Changelog:
Notmuch 0.29.3 (2019-11-27)
===========================
General
-------
Fix for use-after-free in notmuch_config_list_{key,val}.
Fix for double close of file in notmuch-dump.
* 3.17.4
--------
* New HTML viewer plugin: Litehtml viewer
* Added option 'Enable keyboard shortcuts' to the 'Keyboard
shortcuts' frame on /Configuration/Preferences/Other/Miscellaneous
* Compose: implemented copying of attached images to clipboard
* Compose: images and text/uri-list (files) can now be attached by
pasting into the Compose window
* Python plugin: window sizes are now remembered for the Python
console, the 'Open URLs' and the 'Set mailbox order' windows.
* Fancy plugin: the download-link feature now follows redirections
* MBOX export: the Enter key in the dialogue now starts the export
* The date (ISO format) has been added to log timestamps
* Updated translations: Brazilian Portuguese, Catalan, Czech, Danish,
Dutch, French, German, Hungarian, Indonesian, Polish, Portuguese,
Romanian, Russian, Slovak, Spanish, Swedish, Traditional Chinese,
Turkish
* bug fixes:
o bug 1920, 'No automatic NNTP filtering'
o bug 2045, 'address book blocks focus on email window'
o bug 2131, 'Focus stealing after mail check'
o bug 2627, 'Filtering does not work on NNTP'
o bug 3070, 'misbehaving text wrapping when URL chars are
present'
o bug 3838, 'Canceled right-click on message list leaves UI
in inconsistent state'
o bug 3977, 'Fix crashes when some external APIs fail'
o bug 3979, 'Hang (with killing needed) during action which
extracts attachments'
o bug 4029, 'segfault after deleting message in a window'
o bug 4031, 'fingerprint in SSL/TLS certificates for ...
(regress error)'
o bug 4037, 'Fix some small issues'
o bug 4142, 'Translation error on Russian'
o bug 4145, 'proxy server for sending doesn't work'
o bug 4155, 'remember directory of last saving'
o bug 4166, 'corrupted double-linked list'
0 bug 4167, 'Max line length exceeded when forwarding mail'
o bug 4188, 'STL file is sent not as an attachment but as its
base64 representation in plaintext'
o CID 1442278, 'impossible to trigger buffer overflow'
o Make key accelerators from menu work in addressbook window
o save checkbox choices of display/summaries/defaults prefs
o Do not throw an error when cancelling 'Save email as...'.
o occasional crash on drag'n'drop of msgs
o possible stack overflow in vcalendar's Curl data handler
o crash when LDAP address source is defined in index, but
LDAP support is disabled
o crash in Fancy plugin if one of the MIME parts has no
Content-ID
o a few small memory leaks in scan_mailto_url()
o configure script for rare cases where python is not
installed
o incorrect charset conversion in sc_html_read_line().
o markup in 'key not fully trusted' warning in pgpcore
o use after free in rare code path in rssyl_subscribe()
o several memory leaks
o verify_folderlist_xml() for fresh starts
o printf formats for size_t and goffset arguments.
o alertpanel API use in win32 part of mimeview.c
o pid handling in debug output of kill_children_cb()
o incorrect pointer arithmetic in w32_filesel.c
* 3.17.3
--------
* Add support for TLS Server Name Indication (SNI). This enables the
sending of your hostname, if available, to the server so that it
can select the appropriate certificate for your domain. This is
useful for servers which host multiple domains on the same IP
address.
This is a hidden Account preference, 'use_tls_sni', and is enabled
by default.
* SSL/TLS certificate manager: The Delete key will now delete the
selected certificate.
* Window sizes are now remembered for the 'Apply tags' and SSL/TLS
certificate manager windows.
* bug fixes:
o bug 3519, 'Links including umlauts are broken'
o bug 4134, ''Save message to' option not set when it should
be'
o prevent the Tools/SSL/TLS Certificates dialogue from
crashing when certificate filenames contain a fingerprint.
o build on GNU Hurd.
o various build fixes when building without GnuTLS.
* 3.17.2
--------
* Message List: A context menu has been added to the column headers,
it has two entries: a new option, 'Lock column headers', and 'Set
displayed colums'.
* Folder List: A context menu has been added to the column headers,
containing 'Set displayed columns'.
* Preferences: The Display/Summaries option page has been split into
three notebook pages: Folder List, Message List, and Defaults.
The Message List page contains the new 'Lock column headers'
option. The Defaults page contains several new options for new
folders.
* New Folder Properties: It is now possible to control signing and
encrypting options on the Compose page. By default it follows the
Account preferences, but they can be overridden to always sign
and/or encrypt, or never sign/encrypt.
* Saving sent messages: The global preference, 'Save sent messages',
can now be overriden by the Folder Property and Account
preferences. The global preference no longer needs to be activated
for the Account Preference, 'Put sent messages in ...' option to
function. Likewise, the Folder Property, 'Save copy of outgoing
messages to this folder instead of Sent', no longer relies on the
global preference being set.
* SSL/TLS certificates: The SHA-256 fingerprint is now displayed, and
the MD5 fingerprint has been removed.
* SSL/TLS certificates list: Status and Expiry columns have been
added, and expired and invalid certificates are now clearly
indicated.
* QuickSearch: body searches are now quicker.
* QuickSearch: symbols used in Extended searches are now expanded
in the 'Edit' dialogue.
* Re-editing: Flags and tags are now preserved when re-editing a
message.
* Fancy plugin: The minimum required webkitgtk version is now 1.10.0.
* PDF Viewer plugin: Ctrl+scroll now zooms.
* Tools: added cm-break.pl script, which breaks thread references for
the selected messages; textviewer.pl has been updated and now
requires perl 5.14.1.
* The legacy "sylpheed-claws" symlink is no longer installed in the
bindir.
* New translation: Portuguese.
* Updated translations: Brazilian Portuguese, Catalan, Czech, Danish,
Dutch, French, German, Russian, Slovak, Spanish, Swedish, Turkish.
* bug fixes:
o bug 3418, 'Building on a Cross Compiling toolchain doesn't
work'
o bug 3889, 'Address and quoted message inconsistent in
reply'
o bug 4114, 'autogen.sh: Fix argument quoting'
o bug 4115, 'autogen: avoid unwarranted re-configure'
o bug 4120, 'New cert files are created in $HOME instead of
in ~/.claws-mail/certs'
o byg 4121, 'Moving a subfolder in another folder erases its
processing rules' (sic)
o bug 4132, '"Mark all as (un)read" dialog appears when
acting on 1 message only'
o bug 4133, 'trying to read message from an NNTP group (with
all expired articles.'
o regression where mail was not being checked at startup when
it should have been
o links not being opened in browser when Fancy menu is opened
with a keyboard
o show correct address:port in SOCKS5 proxy connection failure
message
o prevent unexpected loss of drafted message
o Quicksearch eating keypresses it didn't handle
o build on Debian 7
o build on FreeBSD, sys/wait.h is needed for WEXITSTATUS
macro
o Reply from mainwindow menu and toolbar when mainwindow's
messageview is hidden
o CID 1438531 Fix wrong test leading to dead code
o CID 1439871 and validate Unicode char strictly
o CID 1439996 and remove unnecessary comparison
o Fancy: left-click on links not opening in browser
o RSSyl: lost processing rules when renaming folder
o annoyance where your current reading is disturbed when a
new msg is filtered into the current folder
o don't leave the user in limbo when privacy system is 'none'
and auto signing/encrypting is set
o several memory leaks
### GMime 3.2.5
* Modified GMimeParser to prevent stack overflows when parsing deeply nested messages.
GMimeParser now has a limit on how deep multipart and/or message/rfc822 MIME part
nesting is allowed to go before the parser will take action to prevent a stack
overflow. If the max level is reached at a message/rfc822 part, then that part
will be consumed by the parser as a generic GMimePart rather than a
GMimeMessagePart. Likewise, if the max level is reached at any type of multipart,
then the content of said multipart will be packed into the GMimeMultipart's
preface and not parsed any further.
* g_mime_multipart_foreach has been rewritten to avoid recursion, thereby avoiding potential
stack overflows.
* The gmime-port-2-6-to-3-0.sh script has been fixed to use proper sed syntax.
AUTOFIX: hacks.mk:5: Replacing "${PKGSRC_COMPILER} == \"ido\"" with "${PKGSRC_COMPILER:Mido}".
The PKGSRC_COMPILER can be a list of chained compilers, e.g. "ccache
distcc clang". Therefore, comparing it using == or != leads to wrong
results in these cases.
Alan Coopersmith (7):
configure: Drop AM_MAINTAINER_MODE
autogen.sh: Honor NOCONFIGURE=1
Update README for gitlab migration
Update configure.ac bug URL for gitlab migration
Use _CONST_X_STRING to make libXt declare String as const char *
Fix -Wsign-compare warning in quit() function
xbiff 1.0.4
Emil Velikov (1):
autogen.sh: use quoted string variables
Kevin Lyda (1):
Clarify how volume works
Mihail Konev (1):
autogen: add default patch prefix
Peter Hutterer (1):
autogen.sh: use exec instead of waiting for configure to finish
2019-11-11 Richard Russon \<rich@flatcap.org\>
* Bug Fixes
- browser: fix directory view
- fix crash in mutt_extract_token()
- force a screen refresh
- fix crash sending message from command line
- notmuch: use nm_default_uri if no mailbox data
- fix forward attachments
- fix: vfprintf undefined behaviour in body_handler
- Fix relative symlink resolution
- fix: trash to non-existent file/dir
- fix re-opening of mbox Mailboxes
- close logging as late as possible
- log unknown mailboxes
- fix crash in command line postpone
- fix memory leaks
- fix icommand parsing
- fix new mail interaction with mail_check_recent
Enigmail 2.1.3
Released 2019-10-20, works with Thunderbird 68 and Postbox 7.
Notable Changes
This release unifies the specific versions for Postbox and Thunderbird.
Bugs fixed:
A bug was fixed in the setup wizard that could lead the wizard to never complete scanning the inbox.
See list of fixed defects for more fixed issues.
pkgsrc changes:
---------------
* Change BUILDLINK_TRANSFORM to BUILDLINK_FNAME_TRANSFORM to appease
pkglint.
* Add c++ to USE_LANGUAGES because the configure step failed.
upstream changes:
-----------------
2.1: 28 Oct 2019
* [Conf] Update neural.conf
* [CritFix] Fix dkim verification for multiple headers listed
* [Feature] Add support of uudecode
* [Feature] Allow to explicitly set events backend
* [Feature] Implement configurable limits for SPF lookups
* [Feature] Lua_scanners: Use lua magic for inclusion/exclusion logic
* [Feature] Multimap: Do not check files in office archives
* [Feature] Neural: Add sampling when storing training vectors
* [Feature] SPF: Allow to disable AAAA checks in configuration
* [Feature] Spf: Add limits configuration support
* [Feature] Store etag in cached HTTP maps + better logging
* [Feature] Support segwit BTC addresses, fix LTC verification
* [Feature] Support uuencoding
* [Fix] Add configurable number of threads for OpenBLAS
* [Fix] Add workaround for ragel 7 in hyperscan related maps code
* [Fix] Another fix for numeric urls parsing
* [Fix] Correct EMA time calculations
* [Fix] Do not treat archives as text
* [Fix] Do not use strdup on data extracted from lua
* [Fix] Fix a failure calcuating URL reputation.
* [Fix] Fix crash due to constructors init order
* [Fix] Fix crash on parts with no cd
* [Fix] Fix empty prefilters that require mime structures
* [Fix] Fix event loop creation
* [Fix] Fix issues sending DMARC reports.
