Add ruby-actionmailer52 version 5.2.2 package.
Action Mailer is a framework for designing email-service layers. These layers
are used to consolidate code for sending out forgotten passwords, welcome
wishes on signup, invoices for billing, and any other use case that requires
a written notification to either a person or another system.
Action Mailer is in essence a wrapper around Action Controller and the
Mail gem. It provides a way to make emails using templates in the same
way that Action Controller renders views using templates.
Additionally, an Action Mailer class can be used to process incoming email,
such as allowing a weblog to accept new posts from an email (which could even
have been sent from a phone).
This is for Ruby on Rails 5.2.
Changelog:
60.5.1
Fixed
CalDav access to some servers not working
#CVE-2018-18500: Use-after-free parsing HTML5 stream
#CVE-2018-18505: Privilege escalation through IPC channel messages
#CVE-2016-5824: DoS (use-after-free) via a crafted ics file
#CVE-2018-18501: Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5
60.5.0
New
FileLink provider WeTransfer to upload large attachments
Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user inferface: [+] button to select a file an add, [-] to remove.
More search engines: Google and DuckDuckGo available by default in some locales
During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol.
Fixed
Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on
Crash when using custom sound for new email notification
WebExtension-based dictionaries from addons.mozilla.org not working in Thunderbird
Calendar: Printing of calendars not working
#CVE-2018-18356: Use-after-free in Skia
#CVE-2019-5785: Integer overflow in Skia
#CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D
#CVE-2018-18509: S/MIME signature spoofing
4.92:
New features include:
- ${l_header:<name>} expansion
- ${readsocket} now supports TLS
- "utf8_downconvert" option (if built with SUPPORT_I18N)
- "pipelining" log_selector
- JSON variants for ${extract } expansion
- "noutf8" debug option
- TCP Fast Open support on MacOS
Maintain a folder which has its messages stored on a remote server. The
communication between the client application and the server is implemented using
the IMAP4 protocol. This class uses Mail::Transport::IMAP4 to hide the transport
of information, and focusses solely on the correct handling of messages within a
IMAP4 folder. More than one IMAP4 folder can be handled by one single IMAP4
connection.
Notmuch 0.28.2 (2019-02-17)
===========================
Emacs
-----
Invoke gpg with --batch and --no-tty.
Python Bindings
---------------
Fix documentation build with Python 3.7. Note that Python >= 3.3 is
now needed to build this documentation.
Maintain a folder which has its messages stored on a remote server. The
communication between the client application and the server is implemented using
the POP3 protocol. This class uses Mail::Transport::POP3 to hide the transport
of information, and focusses solely on the correct handling of messages within a
POP3 folder.
Maintain a folder which has its messages stored on a remote server. The
communication between the client application and the server is implemented using
the IMAP4 protocol. This class uses Mail::Transport::IMAP4 to hide the transport
of information, and focusses solely on the correct handling of messages within a
IMAP4 folder. More than one IMAP4 folder can be handled by one single IMAP4
connection.
Mail::Transport extends Mail::Transport implement sending and/or receiving of
messages, using various protocols.
Mail::Transport::Send extends this class, and offers general functionality for
send protocols, like SMTP. Mail::Transport::Receive also extends this class, and
offers receive method. Some transport protocols will implement both sending and
receiving.
Upstream changes:
version 3.006: Fri 15 Feb 09:01:51 CET 2019
Fixes:
- MailDir warns about repeat count, since last release added 'use
warnings' to the file. [Keita Jamadam] github issue #2
- mbox parsing failed on changing handling of blank lines by Mail::Message
rt.cpan.org#128513 [Gregor Herrmann] + [cpantesters]
Upstream changes:
version 3.008: Mon 11 Feb 12:30:40 CET 2019
Fixes:
- test with windows path [cpantesters]
- when a message gets coerced, its components should not be delayed [fany]
- date fields recognizing 2-digit years [Andrew Beverley]
Improvements:
- failing AUTOLOAD on ::Body gives unclear error
- dates after 2030 for message separator in mbox
* New tool msearch to wrap several mail indexers.
* New zsh completion _mblaze.
* mnext/mprev were removed (you can call `mless +`/`mless -`).
* The GnuPG tools in contrib/ now use gpg2.
* mshow exits with error if it could not extract all attachments
* mrep: add -noquote to disable quoting the message replied to
* mdeliver: keep permissions of messages
* mcom: aborting the editor is now more like delete than cancel
* mcom: add -send to send directly without editing
* mcom: check if mail is formatted sensibly
* mpick: new flag -v for statistics
* mscan: new flag -v for statistics
* magrep: add -h, which is like -p but doesn't print the file name
* mscan: prioritize displaying trashed mail over other markers
* mpick: fix off-by-one in expression parsing
* Many bug fixes
Upstream changes:
0.06 2019-01-02
- Changes to address CVE-2018-18898 which could allow DDoS-type attacks.
Thanks to Lukas Kramer for reporting the issue and Alex Vandiver for
contributing fixes.
- Fix pathological backtracking for unkown regex
- Fix pathological backtracking in obs-phrase(i.e. obs-display-name)
- Fix pathological backtracking in cfws, quoted strings
Enigmail 2.0.9
Released 2018-10-09, works with Thunderbird 60.0.
Notable Changes
This release addresses a security issue and solves a few regression bugs.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.8
Released 2018-08-04, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses a security issue and solves a few regression bugs.
Bugs fixed:
A security issue has been fixed that allows an attacker to prepare a plain, unauthenticated HTML message in a way that it looks like it's signed and/or encrypted.
Check the full list of fixed defects.
Enigmail 2.0.7
Released 2018-06-13, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several critical security bugs.
Bugs fixed:
Spoofing of Email signatures I (CVE-2018-12020): GnuPG 2.2.8 fixed a security bug that allows remote attackers to spoof arbitrary email signatures via the embedded "--filename" parameter in OpenPGP literal data packets. This release of Enigmail prevents the exploit for all versions of GnuPG, i.e. also if GnuPG is not updated.
Spoofing of Email signatures II (CVE-2018-12019): The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.
Mozilla crash bug 1423895: if Enigmail is installed on Thunderbird 60b7 together with the Add-Ons "CardBook", "QuickFolders" (and possibly other Add-Ons), then Thunderbird will crash as soon as an Enigmail-specific window is opened. This version implements a workaround for the Mozilla bug.
Enigmail 2.0.6
Released 2018-05-27, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses a vulnerability that would allow an attacker to make a victim respond to a partially encrypted message and thus reveal protected information.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.5
Released 2018-05-21, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release implements a fix that prevents any form of the Efail vulnerability and similar attacks. We recommend to upgrade to this version as soon as possible.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.4
Released 2018-05-16, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release implements two workarounds to prevent from Efail vulnerabilities. We recommend to upgrade to this version as soon as possible.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.3
Released 2018-05-08, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several defects, including a crash when accessing encrypted forwarded messages.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.2
Released 2018-04-12, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses some regressions found in version 2.0/2.0.1.
Bugs fixed:
Check the full list of fixed defects.
Enigmail 2.0.1
Released 2018-04-02, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
This release addresses several defects found in version 2.0.
Bugs fixed:
S/MIME signing/encryption not working correctly, if Enigmail is not enabled for an account
Emails fail to decrypt if the sender address contains brackets
Autocrypt-headers may flip manually created per-recipient rules
The key manager does not load if no key on the keyring
Check the full list of fixed defects.
Enigmail 2.0
Released 2018-03-25, works with Thunderbird 52.0 - 60.0 and SeaMonkey 2.46 - 2.55.
Notable Changes
The Encryption and Signing buttons now work for both OpenPGP and S/MIME. Enigmail will chose between S/MIME or OpenPGP depending on whether the keys for all recipients are available for the respective standard.
Support for Pretty Easy Privacy (p≡p) is implemented in Enigmail. p≡p is active by default for new users.
Support for the Autocrypt standard, which is now enabled by default. If Enigmail is used in the "classical mode" (with p≡p disabled) then Autocrypt is enabled by default.
Support for Web Key Directory (WKD) is implemented. Enigmail will try to download unavailable keys during message composition from WKD. If you use GnuPG 2.2.x, and your provider supports the Web Key Service protocol, you can also use Enigmail to upload your key to WKD.
The message subject can now be encrypted and replaced with a dummy subject, following the Memory Hole standard for protected Email Headers.
The keys on the keyring are automatically refreshed from keyservers at an irregular interval.
Enigmail was turned into a "restartless" addon. That is, once you installed Enigmail 2.0, subsequent updates will be installed without needing to restart Thunderbird.
Keys are internally addressed using the fingerprint instead of the key ID.
The minimum GnuPG version supported is now 2.0.16.
Cygwin-versions of GnuPG are no longer supported.
Bugs fixed
Many bugs were fixed. Check the list of fixed defects.
Notmuch 0.28.1 (2019-02-01)
===========================
Build System
------------
`configure` no longer uses the special variable BASH, as this causes
problems on systems where /bin/sh is bash.
pkgsrc changes:
- Remove no longer needed patches
Changes:
2.0
---
- Remove Courier support
- Add `ignore-errors' flag to ignore possible delivery errors and continue to
the next mail
- Add a `lock-timeout' option to customize default 10 seconds timeout
- Add support for STARTTLS on IMAP and POP3
- Disable OpenSSL insecure stuff enabled by default and introduce a `insecure'
flag to replace `no-tls1'
- Add support for newer OpenSSL
- Use SNI extension (fixes some servers when OpenSSL supports TLS 1.3)
- Misc bug fixes and improvements
- experimental: when SSL SNI support is present in the underlying Python
(and OpenSSL), send SNI by default in the SSL setup. This should work
around Gmail's brokenness with TLSv.1.3 connections when SNI is not sent.
Changes:
1.8.3
-----
This version fixes a security problem that affects version 1.8.2
(older versions are not affected): when the new default value system
for tls_trust_file is used, the result of certificate verification
was not properly checked.
v2.3.4.1 2019-02-05 Aki Tuomi <aki.tuomi@open-xchange.com>
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
trusted certificate with missing username field
(ssl_cert_username_field), under some configurations Dovecot
mistakenly trusts the username provided via authentication instead
of failing.
* ssl_cert_username_field setting was ignored with external SMTP AUTH,
because none of the MTAs (Postfix, Exim) currently send the
cert_username field. This may have allowed users with trusted
certificate to specify any username in the authentication. This bug
didn't affect Dovecot's Submission service.
* pkgsrc change: add "USE_LANGUAGES= # none" line.
Version 2.7.1 (2018-10-13)
Compatibility:
* Restore LF=>CRLF conversions for properly encoded non-binary emails. (rubys)
* Gracefully parse certain invalid Content-Type headers. (rafbm)
* Support `x-uue` transfer encoding as uuencoding. (jkraemer)
Features:
* Expose Mail::Field#unparsed_value to read the raw field value, before
parsing. (Tensho)
Performance:
* Speed up message encoding, especially with large attachments. (dalibor)
Bugs:
* Fix transfer encoding when message encoding is blank. (jakubonty, saks)
* Fix 7bit/base64 content transfer encoding mismatch. (ahorek)
* Fix UTF-8 attachment filename quoting. (ahorek)
* Fix `delete_all` using a readonly IMAP connection. (kimromi)
7.99.1 subject MIME handling bug fixed.
Sep 8, 2018, we have merged the following branch
feature/utf8-mime-header-handling [2b9052aa..b9c2f6c2] into
the master. XXX Mail::Message::ToHTML is broken. XXX
Mail::Message::Outline may be broken.
Also, we note that this is the initial point to release
engineering process toward the release 8.0.0.
(XXX)
We plan to move non-core modules related on the mailing list
core to aux/ (newly created) or 3rdparty/fml.org/FEATURE/ (as
examples how to use at ./3rdparty/ directory).
In my environment, the build was trying and failing to download the
docbook xhtml files and then generating an empty manual.txt when
lynx was not found.
Bump PKGREVISION to be on the safe side.
While here, make it easier to use envdir by prepending to
${qmailfoo_postenv} rather than appending.
At least one Linux shell needs "--" between greetdelay and rblsmtpd, and
this doesn't break NetBSD.
Bump version.
