2017-04-28 Richard Russon <rich@flatcap.org>
* Bug Fixes
- Fix and simplify handling of GPGME in configure.ac (@gahr)
* Docs
- Fix typo in README.neomutt (@l2dy)
* Upstream
- Fix km_error_key() infinite loop and unget buffer pollution
- Fix error message when opening a mailbox with no read permission
Changelog:
Fixed
* Background images not working and other issues related to embedded images when composing email
* Google Oauth setup can sometimes not progress to the next step
RELEASE 1.2.5
-------------
- Fix re-positioning of the fixed header of messages list in Chrome when using
minimal mode toggle and About dialog (#5711)
- Fix so settings/upload.inc could not be used by plugins (#5694)
- Fix regression in LDAP fuzzy search where it always used prefix search
instead (#5713)
- Fix bug where namespace prefix could not be truncated on folders list if
show_real_foldernames=true (#5695)
- Fix bug where base_dn setting was ignored inside group_filters (#5720)
Mozilla Thunderbird is a redesign of the Mozilla mail component. The
goal is to produce a cross platform stand alone mail application using
the XUL user interface language. This version uses the gtk2 toolkit.
Changelog:
52.0.1:
Fixed
Clicking on a link in an email may not open this link in the external browser.
Crash due to incompatibility with McAfee Anti-SPAM add-on. Add-on is blocked in 52.0.1
52.0:
New
Folder pane toolbar and folder view selector (replacement for folder view arrows)
Optionally remove corresponding data files when removing an account from Thunderbird
Import settings from Becky! Internet Mail
Possibility to copy message filter
Dictionary setting is restored when editing a draft. Content-Language header (RFC 3282) transmitted with message
Calendar: Event can now be created and edited in a tab
Calendar: Processing of received invitation counter proposals
Chat: Support Twitter Direct Messages
Chat: Liking and favoriting in Twitter
Chat: XMPP: Support SASL SCRAM authentication mechanism
Chat: Support Jabber/XMPP Message Carbons (XEP-280)
Changed
IMPORTANT: The way images are included in a compose window has changed. Images are now included as data URIs and not as references to parts of other messages or operating system files. This allows better interoperability with office packages such as MS Office or LibreOffice. Images linked from locations on the internet will no longer be downloaded and attached to the message automatically. This can be changed for each image individually via the Image Properties dialog or globally by setting the preference mail.compose.attach_http_images.
Correspondents column now default for all new folders, can be switched off with preference mail.threadpane.use_correspondents
When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header
On Linux PulseAudio is now required to play sound
Formatting toolbar is now left in place when delivery format is switched to plain text only
Messages in IMAP folders read on external device are now filtered by default
Folders backed by mbox storage larger than 4GB are supported without warning (unless preference mailnews.allowMboxOver4GB is set to false)
IMAP caching now uses Mozilla's latest caching technology
The keyboard shortcut to insert hyperlinks into a compose window was changed from CTRL+L to CTRL+K to align with Office applications
Chat: Removed Yahoo! Messenger support (since Yahoo removed support)
Fixed
Message preview pane non-functional after IMAP folder was renamed or moved
Fixed
Editing in paragraph format: Pressing Shift+Enter sometimes doesn't move the cursor to the next line
Various corrections when composing messages in paragraph format
Paste as quotation doesn't always work
Long lines in plain text replies not properly wrapped
Undesired white-space before signature in paragraph mode
When attachment unavailable, compose shows endless "Attaching..." message instead of error
Text encoding of reply sometimes incorrect (uses encoding of last viewed message)
Text encoding of message display, reply or forwarded message sometimes incorrect (uses encoding of attachment)
Delivery Format not preserved for saved drafts (Auto-Detect|Plaintext|HTML|Both)
Reply to own e-mail does not reply with the correct identity
IMAP message part caching
Links with escaped non-ASCII (international) characters can't be clicked
Calendar: Events specified in timezone "local time" generate alerts in UTC time
Chat: XMPP Resource collisions