* [Fix] Fix misprint
* [Fix] Fix saving of the file maps
* [Fix] Fix size calculations when converting from utf16
* [Fix] Fix support of disable_monitoring in rbl
* [Fix] Fix use-after-free
* [Fix] Fix zip files check to relax requirements
* [Fix] Important hiredis fixes
* [Fix] Lot's of fixes in maps check logic
* [Fix] Lua_tcp: Deal with temporary fails on write
* [Fix] Lua_tcp: Make write errors fatal and rework error handlers
* [Fix] Meta: Filter some more values
* [Fix] Neural: Add protection agains infinities
* [Fix] Oops, fix math.huge invocation
* [Fix] Plug memory leak
* [Fix] Sigh, another email to string fix
* [Fix] Try to fix another ownership race in ssl connection
* [Fix] Uuencode: Fix parsing of corrupted uuencode
* [Fix] lua_scanners - razor rename need_check function
* [Rework] Require CMake 3.9 to work, remove manual lto crap
2.0: 11 Oct 2019
* [Conf] Add BROKEN_HEADERS_MAILLIST composite
* [Conf] Add path to greylist-whitelist-domains.inc
* [Conf] Clarify documentation in the config files
* [Conf] Introduce maps.d directories
* [Conf] Log settings id by default
* [Conf] Make LEAKED_PASSWORD_SCAM a composite rule again
* [Conf] Move all surbl/emails rules to rbl
* [Conf] Register new Spamhaus codes
* [Conf] Remove configs for deleted modules
* [Conf] Remove surbl parts, fix hash_format attribute
* [Conf] Show autolearn sample
* [Conf] Slashing: Change default stats backend to Redis
* [Conf] Surbl: Utilise new `check_emails` option
* [Conf] Update header
* [Conf] Use multi-prefixes RBLs in the default config
* [CritFix] Deal with case-sensivity in Content-Disposition parser
* [CritFix] Eliminate old endpoint
* [CritFix] Fix case sensivity when parsing Content-Type
* [CritFix] Fix loading of DKIM public keys
* [CritFix] Fix procesing of urls
* [CritFix] Fix whitelisting when both spf and dkim are required to be valid
* [CritFix] Langdet: Fix language detection where no stop words found
* [Feature] Add description to the groups
* [Feature] Add limit for number of URLs in Lua
* [Feature] Add logging of groups to the log_format
* [Feature] Add lua_smtp library
* [Feature] Add maps cache and type refinement
* [Feature] Add p0f scanner
* [Feature] Adopt emails module to use lua_maps
* [Feature] Allow options matching in composites
* [Feature] Allow selectors in rbl module
* [Feature] Allow to output group results
* [Feature] Asn: Allow to use bgpdump when NET::MRT is broken
* [Feature] Calculate tokens occurrences distribution
* [Feature] Clickhouse: Add authenticated user and settings id columns
* [Feature] Clickhouse: Store groups data
* [Feature] Clickhouse: Utilise LowCardinality feature
* [Feature] Implement Redis prefixes registration logic
* [Feature] Implement settings id propagation between deps
* [Feature] Improve AV results caching
* [Feature] Improve autolearning
* [Feature] Improve logging locking logic (remove it actually)
* [Feature] Improve settings processing
* [Feature] Langdet: Limit number of stop words to be checked
* [Feature] Libucl: Allow to sort keys in ucl objects
* [Feature] Lua_config: Extend get symbols method
* [Feature] Lua_maps: Allow static maps for key-value pairs
* [Feature] Lua_mimepart: Add function filter_words
* [Feature] Lua_selectors: Add `words` selector
* [Feature] Lua_selectors: Add sort and uniq transform functions
* [Feature] Lua_selectors: Allow table arguments for selectors
* [Feature] Lua_tcp: Add preliminary support of SSL connections
* [Feature] Lua_trie: More flexible API
* [Feature] Lua_util: Add filter_specific_url function
* [Feature] Lua_util: table_digest can now recursively traverse tables
* [Feature] Maillist: Improve detection
* [Feature] Maps: Allow caching for complex maps
* [Feature] Monitored: Support random lookups
* [Feature] Multimap: Add combined maps prototype
* [Feature] Multimap: Add dependend maps via redis keys selectors
* [Feature] Multimap: Allow multiple email addresses matches
* [Feature] Multimap: Also check detected charset when do filename checks
* [Feature] Output number of messages processed to proctitle
* [Feature] Perform clean SSL shutdown
* [Feature] Performance: Do not use base64 SIMD version for bad inputs
* [Feature] RBL: Support bit results in replies
* [Feature] RBL: Support type specific prefixes
* [Feature] Ratelimit: Consider number of SMTP recipients
* [Feature] Rbl: Add ability to check urls
* [Feature] Rbl: Add resolve_ip based RBLs
* [Feature] Rbl: Make config checks much more strict
* [Feature] Rbl: Support per-rule whitelists
* [Feature] Rbl: Support process script
* [Feature] Rbl: Support replyto addresses
* [Feature] SURBL: Allow to check email domains
* [Feature] Selectors: Add `list` generator
* [Feature] Selectors: Add `specific_urls` extractor
* [Feature] Selectors: Add flatten function
* [Feature] Selectors: Support filter_map and apply_map functions
* [Feature] Store Clickhouse data outside of lua alloc
* [Feature] Support caching for encrypted files and macros
* [Feature] Support images when extracting urls
* [Feature] Support more hyperscan flags
* [Feature] Support protocol flags
* [Feature] URL: Apply stringprep to hostnames to filter garbage
* [Feature] Upstreams: Add lazy resolving logic to all upstreams
* [Feature] Upstreams: Set noresolve flag on numeric upstreams
* [Feature] Use `scores` in apply section
* [Feature] Use maps logic from lua_maps for multimap
* [Feature] Use random monitored in rbl module
* [Feature] lua_scanners - add Razor support
* [Fix] Add another safe-guard in urls processing
* [Fix] Add debug to ssl, fixed write hangs
* [Fix] Add missing groups to C callback symbols
* [Fix] Add more checks for ghosts symbols
* [Fix] Allow to enable or add new actions via settings
* [Fix] Allow to set 0 size for spf/dkim caches
* [Fix] Another bunch of fixes towards protocol mess
* [Fix] Another fix to deal with bad URLs
* [Fix] Arc: Another bunch of fixes for arc signing
* [Fix] Arc: More arc signing fixes
* [Fix] Avoid another overflow in fpconv
* [Fix] Clickhouse: Fix quoting
* [Fix] Clickhouse: Fix retention query quoting
* [Fix] Distinguish empty and non-empty prefilters
* [Fix] Distinguish remote and local addrs parsing
* [Fix] Do not assert if length of sig is bad, just fail verification
* [Fix] Do not assert if we have broken mime boundary in the headers
* [Fix] Do not call implicit strlen to avoid issues
* [Fix] Do not count images urls when checking url regexps for compatibility
* [Fix] Do not output rbl suffix in symbol option
* [Fix] Do not use config pool to avoid issues with double reload
* [Fix] Do not use ephemeral string
* [Fix] Do not use lightuserdata for traceback
* [Fix] Do not use priority in metric registration
* [Fix] Emails: Check email sanity before testing on BL
* [Fix] Emails: Fix misprint in key name
* [Fix] Escape utf in regexp to dodge ragel/hyperscan issue
* [Fix] Extend task_timeout to postfilters stage
* [Fix] Fix ARC signing after fixing another bug in it...
* [Fix] Fix AV scan logic
* [Fix] Fix DMARC_NA behaviour in case of no valid policies
* [Fix] Fix LRU hash iteration logic
* [Fix] Fix alignment mess
* [Fix] Fix configuring symbols without scores
* [Fix] Fix disabling of the actions
* [Fix] Fix dkim signing exceptions
* [Fix] Fix embedded images linking logic
* [Fix] Fix events leak
* [Fix] Fix eviction corner case
* [Fix] Fix fuzzy image score calculation #2962
* [Fix] Fix hang in fuzzy_learn when explicit rotation is set
* [Fix] Fix headers propagation logic
* [Fix] Fix hearbeats restart issue
* [Fix] Fix history reset
* [Fix] Fix log parameter
* [Fix] Fix lua_ip_equal logic
* [Fix] Fix more issues with nested messages + tests
* [Fix] Fix normalization of non-alphabet based languages
* [Fix] Fix offsets when parsing message/rfc822 in multipart
* [Fix] Fix options in rbl symbols
* [Fix] Fix out of bound access in lua logger
* [Fix] Fix out-of-bound read in qp decode
* [Fix] Fix parent CTE propagation
* [Fix] Fix parsing of the received headers with empty part
* [Fix] Fix pending checks for events
* [Fix] Fix printing of NULL pointer with fixed length
* [Fix] Fix race condition in watcher handler
* [Fix] Fix read-after-end in quoted printable decoding
* [Fix] Fix redis sentinel support
* [Fix] Fix registry leak in case of DNS errors
* [Fix] Fix reload logic
* [Fix] Fix sending of large entries via HTTPS
* [Fix] Fix settings reload
* [Fix] Fix some more corner cases for fpconv
* [Fix] Fix trie code when there are regexps and Hyperscan is absent
* [Fix] Further fixes to printing of the FP numbers
* [Fix] Fuzzy_check: Fix timeouts
* [Fix] Grrr, fix empty ip case
* [Fix] Html: Fix processing of fjlig entity
* [Fix] Lang_det: Try better to distinguish Chinese and Japanese
* [Fix] Lua_mime: Fix reversed extensions map
* [Fix] Lua_task: Fix message-less API
* [Fix] Lua_tcp: Report connection failures
* [Fix] Lua_tcp: Various fixes and debugging improvements
* [Fix] Metadata_exporter: This plugin is idempotent not a postfilter
* [Fix] More fixes to extract_specific_urls
* [Fix] More stages fixes
* [Fix] Neural: Another bunch of fixes
* [Fix] Neural: use version in ANN key profile
* [Fix] Postpone lua state destruction to allow lua dtors to be used
* [Fix] Prefer surbl/emails rule on rbl to preserve compatibility
* [Fix] RBL: Fix behaviour of emails_domainonly
* [Fix] Ratelimit: Fix dynamic score
* [Fix] Rbl: Fix emailbl functions
* [Fix] Really fix hyperscan workaround
* [Fix] Set sanity limits for pcre2
* [Fix] Settings: Fix settings check flags
* [Fix] Sort keys when getting data from Lua when filling rules
* [Fix] Statistics: Do not query Redis tokens when there are no learns
* [Fix] Stop IO event on write finished in http connection
* [Fix] Use heuristically detected text parts data
* [Fix] Various fixes to QP encoding algorithm
* [Fix] Various fixes to SSL state machine handler
* [Fix] Various fixes to asn module
* [Fix] Workaround for empty charset in rfc2231 encoding
* [Project] Switch from torch to KANN
* [Project] Add heartbeat events
* [Project] Add preliminary support of the Kaspersky Scan Engine
* [Project] Add preliminary version of maps expressions
* [Project] Add preprocessed settings to the config structure
* [Project] Add simple forward propagation function
* [Project] Add small helpers for migration simplifications
* [Project] Allow to replace body in milter
* [Project] Bundle libev
* [Project] First refactoring step libevent->libev
* [Project] Implement syntax highlighting for Lua
* [Project] Lua_magic: Adopt lua_magic stuff in mime_types
* [Project] Remove libfann, gd and other unsupported stuff
* [Project] Remove torch
* [Project] Rework upstreams
* [Rework] Allow execution of async events when hs compiles regexps
* [Rework] Bayes expiry: eliminate `default` expiration mode
* [Rework] Dkim: Remove signing code
* [Rework] Dkim_signing: Move sign condition to dkim_signing
* [Rework] Do not lowercase all data send to ClickHouse
* [Rework] Drop url tags
* [Rework] Eliminate lua_squeeze as it has shown no improvements
* [Rework] Eliminate virtual scan time as it is useless
* [Rework] Lua core: Use lightuserdata to index classes
* [Rework] Lua_util: Another rework for extract_specific_urls
* [Rework] Migrate from ip_score to reputation
* [Rework] Move mime modification functions to lua_mime library
* [Rework] Rbl: Major whitelisting logic rework
* [Rework] Remove deprecated plugins
* [Rework] Remove log helper worker
* [Rework] Remove rspamd.classifiers.lua
* [Rework] Rename filter.h to a more sane name
* [Rework] Reorganise selectors implementation
* [Rework] Replace linenoise with replxx
* [Rework] Reputation: Remove ipnet from the ip reputation
* [Rework] Reputation: Slashing - change name of symbols
* [Rework] Rework children operations
* [Rework] Rework config reload
* [Rework] Rework expression API
* [Rework] Rework image urls processing
* [Rework] Rework initialisation to reduce static leaks count
* [Rework] Rework request headers processing
* [Rework] Slashing: Change versioning schema - move to 2.0
* [Rework] Slashing: Turn off postfilters when passthrough result is set
* [Rework] Start moving to replxx
* [Rework] Stop support of signed HTTP maps to simplify code
* [Rework] Store ASN as UInt32 in ClickHouse
* [Rework] Url_redirector: Rewrite plugin
* [Rework] Use a dedicated library for autolearn
* [Rework] Use libsodium instead of hand crafted crypto implementations
* [Rework] Use opaque structure to store a table of mime headers
* [Rules] Add dedicated bitcoin addresses filter rule
* [Rules] Add more detection to LEAKED_PASSWORD_SCAM
* [Rules] Catch LTC addresses
* [Rules] Reduce weight of RSPAMD_EMAILBL
* [Rules] Rework LEAKED_PASSWORD_SCAM rule one more time
Update ruby-mime-types to 3.3.
pkgsrc change: Add "USE_LANGUAGES= # none".
## 3.3 / 2019-09-04
* 1 minor enhancement
* Jean Boussier reduced memory usage for Ruby versions 2.3 or higher by
interning various string values in each type. This is done with a
backwards-compatible call that _freezes_ the strings on older
versions of Ruby. [#141][]
* Administrivia:
* Nicholas La Roux updated Travis build configurations. [#139][]
Update ruby-mime-types-data to 3.2019.1009.
pkgsr change: Add "USE_LANGUAGES= # none".
## 3.2019.0331 / 2019-03-31
* Updated the IANA media registry entries as of release date.
* Added support for `application/wasm` with extension `.wasm`. [#21][]
* Fixed `application/ecmascript` extensions. [#20][]
=item Version 3.031
Add an SSL option to connect to the SMTP relay via SSL on port 465. (thanks,
Max Maischein)
Document some tips on using non-ASCII content with MIME::Lite (thanks,
traveljury.com and Tom Hukins)
Changelog:
new
A language for the user interface can now be chosen in the advanced settings (multilingual UI)
fixed
Problem with Google authentication (OAuth2)
fixed
Selected or unread messages not shown in the correct color in the thread pane (message list) under some circumstances
fixed
When using a language pack, names of standard folders weren't localized
fixed
Address book default startup directory in preferences panel not persisted
fixed
Various visual glitches: Conditions in filter editor not high enough, folder location widget not showing folder name, problem with menubar customization, add-on home page links accumulating, theme issues on Windows 7
fixed
Chat: Extended context menu on Instant messaging status dialog (Show Accounts)
* Balsa-2.5.9 release. Release date 2019-10-19
- fix HTML message layout issues.