Changes:
Version 1.8.2:
- To simplify TLS setup, the tls_trust_file command has a new default value
'system' that selects the system default trust. Now you just need tls=on to
use TLS; the other TLS options are only required in special cases.
To make this work without breaking compatibility with older msmtp versions,
tls_fingerprint now overrides tls_trust_file, and tls_certcheck=off overrides
both (previously, you could not specify contradicting options).
- To simplify setup, a new option '--configure <mailaddress>' was added that
automatically generates a configuration file for a given mail address.
However, this only works if the mail domain publishes appropriate SRV records.
Version 1.8.1:
- Fixed our TLS code to support TLS 1.3 with GnuTLS.
when the system clock is set to TAI (and a libtai dependency to get
leapsecs.dat). While here, catch up to his latest maildiruniq patch.
Let an installed ucspi-tcp6 satisfy the ucspi-tcp dependency for
non-'inet6' builds.
Bump PKGREVISION.
Changelog:
new
WebExtensions FileLink API to facilitate FileLink add-ons. For the future
version Thunderbird 60.5.0: WeTransfer will be included in Thunderbird 60.5.0
and the Dropbox add-on will be compatible with Thunderbird 60.5.0.
fixed
Decoding problems for messages with less common charsets (cp932, cp936)
fixed
New messages in the drafts folder (and other special or virtual folders)
will no longer be included in the new messages notification
Upstream changes:
version 3.40: Thu Dec 6 01:44:16 UTC 2018
- rt.cpan.org#122373 support IPv6 by using IO::Socket::IP over IO::Socket::INET
[Gilles Lamiral and Mark Overmeer]
- rt.cpan.org#127103 flags() undef value as an ARRAY reference on a bogus message
[Gilles Lamiral]
- rt.cpan.org#124523 update examples/populate_mailbox.pl timegm usage
[Bernhard M. W.]
- t/capability.t: added first set of tests
- t/quota.t: minor fix when tests skipped
Upstream changes:
1.912 2018-12-31 13:46:22-05:00 America/New_York
- include the doc updates from 1.911 changelog, oops!
1.911 2018-12-22 11:30:28-05:00 America/New_York
- just like 1.910, but with doc updates and undeprecation by Jim Brandt
1.910 2018-12-17 21:27:28-05:00 America/New_York (TRIAL RELEASE)
- update parsing to mitigate pathological cases (thanks, sunnavy!)
Mozilla Thunderbird is a redesign of the Mozilla mail component. The
goal is to produce a cross platform stand alone mail application using
the XUL user interface language. This version uses the gtk2 toolkit.
Changelog:
60.3.3:
mitigated
Thunderbird 60 will migrate security databases (key3.db, cert8.db to
key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault
that potentially deleted saved passwords and private certificate keys
for users using a master password. Version 60.3.3 will prevent the loss
of data; affected users who have already upgraded to version 60.3.2 or
earlier can restore the deleted key3.db file from backup to complete
the migration.
fixed
Address book search and auto-complete slowness introduced in
Thunderbird 60.3.2
Plain text markup with * for bold, / for italics, _ for underline and |
for code did not work when the enclosed text contained non-ASCII
characters
While composing a message, a link not removed when link location was
removed in the link properties panel
60.3.2:
fixed
Under some circumstances Thunderbird on Mac will send attachments using
the so-called AppleDouble format which can lead to problems with mail
servers and recipients
Encoding problems when exporting address books or messages using the
system charset. Messages are now always exported using the UTF-8 encoding.
If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was
displayed. Now using date from "Received" header instead.
Body search/filtering didn't reliably ignore content of tags
Inappropriate warning "Thunderbird prevented the site
(addons.thunderbird.net) from asking you to install software on your
computer" when installing add-ons
Incorrect display of correspondents column since own email address was
not always detected
Spurious 
 (encoded newline) inserted into drafts and sent email
New email not inserted in correct sort order in threaded unified view
or search folder
60.3.1:
fixed
Double-clicking on a word in the Write window sometimes launched the
Advanced Property Editor or Link Properties dialog
Cookie removal (not working since Thunderbird version 52)
"Download rest of message" not working if global inbox was used
Encoding problems for users (especially in Poland) when a file was sent
via a folder using "Sent to > Mail recipient" due to a problem in the
Thunderbird MAPI interface
According to RFC 4616 and RFC 5721, passwords containing non-ASCII
characters are encoded using UTF-8 which can lead to problems with
non-compliant providers, for example office365.com. The SMTP LOGIN
and POP3 USER/PASS authentication methods are now using a Latin-1
encoding again to work around this issue.
Shutdown crash/hang after entering an empty IMAP password
60.3.0:
fixed
Various Theme fixes where incorrect colors, backgrounds, etc. were
displayed
Add-on Options menu not working on Mac
Shift+PageUp/PageDown in Write window
Saving content of Write windows didn't overwrite existing file
Issues related to "Edit Template" command
Gloda attachment filtering
Mailing list address auto-complete enter/return handling
Thunderbird hung if HTML signature references non-existent image
Filters not working for headers that appear more than once
Various security fixes
Secirity fixes:
#CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
#CVE-2018-12392: Crash with nested event loops
#CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
#CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and Thunderbird 60.3
#CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3
60.2.1:
Changed
Calendar: Default values for the first day of the week and working days
are now derived from the selected datetime formatting locale (restart
after changing locale in the OS required)
Calendar: Switch to a Photon-style icon set for all platforms
Multiple requests for master password when Google Mail or Calendar
OAuth2 is enabled
Scrollbar of the address entry auto-complete popup does not work
Security info dialog in compose window does not show certificate status
Links in the Add-on Manager's search results and theme browsing tabs
open in external browser
Localized versions of Thunderbird didn't show a localized name for
the "Drafts" and "Sent" folders for certain IMAP providers
(particularly in France)
Replying to a message with an empty subject inserted Re: twice (not
working in Thunderbird 60.0)
Spellcheck marks disappeared erroneously for words with an apostrophe
(not working in Thunderbird 60.0)
Calendar: First day of the week cannot be set
Calendar: Several fixes related to cutting/deleting of events and email
scheduling
Various security fixes
Security fixes:
#CVE-2018-12377: Use-after-free in refresh driver timers
#CVE-2018-12378: Use-after-free in IndexedDB
#CVE-2018-12379: Out-of-bounds write with malicious MAR file
#CVE-2017-16541: Proxy bypass using automount and autofs
#CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
#CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords
#CVE-2018-12376: Memory safety bugs fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1
60.0:
new
When writing a message, a delete button now allows the removal of a
recipient. This delete button is displayed when hovering the To/Cc/Bcc
selector.
Many improvements to attachments handling during compose: Attachments
can now be reordered using a dialog, keyboard shortcuts, or drag and
drop. The "Attach" button moved to the right to be above the attachment
pane. The access key of the attachment pane (e.g. Alt+M, may vary
depending on localization, Ctrl+M on Mac) now also works to show or
hide the pane. The attachment pane can also be shown initially when
composing a new message. Right-click on the header to enable this
option. Hiding a non-empty attachment pane will now show a placeholder
paperclip to indicate the presence of attachments and avoid sending
them accidentally.
"Edit Template" command. This also solves various problems when saving
as template (duplicates created, message ID lost).
"New Message from Template" command
Allow changing the Spellcheck Language from status bar
Light and Dark themes
WebExtension themes are now enabled in Thunderbird
A default startup directory in the address book window can now be
configured
Individual feed update interval
An option under "Tools > Options, Advanced, General" now allows to
select whether date/time display will follow the application locale
(adjusted by operating system's format settings for that locale) or
the locale selected in the operating system's regional settings.
In other words, an US English Thunderbird can use, for example,
German formats.
OAuth2 authentication for Yahoo and AOL
FIDO U2F support
Thunderbird now allows the conversion of folders from mbox to maildir
format and vice versa. This is an experimental feature that needs to
be enabled by setting the preference mail.store_conversion_enabled.
Note that this functionality does not not work if the option "Allow
Windows Search/Spotlight to search messages" is selected.
Calendar: Allow copying, cutting or deleting of a selected occurrence
or the entire series for recurring events
Calendar: Provide an option to display locations for events in calendar
day and week views
Calendar: Provide the ability for sending/not sending meeting
notifications directly instead of showing a popup
Calendar: Option to select the target calendar when pasting an event
or task
Calendar: Allow email scheduling for CalDAV servers supporting
server-side scheduling
Thunderbird Chat now contains multiple built-in message themes
changed
IMPORTANT: Add-ons not marked as compatible with Thunderbird 60
by their authors will be disabled (this can be reverted via preference
extensions.strictCompatibility)
IMAP: When after sending a message storing that sent message fails,
the message can now be stored in a local folder
Add-on options can no longer be configured from the Add-on Manager page.
A new menu item "Add-on Options" is now available on the Tools menu.
When messages are composed in paragraph format, "body text" and split
mail quotes are converted to paragraphs when pressing the enter key
"Edit As New Message" will now use the account's default compose format,
either HTML or plain text ignoring the format of the message. Plain
text messages will be converted to HTML and vice versa. Then using
the modifier, the format choice will be reverted.
The "Edit Draft" command now also honors the use of the shift key to
convert HTML to plain text or vice versa when editing a draft
The plain text to HTML conversion has been improved where such a
conversion is necessary for "Edit As New Message" or when the shift
modifier is used for "Edit Draft" or "New Message from Template".
During address entry, the matching part of the address is now shown in
bold. Preference mail.autoComplete.commentColumn allows to display
the address book where the address is stored.
When attaching a message via drag and drop, the subject of the message
is now used as attachment name instead of "Attached Message"
Better address book photo handling: Photos can be added by drag and
drop and a copy of all photos will be stored in the Thunderbird profile
On first start, Thunderbird now shows the account setup dialog, no longer
the account provisioner dialog
Thunderbird follows Firefox' Photon design with rectangular tabs and
many other theme improvements
When customizing the From: address, Thunderbird will now use this address
for the SMTP "MAIL FROM" command. Previously the address configured
in the identity was used. The preference
mail.smtp.useSenderForSmtpMailFrom allows return to the previous
behavior.
Native notifications on Linux are now re-enabled
Thunderbird now uses Mozilla's latest proxy technology (add-on FoxyProxy
now supported)
Thunderbird now uses the latest Rust-based Mozilla technology, including
Quantum's CSS engine (based on Servo) and encoding_rs, for displaying
and encoding messages
All certificates issued by Symantec roots before 2016-06-01 are
distrusted for use in TLS secured traffic in Thunderbird 60 and above.
This applies to all brands Symantec operated: Thawte, RapidSSL,
GeoTrust, Verisign, and Symantec. For usage in S/MIME the certificates
remain valid. Details here.
Calendar: Removal of capability to send email invitations compatible
to Outlook 2002 and earlier
Calendar: Reminders on read-only calendars can now be dismissed, while
reminders for missed events will now only be displayed for writable
calendars if option "Show missed reminders for writable calendars" is
selected
Thunderbird Chat: Nicknames inside of messages are colored to match
the participants list
fixed
When many Thunderbird clients or other email clients accessed the same
IMAP draft folder, messages were sometimes sent with the wrong
identity. This has been corrected and the user will be notified if
none of their identities matches the draft.
Various problems related to handling the IMAP trash folder: Under
certain circumstances the selection of the trash folder didn't persist,
for example when the name contained non-ASCII characters, or in
localized versions of Thunderbird. At times unwanted adtext menu behavior
Better error handling for Gmail authentication to avoid re-downloading
of folders
Thunderbird used a stale cached password after user edited a saved
password
Calendar: Wrong time formatting for some time zones
Calendar: Can't copy information from event dialog for received invitations
Various security fixes
Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12361: Integer overflow in SwizzleData
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60
#CVE-2018-5188: Memory sa60
- ucspi-ssl and ucspi-tcp6 correctly dual-stack v4/v6 on NetBSD, so we
can go back to "0" (instead of "0.0.0.0") as the default host to
listen on.
- FreeBSD's /bin/sh needs continuation characters to understand what
we're assigning to `command` in foo_precmd(). This seems sensible and
doesn't break NetBSD.
Bump version.
