This update includes XSS security problem.
RELEASE 1.3.8
-------------
- Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
- Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
- Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
- Fix so Classic skin splitter does not escape out of window (#6397)
- Fix XSS issue in handling invalid style tag content (#6410)
- Fix compatibility with MySQL 8 - error on 'system' table use
- Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
- New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
- Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449)
- Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
- Fix multiple VCard field search (#6466)
- Fix session issue on long running requests (#6470)
Add depdendency to devel/py-zope.deferredimport, py-zope.deprecation and
devel/py-zope.hookable in order to fix secuiry/py-certbot runtime problem.
Bump PKGREVISION.
Add devel/py-zope.hookable package version 4.2.0 with Python 3.7 support
from upstream.
===============
zope.hookable
===============
This package supports the efficient creation of "hookable" objects, which
are callable objects that are meant to be optionally replaced.
The idea is that you create a function that does some default thing and make it
hookable. Later, someone can modify what it does by calling its sethook method
and changing its implementation. All users of the function, including those
that imported it, will see the change.
Add py-zope.deprecation package version 4.3.0.
======================
``zope.deprecation``
======================
This package provides a simple function called ``deprecated(names, reason)``
to mark deprecated modules, classes, functions, methods and properties.
Add py-zope.deferredimport package version 4.3.
=========================
``zope.deferredimport``
=========================
Often, especially for package modules, you want to import names for
convenience, but not actually perform the imports until necessary.
The zope.deferredimport package provided facilities for defining names
in modules that will be imported from somewhere else when used. You
can also cause deprecation warnings to be issued when a variable is
used.
Add py-zope.proxy package version 4.3.1.
``zope.proxy``
==============
Proxies are special objects which serve as mostly-transparent
wrappers around another object, intervening in the apparent behavior of
the wrapped object only when necessary to apply the policy (e.g., access
checking, location brokering, etc.) for which the proxy is responsible.
zope.proxy is implemented via a C extension module, which lets it do things
like lie about its own ``__class__`` that are difficult in pure Python (and
were completely impossible before metaclasses). It also proxies all the
internal slots (such as ``__int__``/``__str__``/``__add__``).
- CERTFILE needs to be set early enough for sslserver. Move it to rc.d.
UCSPITLS is application-specific and can stay in the CDB.
- Add PYMSGAUTH_TOLERATE_UNCONFIGURED to the CDB.
- Switch qmailpop3d from tcpserver+qmail-popup to sslserver+authup.
Set UCSPITLS in the CDB to require STLS before USER/PASS.
- Specify a few new required_files.
- Point more precisely at the need to inspect alias/.qmail-*.