* Balsa-2.5.8 release. Release date 2019-10-11
Change with respect to 2.5.7
- i18n improvements.
- improved display of HTML messages.
- handling of calendar (vcal) attachments.
- LDAP address book improvements / error handling.
- message presentation refactoring.
- GPGME is a hard requirement now.
- misc bug fixes and code health updates.
Changelog:
new
Message Display WebExtension API
new
Message Search WebExtension API
fixed
Better visual feedback for unread messages when using the dark theme
fixed
Various issues when editing mailing lists
fixed
Integration with macOS addressbook and notifications not working after introduction of notarization
fixed
Application windows not maintaining their size after restart
fixed
Issues when upgrading from a 32bit version of Thunderbird to a 64bit
version. Note: If your profile is still not recognised, selected it
by visiting about:profiles in the Troubleshooting Information.
fixed
Various security fixes
Security fixes:
#CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
#CVE-2019-11758: Potentially exploitable crash due to 360 Total Security
#CVE-2019-11759: Stack buffer overflow in HKDF output
#CVE-2019-11760: Stack buffer overflow in WebRTC networking
#CVE-2019-11761: Unintended access to a privileged JSONView object
#CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
#CVE-2019-11764: Memory safety bugs fixed in Thunderbird 68.2
Changelog:
Notmuch 0.29.2 (2019-10-19)
===========================
General
-------
Fix for file descriptor leak when opening gzipped mail files. Thanks
to James Troup for the bug report and the fix.
Update dovecot2-pigeonhole to 0.5.8.
0.5.8 2019-10-08
Changes
- Sieve may leak resources in rare cases when a redirect, vacation or
report action fails to send the message. This mainly applies when Sieve
is executed in IMAP context; i.e., for the IMAPSIEVE or FILTER=SIEVE
capabilities.
Update dovecot2 and friends to 2.3.8.
2.3.8 2019-10-08
Changes
+ Added mail_delivery_started and mail_delivery_finished events, see
https://doc.dovecot.org/admin_manual/list_of_events/ for details.
+ dsync-replication: Don't replicate users who have "noreplicate" extra
field in userdb.
+ doveadm service status: Show total number of processes created.
+ When logging to syslog, use instance_name setting's value for the
ident. This commonly is added as a log prefix.
+ Base64 encoding/decoding code was rewritten with additional features.
It shouldn't cause any user visible changes.
- v2.3.7 regression: If a folder only receives new mails without any
other mail access, dovecot.index.log keeps growing forever and
dovecot.index keeps being rewritten for every mail delivery.
- dsync-replication may lose keywords after syncing mails restored from
another replica. This only happened if the mail only had keywords and no
system flags.
- event filters: Non-textual event fields could not be filtered using
wildcards.
- auth: Scope parameter was missing from OAuth password grant request.
- doveadm client-server communication may hang in some situations. It is
also using unnecessarily small TCP/IP packet sizes.
- doveadm who and kick did not flush protocol output correctly.
- imap: SETMETADATA with literal value would delete the metadata value
instead of updating it.
- imap: When client issues FETCH PREVIEW (LAZY=FUZZY) command, the
caching decisions should be updated so that newly saved mails will have
the preview cached.
- With mail_nfs_index=yes and/or mail_nfs_storage=yes setuid/setgid
permission bits in some files may have become dropped with some NFS
servers. Changed NFS flushing to now use chmod() instead of chown().
- quota: warnings did not work if quota root was noenforcing
- acl: Global ACL file ignored the last line if it didn't end with LF.
- doveadm stats dump: With JSON formatter output numbers using the
number type instead of as strings
- lmtp_proxy: Ensure that real_* variables are correctly set when using
lmtp_proxy.
- event exporter: http-post driver had hardcoded timeout and did not
support DNS lookups or TLS connections.
- auth: Fix user iteration to work with userdb passwd with glibc v2.28.
- auth: auth service can crash if auth-policy JSON response is invalid
or returned too fast.
- In some rare situations "ps" output could have shown a lot of "?"
characters after Dovecot process titles.
- When dovecot.index.pvt is empty, an unnecessary error is logged:
Error: .../dovecot.index.pvt reset, view is now inconsistent
- SMTP address encoder duplicated initial double quote character when
the localpart of an address ended in '..'. For example
"user+..@example.com" became ""user+.."@example.com in a
sieve redirect.
Update pear-Mail_Mime to 1.10.4.
1.10.4 2019-10-13
* Fix E_STRICT errors introduced in the previous release [alec]
1.10.3 2019-09-25
* Fix deprecation warning for get_magic_quotes_runtime() use on PHP 7.4
Local changes
=============
Cherry-pick a pending patch to fix build with the recent rust version (1.38.0).
esr68 branch fails to build with rust 1.38
https://bugzilla.mozilla.org/show_bug.cgi?id=1585099
Cherry-pick patch from:
https://marc.info/?l=openbsd-ports&m=156984549605237&w=2
Upstream changelog
==================
What's New
fixed Visual glitches: Missing context menu in filter, downloads, password manager and Config Editor search boxes, unwanted scrollbars and cut-off text in Account Manager, incorrect colors in Calendar agenda scrollbars, theme issues on Windows 7
fixed Some attachments couldn't be opened in messages originating from MS Outlook 2016
fixed Address book import form CSV
fixed Performance problem in message body search
fixed Ctrl+Enter to send a message would open an attachment if the attachment pane had focus
fixed Calendar: Issues with "Today Pane" start-up
fixed Calendar: Glitches with custom repeat and reminder number input
fixed Calendar: Problems with WCAP provider
https://www.thunderbird.net/en-US/thunderbird/68.1.2/releasenotes/
2.1.2
This release fixes a regression bug that duplicates the subject with encrypted mails. In addition, several localizations were updated.
2.1.1
This release improves compatibility with Thunderbird 68. In addition, many translations were updated and some defects were fixed.
Bugs fixed:
• When creating encrypted messages with hidden subjects, the subject cannot be restored anymore
• Importing keys attached to emails does not work
• Reading keys from Autocrypt Key Gossip not possible for plaintext emails
• Dark theme / some text hard to read
2.1
Notable Changes
• A new simplified setup wizard will first try to find out if you already used encrypted emails before, and then proceed in the most suitable way.
• On Windows and macOS, there is an automatic check for updates to GnuPG.
• Autocrypt: implemented key-gossip and updates to known keys
• If GnuPG 2.1 or newer are used, then key creation will default to ECC keys
• Interaction with keyservers has been rewritten from scratch, using Thunderbird-internal functions to access the keyservers.
• Full support for keys.openpgp.org, which is used as default keyserver.
Bugs fixed:
A notable number of defects has been fixed for this release. Please check the list of fixed defects for details.
Changelog:
### GMime 3.2.4
* Replaced calls to g_memmove with memmove.
It seems that the latest versions of glib have deprecated g_memmove
in favor of having developers use libc's memmove() function directly.
This change reduces the number of compiler warnings during the gmime
build process.
* Added a new GMIME_DECRYPT_NO_VERIFY flag that disables signature verification.
For cases where it is not necessary to verify the signatures (or it is known
that there are no signatures), making use of this flag can significantly
improve the performance of decrypting OpenPGP content.
* Modified GMimeParser to not set the OpenPGP state for base64/uuencoded content.
While the GMimeParser is parsing a MIME message (or other MIME entity), it will
normally attempt to identify OpenPGP markers in the content of GMimeParts.
However, when the content is base64 or uu-encoded, the parser is unable to
accurately detect these markers and so in previous versions, it was falsely
claiming that such MIME parts had no OpenPGP content even though it was possible,
after decoding their content, that they did in fact have OpenPGP content.
For more details about this bug, see issue #60.
* Added reporting of RFC 5322 addr-spec syntax violations to the GMimeParserWarning API.
* Fixed a stack underflow error in the uudecode.c sample.
* Improved Vala bindings.
- Use correct symbol prefixes which avoid loads of cname attributes.
- Unhide FilterBest.charset() method which conflicts with charset field.
- Object.write_to_stream conflicts with function pointer with the same name
but with a different signature.
Fixes https://gitlab.gnome.org/GNOME/gmime/issues/2
Fixes https://gitlab.gnome.org/GNOME/gmime/issues/3
kim@ approved and Roland reviewed. Thanks to them!
pkgsrc changes
--------------
* Some cosmetics
* Add missing CSS file
* Change SUBST_SED to patch+SUBST_VARS
Changelog:
fixed Issues with attachments in IMAP messages
fixed Gmail accounts ignored a non-standard trash folder
selection. Note: If non-standard trash folder was selected
previously in the account settings, this setting will now take
effect which may be unexpected.
fixed Entering/pasting lists of recipients into the addressing
widget or mailing list not working reliably, especially when
lists contained multiple commas or semicolons
fixed Edit mailing list not working
fixed Various theme fixes, especially dark theme improvements
for Calendar
fixed Contrast between tag label and background not optimal
fixed Account Central pane always loaded at start-up
fixed "Config Editor" button not removed if blocked by policy
fixed Calendar: Free/busy information in attendees dialog not
scrolled correctly. Note: Scroll arrows still not behaving
correctly.
fixed Various security fixes
#CVE-2019-11755: Spoofing a message author via a crafted S/MIME
message
Disable ntlm plugin. It is not built by default on NetBSD 9.0.
I read the configure output and script and couldn't determine
the problem. This makes the build succeed again, and someone
who is more interested in ntlm support can fix it.
For perspective, last update in 2010 and no upstream available.
Some pkglint cleanup while here.
upstream changes:
-----------------
* Robustness: the tlsproxy(8) daemon could go into a loop, logging a flood of
error messages. Problem reported by Andreas Schulze after enabling SMTP/TLS
connection reuse.
* Workaround: OpenSSL changed an SSL_Shutdown() non-error result value into an
error result value, causing logfile noise.
* Configuration: the new 'TLS fast shutdown' parameter name was implemented
incorrectly. The documentation said "tls_fast_shutdown_enable", but the code
said "tls_fast_shutdown". This was fixed by changing the code, because no-one
is expected to override the default.
* Performance: workaround for poor TCP loopback performance on LINUX, where
getsockopt(..., TCP_MAXSEG, ...) reports a bogus TCP maximal segment size that
is 1/2 to 1/3 of the real MSS. To avoid client-side Nagle delays or
server-side delayed ACKs caused by multiple smaller-than-MSS writes, Postfix
chooses a VSTREAM buffer size that is a small multiple of the reported bogus
MSS. This workaround increases the multiplier from 2x to 4x.
* Robustness: the Postfix Dovecot client could segfault (null pointer read) or
cause an SMTP server assertion to fail when talking to a fake Dovecot server.
The Postfix Dovecot client now logs a proper error instead. Problem reported
by Tim Düsterhus.
Mozilla Thunderbird is a redesign of the Mozilla mail component. The
goal is to produce a cross platform stand alone mail application using
the XUL user interface language. This version uses the gtk2 toolkit.
This package provides Thunderbird 60 ESR.
Changelog:
new
Offer to configure Exchange accounts for Office365. A third-party add-on is required for this account type. IMAP still exists as alternative.
fixed
Edit tag not working
fixed
Write window: "Insert > Characters and Symbols" not working
fixed
Moving/dragging messages from "Search Messages" result dialog not working
fixed
Command line -compose "attachment=" not working
fixed
Custom views not working
fixed
Issues with list of content types/actions for incoming attachments
fixed
"Learn More" links in Error Console not working
fixed
Visual glitches: Quick Filter Bar tag buttons too tall, missing scroll
bar on Connection Setting subdialog, LDAP server selection after "New",
"Edit" and "Delete"
fixed
Calendar: Parts of CalDAV dialog not working
fixed
Various security fixes
Security fixes:
CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
From release notes:
This version resolves the following CVEs:
* CVE-2017-9470
* CVE-2017-9471
* CVE-2017-9474
* CVE-2017-9058
* CVE-2017-12142
* CVE-2017-12141
* CVE-2017-12144
* Catch and warn for invalid Content-Types
* Add a manually extracted list of config options to r2e.1
* Add a redirect post-process module
* Follow symlinks of datafiles
* Add zsh completion
* Add support for maildir
* Fix `r2e new` overwriting an existing config
* Add new `feed-name` and `feed-url` attributes for the `name-format` setting
* Change logging format
* Allow multiple SMTP recipients
* Fix SMTP security issues
* Fix test suite
* Drop support for Python 3.2 and 3.3
* Remove `__contributors__` from the `rss2email` module
* Stop using deprecated `html2text.unescape`
* Fix locking issues when data file is on NFS
* Add `same-server-fetch-interval` setting for rate-limiting fetches to a server
* Update setup.py to setuptools
pkgsrc changes: simplify GITHUB_*, from leot@.
Requested in joyent/pkgsrc#214. We can't yet upgrade to postgrey 1.37 as there
is no working distribution patch for the postgrey-targrey option, hence the
backport rather than upgrade. Bump PKGREVISION.