Changes for all supported stable releases:
* Support for OpenSSL 1.1.1, and support for TLSv1.3-specific
features.
- Updated Postfix TLS documentation examples for TLSv1.3. See
FORWARD_SECRECY_README.
- New TLSv1.3-specific attributes in Postfix logging and in
Postfix "Received:" message headers: key exchange, server
signature, client signature.
- New option to selectively disable TLSv1.3 in *_tls_protocols
settings.
- New server-side support to avoid issuing multiple session
tickets.
- New support to allow OpenSSL >= 1.1.0 run-time micro version
bumps without logging Postfix warnings about library version
mismatches.
Fixed in all stable releases:
* Bugfix: smtpd_discard_ehlo_keywords could not disable "SMTPUTF8",
because some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
* Bugfix: minor memory leak in DANE support when minting issuer
certs. This affects a tiny minority of use cases.
Fixed in Postfix 3.3.2:
* Bugfix: the Postfix build did not abort if the m4 command was
not installed, resulting in a broken postconf command.
Comment out qmail-qfilter-viruscan in control/smtpfilters. It's not a
very precise tool, so the cost (false positives) probably outweighs the
benefit (blocked malware attachments) for many users.
Also not a sensible default: rejecting incoming mail on SPF
explicit-fail. This needs to be an admin decision because, among other
reasons, it would also reject messages forwarded through servers that
haven't configured SRS. Document SPF setup, including how to reject
(with this caveat) and how to greylist SPF explicit-pass (which would
otherwise be exempted from greylisting).
Rename greylisting-spp-with-exemptions to greylisting-spp-wrapper. Add a
feature: to effectively omit IP from the (IP,sender,recipient) tuple,
add GL_WRAPPER_TCPREMOTEIP="127.127.127.127" to control/tcprules/smtp.
rc.d scripts:
- Location of tcprules file is configurable
- By default, CDB is auto-rebuilt as needed on service start
- CDB auto-rebuilding can be configured off
Bump version.
- On "fail", reject
- On "pass", skip any greylisting
- Else, accept mail as we otherwise would.
qmail-spp-spf adds a `Received-SPF:` header to all incoming messages.
Migrate ${PKG_SYSCONFDIR}/tcp.* to ${PKG_SYSCONFDIR}/control/tcprules.
Bump version.
config files. Removing them on uninstall if they haven't been changed
is already mail/qmail's job; creating them on install was being done
here, and this combination was probably responsible for `pkgin
full-upgrade` removing some config files and qmail no longer running.
Thanks to Nathan Arthur for the bug report.
Instead of running config-fast-pkgsrc here, rely on mail/qmail to do it.
For similar reasons, also expect mail/qmail to handle the three basic
aliases (root, mailer-daemon, postmaster) and QUEUE_EXTRA.
While here, set QMAILREMOTE in qmailsend_postenv in preparation for a
future update.
Bump version.
### GMime 3.2.3
* Fixed GMimeFilterBasic for uudecode.
Don't allow the outbuf to ever get set to NULL which could happen
if the begin-line had not yet been found (and thus
g_mime_filter_set_size() had never been called to allocate the
outbuf buffer).
* Fixed a bug in g_mime_uuencode_step().
* Modified GMimeParser to work around broken mailers that send base64
encoded message/rfc822 parts.
Fixes https://gitlab.gnome.org/GNOME/gmime/issues/1
* Fixed a bug in g_mime_quoted_encode_close() where it would incorrectly
end the quoted-printable output with a line containing only "=\n" even
when it is not needed.
* Improved g_mime_content_encoding_from_string(). This function no
longer requires the input string to be an exact match for "7bit",
"8bit", "base64", etc. It can now handle whitespace before and
after the value. In other words, it is now easy to use this
function on raw header values before any whitespace trimming
has been done.
* Really, really fixed the packaging to include the Vala build files.
1.1.1:
+ Added ARC specific tags for draft-ietf-dmarc-arc-protocol-18 (as of IETF
last call, still experimental), smtp.remote-ip and header.oldest-pass
When TLS 1.3 is used at least imap.gmail.com requires SNI extension
otherwise fails as follow:
certificate verification failed: self signed certificate
(This can happen with OpenSSL 1.1.1.)
Bump PKGREVISION
Notmuch 0.28 (2018-10-12)
=========================
General
-------
Improve threading
The threading algorithm has been updated to consider all references,
not just the heuristically chosen parent (e.g. when that parent is
not in the database). The heuristic for choosing a parent message
has also been updated to again consider the In-Reply-To header, if
it looks sensible. Re-indexing might be needed to take advantage of
the latter change.
Handle mislabelled Windows-1252 parts
Messages that contain Windows-1252 are apparently frequently
mislabelled as ISO 8859-1. Use GMime functionality to apply the
correct encoding for such messages.
Command Line Interface
----------------------
Support relative database paths
Database paths (i.e. parameters to `notmuch config set
database.path`) without a leading `/` are now interpreted relative
to $HOME of the invoking user.
Emacs
-----
Improve stderr handling
Add a real sentinel process to clean up stderr buffer. This is
needed on e.g. macOS.
Call `notmuch-mua-send-hook` hooks when sending a message
This hook was documented, but not functional for a very long time.
Completion
----------
The zsh completion has been updated to cover most of the notmuch
CLI. Internally it uses regexp searching, so needs at least Notmuch
0.24.
Build System
------------
The build system now installs notmuch-mutt and notmuch-emacs-mua with
absolute shebangs, following the conventions of most Linux
distributions.
Test Suite
----------
Fix certain tests that were failing with GMime 2.6. Users are reminded
that support for versions of GMime before 3.0.3 has been deprecated
since Notmuch 0.25.
### GMime 3.2.2
* Fixed packaging to include Vala files.
### GMime 3.2.1
* Fixed GMimeParser to recognize the message/global mime-type
(a UTF-8 version of message/rfc822). (issue #50)
* Updated GMime to use libidn2 instead of the older libidn
library. (issue #48)
* Fixed address quoting logic and IDN2 encoding.
The rules for quoting address names should use 'specials'
instead of 'tspecials' and when encoding domain names via
IDN2, check if the encoded domain matches the original
domain name (other than case). If they match, prefer the
non-encoded domain name since the user may have used
uppercase characters to enhance readability of the domain
name.
* Added GMIME_DECRYPT_ENABLE_ONLINE_CERTIFICATE_CHECKS and
GMIME_DECRYPT_ENABLE_KEYSERVER_LOOKUPS as possible flags to
pass to g_mime_crypto_context_decrypt(). Also added
GMIME_VERIFY_ENABLE_ONLINE_CERTIFICATE_CHECKS and
GMIME_VERIFY_ENABLE_KEYSERVER_LOOKUPS as possible flags to
pass to g_mime_crypto_context_verify().
Clients that wish to enable online certificate and/or
keyserver lookups now need to explicitly enable this
functionality.
These changes are designed to make it more difficult
for clients to be susceptible to Efail privacy exploits.
Specifically, it is meant to address the privacy concerns
regarding CRL and OCSP status check backchannels.
For more information about Efail, see https://www.efail.de/
* Fixed g_mime_message_write_to_stream() to prioritize message
headers over body headers (even when they have an offset of -1).
(issue #46)
* The GMimeParser can now warn about a number of RFC-compliance
issues that it finds when parsing messages.
* Fixed GMimeTextPart to make sure that the GMimeFilterCharset is
non-null before trying to use it. This can happen if the charset
specified in the Content-Type header is unsupported by the
iconv library.
v0.5.4:
* Adjustments to several changes in Dovecot v2.3.4 make this Pigeonhole
release dependent on that Dovecot release; it will not compile against
older Dovecot versions. And, conversely, you need to upgrade
Pigeonhole when upgrading Dovecot to v2.3.4.
* The changes regarding the default postmaster_address in Dovecot v2.3.4
mainly apply to Pigeonhole. The new default should work for all
existing installations, thereby fixing several reported v2.3/v0.5
migration problems.
- IMAP FILTER=SIEVE capability: Fix assert crash occurring when running
UID FILTER on a Sieve script with errors.
2.3.4:
* The default postmaster_address is now "postmaster@<user domain or
server hostname>". If username contains the @domain part, that's
used. If not, then the server's hostname is used.
* "doveadm stats dump" now returns two decimals for the "avg" field.
+ Added push notification driver that uses a Lua script
+ Added new SQL, DNS and connection events.
See https://wiki2.dovecot.org/Events
+ Added "doveadm mailbox cache purge" command.
+ Added events API support for Lua scripts
+ doveadm force-resync -f parameter performs "index fsck" while opening
the index. This may be useful to fix some types of broken index files.
This may become the default behavior in a later version.
- director: Kicking a user crashes if login process is very slow
- pop3_no_flag_updates=no: Don't expunge DELEted and RETRed messages
unless QUIT is sent.
- auth: Fix crypt() segfault with glibc-2.28+
- imap: Running UID FILTER script with errors assert-crashes
- dsync, pop3-migration: POP3 UIDLs weren't added to
dovecot.index.cache while mails were saved.
- dict clients may have been using 100% CPU while waiting for dict
server to finish commands.
- doveadm user: Fixed user listing via HTTP API
- All levels of Cassandra log messages were logged as Dovecot errors.
- http/smtp client may have crashed after SSL handshake
- Lua auth converted strings that looked like numbers into numbers.
new filter to add a Received header with TLS protocol and ciphers. Add
qmail-qfilter-addtlsheader to control/smtpfilters, too. Bump acceptutils
dependency to get this program.
Point to qmail-qfilter-queue in tcp.ofmip and tcp.smtp. This replaces
the formerly separate qmail-queue wrappers for ofmipd and smtpd. Bump
rejectutils dependency to get this program.
rc.d scripts:
- ofmipd, pop3d, smtpd: let a standalone TLS key file be configured
in rc.conf.
- ofmipd, pop3d: let pre- and post-checkpassword commands be configured
in rc.conf.
- pop3d: fix typo in default TLS file paths.
Bump version.
- Add qmail-qfilter-addtlsheader, a filter to add a Received header with
TLS protocol and ciphers.
- Fix spurious errors when initializing TLS environment.
- Add qmail-qfilter-queue, which is like qmail-qfilter-ofmipd-queue
and qmail-qfilter-smtpd-queue but requires an environment variable
pointing to a config file (QMAILQUEUEFILTERS) rather than
hardcoding one.
- Leave qmail-qfilter-ofmipd-queue and qmail-qfilter-smtpd-queue as
thin wrappers around qmail-qfilter-queue, logging what the sysadmin
needs to do.
Changes since version 1.10.1:
+ inotify is used for local mailbox monitoring on Linux. Configuration flag
--disable-filemonitor turns this off.
+ OAUTHBEARER support for IMAP, SMTP and POP via
$imap_oauth_refresh_command, $smtp_oauth_refresh_command, and
$pop_oauth_refresh_command.
! $pgp_timeout and $smime_timeout support 32-bit numbers.
+ <check-stats> manually updates mailbox statistics, the same way
$mail_check_stats does when set.
! Thread limited views, e.g. ~(pattern), now show new mail as it arrives.
! Command line argument -z and -Z options also work for IMAP mailboxes.
+ $imap_condstore and $imap_qresync enable IMAP CONDSTORE and QRESYNC
support, respectively. QRESYNC should provide much faster mailbox opening.
! $abort_noattach skips quoted lines (as defined by $quote_regexp and
$smileys).
! Initial IMAP header downloading can be aborted with ctrl-c.
+ <compose-to-sender> composes a message to the sender of the selected
message, in the index or attachment menu.
! Address book queries ($query_format) now support multibyte characters.
+ Finnish translation.
! pgpring has been renamed to mutt_pgpring.
! Certificate prompts show sha-256 instead of md5 fingerprints.
! Non-threaded $sort_aux "reverse-" settings now work properly.
+ The manual can be generated and installed in GNU Info format.
+ index-format-hook and the new %@name@ expando for $index_format enable
dynamic index formats using pattern matching against the current message.
This can be used, for example, to format dates based on the age of
the message.
! Relative date matching allows hour, minute, and second units: HMS.
authup. Changes:
- fixsmtpio: Set FIXSMTPIOTLS in the environment when TLS has been negotiated.