Various security fixes
Security fixes:
#CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
#CVE-2017-5401: Memory Corruption when handling ErrorResult
#CVE-2017-5402: Use-after-free working with events in FontFace objects
#CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object
#CVE-2017-5404: Use-after-free working with ranges in selections
#CVE-2017-5406: Segmentation fault in Skia with canvas operations
#CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters
#CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping
#CVE-2017-5411: Use-after-free in Buffer Storage in libGLES
#CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
#CVE-2017-5412: Buffer overflow read in SVG filters
#CVE-2017-5413: Segmentation fault during bidirectional operations
#CVE-2017-5414: File picker can choose incorrect default directory
#CVE-2017-5416: Null dereference crash in HttpChannel
#CVE-2017-5425: Overly permissive Gecko Media Plugin sandbox regular expression access
#CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running
#CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses
#CVE-2017-5419: Repeated authentication prompts lead to DOS attack
#CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports
#CVE-2017-5421: Print preview spoofing
#CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink
#CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
#CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8
2017-04-21 Richard Russon <rich@flatcap.org>
* Features
- add lua scripting
- add command-line batch mode
- index_format: add support of %K
* Bug Fixes
- attachment/pager: Use mailcap for test/* except plain
- Fix uncollapse_new in pager
- fix garbage in chdir prompt due to unescaped string
- Fix inbox-first functionality when using mutt_pretty_mailbox
- add full neomutt version to log startup
- fix bug in uncolor for notmuch tag
- fix broken from_chars behaviour
* Coverity defects
- strfcpy
- add variable - function arg could be NULL/invalid
- add variable - failed function leads to invalid variable
- add variable - Context could become NULL
- add variable - alloc/strdup could return NULL
- add variable - route through code leads to invalid variable
- remove variable test
- test functions
- tidy switches
- unused variables
- refactor only
- check for buffer underruns
- fix leaks
- minor fixes
- bug: add missing break
- bug: don't pass large object by value
- fix: use correct buffer size
- shadow variables
- 0 -> NULL
* Docs
- many minor updates
- sync translations
- delete trailing whitespace
- indent the docbook manual
- use w3m as default for generating UTF8 manual.txt
* Website
- many minor updates
- fix broken links
- add to list of useful programs
- test automatic html checker
- remove trailing whitespace
- add irc description
- update issue labels (dev)
- new page: closed discussions
- new page: making neomutt (dev)
* Build
- drop obsolete m4 scripts
- don't look for lua libs unless asked for
- workaround slang warnings
- lower the gettext requirement 0.18 -> 0.17
- add keymap_alldefs.h to BUILT_SOURCES
- fix make dist distcheck
- Remove -Iimap from CFLAGS and include imap/imap.h explicitly
- mx: fix conditional builds
- Make iconv mandatory (no more --disable-iconv)
- refactor: Split out BUFFER-handling functions
* Tidy
- drop control characters from the source
- drop vim modelines
- delete trailing whitespace
- mark all local functions as static
- delete unused functions
- replace FOREVER with while (true)
- drop #if HAVE_CONFIG_H
- use #ifdef for potentially missing symbols
- remove #if 0 code blocks
- drop commented out source
- IMAP auth functions are stored by pointer cannot be static
- force OPS to be rebuilt after a reconfigure
- be specific about void functions
- expand a few more alloc macros
- add argument names to function prototypes
- drop local copy of regex code
- rearrange code to avoid forward declarations
- limit the scope of some functions
- give the compress functions a unique name
- use snake_case for function names
- add missing newlines to mutt_debug
- remove generated files from repo
- look for translations in all files
- fix arguments to printf-style functions
- license text
- unify include-guards
- tidy makefiles
- initialise pointers
- make strcmp-like functions clearer
- unify sizeof usage
- remove forward declarations
- remove ()s from return
- rename files hyphen to underscore
- remove unused macros