1.2.0:
+ Added ability to include DMARC policy in DMARC results
* Updated references for new RFCs, ARC no longer experimental
* Converted http references to https
RELEASE 1.3.10
--------------
- Enigma: Fix bug where revoked users/keys were not greyed out in key info
- Enigma: Fix error message when trying to encrypt with a revoked key (#6607)
- Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
RELEASE 1.3.10
--------------
- Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723)
- Fix compatibility with kolab/net_ldap3 > 1.0.7 (#6785)
- Fix bug where bmp images couldn't be displayed on some systems (#6728)
- Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)
- Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758)
- Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746)
- Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793)
- Fix bug where selection of columns on messages list wasn't working
- Fix bug in converting multi-page Tiff images to Jpeg (#6824)
- Fix wrong messages order after returning to a multi-folder search result (#6836)
- Fix PHP 7.4 deprecation: implode() wrong parameter order (#6866)
- Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898)
- Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899)
- Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897)
- Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)
Update dovecot2-pigeonhole to 0.5.7.2.
Changes
-------
* CVE-2019-11500: ManageSieve protocol parser does not properly handle
NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes. Found by Nick Roessler and Rafi Rubin.
Update dovecot2 and related packages to 2.3.7.2.
Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes. Found by Nick Roessler and Rafi Rubin.
the changelog:
- code: remove incorrect usage of vfork()
- code: detect and prefer utmpx where available
- code: removed idedit, install-big. var-qmail packages are no more
- portability problem: explicitly initialize strerr_sys and
define BIND_8_COMPAT to work around Mac OS X
- code: add instchown to set ownership and mode on installed files
- code: add instpackage to install without root access
- doc: rename INSTALL, SENDMAIL to INSTALL.md, SENDMAIL.md to
support building on case-insensitive filesystems
- code: lookup uid/gid at runtime
- code: use DESTDIR environment variable as root directory in install
pkgsrc changes:
- If hostname isn't FQDN, config-fast-pkgsrc wouldn't produce a working
config, so don't run it; tell user what to do instead
- Stage QMAIL_QUEUE_DIR into DESTDIR/tmp, to be more obvious that it's
not being packaged up (and is not how a queue gets created at
pkg_add time)
- Drop custom destdir, qbiffutmpx, and Darwin patches
- Rebase TLS-onlyremote, QMAILREMOTE, and SRS patches
- Require latest ucspi-ssl and ucspi-tcp6 for IPv4 fixes
- Move MESSAGE.tls to README.tls, and remove other MESSAGE*
- Set PKG_HOME even for non-default values of QMAIL_ALIAS_USER
- Check whether alias/.qmail-foo exist before trying to remove
Bump PKGREVISION.
- remove socket setblocking() calls which should be no longer needed,
and which may have caused hangups. Thanks: Viacheslav Chimishuk.
- correct version number string in error message. Thanks: Piet
van Oostrum.
The canonical form [1] of an R package Makefile includes the
following:
- The first stanza includes R_PKGNAME, R_PKGVER, PKGREVISION (as
needed), and CATEGORIES.
- HOMEPAGE is not present but defined in math/R/Makefile.extension to
refer to the CRAN web page describing the package. Other relevant
web pages are often linked from there via the URL field.
This updates all current R packages to this form, which will make
regular updates _much_ easier, especially using pkgtools/R2pkg.
[1] http://mail-index.netbsd.org/tech-pkg/2019/08/02/msg021711.html
Update squirrelmail to 1.4.23pre14832.
- Changed anti-CSRF security token lifetime to be session-based.
- Added favicon and ability for admins to use their own by setting
$head_tag_extra in config_local.php (see documented comments in,
for example, src/webmail.php)
- Altered hook types "do_hook_function" and "concat_hook_function"
such that the ultimate hook return value (in its current state,
as computed (or not) by the plugins that have executed previously)
is both globalized and passed as an additional argument to each
plugin. This allows plugins to cooperate better and not overwrite
each other's return values.
- Updated SVG handling, closing several related vulnerabilities
(#2831) [CVE-2018-14950] [CVE-2018-14951] [CVE-2018-14952]
[CVE-2018-14953] [CVE-2018-14954] [CVE-2018-14955]
- Added IMAP ID command (RFC2971), sent after every login - use
by setting $imap_id_command_args in config/config_local.php
(see notes in functions/imap_general.php for more details)
- Fixed PHP7 warnings (#2847)
- Added handling for RCDATA and RAWTEXT elements in HTML sanitizer
[CVE-2019-12970]
Update dovecot2-pigeonhole to 0.5.7.
Changes
-------
+ vacation: Made the subject for the automatic response message produced
by the Sieve vacation action configurable. Both the default subject
(if the script defines none) and the subject template (e.g. used to
add a subject prefix) can be configured.
- dsync: dsync-replication does not synchronize Sieve scripts.
- imap_sieve_filter: Reduce FILTER=SIEVE verbosity over IMAP connection.
- testsuite: Pigeonhole testsuite segfaulted if it was compiled with
GCC 9
Update dovecot2 to 2.3.7.
Changes
-------
* fts-solr: Removed break-imap-search parameter
+ Added more events for the new statistics, see
https://doc.dovecot.org/admin_manual/list_of_events/
+ mail-lua: Add IMAP metadata accessors, see
https://doc.dovecot.org/admin_manual/lua/
+ Add event exporters that allow exporting raw events to log files and
external systems, see
https://doc.dovecot.org/configuration_manual/event_export/
+ SNIPPET is now PREVIEW and size has been increased to 200 characters.
+ Add body option to fts_enforced. This triggers building FTS index only
on body search, and an error using FTS index fails the search rather
than reads through all the mails.
- Submission/LMTP: Fixed crash when domain argument is invalid in a
second EHLO/LHLO command.
- Copying/moving mails using Maildir format loses IMAP keywords in the
destination if the mail also has no system flags.
- mail_attachment_detection_options=add-flags-on-save caused email body
to be unnecessarily opened when FETCHing mail headers that were
already cached.
- mail attachment detection keywords not saved with maildir.
- dovecot.index.cache may have grown excessively large in some
situations. This happened especially when using autoexpunging with
lazy_expunge folders. Also with mdbox format in general the cache file
wasn't recreated as often as it should have.
- Autoexpunged mails weren't immediately deleted from the disk. Instead,
the deletion from disk happened the next time the folder was opened.
This could have caused unnecessary delays if the opening was done by
an interactive IMAP session.
- Dovecot's TCP connections sometimes add extra 40ms latency due to not
enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't
affected, but everything else was. This delay wasn't always visible -
only in some situations with some message/packet sizes.
- imapc: Fix various crash conditions
- Dovecot builds were not always reproducible.
- login-proxy: With shutdown_clients=no after config reload the
existing connections could no longer be listed or kicked with doveadm.
- "doveadm proxy kick" with -f parameter caused a crash in some
situations.
- Auth policy can cause segmentation fault crash during auth process
shutdown if all auth requests have not been finished.
- Fix various minor bugs leading into incorrect behaviour in mailbox
list index handling. These rarely caused noticeable problems.
- LDAP auth: Iteration accesses freed memory, possibly crashing
auth-worker
- local_name { .. } filter in dovecot.conf does not correctly support
multiple names and wildcards were matched incorrectly.
- replicator: dsync assert-crashes if it can't connect to remote TCP
server.
- config: Memory leak in config process when ssl_dh setting wasn't
set and there was no ssl-parameters.dat file.
This caused config process to die once in a while
with "out of memory".
pkgsrc changes:
---------------
* change COMMENT to make pkglint happy (inspired by http://www.postfix.org/)
* update PLIST using make print-PLIST (missing @pkgdir)
upstream changes:
-----------------
20181125
Cleanup: dict_file_to_xxx() takes a list of file names
separated by CHARS_COMMA_SP. Shoe-horned into the existing
API, make it nicer when there is time. File: util/dict_file.c.
20181127
Cleanup: encapsulated clumsy 'read into VSTRING' code with
easier-to-use vstream_fread_buf() and vstream_fread_app()
primitives. Files: global/memcache_proto.c, global/record.c,
global/smtp_stream.c, global/smtp_stream.h, global/uxtext.c,
global/xtext.c, milter/milter8.c, util/dict_file.c,
util/hex_quote.c, util/netstring.c, util/vstream.c,
util/vstream.h. Verified with "make tests".
Cleanup: simplified the smtp_fread() API (introduced for
BDAT support), and changed the name to smtp_fread_buf().
Files: global/smtp_stream.c, smtpd/smtpd.c. Verified with
~megabyte BDAT commands.
Cleanup: simplified a tlsproxy-internal API. File:
tlsproxy/tlsproxy.c.
20181128
Initial support for key/certificate chain files that will
replace the proliferation of separate parameters for
RSA/DSA/ECC/etc. key and certificate files. Viktor
Dukhovni.
20181201
Cleanup: replaced the remaining unsafe VSTRING_AT_OFFSET()
calls with safe vstring_set_payload_size() calls, in code
that directly writes into VSTRING. Files: tls/tls_session.c,
tlsmgr/tlsmgr.c, util/casefold.c, util/vstring.c, util/vstring.h,
xsasl/xsasl_cyrus_client.c.
Cleanup: postscreen_command_time_limit did not need to be
a 'raw' parameter. This makes "postconf -x" behavior more
consistent. Files: global/mail_params.h, postscreen/postscreen.c.
Documentation: added text that the following parameter
values are not subject to Postfix parameter $name expansion:
default_rbl_reply, command_execution_directory, luser_relay,
smtpd_reject_footer. These have their own documented $name
substitution mechanism. File: proto/postconf.proto.
20181202
Bugfix: posttls-finger reported an error for UNIX-domain
connections, even if they did not fail. Found by Coverity.
File: posttls-finger/posttls-finger.c.
20181208
Documentation: add even more redundancy to the rate-delay
description. File: proto/postconf.proto.
20181210
Cleanup: code deduplication. File: util/dict_file.c.
20181226
Cleanup: code deduplication and better encapsulation with
PSC_DEL_CLIENT_STATE() and PSC_DEL_SERVER_STATE() macros.
Files: postscreen/postscreen.h, postscreen/postscreen_state.c.
Documentation: POSTSCREEN_README did not describe the
postscreen_post_queue_limit, and attributed the wrong reject
message to the postscreen_pre_queue_limit. Problem reported
by Michael Orlitzky. File: proto/POSTSCREEN_README.html.
(20181226-nonprod) Compatibility: removed support for OpenSSL
1.0.1 (not supported since December 31, 2016) and earlier
releases. This eliminated a large number of #ifdefs with
bitrot workarounds. Viktor Dukhovni. Files: global/mail_params.h,
posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c,
tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c,
tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c,
tls/tls_session.c.
(20181226-nonprod) Use the OpenSSL 1.0.2 and later API for
setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h,
tls/tls_client.c, tls/tls_dh.c.
(20181226-nonprod) Documentation update for TLS support.
Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html,
proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c.
20181229
Explicit maps_file_find() and dict_file_lookup() methods
that decode base64 content. Decoding content is not built
into the dict->lookup() method, because that would complicate
the implementation of map nesting (inline, thash), map
composition (pipemap, unionmap), and map proxying. For
consistency, decoding base64 file content is also not built
into the maps_find() method. Files: util/dict.h.
util/dict_file.c, global/maps.[hc], postmap/postmap.c.
20190106
Documentation: documented the SRC_RHS_IS_FILE flag in
dict_open.c, and updated the -F description in the postmap
manpage. Files: util/dict_open.c, postmap/postmap.c.
(20190106-nonprod) Feature: support for files that combine
multiple (key, certificate, trust chain) instances in one
file, to avoid separate files for RSA, DSA, Elliptic Curve,
and so on. Viktor Dukhovni. Files: .indent.pro,
global/mail_params.h, posttls-finger/posttls-finger.c,
smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c,
smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c,
tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c,
tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c,
tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c.
(20190106-nonprod) Create a second, no-key no-cert, SSL_CTX
for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h,
src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c.
(20190106-nonprod) Server-side SNI support. Viktor Dukhovni.
Files: src/global/mail_params.h, src/smtp/smtp.c,
src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c,
src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c,
(20190106-nonprod) Configurable client-side SNI signal.
Viktor Dukhovni. Files: global/mail_params.h,
posttls-finger/posttls-finger.c, smtp/lmtp_params.c,
smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c,
smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c,
tls/tls_proxy.h, tls/tls_proxy_client_print.c,
tls/tls_proxy_client_scan.c.
20190121
Logging: support for internal logging file, without using
syslog (it uses the new postlogd daemon instead). This
solves a usability problem for MacOS, may help getting
around systemd, and solves 99% of the problem for logging
to stdout in a container (hopefully we have 100% soon).