When upgrading, be sure to add _this_ entry to control/fixsmtpio:
# Remove greeting for child process restarted after upgrading to STARTTLS
FIXSMTPIOTLS:greeting::2*::
- fixsmtpio: Fix "out of memory" errors with big attachments by handling
DATA specially (no parsing or copying).
- FIXSMTPIODEBUG: log our pid and child's basename and pid.
- fixsmtpio: Ensure STARTTLS resets all state by restarting qmail-smtpd.
When upgrading, be sure to add this entry to control/fixsmtpio:
# Remove greeting for child process restarted after upgrading to STARTTLS
SSL_CIPHER:greeting::2*::
- NOFIXSMTPIO: new environment variable to perform no filtering.
- FIXSMTPIODEBUG: prefix program name to log messages.
- Compile as C99.
- Have die_nomem() log two levels of call stack.
- Have get_one() log one caller further.
- Avoid extern in declarations.
- Empty next_pile and free event when done.
- Use acceptutils' stralloc wrappers in tls_info().
- Don't call tls_info(): no point setting TLS connection environment
variables when our child has already forked.
in control/smtpplugins. Extract a "Greylisting" stanza in MESSAGE. Merge
"Local non-root users to see the queue" into previous section (and
provide qmail-qread-client in example mailer.conf to begin with).
Mention port numbers where applicable.
Enable defaults that are sensible: realrcptto in control/rcptchecks and
viruscan in control/smtpfilters.
Add fixsmtpio rules to make greylisting-spp's tempfails look more like
qmail's other messages.
Bump dependency on qmail for config-fast-pkgsrc, which is like
config-fast but lets us simulate CONF_FILES-like behavior. As before, we
install these minimal config files, and won't deinstall them. (But the
updated qmail package will.)
Bump version.
installs the generated files elsewhere, so we can simulate
CONF_FILES-like behavior. qmail-run will switch to config-fast-pkgsrc.
We'll take advantage to deinstall these config files (as well as the
three basic .qmail files in ~alias) provided they haven't been changed.
Both of these commands stop leaving leftovers in ${PKG_SYSCONFDIR}:
# pkg_add qmail && pkg_delete qmail
# pkg_add qmail-run && pkg_delete -r qmail
While here, warn if the queue directory is on a case-insensitive
filesystem. Probably not gonna work perfectly.
Bump PKGREVISION.
sensible default, we wrap it in "greylisting-spp-with-exemptions", which
lets recipient addresses and domains be exempted from greylisting by
editing control/greylist/exemptrcpt{s,hosts}.
qmailofmipd: enable user CDB by default and remove the verbiage.
qmailsmtpd: bump datalimit (seeing occasional "fixsmtpio: out of memory" in production).
Improve MESSAGE a bit more.
Bump version.
SPP-compatible qmail-rcptcheck. Create control/smtpplugins so that the
RCPTCHECK-compatible programs continue to run as before. No functional
change intended.
Bump version.
qmail-smtpd (tweaked to tolerate the absence of a config file).
The RCPTCHECK patch is a logical subset of SPP with a slightly different
interface, and conflicts with SPP. Remove RCPTCHECK.
Bump PKGREVISION.
20181108 implements STARTTLS in fixsmtpio(8). Rebase EAI patch onto
TLS-onlyremote. Switch back to upstream for RCPTCHECK, which applies
cleanly again. Bump PKGREVISION.
(obviating the need for qmail-smtpd(8) to be patched to link OpenSSL).
Make TLS configurable for submission, POP3, and now also incoming SMTP:
- "yes" (startup will fail if cert or DH params are missing)
- "no" (even if they're present, don't offer TLS)
- "auto" (the default: offer TLS iff they're present)
Mention TLS setup in MESSAGE.
Delay SMTP greeting by 2 seconds. Enable zen.spamhaus.org RBL.
Bump version.
- Add STARTTLS support to fixsmtpio(8), which needs to terminate TLS in
order to continue observing requests and responses and do its job.
- Restore missing trailing " ESMTP" in greeting.
- Fix all warnings in acceptutils code.
- Document FIXSMTPIODEBUG, UCSPITLS, and DISABLETLS.
* 3.17.1
--------
* bug fixes:
* 3.17.0
--------
* the minimum GLib requirement is now 2.28.
* the mimimum GTK+2 requirement is now 2.24.
* nettle is now required, following removal of libcrypt from glibc.
* explicit use of --disable-gnutls is now required if gnuTLS support
is not required.
* SOCKS proxy support has been added.
Global settings can be found on the Mail Handling/Proxy page.
This can be overridden by Account settings on the new Proxy page.
* Accounts can now have their own auto-check intervals, or follow the
global interval.
* in the options for 'default selection when entering a folder',
'first [...]' has been renamed to 'oldest [...]', and
'newest [...]' items have been added.
* Message List: when changing sort key by clicking column header,
the sort direction is now preserved
* Message View: keypress handling for scrolling, (PgUp/Down, Space,
Backspace), has been improved.
* the Network Log now displays output from LDAP operations.
* "Go to last error" has been added to the Log Window context menu.
* Filtering/Processing: "mark_as_spam" is no longer a final action,
since it does not move the marked message.
* Filtering/Processing: Resent-From and Resent-To have been added in
Any/All header(s) (in Address Book) matcher rules.
* when a Return-Receipt request is received by an unknown address,
the user is now required to choose which Account to send it from.
* Colour Labels: confirmation is asked for when clearing or
overriding existing colour labels.
* Address Book: basic contact merging has been added.
* NetworkManager support: ported from libnm-util/libnm-glib to libnm.
* Dillo plugin: this HTML rendering plugin is now once again
available.
* RSSyl plugin: the modified time is no longer considered when
matching deleted items.
* RSSyl plugin: Handle 404 and other fetch failures better.
* Attachment Remover plugin: the user is now notified about what has
been done when processing multiple selections.
* SpamAssassin plugin: added support for compression (the server must
have compression enabled, and the local spamc too).
* SpamAssassin plugin: disabled SSLv3.
* when using the hidden preference, hide_timezone, the time in the
Date header is converted to UTC.
* various other UI improvements.
* many behind-the-scenes improvements.
* bug fixes:
* 3.16.0
--------
* Preferences: for the 'default selection on entering a folder' on
the Display/Summaries page, the first new, first unread, and first
marked message options are now sort-order aware.
* Preferences: the previously hidden preference to 'Warn when sending
to more recipients than []' has been added to the
Mail Handling/Sending page.
* Preferences: Toolbars/Compose window: Sign/Encrypt toggle buttons
can been added to the toolbar.
* Preferences: Fancy Plugin: allow stylesheet file/folder names to
have spaces in them.
* Account Preferences: a 'Show password' checkbox has been added next
to the password fields.
* Account Preferences: the OpenPGP and S/MIME preferences have been
split into two separate pages.
* Account Preferences: newline characters are disallowed in account
usernames and passwords, and warnings are shown to the user if this
is attempted.
* Compose: more UTF-8 list-item characters have been added.
* Address book: a 'Show password' checkbox has been added next to the
LDAP server 'bind password' field.
* GPG: full key/signature fingerprints are now shown instead of the
short versions.
* SSL Certificate Manager: added support for ipv6 addresses.
* NNTP: Fetch XOVER and XHDR data in batches of 5000 and use the
statusbar progress meter when opening/refreshing a NNTP folder.
* CLI: the --insert option has been added to --compose, to allow
inserting files from the command line.
* Plugins window: keyboard shortcuts to Load/Unload buttons have
been added.
* PDF Viewer Plugin: a print button has been added.
* The HTML parser now supports all entities.
* Tools: a simple bash completion helper has been added,
tools/bash_completion/claws-mail.
* Bug fixes:
* 3.15.1
--------
* Bug fixes:
* 3.15.0
--------
* More granular options on when to open a selected message have been
added. There are now several checkboxes on the Display/Summaries
page of the Preferences which allow a greater flexibility.
* Compose window: Show the total size of attachments on the
Attachments tab.
* Compose window: Bcc has been added to the headers drop-down list.
* Folder list: Top-level folders can now be copied. They are created
as regular folders in the target mailbox.
* Folder selection dialogue: Left/right keys collapse/expand rows.
Further keypress will move the cursor to parent or first child,
respectively.
* Menu items: 'Mark all unread [recursively]' has been added to the
folder context menu, message list menu, and the main window menu
and toolbar.
* Toolbar actions: Mark, Unmark, Lock, Unlock, Mark [all] read, Mark
[all] unread, Ignore Thread, Watch Thread, and Delete Duplicate
Messages have been added to the main window toolbar's Actions list.
* Account compose signature: The value of the signature file now
takes a path relative to the user's home directory in addition to a
full path.
* Icon Themes: Support for SVG themes with icon scaling capabilities
has been added. This requires libRSVG 2.40.5 or newer.
* Hidden preferences: colours for specifying Tags, QuickSearch, and
auto-filled header values have been added, both foreground and
background. Respectively, tags_color, tags_bgcolor,
qs_active_color, qs_active_bgcolor, qs_error_color,
qs_error_bgcolor, default_header_color, and default_header_bgcolor.
* Hidden preferences: warn_sending_many_recipients_num, if greater
than zero, a warning dialogue is shown when the number of
recipients exceeds the number given.
* GData plugin: This plugin now requires libgdata version 0.17.2 or
newer.
* TNEF parser plugin: This plugin now uses an external libytnef.
* vCalendar plugin: This plugin now uses an external libical, version
2.0.0 or newer is required.
* Mail Archiver plugin: - updated to support some of the compression
formats up to libarchive 3.2.2
* Several minor UI improvements.
* Bug fixes:
New Features:
* Added --dump-mail option.
* Added --xclient-delim, --xclient-destaddr, --xclient-destport,
--xclient-no-verify, and --xclient-before-starttls options.
Notable Changes:
* XCLIENT can now send multiple XCLIENT requests. Because of this,
--xclient and --xclient-ATTR values are no longer merged into one
string. This breaks previously documented behavior.
* Numerous improvements to the output of --dump and --dump-as-body,
including the ability to limit output by section, layout improvements,
adding missing options to output, and fixing bugs.
Notable Bugs Fixed:
* Fixed bug preventing Proxy from working with --tls-on-connect.
* XCLIENT is now sent after STARTTLS to match with Postfix's expectations.
* Fixed bug which could allow mail sending to proceed without a valid
recipient.
* Replacing a multi-line header via --header or --h-HEADER now replaces
the entire header, not just the first line.
* The option for specifying the local port was documented as --local-port
but implemented as --lport. Both are now documented and implemented.
* Fixed two bugs which prevented interactions between --dump,
--auth-hide-password, --dump-as-body, and --dump-as-body-shows-password
from producing consistent output.
the tag; for instance, "nbqmailofmipd" becomes "nbqmail/ofmipd". Vaguely
redolent of Postfix, and easier to glance at logs now that just about
everything runs similarly from rc.d. Turn off sslserver verbosity by
default. Bump version.
- removed a trailing dot element from @INC, as a workaround for a perl
vulnerability CVE-2016-1238;
- amavis-services: bumping up syslog level from LOG_NOTICE to LOG_ERR
for a message "PID <pid> went away", and removed redundant newlines
from some log messages;
- safe_decode() and safe_decode_utf8(): avoid warning messages
"Use of uninitialized value in subroutine entry"
in Encode::MIME::Header when the $check argument is undefined;
- @sa_userconf_maps has been extended to allow loading of per-recipient
(or per- policy bank, or global) SpamAssassin configuration set from
LDAP. For consistency with SQL a @sa_userconf_maps entry prefixed with
'ldap:' will load SpamAssassin configuration set using the
load_scoreonly_ldap() method; a patch by Atanas Karashenski;
- add some Sanesecurity.Foxhole false positives to the default
list @virus_name_to_spam_score_maps;
- updated some comments;
+++
also add a patch to make it run with perl 5.28 without complaints
about regex syntax
- when users specify an SSL version that no longer exists in the Python
ssl module, do not result in an unhandled exception. Thanks: "nandre".
- catch IMAP UNAVAILABLE temporary error during login. Thanks:
Dario Corti.
This update includes XSS security problem.