- use SEEK_SET, SEEK_CUR, SEEK_END
- remove constant code
- fix typos and grammar in the comments
- Switch to using an external gettext runtime
- apply clang-format to the source code
- boolify returns of 84 functions
- boolify lots of struct members
- boolify some function parameters
* Upstream
- Add $ssl_verify_partial_chains option for OpenSSL
- Move the OpenSSL partial chain support check inside configure.ac
- Don't allow storing duplicate certs for OpenSSL interactive prompt
- Prevent skipped certs from showing a second time
- OpenSSL: Don't offer (a)ccept always choice for hostname mismatches
- Add SNI support for OpenSSL
- Add SNI support for GnuTLS
- Add shortcuts for IMAP and POP mailboxes in the file browser
- Change OpenSSL to use SHA-256 for cert comparison
- Fix conststrings type mismatches
- Pass envlist to filter children too
- Fix mutt_envlist_set() for the case that envlist is null
- Fix setenv overwriting to not truncate the envlist
- Fix (un)sidebar_whitelist to expand paths
- Fix mutt_refresh() pausing during macro events
- Add a menu stack to track current and past menus
- Change CurrentMenu to be controlled by the menu stack
- Set refresh when popping the menu stack
- Remove redraw parameter from crypt send_menus
- Don't full redraw the index when handling a command from the pager
- Filter other directional markers that corrupt the screen
- Remove the OPTFORCEREDRAW options
- Remove SidebarNeedsRedraw
- Change reflow_windows() to set full redraw
- Create R_MENU redraw option
- Remove refresh parameter from mutt_enter_fname()
- Remove redraw flag setting after mutt_endwin()
- Change km_dokey() to pass SigWinch on for the MENU_EDITOR
- Separate out the compose menu redrawing
- Separate out the index menu redrawing
- Prepare for pager redraw separation
- Separate out the pager menu redrawing
- Don't create query menu until after initial prompt
- Silence imap progress messages for pipe-message
- Ensure mutt stays in endwin during calls to pipe_msg()
- Fix memleak when attaching files
- Add $ssl_verify_partial_chains option for OpenSSL
- Move the OpenSSL partial chain support check inside configureac
- Don't allow storing duplicate certs for OpenSSL interactive prompt
- Prevent skipped certs from showing a second time
- OpenSSL: Don't offer (a)ccept always choice for hostname mismatches
- Add SNI support for OpenSSL
- Add SNI support for GnuTLS
- Add shortcuts for IMAP and POP mailboxes in the file browser
- Updated French translation
- Change OpenSSL to use SHA-256 for cert comparison
- Fix conststrings type mismatches
- Pass envlist to filter children too
- Fix mutt_envlist_set() for the case that envlist is null
- Fix setenv overwriting to not truncate the envlist
- Fix mutt_refresh() pausing during macro events
- Add a menu stack to track current and past menus
- Change CurrentMenu to be controlled by the menu stack
- Set refresh when popping the menu stack
- Remove redraw parameter from crypt send_menus
- Don't full redraw the index when handling a command from the pager
- Fix (un)sidebar_whitelist to expand paths
- Filter other directional markers that corrupt the screen
- Remove the OPTFORCEREDRAW options
- Remove SidebarNeedsRedraw
- Change reflow_windows() to set full redraw
- Create R_MENU redraw option
- Remove refresh parameter from mutt_enter_fname()
- Remove redraw flag setting after mutt_endwin()
- Change km_dokey() to pass SigWinch on for the MENU_EDITOR
- Separate out the compose menu redrawing
- Separate out the index menu redrawing
- Prepare for pager redraw separation
- Separate out the pager menu redrawing
- Don't create query menu until after initial prompt
- Silence imap progress messages for pipe-message
- Ensure mutt stays in endwin during calls to pipe_msg()
- Fix memleak when attaching files
- automatic post-release commit for mutt-181
- Added tag mutt-1-8-1-rel for changeset f44974c10990
- mutt-181 signed
- Add ifdefs around new mutt_resize_screen calls
- Add multiline and sigwinch handling to mutt_multi_choice
- Set pager's REDRAW_SIGWINCH when reflowing windows
- Add multiline and sigwinch handling to mutt_yesorno
- Change the sort prompt to use (s)ort style prompts
- Handle the pager sort prompt inside the pager
- Fix GPG_TTY to be added to envlist
- automatic post-release commit for mutt-182
The flufl.bounce library provides a set of heuristics and an API for
detecting the original bouncing email addresses from a bounce message.