Enable by setting, for example, "maillog_file =
/var/log/postfix.log"). This works fine for daemons, and
with some limitations for non-daemon programs. See
RELEASE_NOTES for more details. Files: conf/master.cf,
conf/post-install, conf/postfix-files, conf/postfix-script,
mantools/postlink, proto/master, proto/postconf.proto,
global/mail_params.c, global/mail_params.h, global/mail_proto.h,
global/maillog_client.c, global/maillog_client.h,
master/dgram_server.c, master/event_server.c, master/mail_server.h,
master/master.c, master/master.h, master/master_ent.c,
master/master_listen.c, master/master_proto.h,
master/master_wakeup.c, master/multi_server.c,
master/single_server.c, master/trigger_server.c,
postalias/postalias.c, postconf/postconf_master.c,
postdrop/postdrop.c, postfix/postfix.c, postkick/postkick.c,
postlog/postlog.c, postlogd/postlogd.c, postmap/postmap.c,
postmulti/postmulti.c, postqueue/postqueue.c,
postsuper/postsuper.c, sendmail/sendmail.c, util/connect.h,
util/listen.h, util/logwriter.c, util/logwriter.h,
util/msg_logger.c, util/msg_logger.h, util/msg_output.c,
util/msg_output.h, util/unix_dgram_connect.c,
util/unix_dgram_listen.c.
Cleanup: cert/key/chain loading, plus unit tests to exercise
non-error and error cases. Viktor Dukhovni. Files: tls/*.pem,
tls*.pem.ref, tls/tls_certkey.c.
20190126
Safety: Postfix programs will log to either syslog or postlog
but not both; and postlogd forwards postlog logging to
syslog, when a configuration change removes the maillog_file
pathname, but some programs still use the old configuration.
Files: util/msg_syslog.[hc], util/msg_logger.c,
global/maillog_client.c, postlogd/postlogd.c,
Bugfix (introduced: Postfix 20110109, Postfix 2.10): watchdog
pipe file descriptor leak. This pipe provides one source
of liveness, data from this pipe is discarded, and therefore
this does not enable privilege escalation or DOS. File:
util/watchdog.c.
Feature: stdout logging support; requires "postfix start-fg"
and "maillog_file = /dev/stdout". Files: master/master.c,
conf/postfix-script.
20190127
Safety: when maillog_file is specified, 'postfix check' now
requires that the postlog service is enabled in master.cf.
Otherwise 'postfix start' etc. will log a fatal error. File:
conf/postfix-script.
Documentation: added policy_context example. File:
proto/SMTPD_POLICY_README.html.
20190128
Testing: run libtls tests under Valgrind. File tls/Makefile.in.
20190129
Safety: require that $maillog_file matches one of the
pathname prefixes specified in $maillog_file_prefixes. The
maillog file is created by root, and the prefixes limit the
damage from a single configuration error. Files:
global/mail_params.[hc], global/maillog_client.c.
20191201
Feature: "postfix logrotate" command with configurable
compression program and datestamp filename suffix. File:
conf/postfix-script.
20190202
Cleanup: log a warning when the client sends a malformed
SNI; log an info message when the client sends a valid SNI
that does not match the SNI lookup tables; update the
FORWARD_SECRECY_README logging examples. Viktor Dukhovni.
Files: proto/FORWARD_SECRECY_README.html, tls/tls.h,
tls/tls_client.c, tls/tls_misc.c.
20190208
Debugging: the master(8) daemon now logs a warning if a
master.cf entry is defined multiple times. File:
src/master/master_conf.c.
20190209
Debugging: tlsproxy(8) now logs more details about unexpected
configuration differences between the Postfix SMTP client
and the tlsproxy(8) daemon.
20190210
Documentation: Postfix 3.4.0 RELEASE NOTES.
Documentation: added BDAT_README.
Documentation: global TLS settings. Files: mantools/postlink,
smtp/smtp.c, tlsproxy/tlsproxy.c.
20190211
Cleanup: removed obsolete parameters: tls_dane_digest_agility,
tls_dane_trust_anchor_digest_enable; removed openssl_path
parameter from configuration difference checks in tlsproxy.
Files: global/mail_params.h, tls/tls_misc.c,
tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c,
tls/tls_proxy_client_scan.c, tls/tls_proxy.h.
20190212
Cleanup: missing #ifdef USE_TLS. Files: smtp/smtp_session.c,
posttls-finger/posttls-finger.c.
20190217
Cleanup: when the master daemon runs with PID=1 (init mode),
reap orhpan processes from non-Postfix code running in the
same container, instead of terminating with a panic. File:
master/master_spawn.c.
20190218
Bugfix: tlsproxy did not enable DANE-style PKI because
libtls seems to have to accreted multiple init functions
instead of reusing the tls_client_init() and tls_client_start()
API. And some functions that do initialization don't even
have init in their name! Problem report by Andreas Schulze.
Viktor Dukhovni. Files: tls/tls_misc.c, tlsproxy/tlsproxy.c.
Workaround: Postfix libtls makes DANE-specific changes to
the shared SSL_CTX. To avoid false sharing, tlsproxy needs
to label the SSL_CTX cache with DANE bits until we can
remove the code that modifies SSL_CTX. File: tlsproxy/tlsproxy.c.
Cleanup: Postfix libtls changed the shared SSL_CTX to
override ciphers. instead of changing the SSL handle. To
avoid false sharing in tlsproxy, the changes are now made
to the SSL handle. Viktor Dukhovni. Files: tls/tls.h,
tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c.
20190219
Bugfix: in the Postfix SMTP client, TLS wrappermode was not
tested in tlsproxy mode. It needed some setup for buffering
and timeouts. Problem report by Andreas Schulze. File:
smtp/smtp_proto.c.
20190304
Bugfix: a reversed test broke TLS configurations that specify
the same filename for a private key and certificate. Reported
by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the
test. Files: tls/tls_certkey.c, tls/Makefile.in.
20190310
Bitrot: LINUX5s support, after some sanity checks with a
rawhide prerelease version. Files: makedefs, util/sys_defs.h.
Bugfix (introduced: 20181226): broken DANE trust anchor
file support, caused by left-over debris from the 20181226
TLS library overhaul. By intrigeri. File: tls/tls_dane.c.
Bugfix (introduced: Postfix-1.0.1): null pointer read, while
logging a warning after a corrupted bounce log file. File:
global/bounce_log.c.
Bugfix (introduced: Postfix-2.9.0): null pointer read, while
logging a warning after a postscreen_command_filter read
error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c
20190312
Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
has been producing false rejects starting with the Postfix
2.2 smtpd_end_of_data_restrictons, and for the same reasons,
does the same with the Postfix 3.4 BDAT command. The latter
was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
20190319
With message_size_limit=0 (which is NOT DOCUMENTED), BDAT
chunks were always rejected as too large. File: smtpd/smtpd.c
20190328
Bugfix (introduced: Postfix 3.0): LMTP connections over
UNIX-domain sockets were cached but not reused, due to a
cache lookup key mismatch. Therefore, idle cached connections
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
20190331
Documentation: tlsext_padding is not a tls_ssl_options
feature. File: proto/postconf.proto.
20190401
Portability: added "#undef sun" to util/unix_dgram_connect.c.
20190403
Bugfix (introduced: Postfix 2.3): a censoring filter broke
multiline Milter responses for header/body events. Problem
report by Andreas Thienemann. Files: util/printable.c,
util/stringops.h, smtpd/smtpd.c
Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit =
0" no longer meant 'unlimited'. Problem report by Luc Pardon.
File: smtp/smtp_addr.c.
20190615
Documentation: updated the BUGS section in the smtp(8) manpage
about TLS connection reuse. File: smtp/smtp.c.
Workaround for implementations that hang Postfix while
shutting down a TLS session, until Postfix times out. With
"tls_fast_shutdown_enable = yes" (the default), Postfix no
longer waits for the TLS peer to respond to a TLS 'close'
request. This is recommended with TLSv1.0 and later. Files:
global/mail_params.h, tls/tls_session.c, and documentation.
20190621
Bugfix (introduced: Postfix 3.0): the code to reset Postfix
SMTP server command counts was not called after a HaProxy
handshake failure, causing stale numbers to be reported.
The command counts are now reset in the function that reports
the counts. File: smtpd/smtpd.c.
pkgsrc changes:
---------------
* Remove -DHAS_EAI since it does not appear anywhere
* Add pkg-config to USE_TOOLS since patch-ai introduces it
* Bump revision since binaries are now linked to icui18n
to determine whether to use the blacklistd feature. This allows
for automatically picking up new OSes that provide blacklistd as
well as ignoring older versions of NetBSD and FreeBSD that don't
have blacklistd.
Add UseBlacklist to M4 config generator. This means that you can
turn it on by doing something like:
LOCAL_CONFIG
...
define(`confUSE_BLACKLIST', `True')dnl
...
It is set to false as the feature is experimental having just been
created.
Ride previous PKGREVISION bump as it was less than an hour ago.
originally created for FreeBSD and were ported to pkgsrc by Hauke
Fath with some cleanup by myself.
These patches add a new "UseBlacklist" option to sendmail to have
it send authentication failure notices to blacklistd.
sendmail options BadRcptShutdown and BadRcptShutdownGood to be
used. "ffr" stands for For Future Release, which means it is a
beta test feature that may show up in a future release of sendmail.
The sendmail-ffr-badrcptshutdown option is disabled by default so
no change to binary packages, thus not bumping PKGREVISION.
Changes:
1.8.5
-----
- Fixed OAUTHBEARER.
- Support for TLS client certificates via PKCS11 devices, e.g. smart cards.
- Various small bug fixes and improvements.
process for a mailing list or mail address. It is invoked by qmail-local
through a dot-qmail file, and can reduce the amount of junk mail hitting
a mailbox or the mailboxes of mailing list subscribers. qconfirm
performs this delivery confirmation process either sender based or
message based.
When used for a public mail address, not a mailing list, qconfirm is
capable of detecting follow-ups on mail messages originated from this
mail address, and doesn't request delivery confirmation is this case.
qconfirm also is able to identify delivery confirmation requests from
recipients of mail messages, and automatically confirms the delivery
if desired.
Do not bump revision since binary cannot be altered
pkgsrc changes:
---------------
* make blk3 conform to options.mk
* move BUILD_DEFS (pkglint WARN--)
* comment an explicit patch (pkglint ERROR--)
Upstream changes:
version 3.007: Thu 13 Jun 16:54:08 CEST 2019
Fixes:
- remove debug statements.
version 3.006: Wed 12 Jun 16:43:39 CEST 2019
Improvements:
- more flexible in passing settings to Mail::IMAPClient.
version 3.005: Wed 5 Jun 15:56:33 CEST 2019
Fixes:
- ignore StartTLS on SSL connection.
- enforce message_type is ::IMAP::Message, not ::IMAPs
1.9.4: 23 May 2019
* [CritFix] Fix case sensitivity when parsing Content-Type
* [Fix] Arc: Another bunch of fixes for arc signing
* [Fix] Arc: More arc signing fixes
* [Fix] Avoid another overflow in fpconv
* [Fix] Fix ARC signing after fixing another bug in it...