RELEASE 1.3.8
-------------
- Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
- Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
- Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
- Fix so Classic skin splitter does not escape out of window (#6397)
- Fix XSS issue in handling invalid style tag content (#6410)
- Fix compatibility with MySQL 8 - error on 'system' table use
- Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
- New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
- Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449)
- Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
- Fix multiple VCard field search (#6466)
- Fix session issue on long running requests (#6470)
- CERTFILE needs to be set early enough for sslserver. Move it to rc.d.
UCSPITLS is application-specific and can stay in the CDB.
- Add PYMSGAUTH_TOLERATE_UNCONFIGURED to the CDB.
- Switch qmailpop3d from tcpserver+qmail-popup to sslserver+authup.
Set UCSPITLS in the CDB to require STLS before USER/PASS.
- Specify a few new required_files.
- Point more precisely at the need to inspect alias/.qmail-*.
- Bump qmail-acceptutils for integrated privsep TLS using ucspi-ssl.
- Switch qmailofmipd rc.d script to sslserver, listening on the network.
- Install control/{pop3,smtp}capabilities, as newly required by authup.
- Organize INSTALL a bit better.
- Remove all vestiges of stunnel, including further shortening MESSAGE.
- Implement SMTP "STARTTLS" and POP3 "STLS", relying on sslserver's UCSPI-TLS.
Derived from s/qmail's implementation.
- Catch up to s/qmail's base64 implementation.
- Implement POP3 "CAPA" verb for POP3.
- Require admin to describe child program in control/{pop3,smtp}capabilities.
- Fix regression from qmail-popup: sleep after auth failure for SMTP only.
- Update authup(8) manual page.
pkgsrc changes:
- Replace security/stunnel dependency with net/ucspi-ssl.
respective dependencies on spamdyke and stunnel. Depend instead on
qmail-acceptutils, which provides SMTP AUTH (and new filtering
functionality) and brings its own unconditional mess822 and stunnel
dependencies. Update rc.d scripts to match.
Use CONF_FILES instead of a bunch of open-coded INSTALL cleverness.
Clean up even better with a little DEINSTALL cleverness to remove CDB
files if their source CONF_FILES are gone.
Install sensible fixsmtpio rules and viruscan signatures.
Tighten MESSAGE. The basics have gotten pretty easy. Bump version.
patch and the AUTH patch conflict, nobody else has published a newer
hand-merged combo patch, and as it happens, I'd apparently rather
write a pile of new DJB-style C than make myself responsible for
hand-merging other people's security-sensitive code every time there's
a new TLS patch.
Now that we have AUTH without patching (see mail/qmail-acceptutils), the
"sasl" option goes away, we're finally on the most recent TLS patch
available, and when it's updated it'll be easy for us to keep up.
Rebase RCPTCHECK and EAI patches onto netqmail-with-TLS-and-no-AUTH.
Bump PKGREVISION.
Changelog v0.5.3:
- Fix assertion panic occurring when managesieve service fails to open
INBOX while saving a Sieve script. This was caused by a lack of
cleanup after failure.
- Fix specific messages causing an assert panic with actions that
compose a reply (e.g. vacation). With some rather weird input from the
original message, the header folding algorithm (as used for composing
the References header for the reply) got confused, causing the panic.
- IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command parsing.
After finishing reading the Sieve script, the command parsing
sometimes didn't continue with the search arguments. This is a time-
critical bug that likely only occurs when the Sieve script is sent in
the next TCP frame.
2.3.3:
* doveconf hides more secrets now in the default output.
* ssl_dh setting is no longer enforced at startup. If it's not set and
non-ECC DH key exchange happens, error is logged and client is
disconnected.
+ Added log_debug=<filter> setting.
+ Added log_core_filter=<log filter> setting.
+ quota-clone: Write to dict asynchronously
+ --enable-hardening attempts to use retpoline Spectre 2 mitigations
+ lmtp proxy: Support source_ip passdb extra field.
+ doveadm stats dump: Support more fields and output stddev by default.
+ push-notification: Add SSL support for OX backend.
- NUL bytes in mail headers can cause truncated replies when fetched.
- director: Conflicting host up/down state changes may in some rare
situations ended up in a loop of two directors constantly overwriting
each others' changes.
- director: Fix hang/crash when multiple doveadm commands are being
handled concurrently.
- director: Fix assert-crash if doveadm disconnects too early
- virtual plugin: Some searches used 100% CPU for many seconds
- dsync assert-crashed with acl plugin in some situations.
- mail_attachment_detection_options=add-flags-on-save assert-crashed
with some specific Sieve scripts.
- Mail snippet generation crashed with mails containing invalid
Content-Type:multipart header.
- Log prefix ordering was different for some log lines.
- quota: With noenforcing option current quota usage wasn't updated.
- auth: Kerberos authentication against Samba assert-crashed.
- stats clients were unnecessarily chatty with the stats server.
- imapc: Fixed various assert-crashes when reconnecting to server.
- lmtp, submission: Fix potential crash if client disconnects while
handling a command.
- quota: Fixed compiling with glibc-2.26 / support libtirpc.
- fts-solr: Empty search values resulted in 400 Bad Request errors
- fts-solr: default_ns parameter couldn't be used
- submission server crashed if relay server returned over 7 lines in
a reply (e.g. to EHLO)
qmail. It avoids patch conflicts, adds new user-controlled features, and
is more consistent with qmail's design.
To SMTP-authenticate users without patching ofmipd(8) or qmail-smtpd(8),
compose the following programs into your configuration:
- reup runs a program repeatedly until it succeeds.
- authup offers SMTP or POP3 authentication and calls checkpassword.
- checknotroot refuses to run as UID 0.
- fixsmtpio filters SMTP I/O and exit status to suit authup.
From Attila Fueloep in pull request NetBSD/pkgsrc#32.
Apache SpamAssassin 3.4.2 contains numerous tweaks and bug fixes over the
past three and 1/2 years. As we release 3.4.2, we are preparing 4.0.0 which
will move us into a full UTF-8 environment. We expect one final 3.4.3
release.
As with any release there are a number of functional patches, improvements as
well as security reasons to upgrade to 3.4.2. In this case we have over 3
years of issues being resolved at once. And we are laying thr groundwork for
version 4.0 which is is designed to more natively handle UTF-8.
However, there is one specific pressing reason to upgrade. Specifically, we
will stop producing SHA-1 signatures for rule updates. This means that while
we produce rule updates with the focus on them working for any release from
v3.3.2 forward, they will start failing SHA-1 validation for sa-update.
*** If you do not update to 3.4.2, you will be stuck at the last ruleset
with SHA-1 signatures in the near future. ***
Full release notes at http://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.2.txt.
- nullmailer-send no longer generates bounces for rejected bounces.
Thanks Fejes József
- Fixed compile error in sendmail on GCC older than 4.9.
- Fixed treating authentication failure as message rejection.
Thanks Fejes József
- nullmailer-inject now sets the full name of the sender to the user
name as a fallback. This helps distinguish system sent messages when
the MTA rewrites the address (as does GMail, for example).
- Fixed compatibility issue with gnutls 3.6 (and possibly others).
- [Feature] Add arguments schemas to processors and extractors
- [Feature] Add functional selectors library
- [Feature] Add generic selector to reputation module
- [Feature] Add more ratelimits: by digest, by attachments data, by
filenames
- [Feature] Add preliminary stop words detection support
- [Feature] Add pure Lua debugm function
- [Feature] Add schema validation for Redis settings
- [Feature] Add selectors combine function
- [Feature] Add some recursion protection to lua logger
- [Feature] Add support for Lua API tracing
- [Feature] Allow to apply schema to arguments
- [Feature] Allow to get dkim signing data directly from HTTP headers
- [Feature] Allow to reuse existing authentication results
- [Feature] Cache selectors results in re runtime
- [Feature] Implement new text tokenizer based on libicu
- [Feature] Integrate selectors framework to multimap
- [Feature] Relax FORGED_RECIPIENTS
- [Feature] Support (almost) all html entities
- [Feature] Support adding and deletion of recipients in the milter
block
- [Feature] Support gathering HTTP body from fragments in lua_http
- [Feature] Support multi flag in regexp and glob maps
- [Feature] Support selectors in ratelimit module
- [Feature] Support selectors in settings
- [Feature] Use khash in HTML parser
- [Feature] Use pure Lua debugm function
- [Fix] Add fail-safety for destroying sessions
- [Fix] Allow to add result-less fake DNS records
- [Fix] Another try to fix race conditions on config unload
- [Fix] Call Lua callback on DNS timeouts
- [Fix] Deprecate task:inc_dns_req as it is redundant
- [Fix] Do not allow events deletions on cleanup
- [Fix] Do not try to process skipped messages
- [Fix] Fix HTTP requests with no body
- [Fix] Fix another cleanup race condition
- [Fix] Fix bug in processing of pcre regexps
- [Fix] Fix byte array allocation in the pool
- [Fix] Fix crashes on task cleanup
- [Fix] Fix dynamic buckets in ratelimits
- [Fix] Fix endless loop when waiting for Rspamd to stop
- [Fix] Fix lua_util.str_split in case of delimiters set
- [Fix] Fix more issues with watching of async events
- [Fix] Fix stop words detection and loading logic
- [Fix] Fix various corner cases for language detection
- [Fix] Fix watchers in lua_tcp
- [Fix] Fix words decay algorithm
- [Fix] Implement watchers replacement to handle nested calls
- [Fix] Save faked code into fake dns record
- [Fix] Show the proper frame when using lua_util.debugm
- [Fix] Use fake dns records in tests
- [Fix] Use unicode replacements for HTML entities
- [Fix] fixed "cannot find dependency on symbol 1" issue when using
replaced symbols in spamassassin rules
- [Fix] partition_id is not available in old versions of CH
- [Project] Add implicit conversion logic to selectors
- [Project] Add initial support for selectors in regexps
- [Project] Add method concept
- [Project] Further changes in unicode operations
- [Project] Implement Clickhouse migrations
- [Project] Implement implicit conversions to userdata
- [Project] Implement insert method
- [Project] Implement selectors registration for regular expressions
- [Project] Implement selectors support in re_cache
- [Project] Improve language detector: cleanup unused files,
categorize
- [Project] Migrate CH data to a fat table
- [Project] Rework selectors logic
- [Project] Start Clickhouse utilities library
- [Project] Start unicode rework
- [Project] coroutine threaded model for API calls: thread pool
- [Rework] Move phishtank to a DNS based service
- [Rework] Rework Clickhouse plugin to use the new API
- [Rework] Rework language detector
- [Rework] Rework utf content processing in text parts
- [WebUI] Add progress bar for AJAX requests
- [WebUI] Avoid errors table reinitialization
- [WebUI] Avoid history table reinitialization
- [WebUI] Avoid throughput summary table reinitialization
- [WebUI] Destroy summary table on disconnect
- [WebUI] Fix "auth" request URL
- [WebUI] Fix disabling and hiding controls on page reload
- [WebUI] Fix maps loading from neighbours
- [WebUI] Fix symbols sorting by score
- [WebUI] Fix tables destroying
- [WebUI] Fix throughput data consolidation
- [WebUI] Fix upload buttons disabling
## 3.2.2 / 2018-08-12
* Hiroto Fukui removed a stray `debugger` statement that I had used in
producing v3.2.1. [#137][]
## 3.2.1 / 2018-08-12
* A few bugs related to MIME::Types::Container and its use in the
mime-types-data helper tools reared their head because I released 3.2
before verifying against mime-types-data.
## 3.2 / 2018-08-12
* 2 minor enhancements
* Janko Marohnić contributed a change to `MIME::Type#priority_order` that
should improve on strict sorting when dealing with MIME types that
appear to be in the same family even if strict sorting would cause an
unregistered type to be sorted first. [#132][]
* Dillon Welch contributed a change that added `frozen_string_literal:
true` to files so that modern Rubies can automatically reduce duplicate
string allocations. [#135][]
* 2 bug fixes
* Burke Libbey fixed a problem with cached data loading. [#126][]
* Resolved an issue where Enumerable#inject returns +nil+ when provided
an empty enumerable and a default value has not been provided. This is
because when Enumerable#inject isn't provided a starting value, the
first value is used as the default value. In every case where this
error was happening, the result was supposed to be an array containing
Set objects so they can be reduced to a single Set. [#117][], [#127][],
[#134][].