Many formats found in the wild are supported, as are VERP and RFC 3464
(DSN).
This is a server for SMTP and related protocols, similar in utility to
the standard library's smtpd.py module, but rewritten to be based
on asyncio for Python 3.
- Elliptic curve negotiation with OpenSSL >= 1.0.2. This changes the
default smtpd_tls_eecdh_grade setting to "auto", and introduces a
new parameter tls_eecdh_auto_curves with the names of curves that may
be negotiated.
- Stored-procedure support for MySQL databases.
- Cidr: table support for if/endif and negation (by prepending ! to a
pattern), just like regexp: and pcre: tables. See the cidr_table(5)
manpage for details.
- The postmap command and the inline: and texthash: maps now support
spaces in left-hand field of lookup table source text. Use double
quotes (") around a left-hand field that contains spaces, and use
backslash (\) to protect quotes in a left-hand field.
- Support for per-client Milter configuration (smtpd_milter_maps) that
overrides the main.cf smtpd_milters setting, and that has the same
syntax. A lookup result of "DISABLE" turns off Milter support for that
client.
- The local SMTP server IP address and port are available in the
policy delegation protocol (attribute names: server_address,
server_port), in the Milter protocol (macro names: {daemon_addr},
{daemon_port}), and in the XCLIENT protocol (attribute names:
DESTADDR, DESTPORT).
- For safety reasons, the Postfix sendmail -C option must specify an
authorized directory: the default configuration directory, a
directory that is listed in the default main.cf file with
alternate_config_directories or multi_instance_directories, otherwise
the command must be invoked with root privileges. This mitigates a
recurring "jail break" problem with the PHP mail() function.
- "PASS" and "STRIP" actions in header/body_checks. "STRIP" is similar
to "IGNORE" but also logs the action, and "PASS" disables header,
body, and Milter inspection for the remainder of the message content.
- The collate.pl script by Viktor Dukhovni for grouping Postfix
logfile records into "sessions" based on queue ID and process ID
information, in the auxiliary/collate directory of the Postfix source
tree.
Disabled or removed behavior:
- SMTPUTF8 support: Postfix 3.2 disables the 'transitional'
compatibility between the IDNA2003 and IDNA2008 standards for
internationalized domain names (domain names beyond the limits of
US-ASCII). This makes Postfix behavior consistent with contemporary
web browsers.
- Postfix 3.2 removes tentative features that were implemented before
the DANE spec was finalized: support for certificate usage
PKIX-EE(1), the ability to disable digest agility, and the ability to
disable support for "TLSA 2 [01] [12]" records that specify the digest
of a trust anchor.
Notable changes since 3.2:
- Added mailer previews feature based on 37 Signals mail_view
gem.
- Instrument the generation of Action Mailer messages. The time it
takes to generate a message is written to the log.
- link_to and url_for generate absolute URLs by default in templates,
it is no longer needed to pass only_path: false.
- Introduced deliver_later which enqueues a job on the application's
queue to deliver emails asynchronously.
- Added the show_previews configuration option for enabling mailer
previews outside of the development environment.