* [Fix] Fix dkim signing exceptions
* [Fix] Fix some more corner cases for fpconv
* [Fix] Further fixes to printing of the FP numbers
* [Fix] Ratelimit: Fix dynamic score
1.9.3: 13 May 2019
* [Conf] Add IP_SCORE_FREEMAIL composite rule
* [Feature] Add cryptobox method to generate dkim keypairs
* [Feature] Add fast hashes to lua cryptobox hash
* [Feature] Add least passthrough results
* [Feature] Allow oversign if exists mode
* [Feature] Clickhouse: Modernise table initial schema
* [Feature] Implement IUF interface for specific fast hashes
* [Feature] Lua_util: Allow to obfuscate different fields
* [Feature] Tune memory management in Rspamd and Lua
* [Fix] Avoid buffer overflow when printing long lua strings
* [Fix] Change the default oversigning headers to a more sane list
* [Fix] Clickhouse: Do not store digest as it is not needed now
* [Fix] Clickhouse: Fix lots of storage issues
* [Fix] Clickhouse: Support custom actions
* [Fix] Deny URLs where hostname is bogus
* [Fix] Do not blacklist mail by SPF/DMARC for local/authed users
* [Fix] Fix DoS caused by bug in glib
* [Fix] Fix UCL parsing of the multiline strings
* [Fix] Fix buffer overflow when printing small floats
* [Fix] Fix init code for servers keypairs cache
* [Fix] Fix issue with urls with no tld (e.g. IP)
* [Fix] Fix memory in arc signing logic
* [Fix] Fix memory leak in language detector during reloads
* [Fix] Fix mixed case content type processing
* [Fix] Fix processing of the ip urls in file
* [Fix] Fix use after free
* [Fix] HTML: Fix `size` attribute processing
* [Fix] Hum, it seems that 99ff1c8 was not correct
* [Fix] Lua_task: Fix task:get_from method
* [Fix] Preserve fd when mapping file to scan
* [Fix] Re-use milter_headers settings when doing arc signing
* [Fix] Set dmarc force action as least action
* [Fix] Switch to GMT
* [Fix] allow PKCS7 signatures to be text/plain, too
* [Project] Add initial version of the vault management tool
* [Project] Add vault support for DKIM and ARC signing
* [Project] Implement keys rotation in the vault
* [Project] Improve dkim keys generation for vault
* [Project] Improve keys creation in rspamadm vault
* [Rework] Move lua_worker to a dedicated unit
* [WebUI] Add URL fragments (#) support
* [WebUI] Fix AJAX request URL
1.9.2: 16 Apr 2019
* [Conf] Allow to load users plugins from plugins.d
* [Conf] oversign openpgp and autocrypt headers
* [Feature] Add SPF FFI library for Lua
* [Feature] Add more verbosity for SPF caching
* [Feature] Antivirus: Handle encrypted files specially
* [Feature] Clickhouse: Slashing - add new fields to CH
* [Feature] Dkim_signing: Add OpenDKIM like signing_table and key_table
* [Feature] Dkim_signing: Allow to use new options as maps
* [Feature] Import fpconv library
* [Feature] Lua_maps: Allow static regexp and glob maps
* [Feature] Parse ical files
* [Feature] Rspamadm: Add dns_tool utility
* [Feature] Store SPF records digests
* [Feature] Use fpconv girsu2 implementation for printing floats
* [Fix] Clickhouse: Use integer seconds when inserting rows
* [Fix] Fix floating point printing
* [Fix] Fix processing of embedded urls
* [Fix] Lua_clickhouse: Fix CH errors processing
* [Fix] Make spf digest stable
* [Fix] Properly detect encrypted files in zip archives
* [Fix] Slashing: Store times in GMT timezone in ClickHouse
* [Rules] Add additional conditions to perform BTC checks
* [Rules] Fix pay-to-hash addresses validation
1.9.1: 5 Apr 2019
* [Conf] Add vendor groups for symbols
* [Feature] Add `rspamadm template` command
* [Feature] Allow to add messages from settings
* [Feature] Allow unconnected DNS servers operations
* [Feature] Check limits after being set, migrate to uint64
* [Feature] Greylist: Allow to disable greylisting depending on symbols
* [Feature] Improve lua binary strings output
* [Feature] Mime_types: Implement user configurable extension filters
* [Feature] Mime_types: When no extension defined, detect it by content
* [Feature] Preprocess config files using jinja templates
* [Feature] Replies: Filter replies sender to limit whitelisting to direct messages
* [Feature] Treat all tags with HREF as a potential hyperlinks
* [Feature] Validate BTC addresses in LEAKED_PASSWORD_SCAM
* [Fix] Add crash safety for HTTP async routines
* [Fix] Another fix for Redis sentinel
* [Fix] Clickhouse: Fix table schema upload
* [Fix] Core: Fix squeezed dependencies handling for virtual symbols
* [Fix] Finally fix default parameters parsing in actions section
* [Fix] Fix ES sending logic (restore from coroutines mess)
* [Fix] Fix finishing script for clickhouse collection
* [Fix] Fix priority for regexp symbols registriation
* [Fix] Fix various issues found by PVS Studio
* [Fix] Initialize lua debugging earlier
* [Fix] Neural: Fix training
* [Fix] Rework cached Redis logic to avoid sentinels breaking
* [Fix] SURBL: Fix regression in surbl module
* [Fix] Fix double signing in the milter
* [Project] Add support of HTTP proxy in requests
* [Rework] Change lua global variables registration
* [Rework] Rework HTML content urls extraction
* [Rework] Start rework of aliasing in Rspamd
* [WebUI] Combine Scan and Learning into one tab
* [WebUI] Fix symbol score input type
* [WebUI] Show grayed out pie
* [WebUI] Update Throughput summary values dynamically
1.9.0: 12 Mar 2019
* [Conf] Add missing includes
* [Conf] Move to options
* [Conf] Rbl: DWL is actually special whitelist
* [Conf] Relax some uribl rules
* [Conf] Remove abuse.ch
* [CritFix] Html: Entities are not valid within tag params values
* [Feature] Add `rspamadm mime sign` tool
* [Feature] Add configgraph utility
* [Feature] Add dedicated ZW spaces detection for URLs
* [Feature] Add flag to url object when visible part is url_like
* [Feature] Add method task:lookup_words
* [Feature] Add pyzor support (by crosenberg)
* [Feature] Allow to add upstream watchers to Lua API
* [Feature] Allow to set rewrite subject pattern from settings
* [Feature] Better escaping of unicode
* [Feature] Clickhouse: Allow to store subject in Clickhouse
* [Feature] Core: Add QP encoding utility
* [Feature] Core: Add libmagic detection for all parts
* [Feature] Core: Add support for gzip archives
* [Feature] Core: Allow to construct scan tasks from raw data
* [Feature] Core: Detect charset in archived files
* [Feature] Core: Ignore and mark invisible spaces
* [Feature] Core: Normalise zero-width spaces in urls
* [Feature] Core: Process data urls for images
* [Feature] Core: Relax quoted-printable encoding
* [Feature] Core: Support RFC2231 encoding in headers
* [Feature] Core: Support telephone URLs
* [Feature] Core: allow to emit soft reject on task timeout
* [Feature] DCC: Add bulkness and reputation checks to dcc
* [Feature] Elastic: Modernize plugin
* [Feature] Export visible part of url to lua
* [Feature] Fuzzy_storage: add preliminary support of rate limits
* [Feature] HTML: Specially treat data urls in HTML
* [Feature] Implement event watchers for upstreams
* [Feature] Implement includes tracing in Lua
* [Feature] Improve dkim part in configwizard
* [Feature] Lua_scanners: Add VadeSecure engine support
* [Feature] Lua_task: Add flexible method to get specific urls
* [Feature] Mime_types: Add MIME_BAD_UNICODE rule
* [Feature] Mime_types: Use detected content type as well
* [Feature] Plugins: Add preliminary version of the external services plugin
* [Feature] Query sentinel on master errors
* [Feature] Regexp: Allow local lua functions in Rspamd regexp module
* [Feature] Rspamadm: Allow to append footers to plain messages
* [Feature] Rspamadm: Allow to rewrite headers in messages
* [Feature] Selectors: Add `ipmask` processor
* [Feature] Settings: Allow hostname match
* [Feature] Settings: Allow local when selecting settings
* [Feature] Settings: Allow multiple selectors
* [Feature] Settings: Allow to inverse conditions
* [Feature] Support User-Agent in HTTP requests
* [Feature] Support ed25519 dkim keys generation
* [Feature] Try to filter bad unicode types during normalisation
* [Feature] external_services - oletools (olefy) support
* [Feature] lua_scanners - icap protocol support
* [Feature] lua_scanners - spamassassin spam scanner
* [Fix] Add filter for absurdic URLs
* [Fix] Add some more cases for Received header
* [Fix] Allow to disable/enable composite symbols
* [Fix] Arc: Use a separated list of headers for arc signing
* [Fix] Archive: Final fixes for 7z archives
* [Fix] Clickhouse: Fix database usage
* [Fix] Controller: Make save stats timer persistent
* [Fix] Core: Detect encrypted rarv5 archives
* [Fix] Core: Don't detect language twice
* [Fix] Core: Fix address rotation bug
* [Fix] Core: Fix content calculations for message parts
* [Fix] Core: Fix emails comments parsing and other issues
* [Fix] Core: Fix etags support
* [Fix] Core: Fix headers folding on the last token
* [Fix] Core: Fix iso-8859-16 encoding
* [Fix] Core: Fix log_urls flag (and encrypted logging)
* [Fix] Core: Fix part length when dealing with boundaries
* [Fix] Core: Fix parts distance calculations
* [Fix] Core: Fix processing of NDNs of certain type
* [Fix] Core: Implement logic to find some bad characters in URLs
* [Fix] Core: treat nodes with ttl properly in lru cache
* [Fix] Fix Content-Type parsing
* [Fix] Fix HTTP headers signing case
* [Fix] Fix control interface
* [Fix] Fix deletion of the duplicate headers
* [Fix] Fix emails filtering in emails module
* [Fix] Fix greylisting log message and logic
* [Fix] Fix issues with storing of the accepted addr in rspamd control
* [Fix] Fix maps object update race condition
* [Fix] Fix memor leaks and whitespace processing
* [Fix] Fix processing of null bytes in headers
* [Fix] Fix rcpt_mime and from_mime in user settings
* [Fix] Fix rfc2047 decoding for CD headers
* [Fix] Fix rfc2231 for Content-Disposition header
* [Fix] Fix setting of the subject pattern in config
* [Fix] Greylist: fix records checking
* [Fix] HTML: Another HTML comments exception fix
* [Fix] HTML: Another entities decoding logic fix
* [Fix] HTML: Fix HTML comments with many dashes
* [Fix] HTML: Fix entities in HTML attributes
* [Fix] HTML: Fix some more SGML tags issues
* [Fix] Ignore whitespaces at the end of value in DKIM records
* [Fix] MID module: Fix DKIM domain matching
* [Fix] Milter_headers: Fix remove_upstream_spam_flag and modernise config
* [Fix] Mime_parser: Fix issue with parsing of the trailing garbadge
* [Fix] Mime_parser: Fix parsing of mime parts without closing boundary
* [Fix] Multimap: Fix operating with userdata
* [Fix] Process orphaned `symbols` section
* [Fix] Rdns: Fix multiple replies in fake replies
* [Fix] Rework groups scores definitions
* [Fix] Set proper element when reading data from Sentinel
* [Fix] Set rspamd user to initialise supplementary groups on reload
* [Fix] Settings: Fix selectors usage
* [Fix] Sort data received from Sentinel to avoid constant replacing
* [Fix] groups.conf - filename typo
* [Fix] lua_scanner - oletools typos, logging
* [Fix] lua_scanners - actions and symbol_fail
* [Fix] lua_scanners - fix luacheck
* [Fix] lua_scanners - kaspersky - response with fname
* [Fix] lua_scanners - savapi redis prefix
* [Fix] tests - antivirus - fprot symbols
* [Project] Add concept of flexible actions
* [Project] Add heuristical from parser to received parser
* [Project] Add new flags to clickhouse, redis and elastic exporters
* [Project] Attach new received parser
* [Project] Fallback to callbacks from coroutines
* [Project] Implement keep-alive support in lua_http
* [Project] Lua_udp: Implement fully functional client
* [Project] Plug keepalive knobs into http connection handling
* [Project] Rspamadm: Add `modify` tool
* [Rework] Convert rspamd-server to a shared library
* [Rework] Dcc: Rework DCC plugin
* [Rework] Enable explicit coroutines symbols
* [Rework] Rework telephone urls parsing logic
* [Rework] Rewrite RBL module
* [Rework] Settings: Rework settings check
* [Rework] Slashing: Distinguish lualibdir, pluginsdir and sharedir
* [Rework] Unify task_timeout
* [Rework] Use VEX instructions in assembly, relocate
* [WebUI] Notify user if uploaded data was not learned
* [WebUI] Remove redundant condition
1.8.3: 03 Dec 2018
* [CritFix] Make flags mutually exclusive for mime parts
* [CritFix] Strictly deny unencoded bad utf8 sequences in headers
* [Feature] Add Kaspersky antivirus support
* [Feature] Add method to get dkim results
* [Feature] Add more words regexp classes
* [Feature] Allow to choose words format in `rspamadm mime`
* [Feature] Allow to get all types of words from Lua
* [Feature] Allow to get task flags in C expressions
* [Feature] Allow to require encryption when accepting connections
* [Feature] Ignore bogus whitespaces in the words
* [Feature] Implement more strict configuration tests
* [Feature] Improve SPF results in Authentication-Results
* [Feature] Support ClickHouse database
* [Fix] Add failsafety for utf8 regexps
* [Fix] Do not trigger BROKEN_CONTENT_TYPE on innocent text parts
* [Fix] Emit error if connection has been terminated with no stop pattern
* [Fix] Fix boundaries checks in embedded messages
* [Fix] Fix double free
* [Fix] Perform policy downgrade on sample out, add tests
* [Fix] Properly escape utf8 regexps in hyperscan mode
* [Fix] Selectors - attachments args condition
* [Fix] Some fixes for raw parts
* [Fix] Treat learning errors as non-fatal
* [Fix] Use tld when looking for DKIM domains
* [Project] Words unicode structure rework
* [Project] Add preliminary Redis Sentinel support
* [Project] Improve Authentication-Results header
* [Project] Rework DKIM checks results
* [Project] Use more generalised API to produce meta words
1.8.2: 19 Nov 2018
* [Conf] Add DWL support in the default configuration
* [Conf] Disable rspamd_update by default (again)
* [Conf] Fix configuration sample for ratelimit
* [CritFix] Disable broken url tags by default
* [CritFix] Fix \0 processing when doing RSA sign
* [CritFix] Fix adding symbols to their primary groups
* [Feature] Add `rspamadm cookie` utility
* [Feature] Add specialised functions for generating encrypted cookies
* [Feature] Add support of cookies in replies module
* [Feature] Add support of words regexps
* [Feature] Allow to add 3rd party clang plugins
* [Feature] Allow to create lua regexps from glob or plain patterns
* [Feature] Allow to set custom limits for upstream lists
* [Feature] Detect orphaned parts and attach them to message
* [Feature] Filter tokens in bayes
* [Feature] Fold b= value when doing arc sealing
* [Feature] Ignore cookies in the future and too old in the past
* [Feature] Skip stop words in statistics
* [Feature] Store stop words and allow to query them
* [Feature] Support query arguments in controller's custom commands
* [Feature] Tune upstream limits in Rspamd proxy
* [Feature] Use different callback symbols for different uribls
* [Feature] Write DKIM selector in dkim allow/reject symbols
* [Fix] Add obs_fws state support to eoh state machine
* [Fix] Add sanity check when applying mime boundaries heuristic
* [Fix] Antivirus - virus names with 0 were recognized as tables
* [Fix] Disable headernames in bayes temporarily
* [Fix] Do not allow syntax errors in include files...