* Fixed an uncontrolled growth bug in MIME::Types::Container where a key
miss would create a new entry with an empty Set in the container. This
was working as designed (this particular feature was heavily used
during MIME::Type registry construction), but the design was flawed in
that it did not have any way of determining the difference between
construction and querying. This would mean that, if you have a function
in your web app that queries the MIME::Types registry by extension, the
extension registry would grow uncontrollably. [#136][]
* Deprecations:
* Lazy loading (`$RUBY_MIME_TYPES_LAZY_LOAD`) has been deprecated.
* Documentation Changes:
* Supporting files are now Markdown instead of rdoc, except for the
README.
* The history file has been modified to remove all history prior to 3.0.
This history can be found in previous commits.
* A spelling error was corrected by Edward Betts ([#129][]).
* Administrivia:
* CI configuration for more modern versions of Ruby were added by Nicolas
Leger ([#130][]), Jun Aruga ([#125][]), and Austin Ziegler. Removed
ruby-head-clang and rbx (Rubinius) from CI.
* Fixed tests which were asserting equality against nil, which will
become an error in Minitest 6.
## 3.2018.0812 / 2018-08-12
* Added `.xsd` extension to `text/xml`. [#10][]
* Added `.js` and `.mjs` extensions to `text/ecmascript` and
`text/javascript`. [#11][]
* Added `.ipa` extension to `application/octet-stream`. [#12][]
* Moved extensions `.markdown` and `.md` and added `.mkd` extension to
`text/markdown`. [#13][]
* Because of a bug found with mime-types 3 before 3.2.1, this version
requires mime-types 3.1 or later to manage data.
* Updated the IANA media registry entries as of release date. The biggest
major change here is the addition of the `font/` top-level media type.
* MIME type changes not introduced by pull requests will no longer be
individually tracked.
* Clarified that the YAML editable format is not shipped with the Ruby gem
for size considerations.
1.2:
mprove the documentation on enabling STARTTLS.
Add customizable ident field to SMTP class constructor.
Remove asyncio.coroutine decorator as it was introduced in Python 3.5.
Add Controller docstring, explain dual-stack binding.
Gracefully handle ASCII decoding exceptions.
Fix typo.
Improve Controller ssl_context documentation.
Add timeout feature.
- Network timeout handling has been added.
- Support for proper Maildir++ and a Maildir sub-folder naming style
without extra dots have been added.
- Support for TLS client certificates was added.
- Support for recovering from baseless UID validity changes was added.
- The get-cert script was renamed to mbsync-get-cert.
pkgsrc changes:
- Update HOMEPAGE and MASTER_SITES
- Remove inet6 option (it was actually a no-op)
- Adjust libidn dependency to libidn2 per 1.8.0 change
- Cleanup the options.mk a bit: no need to add pkg-config to USE_TOOLS, it was
already needed as tool and remove all --with-*-prefix= because pkg-config is
used for that
Changes:
Version 1.8.0:
- A minimal SMTP server called msmtpd was added that listens on the local host
and pipes mails to msmtp (or another program). It is intended to be used with
system services that cannot be configured to call msmtp directly. You can
disable it with the configure option --without-msmtpd.
- Using OpenSSL is discouraged and may not be supported in the future. Please
use GnuTLS instead. The reasons are explained here:
https://marlam.de/msmtp/news/openssl-discouraged/
- As using GNU SASL is most likely unnecessary, it is disabled by default now.
Since everything uses TLS nowadays and thus can use PLAIN authentication, you
really only need it for GSSAPI.
- If your system requires a library for IDN support, libidn2 is now used instead
of the older libidn.
- The CRAM-MD5 authentication method is marked as obsolete / insecure and will
not be chosen automatically anymore.
- The passwordeval command does not require the password to be terminated by a
new line character anymore.
- The new logfile_time_format command allows to customize log file time stamps.
- Builtin default port numbers are now used instead of consulting /etc/services.
- Support for DJGPP and for systems lacking vasprintf(), mkstemp(), or tmpfile()
is removed.
Version 1.6.8:
- Add --source-ip option and source_ip command to bind the outgoing connection
to a specific source IP address.
- Enable SNI for TLS
Version 1.6.7:
- Add support for ~/.config/msmtp/config as configuration file
- Add network timeout handling on Windows
- Fix command line handling of SHA256 TLS fingerprints
- Fix SIGPIPE handling (affects at least Mac OS X)
- Add french translation, and update german translation
- Fix missing config files (pkg/53577).
The most important features and fixes
- Ratelimits are reworked and now work as intended (and documented)
- Clickhouse module supports data retention policies
- Reworked C modules to avoid global contexts (simplifies leaks
detection on reload)
- Reputation plugin now supports SPF records reputation
- WebUI code is now even more conformant to the modern JS standards
- Maps are now distributed remotely with local file safety fallback to
allow faster maps update without waiting for a new release
- Antivirus module checks attachments only (as decoded content) in
attachments_only mode to improve AV performance by hiding the mime
content from them
Full list of the meaningful changes
- [CritFix] Fix caseless comparison of equal length strings
- [Feature] Add HTTP basic auth support to elastic and clickhouse
plugins
- [Feature] Add SPF selector to reputation
- [Feature] Add support of the fallback backends for HTTP maps
- [Feature] Allow to print full mime structure when extracting mime
data
- [Feature] Allow to split symbols in reputation plugin
- [Feature] Check attachments only on AV scanners in attachments_only
mode
- [Feature] Disable all SSL checks if ssl_no_verify flag is set
- [Feature] Implement parsing of scoped IPv6 addresses
- [Feature] Improve rspamc counters output
- [Fix] Add sanity checks when expanding SPF macros
- [Fix] Allow to parse SA rules with no spaces around =~ (dirty hack)
- [Fix] Avoid one extra byte writing
- [Fix] Deal with direct hash table
- [Fix] Detect empty text part as text, not HTML
- [Fix] Do not reduce map watch timeout for mixed http/file maps
- [Fix] Fix HTML part detection heuristic
- [Fix] Fix double free in redirectors cleanup
- [Fix] Fix legacy history handling in the controller
- [Fix] Fix messages insertion
- [Fix] Fix sending string method
- [Fix] Fix statconver command line arguments
- [Fix] Fixed argument checking for being null
- [Fix] Fixed issues reported by luacheck
- [Fix] Freeze updates queue when do actual storage update
- [Fix] HTTP map hash is per-backend and not per-map
- [Fix] Plug memory leak in fuzzy updates
- [Fix] Prefer 'MTA-Name' when producing authentication results
- [Fix] Replace bad unicode sequences instead of stopping on them
- [Fix] Set classifier version on learning
- [Project] Reworked ratelimits
- [Project] Apply topological sorting for symbols in Rspamd
- [Project] Remove global contexts from C modules
- [Project] Move performance critical hash tables to khash
- [WebUI] Avoid unused indexes
- [WebUI] Do not execute on_success callback
- [WebUI] Fix history reset for "All SERVERS" (#2346)
- [WebUI] Fix query URL for selected server
- [WebUI] Fix symbols display in legacy history,
- [WebUI] Hide symbols order selector for legacy history
- [WebUI] Refactor query functions into one
- [WebUI] Remove previously-attached event handlers
- [WebUI] Save symbols to the selected server
- [WebUI] Unify arguments of query functions
- [WebUI] Use common query functions to get graph data
- [WebUI] Use common query functions to save symbols
version 3.007: Mon 3 Sep 07:58:36 CEST 2018
Changes:
- nicer algorithm to generate disposition filenames.
Fixes:
- fix metadata [Mohammad S Anwar]
- enforce stringification on ::Field::Attribute->new(value) [Andy Beverley]
- dispositionFilename() accepts (some) blanks, strips more chars
rt.cpan.org#125350 [Gary Funck]
- understand quotes in a field body for get() [Andy Beverley]
Improvements:
- add pod tester
hypermail uses libtrio, which overloads <stdio.h> functions by macros.
With _FORTIFY_SOURCE > 0, <stdio.h> loads <ssp/stdio.h> which does
the same, and we get macro redefinition errors.
Update DEPENDS
Upstream changes:
1.004 Sun 19 Aug 2018
- No functional changes
- Tests powered by JSON::PP instead of JSON::XS
- Simplified tests with fewer dependencies
The mblaze message system is a set of Unix utilities to deal with
mail kept in Maildir folders.
Its design is roughly inspired by MH, the RAND Message Handling
System, but it is a complete implementation from scratch.
Packaged by Sunil Nimmagadda and submitted via PR pkg/53517 and pkgsrc-wip.
RELEASE 1.3.7
-------------
- Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244)
- Fix bug where some parts of quota information could have been ignored (#6280)
- Fix bug where some escape sequences in html styles could bypass security checks
- Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names
- Fix bug where only attachments with the same name would be ignored on zip download (#6301)
- Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299)
- Fix bug where after "mark all folders as read" action message counters were not reset (#6307)
- Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289)
- Fix bug where some HTML comments could have been malformed by HTML parser (#6333)
This subclass of Tie::Handle::Offset automatically hides an email-style
message header. After opening the file, it reads up to a blank or
white-space-only line and sets the offset to the next byte.
on finding "nbcheckpassword" (which, at present, might be either
checkpassword-pam or DJB's original).
Depend (unconditionally) on mail/qmail-rejectutils, instead of having it
as an option on mail/qmail.
Bump version.
can (by itself depending on pkgtools/pkg_alternatives) expect to find
"nbcheckpassword".
Remove 'qmail-rejectutils' option, which will become an unconditional
dependency in qmail-run.
Bump PKGREVISION.