1.5.5:
* [CritFix] Fix classifier learning with Redis backend
* [CritFix] Fix issue when parsing encoded rfc822/messages
* [Feature] Add escaped version of lua_ucl import
* [Feature] Add task:headers_foreach function
* [Feature] Allow to process filenames from content type
* [Feature] Allow to query hashed emails
* [Feature] Ignore bayes with mostly metatokens or with too few text
* [Feature] Probabilistically skip metatokens
* [Feature] Retrieve all virus names from SAVAPI
* [Feature] Rework classifiers lua metatokens
* [Feature] Store headers order
* [Feature] Store text tokens inside bayes tokens
* [Feature] Use cached shingles keys
* [Fix] Add missing score normalisation for HFILTER_URL_ONLY
* [Fix] Avoid lookup in absent hash
* [Fix] Check return values from Lua functions called from C
* [Fix] Do not count sending and loading time in rspamc
* [Fix] Escape json strings for controller rejplies from Lua
* [Fix] Fix archive scans for savapi
* [Fix] Fix domain_only emails RBL
* [Fix] Fix ip_score map configuration
* [Fix] Fix JSON output for history_redis
* [Fix] Fix one character length substrings search
* [Fix] Fix parsing of non-RFC compatible Exim received
* [Fix] Fix parsing of options for workers with the same type
* [Fix] Fix processing of small tokens vectors
* [Fix] Fix rfc2047 tokenization
* [Fix] Fix typo
* [Fix] More fixes for inplace decoding
* [Fix] Try to avoid modifications of the original data
* [Fix] URL redirector: Fix call to is_redirector
* [Rework] Set token data as uint64_t instead of chars array
* [WebUI] Check if neighbours' history backend versions match
* [WebUI] Disable phrase connectors replacement in history filtering
* [WebUI] Disable phrase connectors replacement in symbols filtering
* [WebUI] Do not hide messages with bad subject, just replace it with '???'
* [WebUI] Fix error message
* [WebUI] Fix history v2 display
* [WebUI] Fix legacy history
* [WebUI] history: break To address lists on commas
* [WebUI] Increase default timeout to 20 seconds
* [WebUI] Save some history table space
1.5.4:
* [Conf] Add history_redis default configuration
* [Feature] Add spoofed rules
* [Feature] Add URL_IN_SUBJECT rule
* [Feature] Allow to get task's subject
* [Feature] Allow to specify maximum number of shots for symbols
* [Feature] Distinguish URLs found in Subject
* [Feature] Memoize LPEG grammars
* [Feature] Parse else parts in SA rules
* [Feature] Process subject for mixed characters
* [Feature] Resolve url chains in url_redirector module
* [Feature] Stat greylisted messages as greylisted not soft-rejected
* [Feature] Support checking for redirector in Lua SURBL
* [Feature] Support tag_exists SA function
* [Feature] Work with broken rfc2047 tokens
* [Fix] Check all watcher's dependencies
* [Fix] Do not compile hyperscan with no SSSE3 support
* [Fix] Do not crash if cannot decode qp encoded part
* [Fix] Fix dependencies of DKIM when multiple signatures are found
* [Fix] Fix lists in whitelist plugin
* [Fix] Fix one-shot symbols weight calculations
* [Fix] Fix options and shots match
* [Fix] Fix order of symbol options
* [Fix] Fix parsing of dot at the end of the address
* [Fix] Fix parsing of lua table arguments
* [Fix] Fix processing of subject words
* [Fix] Fix string split memoization
* [Fix] Fix templates grammar usage
* [Fix] Fix various issues related to Lua stack manipulation
* [Fix] Force actions: Use postfilter if we have honor_action / require_action
* [Fix] Further fixes to avoid PHISHING FP
* [Fix] Preserve order of options in symbols
* [Fix] Rspamadm grep: deal with unusually-formatted logs
* [Fix] Use hostname suffix when dealing with history
* [Rework] Remove outdated SA rules
* [WebUI] Add flexible columns
* [WebUI] Add footable
* [WebUI] Add sender, recipients and subject columns
* [WebUI] Allow message-id break
* [WebUI] Fix history clustering
* [WebUI] Fix history display
* [WebUI] Fix sorting
* [WebUI] Humanize sizes
* [WebUI] Initial move towards footable
* [WebUI] Remove datatables
* [WebUI] Replace `.values` method with `.map`
* [WebUI] Rework v2 symbols display
* [WebUI] Try to normalize frequencies
* [WebUI] Unbreak WebUI
* [WebUI] Use Footable to draw Throughput summary table
v0.4.18 12-04-2017 Stephan Bosch <stephan@rename-it.nl>
+ imapsieve plugin: Implemented the copy_source_after rule action. When this
is enabled for a mailbox rule, the specified Sieve script is executed for
the message in the source mailbox during a "COPY" event. This happens only
after the Sieve script that is executed for the corresponding message in the
destination mailbox finishes running successfully.