* [Fix] Do not allow to merge an object with an array (or vice versa)
* [Fix] Don't perform forged recipients check for missing recipients
* [Fix] Fix DKIM based RBLs
* [Fix] Fix actrie implementation (sync from upstream), fixed OOB read
* [Fix] Fix explicit methods call in selectors
* [Fix] Fix extraction of additional parts
* [Fix] Fix finalization for internal plugins
* [Fix] Fix override_defaults function
* [Fix] Fix squeezed symbols when using settings
* [Fix] Fix urls insertion in Clickhouse module
* [Fix] Furhter fixes to ratelimits logic
* [Fix] Ignore signatures when looking for boundaries
* [Fix] Properly set learned count
* [Fix] Really fix ratelimits configuration and work
* [Fix] Remove ambigious format flag from printf
* [Fix] Restore URLs exporting in ClickHouse plugin
* [Fix] Rework bayes calculations...
* [Fix] Switch from chi-square to naive for large Fisher value
* [Fix] Treat normal password as enable password if there is no enable password
* [Fix] Use proper syntax for making DNS requests
* [Fix] Various fixes in embedded plugins
* [Project] Change fuzzy check selection logic to lua_fuzzy library
* [Project] Rework async events and symbols
* [Project] Move all metatokens in Bayes to lua_stat from C
* [WebUI] Add history rows per page control
1.8.1: 16 Oct 2018
* [CritFix] Fix options insertion
* [CritFix] Fix words decay one more time (affects long messages)
* [CritFix] Increase default words_decay
* [CritFix] Plug memory leak in redis pool
* [Feature] Add `check_violation` feature to DKIM/ARC signing
* [Feature] Add only unique elements to Clickhouse url arrays
* [Feature] Allow `g+:` and `g-:` composite atoms
* [Feature] Allow dkim domains check in surbl
* [Feature] Allow maps with HTTP auth
* [Feature] Allow to disable actions by users settings
* [Feature] Extend whitelisting options
* [Feature] Store url object in images
* [Feature] Use verdict instead of the plain action in plugins
* [Fix] Allow to call fstring append with NULL string
* [Fix] DCC - luacheck
* [Fix] Do not load torch on each rspamadm invocation
* [Fix] Fix boundaries detection and rework stop words algorithm
* [Fix] Fix dependencies for DNS_SIGNED symbol
* [Fix] Fix errors when dealing with dynamic rates/bursts in Ratelimit
* [Fix] Fix groups mess
* [Fix] Fix groups mess
* [Fix] Fix parsing address with comments
* [Fix] Fix resolving in DMARC reports
* [Fix] Fix various issues with parsing of the received headers
* [Fix] Fix watchers issue in lua_tcp when doing no resolving
* [Fix] Plug memory leak in language detector (affects reloads)
* [Fix] Remove one letter stop words
* [Fix] Slashing: backport chunk logic from libucl
* [Fix] Stop libevent from using cached time in rspamadm
* [Fix] Try to fix watchers chaining
* [Fix] Various fixes in redis sync interface
* [Fix] ip_score - respect check_authed and check_local settings from config
* [Project] Rework passthrough actions
* [Project] Clustering module
* [Rework] Always create result for a task
* [Rework] Completely rewrite DMARC checks logic
* [Rework] Rework and fix whitelist plugin
* [WebUI] Add symbols sorting buttons
* [WebUI] Change symbols order without updating history
* [WebUI] Colorize symbols
* [WebUI] Do not display password form when secure_ip is set
* [WebUI] Fix symbol description tooltips display
* [WebUI] History: add sorting by symbol score value
+ $fcc_before_send, when set, causes Fcc to occur before sending instead of
afterwards. When set, the message is saved as-sent; please see the
documentation for details.
Changelog:
Fixed
No prompt for smartcard PIN when S/MIME signing is used
Security fixes:
#CVE-2019-11703: Heap buffer overflow in icalparser.c
#CVE-2019-11704: Heap buffer overflow in icalvalue.c
#CVE-2019-11705: Stack buffer overflow in icalrecur.c
#CVE-2019-11706: Type confusion in icalproperty.c
Changelog:
What's new in notmuch 0.29.1
=========================
Build
-----
Fix for installation failure with `configure --without-emacs`.
What is notmuch
===============
Notmuch is a system for indexing, searching, reading, and tagging
large collections of email messages in maildir or mh format. It uses
the Xapian library to provide fast, full-text search with a convenient
search syntax.
Changelog:
Notmuch 0.29 (2019-06-07)
=========================
General
-------
Add "body:" field to allow searching for terms that occur only in the
message body. Users will need to reindex their mail to take advantage
of this feature.
Add support for indexing user specified headers (e.g. List-Id). See
notmuch-config(1) for details. This requires reindexing after changing
the set of headers to be indexed.
Fix bug for searching in some headers for Xapian keywords in quoted
strings.
Add support for gzip compressed mail messages (/not/ multi-message
mboxes); e.g. `gzip -9 $MAIL/archive/giant-message && notmuch new`
should work. Note that maildir flag syncing for gzipped messages is
currently untested.
Notmuch is now capable of indexing, searching and rendering
cryptographically-protected Subject: headers of the form produced by
Enigmail and K-9 mail in encrypted messages.
Command Line Interface
----------------------
`notmuch show` now supports --body=false and --include-html with
--format=text
Fix several performance problems with `notmuch reindex`.
`notmuch show` and `notmuch reply` now emit per-message cryptographic
status in their json and sexp output formats. See devel/schemata for
more details about what is included there. This status includes
information about cryptographic protections for the Subject header.
Emacs
-----
Optionally check for missing attachements in outgoing messages (see
function `notmuch-mua-attachment-check`).
Bind `B` to browse URLs in current message.
Bind `g` to refresh the current notmuch buffer.
Editing a message as new now includes an FCC header.
Forwarded messages are now tagged as +forwarded (customizable).
Add references header to link forwarded message to thread of original
message.
The minimum supported major version of Emacs is now 24.
Support for GNU Emacs older than 25.1 is deprecated with this release,
and may be removed in a future release.
Notmuch-emacs documentation is somewhat expanded. More contributions
are very welcome.
Build System
------------
Notmuch release tarballs are now compressed with `xz`.
We now provide conventional detached signatures of the release
tarballs in addition to the signed `sha256sum` files.
Dependencies
------------
Support for GMime 2.6 is removed. The minimum supported version of
GMime is now 3.0.3. GMime also needs to have been compiled with
cryptography support.
Test Suite
----------
If either GNU parallel or moreutils parallel is installed, the tests
in the test suite will now be run in parallel (one per available
core). This can be disabled with NOTMUCH_TEST_SERIALIZE=1.
This release addresses a security issue with inline-PGP messages
that allows an attacker to have Enigmail display a correctly signed
or encrypted message info, but display a different unauthenticated
text.
Changelog:
changed
Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut
fixed
Various security fixes
#CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
#CVE-2019-9816: Type confusion with object groups and UnboxedObjects
#CVE-2019-9817: Stealing of cross-domain images using canvas
#CVE-2019-9818: Use-after-free in crash generation server
#CVE-2019-9819: Compartment mismatch with fetch API
#CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
#CVE-2019-11691: Use-after-free in XMLHttpRequest
#CVE-2019-11692: Use-after-free removing listeners in the event listener manager
#CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
#CVE-2019-7317: Use-after-free in png_image_free of libpng library
#CVE-2019-9797: Cross-origin theft of images with createImageBitmap
#CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
#CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
#CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
#CVE-2019-5798: Out-of-bounds read in Skia
#CVE-2019-9800: Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and Thunderbird 60.7
Changes since version 1.11.4:
! $ssl_use_tlsv1 and $ssl_use_tlsv1_1 now default to unset.
+ $auto_subscribe, when set, automatically adds an email with the List-Post
header to the subscribe list.
! Fcc now occurs after sending a message. If the fcc fails, mutt will prompt
to try again, or to try another mailbox.
+ Basic protected header ("memory hole") support added for the Subject header.
See the config vars: $crypt_protected_headers_read,
$crypt_protected_headers_save, $crypt_protected_headers_subject,
and $crypt_protected_headers_write.
! Color names can be prefixed with "light" in addition to "bright". "bright"
colors are bold face, while "light" are non-bold.
! Color commands can now include an attribute (e.g. bold, underline).
! $pgp_use_gpg_agent defaults set.
+ <descend-directory> in the browser menu allows entering nested maildir
directories.
+ <group-chat-reply> replies to all, but preserves To recipients in the reply.
+ $include_encrypted, default unset, prevents separately encrypted contents
from being included in a reply. This helps to prevent a decryption oracle
attack.
! With gpgme >= 1.11, recipient keys with a trailing '!' now force subkey use,
as with classic gpg.
! In send mode, %{charset} mailcap expansion uses the current charset of the
file.
+ $imap_fetch_chunk_size allows fetching new headers in groups of this size.
This might help with timeouts during opening of huge mailboxes.
If you have huge mailboxes, you should also try $imap_qresync.
! <toggle-write> can be invoked from the pager too.
+ The $forward_attachments quadoption allows including attachments in
inline-forwards (i.e. $mime_forward unset, $forward_decode set.)
Add missing DEPENDS
Upstream changes:
2019-04-12: Marc Bradshaw <marc@marcbradshaw.net>
* The authserv-id of an Authentication-Results header can contain
CFWS, Use Mail::AuthenticationResults to parse the authserv-id
from this field.
Mail::AuthenticationResults provides object-oriented authentication-results
email headers. This parser copes with most styles of Authentication-Results
header seen in the wild, but is not yet fully RFC7601 compliant.
Differences from RFC7601:
- key/value pairs are parsed when present in the authserv-id section, this is
against RFC but has been seen in headers added by Yahoo!.
- Comments added between key/value pairs will be added after them in the data
structures and when stringified.
Upstream changes:
version 3.005: Fri 3 May 09:41:53 CEST 2019
Fixes:
- wrong place to set default message type.
- transporter should differentiate between pop3 and pop3s in url().
Improvements:
- cleanup ::POP3 coding style.
Upstream changes:
version 3.004: Fri 3 May 09:24:50 CEST 2019
Fixes:
- xt/99pod.t was missing from git
- represent ssl in url()
Improvements:
- transporter: rename 'starttls' into 'ssl' option
- add ::IMAP4s for url abstraction.
o new dependencies: courier-unicode (split out library), libidn
o install text READMe files over html ones
o add options.mk
- optionally authenticate against dovecot user db
- make locking configurable (I have seen locking rows between
dovecot and mailfilter that lead to delivery failures)
o re-work patches
From the upstream changelog (yes, it's been eight years):
3.0.0
2018-07-31 Sam Varshavchik <mrsam@courier-mta.com>
* rfc2045/reformime: parse utf-8 address types in DSNs.
2018-07-30 Sam Varshavchik <mrsam@courier-mta.com>
* maildrop: explicitly require libidn to build maildrop.
2018-07-29 Sam Varshavchik <mrsam@courier-mta.com>
* mailbot: generate message/global, message/global-delivery-status,
and message/global-headers, when needed, when formatting autoreplies.
* reformime: -m option uses message/global instead of message/rfc822
for UTF8 messages.
2018-06-25 Sam Varshavchik <mrsam@courier-mta.com>
* rfc2045/reformime.c (main2): fix crash if -x or -X is specified
without the corresponding -s option.
2018-02-16 Sam Varshavchik <mrsam@courier-mta.com>
* libs/maildrop/search.C: ":H" pattern matching option, matching
only the main message headers.
2018-01-08 Osamu Aoki <osamu@debian.org>
* libs/maildrop/deliver.C (delivery): Always return 75 upon
delivery failure, for the standalone maildrop build.
2017-12-26 Sam Varshavchik <mrsam@courier-mta.com>
* libs/maildir/maildirmake.c (main): maildirmake's -q option
will create the maildir if it does not exist.
* libs/rfc2045/reformime.c (main2): Added -rU option, and a new
internal RFC2045_RW_8BIT_ALWAYS conversion option.
* libs/rfc2045/reformime.c (main2): Fix crash when the -s option
is not valid.
2.9.3
2017-11-26 Sam Varshavchik <mrsam@courier-mta.com>
* libs/rfc2045/rfc2045reply.c (mkreply): Fix null pointer
dereferences.
2.9.2
2017-10-03 Sam Varshavchik <mrsam@courier-mta.com>
* reformail: fix use after free with -f1
2017-09-27 Giovanni Bechis <giovanni@paclan.it>
* Fix to configure.ac
2017-09-19 Sam Varshavchik <mrsam@courier-mta.com>
* courier: switch default header encoding to UTF-8.
2.9.0
2017-06-17 Sam Varshavchik <mrsam@courier-mta.com>
* libs/maildir/maildirquota.c (docheckquota): Skip DT_LNK.
2017-03-11 Sam Varshavchik <mrsam@courier-mta.com>
* courier-unicode library API update.
2017-01-27 "Stefan Hornburg (Racke)" <racke@linuxia.de>
* Merge several Debian patches:
0001-Include-cstdio-in-afx.h.patch
0005-Ignore-and-.dpkg-a-z-files.patch
0007-Fix-bashisms.patch
0009-Fix-linking-in-upstream-Makefiles.patch
0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch
(*) with some changes.