1.7.8: 12 Jul 2018
- [Feature] Add more extended statistics about fuzzy updates
- [Feature] Add more non-conformant Received headers support
- [Feature] Add preliminary function to get fuzzy hashes from text in
Lua
- [Feature] Allow to configure AV module rejection message
- [Feature] Implement fuzzy hashes extraction in mime tool
- [Feature] Improve WHITE_ON_WHITE rule
- [Feature] Improve integer -> string conversion
- [Feature] Reuse maps in multimap module more aggressively
- [Fix] Avoid race condition in skip map as pool lifetime is not
enough
- [Fix] Eliminate all specific C plugins pools
- [Fix] Fix DKIM check rule if DNS is unavailable
- [Fix] Fix build where ucontext is defined in ucontext.h
- [Fix] Fix crash in base url handling
- [Fix] Fix descriptors leak in sqlite3 locking code
- [Fix] Fix messages quarantine
- [Fix] Fix padded numbers printing
- [Fix] Fix race condition on maps reinit
- [Fix] Fix regexp functions when no data is passed
- [Fix] Fix specific urls extraction
- [Fix] Fix styles propagation
- [Fix] Improve resetting of the limit buckets
- [Fix] Initialize sqlite3 properly
- [Fix] Work with broken resolvers in resolv.conf
- [Project] Implement HTTP maps caching
- [Project] Refresh fuzzy hashes when matched
- [Project] Add logic to deduplicate fuzzy updates queue
- [WebUI] Add missed declarations
- [WebUI] Avoid using "undefined" property
- [WebUI] Do not accept passwords containing control characters
- [WebUI] Do not redeclare variables
- [WebUI] Enable strict mode,
- [WebUI] Fix variable assignment
- [WebUI] Initialize variables at declaration
- [WebUI] Remove duplicated path from RequireJS config
- [WebUI] Remove unused block
- [WebUI] Remove unused variable
- [WebUI] Remove unused variables
- [WebUI] Use self-explanatory notation
- [WebUI] Use type-safe equality operators
1.7.7: 02 Jul 2018
- [CritFix] Check NM part of pubkey to match it with rotating keypairs
- [CritFix] Do not overwrite PID of the main process
- [CritFix] Fix maps after reload
- [CritFix] Fix maps race conditions on reload
- [CritFix] Fix shmem leak in encrypting proxy mode
- [Feature] Add a concept of ignored symbols to avoid race conditions
- [Feature] Add ability to print bayes tokens in rspamadm mime
- [Feature] Add method to get statistical tokens in Lua API
- [Feature] Add preliminary mime stat command
- [Feature] Add rspamadm mime tool
- [Feature] Add urls extraction tool
- [Feature] Address ZeroFont exploit
- [Feature] Allow rspamadm mime to process multiple files
- [Feature] Allow to extract words in `rspamadm mime`
- [Feature] Allow to print mime part data
- [Feature] Allow to show HTML structure on extraction
- [Feature] Distinguish IP failures from connection failures
- [Feature] Improve output for mime command
- [Feature] Improve styles propagation
- [Feature] Main process crash will now cleanup all children
- [Feature] Preload file and static maps in main process
- [Feature] Print stack trace on crash
- [Feature] Process font size in HTML parser
- [Feature] Propagate content length of invisible tags
- [Feature] Read ordinary file maps in chunks to be more safe on
rewrites
- [Feature] Support base tag in HTML
- [Feature] Support more size suffixes when parsing HTML styles
- [Feature] Support opacity style
- [Fix] Another fix for nested composites
- [Fix] Fill nm id in keypairs cache code
- [Fix] Fix colors alpha channel handling
- [Fix] Fix destruction logic
- [Fix] Fix double free
- [Fix] Fix maps preload logic
- [Fix] Fix nested composites process
- [Fix] Fix proxying of Exim connections
- [Fix] Fix reload crash
- [Fix] Fix rspamadm -l command
- [Fix] Update ed25519 signing schema
- [WebUI] Stop using "const" declaration
- [WebUI] Update RequireJS to 2.3.5
1.7.6: 15 Jun 2018
- [CritFix] Fix multiple neural networks support
- [Feature] Add decryption function to keypair command
- [Feature] Add gzip compression for HTTP requests in elastic module
- [Feature] Add gzip methods to lua util
- [Feature] Add maps based on Top Level Domains
- [Feature] Add pubkey checks for dkim_signing
- [Feature] Add support of fake DNS records
- [Feature] Add tool to encrypt files
- [Feature] Allow to add symbols using settings directly
- [Feature] Allow to match private and public keys for DKIM signatures
- [Feature] Allow to set task flags via settings
- [Feature] Allow to specify fake DNS address from the config
- [Feature] Implement signatures verification using rspamadm keypair
- [Feature] Implement signing using `rspamadm keypair`
- [Feature] Improve error reporting for DKIM key access issues
- [Feature] Provide $HOSTNAME variable in UCL
- [Feature] Rework levenshtein distance computation
- [Feature] Split message parsing and processing
- [Feature] Support ED25519 DKIM signatures
- [Feature] Support encrypted configs in UCL
- [Feature] Suppress duplicate warning on very large radix tries
- [Feature] Use OSB to combine header names
- [Fix] Cleanup maps data on shutdown
- [Fix] Fix '~' behaviour in composites
- [Fix] Fix HTTP maps updates
- [Fix] Fix NIST signatures
- [Fix] Fix RFC822 comments when processing a mime address
- [Fix] Fix double free
- [Fix] Fix dynamic settings application
- [Fix] Fix for CommuniGate Pro maillist
- [Fix] Fix keypair creation method to actually create keypair...
- [Fix] Fix matching patterns with no paths
- [Fix] Fix memory leak in parsing comments
- [Fix] Fix parsing of urls with numeric password
- [Fix] Fix plugins intialisation in configwizard
- [Fix] Fix potential crash on reload
- [Fix] Fix potential race condition for a finished HTTP connections
- [Fix] Fix race-condition leak on processes reload
- [Fix] Fix signing in openssl mode
- [Fix] Free language detector structures
- [Fix] Relax alignment requirements
- [Fix] Send DMARC reports compressed
- [Fix] Try to fix leak in dmarc module
- [Fix] Try to plug memory leak in metric exporter
- [Project] Convert rspamadm subcommands to Lua
- [WebUI] Display smtp sender/recipient in history
- [WebUI] Fix elements disabling in "Symbols" tab
- [WebUI] Limit recipients list in history column to 3
- [WebUI] Match envelope and mime addresses following in arbitrary
order
- [WebUI] Update column header
- [WebUI] Wrap addresses in history
1.7.5: 18 May 2018
- [Conf] Add MSBL proposed return codes
- [Conf] Add additional groups for policies
- [CritFix] Do not use volatile Lua strings as UCL keys
- [Feature] Add ability to add fuzzy hashes to headers
- [Feature] Add function to extract most meaningful urls
- [Feature] Add rule to block mixed text and encrypted parts
- [Feature] Allow multiple groups for symbols
- [Feature] Allow to disable lua squeezing logic
- [Feature] Allow to get multipart children in Lua
- [Feature] Allow to insert multiple headers from milter headers
- [Feature] Allow to print scores in subject and further extensions
- [Feature] Be more error-prone in squeezed rules
- [Feature] Support multiple return codes in emails module
- [Feature] Use EMA for calculating averages
- [Feature] Use common jit cache for all regexps
- [Feature] support for CommuniGate Pro self-generated messages
- [Fix] Allow to have multiple values for headers as arrays
- [Fix] Do not open sockets for disabled workers
- [Fix] Fix AuthservId
- [Fix] Fix base64 folding in Lua API
- [Fix] Fix build on non-x86 platforms
- [Fix] Fix cached maps logic
- [Fix] Fix compatibility with old maps query logic
- [Fix] Fix crash if skip_map is used
- [Fix] Fix importing static maps from UCL
- [Fix] Fix parsing of unix sockets
- [Fix] Fix raw_mime regexp on HTML part with no text content
- [Fix] Fix tables logging
- [Fix] Fix vertical tab handling in libucl
- [Fix] Try to fix frequency counters
- [Fix] Use better sharding for ip_score
- [Fix] Use multiple results from SURBL DNS reply
- [Fix] When doing AV scan select a different server for retransmit
Changelog:
changed
Thunderbird will now prompt to compact IMAP folders even if the account is online. Note: Under certain circumstances an incorrect estimate of the expected gain is shown.
fixed
Complete fix of the EFAIL vulnerability: 1) Removing some HTML crafted to carry out an attack. 2) Optionally: Not decrypting subordinate message parts that otherwise might reveal decrypted content to the attacker. Preference mailnews.p7m_subparts_external needs to be set to true for added security.
fixed
Various problems when forwarding messages inline when using "simple" HTML view
fixed
Deleting or detaching attachments corrupted messages under certain circumstances (not working only in Thunderbird version 52.9.0)
fixed
Various security fixes
Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML emails
#CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing enter in form field
#CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 52.9
Each R package should include ../../math/R/Makefile.extension, which also
defines MASTER_SITES. Consequently, it is redundant for the individual
packages to do the same. Package-specific definitions also prevent
redefining MASTER_SITES in a single common place.
Patch (minus the mtest.c one) from Marco Beishuizen in PR pkg/53437.
Additions include:
- PC-Alpine: New configuration option "Aspell Dictionaries"
allows a user to choose the dictionary used to spell check, in case the
user communicates in more than one language. Examples of values for the
variable are "en_US" or "de_DE", etc. Only the first
10 dictionaries are offered.
- Unix-Alpine: Connect securely to a LDAP server on a secure port. Based
on a contribution by Wang Kang.
- Colors configured in Alpine are inherited in the composer.
- When Alpine is compiled with password file and SMIME support the
password file is encrypted using a private key/public certificate pair. If
one such pair cannot be found, one will be created.
- Alpine builds with any version of OpenSSL greater than or equal to
1.0.0c. This includes version 1.1.0. Alpine also builds with LibreSSL.
- New SHORTSUBJECT, SHORTSUBJKEY and SHORTSUBJKEYINIT token for index
format, which removes text in the SUBJECT between "[" and "]".
- New SMARTTIME24 token for index screen. It is close to SMARTDATETIME but
it differns in that it gives the time in which the message was sent for
messages that are less than a week old. it uses a 24 hour format.
- Alpine will include attachments when forwarding some
multipart/alternative messages for which it did not use to include
attachments.
- New configuration option alternate-reply-menu which adds more ways to
control features and variables when you start to reply to a message.
- Added support for RFC 2971 - IMAP ID extension.
- Add configuration ignore-size-changes that allows users to ignore errors
in the computation of the size of a message from defective servers.
- SMIME: Upgrade the default signature digest from sha1 to sha-256, since
clients such as Thunderbird do not validate signatures that use sha1 digest.
- Add the configuration variable "default-directories", which is
called default-directories, which is a variable saves a list of
directories that are readily accessible for save or export of attachments.
This makes it easier to save attachments in directories that are hard to
navigate to, or that are accessed frequently.
- When a filename is attached and its name is encoded, the save attachment
command will offer to save the file in the encoded form. This might work
for some users, but the save command will have a subcommand ^N to decode
the file name and save the file with the decoded name.
- The TAB key allows autocomplete in the Fcc field in the composer
headers, as well as autocompletes automatically when only one possibility
exists for the ^J attach command.
- Add support for the "TYPE" and "VALUE" attributes of
the html OL tag.
- Ignore message from smtp server after a successful authentication
challenge.
- When a message is saved in the Form Letter folder, add the ability to
save the role being used to compose such message so that settings such as
the SMTP server set in the role can be used when sending such form
message. Suggested and patched by Frank Doepper.
- If SSLDIR is defined somehow, do not disable S/MIME if the SSLCERTSDIR
is not found.
- When Alpine sends an attachment, it will set the boundary attribute in
lower case, as some SMTP servers, such as those of libero.it reject
messages if the boundary attribute is in uppercase.
- Add the ability to change the private key and certificates used to
encrypt a password file in the SMIME setup configuration screen.
- SMIME: The ctrl-E command that gives information on the certificate is
only available for messages that have a signed or encrypted part.
- SMIME: If a message contains a RFC822 attachment that is
signed/decrypted add the ability to view its SMIME information.
- SMIME: Certificate information in the S/MIME screen is available for
certificates stored in a container.
- SMIME: Offer the common name of the person, instead of the name of file
containing the certificate, as the name to be displayed in the certificate
management screen for certificate authorities. Suggested by Matthias
Rieber.
- SMIME: Management of several alternate name (SAN) certificates is
improved. When importing a SAN certificate, also import a certificate for
the filename, besides for the e-mail addresses in the certificate.
Suggested by Matthias Rieber.
- SMIME: add full year when displaying information about a certificate in
the certificate management screen. Suggested by Matthias Rieber.
- SMIME: sort certificates by some type of alphabetical order in the
displayed name.
- SMIME: Alpine will ask users if they wish to save S/MIME certificates
included in signatures, when the option "Validate Using Certificate Store
Only" is enabled. If the user does not wish to save it, validation will
fail.
- HTML: Add support for decoding entities in hexadecimal notation.
Suggested by Tulipant Gergely.
- The "#" command, when used as part of an aggregate operation will allow
users to select the role used in either replying, forwarding or replying
to the group of selected messages, Suggested by Hisashi T Fujinaka.
- If the charset of a message can not be determined, use the value set in
the unknown charset set value for its value.
- Resizing setup screen will redraw screen.
- Unix Alpine only. Experimental: If Alpine/Pico finds a UCS4 code in the
width ambiguous zone, it will use other means to determine the width, such
as call wcwidth.
- Pico: Code reorganization in the search command to make it easier to add
subcommands of the search command.
- Pico: Search command can do a case sensitive match. Use the Ctrl-^
subcommand of the search command to bring this choice into view.
- Pico: Add the ability to search for strings in the beginning or end of a
line. Use the Ctrl-^ subcommand of the search command to bring this choice
into view.
- For a multipart/alternative message, the Take Address command will work
on the part that is being read.
- When sending a message, allow for 512 characters of consecutive
non-white space before folding the subject line.
- Make sure titlebar (the line at the top of the screen) always contains
the name of the folder/newsgroup that is open, if this fits in the title.
- The feature scramble-message-id will also scramble the name, version and
operative system in the message-id header. Based on a contribution by
Dennis Davis, which is itself based on a contribution by Mark Hills.
- Change in logic in imap_set_password function to make Alpine ask if a
user wants to save a password before reading the password file.
- When exporting all parts of a message, if two attachments have the same
name, do not overwrite a file more than once, but instead add a counter
number to the filename to make a new file that does not exist in the file
system.