+ imapsieve plugin: Added non-standard Sieve environment items for the source
and destination mailbox.
- multiscript: The execution of the discard script had an implicit "keep",
rather than an implicit "discard".
v2.2.29.1 2017-04-12 Timo Sirainen <tss@iki.fi>
- imapc reconnection fix was forgotten from 2.2.29 release, which also
made "make check" fail in a unit test
- dict-sql: Merging multiple UPDATEs to a single statement wasn't
actually working.
- Fixed building with vpopmail
v2.2.29 2017-04-10 Timo Sirainen <tss@iki.fi>
* passdb/userdb dict: Don't double-expand %variables in keys. If dict
was used as the authentication passdb, using specially crafted
%variables in the username could be used to cause DoS (CVE-2017-2669)
* When Dovecot encounters an internal error, it logs the real error and
usually logs another line saying what function failed. Previously the
second log line's error message was a rather uninformative "Internal
error occurred. Refer to server log for more information." Now the
real error message is duplicated in this second log line.
* lmtp: If a delivery has multiple recipients, run autoexpunging only
for the last recipient. This avoids a problem where a long
autoexpunge run causes LMTP client to timeout between the DATA
replies, resulting in duplicate mail deliveries.
* config: Don't stop the process due to idling. Otherwise the
configuration is reloaded when the process restarts.
* mail_log plugin: Differentiate autoexpunges from regular expunges
* imapc: Use LOGOUT to cleanly disconnect from server.
* lib-http: Internal status codes (>9000) are no longer visible in logs
* director: Log vhost count changes and HOST-UP/DOWN
+ quota: Add plugin { quota_max_mail_size } setting to limit the
maximum individual mail size that can be saved.
+ imapc: Add imapc_features=delay-login. If set, connecting to the
remote IMAP server isn't done until it's necessary.
+ imapc: Add imapc_connection_retry_count and
imapc_connection_retry_interval settings.
+ imap, pop3, indexer-worker: Add (deinit) to process title before
autoexpunging runs.
+ Added %{encrypt} and %{decrypt} variables
+ imap/pop3 proxy: Log proxy state in errors as human-readable string.
+ imap/pop3-login: All forward_* extra fields returned by passdb are
sent to the next hop when proxying using ID/XCLIENT commands. On the
receiving side these fields are imported and sent to auth process
where they're accessible via %{passdb:forward_*}. This is done only
if the sending IP address matches login_trusted_networks.
+ imap-login: If imap_id_retain=yes, send the IMAP ID string to
auth process. %{client_id} expands to it in auth process. The ID
string is also sent to the next hop when proxying.
+ passdb imap: Use ssl_client_ca_* settings for CA validation.
- fts-tika: Fixed crash when parsing attachment without
Content-Disposition header. Broken by 2.2.28.
- trash plugin was broken in 2.2.28
- auth: When passdb/userdb lookups were done via auth-workers, too much
data was added to auth cache. This could have resulted in wrong
replies when using multiple passdbs/userdbs.
- auth: passdb { skip & mechanisms } were ignored for the first passdb
- oauth2: Various fixes, including fixes to crashes
- dsync: Large Sieve scripts (or other large metadata) weren't always
synced.
- Index rebuild (e.g. doveadm force-resync) set all mails as \Recent
- imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix
- doveadm: Exit codes weren't preserved when proxying commands via
doveadm-server. Almost all errors used exit code 75 (tempfail).
- ACLs weren't applied to not-yet-existing autocreated mailboxes.
- Fixed a potential crash when parsing a broken message header.
- cassandra: Fallback consistency settings weren't working correctly.
- doveadm director status <user>: "Initial config" was always empty
- imapc: Various reconnection fixes.
LD_LIBRARY_PATH is not propagated when set with env, e.g.:
env LD_LIBRARY_PATH=path/to/lib ./script.sh
will not work (other variable names work correctly).
mess822. Turn it off by default. This should let us once again
publish binary packages.
To use another ofmipd, set qmailofmipd_ofmipdcmd in rc.conf. Likewise
for qmail-smtpd and qmail-pop3d.
Bump version.