0013-Add-P-to-ghostscript-invocation.patch
0014-Improve-error-reporting-in-preline.c.patch
0017-Fix-formatting-errors-in-syslog-calls.patch
0020-Add-perl-stanza-to-perlfilter-scripts.patch
2.8.5
2016-09-20 "Hanno Böck" <hanno@hboeck.de>
* libs/maildrop/maildir.C (MaildirSave): Fix new/delete mismatch.
2.8.4
2016-08-03 Sam Varshavchik <mrsam@courier-mta.com>
* reformime: do not abort due to invalid encoding of the "name"
attributes.
2015-12-20 Sam Varshavchik <mrsam@courier-mta.com>
* maildrop: implement the FLAGS variable.
2015-12-16 Andreas Kinzler <ml-ak@posteo.de>
* maildrop: fix maildrop not searching last line of text.
2015-07-19 Sam Varshavchik <mrsam@courier-mta.com>
* maildrop: fix parsing of a message without a body.
2.8.3
2015-06-27 "Hanno Böck" <hanno@hboeck.de>
* libs/maildrop/mailbot.c: Fix bad malloc for --feedback-* command
line parameters.
2015-06-20 Sam Varshavchik <mrsam@courier-mta.com>
* maildrop: Implement option to automatically create home directories.
2015-05-09 "Jö Fahlke" <jorrit@jorrit.de>
* maildrop: Don't include matched subpatterns in foreach.
2.8.2
2015-04-25 Giovanni Bechis <giovanni@openbsd.org>
* maildircache.c: fix use after free.
* mkdhparams: make compatible with libressl
2015-02-28 Sam Varshavchik <mrsam@courier-mta.com>
* Update to courier-unicode 1.2.
2015-02-16 "Hanno Böck" <hanno@hboeck.de>
* Fix compilation warning, testsuite.
2.8.0
2014-12-13 Sam Varshavchik <mrsam@courier-mta.com>
* Update autotools
2.7.2
2014-07-21 Sam Varshavchik <mrsam@courier-mta.com>
* gpglib, rfc2045: fix makefiles.
* maildrop: fix parsing of headers added by the -A option.
2014-07-13 Sam Varshavchik <mrsam@courier-mta.com>
* liblock, couriertls: fix compilation for OpenBSD -- based on a
patch from Giovanni Bechis <giovanni@paclan.it>.
2014-06-23 Sam Varshavchik <mrsam@courier-mta.com>
* libs/gpglib/Makefile.am: Fix -lunicode linkage.
* libs/rfc2045/Makefile.am: Fix -lunicode linkage.
* libs/rfc2045/rfc2045decodemsgtoutf8.c (rfc2045_decodemsgtoutf8):
recognize "message" MIME content type, in addition to "text".
2014-06-18 Sam Varshavchik <mrsam@courier-mta.com>
* maildrop: -d option changes groupid only when effective group id
is root. Addresses Debian bug 564601.
* mailbot: Add -T replydraft/-l options.
2014-02-02 Osamu Aoki <osamu_aoki_home@nifty.com>
* Makefile.am: install makedat.1 and makedat.html
2014-01-15 Sam Varshavchik <mrsam@courier-mta.com>
* libs/maildrop/search.C (search_cb): Fix logged patterns getting
garbled, in log output.
2014-01-12 Sam Varshavchik <mrsam@courier-mta.com>
* Factored out the unicode library into a separate package.
2.7.1
2013-11-25 Sam Varshavchik <mrsam@courier-mta.com>
* Fix various compiler warnings about unchecked results from setuid
and setgid calls.
2.7.0
2013-08-28 Sam Varshavchik <mrsam@courier-mta.com>
* maildrop: pattern searches are now specified in UTF-8. maildrop
MIME-decodes the search pattern, and transcodes it to the UTF-8
character set, for searching purposes.
2012-12-04 Alessandro Vesely <vesely@tana.it>
* rfc2045/makemime.c (openfile_or_pipe): Do not dup stdin filedesc,
sometimes the stdin buffer already gets filled.
2.6.0
2012-09-05 Sam Varshavchik <mrsam@courier-mta.com>
* maildir/maildiraclt.c (maildir_acl_delete): Fix double-free on error
path of an ENOMEM.
2012-06-18 Sam Varshavchik <mrsam@courier-mta.com>
* maildrop: make a mention of reformail -D's locking in the manual
pages.
2012-06-17 Osamu Aoki <osamu@debian.org>
* maildrop/formatmbox.C (GetLineBuffer): Do not skip whitespaces
looking for From: and Subject: headers, to log.
2012-05-05 Sam Varshavchik <mrsam@courier-mta.com>
* rfc2045/rfc2045mkboundary.c (rfc2045_mk_boundary): truncate
the hostname portion of the boundary to 30 chars.
2012-04-22 Sam Varshavchik <mrsam@courier-mta.com>
* liblock/mail.c (dotlock_exists): Quell a compiler warning.
2012-02-23 Osamu Aoki <osamu@debian.org>
* Miscellaneous spelling fixes.
2.5.5
2011-11-25 Sam Varshavchik <mrsam@courier-mta.com>
* rfc2045/rfc2045reply.c (mkreply): Fix copying of the contents of the
original message.
* rfc2045/reformime.c (do_print_info): rfc2231_udecodeDisposition()
failure is not fatal.
* rfc2045/reformime.c (get_suitable_filename): Ditto.
2011-09-06 Sam Varshavchik <mrsam@courier-mta.com>
* rfc2045/reformime.c (main2): Fixed segfault on some arches from an
initial null given to strtok.
2011-08-31 Sam Varshavchik <mrsam@courier-mta.com>
* mailbot: add "feedback" and "replyfeedback" formats, generating
RFC 5965-formatted feedback report. -a option attaches the entire
original message, instead of only its headers, for "replydsn",
"feedback", and "replyfeedback" formats.
2011-08-14 Sam Varshavchik <mrsam@courier-mta.com>
* rfc2045/reformime.c (main2): On ia64 and arm, argv is in readonly
memory.
There are currently no pkgsrc packages that depend on this one, so
we don't bother with keeping around the old version.
From the changelog:
2018-07-13 Sam Varshavchik <mrsam@courier-mta.com>
* unicode.c: Fix error and validation of valid modified-utf7
encoding.
2018-07-11 Sam Varshavchik <mrsam@courier-mta.com>
* unicode.c: Implement unicode_x_smap_modutf8 pseudo-encoding.
2018-04-27 Sam Varshavchik <mrsam@courier-mta.com>
* gcc 8 update, fix assertions. libtool and toolchain updates.
2.0
2017-03-06 Sam Varshavchik <mrsam@courier-mta.com>
* Migrate to C++11: remove unicode_char, use char32_t. Replace
std::vector<unicode_char> with std::u32string.
Changelog:
What's new in notmuch 0.28.4
=========================
Command line interface
----------------------
Fix a spurious error when using `notmuch show --raw` on messages whose
size is a multiple of the internal buffer size.
Update dovecot2-pigeonhole to 0.5.6.
v0.5.6 2019-04-30 Aki Tuomi <aki.tuomi@open-xchange.com>
+ sieve: Redirect loop prevention is sometimes ineffective. Improve
existing loop detection by also recognizing the
X-Sieve-Redirected-From header in incoming messages and dropping
redirect actions when it points to the sending account. This header
is already added by the redirect action, so this improvement only
adds an additional use of this header.
- sieve: Prevent execution of implicit keep upon temporary failure
occurring at runtime.
Update dovecot2 and dovecot-{gssapi,ldap,mysql,pgsql,sqlite} to 2.3.6.
v2.3.6 2019-04-30 Aki Tuomi <aki.tuomi@open-xchange.com>
* CVE-2019-11494: Submission-login crashed with signal 11 due to null
pointer access when authentication was aborted by disconnecting.
* CVE-2019-11499: Submission-login crashed when authentication was
started over TLS secured channel and invalid authentication message
was sent.
* auth: Support password grant with passdb oauth2.
+ Use system default CAs for outbound TLS connections.
+ Simplify array handling with new helper macros.
+ fts_solr: Enable configuring batch_size and soft_commit features.
- lmtp/submission: Fixed various bugs in XCLIENT handling, including a
hang when XCLIENT commands were sent infinitely to the remote server.
- lmtp/submission: Forwarded multi-line replies were erroneously sent
as two replies to the client.
- lib-smtp: client: Message was not guaranteed to contain CRLF
consistently when CHUNKING was used.
- fts_solr: Plugin was no longer compatible with Solr 7.
- Make it possible to disable certificate checking without
setting ssl_client_ca_* settings.
- pop3c: SSL support was broken.
- mysql: Closing connection twice lead to crash on some systems.
- auth: Multiple oauth2 passdbs crashed auth process on deinit.
- HTTP client connection errors infrequently triggered a segmentation
fault when the connection was idle and not used for a particular
client instance.
Update roundcube and related pacakges to 1.3.9.
RELEASE 1.3.9
-------------
- Fix TinyMCE download location (#6694)
- Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494)
- Fix handling of empty entries in vCard import (#6564)
- Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577)
- Fix PHP 7.2 compatibility in debug_logger plugin (#6586)
- Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581)
- Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599)
- Fix missing CSRF token on a link to download too-big message part (#6621)
- Fix bug when aborting dragging with ESC key didn't stop the move action (#6623)
- Fix bug where next row wasn't selected after deleting a collapsed thread (#6655)
This announcement concerns fixes for problems that were introduced
with Postfix 3.0 and later. This is the final update for Postfix
3.0.
Fixed in Postfix 3.3 and later:
* When the master daemon runs with PID=1 (init mode), it will now
reap child processes from non-Postfix code running in the same
container, instead of terminating with a panic. Reported by
Tamas Gerczei.
Fixed in Postfix 3.0 and later:
* With smtputf8_enable=yes, table lookups could casefold the
search string when searching a lookup table that does not use
fixed-string keys (regexp, pcre, tcp, etc.).
* With the posttls-finger test program, connections to unix-domain
servers always resulted in "Failed to establish session" even
after a connection was established. Reported by Jaroslav Skarva.
v2.3.5.2
* CVE-2019-10691: Trying to login with 8bit username containing
invalid UTF8 input causes auth process to crash if auth policy is
enabled. This could be used rather easily to cause a DoS. Similar
crash also happens during mail delivery when using invalid UTF8 in
From or Subject header when OX push notification driver is used.
* CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl header
from Dovecot index. Exploiting this requires direct write access to
the index files.
## 0.5.1 (2019-03-03)
* mdeliver: preserve mtime in mrefile
* mdirs: add -0 to separate folders by NUL characters
* Fixes for buffer-overflows, found by fuzzing.
* Fixes for memleaks.
Changelog:
60.6.0
fixed
Calendar: Can't create repeating event with end date when using certain time zones, for example Europe/Minsk
60.5.3
fixed
Problem when using "Send to > Mail recipient" on Windows introduced in version 60.5.2.
If files with non-ASCII characters in their name still cause a malfunction, use one of the following two alternative solutions:
Reset this registry entry
HKLM\SOFTWARE\Clients\Mail\Mozilla Thunderbird - SupportUTF8 to 0. Also reset HKLM\SOFTWARE\Wow6432Node\Clients\Mail\Mozilla Thunderbird - SupportUTF8 if present.
On Windows 10, set the system code page to UTF-8 (beta feature, see Region Settings, system locale)
MREMAP_MAYMOVE flag is the default behaviour on NetBSD and by
adjusting the single mremap() call it can be used on NetBSD too
(remove CONFIGURE_ENV injection kludge).
Thanks to <joerg> and <kamil> respectively for kindly pointing out
that and suggestions! (possible regressions are mine!)
Update dovecot2-pigeonhole to 0.5.5 for dovecot 2.3.5.
v0.5.5 2019-03-05 Stephan Bosch <stephan@rename-it.nl>
+ IMAPSieve: Add new plugin/imapsieve_expunge_discarded setting which
causes messages discarded by an IMAPSieve script to be expunged
immediately, rather than only being marked as "\Deleted" (which is
still the default behavior).
- IMAPSieve: Fix panic crash occurring when a COPY command copies
messages from a virtual mailbox where the source messages originate
from more than a single real mailbox.
- imap4flags extension: Fix deleting all keywords. When the action
resulted in all keywords being removed, no changes were actually
applied.
- variables extension: Fix truncation of UTF-8 variable content. The
maximum size of Sieve variables was enforced by truncating the
variable string content bluntly at the limit, but this does not
consider UTF-8 code point boundaries. This resulted in broken UTF-8
strings. This problem also surfaced for variable modifiers, such as
the ":encodeurl" modifier provided by the Sieve "enotify" extension.
In that case, the resulting URI escaping could also be truncated
inappropriately.
- IMAPSieve, IMAP FILTER=SIEVE: Fix replacing a modified message. Sieve
scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context that
modify the message, stored the message a second time, rather than
replacing the originally stored unmodified message.
- Fix segmentation fault occurring when both the sieve_extprograms
plugin (for the Sieve interpreter) and the imap_filter_sieve plugin
(for IMAP) are loaded at the same time. A symbol was defined by both
plugins, causing a clash when both were loaded.
Changelog:
Notmuch 0.28.3 (2019-03-05)
===========================
Library
-------
Fix a bug with the internal data structure _notmuch_string_map_t used
by message properties.
Build System
------------
Serialize calls to sphinx-build to avoid race condition.