- Add the Control-R subcommand to the save command for attachments. This
subcommand toggles if the saving will be done in binary mode for text
attachments. When a user saves an attachment using binary mode it will be
saved as it was sent, otherwise the attachment will be transformed to
UTF-8 for further transformation through internal and user defined filters
for saving.
- Add command line argument -smimedir, which allows to specify the default
path for a directory that contains the public, private, and ca
directories. This is useful in case a user has a backup of old
certificates that cannot be installed in the ~/.alpine-smime dir.
- Reimplementation of the code that allows the .pinerc file to be a
symbolic link by Kyle George from tcpsoft.com to use realpath.
- When saving an attachment, the "^T" command leads to a screen where the
"A" command can be used to add a file. A directory can be added by
pressing "^X" after the "A" command. Added after a suggestion by Stefan
Goessling.
- When saving an attachment, the ^Y and ^V commands allow a user to scroll
through the history of directories used to save attachments, while
preserving the given name of the file. Suggested by Peter Koellner.
- SMIME: Turn off automatic signing and encrypting of a message when
bouncing. Suggested after a discussion with Matthias Rieber.
- When messages are selected, warn the user if a message that is not
selected will be bounced, or if not all selected messages will be bounced.
Suggested by Ulf-Dietrich Braumann.
- The bounce command adds a subcommand to choose a role.
- When selecting messages by number, the "." character can be
used to specify the message on which the cursor is on.
- When Alpine opens an attachment, it sometimes changes the extension of
the file that is being opened and replaces it by another for the same mime
type. If Alpine finds that the extension of the file corresponds with the
mime type, according to the mime-types file, then it will keep it, and no
substitution will be made.
- Set no restrictions on the length of encoded subjects, but encode words
in length of no more than 75 characters.
Bugs that have been addressed include:
- SMIME: Crash when a certificate has an invalid date of validity. Also
Alpine will use the function ASN1_TIME_print to determine the date of
validity. Reported by Ben Stienstra.
- SMIME: Crash when attempting to unlock the password file and an
incorrect password is entered.
- SMIME: Crash when checking the signature of a message that contains a
RFC822 attached message. Reported by Holger Trapp and Bjorn Krellner.
- SMIME: Cancelling entering password to unlock key will not reprompt.
- SMIME: fix a bug that did not allow users to transfer certificates to
remote containers. Reported by Matthias Rieber.
- SMIME: certificates included in messages were not being transferred to a
remote container.
- SMIME: Crash if public certificates are located in an inaccessible
remote server and the private key is not available.
- SMIME: Alpine does not remove temporary files created when adding a CA
certificate to a container. Reported by Holger Trapp.
- SMIME: When reading a local certificate, Alpine converts the name of the
certificate to lowercase, which may make Alpine not be able to read such
certificate. Reported by Dennis Davis.
- SMIME: If the option "Remember S/MIME Passphrase" is disabled, then
entering a password to read an encrypted message will make Alpine forget
the key and not ask the password to unlock it again in case it is
necessary to unlock it again. Reported by Ulf-Dietrich Braumann.
- Alpine would use freed memory while trying to compute the color of the
titlebar. This happened when trying to continue a postponed message.
- Alpine failed to read an encrypted password file if too many passwords
were saved in the password file.
- When selecting messages while in Threaded Index Screen, some messages
other than top of threads could appear in the index, making Alpine display
messages "out of the screen."
- The index format would be chopped at the position of an unrecognized
token, instead of skipping the token as intended.
- Work in progress: Avoid calling non-safe functions when Alpine receives
a signal. See bug report
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825772.
- Crash when attempting to read a message after a bounce command. In order
to produce a crash one needed to use the ^T subcommand and do a search in
a LDAP directory. The crash is produced by changes to the text in the
title bar. Reported by Heinrich Mislik in the Alpine-info list.
- HTML messages that contain UTF-8 may wrap at the wrong position, making
Alpine not display the correct character at the position that wrapping is
done. Reported by Wang Kang.
- Pico: Searching for a string that is too long causes Pico to crash in
the next search.
- Fix vulnerability in regex library. This only affects those who use this
library, such as the windows version of Alpine. See
http://www.kb.cert.org/vuls/id/695940">http://www.kb.cert.org/vuls/id/695940
for more details.
- Alpine would not set include and lib paths for OpenSSL if this was
installed in /usr/local/ssl.
- If the .pinerc file is a symbolic link, Alpine might not write its
contents when saving its configuration.
- The _INIT_ token does not skip over non-alphanumeric characters in the
name. Reported by Andreas Fehr.
- When opening an INBOX folder in a context different from the incoming
folders collection, from the command line, Alpine would open the INBOX
folder from the incoming folders collection.
- Mismatch in size of UCS and CELL caused a corruption in the content of a
pointer, which made the speller in PC-Alpine get the content of a word
incorrectly.
- Skip testing openssl compatibility version when cross-compilation is
detected. Fix contributed by Antti Seppalla
- Alpine fails to remove temporary files used during a display or sending
filter. Fix contributed by Phil Brooke.
- When the index is in zoomed state, adding new messages to the selection
would not show those messages if those messages are on top of the current
message in the top of the screen. Reported by Ulf-Dietrich Braumann. In
addition, when the user scrolls through the index, this scroll smoothly,
without jumping pages. Reported by Holger Trapp.
- Crash when reviewing history of saving attachments.
- Crash when canceling a goto command on a local collection that has not
been expanded and attempting to expand such collection.
- Crash in Pico when forwarding messages that contain a direction mark at
the end of a line. Reported by James Mingo.
- Solve compilation errors when Alpine is built with Visual Studio 2015.
This is a bug fix release, and includes a few important security fixes.
It is strongly recommended that IMAP and POP users upgrade as soon as
possible.
Upstream changes:
Version 1.5111:
- Ensure that temp file is created in temp dir
- Fix Makefile.PL warning
- Fix deleting of inc during release process
- Better fix for AutomatedTester warning
Version 1.5110:
- Updating META.yml
Version 1.5109:
- Switch to File::Slurper
Version 1.5108:
- Trying once again to fix the compile test on windows
Version 1.5107:
- Check in standard tests, including one that skips the compile check on Windows
Version 1.5106:
- Add standard tests
- Detect mailboxes that contain a mix of newline types. Complain about it, but
also allow the force option to continue processing. Thanks to Pali Rohár
<pali.rohar@gmail.com> for the bug report.
- Avoid OO interface to File::Temp, which in some versions and on some operating
systems, deletes the file when it is closed. Thanks to Paul Howarth
<paul@city-fan.org> for the bug report.
https://rt.cpan.org/Public/Bug/Display.html?id=103835
- Fix compatibility issue with newer versions of perl, which remove "." from
@INC. https://rt.cpan.org/Ticket/Display.html?id=121466
v0.5.2:
+ Implement plugin for the a vendor-defined IMAP capability called
"FILTER=SIEVE". It adds the ability to manually invoke Sieve filtering
in IMAP. More information can be found in
doc/plugins/imap_filter_sieve.txt.
- The Sieve addess test caused an assertion panic for invalid addresses
with UTF-8 codepoints in the localpart. Fixed by properly detecting
invalid addresses with UTF-8 codepoints in the localpart and skipping
these like other invalid addresses while iterating addresses for the
address test.
- Make the length of the subject header for the vacation response
configurable and enforce the limit in UTF-8 codepoints rather than
bytes. The subject header for a vacation response was statically
truncated to 256 bytes, which is too limited for multi-byte UTF-8
characters.
- Sieve editheader extension: Fix assertion panic occurring when it is
used to manipulate a message header with a very large header field.
- Properly abort execution of the sieve_discard script upon error.
Before, the LDA Sieve plugin attempted to execute the sieve_discard
script when an error occurs. This can lead to the message being lost.
- Fix the interaction between quota and the sieve_discard script. When
quota was used together with a sieve_discard script, the message
delivery did not bounce when the quota was exceeded.
v2.3.2 still had a few unexpected bugs:
- SSL/TLS servers may have crashed during client disconnection
- lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have
sometimes assert-crashed.
- v2.3.2: "make check" may have crashed with 32bit systems
v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are already in https://repo.dovecot.org/
* old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while
opening /proc/self/io. This may still cause security problems if the
process is ptrace()d at the same time. Instead, open it while still
running as root.
+ doveadm: Added mailbox cache decision&remove commands. See
doveadm-mailbox(1) man page for details.
+ doveadm: Added rebuild attachments command for rebuilding
$HasAttachment or $HasNoAttachment flags for matching mails. See
doveadm-rebuild(1) man page for details.
+ cassandra: Use fallback_consistency on more types of errors
+ lmtp proxy: Support outgoing SSL/TLS connections
+ lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings.
+ submission: Add support for rawlog_dir
+ submission: Add submission_client_workarounds setting.
+ lua auth: Add password_verify() function and additional fields in
auth request.
- doveadm-server: TCP connections are hanging when there is a lot of
network output. This especially caused hangs in dsync-replication.
- Using multiple type=shared mdbox namespaces crashed
- mail_fsync setting was ignored. It was always set to "optimized".
- lua auth: Fix potential crash at deinit
- SSL/TLS servers may have crashed if client disconnected during
handshake.
- SSL/TLS servers: Don't send extraneous certificates to client when
alt certs are used.
- lda, lmtp: Return-Path header without '<' may have assert-crashed.
- lda, lmtp: Unencoded UTF-8 in email address headers may assert-crash
- lda: -f parameter didn't allow empty/null/domainless address
- lmtp, submission: Message size limit was hardcoded to 40 MB.
Exceeding it caused the connection to get dropped during transfer.
- lmtp: Fix potential crash when delivery fails at DATA stage
- lmtp: login_greeting setting was ignored
- Fix to work with OpenSSL v1.0.2f
- systemd unit restrictions were too strict by default
- Fix potential crashes when a lot of log output was produced
- SMTP client may have assert-crashed when sending mail
- IMAP COMPRESS: Send "end of compression" marker when disconnecting.
- cassandra: Fix consistency=quorum to work
- dsync: Lock file generation failed if home directory didn't exist
- Snippet generation for HTML mails didn't ignore &entities inside
blockquotes, producing strange looking snippets.
- imapc: Fix assert-crash if getting disconnected and after
reconnection all mails in the selected mailbox are gone.
- pop3c: Handle unexpected server disconnections without assert-crash
- fts: Fixes to indexing mails via virtual mailboxes.
- fts: If mails contained NUL characters, the text around it wasn't
indexed.
- Obsolete dovecot.index.cache offsets were sometimes used. Trying to
fetch a field that was just added to cache file may not have always
found it.
Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
2018-06-22 Richard Russon <rich@flatcap.org>
* Features
- Expand variables inside backticks
- Honour SASL-IR IMAP capability in SASL PLAIN
* Bug Fixes
- Fix toggle-read
- Do not truncate shell commands on ; or #
- pager: index must be rebuilt on MUTT_REOPENED
- Handle a BAD response in AUTH PLAIN w/o initial response
- fcc_attach: Don't ask every time
- Enlarge path buffers PATH_MAX (4096)
- Move LSUB call from connection establishment to mailbox SELECTion
* Translations
- Update Chinese (Simplified): 100%
- Update Czech: 100%
- Update German: 100%
- Update Lithuanian: 100%
- Update Portuguese (Brazil): 100%
- Update Slovak: 59%
- Reduce duplication of messages
* Code
- Tidy up the mailbox API
- Tidy up the header cache API
- Tidy up the encryption API
- Add doxygen docs for more functions
- Refactor more structs to use STAILQ
Upstream changes:
-- VERSION 0.53 --
2018-05-27: Marc Bradshaw <marc@marcbradshaw.net>
* Make tests less dependent on local resolver setup
* Add thanks to Valimail
Upstream changes:
1.04 Sat Jun 09 18:20:28 2018
- fix docevot parser to disallow leading dot in dot-atom
- fix generating and validating email addresses with empty user part
- fix generating email address with leading or trailing dot in user part
- try to parse invalid email addresses and mark them as invalid
- when generating address do not escape an apostrophe character
- fix formatting email addresses which contain nul bytes, TAB, LF or CR
- fix formatting comments which contain nul bytes
