 2.1.10 that caused some email subscribe
requests to be shunted (1966837).
- Fixed a problem with bin/update erroneously moving templates from
templates/xx to lists/xx if a list has the same name as a language
code. Also fixed the absolute path to lists/ (1418670 ).
- Changed Utils.ValidateEmail to not allow specials (particularly ':')
in unquoted local parts (1956393).
- Changed bin/update to remove .bak files erroneously left behind in
qfiles/*/ by a 2.1.9 bug.
- Added 's' to %(listname) in templates/ia/admlogin.html and
templates/sl/help.txt (1682990).
- Use newer template variable for site-owner address in
templates/ko/newlist.txt and templates/ru/newlist.txt (1578766).
- Corrections to Spanish translation submitted by Wikimedia Foundation
(1433262) and Debian.
- Corrections to German translation submitted by Ralf Doeblitz (916196).
- Correction to French translation submitted by Maxime Carron (1588617).
- Correction to Portuguese translation submitted by Gabriel P. Silva
(1733057).
- Add #! line to fblast.py test script (1578740).
- Fixed unescaped '%' in templates/nl/newlist.txt (1719017).
- Changed non-ascii characters in some templates/*/*.html files to HTML
entities.
- Fixed a problem in Decorate.py that could result in a multipart
message with no part headers for the original body part (1991348).
- Improved recognition of some bounce messages.
- Rearranged calls to the list setBounceInfo() method in Bouncer.py
to accommodate MemberAdaptors that store bounce info outside the
list instance.
- Fixed CookHeaders.py which in some cases with new style prefixing
would insert an extra space between the prefix and the subject.
- Changed OldStyleMemberships.py to remove the member from one_last_digest
when changing from regular to digest delivery to avoid the possibility
of a duplicate digest in some circumstances.
- Patched Danish message catalog for proper use of HTML entities per
Jonas Smedegaard (1999966).
- Improved bounce loop detection and handling in BounceRunner.py.
- Merged the Catalan i18n from the Mailman Catalan Translation Team.
- German translation updated by Peer Heinlein.
- Added check for gateway_to_news before holding for ModeratedNewsgroup.
- At some point, cron/senddigests and bin/update were inadvertently
'preconfigured'. This has been fixed.
- Brazilian Portuguese translation updated by Diego Francisco
de Gastal Morales.
- Added 'listname' to the replacements for the archidxfoot.html template.
Miscellaneous
- Brad Knowles' mailman daily status report script updated to 0.0.18.
------
v2.3.1
------
[jan] SECURITY: Escape output in test.php.
[jan] Add script to import contacts from SquirrelMail database.
[gwr] Correct support for the freebusy URL in Kolab.
[gwr] Add photo support for the Kolab driver.
[jan] Import broken vCards from Synthesis clients (Bug #7407).
[cjh] Add two retries to find a contact after adding it (Bug #7478).
[cjh] Add a PostgreSQL-specific upgrade script for 2.2.1 to 2.3
(michael.menge@zdv.uni-tuebingen.de, Bug #7462).
[jan] Don't overwrite empty address books preference when creating new shares
(Bug #7399).
[mms] Upgrade prototype.js to v1.6.0.3.
------
v4.3.2
------
[mms] Fix prototypejs regression on IE (Bug #6590).
------
v4.3.1
------
[jan] SECURITY: Escape output in test.php.
[mms] Don't include Virtual Folder information in when tracking folder
tree changes (Bug #7739).
[mms] Marked stripped parts as 'attachment', not 'inline' (Request #4664).
[mms] Fix linking from addresses in mailbox to compose screen (Bug #7432).
[jan] Use mailer configuration when sending iTip replies (Bug #7388).
[jan] Always display multipart/appledouble attachments.
[mms] Upgrade prototype.js to v1.6.0.3.
The SquirrelMail team is happy to announce the release of version 1.4.17. The
most notable change is a security fix that prevents certain specially-crafted
hyperlinks within messages from executing cross-site scripting attacks. For
other details, see the ReleaseNotes file included in this release. We advise
all users of SquirrelMail software to upgrade.
This version fixes a bug in the address parser that was preventing
some sender/recipient whitelist/blacklist entries from matching.
Thanks to John Devenport for reporting this one. This version also
fixes a bug in the "config-test" feature that prevented spamdyke
from finding its own binary when the file is not in the current
directory. Thanks to John Hallam for reporting this one.
